@amityco/social-plus-vise 0.11.0 → 0.12.2

package/rules/feed.yaml

@@ -1874,7 +1874,7 @@
       "version": 1,
       "title": "React Native unread count must use subscribed stream",
       "severity": "warning",
-      "rationale": "Amity exposes a server-synced unreadCount stream. Hand-rolling messages.filter(m => !m.isRead).length in a hook drifts when the user reads on another device — the bridge never pushes back to your local array. Subscribe via AmityCoreClient.unreadCount() and bind it to a useState in the badge component.",
+      "rationale": "Amity exposes a server-synced unreadCount stream. Hand-rolling messages.filter(m => !m.isRead).length in a hook drifts when the user reads on another device \u2014 the bridge never pushes back to your local array. Subscribe via AmityCoreClient.unreadCount() and bind it to a useState in the badge component.",
       "applies_when": {
         "platforms": [
           "react-native"
@@ -1911,7 +1911,7 @@
       "version": 1,
       "title": "Android unread count must use subscribed stream",
       "severity": "warning",
-      "rationale": "Amity exposes a server-synced unreadCount stream. Kotlin code that counts via posts.count { !it.isRead } in a ViewModel drifts when the user reads from another device — Room/Flow caches never get the server-side ack. Collect AmityCoreClient.unreadCount() as a Flow<Int> and expose it as StateFlow to the UI.",
+      "rationale": "Amity exposes a server-synced unreadCount stream. Kotlin code that counts via posts.count { !it.isRead } in a ViewModel drifts when the user reads from another device \u2014 Room/Flow caches never get the server-side ack. Collect AmityCoreClient.unreadCount() as a Flow<Int> and expose it as StateFlow to the UI.",
       "applies_when": {
         "platforms": [
           "android"
@@ -1948,7 +1948,7 @@
       "version": 1,
       "title": "Flutter unread count must use subscribed stream",
       "severity": "warning",
-      "rationale": "Amity exposes a server-synced unreadCount stream. Dart code that counts via posts.where((p) => !p.isRead).length inside a setState drifts when the user reads from another device — local List<AmityPost> never receives the server ack. Use a StreamBuilder bound to AmityCoreClient.unreadCount() for the badge.",
+      "rationale": "Amity exposes a server-synced unreadCount stream. Dart code that counts via posts.where((p) => !p.isRead).length inside a setState drifts when the user reads from another device \u2014 local List<AmityPost> never receives the server ack. Use a StreamBuilder bound to AmityCoreClient.unreadCount() for the badge.",
       "applies_when": {
         "platforms": [
           "flutter"
@@ -1985,7 +1985,7 @@
       "version": 1,
       "title": "iOS unread count must use subscribed stream",
       "severity": "warning",
-      "rationale": "Amity exposes a server-synced unreadCount stream. Swift code that counts via posts.filter { !$0.isRead }.count inside an @State drifts when the user reads from another device — the local snapshot never receives the server ack. Bind the SwiftUI badge to client.unreadCount() via @ObservedObject or Combine.",
+      "rationale": "Amity exposes a server-synced unreadCount stream. Swift code that counts via posts.filter { !$0.isRead }.count inside an @State drifts when the user reads from another device \u2014 the local snapshot never receives the server ack. Bind the SwiftUI badge to client.unreadCount() via @ObservedObject or Combine.",
       "applies_when": {
         "platforms": [
           "ios"
@@ -2022,7 +2022,7 @@
       "version": 1,
       "title": "TypeScript media must be uploaded via Amity file client",
       "severity": "warning",
-      "rationale": "Pushing a File or Blob to S3/Cloudinary and passing the resulting URL into createPost({ attachments: [{ url }] }) fails — the SDK only recognizes AmityFileIds from its own pipeline. Upload via AmityFileRepository.uploadFile(file) (or the upload hook in your Amity wrapper) and attach { fileId } from that response instead.",
+      "rationale": "Pushing a File or Blob to S3/Cloudinary and passing the resulting URL into createPost({ attachments: [{ url }] }) fails \u2014 the SDK only recognizes AmityFileIds from its own pipeline. Upload via AmityFileRepository.uploadFile(file) (or the upload hook in your Amity wrapper) and attach { fileId } from that response instead.",
       "applies_when": {
         "platforms": [
           "typescript"
@@ -2058,7 +2058,7 @@
       "version": 1,
       "title": "React Native media must be uploaded via Amity file client",
       "severity": "warning",
-      "rationale": "Picking an image via react-native-image-picker, uploading the local URI to S3, and passing the S3 URL into createPost fails — the SDK only recognizes AmityFileIds from its own pipeline. Upload via AmityFileRepository.uploadFile(localUri) (typically inside a useMutation) and attach { fileId } from that response.",
