where('tenant_id', (int) $tenant->getKey()) ->with('findingException.currentDecision') ->orderByDesc('updated_at') ->get(); $latest = $findings->max('updated_at') ?? $findings->max('created_at'); $entries = $findings->map(function (Finding $finding): array { $governanceState = $this->governanceResolver->resolveFindingState($finding, $finding->findingException); $governanceWarning = $this->governanceResolver->resolveWarningMessage($finding, $finding->findingException); return [ 'id' => (int) $finding->getKey(), 'finding_type' => (string) $finding->finding_type, 'severity' => (string) $finding->severity, 'status' => (string) $finding->status, 'title' => $finding->title, 'description' => $finding->description, 'created_at' => $finding->created_at?->toIso8601String(), 'updated_at' => $finding->updated_at?->toIso8601String(), 'governance_state' => $governanceState, 'governance_warning' => $governanceWarning, ]; }); $riskAcceptedEntries = $entries->filter( static fn (array $entry): bool => ($entry['status'] ?? null) === Finding::STATUS_RISK_ACCEPTED, ); $warningStates = [ 'expired_exception', 'revoked_exception', 'rejected_exception', 'risk_accepted_without_valid_exception', ]; $summary = [ 'count' => $findings->count(), 'open_count' => $findings->filter(fn (Finding $finding): bool => $finding->hasOpenStatus())->count(), 'severity_counts' => [ 'critical' => $findings->where('severity', Finding::SEVERITY_CRITICAL)->count(), 'high' => $findings->where('severity', Finding::SEVERITY_HIGH)->count(), 'medium' => $findings->where('severity', Finding::SEVERITY_MEDIUM)->count(), 'low' => $findings->where('severity', Finding::SEVERITY_LOW)->count(), ], 'risk_acceptance' => [ 'status_marked_count' => $riskAcceptedEntries->count(), 'valid_governed_count' => $riskAcceptedEntries->filter( static fn (array $entry): bool => in_array($entry['governance_state'] ?? null, ['valid_exception', 'expiring_exception'], true), )->count(), 'warning_count' => $riskAcceptedEntries->filter( static fn (array $entry): bool => in_array($entry['governance_state'] ?? null, $warningStates, true), )->count(), 'expired_count' => $riskAcceptedEntries->where('governance_state', 'expired_exception')->count(), 'revoked_count' => $riskAcceptedEntries->where('governance_state', 'revoked_exception')->count(), 'missing_exception_count' => $riskAcceptedEntries->where('governance_state', 'risk_accepted_without_valid_exception')->count(), ], 'entries' => $entries->all(), ]; return [ 'dimension_key' => $this->key(), 'state' => $findings->isEmpty() ? EvidenceCompletenessState::Missing->value : EvidenceCompletenessState::Complete->value, 'required' => true, 'source_kind' => 'model_summary', 'source_record_type' => 'finding', 'source_record_id' => null, 'source_fingerprint' => $findings->max('fingerprint'), 'measured_at' => $latest, 'freshness_at' => $latest, 'summary_payload' => $summary, 'fingerprint_payload' => $summary + ['latest' => $latest?->format(DATE_ATOM)], 'sort_order' => 10, ]; } }