# Code review — NEO-28 - **Date:** 2026-04-27 - **Scope:** Branch `NEO-28-combat-accept-deny-reason-ux` (`origin/main...HEAD`). - **Base:** `origin/main` ## Verdict Approve with nits. ## Summary This branch lands the NEO-28 cast accept/deny integration end to end: server-side target authority checks (`invalid_target`, `out_of_range`), client-side cast result handling, HUD feedback, and documentation/manual-QA updates. The server path remains authoritative and aligned with existing targeting/position rules, and targeted API tests pass for the expanded deny matrix. The branch also includes broad AAA-layout cleanup and rule updates across existing tests, which is useful but increases review surface area relative to the feature change. ## Documentation checked - `docs/plans/NEO-28-implementation-plan.md` — **matches** (scope, acceptance criteria, and file touchpoints align with implementation). - `docs/decomposition/modules/module_dependency_register.md` — **matches** (E1.M4 remains In Progress; note references NEO-28). - `docs/decomposition/modules/E1_M4_AbilityInputScaffold.md` — **matches** (implementation snapshot and Linear row reflect NEO-28 behavior). - `docs/decomposition/modules/E5_M1_CombatRulesEngine.md` — **matches** (prototype cast accept/deny staging documented as pre-engine behavior). - `docs/decomposition/modules/documentation_and_implementation_alignment.md` — **matches** (E1.M4 row includes NEO-28 landed state and remaining scope). - `docs/decomposition/modules/client_server_authority.md` — **N/A for changes** (no conflict observed with server-authoritative cast validation). - `docs/decomposition/modules/contracts.md` — **N/A for changes** (existing prototype JSON contract approach remains consistent). Implementation tracking table/register updates are already included in this branch; no additional status correction appears required for merge. ## Blocking issues None. ## Suggestions 1. ~~Consider splitting broad AAA/rule-only churn from ticket-scoped gameplay/API changes in future branches so reviewers can isolate behavior risk more quickly.~~ **Done.** Guideline added under [commit-and-review.md](../../.cursor/rules/commit-and-review.md) (“Ticket scope vs mechanical churn”). ## Nits - ~~Nit: The branch diff is large for a single story because it mixes feature work with cross-suite formatting/rule edits; this is acceptable here but raises cognitive load for future audits and blame.~~ **Done.** Same guideline documents the preferred split for future work; acknowledged for this merge. ## Verification - `dotnet test server/NeonSprawl.Server.Tests/NeonSprawl.Server.Tests.csproj --filter "FullyQualifiedName~AbilityCastApiTests"` — passed (14/14). - `git diff --check origin/main...HEAD` — passed. - Not run: headless Godot/GdUnit suite and manual checklist in `docs/manual-qa/NEO-28.md`.