Skip to content

feat(ui): single compact site-wide privacy notice below the composer#576

Merged
BigSimmo merged 2 commits into
mainfrom
claude/privacy-footer-responsive-adbd0c
Jul 13, 2026
Merged

feat(ui): single compact site-wide privacy notice below the composer#576
BigSimmo merged 2 commits into
mainfrom
claude/privacy-footer-responsive-adbd0c

Conversation

@BigSimmo

Copy link
Copy Markdown
Owner

Summary

The composer stacked two privacy elements (full notice above the pill + a duplicate "Don't enter identifiable patient details." below it), and the answer home hero added a third "Privacy & data handling" link — on phones this burned 3+ lines of dock space. This PR consolidates everything into one compact 11px privacy line rendered once below the composer pill, site wide.

  • PrivacyInputNotice redesign: text-2xs/leading-4, smaller icon, muted link with hover accent; new id/testId props. z-[5] keeps it above the dock backdrop (z-0) but under the command surface (z-10) so the suggestions dropdown covers it instead of bleeding through (latent stacking bug — the dropdown's z-30 is trapped inside the surface's own stacking context).
  • Site-wide, single instance: the notice now renders for every search mode and composer placement (desktop home hero, phone bottom dock, answer thread dock, sticky search), not just answer mode; input aria-describedby is unconditional. Removed the duplicated hero-footer privacy link from the answer empty state and the orphaned composerWarning/composerLinkLabel/noticeAriaLabel copy.
  • Governance copy preserved verbatim (APP-5 / PIA-5): "Do not enter patient-identifiable information." + "Privacy and data processing" → /privacy. Upload-sheet notice unchanged.

Test changes

  • ui-tools @critical: asserts the consolidated notice + link and exactly one /privacy link on the home page (guards future double-ups).
  • ui-smoke: repaired pre-existing drift from feat(rag): remediate clinical retrieval and safety #553 — the test expected an /privacy h1 of "Privacy and data processing" and a "Draft for privacy and clinical-governance approval" badge that never shipped; the page renders "Privacy & data handling" / "This is draft product information…". These 4 viewport tests failed on main before this PR.

Clinical governance preflight

  • No ingestion, answer-generation, search/ranking, document-access, or production-env behaviour changed — UI notice placement + copy-source cleanup only.
  • Privacy notice coverage is expanded (previously answer-mode only; now all query composers), consistent with docs/privacy-impact-assessment.md APP-3/APP-5 notes.

Verification

  • npm run verify:cheap on the rebased base: 1937 tests passed.
  • Typecheck, eslint, prettier clean.
  • Playwright (chromium): @critical PHI-warning test (390px + 1280px) and privacy ui-smoke at mobile / 200% zoom / tablet / desktop — all pass.
  • Screenshot QA across Answer/Documents/Forms homes and the answered dock at phone + desktop widths.

🤖 Generated with Claude Code

The answer composer stacked two privacy elements (full notice above the
pill plus a duplicate warning below it), and the answer home hero added a
third "Privacy & data handling" link — on phones this burned three-plus
lines of dock space.

- Redesign PrivacyInputNotice as one quiet 11px line (text-2xs, smaller
  icon, muted link) and render it once below the pill for every search
  mode and composer placement; input aria-describedby now always points
  at it. z-[5] keeps it above the dock backdrop but under the command
  surface so the suggestions dropdown covers it.
- Remove the duplicated hero-footer privacy link from the answer empty
  state and the orphaned composerWarning/composerLinkLabel copy.
- Tests: assert exactly one /privacy link on the home page; repair the
  pre-existing #553 drift in ui-smoke (/privacy h1 is "Privacy & data
  handling", not "Privacy and data processing").

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@supabase

supabase Bot commented Jul 13, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project sjrfecxgysukkwxsowpy because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

The privacy notice component now owns composer warning content and supports identifiers for accessibility and testing. Composer rendering is conditional by mode, the answer empty state removes its duplicate privacy link, privacy copy is reduced to page labels, and UI tests reflect the updated content.

