ahmido
8efc8981a4
Added UiBloatRegressionGuardTest to enforce known UI bloat and customer/auditor safety regression patterns across configured runtime UI source paths as defined in Spec 375. Registered the test in Pest.php and added to TestLaneManifest. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #446
39 lines
3.0 KiB
Markdown
39 lines
3.0 KiB
Markdown
# Guard Rules
|
|
|
|
Default strictness is `warn`. Ambiguous heuristics are `manual-review-required`.
|
|
Only clear customer/auditor default-surface leakage is blocking in v1.
|
|
|
|
| Rule ID | Purpose | Default Result | Blocking In V1 | Allowlist |
|
|
|---|---|---|---|---|
|
|
| `UIBLOAT_ZERO_METRIC_CARD` | Detect zero-card spam that makes no-action pages noisy. | warning | no | allowed with scoped reason |
|
|
| `UIBLOAT_REPEATED_STATUS` | Detect repeated lifecycle/status/readiness wording. | manual-review-required | no | allowed with scoped reason |
|
|
| `UIBLOAT_CUSTOMER_RAW_ID` | Detect raw ID labels on likely customer/auditor defaults. | blocking on customer/auditor; manual review elsewhere | yes | allowed only with explicit technical-details rationale |
|
|
| `UIBLOAT_CUSTOMER_INTERNAL_TERM` | Detect internal/debug/provider terms on likely customer/auditor defaults. | blocking on customer/auditor; manual review elsewhere | yes | allowed only with explicit technical-details rationale |
|
|
| `UIBLOAT_MISSING_PRIMARY_QUESTION` | Detect pages without a clear question/next-action marker. | manual-review-required | no | allowed with scoped reason |
|
|
| `UIBLOAT_HEADER_ACTION_OVERLOAD` | Detect many header actions competing for attention. | manual-review-required | no | allowed with workflow-hub rationale |
|
|
| `UIBLOAT_EVIDENCE_DIAGNOSTICS_MIXED` | Detect copy that blurs proof/evidence and diagnostics. | manual-review-required | no | allowed with support-surface rationale |
|
|
| `UIBLOAT_TECH_METADATA_MAIN` | Detect technical metadata in main/default content. | manual-review-required | no | allowed with diagnostic/system-surface rationale |
|
|
| `UIBLOAT_DIAGNOSTIC_GUIDANCE_MISSING` | Detect diagnostic-heavy files without guidance markers. | manual-review-required | no | allowed with external guidance rationale |
|
|
| `UIBLOAT_DIAGNOSTIC_ENTRYPOINT_AMBIGUOUS` | Detect broad diagnostic labels for repair-only/support-only routes. | manual-review-required | no | allowed with named-entrypoint rationale |
|
|
|
|
## Pattern Examples
|
|
|
|
- Raw ID labels: `operation id`, `workspace id`, `tenant id`, `provider object id`, `fingerprint`.
|
|
- Internal terms: `operation context`, `raw graph payload`, `debug`, `stack trace`, `provider response body`, `internal reason`.
|
|
- Guidance markers: `recommended first check`, `start here`, `next check`, `use this when`, `repair diagnostics`, `support diagnostics`.
|
|
- Evidence/diagnostics mixing markers: `evidence diagnostics`, `diagnostic evidence`, `proof diagnostics`.
|
|
|
|
## Strictness
|
|
|
|
- `report`: returns findings, no blocking exit.
|
|
- `warn`: returns findings and marks only hard customer/auditor safety findings as blocking.
|
|
- `fail`: treats all warning/manual-review/blocking findings as failing for explicit future hardening.
|
|
|
|
## Suggested Actions
|
|
|
|
- Move raw/internal/provider detail behind collapsed technical details.
|
|
- Add or clarify the primary operator/customer question.
|
|
- Group secondary header actions.
|
|
- Separate evidence proof from diagnostics.
|
|
- Add diagnostic guidance or rename ambiguous entrypoints.
|