use super::{html_escape, tool_category}; use compliance_core::models::pentest::{AuthMode, PentestConfig, PentestSession}; pub(super) fn scope( session: &PentestSession, target_name: &str, target_url: &str, date_str: &str, completed_str: &str, tool_names: &[String], config: Option<&PentestConfig>, ) -> String { let tools_table: String = tool_names .iter() .enumerate() .map(|(i, t)| { let category = tool_category(t); format!( "{}{}{}", i + 1, html_escape(t), category, ) }) .collect::>() .join("\n"); let engagement_config_section = if let Some(cfg) = config { let mut rows = String::new(); rows.push_str(&format!( "Environment{}", html_escape(&cfg.environment.to_string()) )); if let Some(ref app_type) = cfg.app_type { rows.push_str(&format!( "Application Type{}", html_escape(app_type) )); } let auth_mode = match cfg.auth.mode { AuthMode::None => "No authentication", AuthMode::Manual => "Manual credentials", AuthMode::AutoRegister => "Auto-register", }; rows.push_str(&format!("Auth Mode{auth_mode}")); if !cfg.scope_exclusions.is_empty() { let excl = cfg .scope_exclusions .iter() .map(|s| html_escape(s)) .collect::>() .join(", "); rows.push_str(&format!( "Scope Exclusions{excl}" )); } if !cfg.tester.name.is_empty() { rows.push_str(&format!( "Tester{} ({})", html_escape(&cfg.tester.name), html_escape(&cfg.tester.email) )); } if let Some(ref ts) = cfg.disclaimer_accepted_at { rows.push_str(&format!( "Disclaimer Accepted{}", ts.format("%B %d, %Y at %H:%M UTC") )); } if let Some(ref branch) = cfg.branch { rows.push_str(&format!( "Git Branch{}", html_escape(branch) )); } if let Some(ref commit) = cfg.commit_hash { rows.push_str(&format!( "Git Commit{}", html_escape(commit) )); } format!("

Engagement Configuration

\n\n{rows}\n

") } else { String::new() }; format!( r##"

2. Scope & Methodology

The assessment was performed using an AI-driven orchestrator that autonomously selects and executes security testing tools based on the target's attack surface, technology stack, and any available static analysis (SAST) findings and SBOM data.

Engagement Details

Target	{target_name}
URL	`{target_url}`
Strategy	{strategy}
Status	{status}
Started	{date_str}
Completed	{completed_str}
Tool Invocations	{tool_invocations} ({tool_successes} successful, {success_rate:.1}% success rate)

{engagement_config_section}

Tools Employed

{tools_table}

#	Tool	Category

"##, target_name = html_escape(target_name), target_url = html_escape(target_url), strategy = session.strategy, status = session.status, date_str = date_str, completed_str = completed_str, tool_invocations = session.tool_invocations, tool_successes = session.tool_successes, success_rate = session.success_rate(), ) }