Wave 2 visual component remediation#29
Merged
Merged
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…tion.013-wave2-visual-component-remediation.md Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR remediates the Wave-2 example suite so each of the eleven examples has a verifiable visible main component (or stable visual runtime state), backed by stricter app-loop smoke tests that assert view-tree composition and rendered buffer regions. It also updates Wave-2 documentation/evidence surfaces and refreshes Spec-Kit security-governance preset templates (notably adding conditional AI-SBOM guidance and extended secure-coding language profiles).
Changes:
- Add shared Wave-2 runtime glue (
Wave2Runtime/Wave2StatusLine) and integrateHelp -> Description+ status-line messaging into examples. - Harden example smoke tests to prove visible composition via app loop + view-tree kind + rendered buffer/region assertions.
- Update wave-2 guides and governance artifacts (security/architecture evidence, Spec-Kit templates/preset metadata, versioning).
Reviewed changes
Copilot reviewed 125 out of 126 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/TuiVision.Examples.SmokeTests/TProgBSmokeTests.cs | Adds view-tree + rendered-region assertions; adds Help->Description smoke. |
| tests/TuiVision.Examples.SmokeTests/TComboSmokeTests.cs | Adds view-tree + rendered-region assertions; adds Help->Description smoke. |
| tests/TuiVision.Examples.SmokeTests/SdlgSmokeTests.cs | Adds view-tree + rendered-region assertions; adds Help->Description smoke; removes redundant Run call from direct-helper test. |
| tests/TuiVision.Examples.SmokeTests/Sdlg2SmokeTests.cs | Adds view-tree + rendered-region assertions; adds Help->Description smoke; removes redundant Run call from direct-helper test. |
| tests/TuiVision.Examples.SmokeTests/ProgBaSmokeTests.cs | Adds view-tree + rendered-region assertions; adds Help->Description smoke. |
| tests/TuiVision.Examples.SmokeTests/ListViSmokeTests.cs | Adds view-tree + rendered-region assertions; adds Help->Description smoke. |
| tests/TuiVision.Examples.SmokeTests/InpLisSmokeTests.cs | Adds view-tree + rendered-region assertions; adds Help->Description smoke. |
| tests/TuiVision.Examples.SmokeTests/DynTxtSmokeTests.cs | Adds view-tree + rendered-region assertions; adds Help->Description smoke. |
| tests/TuiVision.Examples.SmokeTests/DlgDsnSmokeTests.cs | Adds view-tree + rendered-region assertions; adds Help->Description smoke. |
| tests/TuiVision.Examples.SmokeTests/DemoSmokeTests.cs | Adds multiple new rendered-composition smoke tests + status-line render assertion. |
| tests/TuiVision.Examples.SmokeTests/ClipboardSmokeTests.cs | Adds view-tree + rendered-region assertions; adds Help->Description smoke. |
| tests/TuiVision.Examples.SmokeTests/InteractiveSmokeEventScript.cs | Clarifies quit ownership; adds fluent ThenCommands/ThenEvents. |
| tests/TuiVision.Examples.SmokeTests/ExampleTestBase.cs | Adds buffer->text helpers + rendered buffer/region assertion helpers for primary proof. |
| specs/013-wave2-visual-component-remediation/research.md | Records design decisions for visible proof strategy and governance applicability. |
| specs/013-wave2-visual-component-remediation/checklists/requirements.md | Adds spec-quality checklist evidence for feature readiness. |
| scripts/check-homogeneity.sh | Improves EN-guidance detection; adjusts scans; adds git-scope isolation warnings (JSON-mode output currently problematic). |
| scripts/check-homogeneity.ps1 | Mirrors EN-guidance detection updates in PowerShell variant. |
| README.md | Updates preset version notes to security-governance v0.4.0 + AI-SBOM conditional guidance. |
| Pflichtenheft.md | Adds Wave-2 “sichtbarer Komponenten-Nachweis” milestone and updates next-step marker wording. |
| examples/TProgB/TProgBApp.cs | Adds visible progress window + status line + Help->Description + proof metadata. |
| examples/TProgB/TProgB.csproj | Links shared Wave2Runtime.cs into project. |
| examples/TCombo/TComboApp.cs | Adds visible combo dialog + status line + Help->Description + proof metadata. |
| examples/TCombo/TCombo.csproj | Links shared Wave2Runtime.cs into project. |
| examples/Shared/Wave2Runtime.cs | New shared example-local runtime helpers (menu, status, regions, screen-region mapping). |
| examples/Sdlg2/Sdlg2App.cs | Makes scrollgroup visible/anchored; adds status line + Help->Description + proof metadata. |
