ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
c86b399b43
TenantAtlas/apps/platform/tests/Unit/Operations/OperationLifecyclePolicyValidatorTest.php
ahmido c86b399b43
Some checks failed
Main Confidence / confidence (push) Failing after 53s
Details
feat(219): Finding ownership semantics + LEAN-001 constitution + backup_set unification (#256) 
## Summary

This PR delivers three related improvements:

### 1. Finding Ownership Semantics (Spec 219)
- Add responsibility/accountability labels to findings and finding exceptions
- `owner_user_id` = accountable party (governance owner)
- `assignee_user_id` = responsible party (technical implementer)
- Expose Assign/Reassign actions in FindingResource with audit logging
- Add ownership columns and filters to finding list
- Propagate owner from finding to exception on creation
- Tests: ownership semantics, assignment audit, workflow actions

### 2. Constitution v2.7.0 — LEAN-001 Pre-Production Lean Doctrine
- New principle forbidding legacy aliases, migration shims, dual-write logic, and compatibility fixtures in a pre-production codebase
- AI-agent 4-question verification gate before adding any compatibility path
- Review rule: compatibility shims without answering the gate questions = merge blocker
- Exit condition: LEAN-001 expires at first production deployment
- Spec template: added default "Compatibility posture" block
- Agent instructions: added "Pre-production compatibility check" section

### 3. Backup Set Operation Type Unification
- Unified `backup_set.add_policies` and `backup_set.remove_policies` into single canonical `backup_set.update`
- Removed all legacy aliases, constants, and test fixtures
- Added lifecycle coverage for `backup_set.update` in config
- Updated all 14+ test files referencing legacy types

### Spec Artifacts
- `specs/219-finding-ownership-semantics/` — full spec, plan, tasks, research, data model, contracts, checklist

### Tests
- All affected tests pass (OperationCatalog, backup set, finding workflow, ownership semantics)

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #256
2026-04-20 17:54:33 +00:00

49 lines
2.0 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Services\Operations\OperationLifecyclePolicyValidator;
use App\Support\Operations\OperationLifecyclePolicy;
it('exposes the exact covered v1 lifecycle operation set', function (): void {
$types = app(OperationLifecyclePolicy::class)->coveredTypeNames();
expect($types)->toBe([
'baseline_capture',
'baseline_compare',
'inventory_sync',
'policy.sync',
'policy.sync_one',
'entra_group_sync',
'directory_role_definitions.sync',
'backup_set.update',
'backup_schedule_run',
'restore.execute',
'tenant.review_pack.generate',
'tenant.review.compose',
'tenant.evidence.snapshot.generate',
]);
});
it('requires direct failed-job bridges for lifecycle policy entries that declare them', function (): void {
$validator = app(OperationLifecyclePolicyValidator::class);
expect($validator->jobUsesDirectFailedBridge('baseline_capture'))->toBeTrue()
->and($validator->jobUsesDirectFailedBridge('baseline_compare'))->toBeTrue()
->and($validator->jobUsesDirectFailedBridge('inventory_sync'))->toBeTrue()
->and($validator->jobUsesDirectFailedBridge('policy.sync'))->toBeTrue()
->and($validator->jobUsesDirectFailedBridge('tenant.review.compose'))->toBeTrue()
->and($validator->jobUsesDirectFailedBridge('backup_schedule_run'))->toBeFalse();
});
it('requires explicit timeout and fail-on-timeout declarations for covered jobs', function (): void {
$validator = app(OperationLifecyclePolicyValidator::class);
expect($validator->jobTimeoutSeconds('baseline_capture'))->toBe(300)
->and($validator->jobFailsOnTimeout('baseline_capture'))->toBeTrue()
->and($validator->jobTimeoutSeconds('backup_set.update'))->toBe(240)
->and($validator->jobFailsOnTimeout('backup_set.update'))->toBeTrue()
->and($validator->jobTimeoutSeconds('restore.execute'))->toBe(420)
->and($validator->jobFailsOnTimeout('restore.execute'))->toBeTrue();
});
Reference in New Issue View Git Blame Copy Permalink