ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
c7b38606a9
TenantAtlas/apps/platform/app/Services/Evidence/Sources/FindingsSummarySource.php
ahmido 75ebade345 feat: implement provider-neutral artifact source taxonomy (#343) 
## Summary

Implements Spec 284 for provider-neutral artifact source taxonomy.

- add shared artifact source descriptor, resolver, taxonomy, and provider-detail support
- update findings, evidence snapshots, stored reports, inventory items, and tenant review surfaces to disclose descriptor-first artifact summaries
- add bounded Pest unit, feature, guard, and browser coverage for the taxonomy slice
- include the completed Spec 284 package artifacts under `specs/284-provider-neutral-artifact-source-taxonomy/`

## Notes

- branch: `284-provider-neutral-artifact-source-taxonomy`
- commit: `bf8d59e0`
- this PR was created as part of the requested commit/push/PR flow against `platform-dev`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #343
2026-05-08 23:47:31 +00:00

153 lines
7.4 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Services\Evidence\Sources;
use App\Models\Finding;
use App\Models\ManagedEnvironment;
use App\Services\Evidence\Contracts\EvidenceSourceProvider;
use App\Services\Findings\FindingRiskGovernanceResolver;
use App\Support\Findings\FindingOutcomeSemantics;
use App\Support\Evidence\EvidenceCompletenessState;
use App\Support\Artifacts\ArtifactSourceResolver;
final class FindingsSummarySource implements EvidenceSourceProvider
{
public function __construct(
private readonly FindingRiskGovernanceResolver $governanceResolver,
private readonly FindingOutcomeSemantics $findingOutcomeSemantics,
private readonly ArtifactSourceResolver $artifactSourceResolver,
) {}
public function key(): string
{
return 'findings_summary';
}
public function collect(ManagedEnvironment $tenant): array
{
$findings = Finding::query()
->where('managed_environment_id', (int) $tenant->getKey())
->with('findingException.currentDecision')
->orderByDesc('updated_at')
->get();
$latest = $findings->max('updated_at') ?? $findings->max('created_at');
$entries = $findings->map(function (Finding $finding): array {
$governanceState = $this->governanceResolver->resolveFindingState($finding, $finding->findingException);
$governanceWarning = $this->governanceResolver->resolveWarningMessage($finding, $finding->findingException);
$outcome = $this->findingOutcomeSemantics->describe($finding);
$descriptor = $this->artifactSourceResolver->forFinding($finding);
$providerDetail = $this->artifactSourceResolver->providerDetailForFinding($finding);
$canonicalControlResolution = $this->artifactSourceResolver->canonicalControlResolutionForFinding($finding);
return [
'id' => (int) $finding->getKey(),
'source_descriptor' => $descriptor->toArray(),
'provider_detail' => $providerDetail->toArray(),
'control_key' => $descriptor->controlKey,
'finding_type' => (string) $finding->finding_type,
'severity' => (string) $finding->severity,
'status' => (string) $finding->status,
'title' => $finding->title,
'description' => $finding->description,
'created_at' => $finding->created_at?->toIso8601String(),
'updated_at' => $finding->updated_at?->toIso8601String(),
'verification_state' => $outcome['verification_state'],
'report_bucket' => $outcome['report_bucket'],
'terminal_outcome_key' => $outcome['terminal_outcome_key'],
'terminal_outcome_label' => $outcome['label'],
'terminal_outcome' => $outcome['terminal_outcome_key'] !== null ? [
'key' => $outcome['terminal_outcome_key'],
'label' => $outcome['label'],
'verification_state' => $outcome['verification_state'],
'report_bucket' => $outcome['report_bucket'],
'governance_state' => $governanceState,
] : null,
'canonical_control_resolution' => $canonicalControlResolution,
'governance_state' => $governanceState,
'governance_warning' => $governanceWarning,
];
});
$outcomeCounts = array_fill_keys($this->findingOutcomeSemantics->orderedOutcomeKeys(), 0);
$reportBucketCounts = [
'remediation_pending_verification' => 0,
'remediation_verified' => 0,
'administrative_closure' => 0,
'accepted_risk' => 0,
];
foreach ($entries as $entry) {
$terminalOutcomeKey = $entry['terminal_outcome_key'] ?? null;
$reportBucket = $entry['report_bucket'] ?? null;
if (is_string($terminalOutcomeKey) && array_key_exists($terminalOutcomeKey, $outcomeCounts)) {
$outcomeCounts[$terminalOutcomeKey]++;
}
if (is_string($reportBucket) && array_key_exists($reportBucket, $reportBucketCounts)) {
$reportBucketCounts[$reportBucket]++;
}
}
$canonicalControls = $entries
->map(static fn (array $entry): mixed => data_get($entry, 'canonical_control_resolution.control'))
->filter(static fn (mixed $control): bool => is_array($control) && filled($control['control_key'] ?? null))
->unique(static fn (array $control): string => (string) $control['control_key'])
->values()
->all();
$riskAcceptedEntries = $entries->filter(
static fn (array $entry): bool => ($entry['status'] ?? null) === Finding::STATUS_RISK_ACCEPTED,
);
$warningStates = [
'expired_exception',
'revoked_exception',
'rejected_exception',
'risk_accepted_without_valid_exception',
];
$summary = [
'count' => $findings->count(),
'open_count' => $findings->filter(fn (Finding $finding): bool => $finding->hasOpenStatus())->count(),
'severity_counts' => [
'critical' => $findings->where('severity', Finding::SEVERITY_CRITICAL)->count(),
'high' => $findings->where('severity', Finding::SEVERITY_HIGH)->count(),
'medium' => $findings->where('severity', Finding::SEVERITY_MEDIUM)->count(),
'low' => $findings->where('severity', Finding::SEVERITY_LOW)->count(),
],
'risk_acceptance' => [
'status_marked_count' => $riskAcceptedEntries->count(),
'valid_governed_count' => $riskAcceptedEntries->filter(
static fn (array $entry): bool => in_array($entry['governance_state'] ?? null, ['valid_exception', 'expiring_exception'], true),
)->count(),
'warning_count' => $riskAcceptedEntries->filter(
static fn (array $entry): bool => in_array($entry['governance_state'] ?? null, $warningStates, true),
)->count(),
'expired_count' => $riskAcceptedEntries->where('governance_state', 'expired_exception')->count(),
'revoked_count' => $riskAcceptedEntries->where('governance_state', 'revoked_exception')->count(),
'missing_exception_count' => $riskAcceptedEntries->where('governance_state', 'risk_accepted_without_valid_exception')->count(),
],
'outcome_counts' => $outcomeCounts,
'report_bucket_counts' => $reportBucketCounts,
'canonical_controls' => $canonicalControls,
'entries' => $entries->all(),
];
return [
'dimension_key' => $this->key(),
'state' => $findings->isEmpty() ? EvidenceCompletenessState::Missing->value : EvidenceCompletenessState::Complete->value,
'required' => true,
'source_kind' => 'model_summary',
'source_record_type' => 'finding',
'source_record_id' => null,
'source_fingerprint' => $findings->max('fingerprint'),
'measured_at' => $latest,
'freshness_at' => $latest,
'summary_payload' => $summary,
'fingerprint_payload' => $summary + ['latest' => $latest?->format(DATE_ATOM)],
'sort_order' => 10,
];
}
}
Reference in New Issue View Git Blame Copy Permalink