AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
57 Commits 1 Branch 0 Tags 2.9 MiB
89fd201bc2
Commit Graph

11 Commits

Author SHA1 Message Date
DevEnv nis2-agile
3e8f24eb49 [FEAT] Compliance Journey — workflow visivo 6 fasi NIS2 
- workflow.html: roadmap orizzontale 6 fasi (Preparazione→Valutazione→Rischi→Implementazione→Monitoraggio→Reportistica)
- Dati reali da 9 API in parallelo (assessment, rischi, policy, asset, fornitori, formazione, controlli)
- Auto-selezione fase attiva + dettaglio step con metriche live
- Banner "prossima azione consigliata" contestuale
- Aggiunto link "Compliance Journey" nella sidebar (sezione Principale)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 07:54:15 +01:00
DevEnv nis2-agile
5ecdce7d47 [INTEG] Pagina integrazioni esterne + spec lg231↔NIS2 
- public/integrazioniext.html: pagina pubblica con 4 tab (Services API,
  Guida lg231, Webhook, Quick Start) — link in sidebar
- docs/integration/lg231-nis2-integration.md: spec tecnica completa
  per agente Claude lg231 (provider-config, Nis2Client, widget, escalation OdV)
- common.js: voce sidebar → integrazioniext.html

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-07 14:43:59 +01:00
DevEnv nis2-agile
874eabb6fc [FEAT] Simulazioni Demo + Audit Trail Certificato SHA-256 
- 5 scenari reali: Onboarding, Ransomware Art.23, Data Breach Supply Chain,
  Whistleblowing SCADA, Audit Hash Chain Verification
- simulate-nis2.php: 3 aziende (DataCore/MedClinic/EnerNet), 10 fasi, CLI+SSE
- AuditService.php: hash chain SHA-256 stile lg231 (prev_hash+entry_hash)
- Migration 010: prev_hash, entry_hash, severity, performed_by su audit_logs
- AuditController: GET chain-verify + GET export-certified
- reset-demo.sql: reset dati demo idempotente
- public/simulate.html: web runner SSE con console dark-theme
- Sidebar: link Simulazione Demo + Integrazioni

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-07 13:56:53 +01:00
DevEnv nis2-agile
86e9bdded2 [FEAT] Services API, Webhook, Whistleblowing, Normative + integrazioni 
Sprint completo — prodotto presentation-ready:

Services API (read-only, API Key + scope):
- GET /api/services/status|compliance-summary|risks-feed|incidents-feed
- GET /api/services/controls-status|assets-critical|suppliers-risk|policies-approved
- GET /api/services/openapi (spec OpenAPI 3.0.3 JSON)

Webhook Outbound (Stripe-like HMAC-SHA256):
- CRUD api_keys + webhook_subscriptions (Settings → 2 nuovi tab)
- WebhookService: retry 3x backoff (0s/5min/30min), delivery log
- Trigger auto in IncidentController, RiskController, PolicyController
- Delivery log, test ping, processRetry

Nuovi moduli:
- WhistleblowingController (Art.32 NIS2): anonimato garantito, timeline, token tracking
- NormativeController: feed NIS2/ACN/DORA con ACK tracciato per audit

Frontend:
- whistleblowing.html: form submit anonimo/firmato + gestione CISO
- normative.html: feed con presa visione documentata + progress bar ACK
- public/docs/api.html: documentazione API dark theme (Swagger-like)
- settings.html: tab API Keys + tab Webhook
- integrations/: guide per lg231, SustainAI, AllRisk, SIEM (widget + codice)
- Sidebar: Segnalazioni + Normative aggiunte a common.js

DB: migration 007 (api_keys, webhook_subscriptions, webhook_deliveries),
    008 (whistleblowing_reports + timeline),
    009 (normative_updates + normative_ack + seed NIS2/ACN/DORA/ISO)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-07 13:20:24 +01:00
DevEnv nis2-agile
1bfca3fbe3 [DOCS+I18N] Guida aggiornata, i18n idle timeout, 3 documenti commerciali 
- help.js: aggiornate sezioni per idle timeout, banner AI dismissible, matrice rischi real-time
- i18n.js: aggiunte 5 chiavi session.* per idle timeout (IT/EN)
- common.js: _showIdleWarning() usa I18n.t() per testi IT/EN
- docs/commercial/scheda-commerciale.html: scheda A4 stampabile (problema/soluzione, moduli, AI, target)
- docs/commercial/scheda-tecnica.html: specifiche stack, architettura, API, DB, sicurezza, deploy
- docs/commercial/presentazione.html: presentazione 10 slide completa (contesto, moduli, AI, compliance, ROI, roadmap)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 12:43:17 +01:00
DevEnv nis2-agile
59fad22c0e [UX+SEC] Eccellenza pre-audit: idle timeout, loading states, i18n, UX polish 
- common.js: idle session timeout 30min con avviso countdown 5min prima del logout
- common.js: checkAuth() attiva automaticamente il monitor di inattività
- api.js: messaggi errore connessione usano i18n (IT/EN) tramite I18n.t()
- risks.html: saveRisk() e aiSuggest() con setButtonLoading durante salvataggio
- risks.html: deleteRisk() ricarica la matrice se si è in matrix view
- incidents.html: createIncident() con setButtonLoading durante registrazione
- policies.html: savePolicy() e saveAIGeneratedPolicy() con setButtonLoading
- policies.html: banner AI-draft con pulsante X per dismissione

