itdove/ai-guardian#1146: feat: add Always Allow button in violation detail modal (web console + TUI)

[itdove]

Jira Issue: N/A

Description

Adds an "Always Allow" button in the violation detail modal for both the web console and TUI, enabling ask-mode allowlisting for remote/container/headless daemons where the popup dialog cannot display at detection time.

Key changes:

• New POST /api/violation-context REST endpoint on the daemon that rescans a file at the original violation location (±N line window) using existing scan infrastructure, filtered by violation sub-type (e.g., env-variable, pii-ssn). Returns matched text in memory only — never persisted.
• New violation_rescan.py module implementing targeted rescan logic with sub-type filtering and line-proximity search.
• Web console violation detail modal gains an "Always Allow" button that calls the rescan endpoint, then opens the pattern editor with matched text pre-populated (same flow as the ask dialog's "Allow Always").
• TUI violation detail view gains the same "Always Allow" flow adapted for Textual.
• Multi-client support for the new endpoint via daemon_service.py.
• Handles edge cases: file deleted (stale violation), violation no longer present near original line.
• Unit tests covering rescan logic, sub-type filtering, line proximity matching, and error cases.

Resolves: #1146

Assisted-by: Claude

Testing

Steps to test

1. Pull down the PR
2. Start the daemon (ai-guardian daemon start)
3. Web console — Always Allow flow:
   • Open the web console violations page
   • Click on a violation to open the detail modal
   • Click "Always Allow" button
   • Verify the rescan finds the matched text and opens the pattern editor with it pre-populated
   • Edit/test the pattern, then confirm "Add to Allowlist"
4. Web console — stale violation:
   • Delete or modify the file referenced by a violation so the violation no longer exists
   • Click "Always Allow" on that violation
   • Verify the appropriate "file not found" or "violation not found" message appears
5. TUI — Always Allow flow:
   • Open the TUI violations view (ai-guardian tui)
   • Select a violation and trigger "Always Allow"
   • Verify the pattern editor opens with matched text
6. REST API directly:
   • curl -X POST http://localhost:<port>/api/violation-context -H "Authorization: Bearer <token>" -d '{"file_path": "/path/to/file", "line_number": 42, "violation_type": "secret_detected", "secret_type": "env-variable"}'
   • Verify response contains status, matched_text, and line_number
7. Run unit tests: python -m pytest tests/unit/test_violation_rescan.py -v

Scenarios tested

• Violation still present at original line — rescan finds match
• Violation shifted by a few lines — line proximity window catches it
• File deleted — returns file_not_found status
• Violation resolved/removed from file — returns not_found status
• Sub-type filtering works correctly (e.g., only matches env-variable, not other secret types)
• Auth token required — unauthenticated requests rejected

Deployment considerations

• This code change is ready for deployment on its own
• This code change requires the following considerations before being deployed: