AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
150 Commits 1 Branch 0 Tags 12 MiB
5413730b00
Commit Graph

22 Commits

Author SHA1 Message Date
DevEnv nis2-agile
80055bc4ce [FIX] OpenAPI: 4 endpoint inbound (incidents/evidence/assets ingest + controls-monitoring) + tag Ingestion 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-05-30 10:04:57 +02:00
DevEnv nis2-agile
4924075142 [FEAT] Asset import CMDB/cloud + scoring automatico GV.OC-04 (P2) 
- AssetScoringService::inferCriteria: euristica 6 criteri da campi CMDB
  (criticality, data_classification, internet_facing, dependencies, regulated)
- AssetController::import (JWT org_admin/compliance_manager) + bulkUpsert condiviso:
  upsert dedup su external_ref, scoring auto GV.OC-04, max 1000 asset/batch
- ServicesController::ingestAssets -> POST /services/assets-ingest (scope ingest:assets) per connettori CMDB/cloud
- Migrazione 025: assets += external_ref + discovery_source + indice univoco dedup
- Route POST:assetsIngest (services) + POST:import (assets)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-05-30 09:14:12 +02:00
DevEnv nis2-agile
307993fbad [FEAT] Evidence Automation + Continuous Control Monitoring (P1) 
Colma il gap competitivo vs Vanta/Drata (compliance automation):
- ServicesController::ingestEvidence -> POST /services/evidence-ingest (scope ingest:evidence)
  raccolta evidenze automatiche dai connettori (M365/Google/AWS/Azure/IdP/EDR/SIEM), batch fino a 200, upsert idempotente su external_ref
- recomputeControlMonitoring: ricalcolo monitoring_status (healthy/warning/stale/failing) per freschezza+esito
- controlsMonitoring -> GET /services/controls-monitoring (scope read:compliance): coverage + summary semafori
- Migrazione 024: tabella control_evidence_auto + compliance_controls.{monitoring_status,last_checked_at,freshness_days}
- Route POST:evidenceIngest, GET:controlsMonitoring

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-05-30 08:55:26 +02:00
DevEnv nis2-agile
21909994c2 [FEAT] Ingestion incidenti SIEM/SOC/EDR (P1) -> endpoint /services/incidents-ingest 
- ServicesController::ingestIncident: crea incidente Art.23 da alert esterno (scope ingest:incidents)
- Dedup su external_ref (org+ref), mapSeverity (CVSS/P1-P5/stringhe -> enum)
- Classificazione AI best-effort (classifyIncident: IS-1..4, severity, significativita)
- Deadline Art.23 (24h/72h/30g) su incidenti significativi + webhook dispatch
- Migrazione 023: incidents += source/source_system/external_ref + indice univoco dedup
- Route POST:incidentsIngest in index.php

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-05-30 08:41:57 +02:00
DevEnv nis2-agile
56df54f8b1 [FEAT] Services API: full-snapshot endpoint + BigSim SSE wrapper 
- ServicesController: nuovo endpoint GET /api/services/full-snapshot
  Aggrega gap-analysis, measures, incidents, training, deadlines,
  compliance-summary in una sola chiamata (reduce 6 round-trip → 1)
  Parametro ?days=N per finestra deadlines (default 30, max 365)

- public/index.php: route GET:fullSnapshot aggiunta all'action map services

- public/simulate-nis2-big.php: wrapper SSE per simulate-nis2-big.php
  Esegue il simulatore come sottoprocesso CLI con NIS2_SSE=1 e
  streama l'output al browser tramite Server-Sent Events

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-17 15:16:00 +01:00
DevEnv nis2-agile
a122b49721 [FEAT] Services API: 5 nuovi endpoint lg231 (gap-analysis, measures, incidents, training, deadlines) 
- GET /services/gap-analysis — gap per dominio NIS2 Art.21 con mapping MOG 231 pillars
- GET /services/measures — compliance_controls con mog_area e nis2_article derivati
- GET /services/incidents — incidenti con Art.23 CSIRT compliance per step (24h/72h/30d)
- GET /services/training — corsi + completamento board (Art.20 compliance flag)
- GET /services/deadlines — scadenze aggregate da 4 sorgenti con ?days= filter

