nis2-agile

AdminGit2026/nis2-agile

Author	SHA1	Message	Date
DevEnv nis2-agile	1602438aac	[FIX] Simulazione: warning residui + provision JWT standard - ServicesController::provision(): JWT usa user_id (standard requireAuth) - simulate-nis2.php: classifyOrg null-safe per entity_type - simulate-nis2.php: completeOnboarding usa PUT /organizations/{id} invece di /onboarding/complete (evita 409 quando org già esiste) - simulate-nis2.php: supplier.critical rimosso da $supDef (was extra field) - EmailService: rimosso sent_at (non in email_log schema) - WebhookService: status ?? 'detected' (null-safe) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 10:00:59 +01:00
DevEnv nis2-agile	13df162ec4	[FIX] SIM-06 + EmailService + WebhookService + supplier assessment - ServicesController::provision(): created_by usa userId (INT) non string - EmailService::logEmail(): rimosso sent_at (colonna non esiste in email_log) - WebhookService::incidentPayload(): status ?? 'detected' (null-safe) - simulate-nis2.php: supplier assessment usa formato assessment_responses corretto [{question, weight, value: yes\|partial\|no}] Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:56:39 +01:00
DevEnv nis2-agile	4be541e9b5	[FIX] reset-demo.sql: gestione trigger audit_log + drop/recreate Il trigger prevent_audit_log_delete blocca DELETE e interrompe lo script. Fix: drop triggers prima di DELETE audit_logs, poi ricrea. Richiede esecuzione con utente root MySQL. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:51:40 +01:00
DevEnv nis2-agile	9f9f967d52	[FIX] simulate-nis2: allineamento completo a schema DB reale - ensureUser: seed-first (1 login call invece di 2) → evita rate limit - Risk category: technical→cyber, data_breach→compliance, availability→operational, human_factor→human (enum reale: cyber,operational,compliance,supply_chain,physical,human) - Risk: rimosso status:'open' (default 'identified' nel DB) - Policy: type→category nel createPolicy, aggiunto mappa cryptography→encryption, data_protection→information_security, risk_management→vulnerability_management - Incident SIM-02/03: category→classification, valori corretti (cyber_attack/data_breach), affected_systems→affected_services, rimosso estimated_impact, status investigating→analyzing, status resolved→recovering, aggiunto detected_at (campo required) - Onboarding: org_name→name, employees_count→employee_count - Classify: aggiunti employee_count e annual_turnover_eur (required) - Supplier: risk_level→criticality, rimosso is_critical Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:48:42 +01:00
DevEnv nis2-agile	ef8b7a90e4	[FIX] Simulator: P.IVA checksum + ServicesController: sectorMap + role enum - simulate-nis2.php: P.IVA demo corrette con checksum Luhn validi (09876543217, 07654321095, 05432109873, 99887766550) - ServicesController::provision(): sectorMap rimappato a valori enum reali (es: 'energia'→'energy', 'finanza'→'banking', 'ict'→'ict_services') - ServicesController::provision(): user_organizations.role 'super_admin'→'org_admin' (super_admin non è nel enum di user_organizations) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:38:02 +01:00
DevEnv nis2-agile	48317e0556	[FIX] Simulator + ServicesController: allineamento a schema DB reale simulate-nis2.php: - sector: ict → ict_services, healthcare → health (enum DB corretto) - employee_count (non employees_count) per OrganizationController ServicesController::provision(): - INSERT organizations: rimossi campi non esistenti (legal_form, ateco_code, etc.) - Usa colonne reali: name, vat_number, employee_count, sector, entity_type, is_active - entity_type: voluntary → not_applicable (enum non supporta voluntary) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:30:20 +01:00
DevEnv nis2-agile	eb31a0a504	[FIX] simulate-nis2: seed DB diretto per evitare rate limit registrazione - dbSeedUser(): inserisce utenti demo direttamente nel DB MySQL (bypass HTTP rate limit) - ensureUser(): usa dbSeedUser() come metodo primario, API /register come fallback - Rimosse le 2 chiamate register doppie (DEMO_EMAIL + email reale) - Aggiunto seed consultant@nis2agile.demo + membership a tutte le org demo Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:12:45 +01:00
