AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
nis2-agile/public/docs/testing-simulazione.html
DevEnv nis2-agile ca8f077a7a [DOCS] Pagina documentazione Testing & Simulazione 
Pagina HTML standalone che descrive:
- Test Runner (L1-L6, SSE streaming, token auth, comandi speciali)
- Simulazione Demo (6 scenari SIM-01→06, 3 aziende, architettura)
- Worker Feedback AI (cron, flow, configurazione)
- URL di accesso, credenziali, reset dati demo

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 09:40:27 +01:00

790 lines
41 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>NIS2 Agile — Sistema di Testing & Simulazione</title>
<style>
:root {
--primary: #06b6d4;
--green: #22c55e;
--red: #ef4444;
--yellow: #f59e0b;
--purple: #8b5cf6;
--orange: #f97316;
--dark: #0f172a;
--card: #1e293b;
--border: #334155;
--text: #e2e8f0;
--muted: #94a3b8;
}
* { box-sizing: border-box; margin: 0; padding: 0; }
body {
background: var(--dark);
color: var(--text);
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', system-ui, sans-serif;
line-height: 1.6;
}
/* ── Header ── */
.header {
background: linear-gradient(135deg, #0c4a6e 0%, #0e7490 100%);
padding: 48px;
border-bottom: 1px solid #0e7490;
}
.header-inner { max-width: 1100px; margin: 0 auto; }
.header h1 { font-size: 2rem; font-weight: 800; color: #fff; margin-bottom: 8px; }
.header p { color: #7dd3fc; font-size: 1rem; max-width: 640px; }
.badge-row { margin-top: 20px; display: flex; flex-wrap: wrap; gap: 8px; }
.badge {
display: inline-block; padding: 4px 14px; border-radius: 20px;
font-size: 0.75rem; font-weight: 700;
}
.badge-cyan { background: rgba(6,182,212,.2); color: #67e8f9; border: 1px solid rgba(6,182,212,.3); }
.badge-green { background: rgba(34,197,94,.2); color: #86efac; border: 1px solid rgba(34,197,94,.3); }
.badge-purple { background: rgba(139,92,246,.2); color: #c4b5fd; border: 1px solid rgba(139,92,246,.3); }
/* ── Nav ── */
.nav {
background: #1e293b;
border-bottom: 1px solid var(--border);
position: sticky; top: 0; z-index: 100;
}
.nav-inner {
max-width: 1100px; margin: 0 auto;
display: flex; gap: 0; overflow-x: auto;
}
.nav a {
padding: 14px 20px; font-size: 0.875rem; font-weight: 600;
color: var(--muted); text-decoration: none; white-space: nowrap;
border-bottom: 2px solid transparent; transition: all .2s;
}
.nav a:hover { color: var(--text); background: rgba(255,255,255,.03); }
.nav a.active { color: var(--primary); border-bottom-color: var(--primary); }
/* ── Layout ── */
.main { max-width: 1100px; margin: 0 auto; padding: 48px 24px; }
section { margin-bottom: 64px; }
h2 {
font-size: 1.375rem; font-weight: 800; color: #fff;
margin-bottom: 24px; padding-bottom: 12px;
border-bottom: 1px solid var(--border);
display: flex; align-items: center; gap: 10px;
}
h2 .icon { font-size: 1.25rem; }
h3 { font-size: 1rem; font-weight: 700; color: #cbd5e1; margin-bottom: 12px; margin-top: 28px; }
p { color: #94a3b8; margin-bottom: 12px; }
/* ── Cards ── */
.card {
background: var(--card); border: 1px solid var(--border);
border-radius: 12px; padding: 24px; margin-bottom: 16px;
}
.card-title { font-size: 0.9375rem; font-weight: 700; color: #fff; margin-bottom: 6px; }
.card p { margin-bottom: 0; }
/* ── Grid ── */
.grid-2 { display: grid; grid-template-columns: 1fr 1fr; gap: 16px; }
.grid-3 { display: grid; grid-template-columns: repeat(3, 1fr); gap: 16px; }
@media (max-width: 768px) {
.grid-2, .grid-3 { grid-template-columns: 1fr; }
.header { padding: 32px 24px; }
.header h1 { font-size: 1.5rem; }
}
/* ── Level badges ── */
.level-badge {
display: inline-block; padding: 2px 10px; border-radius: 6px;
font-size: 0.7rem; font-weight: 800; font-family: monospace;
margin-right: 8px; vertical-align: middle;
}
.lv-l1 { background: rgba(6,182,212,.15); color: #67e8f9; border: 1px solid rgba(6,182,212,.3); }
.lv-l2 { background: rgba(139,92,246,.15); color: #c4b5fd; border: 1px solid rgba(139,92,246,.3); }
.lv-l3 { background: rgba(34,197,94,.15); color: #86efac; border: 1px solid rgba(34,197,94,.3); }
.lv-l4 { background: rgba(249,115,22,.15); color: #fdba74; border: 1px solid rgba(249,115,22,.3); }
