getContent(); $html = preg_replace('/]*>.*?<\/script>/is', '', $html) ?? $html; $html = preg_replace('/]*>.*?<\/style>/is', '', $html) ?? $html; $html = preg_replace('/\s+wire:snapshot="[^"]*"/', '', $html) ?? $html; $html = preg_replace('/\s+wire:effects="[^"]*"/', '', $html) ?? $html; return trim((string) preg_replace('/\s+/', ' ', strip_tags($html))); } /** * @param array $overrides * @return array */ function baselineCompareGapContext(array $overrides = []): array { return array_replace_recursive(BaselineSubjectResolutionFixtures::compareContext([ BaselineSubjectResolutionFixtures::structuredGap([ 'policy_type' => 'deviceConfiguration', 'subject_key' => 'WiFi-Corp-Profile', 'resolution_outcome' => 'ambiguous_match', 'reason_code' => 'ambiguous_match', 'operator_action_category' => 'inspect_subject_mapping', ]), BaselineSubjectResolutionFixtures::structuredGap([ 'policy_type' => 'deviceConfiguration', 'subject_key' => 'VPN-Always-On', 'resolution_outcome' => 'ambiguous_match', 'reason_code' => 'ambiguous_match', 'operator_action_category' => 'inspect_subject_mapping', ]), BaselineSubjectResolutionFixtures::structuredGap([ 'policy_type' => 'deviceConfiguration', 'subject_key' => 'Email-Exchange-Config', 'resolution_outcome' => 'ambiguous_match', 'reason_code' => 'ambiguous_match', 'operator_action_category' => 'inspect_subject_mapping', ]), BaselineSubjectResolutionFixtures::structuredGap([ 'policy_type' => 'deviceConfiguration', 'subject_key' => 'Deleted-Policy-ABC', 'resolution_outcome' => 'policy_record_missing', 'reason_code' => 'policy_record_missing', 'operator_action_category' => 'run_policy_sync_or_backup', ]), BaselineSubjectResolutionFixtures::structuredGap([ 'policy_type' => 'deviceConfiguration', 'subject_key' => 'Removed-Config-XYZ', 'resolution_outcome' => 'policy_record_missing', 'reason_code' => 'policy_record_missing', 'operator_action_category' => 'run_policy_sync_or_backup', ]), ]), [ 'baseline_compare' => [ 'subjects_total' => 50, 'reason_code' => 'evidence_capture_incomplete', 'fidelity' => 'meta', 'coverage' => [ 'proof' => true, 'covered_types' => ['deviceConfiguration'], 'uncovered_types' => [], 'effective_types' => ['deviceConfiguration'], ], 'evidence_capture' => [ 'requested' => 50, 'succeeded' => 47, 'skipped' => 0, 'failed' => 3, 'throttled' => 0, ], ], ], $overrides); } it('renders operation runs with summary content before counts and technical context', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); Filament::setTenant(null, true); $run = OperationRun::factory()->create([ 'workspace_id' => (int) $tenant->workspace_id, 'tenant_id' => (int) $tenant->getKey(), 'type' => 'policy.sync', 'status' => OperationRunStatus::Completed->value, 'outcome' => OperationRunOutcome::Succeeded->value, 'initiator_name' => 'Alice Example', 'summary_counts' => [ 'total' => 10, 'processed' => 10, 'succeeded' => 10, ], 'context' => [ 'target_scope' => [ 'entra_tenant_name' => 'Contoso', 'entra_tenant_id' => '11111111-1111-1111-1111-111111111111', ], ], ]); $response = $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->assertOk() ->assertSee('Current state') ->assertSee('Timing') ->assertSee('Contoso'); $pageText = visiblePageText($response); $policySyncPosition = mb_strpos($pageText, 'Policy sync'); $runSummaryPosition = mb_strpos($pageText, 'Run summary'); $relatedContextPosition = mb_strpos($pageText, 'Related context'); $countsPosition = mb_strpos($pageText, 'Counts'); $identityHashPosition = mb_strpos($pageText, 'Identity hash'); expect($policySyncPosition)->not->toBeFalse() ->and($runSummaryPosition)->not->toBeFalse() ->and($relatedContextPosition)->not->toBeFalse() ->and($countsPosition)->not->toBeFalse() ->and($identityHashPosition)->not->toBeFalse() ->and($policySyncPosition)->toBeLessThan($runSummaryPosition) ->and($runSummaryPosition)->toBeLessThan($relatedContextPosition) ->and($relatedContextPosition)->toBeLessThan($countsPosition) ->and($countsPosition)->toBeLessThan($identityHashPosition); expect((string) $response->getContent()) ->toMatch('/fi-section-header-heading[^>]*>\s*Current