toBeFile(); $contents = file_get_contents($path); expect($contents)->toContain('Tenant Reviews / Environment Reviews') ->and($contents)->toContain('Evidence Snapshots') ->and($contents)->toContain('Review Packs / exports') ->and($contents)->toContain('Accepted Risks / Risk Exceptions') ->and($contents)->toContain('OperationRuns') ->and($contents)->toContain('Audit log'); }); it('lists only the latest published review per entitled environment on the customer review workspace', function (): void { $tenantA = ManagedEnvironment::factory()->create(['name' => 'Alpha ManagedEnvironment']); [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'readonly'); $tenantB = ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $tenantA->workspace_id, 'name' => 'Beta ManagedEnvironment', ]); createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly'); $tenantDenied = ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $tenantA->workspace_id, 'name' => 'Denied ManagedEnvironment', ]); $otherOwner = User::factory()->create(); createUserWithTenant(tenant: $tenantDenied, user: $otherOwner, role: 'owner'); $tenantASnapshot = seedEnvironmentReviewEvidence($tenantA); $tenantBSnapshot = seedEnvironmentReviewEvidence($tenantB); $tenantDeniedSnapshot = seedEnvironmentReviewEvidence($tenantDenied); $olderPublishedReview = composeEnvironmentReviewForTest($tenantA, $user, $tenantASnapshot); $olderPublishedReview->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'generated_at' => now()->subDays(3), 'published_at' => now()->subDays(3), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $newerInternalReview = $olderPublishedReview->replicate(); $newerInternalReview->forceFill([ 'managed_environment_id' => (int) $tenantA->getKey(), 'workspace_id' => (int) $tenantA->workspace_id, 'evidence_snapshot_id' => (int) $tenantASnapshot->getKey(), 'status' => EnvironmentReviewStatus::Ready->value, 'generated_at' => now()->subDay(), 'published_at' => null, 'published_by_user_id' => null, ])->save(); $latestPublishedReview = $olderPublishedReview->replicate(); $latestPublishedReview->forceFill([ 'managed_environment_id' => (int) $tenantA->getKey(), 'workspace_id' => (int) $tenantA->workspace_id, 'evidence_snapshot_id' => (int) $tenantASnapshot->getKey(), 'status' => EnvironmentReviewStatus::Published->value, 'generated_at' => now(), 'published_at' => now(), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $betaPublishedReview = composeEnvironmentReviewForTest($tenantB, $user, $tenantBSnapshot); $betaPublishedReview->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'generated_at' => now()->subHours(2), 'published_at' => now()->subHours(2), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $deniedPublishedReview = composeEnvironmentReviewForTest($tenantDenied, $otherOwner, $tenantDeniedSnapshot); $deniedPublishedReview->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'generated_at' => now()->subHours(3), 'published_at' => now()->subHours(3), 'published_by_user_id' => (int) $otherOwner->getKey(), ])->save(); $this->actingAs($user); setAdminPanelContext(); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id); Livewire::actingAs($user) ->test(CustomerReviewWorkspace::class) ->assertCanSeeTableRecords([$tenantA->fresh(), $tenantB->fresh()]) ->assertCanNotSeeTableRecords([$tenantDenied->fresh()]) ->assertSee(EnvironmentReviewResource::environmentScopedUrl('view', ['record' => $latestPublishedReview->fresh()], $tenantA), false) ->assertSee('Customer-safe review packages') ->assertSee('Review released governance packages, evidence readiness, accepted risks, and handoff status across entitled environments.') ->assertSee('Service delivery summary only. Does not replace formal audit opinion, certification, or legal attestation.') ->assertSee('Review package index') ->assertSee('Released reviews and customer-safe package entries available in this workspace.') ->assertDontSee('for each entitled tenant') ->assertDontSee('Each row is an index entry') ->assertSee('Governance package') ->assertSee('Status') ->assertSee('Evidence') ->assertSee('Next step') ->assertSee('Open') ->assertSee('Open review') ->assertDontSee('Assessment status') ->assertDontSee('Publishable') ->assertDontSee('No mapped controls') ->assertDontSee('Compliance evidence mapping v1') ->assertDontSee(ComplianceEvidenceMappingV1::VERSION_KEY) ->assertSee(EnvironmentReviewResource::environmentScopedUrl('view', ['record' => $betaPublishedReview->fresh()], $tenantB), false) ->assertDontSee(EnvironmentReviewResource::environmentScopedUrl('view', ['record' => $olderPublishedReview->fresh()], $tenantA), false) ->assertDontSee(EnvironmentReviewResource::environmentScopedUrl('view', ['record' => $newerInternalReview->fresh()], $tenantA), false) ->assertDontSee('Publish