feat(phase-11): implement Red/Blue business logic services (T-106, T-107, T-108)

T-106: Create test_workflow_service.py with state-machine transitions for the complete test lifecycle (draft -> red_executing -> blue_evaluating -> in_review -> validated/rejected), dual validation by Red/Blue leads, and reopen capability with field cleanup.

T-107: Update status_service.py to use detection_result from Blue Team instead of legacy result field, and differentiate between partial progress (some validated) vs all-in-progress states.

T-108: Create atomic_import_service.py that downloads the Atomic Red Team repo as a ZIP (avoiding API rate limits), parses all atomics YAML files, and creates idempotent TestTemplate records mapped to MITRE techniques.

Includes validation tests for all three tasks (19 checks total).

backend/alembic/versions/b001_add_new_test_states.py

@@ -0,0 +1,32 @@
+"""add_new_test_states
+
+Revision ID: b001add0test
+Revises: a1412d1ef337
+Create Date: 2026-02-09 10:00:00.000000
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+
+
+# revision identifiers, used by Alembic.
+revision: str = 'b001add0test'
+down_revision: Union[str, Sequence[str], None] = 'a1412d1ef337'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Add red_executing and blue_evaluating values to the teststate enum."""
+    op.execute("ALTER TYPE teststate ADD VALUE IF NOT EXISTS 'red_executing' AFTER 'draft'")
+    op.execute("ALTER TYPE teststate ADD VALUE IF NOT EXISTS 'blue_evaluating' AFTER 'red_executing'")
+
+
+def downgrade() -> None:
+    """Downgrade: removing enum values in PostgreSQL requires recreating the type.
+
+    This is intentionally left as a no-op because dropping enum values is
+    destructive and rarely needed in practice.
+    """
+    pass

backend/alembic/versions/b002_add_evidence_team_notes.py

@@ -0,0 +1,46 @@
+"""add_evidence_team_and_notes
+
+Revision ID: b002evidteam
+Revises: b001add0test
+Create Date: 2026-02-09 10:01:00.000000
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+
+# revision identifiers, used by Alembic.
+revision: str = 'b002evidteam'
+down_revision: Union[str, Sequence[str], None] = 'b001add0test'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Create teamside enum and add team/notes columns to evidences."""
+    # Create the new enum type
+    teamside_enum = postgresql.ENUM('red', 'blue', name='teamside', create_type=False)
+    op.execute("CREATE TYPE teamside AS ENUM ('red', 'blue')")
+
+    # Add columns
+    op.add_column('evidences', sa.Column(
+        'team',
+        teamside_enum,
+        nullable=False,
+        server_default='red',
+    ))
+    op.add_column('evidences', sa.Column(
+        'notes',
+        sa.Text(),
+        nullable=True,
+    ))
+
+
+def downgrade() -> None:
+    """Remove team/notes columns and drop teamside enum."""
+    op.drop_column('evidences', 'notes')
+    op.drop_column('evidences', 'team')
+    op.execute("DROP TYPE IF EXISTS teamside")

