ahmido
c86b399b43
Some checks failed
Main Confidence / confidence (push) Failing after 53s
## Summary This PR delivers three related improvements: ### 1. Finding Ownership Semantics (Spec 219) - Add responsibility/accountability labels to findings and finding exceptions - `owner_user_id` = accountable party (governance owner) - `assignee_user_id` = responsible party (technical implementer) - Expose Assign/Reassign actions in FindingResource with audit logging - Add ownership columns and filters to finding list - Propagate owner from finding to exception on creation - Tests: ownership semantics, assignment audit, workflow actions ### 2. Constitution v2.7.0 — LEAN-001 Pre-Production Lean Doctrine - New principle forbidding legacy aliases, migration shims, dual-write logic, and compatibility fixtures in a pre-production codebase - AI-agent 4-question verification gate before adding any compatibility path - Review rule: compatibility shims without answering the gate questions = merge blocker - Exit condition: LEAN-001 expires at first production deployment - Spec template: added default "Compatibility posture" block - Agent instructions: added "Pre-production compatibility check" section ### 3. Backup Set Operation Type Unification - Unified `backup_set.add_policies` and `backup_set.remove_policies` into single canonical `backup_set.update` - Removed all legacy aliases, constants, and test fixtures - Added lifecycle coverage for `backup_set.update` in config - Updated all 14+ test files referencing legacy types ### Spec Artifacts - `specs/219-finding-ownership-semantics/` — full spec, plan, tasks, research, data model, contracts, checklist ### Tests - All affected tests pass (OperationCatalog, backup set, finding workflow, ownership semantics) Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #256
104 lines
3.7 KiB
PHP
104 lines
3.7 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\BaselineProfile;
|
|
use App\Models\BaselineSnapshot;
|
|
use App\Models\Finding;
|
|
use App\Models\OperationRun;
|
|
use App\Models\Policy;
|
|
use App\Models\PolicyVersion;
|
|
use App\Support\Navigation\CrossResourceNavigationMatrix;
|
|
use App\Support\Navigation\RelatedNavigationResolver;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('resolves finding entries in matrix priority order', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$profile = BaselineProfile::factory()->active()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'name' => 'Security Baseline',
|
|
]);
|
|
|
|
$snapshot = BaselineSnapshot::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
]);
|
|
|
|
$policy = Policy::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'display_name' => 'Windows Lockdown',
|
|
]);
|
|
|
|
$version = PolicyVersion::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'policy_id' => (int) $policy->getKey(),
|
|
'version_number' => 3,
|
|
]);
|
|
|
|
$run = OperationRun::factory()->for($tenant)->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => 'baseline_compare',
|
|
]);
|
|
|
|
$finding = Finding::factory()->for($tenant)->create([
|
|
'current_operation_run_id' => (int) $run->getKey(),
|
|
'evidence_jsonb' => [
|
|
'current' => [
|
|
'policy_version_id' => (int) $version->getKey(),
|
|
],
|
|
'provenance' => [
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'compare_operation_run_id' => (int) $run->getKey(),
|
|
],
|
|
],
|
|
]);
|
|
|
|
$entries = app(RelatedNavigationResolver::class)
|
|
->detailEntries(CrossResourceNavigationMatrix::SOURCE_FINDING, $finding);
|
|
|
|
expect(collect($entries)->pluck('key')->take(4)->values()->all())
|
|
->toBe(['baseline_snapshot', 'source_run', 'current_policy_version', 'parent_policy'])
|
|
->and(collect($entries)->firstWhere('key', 'baseline_snapshot')['targetUrl'])
|
|
->toContain('/admin/baseline-snapshots/')
|
|
->and(collect($entries)->firstWhere('key', 'source_run')['label'])
|
|
->toBe('Operation')
|
|
->and(collect($entries)->firstWhere('key', 'source_run')['actionLabel'])
|
|
->toBe('Open operation')
|
|
->and(collect($entries)->firstWhere('key', 'source_run')['targetUrl'])
|
|
->toContain('/admin/operations/');
|
|
});
|
|
|
|
it('picks the highest priority list action for backup sets', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$backupSet = \App\Models\BackupSet::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'name' => 'Nightly backup',
|
|
]);
|
|
|
|
$run = OperationRun::factory()->for($tenant)->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => 'backup_set.update',
|
|
'context' => [
|
|
'backup_set_id' => (int) $backupSet->getKey(),
|
|
],
|
|
]);
|
|
|
|
$action = app(RelatedNavigationResolver::class)
|
|
->primaryListAction(CrossResourceNavigationMatrix::SOURCE_BACKUP_SET, $backupSet);
|
|
|
|
expect($action)->not->toBeNull()
|
|
->and($action?->label)->toBe('Operation')
|
|
->and($action?->actionLabel)->toBe('Open operation')
|
|
->and($action?->targetUrl)->toContain((string) $run->getKey());
|
|
});
|