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-17 14:10:17 +01:00
DevEnv nis2-agile
cfaead6121 [FEAT] CertiSource atti-service.php integration: structured data, PAT auth, ATECO fix 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-17 14:07:16 +01:00
DevEnv nis2-agile
8578cb5c31 [FIX] ServicesController: query assessment_responses reale + NonConformityController: getPagination named keys 2026-03-09 10:22:40 +01:00
DevEnv nis2-agile
159d783ed7 [FIX] ServicesController: allineamento colonne DB reali (risk_level, contained_at, owner_name, company_name, category compliance_controls) 2026-03-09 10:20:43 +01:00
DevEnv nis2-agile
27ec63c28d [FIX] ServicesController: entity_type (nis2_entity_type col non esiste) + WebhookService risk.status null-safe 2026-03-09 10:14:30 +01:00
DevEnv nis2-agile
1602438aac [FIX] Simulazione: warning residui + provision JWT standard 
- ServicesController::provision(): JWT usa user_id (standard requireAuth)
- simulate-nis2.php: classifyOrg null-safe per entity_type
- simulate-nis2.php: completeOnboarding usa PUT /organizations/{id}
  invece di /onboarding/complete (evita 409 quando org già esiste)
- simulate-nis2.php: supplier.critical rimosso da $supDef (was extra field)
- EmailService: rimosso sent_at (non in email_log schema)
- WebhookService: status ?? 'detected' (null-safe)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 10:00:59 +01:00
DevEnv nis2-agile
13df162ec4 [FIX] SIM-06 + EmailService + WebhookService + supplier assessment 
- ServicesController::provision(): created_by usa userId (INT) non string
- EmailService::logEmail(): rimosso sent_at (colonna non esiste in email_log)
- WebhookService::incidentPayload(): status ?? 'detected' (null-safe)
- simulate-nis2.php: supplier assessment usa formato assessment_responses
  corretto [{question, weight, value: yes|partial|no}]

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 09:56:39 +01:00
DevEnv nis2-agile
ef8b7a90e4 [FIX] Simulator: P.IVA checksum + ServicesController: sectorMap + role enum 
- simulate-nis2.php: P.IVA demo corrette con checksum Luhn validi
  (09876543217, 07654321095, 05432109873, 99887766550)
- ServicesController::provision(): sectorMap rimappato a valori enum reali
  (es: 'energia'→'energy', 'finanza'→'banking', 'ict'→'ict_services')
- ServicesController::provision(): user_organizations.role 'super_admin'→'org_admin'
  (super_admin non è nel enum di user_organizations)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 09:38:02 +01:00
DevEnv nis2-agile
48317e0556 [FIX] Simulator + ServicesController: allineamento a schema DB reale 
simulate-nis2.php:
- sector: ict → ict_services, healthcare → health (enum DB corretto)
- employee_count (non employees_count) per OrganizationController

ServicesController::provision():
- INSERT organizations: rimossi campi non esistenti (legal_form, ateco_code, etc.)
- Usa colonne reali: name, vat_number, employee_count, sector, entity_type, is_active
- entity_type: voluntary → not_applicable (enum non supporta voluntary)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 09:30:20 +01:00
DevEnv nis2-agile
d51c365e46 [FIX] ServicesController + simulate-nis2: adatta a schema users reale (full_name, is_active) 
- ServicesController::provision(): INSERT users usa full_name/is_active (non first_name/last_name/status)
- ServicesController::ssoLogin(): stesso fix per SSO user creation
- simulate-nis2::ensureUser(): registration payload usa full_name (non first_name+last_name)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 09:09:07 +01:00
DevEnv nis2-agile
9ccf2a72b5 [FIX] Database::execute() → Database::query() in 5 controller 
Database non ha metodo execute() — corretto in:
InviteController, ServicesController, WebhookController,
NormativeController, WhistleblowingController.
Causa del HTTP 500 su tutti gli endpoint /api/invites/*.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-07 16:49:58 +01:00
DevEnv nis2-agile
cb0988da27 [LICENSE] Gestione licenze marketing + campi commerciali estesi 
- licenseExt.html: dashboard marketing per generare/gestire licenze
  Login JWT super_admin, stats strip (totali/usate/orgs/utenti),
  form genera con label/piano/durata/max-aziende/max-utenti/prezzo/reseller,
  lista paginata con filtri stato+canale, dettaglio modale, revoca/rigenera,
  export CSV e copia token/URL
- Migration 013: invites +max_users_per_org, +price_eur, +reseller_name
  organizations +license_max_users (da provisioning)
- InviteController::create() gestisce nuovi campi, validate() espone max_users_per_org
- ServicesController::provision() salva license_max_users nell'org

