Commit Graph

9 Commits

Author SHA1 Message Date
nogueiraguh
f22bb54e25 feat: Oracle IAM OIDC, force password change, security hardening
- OIDC: authorization code flow, JWKS validation, JIT provisioning, group-to-role mapping, dual auth (local/oidc/both)
- Force password change: random admin password on first install, modal blocks UI until changed
- APP_SECRET required in docker-compose (fail if missing), .env.example improved
- Login page: Oracle IAM button (conditional), hide form in oidc-only mode
- OracleIamPage: test connection via backend, masked client_secret handling
- UsersPage: OIDC badge, auth_provider in list
- i18n: login.oidcButton, login.or (pt/en/es)
- README v3.1: Terminal, User Management, Security, OIDC endpoints, versioning
2026-04-02 10:26:00 -03:00
nogueiraguh
62f2a3d1ab feat: My Settings — password change (local only), timezone, MFA, auth_provider field
- MySettingsPage: timezone, password change (local users), MFA setup/disable
- Password change hidden for federated users (auth_provider != local)
- Federated users see info message: "managed by Oracle IAM"
- Backend: auth_provider + oidc_subject columns in users table (migration)
- /users/me returns auth_provider field
- User interface updated with auth_provider
- i18n: 12 new keys (pt/en) for password change
2026-04-01 15:20:16 -03:00
nogueiraguh
bc7024c95d feat: user isolation — ownership checks, is_global, per-user embeddings, private reports
- Add is_global column to adb_vector_configs and mcp_servers (schema + migration)
- Add _verify_config_access() and _verify_report_access() helpers
- Apply ownership checks to ~70 endpoints (OCI explore, actions, GenAI, MCP, ADB, reports, embeddings, terraform)
- Reports are 100% private (even admin can't see others')
- Add user_id to embedding metadata + filter in _vector_search/_vector_search_multi
- Remove cross-user ADB fallback in _get_active_adb_configs
- Add auth (token query param) to report HTML and compliance report iframes
- Audit log: admin sees all, user/viewer sees only own
- Embedding task status mapped to user
- Frontend: GLOBAL badge on ADB/MCP configs, hide edit/delete for non-admin on global resources
- Export/import includes is_global field
2026-04-01 01:05:54 -03:00
nogueiraguh
35a2bf786b feat: OCI Services page, compliance report v3, DOCX with camo strip, timezone per-user
- New OCI Services page with Service Status (auto-detect + overrides) and OCI Health (real-time Oracle status) tabs
- Compliance report: OCI Services section with Cloud Guard recommendations table, back page with Connect with us
- DOCX generation: professional styling with Pillow camouflage strip, green header tables, result boxes
- Separate Download DOCX button in reports page
- Timezone now per-user (not global) — each user configures their own timezone
- ADB connection pre-check before report generation (fail fast 503)
- Compliance report iframe shows friendly HTML instead of JSON 404 during generation
- OCI Health dashboard: proxies ocistatus.oraclecloud.com with search, geo filters, expandable region cards
2026-03-29 00:43:20 -03:00
nogueiraguh
c6b7cd75a9 feat: CIS number in embeddings, tenancy dropdown in consult, text filter for exact CIS search
- Chunk findings CSV: includes CIS Recommendation number, Section, Status in document header
- Consult embeddings: tenancy dropdown (OCI config selector) for filtered search
- CIS number detection: regex extracts "cis X.Y" from query → TEXT LIKE filter for exact match
- Dynamic top_k: 10 per table when CIS filter active (vs 3 default), 15 global results
- Vector search text_filter: combined vector similarity + TEXT LIKE for precise results
- Purged 121174 legacy docs without tenancy metadata from all CIS tables
- Re-embedded 4364 docs across 7 tables with full CIS metadata
- GPT-5.2 for consult (was GPT-4.1), max_tokens 8000
2026-03-24 22:12:15 -03:00
nogueiraguh
73c60212f7 feat: auto-mapped CIS report embedding, section embed, ADB RAW(16) fix
- Auto-embed report: maps each CSV to its ADB table (summaryreportcsvvector, identityandaccess, networking, etc.)
- Section embed: new endpoint POST /api/embeddings/report/{rid}/section with per-section button in UI
- Table validation: checks registered ADB tables before embedding, reports missing tables
- Auto-detect embedding dimension: reads table dim and selects correct model (3072→large, 1536→small)
- ADB RAW(16) ID fix: all vector inserts use HEXTORAW() for UUID (fixes ORA-01465)
- Float32 vectors: all inserts use array.array('f') for FLOAT32 compatibility
- Embedding status: real-time progress polling (Embedding X/Y — table: Z)
- Loading per section: spinner only on the section being embedded, not all
- Removed individual file embed buttons (only section + full report)
- Summary CSV chunking: groups by CIS section with tenancy + extract_date metadata
- Findings CSV chunking: each row becomes a document with structured content
- README: documented all 11 required ADB vector tables with descriptions
2026-03-21 00:10:50 -03:00
nogueiraguh
2c5f0f2e1c fix: compliance report iframe, findings tables, PDF fonts, delete session, orphan markers
- Compliance report iframe: removed auth requirement (UUIDs are non-guessable), fixed X-Frame-Options SAMEORIGIN on /api/
- Findings resource tables: compact HTML tables (max 4 cols, 10 rows) per non-compliant finding with affected resources from CSV
- PDF fonts: installed Liberation + DejaVu fonts in container, standardized font-family to Arial/Liberation Sans
- Delete session fix: terraform.ts used wrong URL /chat/sessions/{sid} instead of /chat/{sid}
- Chat deleteSession: read sessionId from store.getState() to avoid stale closure
- Orphan marker cleanup: startup removes stale .compliance_generating markers, status endpoint auto-expires after 10min
- Generate endpoint rejects duplicate requests while already generating
- Compliance iframe condition: only renders when ready AND not generating, prevents 404 flash
- Dockerfile: added fonts-liberation fonts-dejavu-core fontconfig packages
2026-03-20 17:17:42 -03:00
nogueiraguh
61fbb3861d feat: remove legacy frontend, root routing, compliance ZIP with Chromium PDF, chat markdown styling
- Legacy frontend removed: React SPA served at / (no /app/ prefix)
- Compliance report ZIP: Chromium headless --print-to-pdf (identical to browser) + CSV findings
- Server-side generation state: .compliance_generating marker survives page navigation
- RAG enriched: Description + Rationale + Remediation + Audit extracted from CIS vector chunks
- Chat markdown: syntax highlighting (Catppuccin), styled headings/lists/tables/blockquotes/code
- Default model auto-selected on Chat Agent load
2026-03-20 07:21:41 -03:00
nogueiraguh
442e710b9f feat: LAD A-Team CIS Compliance Report, React SPA, i18n, report management, explorer UX fixes
- Professional Oracle-format compliance report with RAG remediation from ADB vector store
- React 19 SPA at /app/ (16 pages, TypeScript, Vite, Zustand, i18n pt/en 625 keys)
- Report delete endpoint, embed individual report files into vector store
- Terraform ZIP download (client-side, pure JS)
- Explorer silent polling during start/stop (no flickering)
- HTML report and compliance report sections start minimized
- Token auth fix for compliance report CSV download links
2026-03-19 07:34:06 -03:00