1
0
Files
breadcrumb-the-shire/.agents/checks/guard-checklist.md
fs 53ccd212d5 docs(agents): encode list-export convention as GR-UI-EXPORT guard
Make the core-primitive-end-to-end rule for Grid.js list exports binding
instead of advisory — so future consumers (and reviewers) cannot quietly
drift back into inline fputcsv / hand-rolled headers / bespoke click
listeners / lurl() for query-carrying URLs.

- CLAUDE.md: new UI Patterns bullet + two "Never Do This" entries
  spelling out the server/view/client contract in one place.
- .agents/checks/guard-catalog.json: new GR-UI-EXPORT entry describing
  the end-to-end requirement (exportRequireGetRequest + exportCapLimit +
  exportSendCsv + ExportColumn + shared filter-schema + dropdown partial
  + endpointUrl() + initListExport).
- .agents/checks/guard-enforcement-map.json: wire the new guard to
  tests/Architecture/ListExportContractTest.php as the automated
  evidence source.
- .agents/checks/guard-checklist.md & .agents/prompts/reviewer-code.md:
  add GR-UI-EXPORT so the Code Reviewer prompt and the checklist flag
  violations alongside GR-UI-LIST.
- tests/Architecture/ListExportContractFiles: registry of every list
  export (currently helpdesk-domains, admin/users, audit/system-audit).
  Adding a new list = one entry, contract test covers the rest.
- tests/Architecture/ListExportContractTest: six checks per registered
  entry — endpoint uses the primitive, no hand-rolled output, data and
  export share the same filter-schema, template includes the dropdown
  partial and uses endpointUrl(), page module imports and invokes
  initListExport, and the shared dropdown partial stays zero-config.
- pages/admin/users/export().php: align with the new contract by
  switching from ad-hoc requestInput()->queryAll() reads to
  gridParseFiltersFromSchemaFile(__DIR__ . '/filter-schema.php'), same
  as the data endpoint — eliminates the last place Grid and export
  could disagree on what "the current filter" means.

Gates: PHPUnit 1900 OK (+6 contract checks), PHPStan 0 errors.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 22:50:43 +02:00

2.7 KiB

Code Review Checklist

Use this checklist for the Code Reviewer role. Guard IDs live in .agents/checks/guard-catalog.json (guards where reviewer = code).

Architecture & Conventions

  • GR-CORE-003 request input via requestInput(); no $_POST/$_GET/$_FILES
  • GR-CORE-007 OpenAPI updated when API endpoints changed
  • GR-CORE-010 DB schema changes shipped as idempotent scripts in db/updates/
  • GR-CORE-011 new settings in DB settings table, not config files
  • GR-CORE-012 successful mutating POSTs use PRG pattern; flash before redirect

Testing

  • GR-TEST-001 new/changed Service/Gateway logic has PHPUnit tests (happy + edge case)
  • GR-TEST-002 new code uses constructor injection; no hidden global state

UI (skip if backend-only)

  • GR-UI-014 new views/components handle loading, empty, error, success states
  • GR-UI-LIST list/grid standards preserved (row actions, page size, initStandardListPage)
  • GR-UI-EXPORT list exports go through the core primitive: server uses exportRequireGetRequest + exportCapLimit + exportSendCsv + ExportColumn, shares filter-schema.php with the data endpoint; view uses app-list-export-dropdown.phtml partial and endpointUrl() (never lurl()) for the exportUrl; JS calls initListExport from /js/core/app-list-export.js. Add the new list to tests/Architecture/ListExportContractFiles.php.
  • GR-UI-DETAIL detail page contracts, shared partials, no inline confirm, layout system
  • GR-UI-A11Y no a11y regression; new components use semantic HTML, keyboard-operable
  • GR-UI-I18N all visible text uses t(); keys present in all language files
  • GR-UI-REUSE existing JS/CSS checked before adding new functions/rules

Quality Gates

  • required always (per enforcement-policy.json): QG-001, QG-002, QG-003, QG-006, QG-008, QG-009
  • QG-004 structural checks reported when relevant
  • QG-005 JS smoke for JS-touching changes
  • QG-007 composer-unused is periodic / non-blocking

Security Review Checklist

Use this checklist for the Security Reviewer role. Guard IDs live in .agents/checks/guard-catalog.json (guards where reviewer = security).

Security

  • GR-SEC-001 CSRF token verified on every POST before processing
  • GR-SEC-002 no PII or secrets in logs/audit metadata
  • GR-SEC-003 all SQL via Repository with prepared statements
  • GR-SEC-004 no external CDN or remote asset loading
  • GR-SEC-005 encryption only via core/Support/Crypto.php
  • GR-SEC-006 file uploads in storage/ only; authz-gated serving; MIME validated
  • GR-SEC-007 API requests do not start sessions
  • GR-SEC-008 authorization enforced server-side
  • GR-SEC-009 tenant scope enforced server-side; tenant_id filtering on all scoped queries