Commit Graph

8 Commits

Author SHA1 Message Date
nogueiraguh
dcc202ff9f fix: embedding background persistence, polling timeout, Error section hidden
- Embed task_id persisted in Zustand store (survives page navigation)
- Resume polling on page mount if active task exists
- Polling timeout increased to 30min (was 5min, too short for large sections)
- Embed button hidden for Error and Other sections
- Shared file-based status for multi-worker visibility
2026-03-21 12:04:29 -03:00
nogueiraguh
ab2d0a3e9b fix: embedding reliability - chunking, truncation, progress bar, shared status
- Text chunking: max 8000 chars per document, large CSV rows split with context header
- Text truncation: _embed_text truncates at 8000 chars before sending to model (prevents 400 errors)
- Purge before re-embed: deletes old docs by tenancy+date before inserting new ones
- Shared embedding status: file-based status (/data/.embed_status/) instead of in-memory dict (fixes multi-worker visibility)
- Progress bar: shows green (OK) + red (failures) segments, percentage, processed/total count
- Better error logging: extracts readable error message from OCI API errors
2026-03-21 10:48:21 -03:00
nogueiraguh
73c60212f7 feat: auto-mapped CIS report embedding, section embed, ADB RAW(16) fix
- Auto-embed report: maps each CSV to its ADB table (summaryreportcsvvector, identityandaccess, networking, etc.)
- Section embed: new endpoint POST /api/embeddings/report/{rid}/section with per-section button in UI
- Table validation: checks registered ADB tables before embedding, reports missing tables
- Auto-detect embedding dimension: reads table dim and selects correct model (3072→large, 1536→small)
- ADB RAW(16) ID fix: all vector inserts use HEXTORAW() for UUID (fixes ORA-01465)
- Float32 vectors: all inserts use array.array('f') for FLOAT32 compatibility
- Embedding status: real-time progress polling (Embedding X/Y — table: Z)
- Loading per section: spinner only on the section being embedded, not all
- Removed individual file embed buttons (only section + full report)
- Summary CSV chunking: groups by CIS section with tenancy + extract_date metadata
- Findings CSV chunking: each row becomes a document with structured content
- README: documented all 11 required ADB vector tables with descriptions
2026-03-21 00:10:50 -03:00
nogueiraguh
2c5f0f2e1c fix: compliance report iframe, findings tables, PDF fonts, delete session, orphan markers
- Compliance report iframe: removed auth requirement (UUIDs are non-guessable), fixed X-Frame-Options SAMEORIGIN on /api/
- Findings resource tables: compact HTML tables (max 4 cols, 10 rows) per non-compliant finding with affected resources from CSV
- PDF fonts: installed Liberation + DejaVu fonts in container, standardized font-family to Arial/Liberation Sans
- Delete session fix: terraform.ts used wrong URL /chat/sessions/{sid} instead of /chat/{sid}
- Chat deleteSession: read sessionId from store.getState() to avoid stale closure
- Orphan marker cleanup: startup removes stale .compliance_generating markers, status endpoint auto-expires after 10min
- Generate endpoint rejects duplicate requests while already generating
- Compliance iframe condition: only renders when ready AND not generating, prevents 404 flash
- Dockerfile: added fonts-liberation fonts-dejavu-core fontconfig packages
2026-03-20 17:17:42 -03:00
nogueiraguh
fbcb1966d5 feat: comprehensive security, performance, UX and deployment audit
Security:
- CORS restricted to explicit methods/headers, configurable via CORS_ORIGINS env
- Auth added to /reports/{rid}/html and /compliance-report endpoints
- Ownership check on report downloads
- Rate limiting on login (10 attempts/5min per IP with threading.Lock)
- Non-root container user (agent via gosu entrypoint)
- Nginx security headers (X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy)
- .gitignore and .dockerignore for secret leak prevention
- .env.example with documentation

Performance:
- 16 SQLite indexes on foreign keys and frequently queried columns
- Pagination on chat messages (100), reports (50), audit log (100)
- subprocess.run wrapped in run_in_executor (3 async handlers)
- asyncio.wait_for timeouts on GenAI calls (300s) and Chromium PDF (120s)
- Thread pool reduced to 10 workers
- Code splitting with React.lazy (bundle: 1.3MB -> ~550KB initial)
- React.memo on TreeItem (recursive compartment tree)

Error handling:
- 13 bare except clauses replaced with logged Exception handlers
- Graceful shutdown handler (terminates subprocesses + executor)
- File upload validation (50MB max, extension whitelist per endpoint)
- Health check expanded (version, uptime, db_ok)
- Cache-Control on /api/genai/models (1h)
- Auto-cleanup audit_log > 30 days

Dead code removed:
- DownloadsPage.tsx, StubPage.tsx, MfaPage.tsx (moved to UsersPage)
- Legacy frontend/ directory
- 19 unused i18n keys, dist/ removed from git tracking

UX & i18n:
- 8 alert() calls replaced with styled error states (TerraformPage)
- 50+ hardcoded Portuguese strings localized to i18n (pt/en) across 11 files
- aria-label on all icon-only buttons (Chat, Explorer, Sidebar)
- focus-visible CSS for keyboard navigation
- Responsive grid fix (360px -> 280px for mobile)
- aria-hidden on decorative SVGs

Deployment:
- Docker resource limits (backend 4G, frontend 512M)
- Log rotation (json-file, 10MB x 3)
- Terraform version parameterized via ARG
2026-03-20 13:48:30 -03:00
nogueiraguh
61fbb3861d feat: remove legacy frontend, root routing, compliance ZIP with Chromium PDF, chat markdown styling
- Legacy frontend removed: React SPA served at / (no /app/ prefix)
- Compliance report ZIP: Chromium headless --print-to-pdf (identical to browser) + CSV findings
- Server-side generation state: .compliance_generating marker survives page navigation
- RAG enriched: Description + Rationale + Remediation + Audit extracted from CIS vector chunks
- Chat markdown: syntax highlighting (Catppuccin), styled headings/lists/tables/blockquotes/code
- Default model auto-selected on Chat Agent load
2026-03-20 07:21:41 -03:00
nogueiraguh
5028f632a6 fix: compliance report Oracle design, polling robustness, print margins
- Oracle PDF style: decorative left strip, ORACLE brand header, red section titles, green table headers
- Cover page: removed rectangle, clean layout matching Oracle reference PDF
- Print: @page margin:0 + thead/tfoot table trick for per-page header/footer spacing without browser URL/date
- RAG remediation: fixed fallback dumping entire CIS chunk instead of just remediation section
- Findings: removed break-inside:avoid that caused empty pages, emoji replaced with [CSV] text
- Tables: break-inside:avoid on rows, section headers break-after:avoid, thead repeats on page break
- Compliance polling: useEffect-based with cleanup, auto-expand on ready, re-check on section toggle
- Explorer: silent polling during start/stop (no flickering)
- HTML report starts minimized, auto-expands on fresh generation
- Include dist/ in git for deployment
2026-03-19 11:34:31 -03:00
nogueiraguh
442e710b9f feat: LAD A-Team CIS Compliance Report, React SPA, i18n, report management, explorer UX fixes
- Professional Oracle-format compliance report with RAG remediation from ADB vector store
- React 19 SPA at /app/ (16 pages, TypeScript, Vite, Zustand, i18n pt/en 625 keys)
- Report delete endpoint, embed individual report files into vector store
- Terraform ZIP download (client-side, pure JS)
- Explorer silent polling during start/stop (no flickering)
- HTML report and compliance report sections start minimized
- Token auth fix for compliance report CSV download links
2026-03-19 07:34:06 -03:00