review') ->assertDontSee('Refresh review') ->assertDontSee('Create next review') ->assertDontSee('Regenerate') ->assertDontSee('Expire snapshot') ->assertDontSee(EnvironmentReviewResource::environmentScopedUrl('view', ['record' => $deniedPublishedReview->fresh()], $tenantDenied), false); }); it('renders the Spec 326 decision-first review workspace without default raw diagnostics', function (): void { $tenant = ManagedEnvironment::factory()->create(['name' => 'Decision Ready ManagedEnvironment']); [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly'); $snapshot = seedEnvironmentReviewEvidence($tenant); $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot); $summary = is_array($review->summary) ? $review->summary : []; $summary['debug_payload'] = 'raw payload should stay hidden'; $summary['stack_trace'] = 'stack trace should stay hidden'; $summary['internal_exception'] = 'internal exception should stay hidden'; $summary['provider_secret'] = 'provider secret should stay hidden'; $summary['debug_metadata'] = 'debug metadata should stay hidden'; $summary['source_fingerprint'] = 'source fingerprint should stay hidden'; $summary['control_interpretation']['version_key'] = ComplianceEvidenceMappingV1::VERSION_KEY; $summary['control_interpretation']['controls'] = [ [ 'control_key' => 'customer-handoff-readiness', 'title' => 'Customer handoff readiness', 'readiness_bucket' => 'evidence_on_record', 'readiness_label' => 'Evidence on record', 'primary_reason' => 'Evidence path is complete.', 'recommended_next_action' => 'Share the current review pack.', ], ]; $summary['governance_package']['decision_summary']['entries'][] = [ 'title' => 'Customer acceptance checkpoint', 'summary' => 'Confirm stakeholder awareness before handoff.', 'next_action' => 'Record the customer decision trail before the next review.', ]; $review->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'summary' => $summary, 'published_at' => now(), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $pack = ReviewPack::factory()->ready()->create([ 'managed_environment_id' => (int) $tenant->getKey(), 'workspace_id' => (int) $tenant->workspace_id, 'environment_review_id' => (int) $review->getKey(), 'evidence_snapshot_id' => (int) $snapshot->getKey(), 'initiated_by_user_id' => (int) $user->getKey(), ]); $review->forceFill(['current_export_review_pack_id' => (int) $pack->getKey()])->save(); $this->actingAs($user); setAdminPanelContext(); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id); Livewire::actingAs($user) ->test(CustomerReviewWorkspace::class) ->assertSee('Customer Review Workspace') ->assertSee('What is the current review pack output state?') ->assertSee('Review consumption flow') ->assertSee('Evidence') ->assertSee('Findings needing attention') ->assertSee('Evidence path') ->assertSeeHtml('data-testid="customer-review-evidence-aside"') ->assertSee('Review pack state') ->assertSee('Review pack') ->assertSee('Decision trail') ->assertSee('Accepted risks') ->assertSee('Expiring soon') ->assertSee('Expired') ->assertSee('Pending approval') ->assertSee('Needs attention') ->assertDontSee('Operation proof') ->assertSee('Customer-safe follow-ups') ->assertSee('Review package index') ->assertSee('Disclosure rule') ->assertSee('Decision') ->assertSee('Ready') ->assertSee('Diagnostics') ->assertSee('Not configured') ->assertSee('Raw/support') ->assertSee('Blocked') ->assertSee('Support details stay on authorized diagnostic surfaces') ->assertSee('Customer acceptance checkpoint') ->assertSee('Open review') ->assertDontSee(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshot], tenant: $tenant, panel: 'admin'), false) ->assertDontSeeHtml('data-testid="customer-review-technical-details"') ->assertDontSee('Technical details') ->assertDontSee('Download internal preview') ->assertDontSee('raw payload should stay hidden') ->assertDontSee('stack trace should stay hidden') ->assertDontSee('internal exception should stay hidden') ->assertDontSee('provider secret should stay hidden') ->assertDontSee('debug metadata should stay hidden') ->assertDontSee('source fingerprint should stay hidden') ->assertDontSee('Publish review') ->assertDontSee('Refresh review') ->assertDontSee('Regenerate') ->assertDontSee('Expire snapshot'); }); it('does not show ready to share when accepted-risk follow-up is required', function (): void { $environment = ManagedEnvironment::factory()->create(['name' => 