TenantAtlas/apps/platform/app/Services/Evidence/Sources/FindingsSummarySource.php

<?php

declare(strict_types=1);

namespace App\Services\Evidence\Sources;

use App\Models\Finding;
use App\Models\Tenant;
use App\Services\Evidence\Contracts\EvidenceSourceProvider;
use App\Services\Findings\FindingRiskGovernanceResolver;
use App\Support\Findings\FindingOutcomeSemantics;
use App\Support\Evidence\EvidenceCompletenessState;

final class FindingsSummarySource implements EvidenceSourceProvider
{
    public function __construct(
        private readonly FindingRiskGovernanceResolver $governanceResolver,
        private readonly FindingOutcomeSemantics $findingOutcomeSemantics,
    ) {}

    public function key(): string
    {
        return 'findings_summary';
    }

    public function collect(Tenant $tenant): array
    {
        $findings = Finding::query()
            ->where('tenant_id', (int) $tenant->getKey())
            ->with('findingException.currentDecision')
            ->orderByDesc('updated_at')
            ->get();

        $latest = $findings->max('updated_at') ?? $findings->max('created_at');
        $entries = $findings->map(function (Finding $finding): array {
            $governanceState = $this->governanceResolver->resolveFindingState($finding, $finding->findingException);
            $governanceWarning = $this->governanceResolver->resolveWarningMessage($finding, $finding->findingException);
            $outcome = $this->findingOutcomeSemantics->describe($finding);

            return [
                'id' => (int) $finding->getKey(),
                'finding_type' => (string) $finding->finding_type,
                'severity' => (string) $finding->severity,
                'status' => (string) $finding->status,
                'title' => $finding->title,
                'description' => $finding->description,
                'created_at' => $finding->created_at?->toIso8601String(),
                'updated_at' => $finding->updated_at?->toIso8601String(),
                'verification_state' => $outcome['verification_state'],
                'report_bucket' => $outcome['report_bucket'],
                'terminal_outcome_key' => $outcome['terminal_outcome_key'],
                'terminal_outcome_label' => $outcome['label'],
                'terminal_outcome' => $outcome['terminal_outcome_key'] !== null ? [
                    'key' => $outcome['terminal_outcome_key'],
                    'label' => $outcome['label'],
                    'verification_state' => $outcome['verification_state'],
                    'report_bucket' => $outcome['report_bucket'],
                    'governance_state' => $governanceState,
                ] : null,
                'governance_state' => $governanceState,
                'governance_warning' => $governanceWarning,
            ];
        });
        $outcomeCounts = array_fill_keys($this->findingOutcomeSemantics->orderedOutcomeKeys(), 0);
        $reportBucketCounts = [
            'remediation_pending_verification' => 0,
            'remediation_verified' => 0,
            'administrative_closure' => 0,
            'accepted_risk' => 0,
        ];

        foreach ($entries as $entry) {
            $terminalOutcomeKey = $entry['terminal_outcome_key'] ?? null;
            $reportBucket = $entry['report_bucket'] ?? null;

            if (is_string($terminalOutcomeKey) && array_key_exists($terminalOutcomeKey, $outcomeCounts)) {
                $outcomeCounts[$terminalOutcomeKey]++;
            }

            if (is_string($reportBucket) && array_key_exists($reportBucket, $reportBucketCounts)) {
                $reportBucketCounts[$reportBucket]++;
            }
        }

        $riskAcceptedEntries = $entries->filter(
            static fn (array $entry): bool => ($entry['status'] ?? null) === Finding::STATUS_RISK_ACCEPTED,
        );
        $warningStates = [
            'expired_exception',
            'revoked_exception',
            'rejected_exception',
            'risk_accepted_without_valid_exception',
        ];

        $summary = [
            'count' => $findings->count(),
            'open_count' => $findings->filter(fn (Finding $finding): bool => $finding->hasOpenStatus())->count(),
            'severity_counts' => [
                'critical' => $findings->where('severity', Finding::SEVERITY_CRITICAL)->count(),
                'high' => $findings->where('severity', Finding::SEVERITY_HIGH)->count(),
                'medium' => $findings->where('severity', Finding::SEVERITY_MEDIUM)->count(),
                'low' => $findings->where('severity', Finding::SEVERITY_LOW)->count(),
            ],
            'risk_acceptance' => [
                'status_marked_count' => $riskAcceptedEntries->count(),
                'valid_governed_count' => $riskAcceptedEntries->filter(
                    static fn (array $entry): bool => in_array($entry['governance_state'] ?? null, ['valid_exception', 'expiring_exception'], true),
                )->count(),
                'warning_count' => $riskAcceptedEntries->filter(
                    static fn (array $entry): bool => in_array($entry['governance_state'] ?? null, $warningStates, true),
                )->count(),
                'expired_count' => $riskAcceptedEntries->where('governance_state', 'expired_exception')->count(),
                'revoked_count' => $riskAcceptedEntries->where('governance_state', 'revoked_exception')->count(),
                'missing_exception_count' => $riskAcceptedEntries->where('governance_state', 'risk_accepted_without_valid_exception')->count(),
            ],
            'outcome_counts' => $outcomeCounts,
            'report_bucket_counts' => $reportBucketCounts,
            'entries' => $entries->all(),
        ];

        return [
            'dimension_key' => $this->key(),
            'state' => $findings->isEmpty() ? EvidenceCompletenessState::Missing->value : EvidenceCompletenessState::Complete->value,
            'required' => true,
            'source_kind' => 'model_summary',
            'source_record_type' => 'finding',
            'source_record_id' => null,
            'source_fingerprint' => $findings->max('fingerprint'),
            'measured_at' => $latest,
            'freshness_at' => $latest,
            'summary_payload' => $summary,
            'fingerprint_payload' => $summary + ['latest' => $latest?->format(DATE_ATOM)],
            'sort_order' => 10,
        ];
    }
}