nis2-agile

AdminGit2026/nis2-agile

Fork 0

Commit Graph

Author	SHA1	Message	Date
DevEnv nis2-agile	a3f821122a	[FIX] Supply chain: coerenza risk_score + submit atomico (findings review) Bug #1 (semantica): submitPublicQuestionnaire scriveva risk_score=100-score (rischio) e sovrascriveva criticality, divergendo da assessSupplier (risk_score=compliance, alto=buono). Ora: risk_score=score (compliance), security_requirements_met (soglia 70) settato, criticality NON toccata (è la criticità del fornitore, non l'esito questionario). Bug #4 (atomicita): UPDATE ... WHERE status='sent' + rowCount()==0 -> 409. Due submit concorrenti con lo stesso token non completano due volte. Verificato E2E: submit 201 (score 94 -> risk_score=94, sec_req_met=1, criticality=high invariata), re-submit -> 409. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-05-30 11:56:20 +02:00
DevEnv nis2-agile	172d9270e6	[FIX] SupplyChain: aggiunti i 5 metodi self-assessment (Edit precedente rifiutato per file non letto) sendQuestionnaire/publicQuestionnaire/submitPublicQuestionnaire/questionnaireStatus/resolveQuestionnaire. Test E2E prod: send 201 -> public GET 200 -> submit 201 (score 61) -> re-submit 409 -> suppliers.risk_score=39. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-05-30 10:39:24 +02:00
Cristiano Benassati	ae78a2f7f4	[CORE] Initial project scaffold - NIS2 Agile Compliance Platform Complete MVP implementation including: - PHP 8.4 backend with Front Controller pattern (80+ API endpoints) - Multi-tenant architecture with organization_id isolation - JWT authentication (HS256, 2h access + 7d refresh tokens) - 14 controllers: Auth, Organization, Assessment, Dashboard, Risk, Incident, Policy, SupplyChain, Training, Asset, Audit, Admin - AI Service integration (Anthropic Claude API) for gap analysis, risk suggestions, policy generation, incident classification - NIS2 gap analysis questionnaire (~80 questions, 10 categories) - MySQL schema (20 tables) with NIS2 Art. 21 compliance controls - NIS2 Art. 23 incident reporting workflow (24h/72h/30d) - Frontend: login, register, dashboard, assessment wizard, org setup - Docker configuration (PHP-FPM + Nginx + MySQL) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 17:50:18 +01:00

Author

SHA1

Message

Date

DevEnv nis2-agile

a3f821122a

[FIX] Supply chain: coerenza risk_score + submit atomico (findings review)

Bug #1 (semantica): submitPublicQuestionnaire scriveva risk_score=100-score (rischio) e
sovrascriveva criticality, divergendo da assessSupplier (risk_score=compliance, alto=buono).
Ora: risk_score=score (compliance), security_requirements_met (soglia 70) settato, criticality
NON toccata (è la criticità del fornitore, non l'esito questionario).
Bug #4 (atomicita): UPDATE ... WHERE status='sent' + rowCount()==0 -> 409. Due submit concorrenti
con lo stesso token non completano due volte.
Verificato E2E: submit 201 (score 94 -> risk_score=94, sec_req_met=1, criticality=high invariata),
re-submit -> 409.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-05-30 11:56:20 +02:00

DevEnv nis2-agile

172d9270e6

[FIX] SupplyChain: aggiunti i 5 metodi self-assessment (Edit precedente rifiutato per file non letto)

sendQuestionnaire/publicQuestionnaire/submitPublicQuestionnaire/questionnaireStatus/resolveQuestionnaire.
Test E2E prod: send 201 -> public GET 200 -> submit 201 (score 61) -> re-submit 409 -> suppliers.risk_score=39.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-05-30 10:39:24 +02:00

Cristiano Benassati

ae78a2f7f4

[CORE] Initial project scaffold - NIS2 Agile Compliance Platform

Complete MVP implementation including:
- PHP 8.4 backend with Front Controller pattern (80+ API endpoints)
- Multi-tenant architecture with organization_id isolation
- JWT authentication (HS256, 2h access + 7d refresh tokens)
- 14 controllers: Auth, Organization, Assessment, Dashboard, Risk,
  Incident, Policy, SupplyChain, Training, Asset, Audit, Admin
- AI Service integration (Anthropic Claude API) for gap analysis,
  risk suggestions, policy generation, incident classification
- NIS2 gap analysis questionnaire (~80 questions, 10 categories)
- MySQL schema (20 tables) with NIS2 Art. 21 compliance controls
- NIS2 Art. 23 incident reporting workflow (24h/72h/30d)
- Frontend: login, register, dashboard, assessment wizard, org setup
- Docker configuration (PHP-FPM + Nginx + MySQL)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-17 17:50:18 +01:00

3 Commits