feat(phase-11): implement Red/Blue business logic services (T-106, T-107, T-108)

T-106: Create test_workflow_service.py with state-machine transitions for the complete test lifecycle (draft -> red_executing -> blue_evaluating -> in_review -> validated/rejected), dual validation by Red/Blue leads, and reopen capability with field cleanup.

T-107: Update status_service.py to use detection_result from Blue Team instead of legacy result field, and differentiate between partial progress (some validated) vs all-in-progress states.

T-108: Create atomic_import_service.py that downloads the Atomic Red Team repo as a ZIP (avoiding API rate limits), parses all atomics YAML files, and creates idempotent TestTemplate records mapped to MITRE techniques.

Includes validation tests for all three tasks (19 checks total).

backend/app/services/status_service.py

@@ -1,36 +1,46 @@
 """Service for recalculating the global status of a Technique
-based on the state and result of its associated tests."""
+based on the state and result of its associated tests.
+
+V2 rules account for dual Red/Blue validation and use
+``detection_result`` (filled by Blue Team) instead of the legacy
+``result`` field.
+"""
 
 from sqlalchemy.orm import Session
 
-from app.models.enums import TechniqueStatus
+from app.models.enums import TechniqueStatus, TestState
 from app.models.technique import Technique
 
 
 def recalculate_technique_status(db: Session, technique: Technique) -> None:
     """Recompute ``technique.status_global`` from its tests and commit.
 
-    Rules
-    -----
-    - No tests → ``not_evaluated``
-    - Any test not yet ``validated`` → ``in_progress``
-    - All validated and all ``detected`` → ``validated``
-    - All validated and any ``partially_detected`` → ``partial``
-    - Otherwise → ``not_covered``
+    Rules (v2)
+    ----------
+    1. No tests → ``not_evaluated``
+    2. All tests ``validated`` → look at detection results:
+       - All ``detected`` → ``validated``
+       - Any ``partially_detected`` → ``partial``
+       - Otherwise → ``not_covered``
+    3. Some tests ``validated``, others still in progress → ``partial``
+    4. All tests in intermediate states (no validated) → ``in_progress``
     """
     tests = technique.tests
 
     if not tests:
         technique.status_global = TechniqueStatus.not_evaluated
-    elif any(t.state != "validated" for t in tests):
-        technique.status_global = TechniqueStatus.in_progress
-    else:
-        results = [t.result for t in tests]
-        if all(r == "detected" for r in results):
+    elif all(t.state == TestState.validated for t in tests):
+        # All validated — inspect detection results
+        results = [t.detection_result for t in tests if t.detection_result]
+        if results and all(str(r) == "detected" or r == "detected" for r in results):
             technique.status_global = TechniqueStatus.validated
-        elif any(r == "partially_detected" for r in results):
+        elif any(str(r) == "partially_detected" or r == "partially_detected" for r in results):
             technique.status_global = TechniqueStatus.partial
         else:
             technique.status_global = TechniqueStatus.not_covered
+    elif any(t.state == TestState.validated for t in tests):
+        technique.status_global = TechniqueStatus.partial
+    else:
+        technique.status_global = TechniqueStatus.in_progress
 
     db.commit()