Protect functional patterns and quiet zone in QR art rendering

[PrzemyslawKlys]

Summary\n- add opt-out protection flags for functional patterns and quiet zone\n- keep timing/alignment/format/version/dark module scan-friendly under heavy styling\n- prevent background patterns from dirtying the quiet zone by default\n- extend QR art safety warnings for these risks\n- add targeted renderer tests\n\n## Testing\n- ran: dotnet test CodeGlyphX.Tests/CodeGlyphX.Tests.csproj -c Release --filter FullyQualifiedName~QrPngRendererTests (16/16 passed)\n- full suite is not green in this environment due to missing PNGSuite fixtures and the known stylized round-trip failure

[claude]

Claude finished @PrzemyslawKlys's task —— View job

---

PR Review: QR Art Rendering Protection

I'll provide a comprehensive review of this PR focusing on code quality, potential issues, performance, security, and test coverage.

Todo List

• Analyze core implementation changes
• Review code duplication issues (SonarQube flagged)
• Investigate gradient styling regression
• Assess test coverage and quality
• Check performance implications
• Review security considerations
• Provide final recommendations

---

🎯 Overall Assessment: APPROVE with Recommendations

This PR introduces valuable QR code protection mechanisms with thoughtful design. The implementation is solid but has some issues that should be addressed.

📋 Key Findings

✅ Strengths

1. Smart Architecture: Clean separation of concerns with QrStructureAnalysis extraction
2. Sensible Defaults: Protection flags default to true for safety-first approach
3. Comprehensive Coverage: Protects timing, alignment, format, version, and dark module patterns
4. Good Safety Warnings: QrArtSafety provides helpful user feedback with severity levels
5. Backward Compatible: Non-breaking changes with opt-out capability

⚠️ Critical Issues Found

1. Gradient Styling Regression (High Priority)

Location: QrPngRenderer.Internal.A.cs:106-107

var detectEyesForStyling = opts.Eyes is not null || paletteInfo.HasValue || zoneInfo.HasValue || scaleMapInfo.HasValue;
// Missing: || opts.ForegroundGradient is not null

Problem: When ProtectFunctionalPatterns=true and only ForegroundGradient is set (no Eyes config), the logic incorrectly classifies finder patterns as EyeKind for protection, but then blocks gradient application since eyeKind != EyeKind.None.

Impact: Breaks gradient-only styling for QR codes with functional protection enabled.

Fix: Add gradient check to detectEyesForStyling condition.

2. Temporary Code Duplication (Medium Priority)

Files: QrDecoder.Internal.cs and QrStructureAnalysis.cs

The extraction created temporary duplication of BuildFunctionMask, MarkFinder, and MarkAlignment methods. The old implementations in QrDecoder.Internal.cs should be removed and replaced with calls to QrStructureAnalysis.

📊 Test Coverage Analysis

Strengths:

• Good coverage of protection flags (ProtectFunctionalPatterns, ProtectQuietZone)
• Tests verify functional patterns remain at full scale (black pixels)
• Quiet zone protection tests confirm pattern exclusion

Gaps:

• Missing test for the gradient regression issue
• No test for connected rounded modules with functional protection
• Limited coverage of complex styling combinations

⚡ Performance Assessment

Good:

• Function mask builds only once per render
• Efficient bit matrix operations
• Smart caching for scaled/connected masks

Concerns:

• Additional TryGetEye calls for protection logic (minor overhead)
• Extra memory allocation for function mask (acceptable trade-off)

🔒 Security Review

✅ No security concerns identified

• Input validation maintained
• No new attack vectors introduced
• Defensive coding practices followed

🛠️ Recommended Actions

Before Merge:

1. Fix gradient regression by updating detectEyesForStyling condition
2. Remove duplicate methods from QrDecoder.Internal.cs
3. Add gradient regression test to prevent future breaks

Future Improvements:

1. Consider extracting eye detection logic into QrStructureAnalysis
2. Add performance benchmarks for complex protection scenarios
3. Document the protection behavior in user-facing docs

📝 Code Quality Score: B+

• Architecture: A (clean separation, good abstraction)
• Implementation: B (solid but has regression issue)
• Testing: B+ (good coverage, missing edge cases)
• Documentation: A (excellent safety warnings)

Verdict: Strong foundation with one critical fix needed. The protection mechanism is well-designed and addresses real user needs for maintaining QR scanability during artistic rendering.

---

[Copilot]

Pull request overview

This pull request adds protection mechanisms for QR code functional patterns and quiet zones during artistic rendering to maintain scan reliability.

Changes:

• Added ProtectFunctionalPatterns and ProtectQuietZone boolean flags (both defaulting to true) to preserve scan-critical QR areas
• Implemented function mask detection to keep timing, alignment, format, version, and dark module patterns at full scale with stable coloring
• Extended quiet zone protection to prevent background patterns from obscuring the detection margin
• Added safety warnings for unprotected functional patterns and patterned quiet zones

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
CodeGlyphX/Rendering/Png/QrPngRenderOptions.cs	Adds two new protection flags with defaults to true
CodeGlyphX/QrEasyOptions.cs	Mirrors protection flags in the easy API
CodeGlyphX/QrEasy.Helpers.cs	Maps new properties between easy and full options
CodeGlyphX/QrArtSafety.cs	Adds two new warning types and detection logic for risky configurations
CodeGlyphX/Rendering/Png/QrPngRenderer.Internal.A.cs	Implements function mask building and protection logic; updates DrawCanvasPattern signature
CodeGlyphX/Rendering/Png/QrPngRenderer.Internal.B.cs	Propagates protection flags in scaled rendering path
CodeGlyphX.Tests/QrPngRendererTests.cs	Adds tests for quiet zone and functional pattern protection

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b76b66716c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[sonarqubecloud]

Quality Gate failed

Failed conditions
3.6% Duplication on New Code (required ≤ 3%)
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE