Policy mismatch: execution

Project policy forbids execution, but repository contains executable behavior

Provider: lintai-policy-mismatch
Surface: workspace
Scope: workspace
Tier: preview
Severity: warn
Confidence: high
Detection: structural
Remediation: none

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

compatmembership

Lifecycle

Preview Lifecycle Contract

State

preview_blocked

Promotion blocker

Needs workspace-level precision review and linked graduation corpus before promotion to Stable.

Promotion requirements

Needs workspace precision review, linked benign/malicious corpus proof, and completed stable checklist metadata.

Canonical note

Structural preview rule; deterministic today, but the preview contract may still evolve.

Nearby Signals

Related Rules

SEC402Policy mismatch: network accessProject policy forbids network access, but repository contains network behaviorworkspacepreview

SEC403Skill capabilities mismatchSkill frontmatter capabilities conflict with project policyworkspacepreview

SEC756Dependency vulnerability: installed npm package versionInstalled npm dependency version matches an offline vulnerability advisoryworkspacepreview

Why It Matters

Project policy forbids execution, but repository contains executable behavior.

What Triggers

Document the concrete trigger shape, scope boundaries, and examples for SEC401 here.

False Positives

Capture the realistic false-positive envelope and when this rule should stay enabled.

Remediation

Describe the preferred remediation flow, including when to rely on built-in fixes or suggestions.

Policy mismatch: execution

Preset Membership

Preview Lifecycle Contract

Related Rules

Why It Matters ​

What Triggers ​

False Positives ​

Remediation ​

Why It Matters

What Triggers

False Positives

Remediation