ahmido
02e75e1cda
## Summary - add a shared baseline compare summary assessment and assessor for compact trust propagation - harden dashboard, landing, and banner baseline compare surfaces against false all-clear claims - add focused Pest coverage for dashboard, landing, banner, reason translation, and canonical detail parity ## Validation - vendor/bin/sail bin pint --dirty --format agent - vendor/bin/sail artisan test --compact tests/Feature/Baselines/BaselineCompareSummaryAssessmentTest.php tests/Feature/Baselines/BaselineCompareExplanationFallbackTest.php tests/Feature/Filament/BaselineCompareNowWidgetTest.php tests/Feature/Filament/NeedsAttentionWidgetTest.php tests/Feature/Filament/BaselineCompareExplanationSurfaceTest.php tests/Feature/Filament/BaselineCompareLandingWhyNoFindingsTest.php tests/Feature/Filament/BaselineCompareCoverageBannerTest.php tests/Feature/Filament/BaselineCompareSummaryConsistencyTest.php tests/Feature/Filament/OperationRunBaselineTruthSurfaceTest.php tests/Feature/ReasonTranslation/ReasonTranslationExplanationTest.php ## Notes - Livewire compliance: Filament v5 / Livewire v4 stack unchanged - Provider registration: unchanged, Laravel 12 providers remain in bootstrap/providers.php - Global search: no searchable resource behavior changed - Destructive actions: none introduced by this change - Assets: no new assets registered; existing deploy process remains unchanged Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #196
251 lines
10 KiB
PHP
251 lines
10 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
|
|
use App\Models\BaselineProfile;
|
|
use App\Models\BaselineSnapshot;
|
|
use App\Models\BaselineTenantAssignment;
|
|
use App\Models\OperationRun;
|
|
use App\Support\Baselines\BaselineCompareReasonCode;
|
|
use App\Support\Baselines\BaselineCompareStats;
|
|
use App\Support\Baselines\BaselineReasonCodes;
|
|
use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthPresenter;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Filament\Facades\Filament;
|
|
use Livewire\Features\SupportTesting\Testable;
|
|
use Livewire\Livewire;
|
|
|
|
function visibleLivewireText(Testable $component): string
|
|
{
|
|
$html = $component->html();
|
|
$html = preg_replace('/<script\b[^>]*>.*?<\/script>/is', '', $html) ?? $html;
|
|
$html = preg_replace('/<style\b[^>]*>.*?<\/style>/is', '', $html) ?? $html;
|
|
$html = preg_replace('/\s+wire:snapshot="[^"]*"/', '', $html) ?? $html;
|
|
$html = preg_replace('/\s+wire:effects="[^"]*"/', '', $html) ?? $html;
|
|
|
|
return trim((string) preg_replace('/\s+/', ' ', strip_tags($html)));
|
|
}
|
|
|
|
it('shows run outcome and baseline artifact truth as separate facts on the run detail page', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$profile = BaselineProfile::factory()->active()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
]);
|
|
|
|
$snapshot = BaselineSnapshot::factory()->incomplete(BaselineReasonCodes::SNAPSHOT_CAPTURE_FAILED)->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
]);
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => 'baseline_capture',
|
|
'status' => 'completed',
|
|
'outcome' => 'failed',
|
|
'context' => [
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'result' => [
|
|
'snapshot_id' => (int) $snapshot->getKey(),
|
|
'snapshot_lifecycle' => 'incomplete',
|
|
],
|
|
'reason_code' => BaselineReasonCodes::SNAPSHOT_CAPTURE_FAILED,
|
|
],
|
|
'failure_summary' => [
|
|
['reason_code' => BaselineReasonCodes::SNAPSHOT_CAPTURE_FAILED, 'message' => 'Snapshot capture stopped after persistence failed.'],
|
|
],
|
|
'completed_at' => now(),
|
|
]);
|
|
|
|
$truth = app(ArtifactTruthPresenter::class)->forOperationRun($run->fresh());
|
|
$explanation = $truth->operatorExplanation;
|
|
|
|
Filament::setTenant(null, true);
|
|
$this->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]);
|
|
session([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]);
|
|
|
|
$component = Livewire::actingAs($user)
|
|
->test(TenantlessOperationRunViewer::class, ['run' => $run])
|
|
->assertSee('Decision')
|
|
->assertSee('Outcome')
|
|
->assertSee('Artifact truth')
|
|
->assertSee('Execution failed')
|
|
->assertSee($explanation?->headline ?? '')
|
|
->assertSee($explanation?->evaluationResultLabel() ?? '')
|
|
->assertSee($explanation?->trustworthinessLabel() ?? '')
|
|
->assertSee('Artifact not usable')
|
|
->assertSee('Primary next step')
|
|
->assertSee('Artifact truth details')
|
|
->assertSee('Inspect the related capture diagnostics before using this snapshot')
|
|
->assertDontSee('Artifact next step');
|
|
|
|
$pageText = visibleLivewireText($component);
|
|
|
|
expect(mb_substr_count($pageText, 'Primary next step'))->toBe(1)
|
|
->and(mb_substr_count($pageText, 'Inspect the related capture diagnostics before using this snapshot'))->toBe(1)
|
|
->and(mb_strpos($pageText, 'Decision'))->toBeLessThan(mb_strpos($pageText, 'Artifact truth details'));
|
|
});
|
|
|
|
it('shows operator explanation facts for baseline compare runs with nested compare reason context', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => 'baseline_compare',
|
|
'status' => 'completed',
|
|
'outcome' => 'partially_succeeded',
|
|
'context' => [
|
|
'baseline_compare' => [
|
|
'reason_code' => 'evidence_capture_incomplete',
|
|
'coverage' => [
|
|
'proof' => false,
|
|
],
|
|
'evidence_gaps' => [
|
|
'count' => 4,
|
|
],
|
|
],
|
|
],
|
|
'summary_counts' => [
|
|
'total' => 0,
|
|
'processed' => 0,
|
|
'errors_recorded' => 0,
|
|
],
|
|
'completed_at' => now(),
|
|
]);
|
|
|
|
$truth = app(ArtifactTruthPresenter::class)->forOperationRun($run->fresh());
|
|
$explanation = $truth->operatorExplanation;
|
|
|
|
Filament::setTenant(null, true);
|
|
$this->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]);
|
|
session([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]);
|
|
|
|
$component = Livewire::actingAs($user)
|
|
->test(TenantlessOperationRunViewer::class, ['run' => $run])
|
|
->assertSee('Decision')
|
|
->assertSee('Artifact truth')
|
|
->assertSee('Result meaning')
|
|
->assertSee('Result trust')
|
|
->assertSee('Primary next step')
|
|
->assertSee('Artifact truth details')
|
|
->assertSee($explanation?->headline ?? '')
|
|
->assertSee($explanation?->evaluationResultLabel() ?? '')
|
|
->assertSee($explanation?->trustworthinessLabel() ?? '')
|
|
->assertSee($explanation?->nextActionText ?? '')
|
|
->assertSee('The run completed, but normal output was intentionally suppressed.')
