nis2-agile

AdminGit2026/nis2-agile

Author	SHA1	Message	Date
DevEnv nis2-agile	21909994c2	[FEAT] Ingestion incidenti SIEM/SOC/EDR (P1) -> endpoint /services/incidents-ingest - ServicesController::ingestIncident: crea incidente Art.23 da alert esterno (scope ingest:incidents) - Dedup su external_ref (org+ref), mapSeverity (CVSS/P1-P5/stringhe -> enum) - Classificazione AI best-effort (classifyIncident: IS-1..4, severity, significativita) - Deadline Art.23 (24h/72h/30g) su incidenti significativi + webhook dispatch - Migrazione 023: incidents += source/source_system/external_ref + indice univoco dedup - Route POST:incidentsIngest in index.php Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-05-30 08:41:57 +02:00
DevEnv nis2-agile	d5d83bb3b9	[FEAT] AiController /api/ai/ask (ARIA) -> askWithRag + fix DNS Qdrant php-fpm Il FAB ARIA (common.js) chiamava POST /api/ai/ask ma il controller non esisteva (assistente AI rotto). Creato AiController::ask -> AIService::askWithRag con RAG su KB + grounding fonti certe. Verificato in produzione: rag_used=True, cita Ambiti NIS2 / Determina ACN. Fix DNS Qdrant: nei worker php-fpm (musl) getenv e gethostbyname NON funzionano per hostname Docker single-label; funziona solo un IP letterale. VectorService fallback -> 172.21.0.3 (fpm-safe); QDRANT_URL compose resta hostname per CLI. Vedi nota drift in VectorService. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-05-29 18:55:44 +02:00
DevEnv nis2-agile	5c545ea3d0	[FEAT] Integrazione analisi docs/nis2 v1.7.0 — scoring asset, tassonomia incidenti, PIR, NIST CSF, fonti certe Fase 1 - Asset Relevance Scoring NIS2 (GV.OC-04): metodologia 0-100 a 6 criteri, AssetScoringService + endpoint scoringGrid/score/relevantSystems + UI assets.html + registro stampabile. Fase 2 - Tassonomia incidenti Determina ACN 164179/2025: IS-1..4 + regime essenziale/importante (Allegati 3/4). Fase 3 - Post-Incident Review (5-Whys) + metriche TTD/TTC/TTR + timestamp di fase. Fase 4 - Mapping NIST CSF 2.0 (43 controlli) reference-only. Fonti certe: registry config/nis2_sources.php + grounding AI (vieta riferimenti inventati) + citazioni help.js + ingest PDF normativi nella KB RAG (scripts/ingest-nis2-sources.php). Migrazioni 020/021/022 (additive idempotenti). Fix VectorService IP Qdrant (drift .5->.3). Analisi concorrenza Evix (docs/EVIX_ANALISI_CONCORRENZA.html, gap-driven). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-05-29 17:15:13 +02:00
DevEnv nis2-agile	a7a21faa82	[FEAT] Knowledge Base RAG multi-livello (SYSTEM/FIRM/ORG) + Qdrant + Voyage - KnowledgeBaseController: ingest, list, firmOrgs, search, delete - VectorService (Qdrant + buildAuthzFilter), EmbedService (Voyage), RagService (pipeline) - AIService::askWithRag con fallback graceful - docker-compose: servizio qdrant + env Voyage (chiave da .env/vault, no hardcoded) - SQL 012 consulting_firms, 013 firm_assignments + kb_uploaded_documents - public/kb.html + kb.js (upload, lista, search preview) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-05-29 15:44:13 +02:00
DevEnv nis2-agile	9b53ca3ba1	[FEAT] MktgLead getJsonBody + script import-feedback-to-nexus + seed demo agile-tech Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-05-29 15:42:05 +02:00
DevEnv nis2-agile	e4f9e9179e	[FEAT] Allineamento NIS2 ↔ TRPG (Fasi 1-5): SSO + Sessions + Reset + Impersonate + Branding Implementazione completa del progetto allineamento alla suite Evix (TRPG/lg231), basato sul doc canonico docs/GAP_TRPG_NIS2_ALIGNMENT.md (5 fasi, 18 gap). Version 1.0.0 → 1.5.0 Fase 1 — SSO Federation (v1.1.0) - Migration 015_sso_columns: users.sso_identity_id + password_version - application/services/SsoHelper.php (client SSO dual-mode, cURL nativo, zero deps) - AuthController::login() + changePassword() conditional SSO (SSO_MODE=local default) Fase 2 — Multi-device Sessions (v1.2.0) - Migration 016_active_sessions: tabella + refresh_tokens.session_jti - BaseController::requireAuth() verifica jti + last_activity throttle + parseDeviceLabel - login() genera jti, logout/changePassword