DevEnv nis2-agile	d51c365e46	[FIX] ServicesController + simulate-nis2: adatta a schema users reale (full_name, is_active) - ServicesController::provision(): INSERT users usa full_name/is_active (non first_name/last_name/status) - ServicesController::ssoLogin(): stesso fix per SSO user creation - simulate-nis2::ensureUser(): registration payload usa full_name (non first_name+last_name) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:09:07 +01:00
DevEnv nis2-agile	eddc2fe79d	[FIX] reset-demo.sql: adatta a struttura reale DB (incident_timeline, capa_actions, email_log, users) - incident_timeline: join su incidents (no organization_id diretto) - corrective_actions → capa_actions, non_conformity_id → ncr_id - email_log: filtra per recipient LIKE '%.demo%' (no organization_id) - users INSERT: first_name/last_name/status → full_name/is_active Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:04:48 +01:00
DevEnv nis2-agile	fca3ab3cf8	[TEST] Test Runner v2: aggiunto L6 AI Features (Cross-Analysis, Normative, Whistleblowing) - Livello L6 con 6 test: portfolio, history, analyze AI, 403 role check, normative, whistleblowing - CSS badge lvl-l6 verde smeraldo - Coverage table: 27 → 35 endpoint (8 nuovi L6) - Full Suite aggiornata L1→L6 con step L3 e L6 funzionanti - Header doc aggiornato Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:01:28 +01:00
DevEnv nis2-agile	19a9e5622d	[FEAT] L4 AI Cross-Analysis — analisi aggregata multi-org per consulenti - CrossAnalysisController.php: analyze/history/portfolio (k-anonymity min 2 org) - AIService::crossOrgAnalysis(): aggregazione 9 dimensioni, zero PII nel prompt - cross-analysis.html: chat UI purple theme, 3 tab, quick questions, portfolio stats - index.php: routing /api/cross-analysis/{analyze,history,portfolio} - common.js: link "AI Cross-Analysis" in sidebar sezione Gestione - docs/AI_LEVELS_SCHEMA.md: schema architetturale L1-L5 con matrice privacy Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 08:17:53 +01:00
DevEnv nis2-agile	89fd201bc2	[AI+HELP+I18N] Help workflow, traduzioni IT/EN, schema 5 livelli AI - help.js: aggiunta sezione workflow (Compliance Journey) + pageMap entry - i18n.js: 16 chiavi IT/EN per workflow (fasi, stati, etichette) - docs/AI_LEVELS_SCHEMA.md: schema architettura 5 livelli AI con privacy matrix L1 Guida (safe), L2 Operativo, L3 Aziendale (anonimizzato), L4 Cross-Org (k-anonymity), L5 Normativo Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 08:05:36 +01:00
DevEnv nis2-agile	3e8f24eb49	[FEAT] Compliance Journey — workflow visivo 6 fasi NIS2 - workflow.html: roadmap orizzontale 6 fasi (Preparazione→Valutazione→Rischi→Implementazione→Monitoraggio→Reportistica) - Dati reali da 9 API in parallelo (assessment, rischi, policy, asset, fornitori, formazione, controlli) - Auto-selezione fase attiva + dettaglio step con metriche live - Banner "prossima azione consigliata" contestuale - Aggiunto link "Compliance Journey" nella sidebar (sezione Principale) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 07:54:15 +01:00
DevEnv nis2-agile	ab0e3755f4	[BACKEND] Completa backend: validate-invite, lookup-piva, ruoli, SIM-06 AuthController: - register() accetta `role` diretto (compliance_manager, org_admin, auditor, board_member, consultant) - Aggiunto validateInvite() → POST /api/auth/validate-invite (no auth) OnboardingController: - Aggiunto lookupPiva() → POST /api/onboarding/lookup-piva (no auth, rate limit 10/min) usato da register.html per P.IVA lookup pre-login Router (index.php): - Aggiunto POST:validateInvite e POST:lookupPiva api.js: - register() invia sia `role` che `user_type` per retrocompatibilità simulate-nis2.php: - SIM-06: B2B provisioning via X-Provision-Secret → org + JWT + API Key - Filtro NIS2_SIM=SIM06 via goto per skip SIM-01→05 indipendenti - readEnvValue() helper per leggere PROVISION_SECRET da .env register.html: - lookupPiva usa /onboarding/lookup-piva (endpoint pubblico) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 17:23:16 +01:00
