ahmido
a74ab12f04
## Summary - add the Evidence Snapshot domain with immutable tenant-scoped snapshots, per-dimension items, queued generation, audit actions, badge mappings, and Filament list/detail surfaces - add the workspace evidence overview, capability and policy wiring, Livewire update-path hardening, and review-pack integration through explicit evidence snapshot resolution - add spec 153 artifacts, migrations, factories, and focused Pest coverage for evidence, review-pack reuse, authorization, action-surface regressions, and audit behavior ## Testing - `vendor/bin/sail artisan test --compact --stop-on-failure` - `CI=1 vendor/bin/sail artisan test --compact` - `vendor/bin/sail bin pint --dirty --format agent` ## Notes - branch: `153-evidence-domain-foundation` - commit: `b7dfa279` - spec: `specs/153-evidence-domain-foundation/` Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #183
3.0 KiB
3.0 KiB
Quickstart: Evidence Domain Foundation
Goal
Validate that the application can capture, inspect, reuse, and expire immutable evidence snapshots built from existing internal governance artifacts.
Prerequisites
- Start Sail and ensure the application database is up.
- Apply migrations for the evidence snapshot tables.
- Ensure at least one tenant has existing data in these domains:
- findings
- stored permission posture report
- stored Entra admin roles report
- baseline/drift posture summary or equivalent run context
- recent operation runs
Happy-path validation
- Open
/admin/t/{tenant}/evidencefor an authorized tenant member. - Trigger
Create snapshot. - Confirm the UI shows queued intent feedback and a linked run.
- Follow the linked run in Monitoring and wait for the background run to complete.
- Open
/admin/t/{tenant}/evidence/{snapshot}and verify:- snapshot status is
active - snapshot completeness state matches the available inputs
- each first-slice evidence dimension appears exactly once
- stale or missing dimensions are explicitly marked
- the detail page links to the canonical run detail instead of rendering a separate progress surface
- snapshot status is
- Modify one live source artifact, such as a finding or stored report.
- Re-open the original snapshot and confirm its captured data did not change.
- Trigger
Refresh evidenceand confirm a new snapshot is created or the existing one is reused if the fingerprint is unchanged.
Authorization checks
- As a non-member, request the tenant evidence routes and confirm deny-as-not-found behavior.
- As an in-scope member without
evidence.manage, confirm listing/detail works withevidence.viewbutCreate snapshotandExpire snapshotare forbidden.
Downstream consumer validation
- Resolve tenant evidence through the new snapshot resolver from a downstream flow.
- Confirm the downstream flow receives either:
- an explicit eligible snapshot id, or
- an explicit missing/ineligible result
- Confirm no silent fallback to live ad hoc assembly occurs in covered consumers.
Focused test commands
vendor/bin/sail artisan test --compact tests/Feature/Evidence tests/Unit/Evidence tests/Feature/ReviewPack tests/Feature/ManagedTenants/AuthorizationSemanticsTest.php tests/Feature/Guards/ActionSurfaceContractTest.php
vendor/bin/sail bin pint --dirty --format agent
Suggested first test files
tests/Feature/Evidence/EvidenceSnapshotResourceTest.phptests/Feature/Evidence/EvidenceOverviewPageTest.phptests/Feature/Evidence/GenerateEvidenceSnapshotJobTest.phptests/Feature/Evidence/EvidenceSnapshotAuditLogTest.phptests/Feature/ManagedTenants/AuthorizationSemanticsTest.phptests/Feature/Guards/ActionSurfaceContractTest.phptests/Unit/Evidence/EvidenceSnapshotFingerprintTest.phptests/Unit/Evidence/EvidenceCompletenessEvaluatorTest.phptests/Unit/Evidence/EvidenceSnapshotResolverTest.phptests/Feature/ReviewPack/ReviewPackGenerationTest.php