2026-03-19 18:23:04 +01:00
# Code Review Checklist
Use this checklist for the Code Reviewer role.
Guard IDs live in `.agents/checks/guard-catalog.json` (guards where `reviewer` = `code` ).
## Architecture & Conventions
- `GR-CORE-003` request input via requestInput(); no $_POST/$_GET/$_FILES
- `GR-CORE-007` OpenAPI updated when API endpoints changed
- `GR-CORE-010` DB schema changes shipped as idempotent scripts in db/updates/
- `GR-CORE-011` new settings in DB settings table, not config files
- `GR-CORE-012` successful mutating POSTs use PRG pattern; flash before redirect
## Testing
- `GR-TEST-001` new/changed Service/Gateway logic has PHPUnit tests (happy + edge case)
- `GR-TEST-002` new code uses constructor injection; no hidden global state
## UI (skip if backend-only)
- `GR-UI-014` new views/components handle loading, empty, error, success states
- `GR-UI-LIST` list/grid standards preserved (row actions, page size, initStandardListPage)
docs(agents): encode list-export convention as GR-UI-EXPORT guard
Make the core-primitive-end-to-end rule for Grid.js list exports binding
instead of advisory — so future consumers (and reviewers) cannot quietly
drift back into inline fputcsv / hand-rolled headers / bespoke click
listeners / lurl() for query-carrying URLs.
- CLAUDE.md: new UI Patterns bullet + two "Never Do This" entries
spelling out the server/view/client contract in one place.
- .agents/checks/guard-catalog.json: new GR-UI-EXPORT entry describing
the end-to-end requirement (exportRequireGetRequest + exportCapLimit +
exportSendCsv + ExportColumn + shared filter-schema + dropdown partial
+ endpointUrl() + initListExport).
- .agents/checks/guard-enforcement-map.json: wire the new guard to
tests/Architecture/ListExportContractTest.php as the automated
evidence source.
- .agents/checks/guard-checklist.md & .agents/prompts/reviewer-code.md:
add GR-UI-EXPORT so the Code Reviewer prompt and the checklist flag
violations alongside GR-UI-LIST.
- tests/Architecture/ListExportContractFiles: registry of every list
export (currently helpdesk-domains, admin/users, audit/system-audit).
Adding a new list = one entry, contract test covers the rest.
- tests/Architecture/ListExportContractTest: six checks per registered
entry — endpoint uses the primitive, no hand-rolled output, data and
export share the same filter-schema, template includes the dropdown
partial and uses endpointUrl(), page module imports and invokes
initListExport, and the shared dropdown partial stays zero-config.
- pages/admin/users/export().php: align with the new contract by
switching from ad-hoc requestInput()->queryAll() reads to
gridParseFiltersFromSchemaFile(__DIR__ . '/filter-schema.php'), same
as the data endpoint — eliminates the last place Grid and export
could disagree on what "the current filter" means.
Gates: PHPUnit 1900 OK (+6 contract checks), PHPStan 0 errors.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 22:50:43 +02:00
- `GR-UI-EXPORT` list exports go through the core primitive: server uses exportRequireGetRequest + exportCapLimit + exportSendCsv + ExportColumn, shares filter-schema.php with the data endpoint; view uses `app-list-export-dropdown.phtml` partial and `endpointUrl()` (never `lurl()` ) for the exportUrl; JS calls `initListExport` from `/js/core/app-list-export.js` . Add the new list to `tests/Architecture/ListExportContractFiles.php` .
2026-03-19 18:23:04 +01:00
- `GR-UI-DETAIL` detail page contracts, shared partials, no inline confirm, layout system
- `GR-UI-A11Y` no a11y regression; new components use semantic HTML, keyboard-operable
- `GR-UI-I18N` all visible text uses t(); keys present in all language files
- `GR-UI-REUSE` existing JS/CSS checked before adding new functions/rules
## Quality Gates
2026-04-01 19:41:56 +02:00
- required always (per `enforcement-policy.json` ): `QG-001` , `QG-002` , `QG-003` , `QG-006` , `QG-008` , `QG-009`
2026-03-19 18:23:04 +01:00
- `QG-004` structural checks reported when relevant
- `QG-005` JS smoke for JS-touching changes
2026-04-01 19:41:56 +02:00
- `QG-007` composer-unused is periodic / non-blocking
2026-03-19 18:23:04 +01:00
# Security Review Checklist
Use this checklist for the Security Reviewer role.
Guard IDs live in `.agents/checks/guard-catalog.json` (guards where `reviewer` = `security` ).
## Security
- `GR-SEC-001` CSRF token verified on every POST before processing
- `GR-SEC-002` no PII or secrets in logs/audit metadata
- `GR-SEC-003` all SQL via Repository with prepared statements
- `GR-SEC-004` no external CDN or remote asset loading
2026-04-13 23:20:05 +02:00
- `GR-SEC-005` encryption only via core/Support/Crypto.php
2026-03-19 18:23:04 +01:00
- `GR-SEC-006` file uploads in storage/ only; authz-gated serving; MIME validated
- `GR-SEC-007` API requests do not start sessions
- `GR-SEC-008` authorization enforced server-side
- `GR-SEC-009` tenant scope enforced server-side; tenant_id filtering on all scoped queries