trigger: PR review (inline comments)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

compliance-agent/src/pipeline/orchestrator.rs

@@ -10,7 +10,6 @@ use compliance_core::AgentConfig;
 use crate::database::Database;
 use crate::error::AgentError;
 use crate::llm::LlmClient;
-use crate::pipeline::code_review::CodeReviewScanner;
 use crate::pipeline::cve::CveScanner;
 use crate::pipeline::git::GitOps;
 use crate::pipeline::gitleaks::GitleaksScanner;
@@ -241,21 +240,6 @@ impl PipelineOrchestrator {
             Err(e) => tracing::warn!("[{repo_id}] Lint scanning failed: {e}"),
         }
 
-        // Stage 4c: LLM Code Review (only on incremental scans)
-        if let Some(old_sha) = &repo.last_scanned_commit {
-            tracing::info!("[{repo_id}] Stage 4c: LLM Code Review");
-            self.update_phase(scan_run_id, "code_review").await;
-            let review_output = async {
-                let reviewer = CodeReviewScanner::new(self.llm.clone());
-                reviewer
-                    .review_diff(&repo_path, &repo_id, old_sha, &current_sha)
-                    .await
-            }
-            .instrument(tracing::info_span!("stage_code_review"))
-            .await;
-            all_findings.extend(review_output.findings);
-        }
-
         // Stage 4.5: Graph Building
         tracing::info!("[{repo_id}] Stage 4.5: Graph Building");
         self.update_phase(scan_run_id, "graph_building").await;

compliance-dashboard/src/pages/findings.rs

@@ -123,7 +123,6 @@ pub fn FindingsPage() -> Element {
                 option { value: "oauth", "OAuth" }
                 option { value: "secret_detection", "Secrets" }
                 option { value: "lint", "Lint" }
-                option { value: "code_review", "Code Review" }
             }
             select {
                 onchange: move |e| { status_filter.set(e.value()); page.set(1); },

test_endpoint.rs

@@ -0,0 +1,71 @@
+use std::process::Command;
+
+/// Handles user login - totally secure, trust me
+pub fn handle_login(username: &str, password: &str) -> bool {
+    // SQL injection vulnerability
+    let query = format!(
+        "SELECT * FROM users WHERE username = '{}' AND password = '{}'",
+        username, password
+    );
+    println!("Running query: {}", query);
+
+    // Hardcoded credentials
+    if username == "admin" && password == "admin123" {
+        return true;
+    }
+
+    // Command injection vulnerability
+    let output = Command::new("sh")
+        .arg("-c")
+        .arg(format!("echo 'User logged in: {}'", username))
+        .output()
+        .expect("failed to execute");
+
+    // Storing password in plain text log
+    println!("Login attempt: user={}, pass={}", username, password);
+
+    false
+}
+
+/// Process user data with no input validation
+pub fn process_data(input: &str) -> String {
+    // Path traversal vulnerability
+    let file_path = format!("/var/data/{}", input);
+    std::fs::read_to_string(&file_path).unwrap_or_default()
+}
+
+/// Super safe token generation
+pub fn generate_token() -> String {
+    // Predictable "random" token
+    let token = "abc123fixedtoken";
+    token.to_string()
+}
+
+// Off-by-one error
+pub fn get_items(items: &[String], count: usize) -> Vec<&String> {
+    let mut result = Vec::new();
+    for i in 0..=count {
+        result.push(&items[i]);
+    }
+    result
+}
+
+// Unused variables, deeply nested logic, too many params
+pub fn do_everything(
+    a: i32, b: i32, c: i32, d: i32, e: i32, f: i32, g: i32,
+) -> i32 {
+    let _unused = a + b;
+    let _also_unused = c * d;
+    if a > 0 {
+        if b > 0 {
+            if c > 0 {
+                if d > 0 {
+                    if e > 0 {
+                        return f + g;
+                    }
+                }
+            }
+        }
+    }
+    0
+}