+      "rationale": "Picking an image via react-native-image-picker, uploading the local URI to S3, and passing the S3 URL into createPost fails \u2014 the SDK only recognizes AmityFileIds from its own pipeline. Upload via AmityFileRepository.uploadFile(localUri) (typically inside a useMutation) and attach { fileId } from that response.",
       "applies_when": {
         "platforms": [
           "react-native"
@@ -2094,7 +2094,7 @@
       "version": 1,
       "title": "Android media must be uploaded via Amity file client",
       "severity": "warning",
-      "rationale": "Picking a Uri from MediaStore, uploading via OkHttp to a custom bucket, and passing the bucket URL into createPost fails — the SDK only recognizes AmityFileIds from AmityFileRepository.uploadFile(uri). Run the upload in viewModelScope, await the resulting AmityFile, then attach its fileId to the post builder.",
+      "rationale": "Picking a Uri from MediaStore, uploading via OkHttp to a custom bucket, and passing the bucket URL into createPost fails \u2014 the SDK only recognizes AmityFileIds from AmityFileRepository.uploadFile(uri). Run the upload in viewModelScope, await the resulting AmityFile, then attach its fileId to the post builder.",
       "applies_when": {
         "platforms": [
           "android"
@@ -2130,7 +2130,7 @@
       "version": 1,
       "title": "Flutter media must be uploaded via Amity file client",
       "severity": "warning",
-      "rationale": "Picking via image_picker, posting the File to a custom bucket, and passing the resulting URL into createPost fails — the SDK only recognizes AmityFileIds from AmityFileRepository.uploadFile(File). Await the upload Future, then attach the returned AmityImageData/AmityVideoData by fileId.",
+      "rationale": "Picking via image_picker, posting the File to a custom bucket, and passing the resulting URL into createPost fails \u2014 the SDK only recognizes AmityFileIds from AmityFileRepository.uploadFile(File). Await the upload Future, then attach the returned AmityImageData/AmityVideoData by fileId.",
       "applies_when": {
         "platforms": [
           "flutter"
@@ -2166,7 +2166,7 @@
       "version": 1,
       "title": "iOS media must be uploaded via Amity file client",
       "severity": "warning",
-      "rationale": "Picking a PHAsset/UIImage, uploading via URLSession to a custom bucket, and passing the resulting URL into createPost fails — the SDK only recognizes AmityFileIds from AmityFileRepository.uploadFile(_:). Use the async/await upload variant, then attach AmityImageData(fileId:) or AmityVideoData(fileId:) from the result.",
+      "rationale": "Picking a PHAsset/UIImage, uploading via URLSession to a custom bucket, and passing the resulting URL into createPost fails \u2014 the SDK only recognizes AmityFileIds from AmityFileRepository.uploadFile(_:). Use the async/await upload variant, then attach AmityImageData(fileId:) or AmityVideoData(fileId:) from the result.",
       "applies_when": {
         "platforms": [
           "ios"
@@ -2376,6 +2376,1145 @@
           ]
         }
       }
-    }
+    },
+    {
+      "id": "typescript.feed.post-datatype-handled",
+      "version": 1,
+      "title": "Typescript post renderer must handle all post data types",
+      "severity": "warning",
+      "rationale": "getGlobalFeed and getPosts return every post type (text, image, video, file, poll, liveStream). A renderer that only reads the text field leaves all other content types silently blank, resulting in empty cards in the feed.",
+      "applies_when": {
+        "platforms": [
+          "typescript"
+        ],
+        "outcomes": [
+          "add-feed",
+          "validate-setup"
+        ]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "typescript.feed.post-datatype-handled"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "datatype_handling",
+              "description": "How the renderer branches on post.dataType to handle each content type.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "react-native.feed.post-datatype-handled",
+      "version": 1,
+      "title": "React-Native post renderer must handle all post data types",
+      "severity": "warning",
+      "rationale": "getGlobalFeed and getPosts return every post type (text, image, video, file, poll, liveStream). A renderer that only reads the text field leaves all other content types silently blank, resulting in empty cards in the feed.",
+      "applies_when": {
+        "platforms": [
+          "react-native"
+        ],
+        "outcomes": [
+          "add-feed",
+          "validate-setup"
+        ]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "react-native.feed.post-datatype-handled"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "datatype_handling",
+              "description": "How the renderer branches on post.dataType to handle each content type.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "flutter.feed.post-datatype-handled",
+      "version": 1,