.lv-l5 { background: rgba(245,158,11,.15); color: #fcd34d; border: 1px solid rgba(245,158,11,.3); }
.lv-l6 { background: rgba(236,72,153,.15); color: #f9a8d4; border: 1px solid rgba(236,72,153,.3); }
.lv-sim { background: rgba(239,68,68,.15); color: #fca5a5; border: 1px solid rgba(239,68,68,.3); }
.lv-infra { background: rgba(148,163,184,.15); color: #cbd5e1; border: 1px solid rgba(148,163,184,.3); }
/* ── Test table ── */
.test-table { width: 100%; border-collapse: collapse; font-size: 0.875rem; }
.test-table th {
text-align: left; padding: 10px 14px; font-size: 0.75rem; font-weight: 700;
color: var(--muted); text-transform: uppercase; letter-spacing: .05em;
border-bottom: 1px solid var(--border); background: rgba(255,255,255,.02);
}
.test-table td { padding: 10px 14px; border-bottom: 1px solid rgba(51,65,85,.5); color: #cbd5e1; }
.test-table tr:last-child td { border-bottom: none; }
.test-table tr:hover td { background: rgba(255,255,255,.02); }
/* ── Scenario cards ── */
.sim-card {
background: var(--card); border: 1px solid var(--border);
border-radius: 10px; padding: 20px; position: relative;
overflow: hidden;
}
.sim-card::before {
content: ''; position: absolute; top: 0; left: 0; right: 0; height: 3px;
}
.sim-card.cyan::before { background: linear-gradient(90deg, #06b6d4, #0891b2); }
.sim-card.orange::before { background: linear-gradient(90deg, #f97316, #ea580c); }
.sim-card.red::before { background: linear-gradient(90deg, #ef4444, #dc2626); }
.sim-card.purple::before { background: linear-gradient(90deg, #8b5cf6, #7c3aed); }
.sim-card.green::before { background: linear-gradient(90deg, #22c55e, #16a34a); }
.sim-card.yellow::before { background: linear-gradient(90deg, #f59e0b, #d97706); }
.sim-num { font-size: 0.7rem; font-weight: 800; color: var(--muted); margin-bottom: 6px; font-family: monospace; }
.sim-title { font-size: 0.9375rem; font-weight: 700; color: #fff; margin-bottom: 6px; }
.sim-desc { font-size: 0.8125rem; color: var(--muted); line-height: 1.5; }
.sim-steps { margin-top: 12px; padding-top: 12px; border-top: 1px solid var(--border); }
.sim-step { font-size: 0.75rem; color: #64748b; display: flex; gap: 8px; margin-bottom: 4px; }
.sim-step span { color: #94a3b8; }
/* ── Company pills ── */
.company-pill {
display: inline-flex; align-items: center; gap: 6px;
padding: 4px 12px; border-radius: 20px; font-size: 0.75rem; font-weight: 600;
border: 1px solid var(--border); background: rgba(255,255,255,.04);
margin: 3px;
}
.dot { width: 8px; height: 8px; border-radius: 50%; flex-shrink: 0; }
/* ── Code block ── */
.code-block {
background: #0f172a; border: 1px solid var(--border);
border-radius: 8px; padding: 16px 20px; font-family: 'Fira Code', 'Cascadia Code', monospace;
font-size: 0.8125rem; color: #93c5fd; overflow-x: auto;
margin: 12px 0;
}
.code-block .comment { color: #475569; }
.code-block .keyword { color: #67e8f9; }
.code-block .string { color: #86efac; }
.code-block .url { color: #fcd34d; }
/* ── Alert ── */
.alert {
padding: 14px 18px; border-radius: 8px; font-size: 0.875rem;
display: flex; gap: 12px; align-items: flex-start; margin-bottom: 16px;
}
.alert-info { background: rgba(6,182,212,.08); border: 1px solid rgba(6,182,212,.2); color: #7dd3fc; }
.alert-warning { background: rgba(245,158,11,.08); border: 1px solid rgba(245,158,11,.2); color: #fcd34d; }
.alert-success { background: rgba(34,197,94,.08); border: 1px solid rgba(34,197,94,.2); color: #86efac; }
/* ── URL button ── */
.url-btn {
display: inline-flex; align-items: center; gap: 8px;
background: rgba(6,182,212,.1); border: 1px solid rgba(6,182,212,.3);
color: #67e8f9; padding: 10px 18px; border-radius: 8px;
text-decoration: none; font-size: 0.875rem; font-weight: 600;
transition: all .2s; margin-right: 8px; margin-bottom: 8px;
}
.url-btn:hover { background: rgba(6,182,212,.2); border-color: #06b6d4; }
.url-btn-red {
background: rgba(239,68,68,.1); border-color: rgba(239,68,68,.3); color: #fca5a5;
}
.url-btn-red:hover { background: rgba(239,68,68,.2); }
/* ── Stats strip ── */
.stats-strip { display: flex; gap: 16px; flex-wrap: wrap; margin-bottom: 24px; }
.stat-box {
