create(); [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner'); $tenantB = ManagedEnvironment::factory()->create(['workspace_id' => (int) $tenantA->workspace_id]); createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner'); $foreignWorkspaceTenant = ManagedEnvironment::factory()->create(); foreach ([ [$tenantA, EvidenceCompletenessState::Complete->value], [$tenantB, EvidenceCompletenessState::Partial->value], [$foreignWorkspaceTenant, EvidenceCompletenessState::Missing->value], ] as [$tenant, $state]) { EvidenceSnapshot::query()->create([ 'managed_environment_id' => (int) $tenant->getKey(), 'workspace_id' => (int) $tenant->workspace_id, 'status' => EvidenceSnapshotStatus::Active->value, 'completeness_state' => $state, 'summary' => [ 'dimension_count' => $state === EvidenceCompletenessState::Complete->value ? 5 : 0, 'missing_dimensions' => $state === EvidenceCompletenessState::Missing->value ? 2 : 0, 'stale_dimensions' => 0, ], 'generated_at' => now(), ]); } Filament::setTenant(null, true); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id]) ->get(route('admin.evidence.overview')) ->assertOk() ->assertSee('Outcome') ->assertSee($tenantA->name) ->assertSee($tenantB->name) ->assertDontSee($foreignWorkspaceTenant->name) ->assertDontSee('Monitoring landing') ->assertDontSee('Navigation lane') ->assertDontSee('Focused review lane'); }); it('returns 404 for users without workspace membership on the evidence overview', function (): void { $workspaceTenant = ManagedEnvironment::factory()->create(); $user = App\Models\User::factory()->create(); Filament::setTenant(null, true); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspaceTenant->workspace_id]) ->get(route('admin.evidence.overview')) ->assertNotFound(); }); it('applies the entitled tenant prefilter on the workspace evidence overview', function (): void { $tenantA = ManagedEnvironment::factory()->create(); [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner'); $tenantB = ManagedEnvironment::factory()->create(['workspace_id' => (int) $tenantA->workspace_id]); createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner'); $snapshots = []; foreach ([[$tenantA, EvidenceCompletenessState::Complete->value], [$tenantB, EvidenceCompletenessState::Complete->value]] as [$tenant, $state]) { $snapshots[(int) $tenant->getKey()] = EvidenceSnapshot::query()->create([ 'managed_environment_id' => (int) $tenant->getKey(), 'workspace_id' => (int) $tenant->workspace_id, 'status' => EvidenceSnapshotStatus::Active->value, 'completeness_state' => $state, 'summary' => ['dimension_count' => 5, 'missing_dimensions' => 0, 'stale_dimensions' => 0], 'generated_at' => now(), ]); } Filament::setTenant(null, true); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id]) ->get(route('admin.evidence.overview', ['environment_id' => (int) $tenantB->getKey()])) ->assertOk() ->assertSee(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshots[(int) $tenantB->getKey()]], tenant: $tenantB, panel: 'admin'), false) ->assertDontSee(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshots[(int) $tenantA->getKey()]], tenant: $tenantA, panel: 'admin'), false); }); it('excludes stale evidence from current proof links on the overview', function (): void { $staleTenant = ManagedEnvironment::factory()->create(['name' => 'Stale ManagedEnvironment']); [$user, $staleTenant] = createUserWithTenant(tenant: $staleTenant, role: 'owner'); $freshTenant = ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $staleTenant->workspace_id, 'name' => 'Fresh ManagedEnvironment', ]); createUserWithTenant(tenant: $freshTenant, user: $user, role: 'owner'); $staleSnapshot = $this->makeStaleArtifactTruthEvidenceSnapshot($staleTenant); $freshSnapshot = $this->makeArtifactTruthEvidenceSnapshot($freshTenant); Filament::setTenant(null, true); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $staleTenant->workspace_id]) ->get(route('admin.evidence.overview')) ->assertOk() ->assertSee($staleTenant->name) ->assertSee($freshTenant->name) ->assertSee('Create a current review from this evidence snapshot') ->assertDontSee('Refresh the stale evidence before relying on this snapshot') ->assertDontSee(EvidenceSnapshotResource::getUrl('view', ['record' => $staleSnapshot], tenant: $staleTenant, panel: 'admin'), false) ->assertDontSee(EvidenceSnapshotResource::getUrl('view', ['record' => $freshSnapshot], tenant: $freshTenant, panel: 'admin'), false); $this->get(route('admin.evidence.overview', ['environment_id' => (int) $freshTenant->getKey()])) ->assertOk() ->assertSee('View internal evidence details') ->assertSee(EvidenceSnapshotResource::getUrl('view', ['record' => $freshSnapshot], tenant: $freshTenant, panel: 'admin'), false); }); it('does not present complete snapshots with missing dimensions as trustworthy current evidence on the overview', function (): void { $environment = ManagedEnvironment::factory()->create([ 'name' => 'Missing Dimensions ManagedEnvironment', ]); [$user, $environment] = createUserWithTenant(tenant: $environment, role: 'owner'); $snapshot = $this->makeArtifactTruthEvidenceSnapshot($environment, [], [ 'dimension_count' => 5, 'missing_dimensions' => 1, 'stale_dimensions' => 0, ]); Filament::setTenant(null, true); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $environment->workspace_id]) ->get(route('admin.evidence.overview')) ->assertOk() ->assertSee('Missing Dimensions ManagedEnvironment') ->assertSee('Needs attention') ->assertSee('Refresh evidence before using this snapshot') ->assertDontSee('Partially complete') ->assertDontSee('Trustworthy artifact') ->assertDontSee('Create a current review from this evidence snapshot') ->assertDontSee(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshot], tenant: $environment, panel: 'admin'), false); $this->get(route('admin.evidence.overview', ['environment_id' => (int) $environment->getKey()])) ->assertOk() ->assertSee('Evidence snapshot required') ->assertSee('Not configured') ->assertDontSee('View internal evidence details') ->assertDontSee(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshot], tenant: $environment, panel: 'admin'), false); }); it('does not present complete snapshots without captured dimensions as current evidence on the overview', function (): void { $environment = ManagedEnvironment::factory()->create([ 'name' => 'Empty Dimensions ManagedEnvironment', ]); [$user, $environment] = createUserWithTenant(tenant: $environment, role: 'owner'); $snapshot = $this->makeArtifactTruthEvidenceSnapshot($environment, [], [ 'dimension_count' => 0, 'missing_dimensions' => 0, 'stale_dimensions' => 0, ]); Filament::setTenant(null, true); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $environment->workspace_id]) ->get(route('admin.evidence.overview')) ->assertOk() ->assertSee('Empty Dimensions ManagedEnvironment') ->assertSee('Needs attention') ->assertSee('A proof record exists, but no usable captured evidence is available yet.') ->assertDontSee('Trustworthy artifact') ->assertDontSee('Create a current review from this evidence snapshot') ->assertDontSee(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshot], tenant: $environment, panel: 'admin'), false); $this->get(route('admin.evidence.overview', ['environment_id' => (int) $environment->getKey()])) ->assertOk() ->assertSee('Evidence snapshot required') ->assertSee('Not configured') ->assertDontSee('View internal evidence details') ->assertDontSee(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshot], tenant: $environment, panel: 'admin'), false); }); it('seeds the native entitled-tenant prefilter once and clears it through the page action', function (): void { $tenantA = ManagedEnvironment::factory()->create(); [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner'); $tenantB = ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $tenantA->workspace_id, ]); createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner'); $snapshotA = EvidenceSnapshot::query()->create([ 'managed_environment_id' => (int) $tenantA->getKey(), 'workspace_id' => (int) $tenantA->workspace_id, 'status' => EvidenceSnapshotStatus::Active->value, 'completeness_state' => EvidenceCompletenessState::Complete->value, 'summary' => ['dimension_count' => 5, 'missing_dimensions' => 0, 'stale_dimensions' => 0], 'generated_at' => now(), ]); $snapshotB = EvidenceSnapshot::query()->create([ 'managed_environment_id' => (int) $tenantB->getKey(), 'workspace_id' => (int) $tenantB->workspace_id, 'status' => EvidenceSnapshotStatus::Active->value, 'completeness_state' => EvidenceCompletenessState::Complete->value, 'summary' => ['dimension_count' => 5, 'missing_dimensions' => 0, 'stale_dimensions' => 0], 'generated_at' => now(), ]); $this->actingAs($user); setAdminPanelContext(); Filament::setTenant(null, true); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id); $component = Livewire::withQueryParams([ 'environment_id' => (string) $tenantB->getKey(), 'search' => $tenantB->name, ])->test(EvidenceOverview::class); $component ->assertSet('tableFilters.managed_environment_id.value', (string) $tenantB->getKey()) ->assertSet('tableSearch', $tenantB->name) ->assertCanSeeTableRecords([(string) $snapshotB->getKey()]) ->assertCanNotSeeTableRecords([(string) $snapshotA->getKey()]); $component ->callAction('clear_filters') ->assertRedirect(route('admin.evidence.overview')); $this->get(route('admin.evidence.overview')) ->assertOk() ->assertSee($tenantA->name) ->assertSee($tenantB->name) ->assertDontSee(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshotA], tenant: $tenantA, panel: 'admin'), false) ->assertDontSee(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshotB], tenant: $tenantB, panel: 'admin'), false); $this->get(route('admin.evidence.overview', ['environment_id' => (int) $tenantA->getKey()])) ->assertOk() ->assertSee('View internal evidence details') ->assertSee(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshotA], tenant: $tenantA, panel: 'admin'), false) ->assertDontSee(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshotB], tenant: $tenantB, panel: 'admin'), false); });