ahmido
8efc8981a4
Added UiBloatRegressionGuardTest to enforce known UI bloat and customer/auditor safety regression patterns across configured runtime UI source paths as defined in Spec 375. Registered the test in Pest.php and added to TestLaneManifest. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #446
1.7 KiB
1.7 KiB
Allowlist Policy
V1 Decision
Spec 375 does not introduce a committed allowlist file. The current repo scan runs with an empty allowlist and documents warnings/manual-review findings in initial-scan-report.md.
Future allowlist storage, if needed:
- Path:
specs/375-ui-bloat-regression-guard/artifacts/ui-bloat-allowlist.json - Format: JSON array of scoped entries.
Required Entry Shape
Each future entry must contain:
rule_idfilepatternreasonsurface_typeaudiencereview_markerexpires_or_review_afterowner_spec
Allowed Reasons
- Known existing debt documented in active or follow-up spec.
- False positive from collapsed technical details.
- Provider-owned or diagnostic-owned surface where the term is required.
- Temporary manual-review exception with owner and review date.
Forbidden Patterns
- Blanket allowlist for
apps/platform/app/Filament. - Blanket allowlist for customer/auditor surfaces.
- Rule-wide allowlist with no file and pattern.
- Entries without owner, reason, review marker, or expiry/review date.
- Entries that hide a clear customer/auditor default-surface raw ID/internal-term leak without remediation or approved follow-up.
Example
[
{
"rule_id": "UIBLOAT_CUSTOMER_RAW_ID",
"file": "apps/platform/resources/views/filament/pages/reviews/example.blade.php",
"pattern": "operation id",
"reason": "Appears only inside a collapsed technical details section.",
"surface_type": "customer-auditor",
"audience": "operator-support",
"review_marker": "manual-review-required",
"expires_or_review_after": "2026-09-01",
"owner_spec": "specs/375-ui-bloat-regression-guard"
}
]