background: var(--card); border: 1px solid var(--border);
border-radius: 10px; padding: 16px 24px; text-align: center; flex: 1; min-width: 100px;
}
.stat-num { font-size: 2rem; font-weight: 800; }
.stat-lbl { font-size: 0.75rem; color: var(--muted); margin-top: 2px; }
/* ── Worker box ── */
.worker-flow {
display: flex; align-items: center; flex-wrap: wrap; gap: 0;
background: #0f172a; border: 1px solid var(--border);
border-radius: 10px; overflow: hidden; margin: 16px 0;
}
.wf-step {
padding: 14px 18px; font-size: 0.8125rem; flex: 1; min-width: 120px;
text-align: center; border-right: 1px solid var(--border);
}
.wf-step:last-child { border-right: none; }
.wf-step .wf-icon { font-size: 1.25rem; display: block; margin-bottom: 4px; }
.wf-step .wf-label { color: #cbd5e1; font-weight: 600; }
.wf-step .wf-sub { color: var(--muted); font-size: 0.725rem; margin-top: 2px; }
/* ── Credentials box ── */
.creds-box {
background: #0f172a; border: 1px solid var(--border);
border-radius: 8px; overflow: hidden;
}
.creds-row {
display: flex; gap: 0; border-bottom: 1px solid rgba(51,65,85,.5);
font-size: 0.8125rem;
}
.creds-row:last-child { border-bottom: none; }
.creds-key {
padding: 10px 16px; width: 200px; flex-shrink: 0;
color: var(--muted); font-weight: 600; border-right: 1px solid rgba(51,65,85,.5);
font-family: monospace; font-size: 0.75rem;
}
.creds-val {
padding: 10px 16px; color: #93c5fd; font-family: monospace; font-size: 0.75rem;
}
/* ── Footer ── */
footer {
background: #1e293b; border-top: 1px solid var(--border);
padding: 32px 48px; text-align: center; color: var(--muted); font-size: 0.875rem;
}
</style>
</head>
<body>
<!-- ── Header ── -->
<div class="header">
<div class="header-inner">
<div style="font-size:.8rem;color:#7dd3fc;margin-bottom:8px;font-weight:600;">
NIS2 Agile — Documentazione Tecnica
</div>
<h1>Sistema di Testing &amp; Simulazione</h1>
<p>Due strumenti integrati per verificare la correttezza della piattaforma e dimostrare scenari reali NIS2 in ambienti demo.</p>
<div class="badge-row">
<span class="badge badge-cyan">Test Runner v2 — 36+ test</span>
<span class="badge badge-green">Simulazione — 6 scenari</span>
<span class="badge badge-purple">3 aziende demo</span>
</div>
</div>
</div>
<!-- ── Nav ── -->
<nav class="nav">
<div class="nav-inner">
<a href="#panoramica" class="active">Panoramica</a>
<a href="#test-runner">Test Runner</a>
<a href="#simulazione">Simulazione</a>
<a href="#aziende-demo">Aziende Demo</a>
<a href="#worker">Worker Feedback</a>
<a href="#accesso">Accesso & URL</a>
<a href="#credenziali">Credenziali</a>
</div>
</nav>
<div class="main">
<!-- ── Panoramica ── -->
<section id="panoramica">
<h2><span class="icon">🧭</span> Panoramica</h2>
<p>NIS2 Agile dispone di due strumenti distinti ma complementari per la verifica della qualità e la dimostrazione delle funzionalità:</p>
<div class="grid-2">
<div class="card" style="border-color:rgba(6,182,212,.3);">
<div class="card-title" style="color:#67e8f9;">🧪 Test Runner</div>
<p>Suite di test automatizzati a 6 livelli che verifica ogni endpoint API con asserzioni precise. Accesso protetto da token, output streaming in tempo reale, reset dati integrato.</p>
<div style="margin-top:12px;">
<a href="https://nis2.agile.software/test-runner.php?t=Nis2Test2026" target="_blank" class="url-btn">Apri Test Runner →</a>
</div>
</div>
<div class="card" style="border-color:rgba(34,197,94,.3);">
<div class="card-title" style="color:#86efac;">🎬 Simulazione Demo</div>
<p>Costruisce dati realistici attraverso le API reali (nessun INSERT SQL diretto) simulando 3 aziende con settori e complessità diversi su 6 scenari NIS2 reali.</p>
<div style="margin-top:12px;">
<a href="https://nis2.agile.software/simulate.html" target="_blank" class="url-btn">Apri Simulatore →</a>
</div>
</div>
</div>
<div class="alert alert-info">
<span></span>
<div>I due sistemi sono progettati per lavorare in sequenza: prima si esegue la <strong>simulazione</strong> per creare i dati demo, poi il <strong>test runner</strong> per verificare che tutto funzioni correttamente. Il pulsante "Reset + Simula + Testa Tutto" li esegue entrambi in automatico.</div>
</div>