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 12:25:52 +01:00
DevEnv nis2-agile
0e78ec24c1 [FIX] i18n funzionante + bug audit.html + help system 
- common.js: aggiunto i18nKey a navItems, data-i18n su sezioni e voci
  sidebar → toggle IT/EN ora traduce la navigazione in tempo reale
- Tutte e 10 le pagine HTML: aggiunto data-i18n="*.title" agli h2
  (dashboard, assessment, risks, incidents, policies, supply-chain,
  training, assets, reports, settings)
- FIX BUG: sidebar puntava ad audit.html (inesistente) → corretto
  in reports.html
- HelpSystem: funziona correttamente in tutte le 10 pagine
  (content-header-actions presente, init() chiamato)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 11:17:04 +01:00
DevEnv nis2-agile
7080695d06 [FEAT] Ruolo Consulente + Wizard Registrazione v2 
- register.html: step 0 scelta profilo (Azienda / Consulente)
- onboarding.html: wizard 4-step con P.IVA obbligatoria (auto-fetch CertiSource)
- companies.html: nuova dashboard consulente con cards aziende e compliance score
- common.js: org-switcher sidebar + role labels corretti per consulente
- login.html: routing post-login (consulente → companies.html)
- api.js: isConsultant(), setUserRole(), register con user_type
- AuthController: user_type=consultant → role=consultant in users table
- OnboardingController: multi-org per consulente, duplicate VAT check
- 005_consultant_support.sql: aggiunge 'consultant' a user_organizations.role ENUM

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 08:53:30 +01:00
Cristiano Benassati
52fd45fac9 [FEAT] i18n IT/EN, Help Online contestuale, pagina Architettura 
- i18n.js: sistema traduzioni IT/EN con ~150 chiavi, localStorage, data-i18n
- help.js: help contestuale per 10 pagine con riferimenti NIS2
- architecture.html: descrizione architettura sistema completa
- common.js: language toggle sidebar (IT/EN), link Architettura, icone
- Integrato i18n + help in tutte le 14 pagine app + 3 admin

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 08:34:37 +01:00
Cristiano Benassati
68f8cab0bf [POLISH] Docker setup fix + UI polish + project completion 
- Fix Docker: add php.ini, correct env var names (DB_NAME/DB_USER/DB_PASS),
  add 002_email_log.sql to initdb, add Authorization header passthrough,
  add uploads volume, install opcache, create .dockerignore
- UI polish: page fade-in transitions, skeleton loader CSS, staggered card
  animations, mobile sidebar backdrop overlay, keyboard focus-visible styles,
  button loading state, tooltip system, alert banners, tab component,
  custom scrollbar, print styles, clickable table rows
- Add setButtonLoading() and _toggleSidebar() helpers to common.js
- Update CLAUDE.md to reflect 100% project completion

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 19:48:11 +01:00
Cristiano Benassati
ae78a2f7f4 [CORE] Initial project scaffold - NIS2 Agile Compliance Platform 
Complete MVP implementation including:
- PHP 8.4 backend with Front Controller pattern (80+ API endpoints)
- Multi-tenant architecture with organization_id isolation
- JWT authentication (HS256, 2h access + 7d refresh tokens)
- 14 controllers: Auth, Organization, Assessment, Dashboard, Risk,
  Incident, Policy, SupplyChain, Training, Asset, Audit, Admin
- AI Service integration (Anthropic Claude API) for gap analysis,
  risk suggestions, policy generation, incident classification
- NIS2 gap analysis questionnaire (~80 questions, 10 categories)
- MySQL schema (20 tables) with NIS2 Art. 21 compliance controls
- NIS2 Art. 23 incident reporting workflow (24h/72h/30d)
- Frontend: login, register, dashboard, assessment wizard, org setup
- Docker configuration (PHP-FPM + Nginx + MySQL)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 17:50:18 +01:00