feat(104): implement Provider Permission Posture
- T001-T014: Foundation - StoredReport model/migration, Finding resolved
lifecycle, badge mappings (resolved status, permission_posture type),
OperationCatalog + AlertRule constants
- T015-T022: US1 - PermissionPostureFindingGenerator with fingerprint-based
idempotent upsert, severity from feature-impact count, auto-resolve on
grant, auto-reopen on revoke, error findings (FR-015), stale finding
cleanup; GeneratePermissionPostureFindingsJob dispatched from health check;
PostureResult VO + PostureScoreCalculator
- T023-T026: US2+US4 - Stored report payload validation, temporal ordering,
polymorphic reusability, score accuracy acceptance tests
- T027-T029: US3 - EvaluateAlertsJob.permissionMissingEvents() wired into
alert pipeline, AlertRuleResource event type option, cooldown/dedupe tests
- T030-T034: Polish - PruneStoredReportsCommand with config retention,
scheduled daily, end-to-end integration test, Pint clean
UI bug fixes found during testing:
- FindingResource: hide Diff section for non-drift findings
- TenantRequiredPermissions: fix re-run verification link
- tenant-required-permissions.blade.php: preserve details open state
70 tests (50 PermissionPosture + 20 FindingResolved/Badge/Alert), 216 assertions
222a7e0a97