| examples/Sdlg2/Sdlg2.csproj | Links shared Wave2Runtime.cs into project. |
| examples/Sdlg/SdlgApp.cs | Makes scrollgroup visible/anchored; adds status line + Help->Description + proof metadata. |
| examples/Sdlg/Sdlg.csproj | Links shared Wave2Runtime.cs into project. |
| examples/README.md | Documents 013 visible-proof expectations for Wave-2 examples. |
| examples/ProgBa/ProgBaApp.cs | Adds visible progress-bar main component + status line + Help->Description + proof metadata. |
| examples/ProgBa/ProgBa.csproj | Links shared Wave2Runtime.cs into project. |
| examples/ListVi/ListViApp.cs | Adds visible list dialog + status line + Help->Description + proof metadata. |
| examples/ListVi/ListVi.csproj | Links shared Wave2Runtime.cs into project. |
| examples/InpLis/InpLis.csproj | Links shared Wave2Runtime.cs into project. |
| examples/DynTxt/DynTxtApp.cs | Adds visible static-text main component + status line + Help->Description + proof metadata. |
| examples/DynTxt/DynTxt.csproj | Links shared Wave2Runtime.cs into project. |
| examples/DlgDsn/DlgDsn.csproj | Links shared Wave2Runtime.cs into project. |
| examples/Demo/Demo.csproj | Links shared Wave2Runtime.cs into project. |
| examples/Clipboard/ClipboardApp.cs | Adds visible input-line main component + status line + Help->Description + proof metadata. |
| examples/Clipboard/Clipboard.csproj | Links shared Wave2Runtime.cs into project. |
| docs/security/zero-trust-applicability.md | Adds 013 N/A rationale. |
| docs/security/threat-model.md | Adds 013 local-scope threat-model note. |
| docs/security/supply-chain-evidence.md | Adds 013 SBOM/VEX/SLSA + AI-SBOM N/A rationale. |
| docs/security/security-checklist.md | Adds 013 applicability table entries. |
| docs/security/samm-assessment.md | Adds 013 SAMM note. |
| docs/security/dependency-audit.md | Adds 013 “no new dependencies” entry. |
| docs/security/asvs-verification.md | Adds 013 ASVS N/A entry. |
| docs/guides/examples/wave2-guide-review-notes.md | Notes 013 guide updates and proof expectations. |
| docs/guides/examples/tprogb.md | Adds 013 visible-proof section. |
| docs/guides/examples/tcombo.md | Adds 013 visible-proof section. |
| docs/guides/examples/sdlg2.md | Adds 013 visible-proof section. |
| docs/guides/examples/sdlg.md | Adds 013 visible-proof section. |
| docs/guides/examples/progba.md | Adds 013 visible-proof section. |
| docs/guides/examples/listvi.md | Adds 013 visible-proof section. |
| docs/guides/examples/inplis.md | Adds 013 visible-proof section. |
| docs/guides/examples/dyntxt.md | Adds 013 visible-proof section. |
| docs/guides/examples/dlgdsn.md | Adds 013 visible-proof section. |
| docs/guides/examples/demo.md | Adds 013 visible-proof section. |
| docs/guides/examples/clipboard.md | Adds 013 visible-proof section. |
| docs/architecture/runtime-view.md | Adds 013 runtime-view addendum describing the 3-layer model. |
| docs/architecture/quality-scenarios.md | Adds 013 quality-scenario addendum for primary proof constraints. |
| docs/architecture/architecture-vision.md | Notes Wave2Runtime.cs is example-internal (no new framework API). |
| docs/architecture/architecture-risks.md | Adds 013 risk review entries. |
| Directory.Build.props | Bumps version fields to 1.13.12.46. |
| .specify/templates/tasks-template.md | Updates security task wording; adds AI-SBOM applicability task. |
| .specify/templates/supply-chain-evidence-template.md | Adds AI-SBOM section and renumbers later sections. |
| .specify/templates/spec-template.md | Adds AI-SBOM and preset applicability requirements; renumbers constraints. |
| .specify/templates/security-checklist-template.md | Adds detailed language-profile checklist section. |
| .specify/templates/secure-coding-language-rules-template.md | New template defining language-specific secure-coding review rules. |
| .specify/templates/plan-template.md | Adds AI-SBOM applicability guidance; adjusts supply-chain evidence wording. |
| .specify/templates/constitution-template.md | Updates preset baseline notes to security-governance v0.4.0 + AI-SBOM guidance. |
| .specify/presets/security-governance/templates/tasks-addendum.md | Expands language-profile list; adds AI-SBOM applicability guidance. |
| .specify/presets/security-governance/templates/supply-chain-evidence-template.md | Adds AI-SBOM evidence section and follow-up pointer. |
