fix: repoint dangling doc references and add a doc-ref guard (#653)

Repoint or remove docstring / comment / pre-commit citations to docs that
no longer exist (docs/ux/pwa.md, pwa.md, theming.md, ACCEPTANCE.md,
REVIEW_CHECKLIST.md, docs/threat-model.md) so they target the surviving
ARCHITECTURE.md / SECURITY.md sections. (conf.py's docs/ux/pwa.md cites
were fixed alongside the comment cleanup in the preceding commit.)

Add tests/test_doc_refs.py plus a pre-commit hook that fails when a *.md
file or §N section cited in the package source, tests, or
.pre-commit-config.yaml no longer exists, so this defect class can't
recur. Also drop the black + isort pre-commit hooks per #651/#652.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: martin-castro-laminr-ai

.pre-commit-config.yaml

@@ -5,13 +5,13 @@
 #   pre-commit install
 #
 # Then every `git commit` runs these hooks against the staged diff.
-# Anything below the [BLOCK] threshold in
-# `docs/agents/security-expert/REVIEW_CHECKLIST.md` §1 aborts the commit.
+# The security rules these enforce are documented in `SECURITY.md` §3.
 #
 # This file is the commit-time half of the quality gate, run together
 # with `scripts/lint.sh` before a PR. CI (`.github/workflows/ci.yml`)
-# currently runs the test suites, not these hooks; wiring the lint/security
-# hooks into CI is a follow-up (#452).
+# runs the Python lint gate (ruff check + ruff format --check + mypy +
+# bandit) and the test suites; these hooks add the secret-scan + pygrep
+# house rules at commit time.
 
 repos:
   # -------------------------------------------------------------------
@@ -24,7 +24,9 @@ repos:
         args: ["protect", "--staged", "--no-banner", "--redact"]
 
   # -------------------------------------------------------------------
-  # Python formatting + linting (same tools scripts/lint.sh uses).
+  # Python lint + format + import order — Ruff is the single source of
+  # truth (#651/#652). Black, standalone isort, and flake8 were removed;
+  # ruff-format owns formatting and the `I` rules own import sorting.
   # -------------------------------------------------------------------
   - repo: https://github.com/astral-sh/ruff-pre-commit
     rev: v0.6.9
@@ -35,18 +37,6 @@ repos:
       - id: ruff-format
         files: ^(django_admin_react|tests|examples)/
 
-  - repo: https://github.com/psf/black-pre-commit-mirror
-    rev: 24.8.0
-    hooks:
-      - id: black
-        files: ^(django_admin_react|tests|examples)/
-
-  - repo: https://github.com/pycqa/isort
-    rev: 5.13.2
-    hooks:
-      - id: isort
-        files: ^(django_admin_react|tests|examples)/
-
   # -------------------------------------------------------------------
   # Python security lint (bandit). Runs only over the package, not tests
   # (asserts in tests are fine and would otherwise be noisy).
@@ -63,18 +53,17 @@ repos:
 
   # -------------------------------------------------------------------
   # House rules — local hooks that enforce package-specific invariants
-  # from docs/agents/security-expert/REVIEW_CHECKLIST.md.
+  # from SECURITY.md §3.
   # -------------------------------------------------------------------
   - repo: local
     hooks:
       # No partial / redacted token references anywhere in the diff.
       #
       # The `exclude` list covers the small set of files that
       # legitimately *document* the forbidden patterns (e.g., the
-      # rule itself in SECURITY.md / ACCEPTANCE.md, the review
-      # checklist, the security test that scans for them, and forum
-      # review files that quote the rule when reviewing it). All
-      # other files in the repo MUST be free of these substrings.
+      # rule itself in SECURITY.md and the security test that scans for
+      # them). All other files in the repo MUST be free of these
+      # substrings.
       - id: no-partial-tokens
         name: No partial token redactions (e.g., ghp_…XYZ)
         language: pygrep
@@ -83,10 +72,7 @@ repos:
         exclude: |
           (?x)^(
             SECURITY\.md
-            |ACCEPTANCE\.md
             |\.pre-commit-config\.yaml
-            |docs/threat-model\.md
-            |docs/agents/security-expert/.*
             |tests/test_security\.py
             |scripts/README\.md
           )$
@@ -118,3 +104,12 @@ repos:
         language: pygrep
         entry: "from ['\"]@dar/api['\"]"
         files: '^frontend/packages/(list|details|models|shell)/'
+
+      # Doc-reference integrity (#653): fail if a docstring/comment cites
+      # a *.md file or §N section that no longer exists.
+      - id: doc-ref-guard
+        name: No dangling *.md / §N doc references
+        language: system
+        entry: poetry run pytest tests/test_doc_refs.py -q
+        pass_filenames: false
+        files: '\.(py|yaml)$'

django_admin_react/pwa.py

@@ -1,7 +1,7 @@
 """PWA surface: web app manifest + service worker (Issue #86).
 
