sections->firstWhere('section_key', 'open_risks'); $executiveSummary = $review->sections->firstWhere('section_key', 'executive_summary'); expect($review->canonicalControlReferences())->toHaveCount(1) ->and($review->canonicalControlReferences()[0]['control_key'])->toBe('endpoint_hardening_compliance') ->and($executiveSummary->summary_payload['canonical_control_count'])->toBe(1) ->and($executiveSummary->summary_payload['canonical_controls'][0]['control_key'])->toBe('endpoint_hardening_compliance') ->and($openRisks->summary_payload['canonical_controls'][0]['control_key'] ?? null)->toBe('endpoint_hardening_compliance'); }); it('excludes removed acknowledged findings from open risk highlights', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); Finding::factory()->for($tenant)->create([ 'workspace_id' => (int) $tenant->workspace_id, 'status' => 'acknowledged', 'subject_external_id' => 'legacy-acknowledged', ]); $triagedFinding = Finding::factory()->for($tenant)->create([ 'workspace_id' => (int) $tenant->workspace_id, 'status' => Finding::STATUS_TRIAGED, 'subject_external_id' => 'canonical-triaged', ]); $snapshot = seedTenantReviewEvidence($tenant, findingCount: 0, driftCount: 0); $review = composeTenantReviewForTest($tenant, $user, $snapshot); $openRisks = $review->sections->firstWhere('section_key', 'open_risks'); $entries = $openRisks->render_payload['entries'] ?? []; expect($entries)->toHaveCount(1) ->and($entries[0]['id'] ?? null)->toBe((int) $triagedFinding->getKey()) ->and(collect($entries)->pluck('status')->all())->not->toContain('acknowledged'); });