feat(phase-11): implement Red/Blue business logic services (T-106, T-107, T-108)

T-106: Create test_workflow_service.py with state-machine transitions for the complete test lifecycle (draft -> red_executing -> blue_evaluating -> in_review -> validated/rejected), dual validation by Red/Blue leads, and reopen capability with field cleanup.

T-107: Update status_service.py to use detection_result from Blue Team instead of legacy result field, and differentiate between partial progress (some validated) vs all-in-progress states.

T-108: Create atomic_import_service.py that downloads the Atomic Red Team repo as a ZIP (avoiding API rate limits), parses all atomics YAML files, and creates idempotent TestTemplate records mapped to MITRE techniques.

Includes validation tests for all three tasks (19 checks total).

backend/app/schemas/__init__.py

@@ -14,9 +14,20 @@ from app.schemas.test import (
     TestOut,
     TestUpdate,
     TestValidate,
+    TestRedUpdate,
+    TestBlueUpdate,
+    TestRedValidate,
+    TestBlueValidate,
 )
 
-from app.schemas.evidence import EvidenceOut
+from app.schemas.evidence import EvidenceOut, EvidenceUpload
+
+from app.schemas.test_template import (
+    TestTemplateOut,
+    TestTemplateCreate,
+    TestTemplateSummary,
+    TestTemplateInstantiate,
+)
 
 __all__ = [
     # Auth
@@ -33,6 +44,16 @@ __all__ = [
     "TestOut",
     "TestUpdate",
     "TestValidate",
+    "TestRedUpdate",
+    "TestBlueUpdate",
+    "TestRedValidate",
+    "TestBlueValidate",
     # Evidence
     "EvidenceOut",
+    "EvidenceUpload",
+    # Test Template
+    "TestTemplateOut",
+    "TestTemplateCreate",
+    "TestTemplateSummary",
+    "TestTemplateInstantiate",
 ]

backend/app/schemas/evidence.py

@@ -5,6 +5,8 @@ from datetime import datetime
 
 from pydantic import BaseModel, ConfigDict
 
+from app.models.enums import TeamSide
+
 
 class EvidenceOut(BaseModel):
     """Representation of an evidence record returned by the API.
@@ -18,6 +20,15 @@ class EvidenceOut(BaseModel):
     sha256_hash: str
     uploaded_by: uuid.UUID | None = None
     uploaded_at: datetime | None = None
+    team: TeamSide = TeamSide.red
+    notes: str | None = None
     download_url: str | None = None
 
     model_config = ConfigDict(from_attributes=True)
+
+
+class EvidenceUpload(BaseModel):
+    """Metadata sent alongside an evidence file upload."""
+
+    team: TeamSide
+    notes: str | None = None

backend/app/schemas/test.py

@@ -10,6 +10,7 @@ from app.models.enums import TestResult, TestState
 
 # ── Create ──────────────────────────────────────────────────────────
 
+
 class TestCreate(BaseModel):
     """Payload for creating a new test."""
 
@@ -21,7 +22,8 @@ class TestCreate(BaseModel):
     tool_used: str | None = None
 
 
-# ── Update ──────────────────────────────────────────────────────────
+# ── Update (general) ───────────────────────────────────────────────
+
 
 class TestUpdate(BaseModel):
     """Payload for partially updating an existing test.
@@ -35,8 +37,63 @@ class TestUpdate(BaseModel):
     result: TestResult | None = None
 
