nis2-agile

AdminGit2026/nis2-agile

Author	SHA1	Message	Date
DevEnv nis2-agile	c37423f900	[DOCS] CONTEXT_LAST_SESSION: BigSim v2.0 completata + bug fix log	2026-03-17 15:59:41 +01:00
DevEnv nis2-agile	56df54f8b1	[FEAT] Services API: full-snapshot endpoint + BigSim SSE wrapper - ServicesController: nuovo endpoint GET /api/services/full-snapshot Aggrega gap-analysis, measures, incidents, training, deadlines, compliance-summary in una sola chiamata (reduce 6 round-trip → 1) Parametro ?days=N per finestra deadlines (default 30, max 365) - public/index.php: route GET:fullSnapshot aggiunta all'action map services - public/simulate-nis2-big.php: wrapper SSE per simulate-nis2-big.php Esegue il simulatore come sottoprocesso CLI con NIS2_SSE=1 e streama l'output al browser tramite Server-Sent Events Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-17 15:16:00 +01:00
DevEnv nis2-agile	8304da91b4	[DOCS] Aggiornamento contesto sessione 2026-03-10	2026-03-10 12:04:01 +01:00
DevEnv nis2-agile	545e01948f	[DOCS] Big simulation prompt: 10 aziende, copertura totale API, lg231-pattern	2026-03-10 11:01:13 +01:00
DevEnv nis2-agile	1382530189	[FEAT] Sistema Segnalazioni & Risoluzione AI (feedback) Adattato da alltax.it — il sistema più maturo testato con utenti reali. Backend: - FeedbackController: 6 endpoint (submit, mine, list, show, update, resolve) - FeedbackService: createReport + classifyWithAI + broadcastResolution - AIService::classifyFeedback() — 10s timeout, 500 token, JSON puro - EmailService::sendFeedbackResolved() — broadcast email org - DB migration 014: tabella feedback_reports Frontend: - feedback.js: FAB rosso #EF4444, modal 2 fasi (form → AI → password gate) - Tab "Le mie segnalazioni" con badge status - Auto-init su tutte le pagine autenticate (common.js::checkAuth) - api.js: 6 metodi client; style.css: stili completi Worker: - scripts/feedback-worker.php: cron ogni 30 min → docker exec nis2-agile-devenv + Claude Code CLI → risoluzione autonoma con POST /api/feedback/{id}/resolve Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-10 08:51:52 +01:00
DevEnv nis2-agile	902423d768	[DOCS] Aggiorna CONTEXT_LAST_SESSION: sprint fix simulazione + test suite ✓36/36	2026-03-09 10:24:09 +01:00
DevEnv nis2-agile	4be541e9b5	[FIX] reset-demo.sql: gestione trigger audit_log + drop/recreate Il trigger prevent_audit_log_delete blocca DELETE e interrompe lo script. Fix: drop triggers prima di DELETE audit_logs, poi ricrea. Richiede esecuzione con utente root MySQL. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:51:40 +01:00
DevEnv nis2-agile	eddc2fe79d	[FIX] reset-demo.sql: adatta a struttura reale DB (incident_timeline, capa_actions, email_log, users) - incident_timeline: join su incidents (no organization_id diretto) - corrective_actions → capa_actions, non_conformity_id → ncr_id - email_log: filtra per recipient LIKE '%.demo%' (no organization_id) - users INSERT: first_name/last_name/status → full_name/is_active Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:04:48 +01:00
DevEnv nis2-agile	89fd201bc2	[AI+HELP+I18N] Help workflow, traduzioni IT/EN, schema 5 livelli AI - help.js: aggiunta sezione workflow (Compliance Journey) + pageMap entry - i18n.js: 16 chiavi IT/EN per workflow (fasi, stati, etichette) - docs/AI_LEVELS_SCHEMA.md: schema architettura 5 livelli AI con privacy matrix L1 Guida (safe), L2 Operativo, L3 Aziendale (anonimizzato), L4 Cross-Org (k-anonymity), L5 Normativo Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 08:05:36 +01:00
DevEnv nis2-agile	c906a6eff3	[DB] Fix migration 013: MySQL 8.0 compat + script deploy idempotente - Rimosso ADD COLUMN IF NOT EXISTS (non supportato MySQL 8.0 standard) - Aggiunto deploy_013.sh: script bash idempotente con check information_schema Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:48:53 +01:00
DevEnv nis2-agile	f7347ccd8c	[CONTEXT+MKTG] Contesto sessione + HTML migliorati per comunicazione terze parti - CONTEXT_LAST_SESSION.md: documento completo di tutto lo sprint B2B - mktg-api-doc.html: Quick Start box con chiave attiva, flusso visivo 4 step, curl pronti - integrazioniext.html tab Inviti: tabella "Chi fa cosa" per ruolo, sezione mktg-agile con chiave API + 3 curl pronti, Quick Start aggiornato con tabella risorse per destinatario Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:37:14 +01:00