'Accepted Risk Follow-up ManagedEnvironment']); [$user, $environment] = createUserWithTenant(tenant: $environment, role: 'readonly'); $snapshot = seedEnvironmentReviewEvidence($environment, findingCount: 0, driftCount: 0); $review = composeEnvironmentReviewForTest($environment, $user, $snapshot); $summary = is_array($review->summary) ? $review->summary : []; $summary['control_interpretation']['version_key'] = ComplianceEvidenceMappingV1::VERSION_KEY; $summary['control_interpretation']['controls'] = [ [ 'control_key' => 'customer-handoff-readiness', 'title' => 'Customer handoff readiness', 'readiness_bucket' => 'evidence_on_record', 'readiness_label' => 'Evidence on record', 'primary_reason' => 'Evidence path is complete.', 'recommended_next_action' => 'Share the current review pack.', ], ]; $summary['governance_package']['decision_summary'] = [ 'status' => 'none', 'total_count' => 0, 'summary' => 'No decisions require customer awareness.', 'next_action' => 'No customer action is needed.', 'entries' => [], ]; $summary['governance_package']['accepted_risks'] = [ [ 'title' => 'Accepted risk renewal', 'governance_state' => 'expiring_exception', 'customer_summary' => 'Review the accepted-risk follow-up before customer handoff.', ], ]; $review->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'summary' => $summary, 'published_at' => now(), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $pack = ReviewPack::factory()->ready()->create([ 'managed_environment_id' => (int) $environment->getKey(), 'workspace_id' => (int) $environment->workspace_id, 'environment_review_id' => (int) $review->getKey(), 'evidence_snapshot_id' => (int) $snapshot->getKey(), 'initiated_by_user_id' => (int) $user->getKey(), 'options' => [ 'include_pii' => false, 'include_operations' => true, ], ]); $review->forceFill(['current_export_review_pack_id' => (int) $pack->getKey()])->save(); $this->actingAs($user); setAdminPanelContext(); session()->put(WorkspaceContext::SESSION_KEY, (int) $environment->workspace_id); Livewire::actingAs($user) ->test(CustomerReviewWorkspace::class) ->assertSee('What is the current review pack output state?') ->assertSee('Needs attention') ->assertSee('Accepted-risk follow-up is recorded for this review') ->assertSee('The pack can be shared only with the accepted-risk context included in the customer handoff.') ->assertSee('Needs attention') ->assertSee('Follow-up required') ->assertSee('Accepted-risk follow-up is required.') ->assertSee('Open review') ->assertSeeInOrder(['Needs attention', 'Open review']) ->assertDontSee('Download internal preview') ->assertDontSee('Ready to share'); }); it('customer_review_workspace_does_not_use_tenant_as_platform_context_copy', function (): void { $environment = ManagedEnvironment::factory()->create(['name' => 'Vocabulary ManagedEnvironment']); [$user, $environment] = createUserWithTenant(tenant: $environment, role: 'readonly'); $snapshot = seedEnvironmentReviewEvidence($environment); $review = composeEnvironmentReviewForTest($environment, $user, $snapshot); $review->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'published_at' => now(), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $this->actingAs($user); setAdminPanelContext(); session()->put(WorkspaceContext::SESSION_KEY, (int) $environment->workspace_id); Livewire::actingAs($user) ->test(CustomerReviewWorkspace::class) ->assertSee('Customer-safe review packages') ->assertSee('entitled environments') ->assertDontSee('entitled tenant') ->assertDontSee('entitled tenants') ->assertDontSee('current tenant') ->assertDontSee('tenant filter') ->assertDontSee('for each entitled tenant'); }); it('shows explicit unavailable proof states instead of false share readiness', function (): void { $tenant = ManagedEnvironment::factory()->create(['name' => 'Needs Evidence ManagedEnvironment']); [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly'); $snapshot = seedPartialEnvironmentReviewEvidence($tenant, findingCount: 0, driftCount: 0); $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot); $review->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'published_at' => now(), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $pack = ReviewPack::factory()->ready()->create([ 'managed_environment_id' => (int) $tenant->getKey(), 'workspace_id' => (int) $tenant->workspace_id, 'environment_review_id' => (int) $review->getKey(), 'evidence_snapshot_id' => (int) $snapshot->getKey(), 'initiated_by_user_id' => (int) $user->getKey(), 'options' => [ 'include_pii' => false, 'include_operations' => true, ], ]); $review->forceFill(['current_export_review_pack_id' => (int) $pack->getKey()])->save(); $this->actingAs($user); setAdminPanelContext(); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id); $component = Livewire::actingAs($user) ->test(CustomerReviewWorkspace::class) ->assertSee('What is the current review pack output state?') ->assertSee('Needs attention') ->assertSee('Review blockers are still recorded for this output.') ->assertDontSee('No operation proof linked') ->assertSee('Ready') ->assertDontSee('Output not customer-ready') ->assertDontSee('Ready to share') ->assertDontSee('Download internal preview'); expect($component->html())->toMatch('/]*>\s*Needs attention\s*<\/h2>/'); }); it('shows the current released review using deterministic published review ordering', function (): void { $publishedAt = now()->subHour(); $tenantA = ManagedEnvironment::factory()->create(['name' => 'Alpha ManagedEnvironment']); [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'readonly'); $tenantB = ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $tenantA->workspace_id, 'name' => 'Beta ManagedEnvironment', ]); createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly'); $snapshotA = seedEnvironmentReviewEvidence($tenantA); $snapshotB = seedEnvironmentReviewEvidence($tenantB); $alphaReview = composeEnvironmentReviewForTest($tenantA, $user, $snapshotA); $alphaReview->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'generated_at' => $publishedAt, 'published_at' => $publishedAt, 'published_by_user_id' => (int) $user->getKey(), ])->save(); $betaReview = composeEnvironmentReviewForTest($tenantB, $user, $snapshotB); $betaReview->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'generated_at' => $publishedAt, 'published_at' => $publishedAt, 'published_by_user_id' => (int) $user->getKey(), ])->save(); $this->actingAs($user); setAdminPanelContext(); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id); Livewire::actingAs($user) ->test(CustomerReviewWorkspace::class) ->assertSeeInOrder([ 'Latest released review', 'Beta ManagedEnvironment', $publishedAt->format('M j, Y'), 'Decision trail', 'No governance decisions require customer awareness in this released review.', ]) ->assertSee(EnvironmentReviewResource::environmentScopedUrl('view', ['record' => $betaReview->fresh()], $tenantB), false); }); it('excludes entitled environments without a published review from customer workspace rows', function (): void { $tenantPublished = ManagedEnvironment::factory()->create(['name' => 'Published ManagedEnvironment']); [$user, $tenantPublished] = createUserWithTenant(tenant: $tenantPublished, role: 'readonly'); $tenantWithoutPublished = ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $tenantPublished->workspace_id, 'name' => 'No Published ManagedEnvironment', ]); createUserWithTenant(tenant: $tenantWithoutPublished, user: $user, role: 'readonly'); $publishedSnapshot = seedEnvironmentReviewEvidence($tenantPublished); $noPublishedSnapshot = seedEnvironmentReviewEvidence($tenantWithoutPublished); $publishedReview = composeEnvironmentReviewForTest($tenantPublished, $user, $publishedSnapshot); $publishedReview->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'published_at' => now()->subHour(), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $internalOnlyReview = composeEnvironmentReviewForTest($tenantWithoutPublished, $user, $noPublishedSnapshot); $internalOnlyReview->forceFill([ 'status' => EnvironmentReviewStatus::Ready->value, 'published_at' => null, 'published_by_user_id' => null, ])->save(); $this->actingAs($user); setAdminPanelContext(); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantPublished->workspace_id); Livewire::actingAs($user) ->test(CustomerReviewWorkspace::class) ->assertCanSeeTableRecords([$tenantPublished->fresh()]) ->assertCanNotSeeTableRecords([$tenantWithoutPublished->fresh()]) ->assertDontSee('No published review') ->assertDontSee('No published review available yet') ->assertDontSee(EnvironmentReviewResource::environmentScopedUrl('view', ['record' => $internalOnlyReview->fresh()], $tenantWithoutPublished), false) ->assertSee(EnvironmentReviewResource::environmentScopedUrl('view', ['record' => $publishedReview->fresh()], $tenantPublished), false); }); it('uses a filter-aware empty state when the active environment has no released review', function (): void { $tenantPublished = ManagedEnvironment::factory()->create(['name' => 'Published ManagedEnvironment']); [$user, $tenantPublished] = createUserWithTenant(tenant: $tenantPublished, role: 'readonly'); $tenantWithoutPublished = ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $tenantPublished->workspace_id, 'name' => 'Filtered ManagedEnvironment', ]); createUserWithTenant(tenant: $tenantWithoutPublished, user: $user, role: 'readonly'); $publishedReview = composeEnvironmentReviewForTest($tenantPublished, $user, seedEnvironmentReviewEvidence($tenantPublished)); $publishedReview->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'published_at' => now(), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $internalReview = composeEnvironmentReviewForTest($tenantWithoutPublished, $user, seedEnvironmentReviewEvidence($tenantWithoutPublished)); $internalReview->forceFill([ 'status' => EnvironmentReviewStatus::Ready->value, 'published_at' => null, 'published_by_user_id' => null, ])->save(); $this->actingAs($user); setAdminPanelContext(); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantPublished->workspace_id); Livewire::withQueryParams(['environment_id' => (int) $tenantWithoutPublished->getKey()]) ->actingAs($user) ->test(CustomerReviewWorkspace::class) ->assertSet('tableFilters.managed_environment_id.value', (string) $tenantWithoutPublished->getKey()) ->assertSee('Environment filter:') ->assertSee('No released customer reviews match the active environment filter.') ->assertSee('Clear the environment filter to view other released reviews in this workspace.') ->assertCanNotSeeTableRecords([$tenantPublished->fresh(), $tenantWithoutPublished->fresh()]) ->assertDontSee('Publish an environment review before it appears in the customer-safe workspace.'); }); it('uses a page-level empty state when no entitled environment has a released review', function (): void { $tenant = ManagedEnvironment::factory()->create(['name' => 'Internal Only ManagedEnvironment']); [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly'); $snapshot = seedEnvironmentReviewEvidence($tenant); $internalOnlyReview = composeEnvironmentReviewForTest($tenant, $user, $snapshot); $internalOnlyReview->forceFill([ 'status' => EnvironmentReviewStatus::Ready->value, 'published_at' => null, 'published_by_user_id' => null, ])->save(); $this->actingAs($user); setAdminPanelContext(); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id); Livewire::actingAs($user) ->test(CustomerReviewWorkspace::class) ->assertCanNotSeeTableRecords([$tenant->fresh()]) ->assertSee('No released customer reviews match this view') ->assertSee('Publish an environment review before it appears in the customer-safe workspace.') ->assertDontSee(EnvironmentReviewResource::environmentScopedUrl('view', ['record' => $internalOnlyReview->fresh()], $tenant), false); }); it('summarizes accepted risks from the released review without exposing internal accountability details', function (): void { $tenant = ManagedEnvironment::factory()->create(['name' => 'Governed ManagedEnvironment']); [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly'); $owner = User::factory()->create(['name' => 'Risk Owner']); $finding = Finding::factory()->create([ 'managed_environment_id' => (int) $tenant->getKey(), 'workspace_id' => (int) $tenant->workspace_id, 'status' => Finding::STATUS_RISK_ACCEPTED, ]); FindingException::query()->create([ 'workspace_id' => (int) $tenant->workspace_id, 'managed_environment_id' => (int) $tenant->getKey(), 'finding_id' => (int) $finding->getKey(), 'status' => FindingException::STATUS_ACTIVE, 'current_validity_state' => FindingException::VALIDITY_VALID, 'requested_by_user_id' => (int) $user->getKey(), 'request_reason' => 'Vendor patch window accepted by the customer.', 'owner_user_id' => (int) $owner->getKey(), 'approved_by_user_id' => (int) $owner->getKey(), 'requested_at' => now()->subDays(2), 'approved_at' => now()->subDay(), 'effective_from' => now()->subDay(), 'review_due_at' => now()->addDays(14), ]); $snapshot = seedEnvironmentReviewEvidence($tenant, findingCount: 0, driftCount: 0); $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot); $review->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'published_at' => now(), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $this->actingAs($user); setAdminPanelContext(); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id); Livewire::actingAs($user) ->test(CustomerReviewWorkspace::class) ->assertCanSeeTableRecords([$tenant->fresh()]) ->assertSee('Accepted risks') ->assertSee('Accepted risk') ->assertSee('Included in the released review evidence basis.') ->assertSee('Needs attention') ->assertSee('Open review') ->assertDontSee('Ready for release') ->assertSee('Risk Owner') ->assertSee('Vendor patch window accepted by the customer.') ->assertSee(now()->addDays(14)->toDateString()) ->assertDontSee('1 evidence signal(s) reference this control.') ->assertDontSee('1 accepted-risk finding(s) qualify this view.') ->assertDontSee('Accepted risk influences this view'); }); it('renders legacy released reviews without a spec-308 decision summary as customer-safe unavailable evidence', function (): void { $tenant = ManagedEnvironment::factory()->create(['name' => 'Legacy ManagedEnvironment']); [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly'); $review = composeEnvironmentReviewForTest($tenant, $user, seedEnvironmentReviewEvidence($tenant)); $review->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'published_at' => now(), 'published_by_user_id' => (int) $user->getKey(), 'summary' => [ 'finding_count' => 1, 'debug_payload' => 'raw evidence JSON', 'source_fingerprint' => 'legacy-fingerprint-abc123', 'operation_run_url' => '/admin/t/legacy/operation-runs/999', ], ])->save(); $this->actingAs($user); setAdminPanelContext(); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id); Livewire::actingAs($user) ->test(CustomerReviewWorkspace::class) ->assertSee('Decision trail') ->assertSee('Not configured') ->assertSee('Customer-safe decision evidence is unavailable for this released review.') ->assertDontSee('raw evidence JSON') ->assertDontSee('legacy-fingerprint-abc123') ->assertDontSee('operation-runs') ->assertDontSee('/admin/t', false); }); it('keeps the customer review workspace unfiltered when remembered environment context is available', function (): void { $tenantA = ManagedEnvironment::factory()->create(['name' => 'Alpha ManagedEnvironment']); [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'readonly'); $tenantB = ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $tenantA->workspace_id, 'name' => 'Beta ManagedEnvironment', ]); createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly'); $snapshotA = seedEnvironmentReviewEvidence($tenantA); $snapshotB = seedEnvironmentReviewEvidence($tenantB); $reviewA = composeEnvironmentReviewForTest($tenantA, $user, $snapshotA); $reviewA->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'published_at' => now()->subDay(), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $reviewB = composeEnvironmentReviewForTest($tenantB, $user, $snapshotB); $reviewB->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'published_at' => now(), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $this->actingAs($user); setAdminPanelContext(); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id); session()->put(WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY, [ (string) $tenantA->workspace_id => (int) $tenantB->getKey(), ]); Livewire::actingAs($user) ->test(CustomerReviewWorkspace::class) ->assertSet('tableFilters.managed_environment_id.value', null) ->assertCanSeeTableRecords([$tenantA->fresh(), $tenantB->fresh()]) ->filterTable('managed_environment_id', (string) $tenantB->getKey()) ->assertCanSeeTableRecords([$tenantB->fresh()]) ->assertCanNotSeeTableRecords([$tenantA->fresh()]); }); it('prefilters the customer review workspace from an explicit tenant query parameter and accepts external tenant identifiers', function (): void { $tenantA = ManagedEnvironment::factory()->create(['name' => 'Alpha ManagedEnvironment']); [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'readonly'); $tenantB = ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $tenantA->workspace_id, 'name' => 'Beta ManagedEnvironment', ]); createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly'); $snapshotA = seedEnvironmentReviewEvidence($tenantA); $snapshotB = seedEnvironmentReviewEvidence($tenantB); $reviewA = composeEnvironmentReviewForTest($tenantA, $user, $snapshotA); $reviewA->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'published_at' => now(), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $reviewB = composeEnvironmentReviewForTest($tenantB, $user, $snapshotB); $reviewB->forceFill([ 'status' => EnvironmentReviewStatus::Published->value, 'published_at' => now()->subDay(), 'published_by_user_id' => (int) $user->getKey(), ])->save(); $this->actingAs($user); setAdminPanelContext(); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id); Livewire::withQueryParams(['environment_id' => (int) $tenantA->getKey()]) ->test(CustomerReviewWorkspace::class) ->assertSet('tableFilters.managed_environment_id.value', (string) $tenantA->getKey()) ->filterTable('managed_environment_id', (string) $tenantA->getKey()) ->assertCanSeeTableRecords([$tenantA->fresh()]) ->assertCanNotSeeTableRecords([$tenantB->fresh()]); });