Changes

Privacy notice flow

Layer / File(s) Summary
Privacy notice contract and presentation
src/components/privacy-input-notice.tsx, src/lib/ui-copy.ts
PrivacyInputNotice gains optional identifiers and compact styling, while composer-specific fields are removed from privacyCopy.
Composer and empty-state integration
src/components/clinical-dashboard/master-search-header.tsx, src/components/clinical-dashboard/answer-status.tsx
The composer renders PrivacyInputNotice when enabled for the current mode, gates aria-describedby to the same condition, and removes the answer empty state’s duplicate privacy link.
Privacy UI validation
tests/ui-smoke.spec.ts, tests/ui-tools.spec.ts
UI assertions are updated for revised privacy-page copy, warning text, link visibility, link count, and accessibility attributes.

Estimated code review effort: 2 (Simple) | ~10 minutes

Sequence Diagram(s)

sequenceDiagram
  participant SearchComposer
  participant GlobalSearchInput
  participant PrivacyInputNotice
  SearchComposer->>PrivacyInputNotice: Render notice for eligible composer modes
  GlobalSearchInput->>PrivacyInputNotice: Reference notice through aria-describedby
  PrivacyInputNotice-->>GlobalSearchInput: Expose warning text and privacy link
Loading

Caution

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

  • Ignore

❌ Failed checks (1 error)

Check name Status Explanation Resolution
Verification Claims ❌ Error PR description includes vague verification claims (“Typecheck, eslint, prettier clean.” / “all pass”) without exact commands and results. Rewrite each claim as explicit evidence, e.g. “Ran npm run verify:cheap: passed” or “Not run: reason,” and avoid unlabeled “clean/pass” statements.
✅ Passed checks (10 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately summarizes the main change: a compact site-wide privacy notice below the composer.
Description check ✅ Passed The description covers the summary, testing, and governance impact, but it doesn't mirror the template's checkbox-style verification list.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Generated And Sensitive Files ✅ Passed PR only changes TS/TSX source and test files; diff scan found no secrets, tokens, private keys, .env files, or build/browser artifacts.
Risky Git Or Deployment Actions ✅ Passed PR only changes privacy UI/tests; diff contains no instructions, scripts, workflows, or docs recommending force-push, reset --hard, destructive clean, branch deletion, or deploy actions.
Supabase Project And Schema Safety ✅ Passed The PR only changes UI components/tests; no Supabase project refs, schema migrations, RLS/policy edits, or env/example files were modified.
Runtime And Package Manager Integrity ✅ Passed No package manager/runtime files changed; package.json still pins npm@11.17.0, Node 24/npm 11, and .npmrc keeps engine-strict=true.
Api Route Failure Handling ✅ Passed PASS: The PR only changes UI/privacy copy/tests; no API route, server action, RAG, search, ingestion, or provider code was modified.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/privacy-footer-responsive-adbd0c
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch claude/privacy-footer-responsive-adbd0c

Comment @coderabbitai help to get the list of available commands.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0036ee46ba

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/components/clinical-dashboard/master-search-header.tsx Outdated
@github-actions

Copy link
Copy Markdown

@codex resolve actionable Codex review findings for this pull request and current head using the repository instructions. This is the pull request's single automatic repair pass: do not perform a fresh review, create new standalone findings, or request another review. Work only the existing unresolved Codex threads on the current head. Always fix P0 and P1 findings. For P2 and lower findings, fix only clear, scoped, low-risk issues; otherwise disposition them with a concise reason. After fixing or dispositioning a thread, reply in that thread with as the first line, followed by a concise summary; that marker authorizes the workflow to close that exact thread. If human input or new authorization is required, do not use the marker and leave the thread open with the blocker. Finish only after every actionable thread is fixed or dispositioned and closed, or explicitly left open for a human decision. Do not update the branch from main, address unrelated reviews, broaden scope, or create more than one scoped fix commit. Do not use external APIs, paid services, credentials, dependency changes, or broad refactors unless explicitly authorized. Add targeted tests where behavior changes and run the narrowest relevant validation.

@chatgpt-codex-connector

Copy link
Copy Markdown

To use Codex here, create a Codex account and connect to github.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
src/components/clinical-dashboard/master-search-header.tsx (1)

1275-1275: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Hardcoded id string duplicated between aria-describedby and the notice's id/testId.