+      "title": "Flutter post renderer must handle all post data types",
+      "severity": "warning",
+      "rationale": "getGlobalFeed and getPosts return every post type (text, image, video, file, poll, liveStream). A renderer that only reads the text field leaves all other content types silently blank, resulting in empty cards in the feed.",
+      "applies_when": {
+        "platforms": [
+          "flutter"
+        ],
+        "outcomes": [
+          "add-feed",
+          "validate-setup"
+        ]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "flutter.feed.post-datatype-handled"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "datatype_handling",
+              "description": "How the renderer branches on post.dataType to handle each content type.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "ios.feed.post-datatype-handled",
+      "version": 1,
+      "title": "Ios post renderer must handle all post data types",
+      "severity": "warning",
+      "rationale": "getGlobalFeed and getPosts return every post type (text, image, video, file, poll, liveStream). A renderer that only reads the text field leaves all other content types silently blank, resulting in empty cards in the feed.",
+      "applies_when": {
+        "platforms": [
+          "ios"
+        ],
+        "outcomes": [
+          "add-feed",
+          "validate-setup"
+        ]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "ios.feed.post-datatype-handled"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "datatype_handling",
+              "description": "How the renderer branches on post.dataType to handle each content type.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "android.feed.post-datatype-handled",
+      "version": 1,
+      "title": "Android post renderer must handle all post data types",
+      "severity": "warning",
+      "rationale": "getGlobalFeed and getPosts return every post type (text, image, video, file, poll, liveStream). A renderer that only reads the text field leaves all other content types silently blank, resulting in empty cards in the feed.",
+      "applies_when": {
+        "platforms": [
+          "android"
+        ],
+        "outcomes": [
+          "add-feed",
+          "validate-setup"
+        ]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "android.feed.post-datatype-handled"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "datatype_handling",
+              "description": "How the renderer branches on post.dataType to handle each content type.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "typescript.community.avatar-from-sdk",
+      "version": 1,
+      "title": "Typescript community/user display must use SDK-provided avatar URL",
+      "severity": "warning",
+      "rationale": "The SDK resolves the avatar URL directly on Community and User objects (avatar.fileUrl / avatarImage / getAvatar()). Using a string initial derived from the display name ignores photos uploaded by the user.",
+      "applies_when": {
+        "platforms": [
+          "typescript"
+        ],
+        "outcomes": [
+          "add-feed",
+          "add-comments",
+          "validate-setup"
+        ]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "typescript.community.avatar-from-sdk"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "avatar_rendering",
+              "description": "How the community or user avatar URL is read from the SDK object and rendered.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "react-native.community.avatar-from-sdk",
+      "version": 1,
+      "title": "React-Native community/user display must use SDK-provided avatar URL",
+      "severity": "warning",
+      "rationale": "The SDK resolves the avatar URL directly on Community and User objects (avatar.fileUrl / avatarImage / getAvatar()). Using a string initial derived from the display name ignores photos uploaded by the user.",
+      "applies_when": {
+        "platforms": [
+          "react-native"
+        ],
+        "outcomes": [
+          "add-feed",
+          "add-comments",
+          "validate-setup"
+        ]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "react-native.community.avatar-from-sdk"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "avatar_rendering",
+              "description": "How the community or user avatar URL is read from the SDK object and rendered.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "flutter.community.avatar-from-sdk",
+      "version": 1,
+      "title": "Flutter community/user display must use SDK-provided avatar URL",
+      "severity": "warning",
+      "rationale": "The SDK resolves the avatar URL directly on Community and User objects (avatar.fileUrl / avatarImage / getAvatar()). Using a string initial derived from the display name ignores photos uploaded by the user.",
+      "applies_when": {
+        "platforms": [
+          "flutter"
+        ],
+        "outcomes": [
+          "add-feed",
+          "add-comments",
+          "validate-setup"