| .specify/presets/security-governance/templates/spec-addendum.md | Adds AI-SBOM applicability trigger rules. |
| .specify/presets/security-governance/templates/security-checklist-template.md | Adds language-profile locations + AI-SBOM entry. |
| .specify/presets/security-governance/templates/secure-coding-language-rules-template.md | Expands rules template with multiple languages and MSL caveat. |
| .specify/presets/security-governance/templates/plan-addendum.md | Adds AI-SBOM to standards list; adds AI usage classification step. |
| .specify/presets/security-governance/templates/constitution-addendum.md | Updates secure-coding and supply-chain standards to include AI-SBOM triggers. |
| .specify/presets/security-governance/templates/agent-file-addendum.md | Adds AI-SBOM applicability guidance for agent instructions. |
| .specify/presets/security-governance/README.md | Bumps preset version to 0.4.0; documents AI-SBOM and expanded profiles. |
| .specify/presets/security-governance/preset.yml | Bumps preset metadata to v0.4.0; updates description/tags. |
| .specify/presets/security-governance/commands/speckit.specify.md | Updates checklist to include AI-SBOM. |
| .specify/presets/.registry | Updates registered security-governance version/hash. |
| .specify/integrations/speckit.manifest.json | Updates integration install timestamp. |
| .specify/integrations/opencode.manifest.json | Updates integration install timestamp. |
| .specify/integrations/gemini.manifest.json | Updates integration install timestamp. |
| .specify/integrations/copilot.manifest.json | Updates integration install timestamp. |
| .specify/integrations/codex.manifest.json | Updates integration install timestamp. |
| .specify/integrations/claude.manifest.json | Updates integration install timestamp. |
| .specify/feature.json | Points active feature directory to specs/013... |
| .opencode/command/speckit.specify.md | Normalizes formatting and updates command-name references. |
| .github/agents/speckit.specify.agent.md | Normalizes formatting and updates command-name references. |
| .github/agents/copilot-instructions.md | Refreshes autogenerated timestamp and adds 013 recent-change note. |
| .gemini/commands/speckit.specify.toml | Removes embedded preset block; updates command-name references. |
| .claude/skills/speckit-plan/SKILL.md | Large refresh of skill metadata and workflow outline. |
| .agents/skills/speckit-specify/SKILL.md | Updates skill metadata and command-name references. |
Comment on lines
+420
to
+422
| if $OPT_JSON; then | ||
| printf '{"check":"GIT-SCOPE-001","status":"WARN","message":"~/.gitconfig.d/ fehlt — Scope-Isolierung nicht konfiguriert / missing — scope isolation not configured"}\n' | ||
| fi |
Comment on lines
+427
to
+429
| if $OPT_JSON; then | ||
| printf '{"check":"GIT-SCOPE-002","status":"WARN","message":"includeIf für home-baseline-tmp nicht gefunden / not found for home-baseline-tmp"}\n' | ||
| fi |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Clipboard,Demo,DlgDsn,DynTxt,InpLis,ListVi,ProgBa,Sdlg,Sdlg2,TCombo,TProgB) so each has a real visible main component or stable visual runtime state.examples/Shared/Wave2Runtime.csfor status/menu/layout behavior.Pflichtenheft.md, architecture/security evidence, project statistics, agent guidance, andspecs/013-wave2-visual-component-remediation/pr-evidence.md.Lastenheft_Wave2-Visual-Component-Remediation.013-wave2-visual-component-remediation.md.Validation
Recorded in
specs/013-wave2-visual-component-remediation/pr-evidence.md:dotnet restorePASSdotnet build --configuration ReleasePASS, 0 warnings, 0 errorsdotnet test tests/TuiVision.Examples.SmokeTests/ --configuration ReleasePASS, 89/89dotnet test --configuration ReleasePASS, 494/494dotnet test --configuration Release --collect:"XPlat Code Coverage" --settings coverlet.runsettingsPASS; gate assemblies all above 70 % line coveragedotnet format --verify-no-changesPASSdocfx docfx.jsonPASS, 0 warnings, 0 errorsnpm run test:docfxPASS, 2/2 Playwright/axe smoke testsgit diff --checkPASSScope Guardrails
No Wave-3/Wave-4 behavior, mouse-only path, broad framework redesign, database, external service, network dependency, persistent user history, arbitrary user-file content reads, or new runtime NuGet dependency was added. AI-SBOM remains
N/Abecause AI is only development/agent tooling for this feature.