-Wire/UX contract: ``docs/ux/pwa.md``. The Security lane owns this
-surface because its load-bearing properties are security ones:
+Frontend build/ship context: ``ARCHITECTURE.md`` §5.4. The Security lane
+owns this surface because its load-bearing properties are security ones:
 
 - The **manifest** (``<mount>/web.manifest``) is served unauthenticated
   (the install prompt fires before login) and is computed at request
@@ -15,8 +15,7 @@
   no-store`` (so the package's no-store API reads are never cached),
   never caches non-GET requests (mutation safety), and exposes a
   cache-purge message used on logout so read-cached payloads can't
-  outlive the session (``pwa.md`` §5 — defense-in-depth atop session
-  expiry).
+  outlive the session (defense-in-depth atop session expiry).
 
 Both views live **outside** ``api/`` because they're served at the
 mount root, not under ``api/v1/``, and the manifest is intentionally
@@ -33,13 +32,13 @@
 from django.shortcuts import render
 from django.views.generic import View
 
-from django_admin_react import conf as dar_conf
-
 # Re-use the API package's admin-site lookup (this repo implements no
 # API; the registry helper lives there). The PWA only needs the active
 # `AdminSite.name` for the manifest's start URL.
 from django_admin_rest_api.api.registry import get_admin_site
 
+from django_admin_react import conf as dar_conf
+
 # Theme colours keyed by the resolved colour scheme. Kept here (not in
 # the SPA's CSS-var system) because the manifest is rendered server-side
 # before any CSS loads; these are the install-banner / splash colours
@@ -79,7 +78,7 @@ def _mount(request: HttpRequest, suffix: str) -> str:
 def _resolved_scheme(request: HttpRequest) -> str:
     """Resolve light/dark from the ``Sec-CH-Prefers-Color-Scheme`` hint.
 
-    Pairs with the theming client-hint path (``theming.md`` §2). Any
+    Pairs with the theming client-hint path (``ARCHITECTURE.md`` §5.3). Any
     value other than a case-insensitive ``"dark"`` resolves to light —
     the safe, neutral default when the hint is absent or unexpected.
     """
@@ -93,7 +92,7 @@ class ManifestView(View):
     Unauthenticated by design (the install prompt needs it pre-login).
     Carries no per-user data; every field is static or mount-/header-
     derived. ``Cache-Control: no-store`` is **not** set — the manifest
-    is deliberately cacheable/network-first (``pwa.md`` §2.1).
+    is deliberately cacheable/network-first.
     """
 
     http_method_names = ["get"]

