Implements a comprehensive system for uploading and processing weekly
vulnerability reports that automatically splits multiple CVE IDs in a
single cell into separate rows for easier filtering and analysis.
Backend Changes:
- Add weekly_reports table with migration
- Create Excel processor helper using Python child_process
- Implement API routes for upload, list, download, delete
- Mount routes in server.js after multer initialization
- Move split_cve_report.py to backend/scripts/
Frontend Changes:
- Add WeeklyReportModal component with phase-based UI
- Add "Weekly Report" button next to NVD Sync
- Integrate modal into App.js with state management
- Display existing reports with current report indicator
- Download buttons for original and processed files
Features:
- Upload .xlsx files (editor/admin only)
- Automatic CVE ID splitting via Python script
- Store metadata in database + files on filesystem
- Auto-archive previous reports (mark one as current)
- Download both original and processed versions
- Audit logging for all operations
- Security: file validation, auth checks, path sanitization
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Documented complete design system including color palette, layout structure,
component specifications, typography, visual effects, and accessibility standards.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
VISUAL IMPROVEMENTS:
- Increased border thickness from 1px to 2px on all cards for visibility
- Enhanced box shadows with multiple layers for dramatic depth
- Made stat cards much more prominent with stronger borders
STATUS BADGES:
- Increased text brightness (Critical: #FF6B94, High: #FFD966, etc.)
- Added text-shadow glow effects for better contrast
- Made borders thicker (2px) with higher opacity (0.8)
- Enhanced background gradients (0.3/0.2 opacity)
- Larger pulse dots (8px) with stronger glow
CARD DEPTH:
- intel-card: 2px borders, inset top/bottom glow, dramatic shadows
- stat-card: 2px cyan borders, 3px glowing top bar, strong shadows
- vendor-card: 2px borders, nested appearance with lift on hover
- document-item: Recessed look with inset shadows
SHADOWS & EFFECTS:
- Base shadows: 0 8px 16px rgba(0,0,0,0.6)
- Hover glow: 0 0 40px rgba(0,217,255,0.2)
- Inset highlights for dimensional appearance
- Transform on hover for lift effect
All changes maintain the cyber-intelligence aesthetic while making
the depth and hierarchy dramatically more visible.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- New jira_tickets table (migration script included)
- CRUD API endpoints for tickets with validation and audit logging
- Dashboard section showing all open vendor tickets
- JIRA tickets section within CVE vendor cards
- Tickets linked to CVE + vendor with status tracking (Open/In Progress/Closed)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Detailed plan for the NVD lookup + retroactive sync feature
covering stash resolution, backend endpoints, frontend
NvdSyncModal component, and App.js integration.
Note: claude_status.md is gitignored but has been updated
locally with full session context including stash state,
conflict resolution steps, and task list. Copy it manually
to the offsite machine if needed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Creates interactive setup script that configures .env files for both
frontend and backend with the correct server IP address. Features:
- Auto-detects current server IP
- Prompts for custom IP if needed
- Checks for existing .env files before overwriting
- Configures REACT_APP_API_BASE, REACT_APP_API_HOST, and CORS settings
This prevents the issue where React apps start with localhost fallback
when .env files are missing or created after server startup.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Merges fixed code from the issue-1 branch back into master: fixes issues with Hardcoded IP across deployments, the App.js src using .env file and multivendor support
- Changed CVEs table constraint from UNIQUE(cve_id) to UNIQUE(cve_id, vendor)
- Added vendor column to documents table for proper file organization
- Updated backend INSERT statements to include vendor field in both CVE and document creation
- Fixed document retrieval to filter by vendor
- Created corrected setup.js that includes multi-vendor support from initial setup
- Added migration scripts for existing databases
Resolves#1: Users can now add the same CVE-ID with multiple different vendors, each maintaining separate document storage organized as CVE-ID/Vendor/files