backend/alembic/versions/b003_add_dual_validation_fields.py

@@ -0,0 +1,87 @@
+"""add_dual_validation_fields_to_tests
+
+Revision ID: b003dualvalid
+Revises: b002evidteam
+Create Date: 2026-02-09 10:02:00.000000
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+
+# revision identifiers, used by Alembic.
+revision: str = 'b003dualvalid'
+down_revision: Union[str, Sequence[str], None] = 'b002evidteam'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Drop legacy validated_by/validated_at and add dual validation columns."""
+    # Drop legacy single-validation columns
+    op.drop_constraint('tests_validated_by_fkey', 'tests', type_='foreignkey')
+    op.drop_column('tests', 'validated_by')
+    op.drop_column('tests', 'validated_at')
+
+    # ── Red Team fields ─────────────────────────────────────────
+    op.add_column('tests', sa.Column('red_summary', sa.Text(), nullable=True))
+    op.add_column('tests', sa.Column('attack_success', sa.Boolean(), nullable=True))
+    op.add_column('tests', sa.Column('red_validated_by', sa.UUID(), nullable=True))
+    op.add_column('tests', sa.Column('red_validated_at', sa.DateTime(), nullable=True))
+    op.add_column('tests', sa.Column('red_validation_status', sa.String(), nullable=True))
+    op.add_column('tests', sa.Column('red_validation_notes', sa.Text(), nullable=True))
+
+    # ── Blue Team fields ────────────────────────────────────────
+    op.add_column('tests', sa.Column('blue_summary', sa.Text(), nullable=True))
+    op.add_column('tests', sa.Column(
+        'detection_result',
+        postgresql.ENUM('detected', 'not_detected', 'partially_detected',
+                        name='testresult', create_type=False),
+        nullable=True,
+    ))
+    op.add_column('tests', sa.Column('blue_validated_by', sa.UUID(), nullable=True))
+    op.add_column('tests', sa.Column('blue_validated_at', sa.DateTime(), nullable=True))
+    op.add_column('tests', sa.Column('blue_validation_status', sa.String(), nullable=True))
+    op.add_column('tests', sa.Column('blue_validation_notes', sa.Text(), nullable=True))
+
+    # ── Foreign keys ────────────────────────────────────────────
+    op.create_foreign_key(
+        'fk_tests_red_validated_by', 'tests', 'users',
+        ['red_validated_by'], ['id'],
+    )
+    op.create_foreign_key(
+        'fk_tests_blue_validated_by', 'tests', 'users',
+        ['blue_validated_by'], ['id'],
+    )
+
+
+def downgrade() -> None:
+    """Reverse: drop dual validation columns and restore legacy columns."""
+    # Drop FKs
+    op.drop_constraint('fk_tests_blue_validated_by', 'tests', type_='foreignkey')
+    op.drop_constraint('fk_tests_red_validated_by', 'tests', type_='foreignkey')
+
+    # Drop new columns
+    op.drop_column('tests', 'blue_validation_notes')
+    op.drop_column('tests', 'blue_validation_status')
+    op.drop_column('tests', 'blue_validated_at')
+    op.drop_column('tests', 'blue_validated_by')
+    op.drop_column('tests', 'detection_result')
+    op.drop_column('tests', 'blue_summary')
+    op.drop_column('tests', 'red_validation_notes')
+    op.drop_column('tests', 'red_validation_status')
+    op.drop_column('tests', 'red_validated_at')
+    op.drop_column('tests', 'red_validated_by')
+    op.drop_column('tests', 'attack_success')
+    op.drop_column('tests', 'red_summary')
+
+    # Restore legacy columns
+    op.add_column('tests', sa.Column('validated_by', sa.UUID(), nullable=True))
+    op.add_column('tests', sa.Column('validated_at', sa.DateTime(), nullable=True))
+    op.create_foreign_key(
+        'tests_validated_by_fkey', 'tests', 'users',
+        ['validated_by'], ['id'],
+    )

