AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74 Commits 1 Branch 0 Tags 2.9 MiB
6cf1cd7384
Commit Graph

74 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
DevEnv nis2-agile
a56401f5a9 [DOCS] CLAUDE.md: aggiunta migration 006 + data 2026-02-20 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 12:13:11 +01:00
DevEnv nis2-agile
f5884b32d3 [FIX] Migration 006: usa stored procedure per indici condizionali 
Compatibilita' MySQL 8.0: rimosso CREATE INDEX IF NOT EXISTS,
rimosso DELIMITER per trigger (incompatibile con pipe stdin).
Migration semplificata con solo CREATE INDEX e ALTER TABLE IF NOT EXISTS.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 12:08:44 +01:00
DevEnv nis2-agile
a5eb84108a [FIX] Migration 006: usa stored procedure per indici condizionali 
Compatibilita' MySQL 8.0: CREATE INDEX IF NOT EXISTS non supportato,
uso procedura helper con check su information_schema.statistics

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 12:05:04 +01:00
DevEnv nis2-agile
18dec35380 [FIX] Migration 006: fix sintassi CREATE INDEX per MySQL 8.0 
Sostituito ALTER TABLE ADD INDEX IF NOT EXISTS con CREATE INDEX IF NOT EXISTS
per compatibilita' MySQL 8.0.x

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 12:04:16 +01:00
DevEnv nis2-agile
782389849f [SEC+UX] Hardening sicurezza + miglioramenti UX pre-audit 
SICUREZZA:
- index.php: rimosso CORS wildcard in debug mode (solo origini autorizzate)
- AuthController: getClientIP() con X-Forwarded-For sicuro (proxy-aware)
- AuthController: refresh token con SELECT FOR UPDATE in transazione atomica
- AIService: anonimizzazione dati org nei prompt Anthropic API (no nome/fatturato)

UX AUDIT-READY:
- dashboard.html: gauge rinominato 'Avanzamento implementazione misure Art.21'
- incidents.html: decision tree Art.23 con 5 criteri per 'Is Significant?'
- policies.html: banner warning obbligatorio su bozze generate da AI
- risks.html: tooltip dettagliati scala Likelihood/Impact (ISO 27005)
- assessment.html: progress bar % completamento risposta domande

DB:
- migration 006: indici performance + audit_log immutabile (trigger) + soft delete

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 12:01:33 +01:00
DevEnv nis2-agile
0e78ec24c1 [FIX] i18n funzionante + bug audit.html + help system 
- common.js: aggiunto i18nKey a navItems, data-i18n su sezioni e voci
  sidebar → toggle IT/EN ora traduce la navigazione in tempo reale
- Tutte e 10 le pagine HTML: aggiunto data-i18n="*.title" agli h2
  (dashboard, assessment, risks, incidents, policies, supply-chain,
  training, assets, reports, settings)
- FIX BUG: sidebar puntava ad audit.html (inesistente) → corretto
  in reports.html
- HelpSystem: funziona correttamente in tutte le 10 pagine
  (content-header-actions presente, init() chiamato)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 11:17:04 +01:00
DevEnv nis2-agile
a53b4beb37 [CORE] Housekeeping: CLAUDE.md allineato, docker hardening, gitignore 
- CLAUDE.md: aggiunto NonConformityController, companies.html, architecture.html,
  i18n.js, help.js, SQL 003-005, 22 tabelle, endpoint NCR/CAPA, API base path
  aggiornato a /api/... (post-subdomain), cronologia commit aggiornata
- docker-compose.yml: mem_limit (app 256m, web 128m, db 512m) + DB port
  binding su 127.0.0.1 per sicurezza
- .gitignore: aggiunti docker/*.bak* e .claude/memory/
- Eliminati file backup temporanei docker-compose.yml.bak.*

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 11:09:04 +01:00
DevEnv nis2-agile
7080695d06 [FEAT] Ruolo Consulente + Wizard Registrazione v2 
- register.html: step 0 scelta profilo (Azienda / Consulente)
- onboarding.html: wizard 4-step con P.IVA obbligatoria (auto-fetch CertiSource)
- companies.html: nuova dashboard consulente con cards aziende e compliance score
- common.js: org-switcher sidebar + role labels corretti per consulente
- login.html: routing post-login (consulente → companies.html)
- api.js: isConsultant(), setUserRole(), register con user_type
- AuthController: user_type=consultant → role=consultant in users table
- OnboardingController: multi-org per consulente, duplicate VAT check
- 005_consultant_support.sql: aggiunge 'consultant' a user_organizations.role ENUM

