lintai docs

Appearance

Rule Reference

SEC401lintai-policy-mismatchcompatauditpreviewworkspacewarn

Policy mismatch: execution

Project policy forbids execution, but repository contains executable behavior

Public lane
compat
Category
audit
Provider
lintai-policy-mismatch
Scope
workspace
Surface
workspace
Tier
preview
Severity
warn
Confidence
high
Detection
structural
Remediation
none
How to read this lane

Config, schema, and policy contract review.

How to read this category

Heuristic or triage-oriented review signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

compatsidecar lane

Lifecycle

Preview Lifecycle Contract

State

preview

Promotion blocker

Needs workspace-level precision review and linked graduation corpus before promotion to Stable.

Promotion requirements

Needs workspace precision review, linked benign/malicious corpus proof, and completed stable checklist metadata.

Canonical note

Structural preview rule; deterministic today, but the preview contract may still evolve.

Nearby Signals

Related Rules

SEC402Policy mismatch: network accessProject policy forbids network access, but repository contains network behaviorcompatauditworkspace
SEC403Skill capabilities mismatchSkill frontmatter capabilities conflict with project policycompatauditworkspace
SEC756Dependency vulnerability: installed npm package versionInstalled npm dependency version matches an offline vulnerability advisoryadvisorysecurityworkspace

Why It Matters

Project policy forbids execution, but repository contains executable behavior.

What Triggers

Document the concrete trigger shape, scope boundaries, and examples for SEC401 here.

False Positives

Capture the realistic false-positive envelope and when this rule should stay enabled.

Remediation

Describe the preferred remediation flow, including when to rely on built-in fixes or suggestions.