TenantAtlas/apps/platform/tests/Feature/Evidence/EvidenceSnapshotAuditLogTest.php

<?php

declare(strict_types=1);

use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
use App\Filament\Resources\EvidenceSnapshotResource;
use App\Models\AuditLog;
use App\Models\EvidenceSnapshot;
use App\Support\Audit\AuditActionId;
use App\Support\Evidence\EvidenceCompletenessState;
use App\Support\Evidence\EvidenceSnapshotStatus;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

it('records audit entries when a snapshot is queued and expired', function (): void {
    [$user, $tenant] = createUserWithTenant(role: 'owner');

    $snapshot = app(App\Services\Evidence\EvidenceSnapshotService::class)->generate($tenant, $user);

    $snapshot->update([
        'status' => EvidenceSnapshotStatus::Active->value,
        'completeness_state' => EvidenceCompletenessState::Complete->value,
    ]);

    app(App\Services\Evidence\EvidenceSnapshotService::class)->expire($snapshot, $user, 'Evidence basis is obsolete.');

    $expiredAudit = AuditLog::query()
        ->where('action', AuditActionId::EvidenceSnapshotExpired->value)
        ->latest('id')
        ->first();

    expect(AuditLog::query()->where('action', AuditActionId::EvidenceSnapshotCreated->value)->exists())->toBeTrue()
        ->and(AuditLog::query()->where('action', AuditActionId::EvidenceSnapshotExpired->value)->exists())->toBeTrue()
        ->and(data_get($expiredAudit?->metadata, 'reason'))->toBe('Evidence basis is obsolete.');
});

it('records audit entries when customer review proof is opened explicitly', function (): void {
    [$user, $tenant] = createUserWithTenant(role: 'readonly');

    $snapshot = EvidenceSnapshot::query()->create([
        'tenant_id' => (int) $tenant->getKey(),
        'workspace_id' => (int) $tenant->workspace_id,
        'status' => EvidenceSnapshotStatus::Active->value,
        'completeness_state' => EvidenceCompletenessState::Complete->value,
        'summary' => ['finding_count' => 1],
        'generated_at' => now(),
    ]);

    $this->actingAs($user)
        ->get(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshot], tenant: $tenant, panel: 'tenant').'?'.http_build_query([
            'source_surface' => CustomerReviewWorkspace::SOURCE_SURFACE,
        ]))
        ->assertOk();

    $audit = AuditLog::query()
        ->where('action', AuditActionId::EvidenceSnapshotOpened->value)
        ->latest('id')
        ->first();

    expect($audit)->not->toBeNull()
        ->and($audit?->resource_type)->toBe('evidence_snapshot')
        ->and(data_get($audit?->metadata, 'evidence_snapshot_id'))->toBe((int) $snapshot->getKey())
        ->and(data_get($audit?->metadata, 'source_surface'))->toBe(CustomerReviewWorkspace::SOURCE_SURFACE);
});