revoca selettiva - GET/DELETE /auth/sessions[/{id}] - UI settings.html tab Sicurezza con lista device + revoca Fase 3 — Password Reset + Tenant Switcher (v1.3.0) - Migration 017_password_reset_tokens (TTL 30min, single-use) - POST /auth/forgot-password (risposta opaca) + reset-password - Pagine forgot-password.html + reset-password.html (con strength bar) - EmailService::sendPasswordReset - POST /auth/switchContext con rotazione JWT + organization_id claim - Dropdown tenant in sidebar esposto a tutti gli utenti con ≥2 org Fase 4 — Impersonate + Preferences + Versioning UI (v1.4.0) - POST /auth/impersonate (super_admin o consulente stesso firm, TTL 1h, audit) - Migration 018_user_preferences: users.theme/timezone/notif_email/notif_inapp - GET/PUT /auth/preferences - Sidebar footer mostra versione + changelog modal su click Fase 5 — Branding white-label + Auth-gate (v1.5.0) - Migration 019_firm_branding (logo/colori/brand_name per consulting firm) - BrandingController GET /branding/current (auth opzionale) + PUT - common.js auto-applica CSS variables al boot - public/js/auth-gate.js (gate password client-side per docs riservati, da TRPG) Skip motivati: - G15 demo login: simulator esistenti coprono - G18 refactor controllers: rinviato (~5gg, valore tecnico solo) Cron sync SSO: AgileHub Ticket #220 aperto a team AGILEHUB per estendere sso-password-sync.sh al DB nis2_agile_db. Prerequisito per switch SSO_MODE=dual. Backup files: tutti i file modificati hanno .bak.pre-{fase}-{ts} sia in DEV sia in /var/www/nis2-agile/.backups/ su Hetzner (rollback ready). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-29 13:18:35 +02:00
DevEnv nis2-agile	56df54f8b1	[FEAT] Services API: full-snapshot endpoint + BigSim SSE wrapper - ServicesController: nuovo endpoint GET /api/services/full-snapshot Aggrega gap-analysis, measures, incidents, training, deadlines, compliance-summary in una sola chiamata (reduce 6 round-trip → 1) Parametro ?days=N per finestra deadlines (default 30, max 365) - public/index.php: route GET:fullSnapshot aggiunta all'action map services - public/simulate-nis2-big.php: wrapper SSE per simulate-nis2-big.php Esegue il simulatore come sottoprocesso CLI con NIS2_SSE=1 e streama l'output al browser tramite Server-Sent Events Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-17 15:16:00 +01:00
DevEnv nis2-agile	a122b49721	[FEAT] Services API: 5 nuovi endpoint lg231 (gap-analysis, measures, incidents, training, deadlines) - GET /services/gap-analysis — gap per dominio NIS2 Art.21 con mapping MOG 231 pillars - GET /services/measures — compliance_controls con mog_area e nis2_article derivati - GET /services/incidents — incidenti con Art.23 CSIRT compliance per step (24h/72h/30d) - GET /services/training — corsi + completamento board (Art.20 compliance flag) - GET /services/deadlines — scadenze aggregate da 4 sorgenti con ?days= filter Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-17 14:10:17 +01:00
DevEnv nis2-agile	cfaead6121	[FEAT] CertiSource atti-service.php integration: structured data, PAT auth, ATECO fix Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-17 14:07:16 +01:00
DevEnv nis2-agile	219479959e	[FIX] InviteController requireRole→requireSuperAdmin + OnboardingController add RateLimitService Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-10 15:54:16 +01:00
DevEnv nis2-agile	e02e0e21d0	[FEAT] licenseExt: sezione dati destinatario pre-compila form + link pronto + modale con recipient data	2026-03-10 12:00:26 +01:00
DevEnv nis2-agile	7bb92b1971	[FEAT] invite: recipient data (nome/cognome/email/piva) pre-compila form registrazione + invite_url->register.html	2026-03-10 11:57:19 +01:00
DevEnv nis2-agile	d603f3563f	[FIX] register.html: ?invite= auto-fill + placeholder corretto; lookup-piva: 500->404 graceful	2026-03-10 11:33:22 +01:00
DevEnv nis2-agile	3a382d34be	[FIX] FeedbackController/Service: u.name → u.full_name (colonna corretta) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-10 08:56:19 +01:00