 
+# ── Red Team update ────────────────────────────────────────────────
+
+
+class TestRedUpdate(BaseModel):
+    """Fields that Red Team fills in during the red_executing phase."""
+
+    name: str | None = None
+    description: str | None = None
+    procedure_text: str | None = None
+    tool_used: str | None = None
+    attack_success: bool | None = None
+    red_summary: str | None = None
+
+
+# ── Blue Team update ───────────────────────────────────────────────
+
+
+class TestBlueUpdate(BaseModel):
+    """Fields that Blue Team fills in during the blue_evaluating phase."""
+
+    detection_result: TestResult | None = None
+    blue_summary: str | None = None
+
+
+# ── Red Lead validation ────────────────────────────────────────────
+
+
+class TestRedValidate(BaseModel):
+    """Payload sent by Red Lead to approve/reject the red side."""
+
+    red_validation_status: str   # "approved" or "rejected"
+    red_validation_notes: str | None = None
+
+
+# ── Blue Lead validation ───────────────────────────────────────────
+
+
+class TestBlueValidate(BaseModel):
+    """Payload sent by Blue Lead to approve/reject the blue side."""
+
+    blue_validation_status: str   # "approved" or "rejected"
+    blue_validation_notes: str | None = None
+
+
+# ── Legacy validate (kept for backwards compat) ────────────────────
+
+
+class TestValidate(BaseModel):
+    """Payload sent by a reviewer to validate / reject a test."""
+
+    result: TestResult
+    comments: str | None = None
+
+
 # ── Read (full) ─────────────────────────────────────────────────────
 
+
 class TestOut(BaseModel):
     """Complete representation returned by the API."""
 
@@ -51,17 +108,22 @@ class TestOut(BaseModel):
     created_by: uuid.UUID | None = None
     result: TestResult | None = None
     state: TestState = TestState.draft
-    validated_by: uuid.UUID | None = None
-    validated_at: datetime | None = None
     created_at: datetime | None = None
 
+    # Red Team fields
+    red_summary: str | None = None
+    attack_success: bool | None = None
+    red_validated_by: uuid.UUID | None = None
+    red_validated_at: datetime | None = None
+    red_validation_status: str | None = None
+    red_validation_notes: str | None = None
+
+    # Blue Team fields
+    blue_summary: str | None = None
+    detection_result: TestResult | None = None
+    blue_validated_by: uuid.UUID | None = None
+    blue_validated_at: datetime | None = None
+    blue_validation_status: str | None = None
+    blue_validation_notes: str | None = None
+
     model_config = ConfigDict(from_attributes=True)
-
-
-# ── Validate ────────────────────────────────────────────────────────
-
-class TestValidate(BaseModel):
-    """Payload sent by a reviewer to validate / reject a test."""
-
-    result: TestResult
-    comments: str | None = None

backend/app/schemas/test_template.py

@@ -0,0 +1,75 @@
+"""Pydantic schemas for TestTemplate endpoints."""
+
+import uuid
+from datetime import datetime
+
+from pydantic import BaseModel, ConfigDict
+
+
+# ── Full output ─────────────────────────────────────────────────────
+
+
+class TestTemplateOut(BaseModel):
+    """Complete representation of a test template."""
+
+    id: uuid.UUID
+    mitre_technique_id: str
+    name: str
+    description: str | None = None
+    source: str
+    source_url: str | None = None
+    attack_procedure: str | None = None
+    expected_detection: str | None = None
+    platform: str | None = None
+    tool_suggested: str | None = None
+    severity: str | None = None
+    atomic_test_id: str | None = None
+    is_active: bool = True
+    created_at: datetime | None = None
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+# ── Create ──────────────────────────────────────────────────────────
+
+
+class TestTemplateCreate(BaseModel):
+    """Payload for creating a custom test template."""
+
+    mitre_technique_id: str
+    name: str
+    description: str | None = None
+    source: str = "custom"
+    source_url: str | None = None
+    attack_procedure: str | None = None
+    expected_detection: str | None = None
+    platform: str | None = None
+    tool_suggested: str | None = None
+    severity: str | None = None
+    atomic_test_id: str | None = None
+
+
+# ── Summary (for listings) ─────────────────────────────────────────
+
+
+class TestTemplateSummary(BaseModel):
+    """Lightweight representation for listing templates."""
+
+    id: uuid.UUID
+    mitre_technique_id: str
+    name: str
+    source: str
+    platform: str | None = None
+    severity: str | None = None
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+# ── Instantiate (create a real Test from a template) ────────────────
+
+
+class TestTemplateInstantiate(BaseModel):
+    """Payload to create a real test from an existing template."""
+
+    template_id: uuid.UUID
+    technique_id: uuid.UUID