ahmido
2752515da5
Some checks failed
Main Confidence / confidence (push) Failing after 54s
## Summary - harden baseline capture truth, compare readiness, and monitoring explanations around latest inventory eligibility, blocked prerequisites, and zero-subject outcomes - improve onboarding verification and bootstrap recovery handling, including admin-consent callback invalidation and queued execution legitimacy/report behavior - align workspace findings/workspace overview signals and refresh the related spec, roadmap, and spec-candidate artifacts ## Validation - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/BaselineDriftEngine/BaselineCaptureAuditEventsTest.php tests/Feature/BaselineDriftEngine/BaselineSnapshotNoTenantIdentifiersTest.php tests/Feature/BaselineDriftEngine/CaptureBaselineContentTest.php tests/Feature/BaselineDriftEngine/CaptureBaselineFullContentOnDemandTest.php tests/Feature/BaselineDriftEngine/CaptureBaselineMetaFallbackTest.php tests/Feature/Baselines/BaselineCaptureTest.php tests/Feature/Baselines/BaselineCompareFindingsTest.php tests/Feature/Baselines/BaselineSnapshotBackfillTest.php tests/Feature/Filament/BaselineCaptureResultExplanationSurfaceTest.php tests/Feature/Filament/BaselineCompareLandingStartSurfaceTest.php tests/Feature/Filament/BaselineProfileCaptureStartSurfaceTest.php tests/Feature/Filament/OperationRunBaselineTruthSurfaceTest.php tests/Feature/Monitoring/AuditCoverageGovernanceTest.php tests/Feature/Monitoring/GovernanceOperationRunSummariesTest.php tests/Feature/Notifications/OperationRunNotificationTest.php tests/Feature/Authorization/OperatorExplanationSurfaceAuthorizationTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/AdminConsentCallbackTest.php tests/Feature/Filament/WorkspaceOverviewDbOnlyTest.php tests/Feature/Guards/Spec194GovernanceActionSemanticsGuardTest.php tests/Feature/ManagedTenantOnboardingWizardTest.php tests/Feature/Onboarding/OnboardingVerificationTest.php tests/Feature/Operations/QueuedExecutionAuditTrailTest.php tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php` ## Notes - browser validation was not re-run in this pass Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #271
87 lines
3.4 KiB
PHP
87 lines
3.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\AuditLog;
|
|
use App\Models\OperationRun;
|
|
use App\Services\OperationRunService;
|
|
use App\Support\Operations\ExecutionAuthorityMode;
|
|
use App\Support\Operations\ExecutionDenialReasonCode;
|
|
use App\Support\Operations\QueuedExecutionContext;
|
|
use App\Support\Operations\QueuedExecutionLegitimacyDecision;
|
|
use App\Support\Verification\VerificationReportSchema;
|
|
|
|
it('writes a blocked terminal audit trail with execution denial context', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'user_id' => (int) $user->getKey(),
|
|
'initiator_name' => $user->name,
|
|
'type' => 'provider.connection.check',
|
|
'status' => 'queued',
|
|
'outcome' => 'pending',
|
|
'summary_counts' => [
|
|
'total' => '4',
|
|
'bogus_key' => 'ignored',
|
|
],
|
|
]);
|
|
|
|
$context = new QueuedExecutionContext(
|
|
run: $run,
|
|
operationType: 'provider.connection.check',
|
|
workspaceId: (int) $tenant->workspace_id,
|
|
tenant: $tenant,
|
|
initiator: $user,
|
|
authorityMode: ExecutionAuthorityMode::ActorBound,
|
|
requiredCapability: 'providers.view',
|
|
providerConnectionId: 123,
|
|
targetScope: [
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'provider_connection_id' => 123,
|
|
],
|
|
);
|
|
|
|
$decision = QueuedExecutionLegitimacyDecision::deny(
|
|
context: $context,
|
|
checks: [
|
|
'workspace_scope' => 'passed',
|
|
'tenant_scope' => 'failed',
|
|
'capability' => 'not_applicable',
|
|
'tenant_operability' => 'not_applicable',
|
|
'execution_prerequisites' => 'not_applicable',
|
|
],
|
|
reasonCode: ExecutionDenialReasonCode::InitiatorNotEntitled,
|
|
);
|
|
|
|
app(OperationRunService::class)->finalizeExecutionLegitimacyBlockedRun($run, $decision);
|
|
|
|
$run->refresh();
|
|
|
|
$audit = AuditLog::query()
|
|
->where('operation_run_id', (int) $run->getKey())
|
|
->latest('id')
|
|
->first();
|
|
|
|
$report = data_get($run->context, 'verification_report');
|
|
|
|
expect($audit)->not->toBeNull()
|
|
->and($audit?->action)->toBe('operation.blocked')
|
|
->and($audit?->status)->toBe('blocked')
|
|
->and($audit?->summary)->toContain('blocked')
|
|
->and(data_get($audit?->metadata, 'operation_type'))->toBe('provider.connection.check')
|
|
->and(data_get($audit?->metadata, 'failure_summary.0.reason_code'))->toBe('initiator_not_entitled')
|
|
->and(data_get($audit?->metadata, 'target_scope.provider_connection_id'))->toBe(123)
|
|
->and(data_get($audit?->metadata, 'denial_class'))->toBe('initiator_invalid')
|
|
->and(data_get($audit?->metadata, 'authority_mode'))->toBe('actor_bound')
|
|
->and(data_get($audit?->metadata, 'acting_identity_type'))->toBe('user')
|
|
->and($run->summary_counts)->toBe(['total' => 4])
|
|
->and($report)->toBeArray()
|
|
->and(VerificationReportSchema::isValidReport($report))->toBeTrue()
|
|
->and(data_get($report, 'checks.0.key'))->toBe('provider.connection.check')
|
|
->and(data_get($report, 'summary.overall'))->toBe('blocked')
|
|
->and(data_get($report, 'checks.0.message'))->toBe(ExecutionDenialReasonCode::InitiatorNotEntitled->message());
|
|
});
|