active()->create([ 'workspace_id' => (int) $tenant->workspace_id, ]); $snapshot = BaselineSnapshot::factory()->create([ 'workspace_id' => (int) $tenant->workspace_id, 'baseline_profile_id' => (int) $profile->getKey(), 'summary_jsonb' => [ 'total_items' => 1, 'policy_type_counts' => ['deviceCompliancePolicy' => 1], 'fidelity_counts' => ['content' => 0, 'meta' => 1], 'gaps' => ['count' => 1, 'by_reason' => ['meta_fallback' => 1]], ], ]); BaselineSnapshotItem::factory()->create([ 'baseline_snapshot_id' => (int) $snapshot->getKey(), 'policy_type' => 'deviceCompliancePolicy', 'subject_key' => 'bitlocker require', 'subject_external_id' => hash('sha256', 'deviceCompliancePolicy|bitlocker require'), 'meta_jsonb' => [ 'display_name' => 'Bitlocker Require', 'platform' => 'windows', 'warnings' => ['Only inventory metadata was available.'], 'evidence' => [ 'fidelity' => 'meta', 'source' => 'inventory', 'observed_at' => '2026-03-09T12:00:00+00:00', ], ], ]); $this->actingAs($user) ->get(BaselineSnapshotResource::getUrl('view', ['record' => $snapshot], panel: 'admin')) ->assertOk() ->assertSeeInOrder(['Coverage summary', 'Captured policy types', 'Technical detail']) ->assertSee('Inventory metadata') ->assertSee('Metadata-only evidence was captured for this item.') ->assertSee('Only inventory metadata was available.'); }); it('isolates renderer failures per group and falls back without breaking the page', function (): void { [$user, $tenant] = createUserWithTenant(role: 'readonly'); $profile = BaselineProfile::factory()->active()->create([ 'workspace_id' => (int) $tenant->workspace_id, ]); $snapshot = BaselineSnapshot::factory()->create([ 'workspace_id' => (int) $tenant->workspace_id, 'baseline_profile_id' => (int) $profile->getKey(), 'summary_jsonb' => [ 'total_items' => 1, 'policy_type_counts' => ['deviceCompliancePolicy' => 1], 'fidelity_counts' => ['content' => 1, 'meta' => 0], 'gaps' => ['count' => 0, 'by_reason' => []], ], ]); BaselineSnapshotItem::factory()->create([ 'baseline_snapshot_id' => (int) $snapshot->getKey(), 'policy_type' => 'deviceCompliancePolicy', 'subject_key' => 'bitlocker require', 'subject_external_id' => hash('sha256', 'deviceCompliancePolicy|bitlocker require'), 'meta_jsonb' => [ 'display_name' => 'Bitlocker Require', 'platform' => 'windows', 'evidence' => [ 'fidelity' => 'content', 'source' => 'policy_version', 'observed_at' => '2026-03-09T12:00:00+00:00', ], ], ]); $throwingRenderer = new class extends FallbackSnapshotTypeRenderer { public function supports(string $policyType): bool { return $policyType === 'deviceCompliancePolicy'; } public function render(BaselineSnapshotItem $item): RenderedSnapshotItem { throw new RuntimeException('Renderer exploded.'); } }; app()->instance(SnapshotTypeRendererRegistry::class, new SnapshotTypeRendererRegistry( renderers: [$throwingRenderer], fallbackRenderer: new FallbackSnapshotTypeRenderer, )); $this->actingAs($user) ->get(BaselineSnapshotResource::getUrl('view', ['record' => $snapshot], panel: 'admin')) ->assertOk() ->assertSee('Technical detail') ->assertSee('Structured rendering failed for this policy type. Fallback metadata is shown instead.') ->assertSee('Bitlocker Require') ->assertSee('A fallback renderer is being used for this item.'); });