+        ]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "flutter.community.avatar-from-sdk"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "avatar_rendering",
+              "description": "How the community or user avatar URL is read from the SDK object and rendered.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "ios.community.avatar-from-sdk",
+      "version": 1,
+      "title": "Ios community/user display must use SDK-provided avatar URL",
+      "severity": "warning",
+      "rationale": "The SDK resolves the avatar URL directly on Community and User objects (avatar.fileUrl / avatarImage / getAvatar()). Using a string initial derived from the display name ignores photos uploaded by the user.",
+      "applies_when": {
+        "platforms": [
+          "ios"
+        ],
+        "outcomes": [
+          "add-feed",
+          "add-comments",
+          "validate-setup"
+        ]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "ios.community.avatar-from-sdk"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "avatar_rendering",
+              "description": "How the community or user avatar URL is read from the SDK object and rendered.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "android.community.avatar-from-sdk",
+      "version": 1,
+      "title": "Android community/user display must use SDK-provided avatar URL",
+      "severity": "warning",
+      "rationale": "The SDK resolves the avatar URL directly on Community and User objects (avatar.fileUrl / avatarImage / getAvatar()). Using a string initial derived from the display name ignores photos uploaded by the user.",
+      "applies_when": {
+        "platforms": [
+          "android"
+        ],
+        "outcomes": [
+          "add-feed",
+          "add-comments",
+          "validate-setup"
+        ]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "android.community.avatar-from-sdk"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "avatar_rendering",
+              "description": "How the community or user avatar URL is read from the SDK object and rendered.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "typescript.feed.poll-answer-data-shape",
+      "version": 1,
+      "title": "TypeScript poll answer text must be read from answer.data directly (plain string)",
+      "severity": "warning",
+      "rationale": "Amity.PollAnswer.data is a plain string containing the answer text, not an object. Accessing .data.text or casting to {text?: string} returns undefined, silently breaking poll rendering.",
+      "applies_when": {
+        "platforms": ["typescript"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "typescript.feed.poll-answer-data-shape"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "poll_answer_rendering",
+              "description": "How poll answer text is read from the SDK answer object and rendered.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "typescript.comments.query-has-limit",
+      "version": 1,
+      "title": "TypeScript comment query must include an explicit limit parameter",
+      "severity": "warning",
+      "rationale": "CommentRepository.getComments without an explicit limit triggers the SDK's default pagination which uses skip/limit — incompatible with the server's scrollable query type. Runtime error 500000: 'skip, limit and sorting are not supported in query type scrollable'.",
+      "applies_when": {
+        "platforms": ["typescript"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "typescript.comments.query-has-limit"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "comment_query_params",
+              "description": "The parameters passed to the comment live collection query, including limit/pageSize.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "typescript.community.display-name-from-sdk",
+      "version": 1,
+      "title": "TypeScript community display name must come from the SDK, not from a raw ID",
+      "severity": "warning",
+      "rationale": "Using a raw communityId as a displayName fallback (e.g. when passing only the ID in navigation state) shows a UUID to users instead of the community's actual name.",
+      "applies_when": {
+        "platforms": ["typescript"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "typescript.community.display-name-from-sdk"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "community_name_source",
+              "description": "Where the community display name is sourced from when rendering community references.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "typescript.feed.room-post-fetched",
+      "version": 1,
+      "title": "TypeScript room post must fetch room title via RoomRepository, not display raw roomId",
+      "severity": "warning",
+      "rationale": "Room is a first-class SDK entity with a title field. Displaying room.roomId as the room name shows a UUID. Use RoomRepository.getRoom to get room.title and room.status.",
+      "applies_when": {