</section>
<!-- ── Test Runner ── -->
<section id="test-runner">
<h2><span class="icon">🧪</span> Test Runner</h2>
<p>Il Test Runner è un'applicazione PHP (<code>public/test-runner.php</code>) che espone una UI web dark-theme con streaming SSE dei risultati in tempo reale. I test sono organizzati in <strong>6 livelli funzionali</strong> più un livello infrastrutturale.</p>
<div class="stats-strip">
<div class="stat-box"><div class="stat-num" style="color:#67e8f9;">36+</div><div class="stat-lbl">Test totali</div></div>
<div class="stat-box"><div class="stat-num" style="color:#86efac;">6</div><div class="stat-lbl">Livelli</div></div>
<div class="stat-box"><div class="stat-num" style="color:#c4b5fd;">SSE</div><div class="stat-lbl">Output streaming</div></div>
<div class="stat-box"><div class="stat-num" style="color:#fcd34d;">JWT</div><div class="stat-lbl">Auth token-based</div></div>
</div>
<h3>Livelli di Test</h3>
<div class="card" style="padding:0; overflow:hidden;">
<table class="test-table">
<thead>
<tr>
<th>Livello</th>
<th>Nome</th>
<th>Cosa verifica</th>
<th>Dipendenze</th>
</tr>
</thead>
<tbody>
<tr>
<td><span class="level-badge lv-infra">INFRA</span></td>
<td>Health &amp; Smoke</td>
<td>API status, endpoint rapidi, connettività DB</td>
<td></td>
</tr>
<tr>
<td><span class="level-badge lv-l1">L1</span></td>
<td>Auth &amp; JWT</td>
<td>Login, register, JWT access/refresh, change-password, rate limiting</td>
<td></td>
</tr>
<tr>
<td><span class="level-badge lv-l2">L2</span></td>
<td>Multi-Tenant Isolation</td>
<td>Isolamento dati tra organizzazioni diverse, cross-org protection</td>
<td>SIM-01</td>
</tr>
<tr>
<td><span class="level-badge lv-l3">L3</span></td>
<td>Compliance Core</td>
<td>Assessment, rischi, incidenti, policy, supply chain, asset, training, NCR/CAPA</td>
<td>SIM-01</td>
</tr>
<tr>
<td><span class="level-badge lv-l4">L4</span></td>
<td>B2B &amp; Services API</td>
<td>X-API-Key auth, scopes (read:all, admin:licenses), invite lifecycle, webhook delivery</td>
<td>SIM-01, SIM-06</td>
</tr>
<tr>
<td><span class="level-badge lv-l5">L5</span></td>
<td>Export &amp; Reports</td>
<td>CSV export (rischi/incidenti/asset/controlli), report HTML, audit executive</td>
<td>SIM-01</td>
</tr>
<tr>
<td><span class="level-badge lv-l6">L6</span></td>
<td>AI Features</td>
<td>Cross-org portfolio analysis, AI classify incident, AI suggest risk, normative feed</td>
<td>SIM-01, consultant user</td>
</tr>
<tr>
<td><span class="level-badge lv-sim">SIM</span></td>
<td>Simulazioni</td>
<td>Esecuzione completa SIM-01→06 con output dettagliato</td>
<td>Demo users nel DB</td>
</tr>
</tbody>
</table>
</div>
<h3>Accesso e autenticazione</h3>
<p>Il Test Runner è protetto da un token di sessione configurato come costante PHP:</p>
<div class="code-block">
<span class="comment">// Primo accesso — passa il token come query string</span>
<span class="url">https://nis2.agile.software/test-runner.php?t=Nis2Test2026</span>
<span class="comment">// Sessioni successive — il token è memorizzato in $_SESSION</span>
<span class="url">https://nis2.agile.software/test-runner.php</span>
</div>
<h3>Output streaming (SSE)</h3>
<p>I test vengono eseguiti come comandi bash su server. I risultati vengono trasmessi in tempo reale tramite <strong>Server-Sent Events</strong> al browser. Ogni test mostra:</p>
<div class="grid-2">
<div class="card"><div class="card-title" style="color:#86efac;">✓ PASS</div><p>Il comando ha restituito exit code 0 e l'output atteso.</p></div>
<div class="card"><div class="card-title" style="color:#fca5a5;">✗ FAIL</div><p>Il comando ha restituito errore o output non corrispondente.</p></div>
<div class="card"><div class="card-title" style="color:#fcd34d;">⚠ SKIP</div><p>Dipendenza mancante (utente demo non creato, SIM non eseguita).</p></div>
<div class="card"><div class="card-title" style="color:#f97316;">⚡ WARN</div><p>Il test è passato ma con avvertimenti non bloccanti.</p></div>
</div>
<h3>Comandi speciali</h3>
<div class="card">
<table class="test-table">
<thead><tr><th>Comando</th><th>Funzione</th></tr></thead>
<tbody>