DevEnv nis2-agile	e4e7d94043	[UX] Standardizzazione login/register/onboarding + Test Runner v2 login.html: eye toggle, forgot password, auth-terms footer register.html: wizard 3-step, 5 ruoli NIS2, invite_token URL, P.IVA lookup onboarding.html: Font Awesome, brand color cyan (#06B6D4) test-runner.php: L1-L5 test levels, SIM-06 B2B, tab Coverage/Stats, DB row counts, run history (localStorage), 5 tabs totali Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 17:11:25 +01:00
DevEnv nis2-agile	47a7a25d35	[FIX] InviteController: array_slice(-0) → $where corretto per COUNT query array_slice($where, 0, -0) in PHP restituisce array vuoto (−0=0), generando SQL invalido "WHERE " → PDOException 1064. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:50:37 +01:00
DevEnv nis2-agile	9ccf2a72b5	[FIX] Database::execute() → Database::query() in 5 controller Database non ha metodo execute() — corretto in: InviteController, ServicesController, WebhookController, NormativeController, WhistleblowingController. Causa del HTTP 500 su tutti gli endpoint /api/invites/*. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:49:58 +01:00
DevEnv nis2-agile	c906a6eff3	[DB] Fix migration 013: MySQL 8.0 compat + script deploy idempotente - Rimosso ADD COLUMN IF NOT EXISTS (non supportato MySQL 8.0 standard) - Aggiunto deploy_013.sh: script bash idempotente con check information_schema Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:48:53 +01:00
DevEnv nis2-agile	f7347ccd8c	[CONTEXT+MKTG] Contesto sessione + HTML migliorati per comunicazione terze parti - CONTEXT_LAST_SESSION.md: documento completo di tutto lo sprint B2B - mktg-api-doc.html: Quick Start box con chiave attiva, flusso visivo 4 step, curl pronti - integrazioniext.html tab Inviti: tabella "Chi fa cosa" per ruolo, sezione mktg-agile con chiave API + 3 curl pronti, Quick Start aggiornato con tabella risorse per destinatario Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:37:14 +01:00
DevEnv nis2-agile	13eb8ae8a8	[SETTINGS] Aggiunto scope admin:licenses, admin:org, sso:login al form API Keys	2026-03-07 16:28:15 +01:00
DevEnv nis2-agile	39e21878f1	[MKTG-API] Fix: Postman collection in public root	2026-03-07 16:05:49 +01:00
DevEnv nis2-agile	d407fd0510	[MKTG-API] Documentazione + auth API Key per licenze - InviteController: requireLicenseAuth() accetta X-API-Key (scope admin:licenses) oppure JWT super_admin — tutti i metodi admin aggiornati - mktg-api-doc.html: risponde alle 6 domande del marketing con esempi curl, tabelle risposta, riepilogo endpoint, link Postman collection - nis2-license-api.postman.json: collection completa (login, create, list, revoke, regenerate, validate, provision) con pre-script salva JWT/invite_id Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:05:18 +01:00
DevEnv nis2-agile	cb0988da27	[LICENSE] Gestione licenze marketing + campi commerciali estesi - licenseExt.html: dashboard marketing per generare/gestire licenze Login JWT super_admin, stats strip (totali/usate/orgs/utenti), form genera con label/piano/durata/max-aziende/max-utenti/prezzo/reseller, lista paginata con filtri stato+canale, dettaglio modale, revoca/rigenera, export CSV e copia token/URL - Migration 013: invites +max_users_per_org, +price_eur, +reseller_name organizations +license_max_users (da provisioning) - InviteController::create() gestisce nuovi campi, validate() espone max_users_per_org - ServicesController::provision() salva license_max_users nell'org Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 15:34:38 +01:00
