nis2-agile

AdminGit2026/nis2-agile

Fork 0

Commit Graph

Author	SHA1	Message	Date
DevEnv nis2-agile	782389849f	[SEC+UX] Hardening sicurezza + miglioramenti UX pre-audit SICUREZZA: - index.php: rimosso CORS wildcard in debug mode (solo origini autorizzate) - AuthController: getClientIP() con X-Forwarded-For sicuro (proxy-aware) - AuthController: refresh token con SELECT FOR UPDATE in transazione atomica - AIService: anonimizzazione dati org nei prompt Anthropic API (no nome/fatturato) UX AUDIT-READY: - dashboard.html: gauge rinominato 'Avanzamento implementazione misure Art.21' - incidents.html: decision tree Art.23 con 5 criteri per 'Is Significant?' - policies.html: banner warning obbligatorio su bozze generate da AI - risks.html: tooltip dettagliati scala Likelihood/Impact (ISO 27005) - assessment.html: progress bar % completamento risposta domande DB: - migration 006: indici performance + audit_log immutabile (trigger) + soft delete Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:01:33 +01:00
Cristiano Benassati	ae78a2f7f4	[CORE] Initial project scaffold - NIS2 Agile Compliance Platform Complete MVP implementation including: - PHP 8.4 backend with Front Controller pattern (80+ API endpoints) - Multi-tenant architecture with organization_id isolation - JWT authentication (HS256, 2h access + 7d refresh tokens) - 14 controllers: Auth, Organization, Assessment, Dashboard, Risk, Incident, Policy, SupplyChain, Training, Asset, Audit, Admin - AI Service integration (Anthropic Claude API) for gap analysis, risk suggestions, policy generation, incident classification - NIS2 gap analysis questionnaire (~80 questions, 10 categories) - MySQL schema (20 tables) with NIS2 Art. 21 compliance controls - NIS2 Art. 23 incident reporting workflow (24h/72h/30d) - Frontend: login, register, dashboard, assessment wizard, org setup - Docker configuration (PHP-FPM + Nginx + MySQL) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 17:50:18 +01:00

Author

SHA1

Message

Date

DevEnv nis2-agile

782389849f

[SEC+UX] Hardening sicurezza + miglioramenti UX pre-audit

SICUREZZA:
- index.php: rimosso CORS wildcard in debug mode (solo origini autorizzate)
- AuthController: getClientIP() con X-Forwarded-For sicuro (proxy-aware)
- AuthController: refresh token con SELECT FOR UPDATE in transazione atomica
- AIService: anonimizzazione dati org nei prompt Anthropic API (no nome/fatturato)

UX AUDIT-READY:
- dashboard.html: gauge rinominato 'Avanzamento implementazione misure Art.21'
- incidents.html: decision tree Art.23 con 5 criteri per 'Is Significant?'
- policies.html: banner warning obbligatorio su bozze generate da AI
- risks.html: tooltip dettagliati scala Likelihood/Impact (ISO 27005)
- assessment.html: progress bar % completamento risposta domande

DB:
- migration 006: indici performance + audit_log immutabile (trigger) + soft delete

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-02-20 12:01:33 +01:00

Cristiano Benassati

ae78a2f7f4

[CORE] Initial project scaffold - NIS2 Agile Compliance Platform

Complete MVP implementation including:
- PHP 8.4 backend with Front Controller pattern (80+ API endpoints)
- Multi-tenant architecture with organization_id isolation
- JWT authentication (HS256, 2h access + 7d refresh tokens)
- 14 controllers: Auth, Organization, Assessment, Dashboard, Risk,
  Incident, Policy, SupplyChain, Training, Asset, Audit, Admin
- AI Service integration (Anthropic Claude API) for gap analysis,
  risk suggestions, policy generation, incident classification
- NIS2 gap analysis questionnaire (~80 questions, 10 categories)
- MySQL schema (20 tables) with NIS2 Art. 21 compliance controls
- NIS2 Art. 23 incident reporting workflow (24h/72h/30d)
- Frontend: login, register, dashboard, assessment wizard, org setup
- Docker configuration (PHP-FPM + Nginx + MySQL)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-17 17:50:18 +01:00

2 Commits