backend/alembic/versions/b004_add_test_templates_table.py

@@ -0,0 +1,54 @@
+"""add_test_templates_table
+
+Revision ID: b004templates
+Revises: b003dualvalid
+Create Date: 2026-02-09 10:03:00.000000
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = 'b004templates'
+down_revision: Union[str, Sequence[str], None] = 'b003dualvalid'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Create the test_templates table with indexes."""
+    op.create_table(
+        'test_templates',
+        sa.Column('id', sa.UUID(), nullable=False, default=sa.text('gen_random_uuid()')),
+        sa.Column('mitre_technique_id', sa.String(), nullable=False),
+        sa.Column('name', sa.String(), nullable=False),
+        sa.Column('description', sa.Text(), nullable=True),
+        sa.Column('source', sa.String(), nullable=False),
+        sa.Column('source_url', sa.String(), nullable=True),
+        sa.Column('attack_procedure', sa.Text(), nullable=True),
+        sa.Column('expected_detection', sa.Text(), nullable=True),
+        sa.Column('platform', sa.String(), nullable=True),
+        sa.Column('tool_suggested', sa.String(), nullable=True),
+        sa.Column('severity', sa.String(), nullable=True),
+        sa.Column('atomic_test_id', sa.String(), nullable=True),
+        sa.Column('is_active', sa.Boolean(), nullable=True, server_default=sa.text('true')),
+        sa.Column('created_at', sa.DateTime(), nullable=True),
+        sa.PrimaryKeyConstraint('id'),
+    )
+
+    op.create_index('ix_test_templates_mitre_technique_id', 'test_templates', ['mitre_technique_id'])
+    op.create_index('ix_test_templates_source', 'test_templates', ['source'])
+    op.create_index('ix_test_templates_platform', 'test_templates', ['platform'])
+    op.create_index('ix_test_templates_severity', 'test_templates', ['severity'])
+
+
+def downgrade() -> None:
+    """Drop the test_templates table and its indexes."""
+    op.drop_index('ix_test_templates_severity', table_name='test_templates')
+    op.drop_index('ix_test_templates_platform', table_name='test_templates')
+    op.drop_index('ix_test_templates_source', table_name='test_templates')
+    op.drop_index('ix_test_templates_mitre_technique_id', table_name='test_templates')
+    op.drop_table('test_templates')

backend/alembic/versions/b005_add_v2_indexes.py

@@ -0,0 +1,55 @@
+"""add_v2_indexes
+
+Revision ID: b005v2indexes
+Revises: b004templates
+Create Date: 2026-02-09 10:04:00.000000
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+
+
+# revision identifiers, used by Alembic.
+revision: str = 'b005v2indexes'
+down_revision: Union[str, Sequence[str], None] = 'b004templates'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Create performance indexes for V2 queries."""
+    # ── Tests ───────────────────────────────────────────────────
+    op.create_index('ix_tests_state', 'tests', ['state'])
+    op.create_index('ix_tests_technique_id', 'tests', ['technique_id'])
+    op.create_index('ix_tests_created_by', 'tests', ['created_by'])
+    op.create_index('ix_tests_red_validation_status', 'tests', ['red_validation_status'])
+    op.create_index('ix_tests_blue_validation_status', 'tests', ['blue_validation_status'])
+
+    # ── Evidences ───────────────────────────────────────────────
+    op.create_index('ix_evidences_test_id', 'evidences', ['test_id'])
+    op.create_index('ix_evidences_team', 'evidences', ['team'])
+
+    # ── Techniques (if not already present from MVP) ────────────
+    op.create_index('ix_techniques_tactic', 'techniques', ['tactic'])
+    op.create_index('ix_techniques_status_global', 'techniques', ['status_global'])
+    op.create_index('ix_techniques_review_required', 'techniques', ['review_required'])
+
+
+def downgrade() -> None:
+    """Drop all V2 indexes."""
+    # Techniques
+    op.drop_index('ix_techniques_review_required', table_name='techniques')
+    op.drop_index('ix_techniques_status_global', table_name='techniques')
+    op.drop_index('ix_techniques_tactic', table_name='techniques')
+
+    # Evidences
+    op.drop_index('ix_evidences_team', table_name='evidences')
+    op.drop_index('ix_evidences_test_id', table_name='evidences')
+
+    # Tests
+    op.drop_index('ix_tests_blue_validation_status', table_name='tests')
+    op.drop_index('ix_tests_red_validation_status', table_name='tests')
+    op.drop_index('ix_tests_created_by', table_name='tests')
+    op.drop_index('ix_tests_technique_id', table_name='tests')
+    op.drop_index('ix_tests_state', table_name='tests')