|
| 1 | +# Changelog |
| 2 | + |
| 3 | +All notable changes to this project are documented here. |
| 4 | +Format follows [Keep a Changelog](https://keepachangelog.com/); this is an alpha project so |
| 5 | +versions are `x.y.z-alpha.n`. |
| 6 | + |
| 7 | +## [v0.6.0-alpha.1] — 2026-07-07 — Zabbix Evidence Flow + Risk Register |
| 8 | + |
| 9 | +### Added |
| 10 | +- **Zabbix evidence flow (verified end-to-end against the real Zabbix API)**: problem → |
| 11 | + `mori-worker` `problem.get` polling → PostgreSQL `alerts` → Alert Triage (`source=zabbix`) |
| 12 | + → Incident → CSV/PDF evidence → **resolve** (Zabbix recovery → `alert.resolved_at`). |
| 13 | +- **Risk assessment (R-series)**: per-CVE 3×3 impact × likelihood matrix, treatment |
| 14 | + decision (mitigate/accept/transfer/avoid), residual risk, admin-only provenance panel, |
| 15 | + role-gated (admin/security). Persisted in `ui_risk_register` (`schema/004`). |
| 16 | + Risk Register CSV/PDF report (6th audit-evidence report). |
| 17 | +- **Role-aware dashboard**: security hero + 24h/12h infra status with Zabbix/Wazuh deep |
| 18 | + links; panel editing (per-user widget on/off + drag-resize, persisted). |
| 19 | +- **Compliance PDCA** on real ISMS-P criteria (2.x controls); weakness-rate summary. |
| 20 | +- **Trivy HTTP ingest** (`POST /ingest/trivy`) for remote endpoints; token auth. |
| 21 | +- **Onboarding**: `mori-endpoint-onboard.sh` (Zabbix Agent 2 + Trivy, one-command/curl), |
| 22 | + `mori-zabbix-template.sh` (MORI Zabbix template with LLD + macros; exported YAML), |
| 23 | + `mori-community-pr.sh` (assemble a zabbix/community-templates PR). |
| 24 | +- **CI**: GitHub Actions `tests` workflow (ruff + unittest); deploy workflow hardened to |
| 25 | + skip gracefully when deploy secrets are absent. |
| 26 | +- **Docs**: Zabbix agent, deploy SSH, Fleet, Wazuh, community-template PR guides; |
| 27 | + `SECURITY.md`, `CONTRIBUTING.md`, `CHANGELOG.md`. |
| 28 | +- Alert `resolved_at` (`schema/005`), Zabbix ↔ Alert Triage bidirectional URL links. |
| 29 | + |
| 30 | +### Changed |
| 31 | +- Dashboard reads PostgreSQL **live per request** (postgres backend) — worker-ingested |
| 32 | + data surfaces with no API restart. |
| 33 | +- READMEs (KO/EN) reworked: 30-second Status table; demo security notice; Zabbix marked |
| 34 | + **verified**, Fleet/Wazuh **Next**, Trivy **partial**. |
| 35 | + |
| 36 | +### Removed |
| 37 | +- Removed the public demo-server URL/credentials block and internal "resume prompt" from |
| 38 | + the README. |
| 39 | + |
| 40 | +## [v0.5.0-alpha.2] — Core Structure Stabilization |
| 41 | +- `server.py` modularized into `routes/` (16 domain modules) + `RouteContext`. |
| 42 | +- Prepared Phase 2 PostgreSQL persistence (M2-1) foundation. |
| 43 | + |
| 44 | +## [v0.4.0-alpha.1] |
| 45 | +- Initial audit-ready operations UI, seed data, compliance/reporting scaffolding. |
0 commit comments