kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
205 Commits 1 Branch 0 Tags
b248c2816e11c6714758d0e94019107b1487328c
Commit Graph

163 Commits

Author SHA1 Message Date
kitos
89a951c2a2 fix(decay-engine): strip tzinfo from validated_at before datetime arithmetic
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
The previous fix changed _now() to return naive UTC, but the code still
called .replace(tzinfo=utc) on most_recent (from DB) before subtracting.
This caused "can't subtract offset-naive and offset-aware datetimes".
Now we strip tzinfo if present, keeping everything naive UTC consistently.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 16:35:02 +02:00
kitos
9a020f97ef fix(detection-lifecycle): fix timezone naive/aware mismatch and duplicate technique mapping
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
- Replace datetime.now(timezone.utc) with datetime.utcnow() in _now() across
  all three Phase 8 files to match DB DateTime column type (naive UTC)
- Guard POST /assets/{id}/techniques/{tid} against duplicate mappings:
  if mapping already exists, update coverage_type/confidence_level instead
  of inserting a duplicate row

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 16:29:04 +02:00
kitos
1fe150963c feat(dlm): Phase 8 — Detection Lifecycle Management [FASE-8]
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
Tasks 8.1-8.5:

Models (8.1):
- DetectionAsset: SIEM/EDR/Sigma rule assets with auto-hash
- DetectionTechniqueMapping: N:M asset ↔ technique coverage
- DetectionValidation: immutable validation records with expiry
- TechniqueConfidenceScore: computed multi-factor confidence
- InfrastructureChangeLog: infra changes that invalidate detections
- DecayPolicy: configurable freshness thresholds per platform/tactic

Services (8.2, 8.3):
- detection_asset_service: CRUD + SHA-256 rule hashing + auto-
  invalidation on rule/infra changes
- decay_engine_service: daily decay engine — expires stale validations,
  recalculates confidence (recency/coverage/health/diversity factors),
  processes infrastructure change propagation

Router (8.4): 15 endpoints under /api/v1/detection-lifecycle:
  assets CRUD, technique mappings, validations, confidence scores,
  infrastructure changes, decay trigger, executive dashboard

Scheduler (8.3): decay engine runs daily at 02:00
Seed (8.5): default policy (90/180/365d) + strict initial-access policy
Migration: b034dlm (6 tables, 11 indexes)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 15:45:16 +02:00
kitos
0e1b8e2b39 feat(settings): Settings page with email, webhooks, notifications, profile [FASE-8]
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
- SystemConfig model + migration b033 for runtime key-value config
- GET/PATCH /system/email-config + POST /system/email-test (admin only)
- email_service reads SMTP config from DB (overrides .env)
- Webhooks now accessible to red_lead/blue_lead + admin
- GET /users/me already existed; /users/me/preferences already working
- SettingsPage with 4 role-aware tabs:
  * Profile & Jira: jira_account_id, user info
  * Notifications: role-specific email/in-app toggles (12 prefs)
  * Webhooks: full CRUD + test ping (leads + admin)
  * Email/SMTP: enable toggle, server config, test email (admin only)
- Added /settings route (all authenticated users)
- Settings link added to Sidebar

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 15:10:31 +02:00
kitos
93ebcf2b86 fix(users): add GET /users/me endpoint for current user profile
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details
2026-05-19 14:04:42 +02:00
kitos
c1e06d4c0a feat(phases): implement webhooks (6.1), email (7.1), user preferences (7.2)
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
- Phase 6.1: WebhookConfig model, CRUD router (/api/v1/webhooks, admin-only),
  dispatch_webhook() with HMAC signing; integrated into test validation,
  campaign completion, and MITRE sync job
- Phase 7.1: SMTP email service with send_test_validated_email,
  send_campaign_completed_email, send_new_mitre_techniques_email;
  notify_role_with_email() added to notification_service
- Phase 7.2: notification_preferences and jira_account_id on User model;
  PATCH /users/me/preferences endpoint; Alembic migrations b031phase6 and b032phase7

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 13:40:45 +02:00
kitos
63da22b77e fix(qa): 5 bug fixes — audit dates, CSP, template modal, MITRE sync timeout, data source auto-sync
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
- audit_service: set timestamp=datetime.now(utc) explicitly so DB never stores NULL
- AuditLogPage: formatDate handles null/undefined timestamps (was showing Jan 1 1970)
- nginx.conf: add CSP script-src hash for inline script (sha256-31OgE8E9...)
- system.py: MITRE sync now runs in BackgroundTasks — returns immediately, no more 120s timeout
- mitre_sync_job.py: add _run_data_sources_sync job (every 6h) that checks sync_frequency
  and auto-syncs overdue enabled data sources
- SystemPage: MITRE sync result shows "started" vs "complete" message
- test-templates.ts: add updateTemplate() API function
- SystemPage: template name cell is now clickable — opens TemplateDetailModal with
  full edit form (name, description, procedure, detection, platform, severity, tool)
  and Save / Activate / Deactivate / Close buttons

