ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
154-finding-risk-acceptance
TenantAtlas/app/Services/Baselines/Evidence/EvidenceProvenance.php
ahmido f08924525d Spec 117: Baseline Drift Engine + evidence fidelity/provenance (#142) 
Implements Spec 117 (Golden Master Baseline Drift Engine):

- Adds provider-chain resolver for current state hashes (content evidence via PolicyVersion, meta evidence via inventory)
- Updates baseline capture + compare jobs to use resolver and persist provenance + fidelity
- Adds evidence_fidelity column/index + Filament UI badge/filter/provenance display for findings
- Adds performance guard test + integration tests for drift, fidelity semantics, provenance, filter behavior
- UX fix: Policies list shows "Sync from Intune" header action only when records exist; empty-state CTA remains and is functional

Tests:
- `vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicySyncCtaPlacementTest.php`
- `vendor/bin/sail artisan test --compact --filter=Baseline`

Checklist:
- specs/117-baseline-drift-engine/checklists/requirements.md ✓

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #142
2026-03-03 07:23:01 +00:00

71 lines
1.9 KiB
PHP
Raw Permalink Blame History

<?php
declare(strict_types=1);
namespace App\Services\Baselines\Evidence;
use Carbon\CarbonImmutable;
final class EvidenceProvenance
{
public const string FidelityContent = 'content';
public const string FidelityMeta = 'meta';
public const string SourcePolicyVersion = 'policy_version';
public const string SourceInventory = 'inventory';
public const string KeyFidelity = 'fidelity';
public const string KeySource = 'source';
public const string KeyObservedAt = 'observed_at';
public const string KeyObservedOperationRunId = 'observed_operation_run_id';
/**
* @return array{
* fidelity: string,
* source: string,
* observed_at: ?string,
* observed_operation_run_id: ?int
* }
*/
public static function build(
string $fidelity,
string $source,
?CarbonImmutable $observedAt,
?int $observedOperationRunId,
): array {
return [
self::KeyFidelity => $fidelity,
self::KeySource => $source,
self::KeyObservedAt => $observedAt?->toIso8601String(),
self::KeyObservedOperationRunId => $observedOperationRunId,
];
}
public static function weakerFidelity(string $baselineFidelity, string $currentFidelity): string
{
$baselineFidelity = strtolower(trim($baselineFidelity));
$currentFidelity = strtolower(trim($currentFidelity));
if ($baselineFidelity === self::FidelityMeta || $currentFidelity === self::FidelityMeta) {
return self::FidelityMeta;
}
return self::FidelityContent;
}
public static function isValidFidelity(?string $fidelity): bool
{
return in_array($fidelity, [self::FidelityContent, self::FidelityMeta], true);
}
public static function isValidSource(?string $source): bool
{
return in_array($source, [self::SourcePolicyVersion, self::SourceInventory], true);
}
}
Reference in New Issue View Git Blame Copy Permalink