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-07 15:34:38 +01:00
DevEnv nis2-agile
612befd66d [INVITE] Sistema inviti/licenze B2B + provisioning con invite_token 
- InviteController: CRUD inviti (gen, list, show, revoke, rigenera, validate)
- Token inv_* sha256-hashed, one-shot o multi-use, canali, scadenza
- ServicesController::provision() accetta invite_token al posto di X-Provision-Secret
  Piano e durata forzati dall'invito, markUsed() chiaamto dopo provisioning riuscito
- index.php: routing /api/invites/* aggiunto (controller + action map)
- integrazioniext.html: nuovo tab "Inviti & Licenze" con flow completo, endpoints,
  esempi curl/php, guida lg231 aggiornata con sezione provisioning automatico

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-07 15:22:25 +01:00
DevEnv nis2-agile
6933e1d3fb [INTEG] Provisioning B2B automatico + fix JWT helpers 
- POST /api/services/provision: onboarding automatico tenant da lg231
  - X-Provision-Secret auth (master secret, non org-specific)
  - Crea org (con tutti i dati lg231: P.IVA, ATECO, sede, PEC, fatturato)
  - Crea admin user con password temporanea (must_change_password=1)
  - Genera API Key scope [read:all, write:all, admin:org, sso:login]
  - Emette JWT 2h per apertura immediata UI
  - Callback webhook a lg231 con api_key
  - Idempotent: stessa P.IVA → restituisce org esistente
  - Audit: org.provisioned severity=critical
- config.php: PROVISION_SECRET (env var)
- BaseController: base64UrlEncode/Decode da private → protected
- Migration 011: colonne provisioning + must_change_password + indexes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-07 15:02:11 +01:00
DevEnv nis2-agile
1f534db33a [INTEG] Token exchange + SSO federato + Audit trail chiamate esterne 
ServicesController:
- POST /api/services/token: lg231 invia API key → riceve JWT 15min
- POST /api/services/sso: SSO federato con identità utente + responsabilità
  → crea/trova utente NIS2 + emette JWT 2h con ruolo e responsibilities
- Audit trail: ogni chiamata esterna autenticata loggata (api.external_call)
- SSO login loggato come auth.sso_login severity=warning con responsabilità

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-07 14:46:27 +01:00
DevEnv nis2-agile
07c1a71685 [MIGRATE] Migrazione a nis2.agile.software 
- Tutti i riferimenti nis2.certisource.it → nis2.agile.software
- Apache vhost HTTP nis2.agile.software attivo su Hetzner
- Script setup-nis2-agile-software.sh: certbot SSL + redirect da vecchio dominio
- .env server: APP_URL aggiornato a https://nis2.agile.software
- CLAUDE.md, docs commerciali, integrazioni, API docs aggiornati

DNS da aggiungere in Cloudflare: nis2.agile.software A 135.181.149.254 (proxy OFF)
Poi eseguire: bash /opt/devenv/scripts/setup-nis2-agile-software.sh

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-07 14:07:10 +01:00
DevEnv nis2-agile
86e9bdded2 [FEAT] Services API, Webhook, Whistleblowing, Normative + integrazioni 
Sprint completo — prodotto presentation-ready:

Services API (read-only, API Key + scope):
- GET /api/services/status|compliance-summary|risks-feed|incidents-feed
- GET /api/services/controls-status|assets-critical|suppliers-risk|policies-approved
- GET /api/services/openapi (spec OpenAPI 3.0.3 JSON)

Webhook Outbound (Stripe-like HMAC-SHA256):
- CRUD api_keys + webhook_subscriptions (Settings → 2 nuovi tab)
- WebhookService: retry 3x backoff (0s/5min/30min), delivery log
- Trigger auto in IncidentController, RiskController, PolicyController
- Delivery log, test ping, processRetry

Nuovi moduli:
- WhistleblowingController (Art.32 NIS2): anonimato garantito, timeline, token tracking
- NormativeController: feed NIS2/ACN/DORA con ACK tracciato per audit

Frontend:
- whistleblowing.html: form submit anonimo/firmato + gestione CISO
- normative.html: feed con presa visione documentata + progress bar ACK
- public/docs/api.html: documentazione API dark theme (Swagger-like)
- settings.html: tab API Keys + tab Webhook
- integrations/: guide per lg231, SustainAI, AllRisk, SIEM (widget + codice)
- Sidebar: Segnalazioni + Normative aggiunte a common.js

DB: migration 007 (api_keys, webhook_subscriptions, webhook_deliveries),
    008 (whistleblowing_reports + timeline),
    009 (normative_updates + normative_ack + seed NIS2/ACN/DORA/ISO)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-07 13:20:24 +01:00