kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
131 Commits 1 Branch 0 Tags
d6df7fdc09b63bba28e034f1f26e756d73a091bd
Commit Graph

107 Commits

Author SHA1 Message Date
kitos
63da22b77e fix(qa): 5 bug fixes — audit dates, CSP, template modal, MITRE sync timeout, data source auto-sync
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
- audit_service: set timestamp=datetime.now(utc) explicitly so DB never stores NULL
- AuditLogPage: formatDate handles null/undefined timestamps (was showing Jan 1 1970)
- nginx.conf: add CSP script-src hash for inline script (sha256-31OgE8E9...)
- system.py: MITRE sync now runs in BackgroundTasks — returns immediately, no more 120s timeout
- mitre_sync_job.py: add _run_data_sources_sync job (every 6h) that checks sync_frequency
  and auto-syncs overdue enabled data sources
- SystemPage: MITRE sync result shows "started" vs "complete" message
- test-templates.ts: add updateTemplate() API function
- SystemPage: template name cell is now clickable — opens TemplateDetailModal with
  full edit form (name, description, procedure, detection, platform, severity, tool)
  and Save / Activate / Deactivate / Close buttons

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 12:05:35 +02:00
kitos
fd476ce460 fix(audit): timestamp Optional para evitar 500 con registros NULL
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
Algunos registros de audit_log tienen timestamp=NULL en DB.
AuditLogOut tenia timestamp: datetime (no opcional) causando
ValidationError -> 500 Internal Server Error al listar el audit log.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 10:09:47 +02:00
kitos
2495423790 fix(auth,frontend): secure cookie HTTP fix, technique links y CSP
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
- auth: desacopla SECURE_COOKIES de AEGIS_ENV para que el login
  funcione sobre HTTP (SECURE_COOKIES=false en servidor local)
- TechniqueCell: button -> Link para href real (right-click, a11y)
- TechniquesPage: añade Link en celda MITRE ID en vista lista
- nginx CSP: amplía connect-src con ws:/wss: para evitar bloqueos

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 09:28:39 +02:00
Kitos
05b221a22d feat(scoring): composite recency decay and severity weights persisted in DB [FASE-5.1] 2026-05-18 15:07:12 +02:00
Kitos
2ee59d4e18 test(intel): verify OSINT enrichment and stale coverage detection [FASE-4] 2026-05-18 14:50:31 +02:00
Kitos
bdeeed54e1 feat(compliance): data classification fields and retention policies job [FASE-3.5]
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details
2026-05-18 14:17:29 +02:00
Kitos
3e854b7b79 feat(security): extend rate limits on sync, tests, evidence and reports [FASE-3.4] 2026-05-18 14:16:53 +02:00
Kitos
5b29c2fc56 fix(api): return 422 for validation errors with serializable payloads [FASE-3.3] 2026-05-18 14:16:53 +02:00
Kitos
6b076f52b2 feat(auth): audit login success and failure attempts [FASE-3.2] 2026-05-18 14:16:53 +02:00
Kitos
c0aff4cbeb feat(audit): enhanced audit trail with IP, user-agent and integrity hash [FASE-3.1] 2026-05-18 14:16:18 +02:00
Kitos
a8a24b5429 fix(metrics): correct never-tested technique query [FASE-2.6]
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
Use distinct technique_id list filtering so untested techniques are returned reliably on SQLite and Postgres.
 2026-05-18 14:00:48 +02:00
Kitos
b6f23f385d fix(analytics): restrict operators endpoint to admin [FASE-2.5] 
Align with BI security spec and add flat JSON API tests for coverage, tests, and operators.
 2026-05-18 14:00:47 +02:00
Kitos
6ab950ec42 feat(reports): add quarterly and technique download routes [FASE-2.4] 
Expose GET endpoints for quarterly-summary and technique reports with PDF, DOCX, and HTML formats.
 2026-05-18 14:00:46 +02:00
Kitos
ed2c34ef28 feat(reports): extend report generation service [FASE-2.3] 
Add quarterly summary and technique detail builders with UUID-safe lookups and unit tests for purple campaign context.
 2026-05-18 14:00:42 +02:00
Kitos
96fdd9fa85 feat(reports): add quarterly and technique HTML templates [FASE-2.2] 
Introduce quarterly_summary and technique_detail Jinja layouts; use SVG logo asset across report covers.
 2026-05-18 14:00:40 +02:00
Kitos
c28a47c43b test(reports): add ReportEngine unit tests [FASE-2.1] 
Stub WeasyPrint for CI-friendly PDF generation and verify HTML render, PDF path, and HTML file output.
 2026-05-18 14:00:37 +02:00
Kitos
0d4c404f08 test(jira): add hourly sync job tests [FASE-1.7]
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
Verify skip when disabled, per-link sync invocation, and continued batch on single-link failures.
 2026-05-18 13:36:26 +02:00
Kitos
03d7d1cc80 feat(tempo): harden worklog sync and add tests [FASE-1.4] 
Add tempo-api-python-client dependency, TEMPO_API_VERSION setting, enum-safe Jira link lookup, work type on create_worklog, and mocked auto_log tests.
 2026-05-18 13:36:26 +02:00
Kitos
b8c9c4ac6a test(jira): add hourly sync job tests [FASE-1.7]
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
Verify skip when disabled, per-link sync invocation, and continued batch on single-link failures.
 2026-05-18 13:33:40 +02:00
Kitos
73867d3990 test(jira): add jira_service unit tests [FASE-1.2] 
Cover disabled client guard, issue search mapping, and sync_aegis_to_jira comment posting with mocks.
 2026-05-18 13:33:27 +02:00
Kitos
6b28934f05 test: stabilize Phase 0 API and workflow tests [FASE-0.4] 
Assert INVALID_TRANSITION JSON code on duplicate start, remove sys.modules stubs from T-106 tests, and complete boto3 stubs in integration tests.
 2026-05-18 13:19:27 +02:00
Kitos
6f35d85a97 feat(db): add Phase 0 composite indexes migration [FASE-0.3] 
Add idempotent Alembic revision b028 for campaign_tests (campaign_id, test_id) to support campaign-scoped queries.
 2026-05-18 13:19:20 +02:00
Kitos
c5eb6f6dc1 feat(auth): move JWT blacklist to Redis with TTL [FASE-0.2] 
Revoke tokens by jti in a dedicated Redis DB, honor TTL from JWT exp on logout, reject revoked tokens in get_current_user, and add FakeRedis-backed API tests.
 2026-05-18 13:19:15 +02:00
Kitos
9b70655b7e feat(infra): add Redis service and client for Phase 0 [FASE-0.1] 
Add Redis 7 to Docker Compose with healthcheck and persistence, separate logical DBs for blacklist and cache, singleton redis client helpers, and unit tests with fakeredis.
 2026-05-18 13:18:45 +02:00
Kitos
821c4ac5ec test(jira): add JiraLink model and jira_service tests [FASE-1.1] 
Model and migration b020 were already present; adds regression coverage for persistence, schema validation, and link CRUD with Jira disabled.
