ahmido
421261a517
Some checks failed
Main Confidence / confidence (push) Failing after 48s
## Summary - implement the finding outcome taxonomy end-to-end with canonical resolve, close, reopen, and verification semantics - align finding UI, filters, audit metadata, review summaries, and export/read-model consumers to the shared outcome semantics - add focused Pest coverage and complete the spec artifacts for feature 231 ## Details - manual resolve is limited to the canonical `remediated` outcome - close and reopen flows now use bounded canonical reasons - trusted system clear and reopen distinguish verified-clear from verification-failed and recurrence paths - duplicate lifecycle backfill now closes findings canonically as `duplicate` - accepted-risk recording now uses the canonical `accepted_risk` reason - finding detail and list surfaces now expose terminal outcome and verification summaries - review, snapshot, and review-pack consumers now propagate the same outcome buckets ## Filament / Platform Contract - Livewire v4.0+ compatibility remains intact - provider registration is unchanged and remains in `bootstrap/providers.php` - no new globally searchable resource was introduced; `FindingResource` still has a View page and `TenantReviewResource` remains globally searchable false - lifecycle mutations still run through confirmed Filament actions with capability enforcement - no new asset family was added; the existing `filament:assets` deploy step is unchanged ## Verification - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Findings/FindingWorkflowServiceTest.php tests/Feature/Findings/FindingRecurrenceTest.php tests/Feature/Findings/FindingsListFiltersTest.php tests/Feature/Filament/FindingResolvedReferencePresentationTest.php tests/Feature/Findings/FindingOutcomeSummaryReportingTest.php tests/Feature/Findings/FindingRiskGovernanceProjectionTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Findings tests/Feature/Filament/FindingResolvedReferencePresentationTest.php tests/Feature/Models/FindingResolvedTest.php tests/Unit/Findings/FindingWorkflowServiceTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php tests/Feature/TenantReview/TenantReviewRegisterTest.php tests/Feature/ReviewPack/TenantReviewDerivedReviewPackTest.php` - browser smoke: `/admin/findings/my-work` -> finding detail resolve flow -> queue regression check passed ## Notes - this commit also includes the existing `.github/agents/copilot-instructions.md` workspace change that was already present in the worktree when all changes were committed Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #267
85 lines
3.5 KiB
PHP
85 lines
3.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\AuditLog;
|
|
use App\Models\Finding;
|
|
use App\Models\User;
|
|
use App\Services\Findings\FindingWorkflowService;
|
|
use App\Support\Findings\FindingOutcomeSemantics;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('writes sanitized audit entries for workflow mutations with before and after metadata', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$finding = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_NEW,
|
|
'evidence_jsonb' => [
|
|
'secret_token' => 'should-not-be-audited',
|
|
'payload' => ['x' => 'y'],
|
|
],
|
|
]);
|
|
|
|
$service = app(FindingWorkflowService::class);
|
|
|
|
$service->triage($finding, $tenant, $user);
|
|
$service->resolve($finding->refresh(), $tenant, $user, Finding::RESOLVE_REASON_REMEDIATED);
|
|
|
|
$audit = AuditLog::query()
|
|
->where('tenant_id', (int) $tenant->getKey())
|
|
->where('resource_type', 'finding')
|
|
->where('resource_id', (string) $finding->getKey())
|
|
->where('action', 'finding.resolved')
|
|
->latest('id')
|
|
->first();
|
|
|
|
expect($audit)->not->toBeNull();
|
|
expect((int) $audit->actor_id)->toBe((int) $user->getKey())
|
|
->and($audit->actor_email)->toBe($user->email)
|
|
->and(data_get($audit->metadata, 'finding_id'))->toBe((int) $finding->getKey())
|
|
->and(data_get($audit->metadata, 'before_status'))->toBe(Finding::STATUS_TRIAGED)
|
|
->and(data_get($audit->metadata, 'after_status'))->toBe(Finding::STATUS_RESOLVED)
|
|
->and(data_get($audit->metadata, 'resolved_reason'))->toBe(Finding::RESOLVE_REASON_REMEDIATED)
|
|
->and(data_get($audit->metadata, 'terminal_outcome_key'))->toBe(FindingOutcomeSemantics::OUTCOME_RESOLVED_PENDING_VERIFICATION)
|
|
->and(data_get($audit->metadata, 'verification_state'))->toBe(FindingOutcomeSemantics::VERIFICATION_PENDING)
|
|
->and(data_get($audit->metadata, 'before'))->toBeArray()
|
|
->and(data_get($audit->metadata, 'after'))->toBeArray()
|
|
->and(data_get($audit->metadata, 'evidence_jsonb'))->toBeNull()
|
|
->and(data_get($audit->metadata, 'before.evidence_jsonb'))->toBeNull()
|
|
->and(data_get($audit->metadata, 'after.evidence_jsonb'))->toBeNull();
|
|
});
|
|
|
|
it('writes assignment audit entries without evidence payloads', function (): void {
|
|
[$owner, $tenant] = createUserWithTenant(role: 'owner');
|
|
$assignee = User::factory()->create();
|
|
createUserWithTenant(tenant: $tenant, user: $assignee, role: 'operator');
|
|
|
|
$finding = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
app(FindingWorkflowService::class)->assign(
|
|
finding: $finding,
|
|
tenant: $tenant,
|
|
actor: $owner,
|
|
assigneeUserId: (int) $assignee->getKey(),
|
|
ownerUserId: (int) $owner->getKey(),
|
|
);
|
|
|
|
$audit = AuditLog::query()
|
|
->where('tenant_id', (int) $tenant->getKey())
|
|
->where('action', 'finding.assigned')
|
|
->latest('id')
|
|
->first();
|
|
|
|
expect($audit)->not->toBeNull();
|
|
expect(data_get($audit->metadata, 'assignee_user_id'))->toBe((int) $assignee->getKey())
|
|
->and(data_get($audit->metadata, 'owner_user_id'))->toBe((int) $owner->getKey())
|
|
->and(data_get($audit->metadata, 'before'))->toBeArray()
|
|
->and(data_get($audit->metadata, 'after'))->toBeArray()
|
|
->and(data_get($audit->metadata, 'before.evidence_jsonb'))->toBeNull()
|
|
->and(data_get($audit->metadata, 'after.evidence_jsonb'))->toBeNull();
|
|
});
|