Scans a target LiveView app's source for the KERNEL invariants that predict interaction bugs under DOM patching, and reports candidate risk sites.
mix live_interaction_contracts.audit --path /path/to/app
mix live_interaction_contracts.audit --path . --out interaction-audit.mdThis is advisory — it produces a candidate list (file:line), not a verdict. High-confidence rules are syntactic; the low-confidence ones (marked) need human review because they depend on server-side dataflow the scan cannot see.
Rules (each maps to a frozen contract):
- R1 reflected-attribute write without protection (KERNEL rule 1.3 / CURSOR §focus,
REFERENCE_POPOVER): a JS hook
setAttribute("aria-*"|"data-active"|"data-state")whose element likely has noJS.ignore_attributes— a patch touching it strips the attribute. High confidence when the repo has zero ignore_attributes. - R2
phx-update="ignore"scope (KERNEL Delegation): flags each site to check it does not wrap server-rendered dynamic content (interpolation / comprehension), whichignorewould then freeze. - R3 roving tabindex in a patchable list (CURSOR_CONTRACT):
tabindexon a non-form element, esp. nearrole="option|menuitem|treeitem"— not patch-safe; prefer aria-activedescendant. - R4 inventory: every
phx-hook,<dialog>/showModal/modal wrapper, and templatearia-expanded/aria-activedescendant— the interaction surface map. - R5 (low confidence) client event names that look like open/close/toggle reaching
the server via
pushEvent— candidates for "server derives canonical open state from a lossy signal" (Observation contract). Human review required.