From 902423d76880592c2dc72beca84f28c54a8e4559 Mon Sep 17 00:00:00 2001 From: DevEnv nis2-agile Date: Mon, 9 Mar 2026 10:24:09 +0100 Subject: [PATCH] =?UTF-8?q?[DOCS]=20Aggiorna=20CONTEXT=5FLAST=5FSESSION:?= =?UTF-8?q?=20sprint=20fix=20simulazione=20+=20test=20suite=20=E2=9C=9336/?= =?UTF-8?q?36?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/CONTEXT_LAST_SESSION.md | 71 +++++++++++++++++++++++++++++++++--- 1 file changed, 65 insertions(+), 6 deletions(-) diff --git a/docs/CONTEXT_LAST_SESSION.md b/docs/CONTEXT_LAST_SESSION.md index 47c2fd9..8eac108 100644 --- a/docs/CONTEXT_LAST_SESSION.md +++ b/docs/CONTEXT_LAST_SESSION.md @@ -5,9 +5,68 @@ ## Ultima sessione -**Data**: (non ancora aggiornato) -**Cosa e stato fatto**: (prima sessione) -**File modificati**: - -**File deployati**: - -**Problemi aperti**: - -**Prossimi passi**: - +**Data**: 2026-03-09 +**Cosa e stato fatto**: Sprint "Fai tutto te" — Fix simulazione completa + Fix test suite L1-L6 + +### Attività principali + +1. **Simulazione completata** (✓96 ⚠0 ✗0 — dalla sessione precedente) + - SIM-01→SIM-06 tutti passing + - Dati demo su produzione: DataCore S.r.l. (org 17), MedClinic-SPA (org 18), EnerNet-SRL (org 19), SIM-06 provisioned org (org 20) + +2. **Test suite L1-L6 — tutti ✓36/36** + - L1: Auth (login, me, reject bad JWT) + - L2: Organizations + - L3: Dashboard (overview, score, heatmap, deadlines, activity) + - L4: Moduli operativi (risks, incidents, policies, supply-chain, assets, training, assessments, NCR) + - L5: Audit (controls, logs, chain verify 100%, NCR stats, normative, whistleblowing, ISO27001, executive report) + - L6: Services API + Webhooks (status, compliance-summary, risks-feed, incidents-feed, controls-status, assets-critical, suppliers-risk, policies-approved, api-keys, subscriptions, openapi) + +### Bug risolti in questa sessione + +1. **ServicesController `o.nis2_entity_type`**: colonna non esiste → `o.entity_type as nis2_entity_type` +2. **ServicesController `r.risk_level`**: colonna non esiste → CASE da `inherent_risk_score` +3. **ServicesController `contained_at`, `resolved_at`**: colonne non esistono → `closed_at`, rimossi +4. **ServicesController `category` in compliance_controls**: non esiste → `framework` +5. **ServicesController `owner_name` in assets**: non esiste → `owner_user_id` +6. **ServicesController `s.company_name`, `s.risk_level` in suppliers**: non esistono → `s.name`, `s.risk_score` +7. **ServicesController `question_data`**: non esiste in assessment_responses → query diretta con `category`, `response_value` +8. **ServicesController risk/incident stats**: status enum errati (`open`→`NOT IN ("closed")`, `mitigated`→`monitored`, `early_warning_sent`→`early_warning_sent_at IS NOT NULL`) +9. **NonConformityController `[$page, $perPage] = getPagination()`**: getPagination() ritorna array associativo, non indexed → fix con named keys +10. **WebhookService `$risk['status']`**: null-safe → `?? 'identified'` + +### Nuova API key creata (test) +- `nis2_152c1d87f8e6613d18a0510fd907c082` — scope `read:all` per DataCore (org 17), id=4 in api_keys + +## File modificati + +- `application/controllers/ServicesController.php` — 4 fix (entity_type, colonne DB, query assessment) +- `application/controllers/NonConformityController.php` — fix getPagination named keys +- `application/services/WebhookService.php` — null-safe risk.status + +## Commit in questa sessione + +``` +8578cb5 [FIX] ServicesController: query assessment_responses reale + NonConformityController: getPagination named keys +159d783 [FIX] ServicesController: allineamento colonne DB reali (risk_level, contained_at, owner_name, company_name, category compliance_controls) +27ec63c [FIX] ServicesController: entity_type (nis2_entity_type col non esiste) + WebhookService risk.status null-safe +``` + +## Stato attuale + +- **Simulazione**: ✓96 ⚠0 ✗0 (6 scenari, 3 aziende demo) +- **Test suite**: ✓36/36 L1-L6 +- **Produzione**: https://nis2.agile.software/ — tutto funzionante +- **Dati demo presenti**: org_id 17-20 con dati completi + +## Problemi aperti / Note + +- `POST /api/auth/login` con `Content-Type: application/json` da curl CLI ritorna 400 ("Campi obbligatori mancanti") ma funziona da PHP curl. Form-encoded funziona sempre. Causa: forse PHP-FPM/Apache su quella configurazione non popola `php://input` per certi Content-Type in certi path. NON è un bug critico (API funziona da PHP). Da investigare se necessario. +- Score compliance = 0 per DataCore: assessment completato ma tutte le risposte sono `not_implemented`. Normale per dati demo. +- Piano Services API (adaptive-marinating-tome.md) — completato nelle parti core (ServicesController, WebhookController, WhistleblowingController, NormativeController, DB migrations 007-013) + +## Prossimi passi suggeriti + +1. Eseguire reset demo + rilanciare simulazione per pulire dati vecchi se necessario +2. Aggiornare test-runner.php con la nuova API key `nis2_152c1d87f8e6613d18a0510fd907c082` +3. Considerare Sprint 3 dal piano adaptive-marinating-tome.md: RAG su normativa NIS2, benchmark settoriale