state\s*toMatch('/fi-section-header-heading[^>]*>\s*Timing\s*create([ 'tenant_id' => (int) $tenant->getKey(), 'name' => 'Nightly backup', ]); $run = OperationRun::factory()->create([ 'workspace_id' => (int) $tenant->workspace_id, 'tenant_id' => (int) $tenant->getKey(), 'type' => 'backup_set.add_policies', 'status' => OperationRunStatus::Completed->value, 'outcome' => OperationRunOutcome::Succeeded->value, 'context' => [ 'backup_set_id' => (int) $backupSet->getKey(), 'target_scope' => [ 'entra_tenant_name' => 'Contoso', ], ], ]); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->assertOk() ->assertSee('Back to Operations') ->assertSee('Refresh') ->assertSee('Related context') ->assertSee('/admin/t/'.$tenant->external_id.'/backup-sets/'.$backupSet->getKey(), false); }); it('renders mismatch context above the enterprise detail content without blocking the page', function (): void { $runTenant = Tenant::factory()->create([ 'name' => 'Run Tenant', ]); [$user, $runTenant] = createUserWithTenant(tenant: $runTenant, role: 'owner'); $currentTenant = Tenant::factory()->create([ 'name' => 'Current Tenant', 'workspace_id' => (int) $runTenant->workspace_id, ]); createUserWithTenant(tenant: $currentTenant, user: $user, role: 'owner'); Filament::setTenant($currentTenant, true); $run = OperationRun::factory()->create([ 'workspace_id' => (int) $runTenant->workspace_id, 'tenant_id' => (int) $runTenant->getKey(), 'type' => 'policy.sync', 'status' => OperationRunStatus::Completed->value, 'outcome' => OperationRunOutcome::Succeeded->value, ]); $response = $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $runTenant->workspace_id]) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->assertOk() ->assertSee('Current tenant context differs from this run') ->assertSee('Run summary') ->assertSee('Related context'); $pageText = visiblePageText($response); $bannerPosition = mb_strpos($pageText, 'Current tenant context differs from this run'); $summaryPosition = mb_strpos($pageText, 'Run summary'); expect($bannerPosition)->not->toBeFalse() ->and($summaryPosition)->not->toBeFalse() ->and($bannerPosition)->toBeLessThan($summaryPosition); }); it('renders explicit sparse-data fallbacks for operation runs', function (): void { $workspace = Workspace::factory()->create(); $user = User::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'user_id' => (int) $user->getKey(), 'role' => 'owner', ]); Filament::setTenant(null, true); $run = OperationRun::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'tenant_id' => null, 'type' => 'provider.connection.check', 'status' => OperationRunStatus::Completed->value, 'outcome' => OperationRunOutcome::Failed->value, 'summary_counts' => [], 'failure_summary' => [], 'context' => [], ]); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()]) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->assertOk() ->assertSee('No target scope details were recorded for this run.') ->assertSee('Verification report') ->assertSee('Verification report unavailable') ->assertDontSee('Counts'); }); it('renders lifecycle reconciliation diagnostics for reconciled runs', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); Filament::setTenant(null, true); $run = OperationRun::factory()->create([ 'workspace_id' => (int) $tenant->workspace_id, 'tenant_id' => (int) $tenant->getKey(), 'type' => 'restore.execute', 'status' => OperationRunStatus::Completed->value, 'outcome' => OperationRunOutcome::Failed->value, 'context' => [ 'reason_code' => 'run.adapter_out_of_sync', 'reconciliation' => [ 'reconciled_at' => now()->toIso8601String(), 'reason' => 'run.adapter_out_of_sync', 'reason_code' => 'run.adapter_out_of_sync', 'source' => 'adapter_reconciler', ], ], 'failure_summary' => [[ 'code' => 'run.adapter_out_of_sync', 'reason_code' => 'run.adapter_out_of_sync', 'message' => 'A related restore record reached terminal truth before the operation run was updated.', ]], ]); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->assertOk() ->assertSee('Lifecycle reconciliation') ->assertSee('Automatically reconciled') ->assertSee('Reconciled by') ->assertSee('Adapter reconciler'); }); it('renders evidence gap details section for baseline compare runs with gap subjects', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); Filament::setTenant(null, true); $run = OperationRun::factory()->create([ 'workspace_id' => (int) $tenant->workspace_id, 'tenant_id' => (int) $tenant->getKey(), 'type' => 'baseline_compare', 'status' => 'completed', 'outcome' => 'partially_succeeded', 'context' => baselineCompareGapContext(), 'completed_at' => now(), ]); $response = $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->assertOk() ->assertSee('Evidence gap details') ->assertSee('Search gap details') ->assertSee('Search by reason, type, class, outcome, action, or subject key') ->assertSee('Reason') ->assertSee('Ambiguous inventory match') ->assertSee('Policy record missing') ->assertSee('3 affected') ->assertSee('2 affected') ->assertSee('WiFi-Corp-Profile') ->assertSee('Deleted-Policy-ABC') ->assertSee('Policy type') ->assertSee('Subject class') ->assertSee('Outcome') ->assertSee('Next action') ->assertSee('Subject key'); }); it('renders baseline compare evidence-gap details without invoking graph during canonical run detail render', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); Filament::setTenant(null, true); bindFailHardGraphClient(); $run = OperationRun::factory()->create([ 'workspace_id' => (int) $tenant->workspace_id, 'tenant_id' => (int) $tenant->getKey(), 'type' => 'baseline_compare', 'status' => 'completed', 'outcome' => 'partially_succeeded', 'context' => baselineCompareGapContext(), 'completed_at' => now(), ]); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->assertOk() ->assertSee('Evidence gap details') ->assertSee('WiFi-Corp-Profile'); }); it('distinguishes missing recorded gap detail from no-gap runs on the canonical run detail surface', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); Filament::setTenant(null, true); $legacyRun = OperationRun::factory()->create([ 'workspace_id' => (int) $tenant->workspace_id, 'tenant_id' => (int) $tenant->getKey(), 'type' => 'baseline_compare', 'status' => 'completed', 'outcome' => 'partially_succeeded', 'context' => baselineCompareGapContext([ 'baseline_compare' => [ 'evidence_gaps' => [ 'subjects' => null, ], ], ]), 'completed_at' => now(), ]); $cleanRun = OperationRun::factory()->create([ 'workspace_id' => (int) $tenant->workspace_id, 'tenant_id' => (int) $tenant->getKey(), 'type' => 'baseline_compare', 'status' => 'completed', 'outcome' => 'succeeded', 'context' => baselineCompareGapContext([ 'baseline_compare' => [ 'reason_code' => 'no_drift_detected', 'evidence_gaps' => [ 'count' => 0, 'by_reason' => [], 'subjects' => [], ], ], ]), 'completed_at' => now(), ]); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->get(route('admin.operations.view', ['run' => (int) $legacyRun->getKey()])) ->assertOk() ->assertSee('Evidence gap details') ->assertSee('Detailed rows were not recorded for this run') ->assertSee('Baseline compare evidence'); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->get(route('admin.operations.view', ['run' => (int) $cleanRun->getKey()])) ->assertOk() ->assertDontSee('Evidence gap details') ->assertSee('Baseline compare evidence'); }); it('returns 404 for workspace members without tenant entitlement when evidence-gap details exist on the canonical surface', function (): void { $workspace = Workspace::factory()->create(); $tenant = Tenant::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), ]); $run = OperationRun::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'tenant_id' => (int) $tenant->getKey(), 'type' => 'baseline_compare', 'status' => 'completed', 'outcome' => 'partially_succeeded', 'context' => baselineCompareGapContext(), 'completed_at' => now(), ]); $user = User::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'user_id' => (int) $user->getKey(), 'role' => 'owner', ]); Filament::setTenant(null, true); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()]) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->assertNotFound(); });