1. Fix auto-fill visura: mapping corretto suggested_sector e employees_range,
indicatori visivi verdi sui campi auto-compilati, fatturato sempre manuale
2. Adesione volontaria: colonna voluntary_compliance, checkbox in onboarding
step 5 quando not_applicable, toggle in settings, reset su ri-classificazione
3. Modulo NCR/CAPA: NonConformityController con 10 endpoint API,
tabelle non_conformities + capa_actions, generazione NCR dai gap assessment,
predisposizione integrazione SistemiG.agile (webhook + sync)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Critical fixes discovered during end-to-end testing:
Router (index.php):
- Rewrote route resolution engine to properly handle /{id}/subAction patterns
- All routes like GET /assessments/{id}/questions, POST /incidents/{id}/early-warning,
GET /organizations/{id}/members now resolve correctly
- Routes with kebab-case sub-actions (early-warning, ai-analyze) now convert to camelCase
- Controller methods receive correct arguments via spread operator
EmailService.php:
- Fix PHP parse error: ?? operator cannot be used inside string interpolation {}
- Extract incident_code to variable before interpolation (3 occurrences)
assessment.html:
- Fix data structure handling: API returns categories with nested questions array
- Fix field names: question_code (not question_id), response_value (not compliance_level)
- Fix answer enum values: not_implemented/partial/implemented (not Italian)
- Fix question text field: question_text (not text/question/title)
- Show NIS2 article and ISO 27001 control references
- Fix response restoration from existing answers
dashboard.html:
- Fix data mapping from overview API response structure
- risks.total instead of open_risks, policies array instead of approved_policies
- Calculate training completion percentage from training object
- Load deadlines/activity from dedicated endpoints (not included in overview)
onboarding.html:
- Fix field name mismatches: annual_turnover_eur, contact_email, contact_phone,
full_name, phone (matching OnboardingController expected params)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- New 5-step onboarding wizard (onboarding.html) replacing setup-org.html
- Step 1: Choose data source (Upload Visura / CertiSource / Manual)
- Step 2: PDF upload with AI extraction or CertiSource P.IVA lookup
- Step 3: Verify/complete company data with NIS2 sector mapping
- Step 4: User profile completion
- Step 5: NIS2 classification (Essential/Important) with summary
- OnboardingController with upload-visura, fetch-company, complete endpoints
- VisuraService with Claude AI PDF extraction and ATECO-to-NIS2 mapping
- CertiSource API integration for automatic company data retrieval
- Updated login/register redirects to point to new onboarding wizard
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add Authorization header passthrough in .htaccess for PHP-FPM
- Remove invalid 'severity' column query from DashboardController
- Add landing page (index.html) with feature overview
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