<tr><td><span class="level-badge lv-infra">Verifica Hash Chain</span></td><td>Esegue <code>simulate-nis2.php --sim=SIM05</code> per verificare integrità SHA-256 del audit trail</td></tr>
<tr><td><span class="level-badge lv-infra">Reset Dati Demo</span></td><td>Esegue <code>reset-demo.sql</code> — cancella org/utenti con id&gt;4 e email <code>%.demo%</code></td></tr>
<tr><td><span class="level-badge lv-infra">Full Suite L1→L6</span></td><td>Esegue tutti i 6 livelli in sequenza, con output cumulativo</td></tr>
<tr><td><span class="level-badge lv-infra">Reset + Simula + Testa</span></td><td>Pipeline completa: reset → SIM-01→06 → Full Suite L1→L6</td></tr>
<tr><td><span class="level-badge lv-infra">DB Stats</span></td><td>Conta record per tabella via endpoint JSON</td></tr>
</tbody>
</table>
</div>
</section>
<!-- ── Simulazione ── -->
<section id="simulazione">
<h2><span class="icon">🎬</span> Sistema di Simulazione</h2>
<p>Il simulatore (<code>simulate-nis2.php</code>) costruisce dati demo realistici <em>esclusivamente attraverso le API REST</em>, come farebbe un utente reale. Nessun INSERT SQL diretto: ogni operazione testa sia la logica di business che la persistenza dati.</p>
<div class="alert alert-warning">
<span>⚠️</span>
<div><strong>Idempotenza:</strong> se un'organizzazione demo esiste già (stessa P.IVA), lo step viene saltato silenziosamente (<code>SKIP idempotent</code>) senza errore. Per ripartire da zero usare prima il <strong>Reset Dati Demo</strong>.</div>
</div>
<h3>Utilizzo</h3>
<div class="code-block">
<span class="comment"># Via browser (SSE streaming con UI dark-theme)</span>
<span class="url">https://nis2.agile.software/simulate.html</span>
<span class="comment"># Via CLI sul server</span>
<span class="keyword">php</span> simulate-nis2.php <span class="comment"># tutti gli scenari</span>
<span class="keyword">php</span> simulate-nis2.php --sim=SIM02 <span class="comment"># solo SIM-02</span>
<span class="keyword">php</span> simulate-nis2.php --sim=SIM06 <span class="comment"># solo B2B (indipendente)</span>
<span class="comment"># Variabili d'ambiente opzionali</span>
<span class="keyword">NIS2_SIM</span>=SIM06 <span class="keyword">php</span> simulate-nis2.php <span class="comment"># alias env per --sim</span>
<span class="keyword">NIS2_API_BASE</span>=https://... <span class="keyword">php</span> simulate-nis2.php <span class="comment"># override URL API</span>
<span class="keyword">NIS2_DEMO_EMAIL</span>=test@... <span class="keyword">php</span> simulate-nis2.php <span class="comment"># redirect email demo</span>
</div>
<h3>I 6 Scenari</h3>
<div class="grid-2">
<div class="sim-card cyan">
<div class="sim-num">SIM-01</div>
<div class="sim-title">Onboarding + Gap Assessment</div>
<div class="sim-desc">Registra 3 aziende, completa l'onboarding multi-step, esegue il gap assessment completo con tutte le 80 domande Art.21 NIS2 per ogni organizzazione.</div>
<div class="sim-steps">
<div class="sim-step"><span>Registrazione + email welcome</span></div>
<div class="sim-step"><span>Setup org (settore, dipendenti, entity type)</span></div>
<div class="sim-step"><span>80 domande × 3 aziende (categorizzate per Art.21)</span></div>
<div class="sim-step"><span>Completamento assessment + score compliance</span></div>
</div>
</div>
<div class="sim-card orange">
<div class="sim-num">SIM-02</div>
<div class="sim-title">Incidente Ransomware Art.23</div>
<div class="sim-desc">Simula un attacco ransomware critico su DataCore S.r.l. con attivazione della timeline obbligatoria NIS2 (early warning 24h, notification 72h, final report 30d).</div>
<div class="sim-steps">
<div class="sim-step"><span>Creazione incidente severity=critical</span></div>
<div class="sim-step"><span>AI classify: categoria, suggerimenti, severity</span></div>
<div class="sim-step"><span>Early warning CSIRT (24h)</span></div>
<div class="sim-step"><span>Notification formale (72h) + final report (30d)</span></div>
</div>
</div>
<div class="sim-card red">
<div class="sim-num">SIM-03</div>
<div class="sim-title">Data Breach Supply Chain</div>
<div class="sim-desc">Fornitore IT di MedClinic compromesso: aggiunta fornitore critico, assessment sicurezza, attivazione incidente Art.23 parallelo con gestione supply chain.</div>
