fix: clean up disabled wrapper ARIA#541
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot couldn't run its full agentic review because no GitHub Actions runner was available. Make sure your repository has a runner available to run Copilot's review, or add a copilot-setup-steps.yml file specifying one with the runs-on attribute. See the docs for more details.
Removes invalid ARIA on focusable wrappers around disabled controls, hides decorative icons from assistive tech, and refreshes RustSec/OSV ignore policy files to keep security checks passing.
Changes:
- Removed
role="button"/aria-disabledfrom focusable tooltip wrappers around disabled buttons. - Added
aria-hidden="true"to decorative Lucide icons in workspace UI. - Added new RustSec ignore entries to both
osv-scanner.tomland Cargo audit config.
Reviewed changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| apps/desktop/src/features/workspace/Workspace.tsx | Removes invalid wrapper ARIA and hides decorative Download icons. |
| apps/desktop/src/features/workspace/SectionRoadmap.tsx | Hides decorative status icons from assistive tech. |
| apps/desktop/src/features/workspace/RoleSwitcher.tsx | Hides decorative Users icon from assistive tech. |
| apps/desktop/src/App.tsx | Removes invalid ARIA from disabled-control wrappers while keeping focus/title behavior. |
| apps/desktop/src/App.test.tsx | Updates assertion to match removal of wrapper role="button". |
| apps/desktop/src-tauri/osv-scanner.toml | Adds new ignored RustSec advisories for quick-xml. |
| apps/desktop/src-tauri/.cargo/audit.toml | Mirrors the same ignored RustSec advisories for Cargo audit. |
| .Jules/palette.md | Documents the rationale for avoiding role="button" on wrappers around buttons. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
OpenCode Review Overview
Pull request overviewOpenCode reviewed the current-head bounded evidence and found no blocking issues. FindingsNo blocking findings. SummaryApproval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Changed-File Evidence Mapflowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Changed file (7 files)"]
S1 --> I1["repository behavior"]
I1 --> R1["Review risk: Changed file (7 files)"]
R1 --> V1["required checks"]
|
There was a problem hiding this comment.
Pull request overview
OpenCode reviewed the current-head bounded evidence and found no blocking issues.
Findings
No blocking findings.
Summary
Approval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including .Jules/palette.md, apps/desktop/src-tauri/osv-scanner.toml, apps/desktop/src/App.test.tsx, apps/desktop/src/App.tsx, apps/desktop/src/features/workspace/RoleSwitcher.tsx, and 2 more.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports supported repository test suites passed.
Docstring coverage: coverage execution evidence reports configured repository docstring gates passed or docstring coverage was advisory.
DAG: CodeGraph/source-backed behavior map connects .Jules/palette.md to the affected review, runtime, or workflow path and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, current-head workflow evidence, and, where numeric, scientific, statistical, or literature-backed claims are affected, original-paper/formula evidence and parameter-recovery expectations were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions, object naming, and reserved-word safety for schema/API/config/code surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, test, setup, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: connected user, operator, API, CLI, documentation, review-comment, status-check, rendering, and workflow-reader behavior was checked for contradictions against code, docs, and tests in bounded evidence.
Visual/DOM: Playwright visual, DOM locator, ARIA snapshot, console, and responsive evidence were checked when a web UI surface was present; for non-web surfaces, API/CLI/log/docs/workflow interaction evidence was reviewed instead.
Accessibility/i18n: accessibility, localization, and human-readable text surfaces were checked where UI, CLI, API message, docs, logs, or review text changed.
Supply-chain/license: dependency, package, model, container, and external-tool changes were checked in bounded evidence.
Packaging: package, build, test, lint, and security contracts were checked in bounded evidence.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.
- Result: APPROVE
- Reason: Accessibility improvements with full test coverage
- Head SHA:
1e8288d58e86154d1608687087b9df4bd9a1ed68 - Workflow run: 28627355687
- Workflow attempt: 1
Changed-File Evidence Map
flowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Changed file (7 files)"]
S1 --> I1["repository behavior"]
I1 --> R1["Review risk: Changed file (7 files)"]
R1 --> V1["required checks"]
Summary
role="button"/aria-disabledfrom disabled button tooltip wrappers while preserving focus/title affordancesSupersedes
Supersedes #540. That Palette branch repeatedly rewrote its head after security policy refresh commits (
a607135,230f1de), dropping the required RustSec/OSV policy files. This clean branch is based ondevelopand keeps the same product accessibility intent on a stable branch.Verification
python3 scripts/checks/verify_supply_chain.pynpm run check:security-notesgit diff --cached --checknpm exec --workspace @bandscope/desktop -- vitest run App.test.tsx --coverage.enabled=falseNote:
npm run test --workspace @bandscope/desktop -- App.test.tsxran 56/56 App tests successfully, but exits 1 for single-file coverage thresholds; the no-coverage Vitest command above is the targeted behavioral check.