Codifies the convention that shared form partials (pages/admin/*/_form.phtml, modules/**/_form.phtml) either guard variable reads with ?? / isset() / array access checks, or have every consuming view template define the variable before requiring the partial. The convention was already followed by 6 of 7 partials in the codebase. The seventh (tenants/_form.phtml) regressed silently when a per-theme logo block introduced bare $canUpdateTenant reads in commit6e3fc63c— fixed in commite29e6c3. This test catches that exact bug shape and any future variant. Implementation uses token_get_all (no full PHP parser, no expression evaluation). For each partial it identifies variable references that are not locally defined or guarded, then walks the consuming templates discovered via require statements and verifies each variable is present before the require. On detection of statically unrecognizable constructs (extract(), dynamic require paths) the test fails loudly with a "review manually" hint rather than silently passing. Verified by reverting commite29e6c3in the working tree and running the test — it produces the exact $canUpdateTenant / line 223 finding that prompted the original fix. Restored after the dry-run. ALLOWLIST stays empty today. Future legitimate exceptions go in the test header with per-entry justification, mirroring DetailDrawerFragmentContractTest. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
32 KiB
32 KiB