+        "platforms": ["typescript"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "typescript.feed.room-post-fetched"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "room_display_name_source",
+              "description": "How the room name is obtained and displayed in post cards.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "react-native.feed.poll-answer-data-shape",
+      "version": 1,
+      "title": "React Native poll answer text must be read from answer.data directly (plain string)",
+      "severity": "warning",
+      "rationale": "Amity.PollAnswer.data is a plain string containing the answer text, not an object. Accessing .data.text or casting to {text?: string} returns undefined, silently breaking poll rendering.",
+      "applies_when": {
+        "platforms": ["react-native"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "react-native.feed.poll-answer-data-shape"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "poll_answer_rendering",
+              "description": "How poll answer text is read from the SDK answer object and rendered.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "react-native.comments.query-has-limit",
+      "version": 1,
+      "title": "React Native comment query must include an explicit limit parameter",
+      "severity": "warning",
+      "rationale": "CommentRepository.getComments without an explicit limit triggers the SDK's default pagination which uses skip/limit — incompatible with the server's scrollable query type. Runtime error 500000: 'skip, limit and sorting are not supported in query type scrollable'.",
+      "applies_when": {
+        "platforms": ["react-native"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "react-native.comments.query-has-limit"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "comment_query_params",
+              "description": "The parameters passed to the comment live collection query, including limit/pageSize.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "react-native.community.display-name-from-sdk",
+      "version": 1,
+      "title": "React Native community display name must come from the SDK, not from a raw ID",
+      "severity": "warning",
+      "rationale": "Using a raw communityId as a displayName fallback (e.g. when passing only the ID in navigation state) shows a UUID to users instead of the community's actual name.",
+      "applies_when": {
+        "platforms": ["react-native"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "react-native.community.display-name-from-sdk"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "community_name_source",
+              "description": "Where the community display name is sourced from when rendering community references.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "react-native.feed.room-post-fetched",
+      "version": 1,
+      "title": "React Native room post must fetch room title via RoomRepository, not display raw roomId",
+      "severity": "warning",
+      "rationale": "Room is a first-class SDK entity with a title field. Displaying room.roomId as the room name shows a UUID. Use RoomRepository.getRoom to get room.title and room.status.",
+      "applies_when": {
+        "platforms": ["react-native"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "react-native.feed.room-post-fetched"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "room_display_name_source",
+              "description": "How the room name is obtained and displayed in post cards.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "flutter.feed.poll-answer-data-shape",
+      "version": 1,
+      "title": "Flutter poll answer text must be read from answer.data directly (plain string)",
+      "severity": "warning",
+      "rationale": "Amity.PollAnswer.data is a plain string containing the answer text, not an object. Accessing .data.text or casting to {text?: string} returns undefined, silently breaking poll rendering.",
+      "applies_when": {
+        "platforms": ["flutter"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "flutter.feed.poll-answer-data-shape"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "poll_answer_rendering",
+              "description": "How poll answer text is read from the SDK answer object and rendered.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "flutter.comments.query-has-limit",
+      "version": 1,
+      "title": "Flutter comment query must include an explicit limit parameter",
+      "severity": "warning",
+      "rationale": "CommentRepository.getComments without an explicit limit triggers the SDK's default pagination which uses skip/limit — incompatible with the server's scrollable query type. Runtime error 500000: 'skip, limit and sorting are not supported in query type scrollable'.",
+      "applies_when": {
+        "platforms": ["flutter"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "flutter.comments.query-has-limit"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "comment_query_params",