DevEnv nis2-agile	1382530189	[FEAT] Sistema Segnalazioni & Risoluzione AI (feedback) Adattato da alltax.it — il sistema più maturo testato con utenti reali. Backend: - FeedbackController: 6 endpoint (submit, mine, list, show, update, resolve) - FeedbackService: createReport + classifyWithAI + broadcastResolution - AIService::classifyFeedback() — 10s timeout, 500 token, JSON puro - EmailService::sendFeedbackResolved() — broadcast email org - DB migration 014: tabella feedback_reports Frontend: - feedback.js: FAB rosso #EF4444, modal 2 fasi (form → AI → password gate) - Tab "Le mie segnalazioni" con badge status - Auto-init su tutte le pagine autenticate (common.js::checkAuth) - api.js: 6 metodi client; style.css: stili completi Worker: - scripts/feedback-worker.php: cron ogni 30 min → docker exec nis2-agile-devenv + Claude Code CLI → risoluzione autonoma con POST /api/feedback/{id}/resolve Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-10 08:51:52 +01:00
DevEnv nis2-agile	86cd5f760b	[FIX] MktgLeadController + ContactController: getRequestBody → getJsonBody Il metodo corretto in BaseController è getJsonBody(), non getRequestBody(). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 12:19:21 +01:00
DevEnv nis2-agile	b909136d53	[FIX] MktgLeadController + ContactController: rimuovi parent::__construct() BaseController non ha costruttore — la chiamata parent::__construct() causava Fatal Error "Cannot call constructor" su ogni richiesta. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 12:18:14 +01:00
DevEnv nis2-agile	b1dcd4cbd7	[FEAT] Standardizzazione lead form — allineamento a TRPG Agile MktgLeadController.php: - Endpoint POST /api/mktg-lead/submit (standard condiviso TRPG/NIS2) - Proxy a mktg.agile.software/api/webhook/leads con X-Webhook-Key server-side - Payload standard: name, email, phone, company, product_interest, source, notes - source: "nis2-landing" per tracciamento CRM - Fallback email a info@agile.software se webhook non raggiungibile - Rate limit 3/10min per IP, supporto campi IT e EN index.html — form allineato a TRPG: - Aggiunto: telefono (opzionale) - Aggiunto: tipo utilizzo (select 6 opzioni) - N° dipendenti: fasce standardizzate (<50/50-249/250-999/1000+) - Aggiunto: interesse (info/demo/accesso/integrazione B2B) - Endpoint aggiornato a /api/mktg-lead/submit - Payload mappato su campi standard EN + source: "nis2-landing" Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 12:14:42 +01:00
DevEnv nis2-agile	0a194f6f12	[FEAT] Landing NIS2: accesso su invito + form lead request - index.html: CTA "Registrati" → "Richiedi accesso" (anchor form) Badge hero "Accesso su invito — Richiedi il tuo codice per iniziare" Sezione #richiedi-accesso con form lead (nome, email, azienda, ruolo, dimensioni, messaggio) + JS submit asincrono + stato successo/errore CTA finale aggiornato con messaggio codice invito - ContactController.php: POST /api/contact/request-invite Validazione campi, rate limit 3/10min per IP, email a info@agile.software tramite EmailService con template HTML branded - index.php: route contact → ContactController + action requestInvite Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 11:23:40 +01:00
DevEnv nis2-agile	8578cb5c31	[FIX] ServicesController: query assessment_responses reale + NonConformityController: getPagination named keys	2026-03-09 10:22:40 +01:00
DevEnv nis2-agile	159d783ed7	[FIX] ServicesController: allineamento colonne DB reali (risk_level, contained_at, owner_name, company_name, category compliance_controls)	2026-03-09 10:20:43 +01:00
DevEnv nis2-agile	27ec63c28d	[FIX] ServicesController: entity_type (nis2_entity_type col non esiste) + WebhookService risk.status null-safe	2026-03-09 10:14:30 +01:00
DevEnv nis2-agile	1602438aac	[FIX] Simulazione: warning residui + provision JWT standard - ServicesController::provision(): JWT usa user_id (standard requireAuth) - simulate-nis2.php: classifyOrg null-safe per entity_type - simulate-nis2.php: completeOnboarding usa PUT /organizations/{id} invece di /onboarding/complete (evita 409 quando org già esiste) - simulate-nis2.php: supplier.critical rimosso da $supDef (was extra field) - EmailService: rimosso sent_at (non in email_log schema) - WebhookService: status ?? 'detected' (null-safe) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 10:00:59 +01:00
