web/tests/risk-visibility.test.mjs

import assert from 'node:assert/strict'
import test from 'node:test'

import { buildDetailAlerts } from '../src/utils/detailAlerts.js'
import {
  canViewRiskForContext,
  filterRiskCardsForVisibility,
  resolveRiskActionability,
  resolveRiskDomain,
  resolveRiskVisibilityScope
} from '../src/utils/riskVisibility.js'

const submitter = {
  id: 'EMP-001',
  employeeId: 'EMP-001',
  name: '张三',
  roleCodes: []
}
const budgetManager = {
  id: 'EMP-P8',
  name: '预算管理员',
  grade: 'P8',
  departmentName: '研发部',
  roleCodes: ['budget_monitor']
}
const financeUser = {
  id: 'FIN-001',
  name: '财务',
  roleCodes: ['finance']
}

const applicationRequest = {
  id: 'AP-202606010001',
  claimId: 'application-claim-id',
  documentTypeCode: 'application',
  approvalKey: 'in_progress',
  node: '预算管理者审批',
  employeeId: 'EMP-001',
  departmentName: '研发部',
  typeCode: 'travel_application',
  typeLabel: '差旅费用申请',
  reason: '北京出差申请',
  location: '北京',
  occurredDisplay: '2026-06-01 至 2026-06-03',
  amountValue: 10000,
  riskFlags: [
    {
      source: 'budget_control',
      severity: 'high',
      label: '预算可用余额不足',
      message: '当前部门预算余额不足。',
      business_stage: 'expense_application',
      risk_domain: 'budget',
      visibility_scope: 'budget_manager',
      actionability: 'budget_governance'
    }
  ],
  expenseItems: []
}

test('application submitter cannot see budget governance alerts in detail topbar', () => {
  const alerts = buildDetailAlerts(applicationRequest, { currentUser: submitter })
  assert.deepEqual(alerts.map((item) => item.label), ['SLA 催单次数 0'])
})

test('budget manager can see application budget governance alerts', () => {
  const alerts = buildDetailAlerts(applicationRequest, { currentUser: budgetManager })
  assert.equal(alerts[0].label, '高风险 1 项')
  assert.equal(alerts[0].tone, 'danger')
})

test('reimbursement submitter sees only fixable claim risks', () => {
  const request = {
    id: 'RE-202606010001',
    claimId: 'reimbursement-claim-id',
    documentTypeCode: 'claim',
    approvalKey: 'draft',
    node: '待提交',
    employeeId: 'EMP-001',
    typeCode: 'travel',
    expenseItems: []
  }
  const cards = [
    {
      id: 'ticket-date',
      businessStage: 'reimbursement',
      tone: 'high',
      risk: '票据日期早于申请行程。',
      risk_domain: 'trip',
      visibility_scope: 'submitter',
      actionability: 'fixable_by_submitter'
    },
    {
      id: 'budget-detail',
      businessStage: 'reimbursement',
      tone: 'medium',
      risk: '预算占用率超过 90%。',
      risk_domain: 'budget',
      visibility_scope: 'budget_manager',
      actionability: 'budget_governance'
    }
  ]

  const visibleCards = filterRiskCardsForVisibility(cards, { request, currentUser: submitter })
  assert.deepEqual(visibleCards.map((card) => card.id), ['ticket-date'])
})

test('finance can see reimbursement compliance risks but not budget governance detail', () => {
  const request = {
    id: 'RE-202606010002',
    documentTypeCode: 'claim',
    approvalKey: 'in_progress',
    node: '财务审批',
    employeeId: 'EMP-001',
    typeCode: 'travel',
    expenseItems: []
  }
  assert.equal(
    canViewRiskForContext(
      {
        businessStage: 'reimbursement',
        risk: '发票抬头与报销主体不一致。',
        risk_domain: 'invoice',
        actionability: 'fixable_by_submitter'
      },
      { request, currentUser: financeUser }
    ),
    true
  )
  assert.equal(
    canViewRiskForContext(
      {
        businessStage: 'reimbursement',
        risk: '预算余额不足。',
        risk_domain: 'budget',
        actionability: 'budget_governance'
      },
      { request, currentUser: financeUser }
    ),
    false
  )
})

test('legacy risk text falls back to semantic visibility defaults', () => {
  const legacyFlag = {
    source: 'submission_review',
    severity: 'high',
    message: '住宿发票城市与行程城市不一致。',
    business_stage: 'reimbursement'
  }

  assert.equal(resolveRiskDomain(legacyFlag), 'trip')
  assert.equal(resolveRiskActionability(legacyFlag, { businessStage: 'reimbursement' }), 'fixable_by_submitter')
  assert.equal(resolveRiskVisibilityScope(legacyFlag, { businessStage: 'reimbursement' }), 'submitter')
})
feat: 扩展风险规则体系、审批动态路由与预算中心列表化改造 - 新增 25+ 条风险规则（预算/报销/申请/通用类），完善风险规则模拟与反馈发布机制 - 引入费用审批动态路由、平台风险分级、预审与风险阶段管理 - 预算中心列表化改造，优化票据夹仪表盘与数字员工工作看板 - 新增 Hermes 风险线索收集器、Agent 链路追踪中心 - 扩展数字员工能力库（18 个领域 Skill）与交通费用自动预估 - 完善报销申请快速预览、权限控制与前端测试覆盖 2026-06-01 17:07:14 +08:00			`import assert from 'node:assert/strict'`
			`import test from 'node:test'`

			`import { buildDetailAlerts } from '../src/utils/detailAlerts.js'`
			`import {`
			`canViewRiskForContext,`
			`filterRiskCardsForVisibility,`
			`resolveRiskActionability,`
			`resolveRiskDomain,`
			`resolveRiskVisibilityScope`
			`} from '../src/utils/riskVisibility.js'`

			`const submitter = {`
			`id: 'EMP-001',`
			`employeeId: 'EMP-001',`
			`name: '张三',`
			`roleCodes: []`
			`}`
			`const budgetManager = {`
			`id: 'EMP-P8',`
			`name: '预算管理员',`
			`grade: 'P8',`
			`departmentName: '研发部',`
			`roleCodes: ['budget_monitor']`
			`}`
			`const financeUser = {`
			`id: 'FIN-001',`
			`name: '财务',`
			`roleCodes: ['finance']`
			`}`

			`const applicationRequest = {`
			`id: 'AP-202606010001',`
			`claimId: 'application-claim-id',`
			`documentTypeCode: 'application',`
			`approvalKey: 'in_progress',`
			`node: '预算管理者审批',`
			`employeeId: 'EMP-001',`
			`departmentName: '研发部',`
			`typeCode: 'travel_application',`
			`typeLabel: '差旅费用申请',`
			`reason: '北京出差申请',`
			`location: '北京',`
			`occurredDisplay: '2026-06-01 至 2026-06-03',`
			`amountValue: 10000,`
			`riskFlags: [`
			`{`
			`source: 'budget_control',`
			`severity: 'high',`
			`label: '预算可用余额不足',`
			`message: '当前部门预算余额不足。',`
			`business_stage: 'expense_application',`
			`risk_domain: 'budget',`
			`visibility_scope: 'budget_manager',`
			`actionability: 'budget_governance'`
			`}`
			`],`
			`expenseItems: []`
			`}`

			`test('application submitter cannot see budget governance alerts in detail topbar', () => {`
			`const alerts = buildDetailAlerts(applicationRequest, { currentUser: submitter })`
			`assert.deepEqual(alerts.map((item) => item.label), ['SLA 催单次数 0'])`
			`})`

			`test('budget manager can see application budget governance alerts', () => {`
			`const alerts = buildDetailAlerts(applicationRequest, { currentUser: budgetManager })`
			`assert.equal(alerts[0].label, '高风险 1 项')`
			`assert.equal(alerts[0].tone, 'danger')`
			`})`

			`test('reimbursement submitter sees only fixable claim risks', () => {`
			`const request = {`
			`id: 'RE-202606010001',`
			`claimId: 'reimbursement-claim-id',`
			`documentTypeCode: 'claim',`
			`approvalKey: 'draft',`
			`node: '待提交',`
			`employeeId: 'EMP-001',`
			`typeCode: 'travel',`
			`expenseItems: []`
			`}`
			`const cards = [`
			`{`
			`id: 'ticket-date',`
			`businessStage: 'reimbursement',`
			`tone: 'high',`
			`risk: '票据日期早于申请行程。',`
			`risk_domain: 'trip',`
			`visibility_scope: 'submitter',`
			`actionability: 'fixable_by_submitter'`
			`},`
			`{`
			`id: 'budget-detail',`
			`businessStage: 'reimbursement',`
			`tone: 'medium',`
			`risk: '预算占用率超过 90%。',`
			`risk_domain: 'budget',`
			`visibility_scope: 'budget_manager',`
			`actionability: 'budget_governance'`
			`}`
			`]`

			`const visibleCards = filterRiskCardsForVisibility(cards, { request, currentUser: submitter })`
			`assert.deepEqual(visibleCards.map((card) => card.id), ['ticket-date'])`
			`})`

			`test('finance can see reimbursement compliance risks but not budget governance detail', () => {`
			`const request = {`
			`id: 'RE-202606010002',`
			`documentTypeCode: 'claim',`
			`approvalKey: 'in_progress',`
			`node: '财务审批',`
			`employeeId: 'EMP-001',`
			`typeCode: 'travel',`
			`expenseItems: []`
			`}`
			`assert.equal(`
			`canViewRiskForContext(`
			`{`
			`businessStage: 'reimbursement',`
			`risk: '发票抬头与报销主体不一致。',`
			`risk_domain: 'invoice',`
			`actionability: 'fixable_by_submitter'`
			`},`
			`{ request, currentUser: financeUser }`
			`),`
			`true`
			`)`
			`assert.equal(`
			`canViewRiskForContext(`
			`{`
			`businessStage: 'reimbursement',`
			`risk: '预算余额不足。',`
			`risk_domain: 'budget',`
			`actionability: 'budget_governance'`
			`},`
			`{ request, currentUser: financeUser }`
			`),`
			`false`
			`)`
			`})`

			`test('legacy risk text falls back to semantic visibility defaults', () => {`
			`const legacyFlag = {`
			`source: 'submission_review',`
			`severity: 'high',`
			`message: '住宿发票城市与行程城市不一致。',`
			`business_stage: 'reimbursement'`
			`}`

			`assert.equal(resolveRiskDomain(legacyFlag), 'trip')`
			`assert.equal(resolveRiskActionability(legacyFlag, { businessStage: 'reimbursement' }), 'fixable_by_submitter')`
			`assert.equal(resolveRiskVisibilityScope(legacyFlag, { businessStage: 'reimbursement' }), 'submitter')`
			`})`