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 12:05:35 +02:00
kitos
fd476ce460 fix(audit): timestamp Optional para evitar 500 con registros NULL
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
Algunos registros de audit_log tienen timestamp=NULL en DB.
AuditLogOut tenia timestamp: datetime (no opcional) causando
ValidationError -> 500 Internal Server Error al listar el audit log.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 10:09:47 +02:00
kitos
2495423790 fix(auth,frontend): secure cookie HTTP fix, technique links y CSP
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
- auth: desacopla SECURE_COOKIES de AEGIS_ENV para que el login
  funcione sobre HTTP (SECURE_COOKIES=false en servidor local)
- TechniqueCell: button -> Link para href real (right-click, a11y)
- TechniquesPage: añade Link en celda MITRE ID en vista lista
- nginx CSP: amplía connect-src con ws:/wss: para evitar bloqueos

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 09:28:39 +02:00
Kitos
05b221a22d feat(scoring): composite recency decay and severity weights persisted in DB [FASE-5.1] 2026-05-18 15:07:12 +02:00
Kitos
2ee59d4e18 test(intel): verify OSINT enrichment and stale coverage detection [FASE-4] 2026-05-18 14:50:31 +02:00
Kitos
bdeeed54e1 feat(compliance): data classification fields and retention policies job [FASE-3.5]
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details
2026-05-18 14:17:29 +02:00
Kitos
3e854b7b79 feat(security): extend rate limits on sync, tests, evidence and reports [FASE-3.4] 2026-05-18 14:16:53 +02:00
Kitos
5b29c2fc56 fix(api): return 422 for validation errors with serializable payloads [FASE-3.3] 2026-05-18 14:16:53 +02:00
Kitos
6b076f52b2 feat(auth): audit login success and failure attempts [FASE-3.2] 2026-05-18 14:16:53 +02:00
Kitos
c0aff4cbeb feat(audit): enhanced audit trail with IP, user-agent and integrity hash [FASE-3.1] 2026-05-18 14:16:18 +02:00
Kitos
a8a24b5429 fix(metrics): correct never-tested technique query [FASE-2.6]
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
Use distinct technique_id list filtering so untested techniques are returned reliably on SQLite and Postgres.
 2026-05-18 14:00:48 +02:00
Kitos
b6f23f385d fix(analytics): restrict operators endpoint to admin [FASE-2.5] 
Align with BI security spec and add flat JSON API tests for coverage, tests, and operators.
 2026-05-18 14:00:47 +02:00
Kitos
6ab950ec42 feat(reports): add quarterly and technique download routes [FASE-2.4] 
Expose GET endpoints for quarterly-summary and technique reports with PDF, DOCX, and HTML formats.
 2026-05-18 14:00:46 +02:00
Kitos
ed2c34ef28 feat(reports): extend report generation service [FASE-2.3] 
Add quarterly summary and technique detail builders with UUID-safe lookups and unit tests for purple campaign context.
 2026-05-18 14:00:42 +02:00
Kitos
96fdd9fa85 feat(reports): add quarterly and technique HTML templates [FASE-2.2] 
Introduce quarterly_summary and technique_detail Jinja layouts; use SVG logo asset across report covers.
 2026-05-18 14:00:40 +02:00
Kitos
c28a47c43b test(reports): add ReportEngine unit tests [FASE-2.1] 
Stub WeasyPrint for CI-friendly PDF generation and verify HTML render, PDF path, and HTML file output.
 2026-05-18 14:00:37 +02:00
Kitos
0d4c404f08 test(jira): add hourly sync job tests [FASE-1.7]
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
Verify skip when disabled, per-link sync invocation, and continued batch on single-link failures.
 2026-05-18 13:36:26 +02:00
Kitos
03d7d1cc80 feat(tempo): harden worklog sync and add tests [FASE-1.4] 
Add tempo-api-python-client dependency, TEMPO_API_VERSION setting, enum-safe Jira link lookup, work type on create_worklog, and mocked auto_log tests.
 2026-05-18 13:36:26 +02:00
Kitos
b8c9c4ac6a test(jira): add hourly sync job tests [FASE-1.7]
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
Verify skip when disabled, per-link sync invocation, and continued batch on single-link failures.
 2026-05-18 13:33:40 +02:00
Kitos
73867d3990 test(jira): add jira_service unit tests [FASE-1.2] 
Cover disabled client guard, issue search mapping, and sync_aegis_to_jira comment posting with mocks.