DevEnv nis2-agile	13df162ec4	[FIX] SIM-06 + EmailService + WebhookService + supplier assessment - ServicesController::provision(): created_by usa userId (INT) non string - EmailService::logEmail(): rimosso sent_at (colonna non esiste in email_log) - WebhookService::incidentPayload(): status ?? 'detected' (null-safe) - simulate-nis2.php: supplier assessment usa formato assessment_responses corretto [{question, weight, value: yes\|partial\|no}] Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:56:39 +01:00
DevEnv nis2-agile	ef8b7a90e4	[FIX] Simulator: P.IVA checksum + ServicesController: sectorMap + role enum - simulate-nis2.php: P.IVA demo corrette con checksum Luhn validi (09876543217, 07654321095, 05432109873, 99887766550) - ServicesController::provision(): sectorMap rimappato a valori enum reali (es: 'energia'→'energy', 'finanza'→'banking', 'ict'→'ict_services') - ServicesController::provision(): user_organizations.role 'super_admin'→'org_admin' (super_admin non è nel enum di user_organizations) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:38:02 +01:00
DevEnv nis2-agile	48317e0556	[FIX] Simulator + ServicesController: allineamento a schema DB reale simulate-nis2.php: - sector: ict → ict_services, healthcare → health (enum DB corretto) - employee_count (non employees_count) per OrganizationController ServicesController::provision(): - INSERT organizations: rimossi campi non esistenti (legal_form, ateco_code, etc.) - Usa colonne reali: name, vat_number, employee_count, sector, entity_type, is_active - entity_type: voluntary → not_applicable (enum non supporta voluntary) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:30:20 +01:00
DevEnv nis2-agile	d51c365e46	[FIX] ServicesController + simulate-nis2: adatta a schema users reale (full_name, is_active) - ServicesController::provision(): INSERT users usa full_name/is_active (non first_name/last_name/status) - ServicesController::ssoLogin(): stesso fix per SSO user creation - simulate-nis2::ensureUser(): registration payload usa full_name (non first_name+last_name) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:09:07 +01:00
DevEnv nis2-agile	19a9e5622d	[FEAT] L4 AI Cross-Analysis — analisi aggregata multi-org per consulenti - CrossAnalysisController.php: analyze/history/portfolio (k-anonymity min 2 org) - AIService::crossOrgAnalysis(): aggregazione 9 dimensioni, zero PII nel prompt - cross-analysis.html: chat UI purple theme, 3 tab, quick questions, portfolio stats - index.php: routing /api/cross-analysis/{analyze,history,portfolio} - common.js: link "AI Cross-Analysis" in sidebar sezione Gestione - docs/AI_LEVELS_SCHEMA.md: schema architetturale L1-L5 con matrice privacy Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 08:17:53 +01:00
DevEnv nis2-agile	ab0e3755f4	[BACKEND] Completa backend: validate-invite, lookup-piva, ruoli, SIM-06 AuthController: - register() accetta `role` diretto (compliance_manager, org_admin, auditor, board_member, consultant) - Aggiunto validateInvite() → POST /api/auth/validate-invite (no auth) OnboardingController: - Aggiunto lookupPiva() → POST /api/onboarding/lookup-piva (no auth, rate limit 10/min) usato da register.html per P.IVA lookup pre-login Router (index.php): - Aggiunto POST:validateInvite e POST:lookupPiva api.js: - register() invia sia `role` che `user_type` per retrocompatibilità simulate-nis2.php: - SIM-06: B2B provisioning via X-Provision-Secret → org + JWT + API Key - Filtro NIS2_SIM=SIM06 via goto per skip SIM-01→05 indipendenti - readEnvValue() helper per leggere PROVISION_SECRET da .env register.html: - lookupPiva usa /onboarding/lookup-piva (endpoint pubblico) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 17:23:16 +01:00
