[CORE] Housekeeping: CLAUDE.md allineato, docker hardening, gitignore

- CLAUDE.md: aggiunto NonConformityController, companies.html, architecture.html, i18n.js, help.js, SQL 003-005, 22 tabelle, endpoint NCR/CAPA, API base path aggiornato a /api/... (post-subdomain), cronologia commit aggiornata - docker-compose.yml: mem_limit (app 256m, web 128m, db 512m) + DB port binding su 127.0.0.1 per sicurezza - .gitignore: aggiunti docker/*.bak* e .claude/memory/ - Eliminati file backup temporanei docker-compose.yml.bak.* Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 11:09:04 +01:00 · 2026-02-20 11:09:04 +01:00 · a53b4beb37
commit a53b4beb37
parent 7080695d06
4 changed files with 45 additions and 17 deletions
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@ -24,7 +24,8 @@
      "Bash(docker:*)",
      "Bash(ssh:*)",
      "Bash(scp:*)",
-      "Bash(tar:*)"
+      "Bash(tar:*)",
+      "Read(//root/**)"
    ]
  }
 }
--- a/.gitignore
+++ b/.gitignore
@ -33,3 +33,7 @@ docker/data/

 # Claude
 .claude/plans/
+.claude/memory/
+
+# Backup files
+docker/*.bak*
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -19,7 +19,7 @@ Target: PMI, Enterprise, Consulenti/CISO.
 - AI: Anthropic Claude API (claude-sonnet-4-5-20250929)
 - Server: Hetzner CPX31 (135.181.149.254)
 - VCS: Gitea (git.certisource.it)
- URL Produzione: https://certisource.it/nis2/
+- URL Produzione: https://nis2.certisource.it/


 ## Visibilita Cross-Project
@ -102,6 +102,7 @@ nis2.agile/
 │   │   ├── AuthController.php         # Login, register, JWT, rate limiting
 │   │   ├── DashboardController.php    # Overview, score, deadlines, heatmap
 │   │   ├── IncidentController.php     # Incidenti Art.23 (24h/72h/30d) + email
+│   │   ├── NonConformityController.php# NCR/CAPA non-conformità e azioni correttive
 │   │   ├── OnboardingController.php   # Wizard onboarding con visura/CertiSource
 │   │   ├── OrganizationController.php # CRUD org, membri, classificazione NIS2
 │   │   ├── PolicyController.php       # Policy, approvazione, AI generation
@ -136,6 +137,8 @@ nis2.agile/
 │   ├── assets.html                    # Inventario asset
 │   ├── reports.html                   # Report compliance + audit log
 │   ├── settings.html                  # Impostazioni org/profilo/membri
+│   ├── companies.html                 # Gestione aziende (consulente)
+│   ├── architecture.html              # Pagina architettura sistema
 │   ├── admin/
 │   │   ├── index.html                 # Admin dashboard
 │   │   ├── organizations.html         # Gestione organizzazioni
@ -144,7 +147,9 @@ nis2.agile/
 │   │   └── style.css                  # CSS principale (~1600 righe)
 │   ├── js/
 │   │   ├── api.js                     # Client API (270 righe, tutti gli endpoint)
-│   │   └── common.js                  # Utility condivise (sidebar, notifiche, etc.)
+│   │   ├── common.js                  # Utility condivise (sidebar, notifiche, etc.)
+│   │   ├── i18n.js                    # Internazionalizzazione IT/EN
+│   │   └── help.js                    # Help contestuale online
 │   └── uploads/                       # Upload directory (gitignored)
 │       └── visure/                    # PDF visure camerali
 ├── docker/
@ -155,7 +160,10 @@ nis2.agile/
 └── docs/
    ├── sql/
    │   ├── 001_initial_schema.sql     # Schema DB completo (20 tabelle)
-    │   └── 002_email_log.sql          # Tabella email_log
+    │   ├── 002_email_log.sql          # Tabella email_log
+    │   ├── 003_voluntary_compliance.sql # ALTER organizations: voluntary_compliance
+    │   ├── 004_ncr_capa.sql           # Tabelle non_conformities, corrective_actions
+    │   └── 005_consultant_support.sql # ALTER user_organizations: ruolo consultant
    ├── context/
    │   └── CONTEXT_SCHEMA_DB.md
    ├── prompts/
@ -177,10 +185,10 @@ nis2.agile/
 3. **Login** → se ha org → `dashboard.html`, altrimenti → `onboarding.html`
 4. **Dashboard** → navigazione sidebar a tutti i moduli

-## Database (21 tabelle)
-organizations, users, user_organizations, refresh_tokens, assessments, assessment_responses, risks, risk_treatments, incidents, incident_timeline, policies, suppliers, training_courses, training_assignments, assets, compliance_controls, evidence_files, audit_logs, ai_interactions, email_log
+## Database (22 tabelle)
+organizations, users, user_organizations, refresh_tokens, assessments, assessment_responses, risks, risk_treatments, incidents, incident_timeline, policies, suppliers, training_courses, training_assignments, assets, compliance_controls, evidence_files, audit_logs, ai_interactions, email_log, non_conformities, corrective_actions