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 08:53:30 +01:00
DevEnv nis2-agile
ba21534e6a [DEPLOY] Migrazione a subdomain nis2.certisource.it 
Rimozione prefisso /nis2/ da tutti i path frontend e router:
- index.php: basePath '' (da '/nis2')
- api.js: baseUrl '/api' (da '/nis2/api')
- Tutti i file HTML: path assoluti senza prefisso /nis2/

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-19 14:05:18 +01:00
Cristiano Benassati
92f9366ef4 Merge branch 'main' of https://git.certisource.it/AdminGit2026/nis2-agile 2026-02-18 17:22:19 +01:00
Cristiano Benassati
d3eac7ce38 [CORE] Rimosso credenziali da CLAUDE.md + aggiunto docs/DB_ACCESS.md 
Password DB e token Gitea rimossi dal file tracciato, creato DB_ACCESS.md dedicato.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 17:21:57 +01:00
DFM Dev
a0fd54353c [CORE] Aggiunto settings Claude Code con permessi ampi per operativita autonoma 2026-02-18 08:31:27 +00:00
Cristiano Benassati
0a73983cba [FIX] Dockerignore: allow docker/php.ini for build context 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 09:17:52 +01:00
DFM Dev
4bd2326910 [CORE] Aggiunto integrazione agile-services: istruzioni + CLAUDE.md aggiornato 2026-02-18 08:05:36 +00:00
Cristiano Benassati
52fd45fac9 [FEAT] i18n IT/EN, Help Online contestuale, pagina Architettura 
- i18n.js: sistema traduzioni IT/EN con ~150 chiavi, localStorage, data-i18n
- help.js: help contestuale per 10 pagine con riferimenti NIS2
- architecture.html: descrizione architettura sistema completa
- common.js: language toggle sidebar (IT/EN), link Architettura, icone
- Integrato i18n + help in tutte le 14 pagine app + 3 admin

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 08:34:37 +01:00
Cristiano Benassati
4e3408e9f6 [FEAT] Visura auto-fill, adesione volontaria, modulo NCR/CAPA 
1. Fix auto-fill visura: mapping corretto suggested_sector e employees_range,
   indicatori visivi verdi sui campi auto-compilati, fatturato sempre manuale
2. Adesione volontaria: colonna voluntary_compliance, checkbox in onboarding
   step 5 quando not_applicable, toggle in settings, reset su ri-classificazione
3. Modulo NCR/CAPA: NonConformityController con 10 endpoint API,
   tabelle non_conformities + capa_actions, generazione NCR dai gap assessment,
   predisposizione integrazione SistemiG.agile (webhook + sync)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 08:12:57 +01:00
Cristiano Benassati
517cab76a5 [FIX] Fix annual_turnover field name in setup-org.html 
Legacy org setup page was sending annual_turnover instead of
annual_turnover_eur to classify and create endpoints.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 19:49:57 +01:00
Cristiano Benassati
68f8cab0bf [POLISH] Docker setup fix + UI polish + project completion 
- Fix Docker: add php.ini, correct env var names (DB_NAME/DB_USER/DB_PASS),
  add 002_email_log.sql to initdb, add Authorization header passthrough,
  add uploads volume, install opcache, create .dockerignore
- UI polish: page fade-in transitions, skeleton loader CSS, staggered card
  animations, mobile sidebar backdrop overlay, keyboard focus-visible styles,
  button loading state, tooltip system, alert banners, tab component,
  custom scrollbar, print styles, clickable table rows
- Add setButtonLoading() and _toggleSidebar() helpers to common.js
- Update CLAUDE.md to reflect 100% project completion

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 19:48:11 +01:00
Cristiano Benassati
bcc5a2b003 [FIX] E2E testing - fix router, EmailService, frontend data mapping 
Critical fixes discovered during end-to-end testing:

Router (index.php):
- Rewrote route resolution engine to properly handle /{id}/subAction patterns
- All routes like GET /assessments/{id}/questions, POST /incidents/{id}/early-warning,
  GET /organizations/{id}/members now resolve correctly
- Routes with kebab-case sub-actions (early-warning, ai-analyze) now convert to camelCase
- Controller methods receive correct arguments via spread operator

