> For the complete documentation index, see [llms.txt](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase31-session06-demo-qa-and-privacy-verification/code-review.md).

# Code Review and Repair Report

**Session ID**: `phase31-session06-demo-qa-and-privacy-verification` **Reviewed**: 2026-06-24 **Scope**: All uncommitted changes in the working tree **Result**: RESOLVED

## Review Surface

**Files reviewed** (all uncommitted changes):

* `.spec_system/state.json` - tracked-modified
* `.spec_system/specs/phase31-session06-demo-qa-and-privacy-verification/spec.md` - untracked
* `.spec_system/specs/phase31-session06-demo-qa-and-privacy-verification/tasks.md` - untracked
* `.spec_system/specs/phase31-session06-demo-qa-and-privacy-verification/implementation-notes.md` - untracked
* `.spec_system/specs/phase31-session06-demo-qa-and-privacy-verification/code-review.md` - untracked review artifact
* `package.json` - tracked-modified
* `public/README_public.md` - tracked-modified
* `scripts/demo/scan-pages-demo.ts` - untracked
* `scripts/lib/pages-demo-routes.ts` - untracked
* `scripts/lib/pages-demo-privacy-scan.ts` - untracked
* `scripts/lib/pages-demo-snapshot.ts` - tracked-modified
* `scripts/lib/__tests__/pages-demo-routes.test.ts` - untracked
* `scripts/lib/__tests__/pages-demo-privacy-scan.test.ts` - untracked
* `scripts/lib/__tests__/pages-demo-snapshot.test.ts` - tracked-modified
* `src/components/home/knowledge-graph-section.tsx` - tracked-modified
* `src/components/home/__tests__/knowledge-graph-section.test.tsx` - tracked-modified
* `tests/e2e/pages-demo-routes.spec.ts` - untracked

**Inventory commands**: `git status`, `git diff HEAD`, `git diff --cached`, `git ls-files --others --exclude-standard`

## Findings by Severity

### Critical

* None.

### High

* None.

### Medium

* None.

### Low

* `scripts/lib/__tests__/pages-demo-privacy-scan.test.ts:134` - The generated-dist scanner exposed `includeApplicationBundles`, but the unit suite only asserted the default skip behavior. This left the opt-in JS bundle scan path unproven. | Fix: Added coverage that enables bundle scanning and verifies a `/__*` bridge literal in `assets/bundle.js` fails the scan. | Status: FIXED
* `scripts/lib/pages-demo-privacy-scan.ts:52`, `scripts/lib/pages-demo-routes.ts:73`, `tests/e2e/pages-demo-routes.spec.ts:65` - New session files did not fully match the repository Prettier formatting rules, causing `bun run lint` and scoped format checks to fail. | Fix: Ran Prettier on the uncommitted Session 06/source files only. | Status: FIXED

## Assumptions and Deliberate Non-Fixes

* `bun run format:check` still fails on `.spec_system/specs/phase31-session04-extensions-and-agent-routes/IMPLEMENTATION_SUMMARY.md`. That file is committed, unchanged, and outside this session's uncommitted review surface, so it was not reformatted during `creview`.
* Generated application JS bundles remain skipped by default in `demo:scan:pages`; runtime `/__*` request enforcement is covered by the static Pages Playwright smoke suite, and the explicit `includeApplicationBundles` scanner path is now tested.

## Behavior Changes

* Public-demo home Knowledge Graph behavior remains changed by the session implementation: `KnowledgeGraphSection` now passes `demoMode: true` to `useKnowledgeGraph` when `VITE_AI_OS_PUBLIC_DEMO` is enabled, preventing hosted Pages routes from requesting local graph bridge endpoints.

## Verification

* Tests: `bun run test -- scripts/lib/__tests__/pages-demo-routes.test.ts scripts/lib/__tests__/pages-demo-privacy-scan.test.ts scripts/lib/__tests__/pages-demo-snapshot.test.ts src/routes/__tests__/public-demo-routes.test.tsx src/components/home/__tests__/knowledge-graph-section.test.tsx` - PASS - 5 files, 29 tests passed.
* Tests: `PLAYWRIGHT_BASE_URL=http://127.0.0.1:8789 PLAYWRIGHT_REUSE_EXISTING_SERVER=true bunx playwright test tests/e2e/pages-demo-routes.spec.ts` - PASS - 24 route smoke tests passed against `wrangler pages dev demo-website/dist`.
* Build: `bun run demo:build:pages` - PASS - Pages demo dist assembled with 199 files, 192 promoted client files, and 7 copied public files.
* Privacy scan: `bun run demo:scan:pages` - PASS - fixtures: 5 scanned, 0 issues; dist: 13 scanned, 186 skipped, 0 issues.
* Linter: `bun run lint` - PASS.
* Formatter: `bunx prettier --check` on all uncommitted Session 06/source files - PASS.
* Formatter: `bun run format:check` - FAIL - one pre-existing committed file outside the uncommitted review surface remains unformatted; see deliberate non-fix.
* Type checker: `bun run typecheck` - PASS.
* Type checker: `bun run typecheck:scripts` - PASS.
* Whitespace: `git diff --check` - PASS.
* Encoding: changed tracked and untracked files ASCII-only - PASS.
* Line endings: changed tracked and untracked files LF-only - PASS.
* Final diff re-read: no remaining issues in the uncommitted review surface.

## Summary

1. Reviewed 17 uncommitted files covering the Session 06 spec artifacts, shared route matrix, privacy scanner, CLI, route smoke test, package script, snapshot metadata integration, public README wording, and home Knowledge Graph public-demo guard.
2. Findings: 0 critical, 0 high, 0 medium, 2 low; all review-scope findings resolved.
3. Deliberately did not reformat one older committed Session 04 summary because it is outside this uncommitted review surface.
4. Verification passed for focused tests, static Pages smoke, Pages build, privacy scan, lint, scoped format, type checks, whitespace, ASCII, and LF checks.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase31-session06-demo-qa-and-privacy-verification/code-review.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
