chore: mobile visreg

[cb-ekuersch]

What changed? Why?

Replaces the legacy Detox-based packages/ui-mobile-visreg package with a new, simpler approach: Maestro for screenshot capture and BrowserStack App Percy for visual comparison.

The old Detox setup required specialized native builds with injected gray-box test code, making the build matrix complex (8 variations) and CI slow. Maestro navigates the app via deep-links and calls takeScreenshot — no special native build required. The standard release prebuild is used directly, and CI patches the JS bundle rather than doing a full native rebuild on every run.

Percy project: https://percy.io/d424b72f/web/cds-mobile-visreg-03c97426

Key Changes

New packages/mobile-visreg

• Orchestrates Maestro flows that deep-link to each component route (:///Debug), wait for animations, and capture a PNG
• Explicit route opt-in list (config/enabled-routes.mjs) — 44 routes currently enabled
• Nx targets: setup (install Maestro), ios, android (capture), upload (Percy)
• Percy integration for visual diffing across branches

Removed legacy packages/ui-mobile-visreg

• Deleted the old Detox-based package (~1,500 lines removed), its Docker setup, and the apps/mobile-app/e2e/ test suite

Deep-link navigation fix (apps/mobile-app/src/App.tsx)

• Added getStateFromPath + getActionFromState using CommonActions.reset so that each deep-link fully resets the navigation stack — prevents previously-open modals from persisting into the next route's screenshot

CI workflow (.github/workflows/visreg-mobile.yml)

• Runs on pushes to master and on PRs labeled visreg-mobile
• Patches the JS bundle into the committed iOS prebuild (avoids 8+ min native rebuild in CI)
• Uploads screenshots to Percy; posts the Percy build URL as a PR comment

Documentation

• Rewrote packages/mobile-visreg/README.md with full workflow, Nx target reference, and Percy setup guide
• Updated apps/mobile-app/docs/prebuilds.md to remove Detox references and document the new visreg approach

Screenshots

Percy job comparing master and v9	GHA actions

Testing

How has it been tested?

In addition to running the test suite locally with my simulator I performed and full end to end test run by uploading screenshots to percy from my machine from both master and v9 visreg branches.

Sample comparison build: https://percy.io/d424b72f/web/cds-mobile-visreg-03c97426/builds/47997661/changed/2548746021?browser=chrome&browser_ids=63%2C69%2C70%2C71&group_snapshots_by=similar_diff&subcategories=approved&test_case_ids=&viewLayout=side-by-side&viewMode=new&width=1206&widths=1206

• Unit tests
• Interaction tests
• Pseudo State tests
• Manual - Web
• Manual - Android (Emulator / Device)
• Manual - iOS (Emulator / Device)

Testing instructions

If you plan to test uploading screenshots from your machine, the the percy token from our project.

1. yarn nx run mobile-visreg:setup (install Maestro, one-time)
2. yarn nx run mobile-app:build:ios-release && yarn nx run mobile-app:launch:ios-release
3. yarn nx run mobile-visreg:ios — verify screenshots appear in packages/mobile-visreg/visreg-screenshots/
4. PERCY_TOKEN=app_xxx yarn nx run mobile-visreg:upload — verify build appears in Percy dashboard

Illustrations/Icons Checklist

Required if this PR changes files under packages/illustrations/** or packages/icons/**

• verified visreg changes with Terran (include link to visreg run/approval)
• all illustration/icons names have been reviewed by Dom and/or Terran

Change management

type=routine
risk=low
impact=sev5

automerge=false

[cb-heimdall]

✅ Heimdall Review Status

Requirement	Status	More Info
Reviews	✅ 1/1	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 1 Global minimum 0 Max 1 1 1 if commit is unverified 0 Sum 1
CODEOWNERS	✅ See below

✅ CODEOWNERS

Code Owner	Status	Calculation
ui-systems-eng-team	✅ 1/1	Denominator calculation Additional CODEOWNERS Requirement Show calculation Sum 0 0 From CODEOWNERS 1 Sum 1

In general, the fix is to avoid constructing a single shell command string and instead call execFileSync (or spawnSync) with the command and its arguments as separate array elements. This way, Node passes arguments directly to the process without an intervening shell, so special characters in paths or environment values cannot change command structure. For this code, the best fix is to change the Maestro invocation so that maestro is the executable and the rest of the tokens (test, flowPath, --env, KEY=VALUE) are elements in an array, then use execFileSync instead of execSync. This preserves functionality but removes shell interpretation.

Concretely in packages/mobile-visreg/src/run.mjs:

• Add execFileSync to the import from child_process.
• Replace the string-building cmd line with an array of arguments: ['test', flowPath, ...envFlags.flatMap(e => ['--env', e])].
• Replace the execSync(cmd, ...) call with execFileSync('maestro', args, { stdio: 'inherit', cwd: outputDir });.
• Keep the existing console log of the human-readable command string (or reconstruct it from the args) for visibility if desired, but this log should not be executed by the shell.

The earlier execSync that runs node src/generate-flows.mjs ${platform} is technically similar, but it does not involve the tainted flowPath/absolute path and only injects platform (which is limited to 'ios' by default or whatever the caller supplies). Since CodeQL’s specific alerts here are about the Maestro command, we will leave that first execSync unchanged to avoid unrequested behavioral changes.

In general, to fix shell command injection or misinterpretation issues, avoid constructing a single shell command string that includes untrusted values. Instead, invoke the underlying program directly (bypassing the shell) and pass untrusted values as separate arguments in an array, using child_process.execFile / execFileSync or spawn / spawnSync. This prevents the shell from interpreting special characters in the arguments.

For this specific case in packages/mobile-visreg/src/upload.mjs, replace execSync with execFileSync from child_process, and change the invocation from a template string to a command plus arguments array:

• Import execFileSync instead of or in addition to execSync at the top of the file.
• Replace execSync(\npx percy upload ${screenshotDir}`, { stdio: 'inherit' });withexecFileSync('npx', ['percy', 'upload', screenshotDir], { stdio: 'inherit' });`.

This keeps all existing behavior (still runs npx percy upload <dir> and inherits stdio) but avoids the shell entirely, so screenshotDir is treated as a literal argument. All changes are confined to packages/mobile-visreg/src/upload.mjs within the shown snippet, and no additional methods are needed beyond the new import.

[github-actions]

https://percy.io/d424b72f/web/cds-mobile-visreg-03c97426/builds/48210972

In general, the fix is to explicitly declare a permissions: block that restricts the GITHUB_TOKEN to the minimal scopes required. For this stub workflow, the only visible requirement is to read repository contents (for actions/checkout), so contents: read is sufficient. Adding this at the workflow root applies to all jobs unless they override it.

The best fix without changing functionality is to add a root-level permissions: block right after the name: line, before the on: block, in .github/workflows/guard-debug-workflow.yml. This will document and enforce that the workflow’s GITHUB_TOKEN has only read access to repository contents, which is compatible with the existing steps. No imports, methods, or additional definitions are needed, as this is purely a YAML configuration change inside the workflow.