nis2-agile

AdminGit2026/nis2-agile

Author	SHA1	Message	Date
DevEnv nis2-agile	1382530189	[FEAT] Sistema Segnalazioni & Risoluzione AI (feedback) Adattato da alltax.it — il sistema più maturo testato con utenti reali. Backend: - FeedbackController: 6 endpoint (submit, mine, list, show, update, resolve) - FeedbackService: createReport + classifyWithAI + broadcastResolution - AIService::classifyFeedback() — 10s timeout, 500 token, JSON puro - EmailService::sendFeedbackResolved() — broadcast email org - DB migration 014: tabella feedback_reports Frontend: - feedback.js: FAB rosso #EF4444, modal 2 fasi (form → AI → password gate) - Tab "Le mie segnalazioni" con badge status - Auto-init su tutte le pagine autenticate (common.js::checkAuth) - api.js: 6 metodi client; style.css: stili completi Worker: - scripts/feedback-worker.php: cron ogni 30 min → docker exec nis2-agile-devenv + Claude Code CLI → risoluzione autonoma con POST /api/feedback/{id}/resolve Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-10 08:51:52 +01:00
DevEnv nis2-agile	19a9e5622d	[FEAT] L4 AI Cross-Analysis — analisi aggregata multi-org per consulenti - CrossAnalysisController.php: analyze/history/portfolio (k-anonymity min 2 org) - AIService::crossOrgAnalysis(): aggregazione 9 dimensioni, zero PII nel prompt - cross-analysis.html: chat UI purple theme, 3 tab, quick questions, portfolio stats - index.php: routing /api/cross-analysis/{analyze,history,portfolio} - common.js: link "AI Cross-Analysis" in sidebar sezione Gestione - docs/AI_LEVELS_SCHEMA.md: schema architetturale L1-L5 con matrice privacy Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 08:17:53 +01:00
DevEnv nis2-agile	89fd201bc2	[AI+HELP+I18N] Help workflow, traduzioni IT/EN, schema 5 livelli AI - help.js: aggiunta sezione workflow (Compliance Journey) + pageMap entry - i18n.js: 16 chiavi IT/EN per workflow (fasi, stati, etichette) - docs/AI_LEVELS_SCHEMA.md: schema architettura 5 livelli AI con privacy matrix L1 Guida (safe), L2 Operativo, L3 Aziendale (anonimizzato), L4 Cross-Org (k-anonymity), L5 Normativo Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 08:05:36 +01:00
DevEnv nis2-agile	3e8f24eb49	[FEAT] Compliance Journey — workflow visivo 6 fasi NIS2 - workflow.html: roadmap orizzontale 6 fasi (Preparazione→Valutazione→Rischi→Implementazione→Monitoraggio→Reportistica) - Dati reali da 9 API in parallelo (assessment, rischi, policy, asset, fornitori, formazione, controlli) - Auto-selezione fase attiva + dettaglio step con metriche live - Banner "prossima azione consigliata" contestuale - Aggiunto link "Compliance Journey" nella sidebar (sezione Principale) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 07:54:15 +01:00
DevEnv nis2-agile	ab0e3755f4	[BACKEND] Completa backend: validate-invite, lookup-piva, ruoli, SIM-06 AuthController: - register() accetta `role` diretto (compliance_manager, org_admin, auditor, board_member, consultant) - Aggiunto validateInvite() → POST /api/auth/validate-invite (no auth) OnboardingController: - Aggiunto lookupPiva() → POST /api/onboarding/lookup-piva (no auth, rate limit 10/min) usato da register.html per P.IVA lookup pre-login Router (index.php): - Aggiunto POST:validateInvite e POST:lookupPiva api.js: - register() invia sia `role` che `user_type` per retrocompatibilità simulate-nis2.php: - SIM-06: B2B provisioning via X-Provision-Secret → org + JWT + API Key - Filtro NIS2_SIM=SIM06 via goto per skip SIM-01→05 indipendenti - readEnvValue() helper per leggere PROVISION_SECRET da .env register.html: - lookupPiva usa /onboarding/lookup-piva (endpoint pubblico) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 17:23:16 +01:00
DevEnv nis2-agile	5ecdce7d47	[INTEG] Pagina integrazioni esterne + spec lg231↔NIS2 - public/integrazioniext.html: pagina pubblica con 4 tab (Services API, Guida lg231, Webhook, Quick Start) — link in sidebar - docs/integration/lg231-nis2-integration.md: spec tecnica completa per agente Claude lg231 (provider-config, Nis2Client, widget, escalation OdV) - common.js: voce sidebar → integrazioniext.html Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:43:59 +01:00
DevEnv nis2-agile	874eabb6fc	[FEAT] Simulazioni Demo + Audit Trail Certificato SHA-256 - 5 scenari reali: Onboarding, Ransomware Art.23, Data Breach Supply Chain, Whistleblowing SCADA, Audit Hash Chain Verification - simulate-nis2.php: 3 aziende (DataCore/MedClinic/EnerNet), 10 fasi, CLI+SSE - AuditService.php: hash chain SHA-256 stile lg231 (prev_hash+entry_hash) - Migration 010: prev_hash, entry_hash, severity, performed_by su audit_logs - AuditController: GET chain-verify + GET export-certified - reset-demo.sql: reset dati demo idempotente - public/simulate.html: web runner SSE con console dark-theme - Sidebar: link Simulazione Demo + Integrazioni Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:56:53 +01:00
