ARIA is an internal security intelligence tool — MSP_ADMIN users
should not have access. Replaced hasAnyRole('MSP_ADMIN','BCOS_ADMIN')
with hasRole('BCOS_ADMIN') across all four controllers.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Without @EnableSpringDataWebSupport(VIA_DTO) the API returned totalElements
at the top level. Frontend expects {content, page: {totalElements, totalPages,
number}} — the DTO format. Fixes Load Failed on all paginated pages.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
V4 dropped the PK but PostgreSQL retained the implicit NOT NULL.
V5 makes device_id nullable so agents without a numeric deviceId
can persist posture reports.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
V4 migration drops the device_id primary key and adds an auto-generated
id BIGSERIAL as the PK. device_id becomes a unique nullable column.
Agents that don't send a numeric deviceId can now save posture reports.
Controller GET /{deviceId} now uses findByDeviceId instead of findById.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All three list pages (ThreatEvents, PrecursorAlerts, DevicePosture) now
use the template's btn-manual-refresh icon button + SVG countdown timer
in header-controls, matching the canonical TablePage.svelte pattern.
Plain text Refresh button removed from toolbar-right.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
PrecursorAlerts and DevicePosture were using custom inline select
dropdowns for filtering. Both now use the canonical left filter sidebar
with collapsible status-pills, active filter chips, and content-frame
layout from hiveops-template/TablePage.svelte.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All named enum types (threat_severity, attack_phase, event_type, ioc_type,
ioc_source, confidence_level, sequence_type, auto_response_action,
os_eol_status) have been converted to VARCHAR via V3 migration. Hibernate
@Enumerated(EnumType.STRING) binds values as character varying which
PostgreSQL rejects without explicit casts on both INSERT and SELECT.
Reverts the native @Query workarounds added in the previous two commits —
simple derived query methods now work correctly.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
PostgreSQL named enum types require explicit casts that Hibernate's
derived query methods don't generate. Replace countByOsEolStatus and
findByOsEolStatusOrderByPostureScoreAsc with native @Query variants that
CAST(:status AS os_eol_status). Same pattern already applied to severity.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
PostgreSQL named enum types don't accept implicit varchar casts, causing
the derived JPA query findBySeverityOrderByDetectedAtDesc to fail with
'operator does not exist: threat_severity = character varying'.
Replace the count calls in getStats() with a native query that explicitly
casts: CAST(:severity AS threat_severity). Also remove the unused since24h
and since7d variables.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds per-device security posture reports and compliance dashboard. Agents POST
posture data (disk encryption, audit policy, image hashes, OS version/EOL) to
POST /api/aria/posture/report (service-secret authenticated). DevicePostureService
upserts the record and calculates a 0–100 posture score using a penalty model:
disk encryption off −25, audit policy off −20, OS EOL −20, image hash drift −20,
whitelist off −10, stale check −5/day (capped at −15). REST API adds GET /posture
(filterable by EOL status and score band) and GET /posture/{deviceId}. Stats
endpoint gains lowPostureCount (<50) and eolDeviceCount. Dashboard reorganised
into Threat Activity and Compliance rows. Device Posture SPA view enables the
previously-disabled nav item with score bar, EOL badges, and full detail panel.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds multi-phase attack sequence detection to ARIA. After each event is
ingested, SequenceDetectionService queries events within a 15-minute window
for the same device and fires a PrecursorSequenceAlert when jackpotting
(PHYSICAL_ACCESS + malware phase) or skimming (PHYSICAL_ACCESS + card reader
tamper/USB) patterns are detected. Confidence is scored 0–1 based on phases
and severity. Detected sequences are published to hiveops.aria.sequences Kafka
topic. Adds REST API (GET /sequences, GET /{id}/events, POST /{id}/resolve) and
enables the Precursor Alerts view in the SPA with filter sidebar, confidence
bar, and event detail slide panel.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- frontend/: full aria.bcos.dev SPA (port 5187) with Dashboard, Threat Events,
and IOC Management views; Phase 2-3 nav items disabled as placeholders
- ThreatEventController: GET /api/aria/events (paginated, severity/device filter)
and GET /api/aria/stats (total/critical/high/activeIoc counts)
- Deployed to bcos.dev: hiveiq-aria-frontend container + aria.bcos.dev NPM proxy
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>