ahmido 8efc8981a4 feat(guard): implement ui bloat regression guard (#446 )

Added UiBloatRegressionGuardTest to enforce known UI bloat and customer/auditor safety regression patterns across configured runtime UI source paths as defined in Spec 375.

Registered the test in Pest.php and added to TestLaneManifest.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #446

2026-06-13 09:03:36 +00:00

3.8 KiB

Raw Blame History

Initial Scan Report

Command

Executed in Sail with the test-owned scanner:

cd apps/platform && ./vendor/bin/sail php -r 'require "vendor/autoload.php"; $result = Tests\Support\UiBloat\UiBloatScanner::scanConfiguredPaths("/var/www/repo", Tests\Support\UiBloat\UiBloatScanner::STRICTNESS_WARN); ...'

Summary

Metric	Result
Files scanned	417
Blocking failures	0
Warnings	24
Manual-review findings	346
Allowlisted findings	0
False positives classified in v1	0

V1 produced no unallowlisted hard customer/auditor safety failures. Existing findings are review signals and known-debt candidates only; no broad UI refactor is in scope.

Findings By Rule

Rule	Count	V1 Treatment
`UIBLOAT_CUSTOMER_INTERNAL_TERM`	28	manual review unless customer-default hard leak
`UIBLOAT_CUSTOMER_RAW_ID`	120	manual review unless customer-default hard leak
`UIBLOAT_DIAGNOSTIC_GUIDANCE_MISSING`	15	manual review
`UIBLOAT_EVIDENCE_DIAGNOSTICS_MIXED`	1	manual review
`UIBLOAT_HEADER_ACTION_OVERLOAD`	12	manual review
`UIBLOAT_MISSING_PRIMARY_QUESTION`	99	manual review
`UIBLOAT_REPEATED_STATUS`	60	manual review
`UIBLOAT_TECH_METADATA_MAIN`	11	manual review
`UIBLOAT_ZERO_METRIC_CARD`	24	warning

Findings By Surface Classification

Surface Classification	Count
customer-auditor	34
diagnostic-support	49
operator	246
unknown	41

Highest-Volume Files

File	Count	Treatment
`apps/platform/app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php`	16	diagnostic-support manual review
`apps/platform/app/Support/Ui/DerivedState/RequestScopedDerivedStateStore.php`	14	unknown/operator manual review
`apps/platform/app/Filament/Support/VerificationReportViewer.php`	12	operator/manual review
`apps/platform/app/Filament/Resources/FindingResource.php`	10	operator/manual review
`apps/platform/app/Filament/Resources/OperationRunResource.php`	10	operator/manual review
`apps/platform/app/Filament/Resources/RestoreRunResource.php`	10	operator/manual review
`apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php`	10	support/UI helper manual review
`apps/platform/app/Filament/Pages/Workspaces/ManagedEnvironmentOnboardingWizard.php`	9	operator/manual review
`apps/platform/app/Filament/Support/VerificationReportChangeIndicator.php`	8	operator/manual review
`apps/platform/app/Filament/Resources/ReviewPackResource.php`	6	customer/auditor technical-detail manual review

Blocking Failures

None.

Warnings

The 24 warning findings are UIBLOAT_ZERO_METRIC_CARD matches. They are review signals only in v1.

Manual-Review Findings

Manual-review findings are intentionally retained as review evidence. They cover raw IDs in technical/collapsed contexts, repeated status language, header action count, missing primary question markers, technical metadata, and diagnostic guidance ambiguity.

Allowlisted Findings

None. Spec 375 v1 does not commit an allowlist file.

Known Existing Debt

Broad source-level status/readiness repetition remains visible in several operator resources.
Diagnostic/support source files contain technical terms that are expected but should remain guidance-first in rendered surfaces.
Some customer/auditor resources still contain raw IDs or fingerprints in hidden/collapsed technical areas; these remain manual-review findings rather than hard failures.

Recommended Follow-Ups

Re-run this guard after the next UI surface change and compare counts.
Consider a future allowlist file only if manual-review findings become noisy.
Defer CI hard-fail expansion until allowlist cleanup.
Keep browser-scorecard integration separate from this v1 guard.

3.8 KiB Raw Blame History