ahmido
421261a517
Some checks failed
Main Confidence / confidence (push) Failing after 48s
## Summary - implement the finding outcome taxonomy end-to-end with canonical resolve, close, reopen, and verification semantics - align finding UI, filters, audit metadata, review summaries, and export/read-model consumers to the shared outcome semantics - add focused Pest coverage and complete the spec artifacts for feature 231 ## Details - manual resolve is limited to the canonical `remediated` outcome - close and reopen flows now use bounded canonical reasons - trusted system clear and reopen distinguish verified-clear from verification-failed and recurrence paths - duplicate lifecycle backfill now closes findings canonically as `duplicate` - accepted-risk recording now uses the canonical `accepted_risk` reason - finding detail and list surfaces now expose terminal outcome and verification summaries - review, snapshot, and review-pack consumers now propagate the same outcome buckets ## Filament / Platform Contract - Livewire v4.0+ compatibility remains intact - provider registration is unchanged and remains in `bootstrap/providers.php` - no new globally searchable resource was introduced; `FindingResource` still has a View page and `TenantReviewResource` remains globally searchable false - lifecycle mutations still run through confirmed Filament actions with capability enforcement - no new asset family was added; the existing `filament:assets` deploy step is unchanged ## Verification - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Findings/FindingWorkflowServiceTest.php tests/Feature/Findings/FindingRecurrenceTest.php tests/Feature/Findings/FindingsListFiltersTest.php tests/Feature/Filament/FindingResolvedReferencePresentationTest.php tests/Feature/Findings/FindingOutcomeSummaryReportingTest.php tests/Feature/Findings/FindingRiskGovernanceProjectionTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Findings tests/Feature/Filament/FindingResolvedReferencePresentationTest.php tests/Feature/Models/FindingResolvedTest.php tests/Unit/Findings/FindingWorkflowServiceTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php tests/Feature/TenantReview/TenantReviewRegisterTest.php tests/Feature/ReviewPack/TenantReviewDerivedReviewPackTest.php` - browser smoke: `/admin/findings/my-work` -> finding detail resolve flow -> queue regression check passed ## Notes - this commit also includes the existing `.github/agents/copilot-instructions.md` workspace change that was already present in the worktree when all changes were committed Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #267
115 lines
4.0 KiB
PHP
115 lines
4.0 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Resources\FindingResource;
|
|
use App\Models\BaselineProfile;
|
|
use App\Models\BaselineSnapshot;
|
|
use App\Models\Finding;
|
|
use App\Models\OperationRun;
|
|
use App\Models\Policy;
|
|
use App\Models\PolicyVersion;
|
|
use Filament\Facades\Filament;
|
|
|
|
it('renders finding related context with human labels before technical ids', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$profile = BaselineProfile::factory()->active()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'name' => 'Security Baseline',
|
|
]);
|
|
|
|
$snapshot = BaselineSnapshot::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
]);
|
|
|
|
$policy = Policy::factory()->for($tenant)->create([
|
|
'display_name' => 'Windows Lockdown',
|
|
]);
|
|
|
|
$version = PolicyVersion::factory()->for($tenant)->create([
|
|
'policy_id' => (int) $policy->getKey(),
|
|
'version_number' => 3,
|
|
]);
|
|
|
|
$run = OperationRun::factory()->for($tenant)->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => 'baseline_compare',
|
|
]);
|
|
|
|
$finding = Finding::factory()->for($tenant)->create([
|
|
'current_operation_run_id' => (int) $run->getKey(),
|
|
'evidence_jsonb' => [
|
|
'current' => [
|
|
'policy_version_id' => (int) $version->getKey(),
|
|
],
|
|
'provenance' => [
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'compare_operation_run_id' => (int) $run->getKey(),
|
|
],
|
|
],
|
|
]);
|
|
|
|
$this->get(FindingResource::getUrl('view', ['record' => $finding], tenant: $tenant))
|
|
->assertOk()
|
|
->assertSee('Security Baseline')
|
|
->assertSee('Baseline snapshot #'.$snapshot->getKey())
|
|
->assertSee('Windows Lockdown')
|
|
->assertSee('Version 3')
|
|
->assertSee('Baseline compare')
|
|
->assertSee('Operation #'.$run->getKey());
|
|
});
|
|
|
|
it('shows canonical manual terminal outcome and verification labels on finding detail', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$finding = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_RESOLVED,
|
|
'resolved_reason' => Finding::RESOLVE_REASON_REMEDIATED,
|
|
'resolved_at' => now()->subHour(),
|
|
]);
|
|
|
|
$this->get(FindingResource::getUrl('view', ['record' => $finding], tenant: $tenant))
|
|
->assertOk()
|
|
->assertSee('Terminal outcome')
|
|
->assertSee('Resolved pending verification')
|
|
->assertSee('Verification')
|
|
->assertSee('Pending verification')
|
|
->assertSee('Resolved reason')
|
|
->assertSee('Remediated');
|
|
});
|
|
|
|
it('shows verified clear and administrative closure labels on finding detail', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$verifiedFinding = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_RESOLVED,
|
|
'resolved_reason' => Finding::RESOLVE_REASON_NO_LONGER_DRIFTING,
|
|
'resolved_at' => now()->subHour(),
|
|
]);
|
|
|
|
$closedFinding = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_CLOSED,
|
|
'closed_reason' => Finding::CLOSE_REASON_DUPLICATE,
|
|
'closed_at' => now()->subHour(),
|
|
]);
|
|
|
|
$this->get(FindingResource::getUrl('view', ['record' => $verifiedFinding], tenant: $tenant))
|
|
->assertOk()
|
|
->assertSee('Verified cleared')
|
|
->assertSee('No longer drifting');
|
|
|
|
$this->get(FindingResource::getUrl('view', ['record' => $closedFinding], tenant: $tenant))
|
|
->assertOk()
|
|
->assertSee('Closed as duplicate')
|
|
->assertSee('Duplicate');
|
|
});
|