DevEnv nis2-agile	86e9bdded2	[FEAT] Services API, Webhook, Whistleblowing, Normative + integrazioni Sprint completo — prodotto presentation-ready: Services API (read-only, API Key + scope): - GET /api/services/status\|compliance-summary\|risks-feed\|incidents-feed - GET /api/services/controls-status\|assets-critical\|suppliers-risk\|policies-approved - GET /api/services/openapi (spec OpenAPI 3.0.3 JSON) Webhook Outbound (Stripe-like HMAC-SHA256): - CRUD api_keys + webhook_subscriptions (Settings → 2 nuovi tab) - WebhookService: retry 3x backoff (0s/5min/30min), delivery log - Trigger auto in IncidentController, RiskController, PolicyController - Delivery log, test ping, processRetry Nuovi moduli: - WhistleblowingController (Art.32 NIS2): anonimato garantito, timeline, token tracking - NormativeController: feed NIS2/ACN/DORA con ACK tracciato per audit Frontend: - whistleblowing.html: form submit anonimo/firmato + gestione CISO - normative.html: feed con presa visione documentata + progress bar ACK - public/docs/api.html: documentazione API dark theme (Swagger-like) - settings.html: tab API Keys + tab Webhook - integrations/: guide per lg231, SustainAI, AllRisk, SIEM (widget + codice) - Sidebar: Segnalazioni + Normative aggiunte a common.js DB: migration 007 (api_keys, webhook_subscriptions, webhook_deliveries), 008 (whistleblowing_reports + timeline), 009 (normative_updates + normative_ack + seed NIS2/ACN/DORA/ISO) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:20:24 +01:00
DevEnv nis2-agile	1bfca3fbe3	[DOCS+I18N] Guida aggiornata, i18n idle timeout, 3 documenti commerciali - help.js: aggiornate sezioni per idle timeout, banner AI dismissible, matrice rischi real-time - i18n.js: aggiunte 5 chiavi session.* per idle timeout (IT/EN) - common.js: _showIdleWarning() usa I18n.t() per testi IT/EN - docs/commercial/scheda-commerciale.html: scheda A4 stampabile (problema/soluzione, moduli, AI, target) - docs/commercial/scheda-tecnica.html: specifiche stack, architettura, API, DB, sicurezza, deploy - docs/commercial/presentazione.html: presentazione 10 slide completa (contesto, moduli, AI, compliance, ROI, roadmap) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:43:17 +01:00
DevEnv nis2-agile	59fad22c0e	[UX+SEC] Eccellenza pre-audit: idle timeout, loading states, i18n, UX polish - common.js: idle session timeout 30min con avviso countdown 5min prima del logout - common.js: checkAuth() attiva automaticamente il monitor di inattività - api.js: messaggi errore connessione usano i18n (IT/EN) tramite I18n.t() - risks.html: saveRisk() e aiSuggest() con setButtonLoading durante salvataggio - risks.html: deleteRisk() ricarica la matrice se si è in matrix view - incidents.html: createIncident() con setButtonLoading durante registrazione - policies.html: savePolicy() e saveAIGeneratedPolicy() con setButtonLoading - policies.html: banner AI-draft con pulsante X per dismissione Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:25:52 +01:00
DevEnv nis2-agile	0e78ec24c1	[FIX] i18n funzionante + bug audit.html + help system - common.js: aggiunto i18nKey a navItems, data-i18n su sezioni e voci sidebar → toggle IT/EN ora traduce la navigazione in tempo reale - Tutte e 10 le pagine HTML: aggiunto data-i18n="*.title" agli h2 (dashboard, assessment, risks, incidents, policies, supply-chain, training, assets, reports, settings) - FIX BUG: sidebar puntava ad audit.html (inesistente) → corretto in reports.html - HelpSystem: funziona correttamente in tutte le 10 pagine (content-header-actions presente, init() chiamato) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 11:17:04 +01:00
DevEnv nis2-agile	7080695d06	[FEAT] Ruolo Consulente + Wizard Registrazione v2 - register.html: step 0 scelta profilo (Azienda / Consulente) - onboarding.html: wizard 4-step con P.IVA obbligatoria (auto-fetch CertiSource) - companies.html: nuova dashboard consulente con cards aziende e compliance score - common.js: org-switcher sidebar + role labels corretti per consulente - login.html: routing post-login (consulente → companies.html) - api.js: isConsultant(), setUserRole(), register con user_type - AuthController: user_type=consultant → role=consultant in users table - OnboardingController: multi-org per consulente, duplicate VAT check - 005_consultant_support.sql: aggiunge 'consultant' a user_organizations.role ENUM Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 08:53:30 +01:00
