Aegis

kitos/Aegis

Fork 0

Commit Graph

Author	SHA1	Message	Date
Kitos	a4a2adccee	feat(phase-39): role-based access control overhaul + forced password change Some checks failed Aegis CI / lint-and-test (push) Has been cancelled Details - Add must_change_password field to User model with migration b023 - Add POST /auth/change-password endpoint with password policy validation - Add require_password_changed dependency to block requests until password is changed - Add ChangePasswordModal with live password policy checklist (forced on first login) - Show password policy in CreateUserModal and EditUserModal - Fix backend permissions: tests, campaigns, templates, reports, evidence, worklogs - red_tech/blue_tech: execute only, cannot create tests/campaigns/templates - red_lead/blue_lead: create/edit tests/campaigns/templates, generate reports, no system access - viewer: read-only everywhere, can generate reports - Fix frontend role checks across TestDetailPage, TestDetailHeader, TeamTabs, TestsPage, CampaignsPage, CampaignDetailPage, Sidebar	2026-02-18 10:37:02 +01:00
Kitos	ec65991ac1	feat: Phase 1 - Data models and migrations (T-004 to T-009) Implements all database models for the Aegis platform with full Alembic migration support. Models created: - User: Authentication with role-based access control - Technique: MITRE ATT&CK techniques with coverage status tracking - Test: Security tests with validation workflow (draft/review/validated) - Evidence: File metadata for test evidence (stored in MinIO) - IntelItem: Threat intelligence items linked to techniques - AuditLog: System-wide audit trail with JSONB details Enumerations: - TechniqueStatus: not_evaluated, in_progress, validated, partial, etc. - TestState: draft, in_review, validated, rejected - TestResult: detected, not_detected, partially_detected Services: - audit_service.py: log_action() helper for audit logging All models include proper foreign key relationships and PostgreSQL enum types are managed correctly in migrations (create/drop).	2026-02-06 12:26:26 +01:00

Author

SHA1

Message

Date

Kitos

a4a2adccee

feat(phase-39): role-based access control overhaul + forced password change

Aegis CI / lint-and-test (push) Has been cancelled

Details

- Add must_change_password field to User model with migration b023

- Add POST /auth/change-password endpoint with password policy validation

- Add require_password_changed dependency to block requests until password is changed

- Add ChangePasswordModal with live password policy checklist (forced on first login)

- Show password policy in CreateUserModal and EditUserModal

- Fix backend permissions: tests, campaigns, templates, reports, evidence, worklogs

- red_tech/blue_tech: execute only, cannot create tests/campaigns/templates

- red_lead/blue_lead: create/edit tests/campaigns/templates, generate reports, no system access

- viewer: read-only everywhere, can generate reports

- Fix frontend role checks across TestDetailPage, TestDetailHeader, TeamTabs, TestsPage, CampaignsPage, CampaignDetailPage, Sidebar

2026-02-18 10:37:02 +01:00

Kitos

ec65991ac1

feat: Phase 1 - Data models and migrations (T-004 to T-009)

Implements all database models for the Aegis platform with full
Alembic migration support.

Models created:
- User: Authentication with role-based access control
- Technique: MITRE ATT&CK techniques with coverage status tracking
- Test: Security tests with validation workflow (draft/review/validated)
- Evidence: File metadata for test evidence (stored in MinIO)
- IntelItem: Threat intelligence items linked to techniques
- AuditLog: System-wide audit trail with JSONB details

Enumerations:
- TechniqueStatus: not_evaluated, in_progress, validated, partial, etc.
- TestState: draft, in_review, validated, rejected
- TestResult: detected, not_detected, partially_detected

Services:
- audit_service.py: log_action() helper for audit logging

All models include proper foreign key relationships and PostgreSQL
enum types are managed correctly in migrations (create/drop).

2026-02-06 12:26:26 +01:00

2 Commits