ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
c01cdcd3b5
TenantAtlas/app/Support/OpsUx/OperationUxPresenter.php
ahmido cd811cff4f Spec 120: harden secret redaction integrity (#146) 
## Summary
- replace broad substring-based masking with a shared exact/path-based secret classifier and workspace-scoped fingerprint hashing
- persist protected snapshot metadata on `policy_versions` and keep secret-only changes visible in compare, drift, restore, review, verification, and ops surfaces
- add Spec 120 artifacts, audit documentation, and focused Pest regression coverage for snapshot, audit, verification, review-pack, and notification behavior

## Validation
- `vendor/bin/sail artisan test --compact tests/Feature/Intune/PolicySnapshotRedactionTest.php tests/Feature/Intune/PolicySnapshotFingerprintIsolationTest.php tests/Feature/ReviewPack/ReviewPackRedactionIntegrityTest.php tests/Feature/OpsUx/OperationRunNotificationRedactionTest.php tests/Feature/Verification/VerificationReportViewerDbOnlyTest.php`
- `vendor/bin/sail bin pint --dirty --format agent`

## Spec / checklist status
| Checklist | Total | Completed | Incomplete | Status |
|-----------|-------|-----------|------------|--------|
| requirements.md | 16 | 16 | 0 | ✓ PASS |

- `tasks.md`: T001-T032 complete
- `tasks.md`: T033 manual quickstart validation is still open and noted for follow-up

## Filament / platform notes
- Livewire v4 compliance is unchanged
- no panel provider changes; `bootstrap/providers.php` remains the registration location
- no new globally searchable resources were introduced, so global search requirements are unchanged
- no new destructive Filament actions were added
- no new Filament assets were added; no `filament:assets` deployment change is required

## Testing coverage touched
- snapshot persistence and fingerprint isolation
- compare/drift protected-change evidence
- audit, verification, review-pack, ops-failure, and notification sanitization
- viewer/read-only Filament presentation updates

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #146
2026-03-07 16:43:01 +00:00

130 lines
4.1 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Support\OpsUx;
use App\Models\OperationRun;
use App\Models\Tenant;
use App\Support\OperationCatalog;
use App\Support\RedactionIntegrity;
use Filament\Notifications\Notification as FilamentNotification;
final class OperationUxPresenter
{
public const int QUEUED_TOAST_DURATION_MS = 4000;
public const int FAILURE_MESSAGE_MAX_CHARS = 140;
/**
* Queued intent feedback toast (ephemeral, not persisted).
*/
public static function queuedToast(string $operationType): FilamentNotification
{
$operationLabel = OperationCatalog::label($operationType);
return FilamentNotification::make()
->title("{$operationLabel} queued")
->body('Running in the background.')
->warning()
->duration(self::QUEUED_TOAST_DURATION_MS);
}
/**
* Canonical dedupe feedback when a matching run is already active.
*/
public static function alreadyQueuedToast(string $operationType): FilamentNotification
{
$operationLabel = OperationCatalog::label($operationType);
return FilamentNotification::make()
->title("{$operationLabel} already queued")
->body('A matching run is already queued or running.')
->info()
->duration(self::QUEUED_TOAST_DURATION_MS);
}
/**
* Terminal DB notification payload.
*
* Note: We intentionally return the built Filament notification builder to
* keep DB formatting consistent with existing Notification classes.
*/
public static function terminalDatabaseNotification(OperationRun $run, ?Tenant $tenant = null): FilamentNotification
{
$operationLabel = OperationCatalog::label((string) $run->type);
$uxStatus = OperationStatusNormalizer::toUxStatus($run->status, $run->outcome);
$titleSuffix = match ($uxStatus) {
'succeeded' => 'completed',
'partial' => 'completed with warnings',
default => 'failed',
};
$body = match ($uxStatus) {
'succeeded' => 'Completed successfully.',
'partial' => 'Completed with warnings.',
default => 'Failed.',
};
if ($uxStatus === 'failed') {
$failureMessage = (string) (($run->failure_summary[0]['message'] ?? '') ?? '');
$failureMessage = self::sanitizeFailureMessage($failureMessage);
if ($failureMessage !== null) {
$body = $body.' '.$failureMessage;
}
}
$summary = SummaryCountsNormalizer::renderSummaryLine(is_array($run->summary_counts) ? $run->summary_counts : []);
if ($summary !== null) {
$body = $body."\n".$summary;
}
$integritySummary = RedactionIntegrity::noteForRun($run);
if (is_string($integritySummary) && trim($integritySummary) !== '') {
$body = $body."\n".trim($integritySummary);
}
$status = match ($uxStatus) {
'succeeded' => 'success',
'partial' => 'warning',
default => 'danger',
};
$notification = FilamentNotification::make()
->title("{$operationLabel} {$titleSuffix}")
->body($body)
->status($status);
if ($tenant instanceof Tenant) {
$notification->actions([
\Filament\Actions\Action::make('view')
->label('View run')
->url(OperationRunUrl::view($run, $tenant)),
]);
}
return $notification;
}
private static function sanitizeFailureMessage(string $failureMessage): ?string
{
$failureMessage = trim($failureMessage);
if ($failureMessage === '') {
return null;
}
$failureMessage = RunFailureSanitizer::sanitizeMessage($failureMessage);
if (mb_strlen($failureMessage) > self::FAILURE_MESSAGE_MAX_CHARS) {
$failureMessage = mb_substr($failureMessage, 0, self::FAILURE_MESSAGE_MAX_CHARS - 1).'…';
}
return $failureMessage !== '' ? $failureMessage : null;
}
}
Reference in New Issue View Git Blame Copy Permalink