Step 3 (production-readiness): PII storage, validated reads, seams
Implement-now:
- G1: keep PII out of persistent storage — never persist BSN (only `naam`);
move both wizard drafts (address/email, work data) localStorage → sessionStorage
so they clear on tab close.
- G2: validate storage reads before trusting the cast — shape/tag guard in every
restore() (mirrors the parse* HTTP boundary); corrupt/foreign shape → start fresh.
- G3: already satisfied (debug-state redacts via mask.ts).
Show-the-seam (hook + doc, not fully built):
- G4: problemFieldErrors() maps a server validation envelope (ASP.NET
ValidationProblemDetails `errors`) to the field-keyed map the wizards already
render; returns {} until the backend sends it. +spec.
- G5: documented the retry/backoff seam at the adapter GET loader; reads may
retry, mutating submits never do.
Out of scope (named): unsaved-changes warning (persistence prevents data loss),
real auth/tokens, axe-core in CI.
Gate green: lint, check:tokens, build, test 79/79.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -15,6 +15,12 @@ export class DashboardViewAdapter {
|
||||
|
||||
// The value is still untrusted JSON — parseDashboardView validates it at the
|
||||
// boundary and maps DTO → domain before the app uses it.
|
||||
//
|
||||
// SEAM (G5): retry-with-backoff for non-mutating reads wraps the loader here —
|
||||
// e.g. `loader: () => withBackoff(() => this.client.dashboardView())` — since the
|
||||
// adapter is the single place HTTP lives. Reads are safe to retry; MUTATING calls
|
||||
// (the submit-* commands) must NEVER auto-retry — and don't. Manual retry
|
||||
// (resource.reload via <app-async>) covers the UX today, so backoff stays unbuilt.
|
||||
dashboardViewResource() {
|
||||
return resource({ loader: () => this.client.dashboardView() });
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user