EmailService.php:
- Fix PHP parse error: ?? operator cannot be used inside string interpolation {}
- Extract incident_code to variable before interpolation (3 occurrences)

assessment.html:
- Fix data structure handling: API returns categories with nested questions array
- Fix field names: question_code (not question_id), response_value (not compliance_level)
- Fix answer enum values: not_implemented/partial/implemented (not Italian)
- Fix question text field: question_text (not text/question/title)
- Show NIS2 article and ISO 27001 control references
- Fix response restoration from existing answers

dashboard.html:
- Fix data mapping from overview API response structure
- risks.total instead of open_risks, policies array instead of approved_policies
- Calculate training completion percentage from training object
- Load deadlines/activity from dedicated endpoints (not included in overview)

onboarding.html:
- Fix field name mismatches: annual_turnover_eur, contact_email, contact_phone,
  full_name, phone (matching OnboardingController expected params)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 19:40:26 +01:00
Cristiano Benassati
6f4b457ce0 [FEAT] Add EmailService, RateLimitService, ReportService + integrations 
Services:
- EmailService: CSIRT notifications (24h/72h/30d), training alerts, welcome email
- RateLimitService: File-based rate limiting for auth and AI endpoints
- ReportService: Executive HTML report, CSV exports (risks/incidents/controls/assets)

Integrations:
- AuthController: Rate limiting on login (5/min, 20/h) and register (3/10min)
- IncidentController: Email notifications on CSIRT milestones
- AuditController: Executive report and CSV export endpoints
- Router: 429 rate limit error handling, new audit export routes

Database:
- Migration 002: email_log table for notification tracking

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 19:12:46 +01:00
Cristiano Benassati
9aa2788c68 [FEAT] Add onboarding wizard with visura camerale and CertiSource integration 
- New 5-step onboarding wizard (onboarding.html) replacing setup-org.html
- Step 1: Choose data source (Upload Visura / CertiSource / Manual)
- Step 2: PDF upload with AI extraction or CertiSource P.IVA lookup
- Step 3: Verify/complete company data with NIS2 sector mapping
- Step 4: User profile completion
- Step 5: NIS2 classification (Essential/Important) with summary
- OnboardingController with upload-visura, fetch-company, complete endpoints
- VisuraService with Claude AI PDF extraction and ATECO-to-NIS2 mapping
- CertiSource API integration for automatic company data retrieval
- Updated login/register redirects to point to new onboarding wizard

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 19:01:34 +01:00
Cristiano Benassati
73e78ea6b4 [FEAT] Add all frontend pages - complete UI for NIS2 platform 
- risks.html: Risk register with 5x5 matrix heatmap, treatments, AI suggest
- incidents.html: Incident management with NIS2 Art.23 timeline (24h/72h/30d)
- policies.html: Policy management with templates, approval workflow, AI generate
- supply-chain.html: Supplier registry with 10-question security assessment
- training.html: Courses, assignments, compliance status tracking
- assets.html: Asset inventory with dependency mapping
- reports.html: Compliance report, controls, audit log, ISO 27001 mapping
- settings.html: Organization, profile, members, security settings
- admin/index.html: Platform admin dashboard with stats
- admin/organizations.html: Organization management for super_admin
- admin/users.html: User management for super_admin

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 18:46:03 +01:00
Cristiano Benassati
c03d22ea48 [FIX] Deploy fixes - Auth header passthrough, dashboard query, landing page 
- Add Authorization header passthrough in .htaccess for PHP-FPM
- Remove invalid 'severity' column query from DashboardController
- Add landing page (index.html) with feature overview

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 18:08:43 +01:00
Cristiano Benassati
ae78a2f7f4 [CORE] Initial project scaffold - NIS2 Agile Compliance Platform 
Complete MVP implementation including:
- PHP 8.4 backend with Front Controller pattern (80+ API endpoints)
- Multi-tenant architecture with organization_id isolation
- JWT authentication (HS256, 2h access + 7d refresh tokens)
- 14 controllers: Auth, Organization, Assessment, Dashboard, Risk,
  Incident, Policy, SupplyChain, Training, Asset, Audit, Admin
- AI Service integration (Anthropic Claude API) for gap analysis,
  risk suggestions, policy generation, incident classification
- NIS2 gap analysis questionnaire (~80 questions, 10 categories)
- MySQL schema (20 tables) with NIS2 Art. 21 compliance controls
- NIS2 Art. 23 incident reporting workflow (24h/72h/30d)
- Frontend: login, register, dashboard, assessment wizard, org setup
- Docker configuration (PHP-FPM + Nginx + MySQL)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 17:50:18 +01:00