ahmido
ec71c2d4e7
## Summary - harden finding lifecycle changes behind the canonical `FindingWorkflowService` gateway - route automated resolve and reopen flows through the same audited workflow path - tighten tenant and workspace scope checks on finding actions and audit visibility - add focused spec artifacts, workflow regression coverage, automation coverage, and audit visibility tests - update legacy finding model tests to use the workflow service after direct lifecycle mutators were removed ## Testing - `vendor/bin/sail bin pint --dirty --format agent` - focused findings and audit slices passed during implementation - `vendor/bin/sail artisan test --compact tests/Feature/Models/FindingResolvedTest.php` - full repository suite passed: `2757 passed`, `8 skipped`, `14448 assertions` ## Notes - Livewire v4.0+ compliance preserved - no new Filament assets or panel providers introduced; provider registration remains in `bootstrap/providers.php` - findings stay on existing Filament action surfaces, with destructive actions still confirmation-gated - no global search behavior was changed for findings resources Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #181
139 lines
3.0 KiB
YAML
139 lines
3.0 KiB
YAML
openapi: 3.1.0
|
|
info:
|
|
title: Finding Audit Event Metadata Schema
|
|
version: 0.1.0
|
|
components:
|
|
schemas:
|
|
FindingAuditMetadata:
|
|
type: object
|
|
required:
|
|
- finding_id
|
|
- before_status
|
|
- after_status
|
|
- before
|
|
- after
|
|
properties:
|
|
finding_id:
|
|
type: integer
|
|
before_status:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
after_status:
|
|
type: string
|
|
system_origin:
|
|
type:
|
|
- boolean
|
|
- 'null'
|
|
description: True when the lifecycle mutation was triggered by automation rather than a human actor.
|
|
resolved_reason:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
closed_reason:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
assignee_user_id:
|
|
type:
|
|
- integer
|
|
- 'null'
|
|
owner_user_id:
|
|
type:
|
|
- integer
|
|
- 'null'
|
|
triaged_at:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
format: date-time
|
|
in_progress_at:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
format: date-time
|
|
reopened_at:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
format: date-time
|
|
due_at:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
format: date-time
|
|
sla_days:
|
|
type:
|
|
- integer
|
|
- 'null'
|
|
before:
|
|
$ref: '#/components/schemas/FindingAuditSnapshot'
|
|
after:
|
|
$ref: '#/components/schemas/FindingAuditSnapshot'
|
|
additionalProperties: false
|
|
FindingAuditSnapshot:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
severity:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
due_at:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
format: date-time
|
|
sla_days:
|
|
type:
|
|
- integer
|
|
- 'null'
|
|
assignee_user_id:
|
|
type:
|
|
- integer
|
|
- 'null'
|
|
owner_user_id:
|
|
type:
|
|
- integer
|
|
- 'null'
|
|
triaged_at:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
format: date-time
|
|
in_progress_at:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
format: date-time
|
|
reopened_at:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
format: date-time
|
|
resolved_at:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
format: date-time
|
|
resolved_reason:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
closed_at:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
format: date-time
|
|
closed_reason:
|
|
type:
|
|
- string
|
|
- 'null'
|
|
closed_by_user_id:
|
|
type:
|
|
- integer
|
|
- 'null'
|
|
additionalProperties: false |