TenantAtlas/specs/375-ui-bloat-regression-guard/artifacts/initial-scan-report.md

# Initial Scan Report

## Command

Executed in Sail with the test-owned scanner:

```bash
cd apps/platform && ./vendor/bin/sail php -r 'require "vendor/autoload.php"; $result = Tests\Support\UiBloat\UiBloatScanner::scanConfiguredPaths("/var/www/repo", Tests\Support\UiBloat\UiBloatScanner::STRICTNESS_WARN); ...'
```

## Summary

| Metric | Result |
|---|---:|
| Files scanned | 417 |
| Blocking failures | 0 |
| Warnings | 24 |
| Manual-review findings | 346 |
| Allowlisted findings | 0 |
| False positives classified in v1 | 0 |

V1 produced no unallowlisted hard customer/auditor safety failures. Existing findings are review signals and known-debt candidates only; no broad UI refactor is in scope.

## Findings By Rule

| Rule | Count | V1 Treatment |
|---|---:|---|
| `UIBLOAT_CUSTOMER_INTERNAL_TERM` | 28 | manual review unless customer-default hard leak |
| `UIBLOAT_CUSTOMER_RAW_ID` | 120 | manual review unless customer-default hard leak |
| `UIBLOAT_DIAGNOSTIC_GUIDANCE_MISSING` | 15 | manual review |
| `UIBLOAT_EVIDENCE_DIAGNOSTICS_MIXED` | 1 | manual review |
| `UIBLOAT_HEADER_ACTION_OVERLOAD` | 12 | manual review |
| `UIBLOAT_MISSING_PRIMARY_QUESTION` | 99 | manual review |
| `UIBLOAT_REPEATED_STATUS` | 60 | manual review |
| `UIBLOAT_TECH_METADATA_MAIN` | 11 | manual review |
| `UIBLOAT_ZERO_METRIC_CARD` | 24 | warning |

## Findings By Surface Classification

| Surface Classification | Count |
|---|---:|
| customer-auditor | 34 |
| diagnostic-support | 49 |
| operator | 246 |
| unknown | 41 |

## Highest-Volume Files

| File | Count | Treatment |
|---|---:|---|
| `apps/platform/app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php` | 16 | diagnostic-support manual review |
| `apps/platform/app/Support/Ui/DerivedState/RequestScopedDerivedStateStore.php` | 14 | unknown/operator manual review |
| `apps/platform/app/Filament/Support/VerificationReportViewer.php` | 12 | operator/manual review |
| `apps/platform/app/Filament/Resources/FindingResource.php` | 10 | operator/manual review |
| `apps/platform/app/Filament/Resources/OperationRunResource.php` | 10 | operator/manual review |
| `apps/platform/app/Filament/Resources/RestoreRunResource.php` | 10 | operator/manual review |
| `apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php` | 10 | support/UI helper manual review |
| `apps/platform/app/Filament/Pages/Workspaces/ManagedEnvironmentOnboardingWizard.php` | 9 | operator/manual review |
| `apps/platform/app/Filament/Support/VerificationReportChangeIndicator.php` | 8 | operator/manual review |
| `apps/platform/app/Filament/Resources/ReviewPackResource.php` | 6 | customer/auditor technical-detail manual review |

## Blocking Failures

None.

## Warnings

The 24 warning findings are `UIBLOAT_ZERO_METRIC_CARD` matches. They are review signals only in v1.

## Manual-Review Findings

Manual-review findings are intentionally retained as review evidence. They cover raw IDs in technical/collapsed contexts, repeated status language, header action count, missing primary question markers, technical metadata, and diagnostic guidance ambiguity.

## Allowlisted Findings

None. Spec 375 v1 does not commit an allowlist file.

## Known Existing Debt

- Broad source-level status/readiness repetition remains visible in several operator resources.
- Diagnostic/support source files contain technical terms that are expected but should remain guidance-first in rendered surfaces.
- Some customer/auditor resources still contain raw IDs or fingerprints in hidden/collapsed technical areas; these remain manual-review findings rather than hard failures.

## Recommended Follow-Ups

- Re-run this guard after the next UI surface change and compare counts.
- Consider a future allowlist file only if manual-review findings become noisy.
- Defer CI hard-fail expansion until allowlist cleanup.
- Keep browser-scorecard integration separate from this v1 guard.