Gap analysis — dev-review-portal (2026-06-15)

Target: A near-mindless, self-feeding, trustworthy review cockpit: Cam runs nothing, only sees material changes, and an approve means the surface actually works.

Constraint gap: G1

2 minor 5 serious · 7 total

Gaps

id	gap	target	current	severity	effort	evidence
G1	auto-feed is manual	cockpit fresh without anyone remembering	`pnpm cockpit` is human-run; dev-design Step 7 mentions it but no hook/pulse fires it	serious	S	spec.md v2-1; no PreCompact/Stop hook runs `cockpit`
G2	manifest is not the review-identity SoT	verdicts keyed by run+gitHead; broken & capture-fails shown	verdict keyed by bare slug (stale approvals); 2xx→4xx hidden as "not built"; capture-fails vanish	serious	M	review-portal.mjs setv() keys `riv-<slug>`; spec.md v2-2
G3	no bless→baseline	"before" = the last state Cam blessed + its commit	"before" = whatever full set is adjacent by mtime; window floats	serious	S	review-portal.mjs beforeDir picker; spec.md v2-3
G4	route coverage is a hardcoded list	every real route (incl marketing/pSEO/dynamic)	ANON/AUTHED arrays hand-coded in webapp-shots.mjs; `/compare`,`/use-cases`,`/p/[id]` absent	minor	M	webapp-shots.mjs route arrays; spec.md v2-4
G5	no write-back server	verdicts.json agent-readable + reshoot + live-refresh	verdicts are browser-local localStorage only	serious	M	review-portal.mjs localStorage; spec.md v2-5
G6	no flow-proof	a Playwright happy-path asserts the surface WORKS	"Looks right" is a static screenshot only	serious	L	dev-design Step 6; spec.md v2-6
G7	esc() is HTML-safe not JS-string-safe	no inline-handler injection risk	`onclick="zoom('...')"` single-quotes unescaped (safe only by clean filenames)	minor	S	review-portal.mjs esc() + onclick

Close order — leverage-sequenced (feeds triage)

G1 (the constraint) — an unfed cockpit is the 4th dead gallery regardless of how good it is; a Stop-hook / pulse that runs pnpm cockpit is the survival move.
G3 — bless→baseline (~10 lines, no server) makes "material change" stop floating; cheap + unblocks trust.
G2 — manifest = review-identity SoT (stale-verdict invalidation + show broken/capture-fails); the trust core.
G5 — the write-back server (closes the agent-readable loop) — only worth it after the feed (G1) + trust (G2/G3).
G6 — flow-proof for the produce-spine surfaces (Create/Compose/Result), where a static approve is worth least.

Parked (mondo / not-now)

G4 (route-discovery) — real but low-stakes; revisit once the marketing/pSEO routes matter for review.
G7 (JS-string escaping) — harden when handler inputs stop being clean filenames; emit JSON + listeners then.

rendered from docs/reviews/2026-06-15-gap-dev-review-portal.md · re-run `pnpm gap-report` after editing the markdown (source of truth)