|
|
->assertSee('Resume or rerun evidence capture before relying on this compare result.')
|
|
->assertDontSee('Artifact next step');
|
|
|
|
$pageText = visibleLivewireText($component);
|
|
|
|
expect(mb_substr_count($pageText, 'Primary next step'))->toBe(1)
|
|
->and(mb_substr_count($pageText, 'Resume or rerun evidence capture before relying on this compare result.'))->toBe(1)
|
|
->and(mb_strpos($pageText, 'Decision'))->toBeLessThan(mb_strpos($pageText, 'Artifact truth details'));
|
|
});
|
|
|
|
it('deduplicates repeated artifact truth explanation text for follow-up runs without a usable artifact', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => 'baseline_compare',
|
|
'status' => 'completed',
|
|
'outcome' => 'partially_succeeded',
|
|
'summary_counts' => [
|
|
'total' => 50,
|
|
'processed' => 47,
|
|
'failed' => 3,
|
|
],
|
|
'context' => [],
|
|
'completed_at' => now(),
|
|
]);
|
|
|
|
Filament::setTenant(null, true);
|
|
$this->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]);
|
|
session([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]);
|
|
|
|
$component = Livewire::actingAs($user)
|
|
->test(TenantlessOperationRunViewer::class, ['run' => $run])
|
|
->assertSee('Decision')
|
|
->assertSee('Artifact truth details')
|
|
->assertSee('The run finished without a usable artifact result.');
|
|
|
|
$pageText = visibleLivewireText($component);
|
|
|
|
expect(mb_substr_count($pageText, 'The run finished without a usable artifact result.'))->toBe(1)
|
|
->and(mb_strpos($pageText, 'Decision'))->toBeLessThan(mb_strpos($pageText, 'Artifact truth details'));
|
|
});
|
|
|
|
it('keeps the compact tenant summary at least as cautious as the canonical run detail for suppressed compare results', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$profile = BaselineProfile::factory()->active()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
]);
|
|
|
|
$snapshot = BaselineSnapshot::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
]);
|
|
|
|
$profile->update(['active_snapshot_id' => (int) $snapshot->getKey()]);
|
|
|
|
BaselineTenantAssignment::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
]);
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => 'baseline_compare',
|
|
'status' => 'completed',
|
|
'outcome' => 'partially_succeeded',
|
|
'context' => [
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'baseline_compare' => [
|
|
'reason_code' => BaselineCompareReasonCode::CoverageUnproven->value,
|
|
'coverage' => [
|
|
'effective_types' => ['deviceConfiguration', 'deviceCompliancePolicy'],
|
|
'covered_types' => ['deviceConfiguration'],
|
|
'uncovered_types' => ['deviceCompliancePolicy'],
|
|
'proof' => false,
|
|
],
|
|
],
|
|
],
|
|
'summary_counts' => [
|
|
'total' => 0,
|
|
'processed' => 0,
|
|
'errors_recorded' => 2,
|
|
],
|
|
'completed_at' => now(),
|
|
]);
|
|
|
|
$summary = BaselineCompareStats::forTenant($tenant)->summaryAssessment();
|
|
$truth = app(ArtifactTruthPresenter::class)->forOperationRun($run->fresh());
|
|
$explanation = $truth->operatorExplanation;
|
|
|
|
expect($summary->stateFamily)->not->toBe('positive')
|
|
->and($summary->evaluationResult)->toBe('suppressed_result')
|
|
->and($summary->headline)->toBe('The last compare finished, but normal result output was suppressed.')
|
|
->and($explanation?->evaluationResult)->toBe('suppressed_result');
|
|
|
|
Filament::setTenant(null, true);
|
|
$this->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]);
|
|
session([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]);
|
|
|
|
Livewire::actingAs($user)
|
|
->test(TenantlessOperationRunViewer::class, ['run' => $run])
|
|
->assertSee($explanation?->headline ?? '')
|
|
->assertSee($explanation?->evaluationResultLabel() ?? '')
|
|
->assertSee($explanation?->trustworthinessLabel() ?? '')
|
|
->assertDontSee('No confirmed drift in the latest baseline compare.');
|
|
});
|