DevEnv nis2-agile	47a7a25d35	[FIX] InviteController: array_slice(-0) → $where corretto per COUNT query array_slice($where, 0, -0) in PHP restituisce array vuoto (−0=0), generando SQL invalido "WHERE " → PDOException 1064. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:50:37 +01:00
DevEnv nis2-agile	9ccf2a72b5	[FIX] Database::execute() → Database::query() in 5 controller Database non ha metodo execute() — corretto in: InviteController, ServicesController, WebhookController, NormativeController, WhistleblowingController. Causa del HTTP 500 su tutti gli endpoint /api/invites/*. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:49:58 +01:00
DevEnv nis2-agile	d407fd0510	[MKTG-API] Documentazione + auth API Key per licenze - InviteController: requireLicenseAuth() accetta X-API-Key (scope admin:licenses) oppure JWT super_admin — tutti i metodi admin aggiornati - mktg-api-doc.html: risponde alle 6 domande del marketing con esempi curl, tabelle risposta, riepilogo endpoint, link Postman collection - nis2-license-api.postman.json: collection completa (login, create, list, revoke, regenerate, validate, provision) con pre-script salva JWT/invite_id Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:05:18 +01:00
DevEnv nis2-agile	cb0988da27	[LICENSE] Gestione licenze marketing + campi commerciali estesi - licenseExt.html: dashboard marketing per generare/gestire licenze Login JWT super_admin, stats strip (totali/usate/orgs/utenti), form genera con label/piano/durata/max-aziende/max-utenti/prezzo/reseller, lista paginata con filtri stato+canale, dettaglio modale, revoca/rigenera, export CSV e copia token/URL - Migration 013: invites +max_users_per_org, +price_eur, +reseller_name organizations +license_max_users (da provisioning) - InviteController::create() gestisce nuovi campi, validate() espone max_users_per_org - ServicesController::provision() salva license_max_users nell'org Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 15:34:38 +01:00
DevEnv nis2-agile	612befd66d	[INVITE] Sistema inviti/licenze B2B + provisioning con invite_token - InviteController: CRUD inviti (gen, list, show, revoke, rigenera, validate) - Token inv_* sha256-hashed, one-shot o multi-use, canali, scadenza - ServicesController::provision() accetta invite_token al posto di X-Provision-Secret Piano e durata forzati dall'invito, markUsed() chiaamto dopo provisioning riuscito - index.php: routing /api/invites/* aggiunto (controller + action map) - integrazioniext.html: nuovo tab "Inviti & Licenze" con flow completo, endpoints, esempi curl/php, guida lg231 aggiornata con sezione provisioning automatico Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 15:22:25 +01:00
DevEnv nis2-agile	6933e1d3fb	[INTEG] Provisioning B2B automatico + fix JWT helpers - POST /api/services/provision: onboarding automatico tenant da lg231 - X-Provision-Secret auth (master secret, non org-specific) - Crea org (con tutti i dati lg231: P.IVA, ATECO, sede, PEC, fatturato) - Crea admin user con password temporanea (must_change_password=1) - Genera API Key scope [read:all, write:all, admin:org, sso:login] - Emette JWT 2h per apertura immediata UI - Callback webhook a lg231 con api_key - Idempotent: stessa P.IVA → restituisce org esistente - Audit: org.provisioned severity=critical - config.php: PROVISION_SECRET (env var) - BaseController: base64UrlEncode/Decode da private → protected - Migration 011: colonne provisioning + must_change_password + indexes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 15:02:11 +01:00
DevEnv nis2-agile	1f534db33a	[INTEG] Token exchange + SSO federato + Audit trail chiamate esterne ServicesController: - POST /api/services/token: lg231 invia API key → riceve JWT 15min - POST /api/services/sso: SSO federato con identità utente + responsabilità → crea/trova utente NIS2 + emette JWT 2h con ruolo e responsibilities - Audit trail: ogni chiamata esterna autenticata loggata (api.external_call) - SSO login loggato come auth.sso_login severity=warning con responsabilità Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:46:27 +01:00