<div class="sim-steps">
<div class="sim-step"><span>Aggiunta fornitore risk=critical</span></div>
<div class="sim-step"><span>Security assessment fornitore</span></div>
<div class="sim-step"><span>Data breach incident con AI classification</span></div>
<div class="sim-step"><span>Risk register aggiornato automaticamente</span></div>
</div>
</div>
<div class="sim-card purple">
<div class="sim-num">SIM-04</div>
<div class="sim-title">Whistleblowing Anonimo SCADA</div>
<div class="sim-desc">Segnalazione anonima Art.32 NIS2 per accesso non autorizzato ai sistemi SCADA di EnerNet. Assegnazione investigatore, tracciamento timeline, chiusura con esito.</div>
<div class="sim-steps">
<div class="sim-step"><span>Submit anonimo (no auth, solo token tracking)</span></div>
<div class="sim-step"><span>Assegnazione a compliance manager</span></div>
<div class="sim-step"><span>Timeline investigazione (3 eventi)</span></div>
<div class="sim-step"><span>Chiusura con esito e verifica tracking anonimo</span></div>
</div>
</div>
<div class="sim-card green">
<div class="sim-num">SIM-05</div>
<div class="sim-title">Audit Trail Hash Chain</div>
<div class="sim-desc">Verifica l'integrità della catena SHA-256 dell'audit trail per tutte e 3 le organizzazioni. Rileva eventuali record manomessi e genera export certificato.</div>
<div class="sim-steps">
<div class="sim-step"><span>Fetch audit log con prev_hash + entry_hash</span></div>
<div class="sim-step"><span>Verifica catena SHA-256 record per record</span></div>
<div class="sim-step"><span>Report integrità: verified/tampered/gaps</span></div>
<div class="sim-step"><span>Export certificato JSON (con hash contenuto)</span></div>
</div>
</div>
<div class="sim-card yellow">
<div class="sim-num">SIM-06</div>
<div class="sim-title">B2B License Provisioning</div>
<div class="sim-desc">Provisioning automatico di una nuova organizzazione tramite invite token B2B. SSO federato, token exchange, creazione org + utente + API key in un'unica chiamata.</div>
<div class="sim-steps">
<div class="sim-step"><span>Creazione invite token (admin:licenses)</span></div>
<div class="sim-step"><span>POST /api/services/provision con X-Provision-Secret</span></div>
<div class="sim-step"><span>Org + user + api_key creati atomicamente</span></div>
<div class="sim-step"><span>Verifica scadenza licenza + SSO JWT exchange</span></div>
</div>
</div>
</div>
<h3>Architettura del simulatore</h3>
<p>Il simulatore mantiene uno <strong>stato globale</strong> <code>$S</code> durante l'esecuzione per tracciare JWT, org IDs e statistiche:</p>
<div class="code-block">
<span class="comment">// Stato globale simulazione (in-memory per sessione)</span>
$S = [
<span class="string">'jwt'</span> => [], <span class="comment">// ['email' => token]</span>
<span class="string">'orgs'</span> => [], <span class="comment">// ['slug' => ['id', 'name', 'jwt']]</span>
<span class="string">'users'</span> => [], <span class="comment">// ['email' => ['id', 'jwt']]</span>
<span class="string">'stats'</span> => [<span class="string">'pass'</span> => 0, <span class="string">'skip'</span> => 0, <span class="string">'fail'</span> => 0, <span class="string">'warn'</span> => 0],
];
</div>
</section>
<!-- ── Aziende Demo ── -->
<section id="aziende-demo">
<h2><span class="icon">🏢</span> Aziende Demo</h2>
<p>Le simulazioni creano 3 organizzazioni demo con caratteristiche diversificate per coprire i principali settori NIS2 e i diversi livelli di obblighi normativi:</p>
<div class="grid-3">
<div class="card" style="border-color:rgba(6,182,212,.3);">
<div style="display:flex;align-items:center;gap:10px;margin-bottom:12px;">
<div class="dot" style="background:#06b6d4;width:12px;height:12px;"></div>
<div class="card-title" style="color:#67e8f9;">DataCore S.r.l.</div>
</div>
<div style="font-size:0.8rem;color:#94a3b8;line-height:1.8;">
<div><strong style="color:#cbd5e1;">Settore:</strong> IT / Cloud &amp; Data Center</div>
<div><strong style="color:#cbd5e1;">Tipo:</strong> Essential Entity</div>
<div><strong style="color:#cbd5e1;">Dipendenti:</strong> 320</div>