+              "description": "The parameters passed to the comment live collection query, including limit/pageSize.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "flutter.community.display-name-from-sdk",
+      "version": 1,
+      "title": "Flutter community display name must come from the SDK, not from a raw ID",
+      "severity": "warning",
+      "rationale": "Using a raw communityId as a displayName fallback (e.g. when passing only the ID in navigation state) shows a UUID to users instead of the community's actual name.",
+      "applies_when": {
+        "platforms": ["flutter"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "flutter.community.display-name-from-sdk"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "community_name_source",
+              "description": "Where the community display name is sourced from when rendering community references.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "flutter.feed.room-post-fetched",
+      "version": 1,
+      "title": "Flutter room post must fetch room title via RoomRepository, not display raw roomId",
+      "severity": "warning",
+      "rationale": "Room is a first-class SDK entity with a title field. Displaying room.roomId as the room name shows a UUID. Use RoomRepository.getRoom to get room.title and room.status.",
+      "applies_when": {
+        "platforms": ["flutter"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "flutter.feed.room-post-fetched"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "room_display_name_source",
+              "description": "How the room name is obtained and displayed in post cards.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "ios.comments.query-has-limit",
+      "version": 1,
+      "title": "iOS comment query must include an explicit pageSize parameter",
+      "severity": "warning",
+      "rationale": "CommentRepository.getComments without an explicit limit triggers the SDK's default pagination which uses skip/limit — incompatible with the server's scrollable query type. Runtime error 500000: 'skip, limit and sorting are not supported in query type scrollable'.",
+      "applies_when": {
+        "platforms": ["ios"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "ios.comments.query-has-limit"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "comment_query_params",
+              "description": "The parameters passed to the comment live collection query, including limit/pageSize.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "ios.community.display-name-from-sdk",
+      "version": 1,
+      "title": "iOS community display name must come from the SDK, not from a raw ID",
+      "severity": "warning",
+      "rationale": "Using a raw communityId as a displayName fallback (e.g. when passing only the ID in navigation state) shows a UUID to users instead of the community's actual name.",
+      "applies_when": {
+        "platforms": ["ios"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "ios.community.display-name-from-sdk"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "community_name_source",
+              "description": "Where the community display name is sourced from when rendering community references.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "ios.feed.room-post-fetched",
+      "version": 1,
+      "title": "iOS room post must fetch room title via RoomRepository, not display raw roomId",
+      "severity": "warning",
+      "rationale": "Room is a first-class SDK entity with a title field. Displaying room.roomId as the room name shows a UUID. Use RoomRepository.getRoom to get room.title and room.status.",
+      "applies_when": {
+        "platforms": ["ios"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "ios.feed.room-post-fetched"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "room_display_name_source",
+              "description": "How the room name is obtained and displayed in post cards.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "android.feed.poll-answer-data-shape",
+      "version": 1,
+      "title": "Android poll answer text must be read from answer.getData() directly (plain string)",
+      "severity": "warning",
+      "rationale": "Amity.PollAnswer.data is a plain string containing the answer text, not an object. Accessing .data.text or calling getText() as a chained object method returns undefined, silently breaking poll rendering.",
+      "applies_when": {
+        "platforms": ["android"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "android.feed.poll-answer-data-shape"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "poll_answer_rendering",
+              "description": "How poll answer text is read from the SDK answer object and rendered.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "android.comments.query-has-limit",
+      "version": 1,
+      "title": "Android comment query must include an explicit pageSize parameter",
+      "severity": "warning",