 2026-05-18 12:02:21 +02:00
Kitos
abef2a45e0 fix: production detection only triggers on AEGIS_ENV=production, not SECRET_KEY presence
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details
2026-02-20 17:20:48 +01:00
Kitos
79a4772ab5 feat: make heatmap layers extensible via LayerRegistry (OCP) 2026-02-20 16:07:36 +01:00
Kitos
a9255e15ce refactor: remove db.commit() from audit_service.log_action, all callers use UoW 2026-02-20 15:33:23 +01:00
Kitos
0d211d5156 feat: add ThreatActorEntity domain entity with coverage analysis (Tier 4) 2026-02-20 15:02:38 +01:00
Kitos
14d995b40c refactor: remove db.commit() from business services, callers use UnitOfWork (Tier 3) 2026-02-20 14:42:20 +01:00
Kitos
339d669498 feat: move all remaining inline logic from routers to services (Tier 2) 2026-02-20 14:34:24 +01:00
Kitos
9e22fde746 feat: extract advanced_metrics, analytics, test_templates, and auth to services (Tier 1 complete) 2026-02-20 14:28:52 +01:00
Kitos
d77075272e feat: add ImportService protocol and registry for OCP-compliant import extensibility (LP-7) 2026-02-20 13:31:18 +01:00
Kitos
c0c6cda11d feat: add Campaign/Compliance domain entities and extract users/audit/data_sources to services (LP-2 through LP-6) 2026-02-20 13:28:14 +01:00
Kitos
764a2f7579 feat(logging): add structured JSON logging for production, human-readable text for development 2026-02-19 19:07:08 +01:00
Kitos
f4c74230ec refactor(campaigns): extract CRUD/business logic to campaign_crud_service, use domain exceptions 2026-02-19 19:04:32 +01:00
Kitos
50b70704ae refactor(evidence): extract permission validation and queries to evidence_service, use domain exceptions 2026-02-19 19:02:36 +01:00
Kitos
20738d11b3 refactor(tests): extract CRUD/query logic to test_crud_service, router delegates to service with domain exceptions 2026-02-19 18:35:09 +01:00
Kitos
4e3787d091 refactor(scoring): persist weights in DB table, replace mutable Settings with scoring_config_service 2026-02-19 17:46:02 +01:00
Kitos
93fde55389 refactor(threat-actors): extract query/business logic to threat_actor_service, fix N+1 with grouped subqueries
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details
2026-02-19 17:40:00 +01:00
Kitos
560fc0c9f0 refactor(detection-rules): extract query/business logic to detection_rule_service, router is thin HTTP adapter 2026-02-19 17:39:31 +01:00
Kitos
d305db8794 refactor(compliance): extract business logic to compliance_service, use domain exceptions instead of HTTPException 2026-02-19 17:06:32 +01:00
Kitos
25fddad17c refactor(metrics): extract query logic to metrics_query_service, thin down router to HTTP adapter 2026-02-19 17:06:07 +01:00
Kitos
8d5c5fa80e refactor(reports): extract query and aggregation logic to coverage_report_service, fix N+1 test-count pattern 2026-02-19 15:56:42 +01:00
Kitos
42a9f4dcd4 refactor(status): consolidate status_service to delegate to TechniqueEntity.recalculate_status() eliminating duplicated business logic 2026-02-19 15:23:01 +01:00
Kitos
2b6d9090c9 refactor(techniques): wire TechniqueRepository into techniques router replacing direct db.query() with repo pattern, domain exceptions, and UnitOfWork 2026-02-19 15:13:52 +01:00
Kitos
f41b8fd8c2 fix(security): add username validation, constant-time login, default credential rejection, and tooling 2026-02-18 19:11:14 +01:00
Kitos
1521005b62 feat(infra): add repository implementations, mappers, FastAPI wiring, and technique indexes 2026-02-18 19:10:50 +01:00
Kitos
5c55e7c17f feat(domain): add domain layer foundation -- enums, value objects, TechniqueEntity, repository ports 2026-02-18 19:10:31 +01:00
Kitos
e651ef8a8c refactor(heatmap): extract business logic to dedicated service
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details 
Move layer dispatch, entity-not-found checks, and validation from router to heatmap_service. Router now only validates requests, calls service, and formats responses (no HTTPException, no business logic). Service raises EntityNotFoundError/BusinessRuleViolation instead of returning None. Add build_navigator_export() for centralized dispatch. 29 new tests (253 total, 0 failures).
 2026-02-18 16:09:51 +01:00