-Schema: `docs/sql/001_initial_schema.sql` + `docs/sql/002_email_log.sql`
+Schema: `docs/sql/` (5 migrazioni: 001→005)

 ## Servizi

@ -220,22 +228,28 @@ Schema: `docs/sql/001_initial_schema.sql` + `docs/sql/002_email_log.sql`
 ## Git
 - **Repository**: https://git.certisource.it/AdminGit2026/nis2-agile
 - **Token Gitea**: Configurato in git credential manager (non documentare qui)
- **Branch**: main (7 commit)
+- **Branch**: main
 - **Commit format**: `[AREA] Descrizione`

 ### Cronologia Commit
 ```
+7080695 [FEAT] Ruolo Consulente + Wizard Registrazione v2
+ba21534 [DEPLOY] Migrazione a subdomain nis2.certisource.it
+92f9366 Merge branch 'main'
+d3eac7c [CORE] Rimosso credenziali da CLAUDE.md + aggiunto docs/DB_ACCESS.md
+a0fd543 [CORE] Aggiunto settings Claude Code con permessi ampi
+0a73983 [FIX] Dockerignore: allow docker/php.ini for build context
+4bd2326 [CORE] Aggiunto integrazione agile-services
+52fd45f [FEAT] i18n IT/EN, Help Online contestuale, pagina Architettura
+4e3408e [FEAT] Visura auto-fill, adesione volontaria, modulo NCR/CAPA
+517cab7 [FIX] Fix annual_turnover field name in setup-org.html
+68f8cab [POLISH] Docker setup fix + UI polish + project completion
 bcc5a2b [FIX] E2E testing - fix router, EmailService, frontend data mapping
-6f4b457 [FEAT] Add EmailService, RateLimitService, ReportService + integrations
-9aa2788 [FEAT] Add onboarding wizard with visura camerale and CertiSource integration
-73e78ea [FEAT] Add all frontend pages - complete UI for NIS2 platform
-c03d22e [FIX] Deploy fixes - Auth header passthrough, dashboard query, landing page
-ae78a2f [CORE] Initial project scaffold - NIS2 Agile Compliance Platform
 ```

 ## API Endpoints Completi

-Base: `/nis2/api/{controller}/{action}/{id?}`
+Base: `/api/{controller}/{action}/{id?}` (su subdomain https://nis2.certisource.it/)

 ### Auth: POST register, login, logout, refresh, change-password | GET me | PUT profile
 ### Organizations: POST create, classify | GET current, list, {id}/members | PUT {id} | POST {id}/invite | DELETE {id}/members/{sid}
@ -250,6 +264,7 @@ Base: `/nis2/api/{controller}/{action}/{id?}`
 ### Audit: GET controls, evidence/list, report, logs, iso27001-mapping, executive-report, export | PUT controls/{sid} | POST evidence/upload
 ### Onboarding: POST upload-visura, fetch-company, complete
 ### Admin: GET organizations, users, stats
+### NCR/CAPA: GET list, {id}, stats | POST create, fromAssessment, {id}/capa, {id}/sync, webhook | PUT {id}, capa/{subId}

 ## Stato Completamento
 Tutti i moduli sono implementati e testati:
@ -264,4 +279,9 @@ Tutti i moduli sono implementati e testati:
 3. **Frontend data mapping** - Dashboard, Assessment, Onboarding avevano nomi campo diversi dal backend
 4. **Field name mismatches** - annual_turnover→annual_turnover_eur, question_id→question_code, compliance_level→response_value

-*Ultimo aggiornamento: 2026-02-17*
+*Ultimo aggiornamento: 2026-02-20*
+
+## REGOLA: Sincronizzazione CLAUDE.md
+- Dopo QUALSIASI modifica a: URL produzione, dominio, porta, path, schema DB, architettura -> **AGGIORNARE CLAUDE.md IMMEDIATAMENTE**
+- CLAUDE.md e la "single source of truth" del progetto
+- A fine sessione: verificare che CLAUDE.md rifletta lo stato reale
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -8,6 +8,7 @@ services:
      dockerfile: docker/Dockerfile
    container_name: nis2-app
    restart: unless-stopped
+    mem_limit: 256m
    volumes:
      - ../application:/var/www/nis2-agile/application
      - ../public:/var/www/nis2-agile/public
@ -35,6 +36,7 @@ services:
    image: nginx:1.27-alpine
    container_name: nis2-web
    restart: unless-stopped
+    mem_limit: 128m
    ports:
      - "${WEB_PORT:-8080}:8080"
    volumes:
@ -51,13 +53,14 @@ services:
    image: mysql:8.0
    container_name: nis2-db
    restart: unless-stopped
+    mem_limit: 512m
    environment:
      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD:-rootpass}
      MYSQL_DATABASE: ${DB_NAME:-nis2_agile_db}
      MYSQL_USER: ${DB_USER:-nis2_user}
      MYSQL_PASSWORD: ${DB_PASS}
    ports:
-      - "${DB_EXPOSE_PORT:-3307}:3306"
+      - "127.0.0.1:${DB_EXPOSE_PORT:-3307}:3306"
    volumes:
      - nis2-db-data:/var/lib/mysql
      - ../docs/sql/001_initial_schema.sql:/docker-entrypoint-initdb.d/001_initial_schema.sql:ro