+      "rationale": "CommentRepository.getComments without an explicit limit triggers the SDK's default pagination which uses skip/limit — incompatible with the server's scrollable query type. Runtime error 500000: 'skip, limit and sorting are not supported in query type scrollable'.",
+      "applies_when": {
+        "platforms": ["android"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "android.comments.query-has-limit"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "comment_query_params",
+              "description": "The parameters passed to the comment live collection query, including limit/pageSize.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "android.community.display-name-from-sdk",
+      "version": 1,
+      "title": "Android community display name must come from the SDK, not from a raw ID",
+      "severity": "warning",
+      "rationale": "Using a raw communityId as a displayName fallback (e.g. when passing only the ID in navigation state) shows a UUID to users instead of the community's actual name.",
+      "applies_when": {
+        "platforms": ["android"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "android.community.display-name-from-sdk"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "community_name_source",
+              "description": "Where the community display name is sourced from when rendering community references.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "id": "android.feed.room-post-fetched",
+      "version": 1,
+      "title": "Android room post must fetch room title via RoomRepository, not display raw roomId",
+      "severity": "warning",
+      "rationale": "Room is a first-class SDK entity with a title field. Displaying room.roomId as the room name shows a UUID. Use RoomRepository.getRoom to get room.title and room.status.",
+      "applies_when": {
+        "platforms": ["android"],
+        "outcomes": ["add-feed", "add-comments", "validate-setup"]
+      },
+      "enforcement": {
+        "deterministic": [
+          {
+            "check": "validator-finding-absent",
+            "finding_rule_id": "android.feed.room-post-fetched"
+          }
+        ],
+        "attestation": {
+          "allowed": true,
+          "host_agent_min_confidence": "high",
+          "human_allowed": true,
+          "evidence_required": [
+            {
+              "field": "room_display_name_source",
+              "description": "How the room name is obtained and displayed in post cards.",
+              "upload_policy": "upload-with-consent"
+            }
+          ]
+        }
+      }
+    },
+      {
+        "id": "typescript.comments.creation-affordance-present",
+        "version": 1,
+        "title": "TypeScript comment list must provide a creation affordance",
+        "severity": "warning",
+        "rationale": "A surface that reads comments (getComments) but never calls createComment leaves users with a read-only list and no way to participate. The comment composer may live in a sibling file, so detection is codebase-wide with an attestation escape for deliberately read-only views.",
+        "applies_when": {
+          "platforms": [
+            "typescript"
+          ],
+          "outcomes": [
+            "add-feed",
+            "add-comments",
+            "validate-setup"
+          ]
+        },
+        "enforcement": {
+          "deterministic": [
+            {
+              "check": "validator-finding-absent",
+              "finding_rule_id": "typescript.comments.creation-affordance-present"
+            }
+          ],
+          "attestation": {
+            "allowed": true,
+            "host_agent_min_confidence": "high",
+            "human_allowed": true,
+            "evidence_required": [
+              {
+                "field": "comment_creation_path",
+                "description": "Where and how comment creation (createComment) is wired, or why the comment surface is intentionally read-only.",
+                "upload_policy": "upload-with-consent"
+              }
+            ]
+          }
+        }
+      },
+      {
+        "id": "react-native.comments.creation-affordance-present",
+        "version": 1,
+        "title": "React Native comment list must provide a creation affordance",
+        "severity": "warning",
+        "rationale": "A surface that reads comments (getComments) but never calls createComment leaves users with a read-only list and no way to participate. The comment composer may live in a sibling file, so detection is codebase-wide with an attestation escape for deliberately read-only views.",
+        "applies_when": {
+          "platforms": [
+            "react-native"
+          ],
+          "outcomes": [
+            "add-feed",
+            "add-comments",
+            "validate-setup"
+          ]
+        },
+        "enforcement": {
+          "deterministic": [
+            {
+              "check": "validator-finding-absent",
+              "finding_rule_id": "react-native.comments.creation-affordance-present"
