feat: implement compliance reports and audit trail pipeline

[shagunpandeydev26-alt]

Description

This PR introduces a fully-featured, format-agnostic compliance reporting pipeline and audit trail system. Organizations require compliance reports for regulatory purposes, and this implements the proposed solution by adding:

• A centralized report builder that aggregates audit logs and applies powerful filters (dates, languages, severities, scores).
• Format exporters that generate reports in PDF (human-readable), CSV (spreadsheet workflows), and JSON (system integration) natively without external dependencies.
• Compliance metadata injection (Report IDs, generation timestamps, and applied filters).
• Frontend UI dashboard for "Compliance Reports & Audit" allowing users to filter, preview, and download natively, along with an audit trail feed.
• Comprehensive updates to README.md documenting the new /reports/ endpoints.

Related Issue

Fixes #665

Type of change

• Bug fix
• New feature / enhancement
• Documentation update
• Test addition
• Refactor

Checklist

• I have read CONTRIBUTING.md
• My branch is up to date with main
• I have run pytest -v and all tests pass
• I have not introduced duplicate issues or features
• My PR title follows the format: feat/fix/docs/test: short description
• I have added tests for new features (Level 2 and 3 issues)
• No hardcoded secrets or API keys in my code
• This PR is linked to a GSSoC 2026 issue

Screenshots (if frontend change)

---

Screen.Recording.2026-06-10.081842.-.Trim.mp4

---

Test evidence

---

---

pytest tests/test_reports.py -v
============================================================ test session starts =============================================================
platform win32 -- Python 3.12.7, pytest-9.0.3, pluggy-1.6.0 -- C:\Users\abhay\AppData\Local\Programs\Python\Python312\python.exe
cachedir: .pytest_cache
rootdir: C:\Users\abhay\OneDrive\Desktop\AI dev assistant\AI-dev-assistant
configfile: pyproject.toml
plugins: anyio-4.12.1, asyncio-1.4.0
asyncio: mode=Mode.STRICT, debug=False, asyncio_default_fixture_loop_scope=None, asyncio_default_test_loop_scope=function
collected 11 items                                                                                                                            

tests\test_reports.py::test_report_endpoints_require_auth PASSED                                                                        [  9%]
tests\test_reports.py::test_json_report_has_compliance_metadata_and_records PASSED                                                      [ 18%]
tests\test_reports.py::test_csv_export_contains_metadata_and_table PASSED                                                               [ 27%]
tests\test_reports.py::test_pdf_export_is_valid_pdf PASSED                                                                              [ 36%]
tests\test_reports.py::test_language_filter PASSED                                                                                      [ 45%]
tests\test_reports.py::test_severity_filter PASSED                                                                                      [ 54%]
tests\test_reports.py::test_score_range_filter PASSED                                                                                   [ 63%]
tests\test_reports.py::test_date_range_filter PASSED                                                                                    [ 72%]
tests\test_reports.py::test_invalid_date_range_is_rejected PASSED                                                                       [ 81%]
tests\test_reports.py::test_generation_records_audit_event PASSED                                                                       [ 90%]
tests\test_reports.py::test_reports_are_scoped_to_the_requesting_user PASSED                                                            [100%]

======================================================= 11 passed, 2 warnings in 6.59s ======================================================= 

[shagunpandeydev26-alt]

Hi @imDarshanGK!

I've just opened the PR for the compliance reports and audit trail feature!

As discussed, rather than just adding simple export buttons, I implemented this as a reusable reporting pipeline to keep the codebase clean and extensible.

• The backend now aggregates data into a format-agnostic model, which is then rendered by separate exporters (PDF, CSV, JSON).
• I built the PDF export to be fully self-contained so we don't have to bloat the project with external PDF libraries.
• The UI handles the filtering, previewing, and downloading natively, alongside a new audit trail view.

I've added 11 backend integration tests covering the authorization, filtering engine, and formatting, all of which are passing successfully (11 passed in 6.59s). I also verified the complete end-to-end flow in a live browser test (I've attached a video walkthrough in the PR description).

One quick note on security: I kept the JWT storage in localStorage as per our previous discussion to match the current app model and avoid scope creep, but all compliance endpoints strictly enforce the HTTPBearer auth checks.

Let me know if you need any adjustments or if there's anything else you'd like me to tweak before merging. Thank you for the opportunity to work on this!