Group 1 - Dual validation rejection (9 tests):
_check_dual_validation: any single rejection is a veto (r or b == rejected
-> rejected). Removes the disputed state transition that broke tests expecting
immediate rejection when one lead rejects.
Group 2 - Reopen clears notes (2 tests):
reopen_test service was intentionally keeping red/blue validation notes but
tests (and TestEntity.reopen domain method) expect them cleared. Align service
with domain entity behavior.
Group 3 - Audit integrity hash (2 tests):
log_action: call db.refresh(entry) after initial flush and before computing
the HMAC hash. Without this, a DB round-trip (commit + refresh in tests)
retrieves a timestamp with different string representation, causing mismatch.
Group 4 - Tempo service API (3 tests):
- auto_log_test_worklog: make duration_seconds optional (default None) and
compute from test.red_started_at -> updated_at when not supplied.
- Add get_tempo_client() that raises InvalidOperationError when disabled,
matching what tests expect.
- test_tempo_service: set tempo_api_token/jira_account_id on admin_user so
the service proceeds past the has_tempo_configured guard.
Coverage threshold: change min_validated_for_full from 2 to 1 so that a single
fully dual-validated detected test yields TechniqueStatus.validated, matching
test_coverage_correct_after_dual_validation expectations.
Task D — Google-style docstrings (Args/Returns) on every public function,
method, and class across all 158 Python files in the backend. Zero ruff D
violations (pydocstyle Google convention).
Task E — Explanatory one-line comment before every code line (~11600 new
comments). ruff check passes clean after isort re-sort.
- audit_service: set timestamp=datetime.now(utc) explicitly so DB never stores NULL
- AuditLogPage: formatDate handles null/undefined timestamps (was showing Jan 1 1970)
- nginx.conf: add CSP script-src hash for inline script (sha256-31OgE8E9...)
- system.py: MITRE sync now runs in BackgroundTasks — returns immediately, no more 120s timeout
- mitre_sync_job.py: add _run_data_sources_sync job (every 6h) that checks sync_frequency
and auto-syncs overdue enabled data sources
- SystemPage: MITRE sync result shows "started" vs "complete" message
- test-templates.ts: add updateTemplate() API function
- SystemPage: template name cell is now clickable — opens TemplateDetailModal with
full edit form (name, description, procedure, detection, platform, severity, tool)
and Save / Activate / Deactivate / Close buttons
Implements all database models for the Aegis platform with full
Alembic migration support.
Models created:
- User: Authentication with role-based access control
- Technique: MITRE ATT&CK techniques with coverage status tracking
- Test: Security tests with validation workflow (draft/review/validated)
- Evidence: File metadata for test evidence (stored in MinIO)
- IntelItem: Threat intelligence items linked to techniques
- AuditLog: System-wide audit trail with JSONB details
Enumerations:
- TechniqueStatus: not_evaluated, in_progress, validated, partial, etc.
- TestState: draft, in_review, validated, rejected
- TestResult: detected, not_detected, partially_detected
Services:
- audit_service.py: log_action() helper for audit logging
All models include proper foreign key relationships and PostgreSQL
enum types are managed correctly in migrations (create/drop).
kitos
kitos