 2026-05-18 13:33:27 +02:00
Kitos
6b28934f05 test: stabilize Phase 0 API and workflow tests [FASE-0.4] 
Assert INVALID_TRANSITION JSON code on duplicate start, remove sys.modules stubs from T-106 tests, and complete boto3 stubs in integration tests.
 2026-05-18 13:19:27 +02:00
Kitos
6f35d85a97 feat(db): add Phase 0 composite indexes migration [FASE-0.3] 
Add idempotent Alembic revision b028 for campaign_tests (campaign_id, test_id) to support campaign-scoped queries.
 2026-05-18 13:19:20 +02:00
Kitos
c5eb6f6dc1 feat(auth): move JWT blacklist to Redis with TTL [FASE-0.2] 
Revoke tokens by jti in a dedicated Redis DB, honor TTL from JWT exp on logout, reject revoked tokens in get_current_user, and add FakeRedis-backed API tests.
 2026-05-18 13:19:15 +02:00
Kitos
9b70655b7e feat(infra): add Redis service and client for Phase 0 [FASE-0.1] 
Add Redis 7 to Docker Compose with healthcheck and persistence, separate logical DBs for blacklist and cache, singleton redis client helpers, and unit tests with fakeredis.
 2026-05-18 13:18:45 +02:00
Kitos
821c4ac5ec test(jira): add JiraLink model and jira_service tests [FASE-1.1] 
Model and migration b020 were already present; adds regression coverage for persistence, schema validation, and link CRUD with Jira disabled.
 2026-05-18 12:02:21 +02:00
Kitos
abef2a45e0 fix: production detection only triggers on AEGIS_ENV=production, not SECRET_KEY presence
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details
2026-02-20 17:20:48 +01:00
Kitos
79a4772ab5 feat: make heatmap layers extensible via LayerRegistry (OCP) 2026-02-20 16:07:36 +01:00
Kitos
a9255e15ce refactor: remove db.commit() from audit_service.log_action, all callers use UoW 2026-02-20 15:33:23 +01:00
Kitos
0d211d5156 feat: add ThreatActorEntity domain entity with coverage analysis (Tier 4) 2026-02-20 15:02:38 +01:00
Kitos
14d995b40c refactor: remove db.commit() from business services, callers use UnitOfWork (Tier 3) 2026-02-20 14:42:20 +01:00
Kitos
339d669498 feat: move all remaining inline logic from routers to services (Tier 2) 2026-02-20 14:34:24 +01:00
Kitos
9e22fde746 feat: extract advanced_metrics, analytics, test_templates, and auth to services (Tier 1 complete) 2026-02-20 14:28:52 +01:00
Kitos
d77075272e feat: add ImportService protocol and registry for OCP-compliant import extensibility (LP-7) 2026-02-20 13:31:18 +01:00
Kitos
c0c6cda11d feat: add Campaign/Compliance domain entities and extract users/audit/data_sources to services (LP-2 through LP-6) 2026-02-20 13:28:14 +01:00
Kitos
764a2f7579 feat(logging): add structured JSON logging for production, human-readable text for development 2026-02-19 19:07:08 +01:00
Kitos
f4c74230ec refactor(campaigns): extract CRUD/business logic to campaign_crud_service, use domain exceptions 2026-02-19 19:04:32 +01:00
Kitos
50b70704ae refactor(evidence): extract permission validation and queries to evidence_service, use domain exceptions 2026-02-19 19:02:36 +01:00
Kitos
20738d11b3 refactor(tests): extract CRUD/query logic to test_crud_service, router delegates to service with domain exceptions 2026-02-19 18:35:09 +01:00
Kitos
4e3787d091 refactor(scoring): persist weights in DB table, replace mutable Settings with scoring_config_service 2026-02-19 17:46:02 +01:00
Kitos
93fde55389 refactor(threat-actors): extract query/business logic to threat_actor_service, fix N+1 with grouped subqueries
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details
2026-02-19 17:40:00 +01:00
Kitos
560fc0c9f0 refactor(detection-rules): extract query/business logic to detection_rule_service, router is thin HTTP adapter 2026-02-19 17:39:31 +01:00
Kitos
d305db8794 refactor(compliance): extract business logic to compliance_service, use domain exceptions instead of HTTPException 2026-02-19 17:06:32 +01:00
Kitos
25fddad17c refactor(metrics): extract query logic to metrics_query_service, thin down router to HTTP adapter 2026-02-19 17:06:07 +01:00
Kitos
8d5c5fa80e refactor(reports): extract query and aggregation logic to coverage_report_service, fix N+1 test-count pattern 2026-02-19 15:56:42 +01:00