DevEnv nis2-agile	ba21534e6a	[DEPLOY] Migrazione a subdomain nis2.certisource.it Rimozione prefisso /nis2/ da tutti i path frontend e router: - index.php: basePath '' (da '/nis2') - api.js: baseUrl '/api' (da '/nis2/api') - Tutti i file HTML: path assoluti senza prefisso /nis2/ Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-19 14:05:18 +01:00
Cristiano Benassati	52fd45fac9	[FEAT] i18n IT/EN, Help Online contestuale, pagina Architettura - i18n.js: sistema traduzioni IT/EN con ~150 chiavi, localStorage, data-i18n - help.js: help contestuale per 10 pagine con riferimenti NIS2 - architecture.html: descrizione architettura sistema completa - common.js: language toggle sidebar (IT/EN), link Architettura, icone - Integrato i18n + help in tutte le 14 pagine app + 3 admin Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-18 08:34:37 +01:00
Cristiano Benassati	4e3408e9f6	[FEAT] Visura auto-fill, adesione volontaria, modulo NCR/CAPA 1. Fix auto-fill visura: mapping corretto suggested_sector e employees_range, indicatori visivi verdi sui campi auto-compilati, fatturato sempre manuale 2. Adesione volontaria: colonna voluntary_compliance, checkbox in onboarding step 5 quando not_applicable, toggle in settings, reset su ri-classificazione 3. Modulo NCR/CAPA: NonConformityController con 10 endpoint API, tabelle non_conformities + capa_actions, generazione NCR dai gap assessment, predisposizione integrazione SistemiG.agile (webhook + sync) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-18 08:12:57 +01:00
Cristiano Benassati	68f8cab0bf	[POLISH] Docker setup fix + UI polish + project completion - Fix Docker: add php.ini, correct env var names (DB_NAME/DB_USER/DB_PASS), add 002_email_log.sql to initdb, add Authorization header passthrough, add uploads volume, install opcache, create .dockerignore - UI polish: page fade-in transitions, skeleton loader CSS, staggered card animations, mobile sidebar backdrop overlay, keyboard focus-visible styles, button loading state, tooltip system, alert banners, tab component, custom scrollbar, print styles, clickable table rows - Add setButtonLoading() and _toggleSidebar() helpers to common.js - Update CLAUDE.md to reflect 100% project completion Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 19:48:11 +01:00
Cristiano Benassati	6f4b457ce0	[FEAT] Add EmailService, RateLimitService, ReportService + integrations Services: - EmailService: CSIRT notifications (24h/72h/30d), training alerts, welcome email - RateLimitService: File-based rate limiting for auth and AI endpoints - ReportService: Executive HTML report, CSV exports (risks/incidents/controls/assets) Integrations: - AuthController: Rate limiting on login (5/min, 20/h) and register (3/10min) - IncidentController: Email notifications on CSIRT milestones - AuditController: Executive report and CSV export endpoints - Router: 429 rate limit error handling, new audit export routes Database: - Migration 002: email_log table for notification tracking Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 19:12:46 +01:00
Cristiano Benassati	9aa2788c68	[FEAT] Add onboarding wizard with visura camerale and CertiSource integration - New 5-step onboarding wizard (onboarding.html) replacing setup-org.html - Step 1: Choose data source (Upload Visura / CertiSource / Manual) - Step 2: PDF upload with AI extraction or CertiSource P.IVA lookup - Step 3: Verify/complete company data with NIS2 sector mapping - Step 4: User profile completion - Step 5: NIS2 classification (Essential/Important) with summary - OnboardingController with upload-visura, fetch-company, complete endpoints - VisuraService with Claude AI PDF extraction and ATECO-to-NIS2 mapping - CertiSource API integration for automatic company data retrieval - Updated login/register redirects to point to new onboarding wizard Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 19:01:34 +01:00
Cristiano Benassati	ae78a2f7f4	[CORE] Initial project scaffold - NIS2 Agile Compliance Platform Complete MVP implementation including: - PHP 8.4 backend with Front Controller pattern (80+ API endpoints) - Multi-tenant architecture with organization_id isolation - JWT authentication (HS256, 2h access + 7d refresh tokens) - 14 controllers: Auth, Organization, Assessment, Dashboard, Risk, Incident, Policy, SupplyChain, Training, Asset, Audit, Admin - AI Service integration (Anthropic Claude API) for gap analysis, risk suggestions, policy generation, incident classification - NIS2 gap analysis questionnaire (~80 questions, 10 categories) - MySQL schema (20 tables) with NIS2 Art. 21 compliance controls - NIS2 Art. 23 incident reporting workflow (24h/72h/30d) - Frontend: login, register, dashboard, assessment wizard, org setup - Docker configuration (PHP-FPM + Nginx + MySQL) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 17:50:18 +01:00

19 Commits