ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
154-finding-risk-acceptance
TenantAtlas/app/Services/Baselines/CurrentStateHashResolver.php
ahmido f08924525d Spec 117: Baseline Drift Engine + evidence fidelity/provenance (#142) 
Implements Spec 117 (Golden Master Baseline Drift Engine):

- Adds provider-chain resolver for current state hashes (content evidence via PolicyVersion, meta evidence via inventory)
- Updates baseline capture + compare jobs to use resolver and persist provenance + fidelity
- Adds evidence_fidelity column/index + Filament UI badge/filter/provenance display for findings
- Adds performance guard test + integration tests for drift, fidelity semantics, provenance, filter behavior
- UX fix: Policies list shows "Sync from Intune" header action only when records exist; empty-state CTA remains and is functional

Tests:
- `vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicySyncCtaPlacementTest.php`
- `vendor/bin/sail artisan test --compact --filter=Baseline`

Checklist:
- specs/117-baseline-drift-engine/checklists/requirements.md ✓

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #142
2026-03-03 07:23:01 +00:00

93 lines
2.5 KiB
PHP
Raw Permalink Blame History

<?php
declare(strict_types=1);
namespace App\Services\Baselines;
use App\Models\Tenant;
use App\Services\Baselines\Evidence\ContentEvidenceProvider;
use App\Services\Baselines\Evidence\MetaEvidenceProvider;
use App\Services\Baselines\Evidence\ResolvedEvidence;
use Carbon\CarbonImmutable;
final class CurrentStateHashResolver
{
/**
* @var list<CurrentStateEvidenceProvider>
*/
private readonly array $providers;
public function __construct(
ContentEvidenceProvider $contentEvidenceProvider,
MetaEvidenceProvider $metaEvidenceProvider,
) {
$this->providers = [
$contentEvidenceProvider,
$metaEvidenceProvider,
];
}
/**
* Resolve best-available current-state evidence per subject using the ordered provider chain.
*
* First-non-null wins.
*
* @param list<array{policy_type: string, subject_external_id: string}> $subjects
* @return array<string, ResolvedEvidence|null> keyed by "policy_type|subject_external_id"
*/
public function resolveForSubjects(
Tenant $tenant,
array $subjects,
?CarbonImmutable $since = null,
?int $latestInventorySyncRunId = null,
): array {
$results = [];
$unresolved = [];
foreach ($subjects as $subject) {
$policyType = trim((string) ($subject['policy_type'] ?? ''));
$externalId = trim((string) ($subject['subject_external_id'] ?? ''));
if ($policyType === '' || $externalId === '') {
continue;
}
$key = $policyType.'|'.$externalId;
if (array_key_exists($key, $results)) {
continue;
}
$results[$key] = null;
$unresolved[$key] = [
'policy_type' => $policyType,
'subject_external_id' => $externalId,
];
}
foreach ($this->providers as $provider) {
if ($unresolved === []) {
break;
}
$resolved = $provider->resolve(
tenant: $tenant,
subjects: array_values($unresolved),
since: $since,
latestInventorySyncRunId: $latestInventorySyncRunId,
);
foreach ($resolved as $key => $evidence) {
if (! array_key_exists($key, $unresolved)) {
continue;
}
$results[$key] = $evidence;
unset($unresolved[$key]);
}
}
return $results;
}
}
Reference in New Issue View Git Blame Copy Permalink