DevEnv nis2-agile	07c1a71685	[MIGRATE] Migrazione a nis2.agile.software - Tutti i riferimenti nis2.certisource.it → nis2.agile.software - Apache vhost HTTP nis2.agile.software attivo su Hetzner - Script setup-nis2-agile-software.sh: certbot SSL + redirect da vecchio dominio - .env server: APP_URL aggiornato a https://nis2.agile.software - CLAUDE.md, docs commerciali, integrazioni, API docs aggiornati DNS da aggiungere in Cloudflare: nis2.agile.software A 135.181.149.254 (proxy OFF) Poi eseguire: bash /opt/devenv/scripts/setup-nis2-agile-software.sh Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:07:10 +01:00
DevEnv nis2-agile	874eabb6fc	[FEAT] Simulazioni Demo + Audit Trail Certificato SHA-256 - 5 scenari reali: Onboarding, Ransomware Art.23, Data Breach Supply Chain, Whistleblowing SCADA, Audit Hash Chain Verification - simulate-nis2.php: 3 aziende (DataCore/MedClinic/EnerNet), 10 fasi, CLI+SSE - AuditService.php: hash chain SHA-256 stile lg231 (prev_hash+entry_hash) - Migration 010: prev_hash, entry_hash, severity, performed_by su audit_logs - AuditController: GET chain-verify + GET export-certified - reset-demo.sql: reset dati demo idempotente - public/simulate.html: web runner SSE con console dark-theme - Sidebar: link Simulazione Demo + Integrazioni Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:56:53 +01:00
DevEnv nis2-agile	86e9bdded2	[FEAT] Services API, Webhook, Whistleblowing, Normative + integrazioni Sprint completo — prodotto presentation-ready: Services API (read-only, API Key + scope): - GET /api/services/status\|compliance-summary\|risks-feed\|incidents-feed - GET /api/services/controls-status\|assets-critical\|suppliers-risk\|policies-approved - GET /api/services/openapi (spec OpenAPI 3.0.3 JSON) Webhook Outbound (Stripe-like HMAC-SHA256): - CRUD api_keys + webhook_subscriptions (Settings → 2 nuovi tab) - WebhookService: retry 3x backoff (0s/5min/30min), delivery log - Trigger auto in IncidentController, RiskController, PolicyController - Delivery log, test ping, processRetry Nuovi moduli: - WhistleblowingController (Art.32 NIS2): anonimato garantito, timeline, token tracking - NormativeController: feed NIS2/ACN/DORA con ACK tracciato per audit Frontend: - whistleblowing.html: form submit anonimo/firmato + gestione CISO - normative.html: feed con presa visione documentata + progress bar ACK - public/docs/api.html: documentazione API dark theme (Swagger-like) - settings.html: tab API Keys + tab Webhook - integrations/: guide per lg231, SustainAI, AllRisk, SIEM (widget + codice) - Sidebar: Segnalazioni + Normative aggiunte a common.js DB: migration 007 (api_keys, webhook_subscriptions, webhook_deliveries), 008 (whistleblowing_reports + timeline), 009 (normative_updates + normative_ack + seed NIS2/ACN/DORA/ISO) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:20:24 +01:00
DevEnv nis2-agile	782389849f	[SEC+UX] Hardening sicurezza + miglioramenti UX pre-audit SICUREZZA: - index.php: rimosso CORS wildcard in debug mode (solo origini autorizzate) - AuthController: getClientIP() con X-Forwarded-For sicuro (proxy-aware) - AuthController: refresh token con SELECT FOR UPDATE in transazione atomica - AIService: anonimizzazione dati org nei prompt Anthropic API (no nome/fatturato) UX AUDIT-READY: - dashboard.html: gauge rinominato 'Avanzamento implementazione misure Art.21' - incidents.html: decision tree Art.23 con 5 criteri per 'Is Significant?' - policies.html: banner warning obbligatorio su bozze generate da AI - risks.html: tooltip dettagliati scala Likelihood/Impact (ISO 27005) - assessment.html: progress bar % completamento risposta domande DB: - migration 006: indici performance + audit_log immutabile (trigger) + soft delete Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:01:33 +01:00
DevEnv nis2-agile	7080695d06	[FEAT] Ruolo Consulente + Wizard Registrazione v2 - register.html: step 0 scelta profilo (Azienda / Consulente) - onboarding.html: wizard 4-step con P.IVA obbligatoria (auto-fetch CertiSource) - companies.html: nuova dashboard consulente con cards aziende e compliance score - common.js: org-switcher sidebar + role labels corretti per consulente - login.html: routing post-login (consulente → companies.html) - api.js: isConsultant(), setUserRole(), register con user_type - AuthController: user_type=consultant → role=consultant in users table - OnboardingController: multi-org per consulente, duplicate VAT check - 005_consultant_support.sql: aggiunge 'consultant' a user_organizations.role ENUM Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 08:53:30 +01:00
Cristiano Benassati	4e3408e9f6	[FEAT] Visura auto-fill, adesione volontaria, modulo NCR/CAPA 1. Fix auto-fill visura: mapping corretto suggested_sector e employees_range, indicatori visivi verdi sui campi auto-compilati, fatturato sempre manuale 2. Adesione volontaria: colonna voluntary_compliance, checkbox in onboarding step 5 quando not_applicable, toggle in settings, reset su ri-classificazione 3. Modulo NCR/CAPA: NonConformityController con 10 endpoint API, tabelle non_conformities + capa_actions, generazione NCR dai gap assessment, predisposizione integrazione SistemiG.agile (webhook + sync) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-18 08:12:57 +01:00
Cristiano Benassati	6f4b457ce0	[FEAT] Add EmailService, RateLimitService, ReportService + integrations Services: - EmailService: CSIRT notifications (24h/72h/30d), training alerts, welcome email - RateLimitService: File-based rate limiting for auth and AI endpoints - ReportService: Executive HTML report, CSV exports (risks/incidents/controls/assets) Integrations: - AuthController: Rate limiting on login (5/min, 20/h) and register (3/10min) - IncidentController: Email notifications on CSIRT milestones - AuditController: Executive report and CSV export endpoints - Router: 429 rate limit error handling, new audit export routes Database: - Migration 002: email_log table for notification tracking Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 19:12:46 +01:00
Cristiano Benassati	9aa2788c68	[FEAT] Add onboarding wizard with visura camerale and CertiSource integration - New 5-step onboarding wizard (onboarding.html) replacing setup-org.html - Step 1: Choose data source (Upload Visura / CertiSource / Manual) - Step 2: PDF upload with AI extraction or CertiSource P.IVA lookup - Step 3: Verify/complete company data with NIS2 sector mapping - Step 4: User profile completion - Step 5: NIS2 classification (Essential/Important) with summary - OnboardingController with upload-visura, fetch-company, complete endpoints - VisuraService with Claude AI PDF extraction and ATECO-to-NIS2 mapping - CertiSource API integration for automatic company data retrieval - Updated login/register redirects to point to new onboarding wizard Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 19:01:34 +01:00
Cristiano Benassati	c03d22ea48	[FIX] Deploy fixes - Auth header passthrough, dashboard query, landing page - Add Authorization header passthrough in .htaccess for PHP-FPM - Remove invalid 'severity' column query from DashboardController - Add landing page (index.html) with feature overview Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 18:08:43 +01:00
Cristiano Benassati	ae78a2f7f4	[CORE] Initial project scaffold - NIS2 Agile Compliance Platform Complete MVP implementation including: - PHP 8.4 backend with Front Controller pattern (80+ API endpoints) - Multi-tenant architecture with organization_id isolation - JWT authentication (HS256, 2h access + 7d refresh tokens) - 14 controllers: Auth, Organization, Assessment, Dashboard, Risk, Incident, Policy, SupplyChain, Training, Asset, Audit, Admin - AI Service integration (Anthropic Claude API) for gap analysis, risk suggestions, policy generation, incident classification - NIS2 gap analysis questionnaire (~80 questions, 10 categories) - MySQL schema (20 tables) with NIS2 Art. 21 compliance controls - NIS2 Art. 23 incident reporting workflow (24h/72h/30d) - Frontend: login, register, dashboard, assessment wizard, org setup - Docker configuration (PHP-FPM + Nginx + MySQL) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 17:50:18 +01:00

46 Commits