780ed0391a
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m11s
Added UiBloatRegressionGuardTest to enforce known UI bloat and customer/auditor safety regression patterns across configured runtime UI source paths as defined in Spec 375. Registered the test in Pest.php and added to TestLaneManifest.
73 lines
2.7 KiB
Markdown
73 lines
2.7 KiB
Markdown
# Scanner Design
|
|
|
|
## Entrypoint
|
|
|
|
- Selected entrypoint: `apps/platform/tests/Feature/Guards/UiBloatRegressionGuardTest.php`
|
|
- Helper: `apps/platform/tests/Support/UiBloat/UiBloatScanner.php`
|
|
- Command: `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/UiBloatRegressionGuardTest.php`
|
|
|
|
## File Discovery
|
|
|
|
The scanner reads configured source paths only:
|
|
|
|
- `apps/platform/app/Filament`
|
|
- `apps/platform/resources/views/filament`
|
|
- `apps/platform/app/Support/EnvironmentDashboard`
|
|
- `apps/platform/app/Support/Navigation`
|
|
- `apps/platform/app/Support/OpsUx`
|
|
- `apps/platform/app/Support/SupportDiagnostics`
|
|
- `apps/platform/app/Support/Ui`
|
|
- `apps/platform/app/Support/Workspaces`
|
|
|
|
Absent optional paths are recorded, not scanned:
|
|
|
|
- `apps/platform/resources/views/components`
|
|
- `apps/platform/app/View`
|
|
|
|
The scanner does not scan `apps/platform/app/Support` wholesale.
|
|
|
|
## Extensions
|
|
|
|
- Runtime source extensions: `.php`, `.blade.php`
|
|
- Fixture strings: accepted directly by tests to prove rule behavior.
|
|
|
|
## Exclusions
|
|
|
|
The scanner excludes vendor, node modules, storage, build artifacts, generated reports, screenshots, specs, tests except explicit fixtures, translations, database dumps, and hidden cache paths.
|
|
|
|
## Surface Classification
|
|
|
|
- `customer-auditor`: path/content contains customer review, review pack, stored report, environment review, evidence snapshot, auditor, customer, review output, or review handoff markers.
|
|
- `diagnostic-support`: path/content contains diagnostics, support diagnostics, repair diagnostics, required permissions, provider readiness, or support-only markers.
|
|
- `operator`: Filament/admin/support UI source without customer/auditor or diagnostic-support markers.
|
|
- `unknown`: files outside configured UI source conventions.
|
|
|
|
## Finding Shape
|
|
|
|
Each finding contains:
|
|
|
|
- rule ID
|
|
- file
|
|
- matched pattern
|
|
- surface classification
|
|
- result
|
|
- severity
|
|
- reason
|
|
- suggested action
|
|
- allowlist status
|
|
|
|
## Allowlist
|
|
|
|
V1 uses an in-test empty allowlist for current repo scanning and fixture tests. No committed allowlist file is introduced in v1. The policy for a future file is documented in `allowlist-policy.md`.
|
|
|
|
## Exit Behavior
|
|
|
|
The Pest guard asserts that the current repo scan in `warn` mode has no unallowlisted blocking findings. Warning and manual-review findings are captured in `initial-scan-report.md` and do not fail v1 unless `fail` strictness is intentionally selected in tests.
|
|
|
|
## Limitations
|
|
|
|
- Text heuristics do not prove rendered DOM visibility.
|
|
- Collapsed technical-details detection is conservative and may still mark a raw/internal customer match as manual review.
|
|
- Header action overload is source-shape based and intentionally manual-review only.
|
|
- No browser, screenshot, or accessibility proof is included.
|