<div><strong style="color:#cbd5e1;">Sede:</strong> Milano</div>
<div><strong style="color:#cbd5e1;">Scenari:</strong> SIM-01, SIM-02 (Ransomware)</div>
</div>
</div>
<div class="card" style="border-color:rgba(139,92,246,.3);">
<div style="display:flex;align-items:center;gap:10px;margin-bottom:12px;">
<div class="dot" style="background:#8b5cf6;width:12px;height:12px;"></div>
<div class="card-title" style="color:#c4b5fd;">MedClinic Italia S.p.A.</div>
</div>
<div style="font-size:0.8rem;color:#94a3b8;line-height:1.8;">
<div><strong style="color:#cbd5e1;">Settore:</strong> Sanità</div>
<div><strong style="color:#cbd5e1;">Tipo:</strong> Important Entity</div>
<div><strong style="color:#cbd5e1;">Dipendenti:</strong> 750</div>
<div><strong style="color:#cbd5e1;">Sede:</strong> Roma</div>
<div><strong style="color:#cbd5e1;">Scenari:</strong> SIM-01, SIM-03 (Supply Chain)</div>
</div>
</div>
<div class="card" style="border-color:rgba(34,197,94,.3);">
<div style="display:flex;align-items:center;gap:10px;margin-bottom:12px;">
<div class="dot" style="background:#22c55e;width:12px;height:12px;"></div>
<div class="card-title" style="color:#86efac;">EnerNet Distribuzione S.r.l.</div>
</div>
<div style="font-size:0.8rem;color:#94a3b8;line-height:1.8;">
<div><strong style="color:#cbd5e1;">Settore:</strong> Energia</div>
<div><strong style="color:#cbd5e1;">Tipo:</strong> Essential / Critical</div>
<div><strong style="color:#cbd5e1;">Dipendenti:</strong> 1.800</div>
<div><strong style="color:#cbd5e1;">Sede:</strong> Torino</div>
<div><strong style="color:#cbd5e1;">Scenari:</strong> SIM-01, SIM-04 (SCADA)</div>
</div>
</div>
</div>
<div class="alert alert-success">
<span></span>
<div>Tutti gli utenti demo usano la password <strong>NIS2Demo2026!</strong>. Le email vengono reindirizzate all'indirizzo configurato in <code>NIS2_DEMO_EMAIL</code> (default: <code>demo@nis2agile.it</code>).</div>
</div>
</section>
<!-- ── Worker Feedback ── -->
<section id="worker">
<h2><span class="icon">🤖</span> Worker Feedback AI</h2>
<p>Oltre ai test e alle simulazioni, la piattaforma include un <strong>worker autonomo</strong> per la risoluzione automatica delle segnalazioni utente tramite Claude AI.</p>
<div class="worker-flow">
<div class="wf-step">
<span class="wf-icon">🕐</span>
<div class="wf-label">Ogni 30 min</div>
<div class="wf-sub">cron root</div>
</div>
<div class="wf-step">
<span class="wf-icon">🔍</span>
<div class="wf-label">Fetch ticket</div>
<div class="wf-sub">status=in_lavorazione</div>
</div>
<div class="wf-step">
<span class="wf-icon">🤖</span>
<div class="wf-label">Claude Code CLI</div>
<div class="wf-sub">docker exec nis2-agile-devenv</div>
</div>
<div class="wf-step">
<span class="wf-icon"></span>
<div class="wf-label">POST /resolve</div>
<div class="wf-sub">con password gate</div>
</div>
<div class="wf-step">
<span class="wf-icon">📧</span>
<div class="wf-label">Email broadcast</div>
<div class="wf-sub">tutti i membri org</div>
</div>
</div>
<h3>Configurazione</h3>
<div class="creds-box">
<div class="creds-row">
<div class="creds-key">Script</div>
<div class="creds-val">scripts/feedback-worker.php</div>
</div>
<div class="creds-row">
<div class="creds-key">Crontab</div>
<div class="creds-val">*/30 * * * * /usr/bin/php8.4 /var/www/nis2-agile/scripts/feedback-worker.php</div>
</div>
<div class="creds-row">
<div class="creds-key">Log</div>
<div class="creds-val">/var/log/nis2/feedback-worker.log</div>
</div>
<div class="creds-row">
<div class="creds-key">Account worker</div>
<div class="creds-val">worker@nis2.agile.software (super_admin, dedicato)</div>
</div>
</div>
<h3>Test del worker</h3>
<div class="code-block">
<span class="comment"># Run manuale (Hetzner SSH)</span>
<span class="keyword">php8.4</span> /var/www/nis2-agile/scripts/feedback-worker.php
<span class="comment"># Verifica log</span>
<span class="keyword">tail</span> -f /var/log/nis2/feedback-worker.log
<span class="comment"># Output atteso (nessun ticket)</span>
[2026-03-10 09:16:27] === Feedback Worker avviato ===
[2026-03-10 09:16:27] Nessun ticket in lavorazione. Worker terminato.