DevEnv nis2-agile	612befd66d	[INVITE] Sistema inviti/licenze B2B + provisioning con invite_token - InviteController: CRUD inviti (gen, list, show, revoke, rigenera, validate) - Token inv_* sha256-hashed, one-shot o multi-use, canali, scadenza - ServicesController::provision() accetta invite_token al posto di X-Provision-Secret Piano e durata forzati dall'invito, markUsed() chiaamto dopo provisioning riuscito - index.php: routing /api/invites/* aggiunto (controller + action map) - integrazioniext.html: nuovo tab "Inviti & Licenze" con flow completo, endpoints, esempi curl/php, guida lg231 aggiornata con sezione provisioning automatico Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 15:22:25 +01:00
DevEnv nis2-agile	6933e1d3fb	[INTEG] Provisioning B2B automatico + fix JWT helpers - POST /api/services/provision: onboarding automatico tenant da lg231 - X-Provision-Secret auth (master secret, non org-specific) - Crea org (con tutti i dati lg231: P.IVA, ATECO, sede, PEC, fatturato) - Crea admin user con password temporanea (must_change_password=1) - Genera API Key scope [read:all, write:all, admin:org, sso:login] - Emette JWT 2h per apertura immediata UI - Callback webhook a lg231 con api_key - Idempotent: stessa P.IVA → restituisce org esistente - Audit: org.provisioned severity=critical - config.php: PROVISION_SECRET (env var) - BaseController: base64UrlEncode/Decode da private → protected - Migration 011: colonne provisioning + must_change_password + indexes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 15:02:11 +01:00
DevEnv nis2-agile	29aaf5db88	[INTEG] Aggiorna integrazioniext.html con token exchange, SSO e audit Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:47:10 +01:00
DevEnv nis2-agile	1f534db33a	[INTEG] Token exchange + SSO federato + Audit trail chiamate esterne ServicesController: - POST /api/services/token: lg231 invia API key → riceve JWT 15min - POST /api/services/sso: SSO federato con identità utente + responsabilità → crea/trova utente NIS2 + emette JWT 2h con ruolo e responsibilities - Audit trail: ogni chiamata esterna autenticata loggata (api.external_call) - SSO login loggato come auth.sso_login severity=warning con responsabilità Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:46:27 +01:00
DevEnv nis2-agile	5ecdce7d47	[INTEG] Pagina integrazioni esterne + spec lg231↔NIS2 - public/integrazioniext.html: pagina pubblica con 4 tab (Services API, Guida lg231, Webhook, Quick Start) — link in sidebar - docs/integration/lg231-nis2-integration.md: spec tecnica completa per agente Claude lg231 (provider-config, Nis2Client, widget, escalation OdV) - common.js: voce sidebar → integrazioniext.html Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:43:59 +01:00
DevEnv nis2-agile	3321509d02	[TEST] Bottone ⚡ Reset+Simula+Testa Tutto + preserva admin Benassati - test-runner.php: bottone verde scuro in cima al tab Test che esegue reset DB → simulazioni → smoke test in sequenza - reset-demo.sql: INSERT ON DUPLICATE KEY per cristiano.benassati@gmail.com (super_admin, Silvia1978!@) — sopravvive a qualsiasi reset - Tab Credenziali: admin permanente in cima alla tabella Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:35:20 +01:00
DevEnv nis2-agile	78c3fd1860	[TEST] Sposta test-runner.php in public/ (document root Apache) Il document root Apache è public/, quindi il runner deve essere accessibile da /test-runner.php?t=Nis2Test2026 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:24:29 +01:00
DevEnv nis2-agile	4d8e7c74f4	[TEST] Test Runner NIS2 Agile — pattern lg231 Single-file PHP runner con token auth (Nis2Test2026), SSE streaming, dark terminal UI. Comandi: health, smoke, sim01-05, simulate, chain-verify, reset, all. Tab: Test / Simulazioni / Credenziali demo. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:23:28 +01:00
DevEnv nis2-agile	d4a028e71f	[DOCS] CLAUDE.md: istruzioni attivazione nis2.agile.software SSL Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:09:49 +01:00
DevEnv nis2-agile	07c1a71685	[MIGRATE] Migrazione a nis2.agile.software - Tutti i riferimenti nis2.certisource.it → nis2.agile.software - Apache vhost HTTP nis2.agile.software attivo su Hetzner - Script setup-nis2-agile-software.sh: certbot SSL + redirect da vecchio dominio - .env server: APP_URL aggiornato a https://nis2.agile.software - CLAUDE.md, docs commerciali, integrazioni, API docs aggiornati DNS da aggiungere in Cloudflare: nis2.agile.software A 135.181.149.254 (proxy OFF) Poi eseguire: bash /opt/devenv/scripts/setup-nis2-agile-software.sh Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:07:10 +01:00