tests/test_doc_refs.py

@@ -0,0 +1,113 @@
+"""Referential-integrity guard for documentation citations (#653).
+
+Docstrings and comments in this package cite docs by filename
+(``ARCHITECTURE.md``) and by section (``§4.5``). A doc reorg once left a
+trail of dangling citations to deleted files (``docs/ux/pwa.md``,
+``theming.md``, ``ACCEPTANCE.md``, …) — this test fails fast when a cite
+points at a ``*.md`` file or a ``§N`` section heading that no longer
+exists, so the defect class can't recur.
+
+Scope: the package source, the test suite, and ``.pre-commit-config.yaml``
+(it carries doc citations too). It is intentionally simple and fast — a
+regex sweep, no network, no imports of the cited docs.
+"""
+
+from __future__ import annotations
+
+import re
+from pathlib import Path
+
+_REPO_ROOT = Path(__file__).resolve().parent.parent
+_THIS_FILE = Path(__file__).resolve()
+
+# Files whose comments/docstrings we scan for citations. This guard file is
+# excluded from its own scan — it legitimately quotes the (historically
+# dangling) doc names it exists to forbid.
+_SCANNED_FILES: list[Path] = [
+    *sorted((_REPO_ROOT / "django_admin_react").rglob("*.py")),
+    *(p for p in sorted((_REPO_ROOT / "tests").rglob("*.py")) if p.resolve() != _THIS_FILE),
+    _REPO_ROOT / ".pre-commit-config.yaml",
+]
+
+# A cited Markdown doc, e.g. ``ARCHITECTURE.md`` or ``docs/ux/pwa.md``.
+# Captures an optional path prefix so ``docs/foo.md`` resolves relative to
+# the repo root, while a bare ``FOO.md`` may live anywhere in the tree.
+_MD_REF_RE = re.compile(r"(?<![\w./-])((?:[\w./-]+/)?[A-Za-z0-9_-]+\.md)\b")
+
+# A cited section, e.g. ``§4.5`` or ``§3``. The doc it belongs to is the
+# nearest preceding ``*.md`` cite on the same line (the repo's convention
+# is ``ARCHITECTURE.md §4.5``).
+_SECTION_RE = re.compile(r"§\s*([\d]+(?:\.[\dA-Za-z]+)*)")
+
+
+def _iter_lines() -> list[tuple[Path, int, str]]:
+    out: list[tuple[Path, int, str]] = []
+    for path in _SCANNED_FILES:
+        if not path.is_file():
+            continue
+        for lineno, line in enumerate(path.read_text("utf-8").splitlines(), start=1):
+            out.append((path, lineno, line))
+    return out
+
+
+def _resolve_md(ref: str) -> bool:
+    """True if a cited ``*.md`` reference resolves to a real file."""
+    # Path-qualified (``docs/ux/pwa.md``): resolve from the repo root.
+    if "/" in ref:
+        return (_REPO_ROOT / ref).is_file()
+    # Bare filename (``ARCHITECTURE.md``): match anywhere in the tree,
+    # skipping vendored / build dirs.
+    skip = {"node_modules", ".git", "dist", ".venv", "__pycache__"}
+    for candidate in _REPO_ROOT.rglob(ref):
+        if not any(part in skip for part in candidate.parts):
+            return True
+    return False
+
+
+def _section_exists(doc: Path, section: str) -> bool:
+    """True if ``doc`` has a heading for ``§section`` (e.g. ``## 4.5``)."""
+    text = doc.read_text("utf-8")
+    # Headings look like ``## 4. Backend design`` or ``### 4.5 URL mounting``.
+    pattern = re.compile(rf"^#{{1,6}}\s+{re.escape(section)}(?:[.\s]|$)", re.MULTILINE)
+    return bool(pattern.search(text))
+
+
+def test_no_dangling_md_references() -> None:
+    """Every cited ``*.md`` file in the scanned sources exists."""
+    failures: list[str] = []
+    for path, lineno, line in _iter_lines():
+        for match in _MD_REF_RE.finditer(line):
+            ref = match.group(1)
+            if not _resolve_md(ref):
+                rel = path.relative_to(_REPO_ROOT)
+                failures.append(f"{rel}:{lineno} cites missing doc {ref!r}")
+    assert not failures, "Dangling Markdown references:\n" + "\n".join(failures)
+
+
+def test_no_dangling_section_references() -> None:
+    """Every ``§N`` cite resolves to a heading in the doc named on its line."""
+    failures: list[str] = []
+    for path, lineno, line in _iter_lines():
+        sections = _SECTION_RE.findall(line)
+        if not sections:
+            continue
+        md_refs = _MD_REF_RE.findall(line)
+        if not md_refs:
+            # A §N with no doc named on the same line — can't verify which
+            # doc it belongs to, so we don't guess. The repo convention
+            # always names the doc; flag the orphan so it gets fixed.
+            rel = path.relative_to(_REPO_ROOT)
+            cited = "/".join("§" + s for s in sections)
+            failures.append(f"{rel}:{lineno} cites {cited} with no doc on the line")
+            continue
+        # The section belongs to the last doc named before it on the line.
+        doc_ref = md_refs[-1]
+        doc_path = _REPO_ROOT / doc_ref
+        if not doc_path.is_file():
+            # The missing-file case is already covered by the other test.
+            continue
+        for section in sections:
+            if not _section_exists(doc_path, section):
+                rel = path.relative_to(_REPO_ROOT)
+                failures.append(f"{rel}:{lineno} cites {doc_ref} §{section} — no such heading")
+    assert not failures, "Dangling section references:\n" + "\n".join(failures)