*/ function dashboardKpiStatPayloads($component): array { $method = new ReflectionMethod(DashboardKpis::class, 'getStats'); $method->setAccessible(true); return collect($method->invoke($component->instance())) ->mapWithKeys(fn (Stat $stat): array => [ (string) $stat->getLabel() => [ 'value' => (string) $stat->getValue(), 'description' => $stat->getDescription(), 'url' => $stat->getUrl(), ], ]) ->all(); } /** * @return array */ function recoveryReadinessViewData(\App\Models\Tenant $tenant): array { Filament::setCurrentPanel(Filament::getPanel('tenant')); Filament::setTenant($tenant, true); $component = Livewire::test(RecoveryReadiness::class); $method = new ReflectionMethod(RecoveryReadiness::class, 'getViewData'); $method->setAccessible(true); return $method->invoke($component->instance()); } /** * @return array{value:string,description:string|null,url:string|null} */ function backupPostureStatPayload(\App\Models\Tenant $tenant): array { return recoveryReadinessViewData($tenant)['backupPosture']; } /** * @return array{value:string,description:string|null,url:string|null} */ function recoveryEvidenceStatPayload(\App\Models\Tenant $tenant): array { return recoveryReadinessViewData($tenant)['recoveryEvidence']; } function makeBackupHealthScheduleForKpi(\App\Models\Tenant $tenant, array $attributes = []): BackupSchedule { return BackupSchedule::query()->create(array_merge([ 'tenant_id' => (int) $tenant->getKey(), 'name' => 'KPI schedule', 'is_enabled' => true, 'timezone' => 'UTC', 'frequency' => 'daily', 'time_of_day' => '01:00:00', 'days_of_week' => null, 'policy_types' => ['deviceConfiguration'], 'include_foundations' => true, 'retention_keep_last' => 30, 'next_run_at' => now()->addHour(), ], $attributes)); } afterEach(function (): void { CarbonImmutable::setTestNow(); }); function makeHealthyBackupForRecoveryKpi(\App\Models\Tenant $tenant, array $attributes = []): BackupSet { $backupSet = BackupSet::factory()->for($tenant)->recentCompleted()->create(array_merge([ 'name' => 'Healthy recovery KPI backup', 'item_count' => 1, ], $attributes)); BackupItem::factory()->for($tenant)->for($backupSet)->create([ 'payload' => ['id' => 'healthy-recovery-policy'], 'metadata' => [], 'assignments' => [], ]); return $backupSet; } dataset('dashboard-recovery-evidence-cases', [ 'failed history' => [ fn (\App\Models\Tenant $tenant, BackupSet $backupSet): RestoreRun => RestoreRun::factory() ->for($tenant) ->for($backupSet) ->failedOutcome() ->create([ 'completed_at' => now()->subMinutes(10), ]), 'Weakened', 'The restore did not complete successfully. Follow-up is still required.', 'Tenant recovery is not proven.', RestoreResultAttention::STATE_FAILED, ], 'partial history' => [ fn (\App\Models\Tenant $tenant, BackupSet $backupSet): RestoreRun => RestoreRun::factory() ->for($tenant) ->for($backupSet) ->partialOutcome() ->create([ 'completed_at' => now()->subMinutes(10), ]), 'Weakened', 'The restore reached a terminal state, but some items or assignments still need follow-up.', 'Tenant-wide recovery is not proven.', RestoreResultAttention::STATE_PARTIAL, ], 'follow-up history' => [ fn (\App\Models\Tenant $tenant, BackupSet $backupSet): RestoreRun => RestoreRun::factory() ->for($tenant) ->for($backupSet) ->completedWithFollowUp() ->create([ 'completed_at' => now()->subMinutes(10), ]), 'Weakened', 'The restore completed, but follow-up remains for skipped or non-applied work.', 'Tenant-wide recovery is not proven.', RestoreResultAttention::STATE_COMPLETED_WITH_FOLLOW_UP, ], 'calm completed history' => [ fn (\App\Models\Tenant $tenant, BackupSet $backupSet): RestoreRun => RestoreRun::factory() ->for($tenant) ->for($backupSet) ->completedOutcome() ->create([ 'completed_at' => now()->subMinutes(10), ]), 'No recent issues visible', 'Recent executed restore history exists without a current follow-up signal.', 'Tenant-wide recovery is not proven.', 'no_recent_issues_visible', ], ]); it('aligns dashboard KPI