TenantAtlas/specs/375-ui-bloat-regression-guard/artifacts/validation-report.md

# Validation Report

## Initial State

- Branch: `375-ui-bloat-regression-guard`
- HEAD before implementation: `0a1ecf99`
- Dirty state before implementation: untracked `specs/375-ui-bloat-regression-guard/`.
- Runtime UI refactor assertion: no runtime UI refactor planned.

## Planned Commands

- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/UiBloatRegressionGuardTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=TestLaneManifest`
- `cd apps/platform && ./vendor/bin/sail pint --dirty`
- `git diff --check`

## Results

| Command | Result | Notes |
|---|---|---|
| `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/UiBloatRegressionGuardTest.php` | pass | 10 tests, 40 assertions |
| `cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=TestLaneManifest` | pass | 6 tests, 321 assertions |
| `cd apps/platform && ./vendor/bin/sail php -r '... UiBloatScanner::scanConfiguredPaths("/var/www/repo", "warn") ...'` | pass | 417 files scanned, 0 blocking failures, 24 warnings, 346 manual-review findings |
| `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` | pass | `{"result":"pass"}` |
| `git diff --check` | pass | No whitespace errors |

## Guard Result

- Entrypoint: `apps/platform/tests/Feature/Guards/UiBloatRegressionGuardTest.php`
- Helper: `apps/platform/tests/Support/UiBloat/UiBloatScanner.php`
- Strictness default: `warn`
- Hard-fail behavior: unallowlisted customer/auditor default-surface raw ID/internal-term leakage only
- Initial scan blockers: 0
- Allowlist file: none committed in v1

## Known Limitations

- Source scanning cannot prove rendered DOM visibility.
- Manual-review findings are intentionally non-blocking in v1.
- Browser smoke is not applicable because no reachable product UI changed.

## Final State

- Dirty state after implementation: Spec 375 artifacts plus test/test-support changes only.
- Runtime UI files changed: no.
- Product routes, models, migrations, policies, jobs, queues, scheduler, storage, Graph contracts, Filament pages/resources, and panel providers changed: no.
- Recommended next spec: defer browser-scorecard integration and CI strictness expansion until guard counts stabilize.

## Deployment Impact

- Env vars: none.
- Migrations: none.
- Queues/scheduler: none.
- Storage/volumes: none.
- Filament assets: none; `filament:assets` is not required.