DevEnv nis2-agile	d407fd0510	[MKTG-API] Documentazione + auth API Key per licenze - InviteController: requireLicenseAuth() accetta X-API-Key (scope admin:licenses) oppure JWT super_admin — tutti i metodi admin aggiornati - mktg-api-doc.html: risponde alle 6 domande del marketing con esempi curl, tabelle risposta, riepilogo endpoint, link Postman collection - nis2-license-api.postman.json: collection completa (login, create, list, revoke, regenerate, validate, provision) con pre-script salva JWT/invite_id Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:05:18 +01:00
DevEnv nis2-agile	cb0988da27	[LICENSE] Gestione licenze marketing + campi commerciali estesi - licenseExt.html: dashboard marketing per generare/gestire licenze Login JWT super_admin, stats strip (totali/usate/orgs/utenti), form genera con label/piano/durata/max-aziende/max-utenti/prezzo/reseller, lista paginata con filtri stato+canale, dettaglio modale, revoca/rigenera, export CSV e copia token/URL - Migration 013: invites +max_users_per_org, +price_eur, +reseller_name organizations +license_max_users (da provisioning) - InviteController::create() gestisce nuovi campi, validate() espone max_users_per_org - ServicesController::provision() salva license_max_users nell'org Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 15:34:38 +01:00
DevEnv nis2-agile	612befd66d	[INVITE] Sistema inviti/licenze B2B + provisioning con invite_token - InviteController: CRUD inviti (gen, list, show, revoke, rigenera, validate) - Token inv_* sha256-hashed, one-shot o multi-use, canali, scadenza - ServicesController::provision() accetta invite_token al posto di X-Provision-Secret Piano e durata forzati dall'invito, markUsed() chiaamto dopo provisioning riuscito - index.php: routing /api/invites/* aggiunto (controller + action map) - integrazioniext.html: nuovo tab "Inviti & Licenze" con flow completo, endpoints, esempi curl/php, guida lg231 aggiornata con sezione provisioning automatico Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 15:22:25 +01:00
DevEnv nis2-agile	6933e1d3fb	[INTEG] Provisioning B2B automatico + fix JWT helpers - POST /api/services/provision: onboarding automatico tenant da lg231 - X-Provision-Secret auth (master secret, non org-specific) - Crea org (con tutti i dati lg231: P.IVA, ATECO, sede, PEC, fatturato) - Crea admin user con password temporanea (must_change_password=1) - Genera API Key scope [read:all, write:all, admin:org, sso:login] - Emette JWT 2h per apertura immediata UI - Callback webhook a lg231 con api_key - Idempotent: stessa P.IVA → restituisce org esistente - Audit: org.provisioned severity=critical - config.php: PROVISION_SECRET (env var) - BaseController: base64UrlEncode/Decode da private → protected - Migration 011: colonne provisioning + must_change_password + indexes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 15:02:11 +01:00
DevEnv nis2-agile	5ecdce7d47	[INTEG] Pagina integrazioni esterne + spec lg231↔NIS2 - public/integrazioniext.html: pagina pubblica con 4 tab (Services API, Guida lg231, Webhook, Quick Start) — link in sidebar - docs/integration/lg231-nis2-integration.md: spec tecnica completa per agente Claude lg231 (provider-config, Nis2Client, widget, escalation OdV) - common.js: voce sidebar → integrazioniext.html Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:43:59 +01:00
DevEnv nis2-agile	3321509d02	[TEST] Bottone ⚡ Reset+Simula+Testa Tutto + preserva admin Benassati - test-runner.php: bottone verde scuro in cima al tab Test che esegue reset DB → simulazioni → smoke test in sequenza - reset-demo.sql: INSERT ON DUPLICATE KEY per cristiano.benassati@gmail.com (super_admin, Silvia1978!@) — sopravvive a qualsiasi reset - Tab Credenziali: admin permanente in cima alla tabella Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:35:20 +01:00
DevEnv nis2-agile	07c1a71685	[MIGRATE] Migrazione a nis2.agile.software - Tutti i riferimenti nis2.certisource.it → nis2.agile.software - Apache vhost HTTP nis2.agile.software attivo su Hetzner - Script setup-nis2-agile-software.sh: certbot SSL + redirect da vecchio dominio - .env server: APP_URL aggiornato a https://nis2.agile.software - CLAUDE.md, docs commerciali, integrazioni, API docs aggiornati DNS da aggiungere in Cloudflare: nis2.agile.software A 135.181.149.254 (proxy OFF) Poi eseguire: bash /opt/devenv/scripts/setup-nis2-agile-software.sh Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:07:10 +01:00
DevEnv nis2-agile	874eabb6fc	[FEAT] Simulazioni Demo + Audit Trail Certificato SHA-256 - 5 scenari reali: Onboarding, Ransomware Art.23, Data Breach Supply Chain, Whistleblowing SCADA, Audit Hash Chain Verification - simulate-nis2.php: 3 aziende (DataCore/MedClinic/EnerNet), 10 fasi, CLI+SSE - AuditService.php: hash chain SHA-256 stile lg231 (prev_hash+entry_hash) - Migration 010: prev_hash, entry_hash, severity, performed_by su audit_logs - AuditController: GET chain-verify + GET export-certified - reset-demo.sql: reset dati demo idempotente - public/simulate.html: web runner SSE con console dark-theme - Sidebar: link Simulazione Demo + Integrazioni Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:56:53 +01:00
DevEnv nis2-agile	a8ef41dc35	[FIX] Migration SQL: INT NOT NULL per FK verso organizations/users (signed) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:22:08 +01:00
DevEnv nis2-agile	86e9bdded2	[FEAT] Services API, Webhook, Whistleblowing, Normative + integrazioni Sprint completo — prodotto presentation-ready: Services API (read-only, API Key + scope): - GET /api/services/status\|compliance-summary\|risks-feed\|incidents-feed - GET /api/services/controls-status\|assets-critical\|suppliers-risk\|policies-approved - GET /api/services/openapi (spec OpenAPI 3.0.3 JSON) Webhook Outbound (Stripe-like HMAC-SHA256): - CRUD api_keys + webhook_subscriptions (Settings → 2 nuovi tab) - WebhookService: retry 3x backoff (0s/5min/30min), delivery log - Trigger auto in IncidentController, RiskController, PolicyController - Delivery log, test ping, processRetry Nuovi moduli: - WhistleblowingController (Art.32 NIS2): anonimato garantito, timeline, token tracking - NormativeController: feed NIS2/ACN/DORA con ACK tracciato per audit Frontend: - whistleblowing.html: form submit anonimo/firmato + gestione CISO - normative.html: feed con presa visione documentata + progress bar ACK - public/docs/api.html: documentazione API dark theme (Swagger-like) - settings.html: tab API Keys + tab Webhook - integrations/: guide per lg231, SustainAI, AllRisk, SIEM (widget + codice) - Sidebar: Segnalazioni + Normative aggiunte a common.js DB: migration 007 (api_keys, webhook_subscriptions, webhook_deliveries), 008 (whistleblowing_reports + timeline), 009 (normative_updates + normative_ack + seed NIS2/ACN/DORA/ISO) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:20:24 +01:00
CertiSource Server	32bfb82d4b	[SERVER] Auto-commit: allineamento repository	2026-02-24 12:56:23 +00:00
DevEnv nis2-agile	c2aaebd6c1	[COMMERCIAL] Landing page NIS2 Agile + aggiornamento AgentAI Hub - Aggiunta docs/commercial/landing-nis2-agile.html (landing page 7 sezioni) Hero con mockup dashboard, trust bar compliance, problema/soluzione, 5-step come funziona, 4 metriche, CTA finale. Palette cyan dark, responsive. - AgentAI Hub (agentai.certisource.it): products.json NIS2 corretto (Vanilla JS, releaseDate Q1 2026, 8 features, links completi) - Presentazione aggiornata: Tailwind→CSS3, slide Pricing aggiunta (ora 9 slide) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 14:32:04 +01:00
DevEnv nis2-agile	1bfca3fbe3	[DOCS+I18N] Guida aggiornata, i18n idle timeout, 3 documenti commerciali - help.js: aggiornate sezioni per idle timeout, banner AI dismissible, matrice rischi real-time - i18n.js: aggiunte 5 chiavi session.* per idle timeout (IT/EN) - common.js: _showIdleWarning() usa I18n.t() per testi IT/EN - docs/commercial/scheda-commerciale.html: scheda A4 stampabile (problema/soluzione, moduli, AI, target) - docs/commercial/scheda-tecnica.html: specifiche stack, architettura, API, DB, sicurezza, deploy - docs/commercial/presentazione.html: presentazione 10 slide completa (contesto, moduli, AI, compliance, ROI, roadmap) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:43:17 +01:00
DevEnv nis2-agile	f5884b32d3	[FIX] Migration 006: usa stored procedure per indici condizionali Compatibilita' MySQL 8.0: rimosso CREATE INDEX IF NOT EXISTS, rimosso DELIMITER per trigger (incompatibile con pipe stdin). Migration semplificata con solo CREATE INDEX e ALTER TABLE IF NOT EXISTS. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:08:44 +01:00
DevEnv nis2-agile	a5eb84108a	[FIX] Migration 006: usa stored procedure per indici condizionali Compatibilita' MySQL 8.0: CREATE INDEX IF NOT EXISTS non supportato, uso procedura helper con check su information_schema.statistics Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:05:04 +01:00
DevEnv nis2-agile	18dec35380	[FIX] Migration 006: fix sintassi CREATE INDEX per MySQL 8.0 Sostituito ALTER TABLE ADD INDEX IF NOT EXISTS con CREATE INDEX IF NOT EXISTS per compatibilita' MySQL 8.0.x Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:04:16 +01:00
DevEnv nis2-agile	782389849f	[SEC+UX] Hardening sicurezza + miglioramenti UX pre-audit SICUREZZA: - index.php: rimosso CORS wildcard in debug mode (solo origini autorizzate) - AuthController: getClientIP() con X-Forwarded-For sicuro (proxy-aware) - AuthController: refresh token con SELECT FOR UPDATE in transazione atomica - AIService: anonimizzazione dati org nei prompt Anthropic API (no nome/fatturato) UX AUDIT-READY: - dashboard.html: gauge rinominato 'Avanzamento implementazione misure Art.21' - incidents.html: decision tree Art.23 con 5 criteri per 'Is Significant?' - policies.html: banner warning obbligatorio su bozze generate da AI - risks.html: tooltip dettagliati scala Likelihood/Impact (ISO 27005) - assessment.html: progress bar % completamento risposta domande DB: - migration 006: indici performance + audit_log immutabile (trigger) + soft delete Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:01:33 +01:00
DevEnv nis2-agile	7080695d06	[FEAT] Ruolo Consulente + Wizard Registrazione v2 - register.html: step 0 scelta profilo (Azienda / Consulente) - onboarding.html: wizard 4-step con P.IVA obbligatoria (auto-fetch CertiSource) - companies.html: nuova dashboard consulente con cards aziende e compliance score - common.js: org-switcher sidebar + role labels corretti per consulente - login.html: routing post-login (consulente → companies.html) - api.js: isConsultant(), setUserRole(), register con user_type - AuthController: user_type=consultant → role=consultant in users table - OnboardingController: multi-org per consulente, duplicate VAT check - 005_consultant_support.sql: aggiunge 'consultant' a user_organizations.role ENUM Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 08:53:30 +01:00
Cristiano Benassati	d3eac7ce38	[CORE] Rimosso credenziali da CLAUDE.md + aggiunto docs/DB_ACCESS.md Password DB e token Gitea rimossi dal file tracciato, creato DB_ACCESS.md dedicato. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-18 17:21:57 +01:00
Cristiano Benassati	4e3408e9f6	[FEAT] Visura auto-fill, adesione volontaria, modulo NCR/CAPA 1. Fix auto-fill visura: mapping corretto suggested_sector e employees_range, indicatori visivi verdi sui campi auto-compilati, fatturato sempre manuale 2. Adesione volontaria: colonna voluntary_compliance, checkbox in onboarding step 5 quando not_applicable, toggle in settings, reset su ri-classificazione 3. Modulo NCR/CAPA: NonConformityController con 10 endpoint API, tabelle non_conformities + capa_actions, generazione NCR dai gap assessment, predisposizione integrazione SistemiG.agile (webhook + sync) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-18 08:12:57 +01:00
Cristiano Benassati	6f4b457ce0	[FEAT] Add EmailService, RateLimitService, ReportService + integrations Services: - EmailService: CSIRT notifications (24h/72h/30d), training alerts, welcome email - RateLimitService: File-based rate limiting for auth and AI endpoints - ReportService: Executive HTML report, CSV exports (risks/incidents/controls/assets) Integrations: - AuthController: Rate limiting on login (5/min, 20/h) and register (3/10min) - IncidentController: Email notifications on CSIRT milestones - AuditController: Executive report and CSV export endpoints - Router: 429 rate limit error handling, new audit export routes Database: - Migration 002: email_log table for notification tracking Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 19:12:46 +01:00
Cristiano Benassati	ae78a2f7f4	[CORE] Initial project scaffold - NIS2 Agile Compliance Platform Complete MVP implementation including: - PHP 8.4 backend with Front Controller pattern (80+ API endpoints) - Multi-tenant architecture with organization_id isolation - JWT authentication (HS256, 2h access + 7d refresh tokens) - 14 controllers: Auth, Organization, Assessment, Dashboard, Risk, Incident, Policy, SupplyChain, Training, Asset, Audit, Admin - AI Service integration (Anthropic Claude API) for gap analysis, risk suggestions, policy generation, incident classification - NIS2 gap analysis questionnaire (~80 questions, 10 categories) - MySQL schema (20 tables) with NIS2 Art. 21 compliance controls - NIS2 Art. 23 incident reporting workflow (24h/72h/30d) - Frontend: login, register, dashboard, assessment wizard, org setup - Docker configuration (PHP-FPM + Nginx + MySQL) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 17:50:18 +01:00

33 Commits