counts and drill-throughs to canonical findings and operations semantics', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); $this->actingAs($user); Finding::factory()->for($tenant)->create([ 'finding_type' => Finding::FINDING_TYPE_DRIFT, 'status' => Finding::STATUS_NEW, 'severity' => Finding::SEVERITY_LOW, ]); Finding::factory()->for($tenant)->create([ 'finding_type' => Finding::FINDING_TYPE_DRIFT, 'status' => Finding::STATUS_TRIAGED, 'severity' => Finding::SEVERITY_MEDIUM, ]); Finding::factory()->for($tenant)->create([ 'finding_type' => Finding::FINDING_TYPE_DRIFT, 'status' => Finding::STATUS_REOPENED, 'severity' => Finding::SEVERITY_CRITICAL, ]); Finding::factory()->for($tenant)->create([ 'finding_type' => Finding::FINDING_TYPE_PERMISSION_POSTURE, 'status' => Finding::STATUS_IN_PROGRESS, 'severity' => Finding::SEVERITY_HIGH, ]); Finding::factory()->for($tenant)->create([ 'finding_type' => Finding::FINDING_TYPE_DRIFT, 'status' => Finding::STATUS_RESOLVED, 'severity' => Finding::SEVERITY_HIGH, ]); OperationRun::factory()->create([ 'tenant_id' => (int) $tenant->getKey(), 'workspace_id' => (int) $tenant->workspace_id, 'type' => 'inventory_sync', 'status' => OperationRunStatus::Queued->value, 'outcome' => OperationRunOutcome::Pending->value, 'created_at' => now()->subMinute(), ]); OperationRun::factory()->create([ 'tenant_id' => (int) $tenant->getKey(), 'workspace_id' => (int) $tenant->workspace_id, 'type' => 'inventory_sync', 'status' => OperationRunStatus::Queued->value, 'outcome' => OperationRunOutcome::Pending->value, 'created_at' => now()->subHour(), ]); OperationRun::factory()->create([ 'tenant_id' => (int) $tenant->getKey(), 'workspace_id' => (int) $tenant->workspace_id, 'type' => 'policy.sync', 'status' => OperationRunStatus::Completed->value, 'outcome' => OperationRunOutcome::PartiallySucceeded->value, ]); OperationRun::factory()->create([ 'tenant_id' => (int) $tenant->getKey(), 'workspace_id' => (int) $tenant->workspace_id, 'type' => 'policy.sync', 'status' => OperationRunStatus::Completed->value, 'outcome' => OperationRunOutcome::Failed->value, ]); Filament::setCurrentPanel(Filament::getPanel('tenant')); Filament::setTenant($tenant, true); $stats = dashboardKpiStatPayloads(Livewire::test(DashboardKpis::class)); expect($stats)->toMatchArray([ 'Open drift findings' => [ 'value' => '3', 'description' => 'active drift workflow items', 'url' => FindingResource::getUrl('index', [ 'tab' => 'needs_action', 'finding_type' => Finding::FINDING_TYPE_DRIFT, ], panel: 'tenant', tenant: $tenant), ], 'High severity active findings' => [ 'value' => '2', 'description' => 'high or critical findings needing review', 'url' => FindingResource::getUrl('index', [ 'tab' => 'needs_action', 'high_severity' => 1, ], panel: 'tenant', tenant: $tenant), ], 'Active operations' => [ 'value' => '1', 'description' => 'healthy queued or running tenant work', 'url' => OperationRunLinks::index($tenant, activeTab: 'active'), ], 'Likely stale operations' => [ 'value' => '1', 'description' => 'queued or running past the lifecycle window', 'url' => OperationRunLinks::index( $tenant, activeTab: OperationRun::PROBLEM_CLASS_ACTIVE_STALE_ATTENTION, problemClass: OperationRun::PROBLEM_CLASS_ACTIVE_STALE_ATTENTION, ), ], 'Terminal follow-up operations' => [ 'value' => '2', 'description' => 'blocked, partial, failed, or auto-reconciled runs', 'url' => OperationRunLinks::index( $tenant, activeTab: OperationRun::PROBLEM_CLASS_TERMINAL_FOLLOW_UP, problemClass: OperationRun::PROBLEM_CLASS_TERMINAL_FOLLOW_UP, ), ], ]); }); it('keeps findings KPI truth visible while disabling dead-end drill-throughs for members without findings access', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); $this->actingAs($user); Finding::factory()->for($tenant)->create([ 'finding_type' => Finding::FINDING_TYPE_DRIFT, 'status' => Finding::STATUS_NEW, 'severity' => Finding::SEVERITY_CRITICAL, ]); Gate::define(Capabilities::TENANT_FINDINGS_VIEW, fn (): bool => false); Filament::setCurrentPanel(Filament::getPanel('tenant')); Filament::setTenant($tenant, true); $stats = dashboardKpiStatPayloads(Livewire::test(DashboardKpis::class)); expect($stats['Open drift findings'])->toMatchArray([ 'value' => '1', 'description' => UiTooltips::INSUFFICIENT_PERMISSION, 'url' => null, ]); expect($stats['High severity active findings'])->toMatchArray([ 'value' => '1', 'description' => UiTooltips::INSUFFICIENT_PERMISSION, 'url' => null, ]); }); it('shows absent backup posture and routes the KPI to the backup-set list', function (): void { [$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false); $this->actingAs($user); $stat = backupPostureStatPayload($tenant); expect($stat)->toMatchArray([ 'value' => 'Absent', 'url' => BackupSetResource::getUrl('index', [ 'backup_health_reason' => TenantBackupHealthAssessment::REASON_NO_BACKUP_BASIS, ], panel: 'tenant', tenant: $tenant), ]); expect($stat['description'])->toContain('Create or finish a backup set'); }); it('shows stale backup posture and routes the KPI to the latest backup detail', function (): void { CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC')); [$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false); $this->actingAs($user); $backupSet = BackupSet::factory()->for($tenant)->create([ 'name' => 'Stale latest backup', 'item_count' => 1, 'completed_at' => now()->subDays(2), ]); BackupItem::factory()->for($tenant)->for($backupSet)->create([ 'payload' => ['id' => 'policy-stale'], 'metadata' => [], 'assignments' => [], ]); $stat = backupPostureStatPayload($tenant); expect($stat)->toMatchArray([ 'value' => 'Stale', 'url' => BackupSetResource::getUrl('view', [ 'record' => (int) $backupSet->getKey(), 'backup_health_reason' => TenantBackupHealthAssessment::REASON_LATEST_BACKUP_STALE, ], panel: 'tenant', tenant: $tenant), ]); expect($stat['description'])->toContain('2 days'); }); it('shows degraded backup posture and routes the KPI to the latest backup detail', function (): void { CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC')); [$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false); $this->actingAs($user); $backupSet = BackupSet::factory()->for($tenant)->create([ 'name' => 'Degraded latest backup', 'item_count' => 1, 'completed_at' => now()->subMinutes(45), ]); BackupItem::factory()->for($tenant)->for($backupSet)->create([ 'payload' => [], 'metadata' => [ 'source' => 'metadata_only', 'assignments_fetch_failed' => true, ], 'assignments' => [], ]); $stat = backupPostureStatPayload($tenant); expect($stat)->toMatchArray([ 'value' => 'Degraded', 'url' => BackupSetResource::getUrl('view', [ 'record' => (int) $backupSet->getKey(), 'backup_health_reason' => TenantBackupHealthAssessment::REASON_LATEST_BACKUP_DEGRADED, ], panel: 'tenant', tenant: $tenant), ]); expect($stat['description'])->toContain('degraded input quality'); }); it('shows healthy backup posture when the latest backup is recent and clean', function (): void { CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC')); [$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false); $this->actingAs($user); $backupSet = BackupSet::factory()->for($tenant)->create([ 'name' => 'Healthy latest backup', 'item_count' => 1, 'completed_at' => now()->subMinutes(20), ]); BackupItem::factory()->for($tenant)->for($backupSet)->create([ 'payload' => ['id' => 'healthy-policy'], 'metadata' => [], 'assignments' => [], ]); $stat = backupPostureStatPayload($tenant); expect($stat)->toMatchArray([ 'value' => 'Healthy', 'url' => null, ]); expect($stat['description'])->toContain('20 minutes'); }); it('keeps healthy backups honest when no executed restore history exists yet', function (): void { CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC')); [$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false); $this->actingAs($user); $backupSet = makeHealthyBackupForRecoveryKpi($tenant); RestoreRun::factory() ->for($tenant) ->for($backupSet) ->previewOnly() ->create([ 