+            }
+          ],
+          "attestation": {
+            "allowed": true,
+            "host_agent_min_confidence": "high",
+            "human_allowed": true,
+            "evidence_required": [
+              {
+                "field": "comment_creation_path",
+                "description": "Where and how comment creation (createComment) is wired, or why the comment surface is intentionally read-only.",
+                "upload_policy": "upload-with-consent"
+              }
+            ]
+          }
+        }
+      },
+      {
+        "id": "flutter.comments.creation-affordance-present",
+        "version": 1,
+        "title": "Flutter comment list must provide a creation affordance",
+        "severity": "warning",
+        "rationale": "A surface that reads comments (getComments) but never calls createComment leaves users with a read-only list and no way to participate. The comment composer may live in a sibling file, so detection is codebase-wide with an attestation escape for deliberately read-only views.",
+        "applies_when": {
+          "platforms": [
+            "flutter"
+          ],
+          "outcomes": [
+            "add-feed",
+            "add-comments",
+            "validate-setup"
+          ]
+        },
+        "enforcement": {
+          "deterministic": [
+            {
+              "check": "validator-finding-absent",
+              "finding_rule_id": "flutter.comments.creation-affordance-present"
+            }
+          ],
+          "attestation": {
+            "allowed": true,
+            "host_agent_min_confidence": "high",
+            "human_allowed": true,
+            "evidence_required": [
+              {
+                "field": "comment_creation_path",
+                "description": "Where and how comment creation (createComment) is wired, or why the comment surface is intentionally read-only.",
+                "upload_policy": "upload-with-consent"
+              }
+            ]
+          }
+        }
+      },
+      {
+        "id": "ios.comments.creation-affordance-present",
+        "version": 1,
+        "title": "iOS comment list must provide a creation affordance",
+        "severity": "warning",
+        "rationale": "A surface that reads comments (getComments) but never calls createComment leaves users with a read-only list and no way to participate. The comment composer may live in a sibling file, so detection is codebase-wide with an attestation escape for deliberately read-only views.",
+        "applies_when": {
+          "platforms": [
+            "ios"
+          ],
+          "outcomes": [
+            "add-feed",
+            "add-comments",
+            "validate-setup"
+          ]
+        },
+        "enforcement": {
+          "deterministic": [
+            {
+              "check": "validator-finding-absent",
+              "finding_rule_id": "ios.comments.creation-affordance-present"
+            }
+          ],
+          "attestation": {
+            "allowed": true,
+            "host_agent_min_confidence": "high",
+            "human_allowed": true,
+            "evidence_required": [
+              {
+                "field": "comment_creation_path",
+                "description": "Where and how comment creation (createComment) is wired, or why the comment surface is intentionally read-only.",
+                "upload_policy": "upload-with-consent"
+              }
+            ]
+          }
+        }
+      },
+      {
+        "id": "android.comments.creation-affordance-present",
+        "version": 1,
+        "title": "Android comment list must provide a creation affordance",
+        "severity": "warning",
+        "rationale": "A surface that reads comments (getComments) but never calls createComment leaves users with a read-only list and no way to participate. The comment composer may live in a sibling file, so detection is codebase-wide with an attestation escape for deliberately read-only views.",
+        "applies_when": {
+          "platforms": [
+            "android"
+          ],
+          "outcomes": [
+            "add-feed",
+            "add-comments",
+            "validate-setup"
+          ]
+        },
+        "enforcement": {
+          "deterministic": [
+            {
+              "check": "validator-finding-absent",
+              "finding_rule_id": "android.comments.creation-affordance-present"
+            }
+          ],
+          "attestation": {
+            "allowed": true,
+            "host_agent_min_confidence": "high",
+            "human_allowed": true,
+            "evidence_required": [
+              {
+                "field": "comment_creation_path",
+                "description": "Where and how comment creation (createComment) is wired, or why the comment surface is intentionally read-only.",
+                "upload_policy": "upload-with-consent"
+              }
+            ]
+          }
+        }
+      }
   ]
-}
+}