Upload accessibility report to zeuz server

[Zayadul-huq-afnan]

PR Type

Feature

Overview

This PR adds serving accessibility report to the server.
This PR is to support the accessibility test platform in the onboarding to server the test report

How to test

1. Go to accessibility platform in onboarding
2. Finish the journey

[Antu7]

🔎 ZeuZ PR Review

Open the full report in ZeuZ: Review findings and apply suggestions

Overview	Value
Agents	✅ 4 completed
Suggestions	💡 4

Agent breakdown

→ General Review

Status: ✅ Completed
Suggestions: 2 suggestions

The PR adds accessibility report persistence and a new debug endpoint, but the endpoint currently exposes an arbitrary file-read surface because it serves any caller-supplied path. I found one high-signal security issue and one minor consistency issue.

→ Security Review

Status: ✅ Completed
Suggestions: 1 suggestion

The PR introduces an unauthenticated debug endpoint that can serve arbitrary HTML files from the node filesystem; it should be restricted to the generated accessibility report directory (or removed behind auth).

→ Performance Review

Status: ✅ Completed
Suggestions: 0 suggestions

No performance issues stand out in this PR diff; the changes mainly redirect report output to an existing shared folder and add a lightweight file-serving endpoint.

→ Testing Review

Status: ✅ Completed
Suggestions: 1 suggestion

The PR adds a new file-serving endpoint and changes report output behavior, but it ships without tests covering the new happy path, error paths, or router registration. That leaves the upload/serve flow and the new security checks unverified.

Open ZeuZ to inspect full findings, continue an agent conversation, or apply safe patch suggestions.

[Antu7]

🔎 ZeuZ PR Review

Open the full report in ZeuZ: Review findings and apply suggestions

Overview	Value
Agents	✅ 4 completed
Suggestions	💡 4

Agent breakdown

→ General Review

Status: ✅ Completed
Suggestions: 1 suggestion

The PR adds the accessibility report endpoint, but the producer and consumer disagree on where reports live, so the new route will not find the files it is meant to serve.

→ Security Review

Status: ✅ Completed
Suggestions: 1 suggestion

The new report-serving endpoint is the only high-signal security change: it is path-traversal resistant, but it exposes filesystem-backed reports over a public router without any authentication or authorization guard.

→ Performance Review

Status: ✅ Completed
Suggestions: 0 suggestions

No material performance regressions found in this PR; the changes are small and mostly add file writes and a report-serving endpoint without introducing obvious hot-path inefficiencies.

→ Testing Review

Status: ✅ Completed
Suggestions: 2 suggestions

The PR adds a new filesystem-backed report endpoint and changes report output location, but there is no accompanying test coverage for the new behaviors or the regression it is meant to fix.

Open ZeuZ to inspect full findings, continue an agent conversation, or apply safe patch suggestions.

[Antu7]

🔎 ZeuZ PR Review

Open the full report in ZeuZ: Review findings and apply suggestions

Overview	Value
Agents	✅ 4 completed
Suggestions	💡 4

Agent breakdown

→ General Review

Status: ✅ Completed
Suggestions: 1 suggestion

Found one high-severity integration bug: the accessibility reports are now written to the raw zeuz_download_folder, but the new API serves files from reports/accessibility, so the endpoint will not find the generated HTML reports. I also noted a small logging/debug-print cleanup opportunity, but the path mismatch is the main blocker.

→ Security Review

Status: ✅ Completed
Suggestions: 1 suggestion

The PR adds a new unauthenticated debug file-serving endpoint that can expose local accessibility reports to any caller. Path traversal is blocked, but the endpoint still lacks access control and leaks report contents over HTTP.

→ Performance Review

Status: ✅ Completed
Suggestions: 0 suggestions

No material performance issues found in this PR diff. The changes add report file output and a small file-serving endpoint without introducing obvious N+1 queries, unbounded data loads, or hot-path algorithmic regressions.

→ Testing Review

Status: ✅ Completed
Suggestions: 2 suggestions

The PR adds a new file-serving endpoint and changes report output location logic, but there are no tests covering the new behavior or its security constraints.

Open ZeuZ to inspect full findings, continue an agent conversation, or apply safe patch suggestions.

[Antu7]

🔎 ZeuZ PR Review

Open the full report in ZeuZ: Review findings and apply suggestions

Overview	Value
Agents	✅ 4 completed
Suggestions	💡 4

Agent breakdown

→ General Review

Status: ✅ Completed
Suggestions: 1 suggestion

I found one high-signal issue: the new accessibility report server is looking in a different directory than the report generator writes to, so uploaded HTML reports will not be retrievable in the common path. I did not see other blocking correctness issues in the diff.

→ Security Review

Status: ✅ Completed
Suggestions: 1 suggestion

I found one security concern in the new debug report-serving endpoint: it is exposed without any authentication or authorization gate, which can leak report contents and file-existence details to anyone who can reach the node API.

→ Performance Review

Status: ✅ Completed
Suggestions: 0 suggestions

No significant performance regressions or scalability issues stand out in this PR. The new report-serving route does a small amount of per-request path validation, but nothing suggests a material efficiency problem in the changed code.

→ Testing Review

Status: ✅ Completed
Suggestions: 2 suggestions

The PR adds a new filesystem-backed accessibility report endpoint and changes report output location, but I didn’t find any tests covering either the endpoint behavior or the new zeuz_download_folder branch. That leaves the new security-sensitive path validation and the report-generation fallback logic unverified.

Open ZeuZ to inspect full findings, continue an agent conversation, or apply safe patch suggestions.