'completed_at' => now()->subMinutes(5), ]); $backupStat = backupPostureStatPayload($tenant); $recoveryStat = recoveryEvidenceStatPayload($tenant); expect($backupStat['value'])->toBe('Healthy') ->and($backupStat['description'])->toContain('Backup health reflects backup inputs only and does not prove restore success.'); expect($recoveryStat)->toMatchArray([ 'value' => 'Unvalidated', 'url' => RestoreRunResource::getUrl('index', [ 'recovery_posture_reason' => 'no_history', ], panel: 'tenant', tenant: $tenant), ]); expect($recoveryStat['description']) ->toContain('No executed restore history is visible in the latest tenant restore records.') ->toContain('Tenant-wide recovery is not proven.'); }); it('surfaces weak and calm restore history on the recovery evidence KPI', function ( Closure $makeRestoreRun, string $expectedValue, string $expectedSummary, string $expectedBoundary, string $expectedReason, ): void { CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC')); [$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false); $this->actingAs($user); makeHealthyBackupForRecoveryKpi($tenant); $restoreBackupSet = BackupSet::factory()->for($tenant)->create([ 'name' => 'Restore evidence backup', ]); $restoreRun = $makeRestoreRun($tenant, $restoreBackupSet); $recoveryStat = recoveryEvidenceStatPayload($tenant); expect($recoveryStat)->toMatchArray([ 'value' => $expectedValue, 'url' => RestoreRunResource::getUrl('view', [ 'record' => (int) $restoreRun->getKey(), 'recovery_posture_reason' => $expectedReason, ], panel: 'tenant', tenant: $tenant), ]); expect($recoveryStat['description']) ->toContain($expectedSummary) ->toContain($expectedBoundary); })->with('dashboard-recovery-evidence-cases'); it('keeps the posture healthy but routes the KPI to schedules when backup automation needs follow-up', function (): void { CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC')); [$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false); $this->actingAs($user); $backupSet = BackupSet::factory()->for($tenant)->create([ 'name' => 'Healthy latest backup', 'item_count' => 1, 'completed_at' => now()->subMinutes(15), ]); BackupItem::factory()->for($tenant)->for($backupSet)->create([ 'payload' => ['id' => 'healthy-policy'], 'metadata' => [], 'assignments' => [], ]); makeBackupHealthScheduleForKpi($tenant, [ 'name' => 'Overdue KPI schedule', 'last_run_at' => null, 'last_run_status' => null, 'next_run_at' => now()->subHours(2), ]); $stat = backupPostureStatPayload($tenant); expect($stat)->toMatchArray([ 'value' => 'Healthy', 'url' => BackupScheduleResource::getUrl('index', [ 'backup_health_reason' => TenantBackupHealthAssessment::REASON_SCHEDULE_FOLLOW_UP, ], panel: 'tenant', tenant: $tenant), ]); expect($stat['description'])->toContain('not produced a successful run'); }); it('keeps backup posture truth visible while disabling backup drill-throughs for members without backup view access', function (): void { CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC')); [$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false); $this->actingAs($user); $backupSet = BackupSet::factory()->for($tenant)->create([ 'name' => 'Stale inaccessible backup', 'item_count' => 1, 'completed_at' => now()->subDays(2), ]); BackupItem::factory()->for($tenant)->for($backupSet)->create([ 'payload' => ['id' => 'policy-stale'], 'metadata' => [], 'assignments' => [], ]); Gate::define(Capabilities::TENANT_VIEW, fn (): bool => false); $stat = backupPostureStatPayload($tenant); expect($stat)->toMatchArray([ 'value' => 'Stale', 'url' => null, ]); expect($stat['description']) ->toContain('2 days') ->toContain(UiTooltips::INSUFFICIENT_PERMISSION); Filament::setCurrentPanel(Filament::getPanel('tenant')); Filament::setTenant($tenant, true); Livewire::test(NeedsAttention::class) ->assertSee('Latest backup is stale') ->assertSee(UiTooltips::INSUFFICIENT_PERMISSION); });