chore(admin-ui): make popover/sm shadow and surface tint token-only

tests/Feature/AdminComponentsCssShouldUseTokenOnlyForShadowAndSurfaceTintTest.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace Tests\Feature;
+
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class AdminComponentsCssShouldUseTokenOnlyForShadowAndSurfaceTintTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function loginAsPlatformAdmin(): void
+    {
+        $this->seed();
+
+        $this->post('/admin/login', [
+            'email' => 'platform.admin@demo.local',
+            'password' => 'Platform@123456',
+        ])->assertRedirect('/admin');
+    }
+
+    public function test_admin_components_css_should_use_token_only_for_shadow_and_surface_tint(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $css = file_get_contents(public_path('css/admin-components.css'));
+        $this->assertIsString($css);
+
+        // 护栏：popover/sm 阴影与 surface tint 应“token-only”，避免回退时把 rgba(...) fallback 再带回来污染扫描护栏。
+        $this->assertStringNotContainsString('var(--adm-shadow-popover,', $css);
+        $this->assertStringNotContainsString('var(--adm-shadow-sm,', $css);
+        $this->assertStringNotContainsString('var(--adm-surface-tint,', $css);
+    }
+}