DevEnv nis2-agile	0fcc69ee85	[DOCS] CLAUDE.md: documentazione AuditService, simulazioni, migration 010 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:58:29 +01:00
DevEnv nis2-agile	874eabb6fc	[FEAT] Simulazioni Demo + Audit Trail Certificato SHA-256 - 5 scenari reali: Onboarding, Ransomware Art.23, Data Breach Supply Chain, Whistleblowing SCADA, Audit Hash Chain Verification - simulate-nis2.php: 3 aziende (DataCore/MedClinic/EnerNet), 10 fasi, CLI+SSE - AuditService.php: hash chain SHA-256 stile lg231 (prev_hash+entry_hash) - Migration 010: prev_hash, entry_hash, severity, performed_by su audit_logs - AuditController: GET chain-verify + GET export-certified - reset-demo.sql: reset dati demo idempotente - public/simulate.html: web runner SSE con console dark-theme - Sidebar: link Simulazione Demo + Integrazioni Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:56:53 +01:00
DevEnv nis2-agile	b23bbc55fd	[DOCS] CLAUDE.md aggiornato sprint Services/Webhook/Whistleblowing/Normative Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:26:22 +01:00
DevEnv nis2-agile	a8ef41dc35	[FIX] Migration SQL: INT NOT NULL per FK verso organizations/users (signed) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:22:08 +01:00
DevEnv nis2-agile	86e9bdded2	[FEAT] Services API, Webhook, Whistleblowing, Normative + integrazioni Sprint completo — prodotto presentation-ready: Services API (read-only, API Key + scope): - GET /api/services/status\|compliance-summary\|risks-feed\|incidents-feed - GET /api/services/controls-status\|assets-critical\|suppliers-risk\|policies-approved - GET /api/services/openapi (spec OpenAPI 3.0.3 JSON) Webhook Outbound (Stripe-like HMAC-SHA256): - CRUD api_keys + webhook_subscriptions (Settings → 2 nuovi tab) - WebhookService: retry 3x backoff (0s/5min/30min), delivery log - Trigger auto in IncidentController, RiskController, PolicyController - Delivery log, test ping, processRetry Nuovi moduli: - WhistleblowingController (Art.32 NIS2): anonimato garantito, timeline, token tracking - NormativeController: feed NIS2/ACN/DORA con ACK tracciato per audit Frontend: - whistleblowing.html: form submit anonimo/firmato + gestione CISO - normative.html: feed con presa visione documentata + progress bar ACK - public/docs/api.html: documentazione API dark theme (Swagger-like) - settings.html: tab API Keys + tab Webhook - integrations/: guide per lg231, SustainAI, AllRisk, SIEM (widget + codice) - Sidebar: Segnalazioni + Normative aggiunte a common.js DB: migration 007 (api_keys, webhook_subscriptions, webhook_deliveries), 008 (whistleblowing_reports + timeline), 009 (normative_updates + normative_ack + seed NIS2/ACN/DORA/ISO) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:20:24 +01:00
Cleanup	3f4b451e2a	[TEST] Cleanup test files	2026-02-24 16:43:11 +00:00
RoundTest	a11589d61f	[TEST-R2] Push da nis2-agile-devenv	2026-02-24 17:42:05 +01:00
CertiSource Server	32bfb82d4b	[SERVER] Auto-commit: allineamento repository	2026-02-24 12:56:23 +00:00
DevEnv nis2-agile	c2aaebd6c1	[COMMERCIAL] Landing page NIS2 Agile + aggiornamento AgentAI Hub - Aggiunta docs/commercial/landing-nis2-agile.html (landing page 7 sezioni) Hero con mockup dashboard, trust bar compliance, problema/soluzione, 5-step come funziona, 4 metriche, CTA finale. Palette cyan dark, responsive. - AgentAI Hub (agentai.certisource.it): products.json NIS2 corretto (Vanilla JS, releaseDate Q1 2026, 8 features, links completi) - Presentazione aggiornata: Tailwind→CSS3, slide Pricing aggiunta (ora 9 slide) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 14:32:04 +01:00
