ahmido
8efc8981a4
Added UiBloatRegressionGuardTest to enforce known UI bloat and customer/auditor safety regression patterns across configured runtime UI source paths as defined in Spec 375. Registered the test in Pest.php and added to TestLaneManifest. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #446
73 lines
2.7 KiB
Markdown
73 lines
2.7 KiB
Markdown
# Scanner Design
|
|
|
|
## Entrypoint
|
|
|
|
- Selected entrypoint: `apps/platform/tests/Feature/Guards/UiBloatRegressionGuardTest.php`
|
|
- Helper: `apps/platform/tests/Support/UiBloat/UiBloatScanner.php`
|
|
- Command: `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/UiBloatRegressionGuardTest.php`
|
|
|
|
## File Discovery
|
|
|
|
The scanner reads configured source paths only:
|
|
|
|
- `apps/platform/app/Filament`
|
|
- `apps/platform/resources/views/filament`
|
|
- `apps/platform/app/Support/EnvironmentDashboard`
|
|
- `apps/platform/app/Support/Navigation`
|
|
- `apps/platform/app/Support/OpsUx`
|
|
- `apps/platform/app/Support/SupportDiagnostics`
|
|
- `apps/platform/app/Support/Ui`
|
|
- `apps/platform/app/Support/Workspaces`
|
|
|
|
Absent optional paths are recorded, not scanned:
|
|
|
|
- `apps/platform/resources/views/components`
|
|
- `apps/platform/app/View`
|
|
|
|
The scanner does not scan `apps/platform/app/Support` wholesale.
|
|
|
|
## Extensions
|
|
|
|
- Runtime source extensions: `.php`, `.blade.php`
|
|
- Fixture strings: accepted directly by tests to prove rule behavior.
|
|
|
|
## Exclusions
|
|
|
|
The scanner excludes vendor, node modules, storage, build artifacts, generated reports, screenshots, specs, tests except explicit fixtures, translations, database dumps, and hidden cache paths.
|
|
|
|
## Surface Classification
|
|
|
|
- `customer-auditor`: path/content contains customer review, review pack, stored report, environment review, evidence snapshot, auditor, customer, review output, or review handoff markers.
|
|
- `diagnostic-support`: path/content contains diagnostics, support diagnostics, repair diagnostics, required permissions, provider readiness, or support-only markers.
|
|
- `operator`: Filament/admin/support UI source without customer/auditor or diagnostic-support markers.
|
|
- `unknown`: files outside configured UI source conventions.
|
|
|
|
## Finding Shape
|
|
|
|
Each finding contains:
|
|
|
|
- rule ID
|
|
- file
|
|
- matched pattern
|
|
- surface classification
|
|
- result
|
|
- severity
|
|
- reason
|
|
- suggested action
|
|
- allowlist status
|
|
|
|
## Allowlist
|
|
|
|
V1 uses an in-test empty allowlist for current repo scanning and fixture tests. No committed allowlist file is introduced in v1. The policy for a future file is documented in `allowlist-policy.md`.
|
|
|
|
## Exit Behavior
|
|
|
|
The Pest guard asserts that the current repo scan in `warn` mode has no unallowlisted blocking findings. Warning and manual-review findings are captured in `initial-scan-report.md` and do not fail v1 unless `fail` strictness is intentionally selected in tests.
|
|
|
|
## Limitations
|
|
|
|
- Text heuristics do not prove rendered DOM visibility.
|
|
- Collapsed technical-details detection is conservative and may still mark a raw/internal customer match as manual review.
|
|
- Header action overload is source-shape based and intentionally manual-review only.
|
|
- No browser, screenshot, or accessibility proof is included.
|