</div>
</section>
<!-- ── Accesso ── -->
<section id="accesso">
<h2><span class="icon">🔗</span> URL di Accesso</h2>
<div class="grid-2">
<div>
<h3>Produzione</h3>
<a href="https://nis2.agile.software/simulate.html" target="_blank" class="url-btn">
🎬 Simulatore Demo
</a>
<a href="https://nis2.agile.software/test-runner.php?t=Nis2Test2026" target="_blank" class="url-btn">
🧪 Test Runner
</a>
<a href="https://nis2.agile.software/api-status.php" target="_blank" class="url-btn">
❤️ Health Check
</a>
</div>
<div>
<h3>DevEnv (container locale)</h3>
<a href="https://certisource.it/dev-nis2-api/" target="_blank" class="url-btn">
🔧 Dev API
</a>
<a href="https://certisource.it/dev-nis2-ide/" target="_blank" class="url-btn">
💻 Dev IDE
</a>
<a href="https://certisource.it/dev-nis2-browser/" target="_blank" class="url-btn">
🌐 Dev Browser
</a>
</div>
</div>
<h3>Reset dati demo</h3>
<div class="alert alert-warning">
<span>⚠️</span>
<div>Il reset cancella tutte le organizzazioni e gli utenti con <code>id &gt; 4</code> e email che contengono <code>.demo</code>. Le 4 org base e i super admin vengono preservati.</div>
</div>
<div class="code-block">
<span class="comment"># Via Test Runner UI → tasto "Reset Dati Demo"</span>
<span class="comment"># Via SSH (Hetzner)</span>
<span class="keyword">mysql</span> -u nis2_user -p nis2_agile_db &lt; /var/www/nis2-agile/docs/sql/reset-demo.sql
</div>
</section>
<!-- ── Credenziali ── -->
<section id="credenziali">
<h2><span class="icon">🔑</span> Credenziali</h2>
<h3>Test Runner</h3>
<div class="creds-box">
<div class="creds-row">
<div class="creds-key">Token accesso</div>
<div class="creds-val">Nis2Test2026</div>
</div>
<div class="creds-row">
<div class="creds-key">URL</div>
<div class="creds-val">https://nis2.agile.software/test-runner.php?t=Nis2Test2026</div>
</div>
</div>
<h3>Utenti demo (creati da SIM-01)</h3>
<div class="creds-box">
<div class="creds-row">
<div class="creds-key">Password comune</div>
<div class="creds-val">NIS2Demo2026!</div>
</div>
<div class="creds-row">
<div class="creds-key">DataCore admin</div>
<div class="creds-val">admin@datacore-srl.demo</div>
</div>
<div class="creds-row">
<div class="creds-key">MedClinic admin</div>
<div class="creds-val">admin@medclinic.demo</div>
</div>
<div class="creds-row">
<div class="creds-key">EnerNet admin</div>
<div class="creds-val">admin@enernet.demo</div>
</div>
<div class="creds-row">
<div class="creds-key">Consultant</div>
<div class="creds-val">consultant@nis2agile.demo</div>
</div>
</div>
<h3>API Key demo (DataCore — read:all)</h3>
<div class="creds-box">
<div class="creds-row">
<div class="creds-key">Chiave</div>
<div class="creds-val">nis2_152c1d87f8e6613d18a0510fd907c082</div>
</div>
<div class="creds-row">
<div class="creds-key">Scope</div>
<div class="creds-val">read:all</div>
</div>
<div class="creds-row">
<div class="creds-key">Header</div>
<div class="creds-val">X-API-Key: nis2_152c1d87f8e6613d18a0510fd907c082</div>
</div>
</div>
<h3>Sistema Feedback</h3>
<div class="creds-box">
<div class="creds-row">
<div class="creds-key">Password resolve</div>
<div class="creds-val">Nis2Feedback2026!</div>
</div>
<div class="creds-row">
<div class="creds-key">Worker account</div>
<div class="creds-val">worker@nis2.agile.software</div>
</div>
</div>
<div class="alert alert-warning" style="margin-top:24px;">
<span>🔒</span>
<div>Queste credenziali sono per uso esclusivo in ambiente di test/demo. Non usarle in produzione reale. La pagina non è indicizzata dai motori di ricerca.</div>
</div>
</section>
</div>
<footer>
NIS2 Agile — Documentazione Testing &amp; Simulazione · Aggiornata 2026-03-10 ·
<a href="https://nis2.agile.software/" style="color:var(--primary);">nis2.agile.software</a>
</footer>
<script>
// Highlight nav link on scroll
const sections = document.querySelectorAll('section[id]');
const navLinks = document.querySelectorAll('.nav a');
const observer = new IntersectionObserver(entries => {
entries.forEach(entry => {
if (entry.isIntersecting) {
navLinks.forEach(a => a.classList.remove('active'));
const active = document.querySelector(`.nav a[href="#${entry.target.id}"]`);
if (active) active.classList.add('active');
}
});
}, { threshold: 0.3 });
sections.forEach(s => observer.observe(s));
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink