From 80055bc4ce9e7aa3d150e2ff7e0960d27fc7221f Mon Sep 17 00:00:00 2001
From: DevEnv nis2-agile <dev@certisource.it>
Date: Sat, 30 May 2026 10:04:57 +0200
Subject: [PATCH] [FIX] OpenAPI: 4 endpoint inbound (incidents/evidence/assets
 ingest + controls-monitoring) + tag Ingestion

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .../controllers/ServicesController.php        | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/application/controllers/ServicesController.php b/application/controllers/ServicesController.php
index 63ff2db..c2378f7 100644
--- a/application/controllers/ServicesController.php
+++ b/application/controllers/ServicesController.php
@@ -1434,6 +1434,39 @@ class ServicesController extends BaseController
                         'tags'        => ['Policies'],
                     ],
                 ],
+                // ── Inbound: ingestion & evidence automation (scope dedicati) ──
+                '/api/services/incidents-ingest' => [
+                    'post' => [
+                        'summary'     => 'Ingestion incidente da SIEM/SOC/EDR (apertura automatica Art.23)',
+                        'description' => 'Crea un incidente da alert esterno. Dedup su external_id, classificazione AI, severity normalizzata. Scope: ingest:incidents.',
+                        'responses'   => ['201' => ['description' => 'Incidente creato'], '200' => ['description' => 'Dedup'], '403' => ['description' => 'Scope mancante']],
+                        'tags'        => ['Ingestion'],
+                    ],
+                ],
+                '/api/services/evidence-ingest' => [
+                    'post' => [
+                        'summary'     => 'Ingestion evidenze automatiche (Continuous Control Monitoring)',
+                        'description' => 'Registra evidenze per un controllo da connettori M365/Google/AWS/Azure/IdP/EDR/SIEM. Batch via evidences[], upsert su external_ref. Scope: ingest:evidence.',
+                        'responses'   => ['201' => ['description' => 'Evidenze elaborate'], '403' => ['description' => 'Scope mancante']],
+                        'tags'        => ['Ingestion'],
+                    ],
+                ],
+                '/api/services/controls-monitoring' => [
+                    'get' => [
+                        'summary'     => 'Stato monitoraggio continuo dei controlli',
+                        'description' => 'Copertura e semafori freschezza (healthy/warning/stale/failing). Scope: read:compliance.',
+                        'responses'   => ['200' => ['description' => 'OK']],
+                        'tags'        => ['Compliance'],
+                    ],
+                ],
+                '/api/services/assets-ingest' => [
+                    'post' => [
+                        'summary'     => 'Import asset da CMDB/cloud con scoring automatico GV.OC-04',
+                        'description' => 'Upsert asset (dedup su external_ref) con calcolo automatico rilevanza NIS2. Scope: ingest:assets.',
+                        'responses'   => ['201' => ['description' => 'Asset importati'], '403' => ['description' => 'Scope mancante']],
+                        'tags'        => ['Ingestion'],
+                    ],
+                ],
             ],
             'tags' => [
                 ['name' => 'System'],
@@ -1443,6 +1476,7 @@ class ServicesController extends BaseController
                 ['name' => 'Assets'],
                 ['name' => 'Supply Chain'],
                 ['name' => 'Policies'],
+                ['name' => 'Ingestion'],
             ],
         ];