DevEnv nis2-agile	1bfca3fbe3	[DOCS+I18N] Guida aggiornata, i18n idle timeout, 3 documenti commerciali - help.js: aggiornate sezioni per idle timeout, banner AI dismissible, matrice rischi real-time - i18n.js: aggiunte 5 chiavi session.* per idle timeout (IT/EN) - common.js: _showIdleWarning() usa I18n.t() per testi IT/EN - docs/commercial/scheda-commerciale.html: scheda A4 stampabile (problema/soluzione, moduli, AI, target) - docs/commercial/scheda-tecnica.html: specifiche stack, architettura, API, DB, sicurezza, deploy - docs/commercial/presentazione.html: presentazione 10 slide completa (contesto, moduli, AI, compliance, ROI, roadmap) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:43:17 +01:00
DevEnv nis2-agile	59fad22c0e	[UX+SEC] Eccellenza pre-audit: idle timeout, loading states, i18n, UX polish - common.js: idle session timeout 30min con avviso countdown 5min prima del logout - common.js: checkAuth() attiva automaticamente il monitor di inattività - api.js: messaggi errore connessione usano i18n (IT/EN) tramite I18n.t() - risks.html: saveRisk() e aiSuggest() con setButtonLoading durante salvataggio - risks.html: deleteRisk() ricarica la matrice se si è in matrix view - incidents.html: createIncident() con setButtonLoading durante registrazione - policies.html: savePolicy() e saveAIGeneratedPolicy() con setButtonLoading - policies.html: banner AI-draft con pulsante X per dismissione Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:25:52 +01:00
DevEnv nis2-agile	a56401f5a9	[DOCS] CLAUDE.md: aggiunta migration 006 + data 2026-02-20 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:13:11 +01:00
DevEnv nis2-agile	f5884b32d3	[FIX] Migration 006: usa stored procedure per indici condizionali Compatibilita' MySQL 8.0: rimosso CREATE INDEX IF NOT EXISTS, rimosso DELIMITER per trigger (incompatibile con pipe stdin). Migration semplificata con solo CREATE INDEX e ALTER TABLE IF NOT EXISTS. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:08:44 +01:00
DevEnv nis2-agile	a5eb84108a	[FIX] Migration 006: usa stored procedure per indici condizionali Compatibilita' MySQL 8.0: CREATE INDEX IF NOT EXISTS non supportato, uso procedura helper con check su information_schema.statistics Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:05:04 +01:00
DevEnv nis2-agile	18dec35380	[FIX] Migration 006: fix sintassi CREATE INDEX per MySQL 8.0 Sostituito ALTER TABLE ADD INDEX IF NOT EXISTS con CREATE INDEX IF NOT EXISTS per compatibilita' MySQL 8.0.x Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:04:16 +01:00
DevEnv nis2-agile	782389849f	[SEC+UX] Hardening sicurezza + miglioramenti UX pre-audit SICUREZZA: - index.php: rimosso CORS wildcard in debug mode (solo origini autorizzate) - AuthController: getClientIP() con X-Forwarded-For sicuro (proxy-aware) - AuthController: refresh token con SELECT FOR UPDATE in transazione atomica - AIService: anonimizzazione dati org nei prompt Anthropic API (no nome/fatturato) UX AUDIT-READY: - dashboard.html: gauge rinominato 'Avanzamento implementazione misure Art.21' - incidents.html: decision tree Art.23 con 5 criteri per 'Is Significant?' - policies.html: banner warning obbligatorio su bozze generate da AI - risks.html: tooltip dettagliati scala Likelihood/Impact (ISO 27005) - assessment.html: progress bar % completamento risposta domande DB: - migration 006: indici performance + audit_log immutabile (trigger) + soft delete Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:01:33 +01:00
DevEnv nis2-agile	0e78ec24c1	[FIX] i18n funzionante + bug audit.html + help system - common.js: aggiunto i18nKey a navItems, data-i18n su sezioni e voci sidebar → toggle IT/EN ora traduce la navigazione in tempo reale - Tutte e 10 le pagine HTML: aggiunto data-i18n="*.title" agli h2 (dashboard, assessment, risks, incidents, policies, supply-chain, training, assets, reports, settings) - FIX BUG: sidebar puntava ad audit.html (inesistente) → corretto in reports.html - HelpSystem: funziona correttamente in tutte le 10 pagine (content-header-actions presente, init() chiamato) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 11:17:04 +01:00

1 2

68 Commits