"answer-composer-privacy-warning" is repeated three times (input's aria-describedby at Line 1275, and id/testId at Lines 1329-1330) with no single source of truth. A future rename of one occurrence silently breaks the accessibility wiring without a compile error.

♻️ Suggested fix: extract a shared constant
+const composerPrivacyWarningId = "answer-composer-privacy-warning";
+
 ...
-                aria-describedby="answer-composer-privacy-warning"
+                aria-describedby={composerPrivacyWarningId}
 ...
         <PrivacyInputNotice
-          id="answer-composer-privacy-warning"
-          testId="answer-composer-privacy-warning"
+          id={composerPrivacyWarningId}
+          testId={composerPrivacyWarningId}
           className="mt-1.5 justify-center px-3 text-center"
         />

Also applies to: 1325-1332

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/components/clinical-dashboard/master-search-header.tsx` at line 1275,
Extract the repeated "answer-composer-privacy-warning" value into a shared
constant near the relevant component, then use that constant for the input's
aria-describedby and the privacy notice's id and testId. Update all three
references consistently so the accessibility wiring remains synchronized.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/ui-copy.ts`:
- Around line 108-116: Update the documentation comment above privacyCopy to
remove the obsolete reference to the answer empty-state link, describing only
its current /privacy transparency-page usage while preserving the existing
privacy-impact-assessment and composer/upload warning references.

---

Nitpick comments:
In `@src/components/clinical-dashboard/master-search-header.tsx`:
- Line 1275: Extract the repeated "answer-composer-privacy-warning" value into a
shared constant near the relevant component, then use that constant for the
input's aria-describedby and the privacy notice's id and testId. Update all
three references consistently so the accessibility wiring remains synchronized.
🪄 Autofix (Beta)

❌ Autofix failed (check again to retry)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 647f19e3-1de3-4be1-8459-1e4c7b0b3bb7

📥 Commits

Reviewing files that changed from the base of the PR and between 65a8a0c and 0036ee4.

📒 Files selected for processing (6)
  • src/components/clinical-dashboard/answer-status.tsx
  • src/components/clinical-dashboard/master-search-header.tsx
  • src/components/privacy-input-notice.tsx
  • src/lib/ui-copy.ts
  • tests/ui-smoke.spec.ts
  • tests/ui-tools.spec.ts

Comment thread src/lib/ui-copy.ts Outdated
@BigSimmo
BigSimmo enabled auto-merge (squash) July 13, 2026 11:27
@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Note

Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it.

⚠️ Branch updated during autofix.

The branch was updated while autofix was in progress. Please try again.

- Skip the composer privacy notice on phone non-answer result docks:
  those paths reserve pill-only scroll clearance (5rem dashboard compact
  branch, 5.5rem standalone shell), so the extra line pushed the fixed
  dock over the last result. Entry composers for those flows still show
  the notice; answer docks keep it (reserves were sized for the old
  taller stack). aria-describedby now matches the render gate.
- Extract the shared composer privacy-warning id into a constant so the
  aria wiring and notice id cannot drift.
- Drop the stale "answer empty-state link" reference from the privacyCopy
  doc comment.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@BigSimmo

Copy link
Copy Markdown
Owner Author

@coderabbitai resolve

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Comments resolved and changes approved.

@BigSimmo
BigSimmo merged commit 7ecade0 into main Jul 13, 2026
19 checks passed
BigSimmo added a commit that referenced this pull request Jul 13, 2026
The Answer and Documents mode homes asserted "Source backed" before any
question was asked, which overstates a corpus whose per-document
validation status varies (unverified / review-due documents exist and
are labelled on results). Describe the mechanism instead: "Searches
indexed clinical sources". Per-answer "Source-backed" labels that
reflect an actual grounding verdict are unchanged.

The PT-04 composer-warning size tweak was superseded by #576's single
compact site-wide privacy notice and is intentionally not re-applied.

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
@BigSimmo
BigSimmo deleted the claude/privacy-footer-responsive-adbd0c branch July 13, 2026 18:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant