780ed0391a
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m11s
Added UiBloatRegressionGuardTest to enforce known UI bloat and customer/auditor safety regression patterns across configured runtime UI source paths as defined in Spec 375. Registered the test in Pest.php and added to TestLaneManifest.
1.7 KiB
1.7 KiB
Allowlist Policy
V1 Decision
Spec 375 does not introduce a committed allowlist file. The current repo scan runs with an empty allowlist and documents warnings/manual-review findings in initial-scan-report.md.
Future allowlist storage, if needed:
- Path:
specs/375-ui-bloat-regression-guard/artifacts/ui-bloat-allowlist.json - Format: JSON array of scoped entries.
Required Entry Shape
Each future entry must contain:
rule_idfilepatternreasonsurface_typeaudiencereview_markerexpires_or_review_afterowner_spec
Allowed Reasons
- Known existing debt documented in active or follow-up spec.
- False positive from collapsed technical details.
- Provider-owned or diagnostic-owned surface where the term is required.
- Temporary manual-review exception with owner and review date.
Forbidden Patterns
- Blanket allowlist for
apps/platform/app/Filament. - Blanket allowlist for customer/auditor surfaces.
- Rule-wide allowlist with no file and pattern.
- Entries without owner, reason, review marker, or expiry/review date.
- Entries that hide a clear customer/auditor default-surface raw ID/internal-term leak without remediation or approved follow-up.
Example
[
{
"rule_id": "UIBLOAT_CUSTOMER_RAW_ID",
"file": "apps/platform/resources/views/filament/pages/reviews/example.blade.php",
"pattern": "operation id",
"reason": "Appears only inside a collapsed technical details section.",
"surface_type": "customer-auditor",
"audience": "operator-support",
"review_marker": "manual-review-required",
"expires_or_review_after": "2026-09-01",
"owner_spec": "specs/375-ui-bloat-regression-guard"
}
]