npm - @amityco/social-plus-vise - Versions diffs - 0.12.3 → 0.12.4 - Mend

@amityco/social-plus-vise 0.12.3 → 0.12.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/tools/compliance.js CHANGED Viewed

@@ -358,14 +358,17 @@ export async function checkCompliance(repoPath) {
             // If the current source now produces a finding, the old sync record must
             // not mask code drift; the next `vise sync` will remove it.
             if (attestation.status === "deterministic-pass") {
+                const failStatus = rule.advisory ? "advisory" : rule.enforcement.attestation.allowed ? "attestation-needed" : "deterministic-fail";
                 results.push({
                     ruleId: rule.id,
                     title: rule.title,
                     severity: rule.severity,
-                    status: rule.enforcement.attestation.allowed ? "attestation-needed" : "deterministic-fail",
-                    reason: rule.enforcement.attestation.allowed
-                        ? "Current deterministic check failed; previously synced deterministic-pass evidence is stale."
-                        : "Current deterministic check failed; this rule does not allow attestation.",
+                    status: failStatus,
+                    reason: rule.advisory
+                        ? "Advisory: informational only — does not affect compliance status."
+                        : rule.enforcement.attestation.allowed
+                            ? "Current deterministic check failed; previously synced deterministic-pass evidence is stale."
+                            : "Current deterministic check failed; this rule does not allow attestation.",
                     finding,
                     recommendation: finding?.recommendation,
                     rationale: rule.rationale,
@@ -384,8 +387,10 @@ export async function checkCompliance(repoPath) {
                         ruleId: rule.id,
                         title: rule.title,
                         severity: rule.severity,
-                        status: rule.enforcement.attestation.allowed ? "attestation-needed" : "deterministic-fail",
-                        reason: "Recorded attestation source fingerprints changed. Re-check the evidence and record a fresh attestation.",
+                        status: rule.advisory ? "advisory" : rule.enforcement.attestation.allowed ? "attestation-needed" : "deterministic-fail",
+                        reason: rule.advisory
+                            ? "Advisory: informational only — does not affect compliance status."
+                            : "Recorded attestation source fingerprints changed. Re-check the evidence and record a fresh attestation.",
                         finding,
                         recommendation: finding?.recommendation,
                         rationale: rule.rationale,
@@ -413,9 +418,14 @@ export async function checkCompliance(repoPath) {
                 continue;
             }
         }
-        const baseStatus = (rule.enforcement.attestation.allowed || isInferential) ? "attestation-needed" : "deterministic-fail";
+        const baseStatus = rule.advisory
+            ? "advisory"
+            : (rule.enforcement.attestation.allowed || isInferential) ? "attestation-needed" : "deterministic-fail";
         let fallbackReason = "This rule does not allow attestation.";
-        if (isInferential) {
+        if (rule.advisory) {
+            fallbackReason = "Advisory: informational only — does not affect compliance status.";
+        }
+        else if (isInferential) {
             fallbackReason = "Inferential check required. Please provide a host-agent attestation.";
         }
         else if (rule.enforcement.attestation.allowed) {
@@ -436,6 +446,7 @@ export async function checkCompliance(repoPath) {
     const summary = summarize(results);
     const hasBlocked = results.some((result) => result.status === "blocked");
     const hasDeterministicFailure = results.some((result) => result.status === "deterministic-fail");
+    // "advisory" status is intentionally excluded — advisory rules surface but never block.
     const needsAttestation = results.some((result) => result.status === "attestation-needed" || result.status === "stale");
     // Precedence: blocked (exit 3) > deterministic-failures (2) > needs-attestation (1) > green (0).
     // Contract drift (exit 4) is handled earlier and short-circuits the loop.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@amityco/social-plus-vise",
-  "version": "0.12.3",
+  "version": "0.12.4",
   "description": "Skill-guided deterministic CLI for social.plus SDK integration assistance.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",

package/rules/feed.yaml CHANGED Viewed

@@ -1469,10 +1469,11 @@
     },
     {
       "id": "typescript.reactions.configured-name-used",
-      "version": 1,
+      "version": 2,
       "title": "TypeScript reaction name matches console config",
       "severity": "warning",
-      "rationale": "Reaction names are configurable per-tenant. Hardcoding 'like' or another specific name prevents apps from dynamically matching the tenant's actual configuration, leading to silent failures or API errors.",
+      "advisory": true,
+      "rationale": "Reaction names are configurable per-tenant. Hardcoding 'like' or another specific name prevents apps from dynamically matching the tenant's actual configuration, leading to silent failures or API errors. Advisory: Vise cannot verify tenant console config, so this surfaces as informational — it never blocks vise check.",
       "applies_when": {
         "platforms": [
           "typescript"
@@ -1506,7 +1507,8 @@
     },
     {
       "id": "react-native.reactions.configured-name-used",
-      "version": 1,
+      "version": 2,
+      "advisory": true,
       "title": "React Native reaction name matches console config",
       "severity": "warning",
       "rationale": "Reaction names are configurable per-tenant. Hardcoding 'like' or another specific name prevents apps from dynamically matching the tenant's actual configuration, leading to silent failures or API errors.",
@@ -1543,7 +1545,8 @@
     },
     {
       "id": "android.reactions.configured-name-used",
-      "version": 1,
+      "version": 2,
+      "advisory": true,
       "title": "Android reaction name matches console config",
       "severity": "warning",
       "rationale": "Reaction names are configurable per-tenant. Hardcoding 'like' or another specific name prevents apps from dynamically matching the tenant's actual configuration, leading to silent failures or API errors.",
@@ -1580,7 +1583,8 @@
     },
     {
       "id": "flutter.reactions.configured-name-used",
-      "version": 1,
+      "version": 2,
+      "advisory": true,
       "title": "Flutter reaction name matches console config",
       "severity": "warning",
       "rationale": "Reaction names are configurable per-tenant. Hardcoding 'like' or another specific name prevents apps from dynamically matching the tenant's actual configuration, leading to silent failures or API errors.",
@@ -1617,7 +1621,8 @@
     },
     {
       "id": "ios.reactions.configured-name-used",
-      "version": 1,
+      "version": 2,
+      "advisory": true,
       "title": "iOS reaction name matches console config",
       "severity": "warning",
       "rationale": "Reaction names are configurable per-tenant. Hardcoding 'like' or another specific name prevents apps from dynamically matching the tenant's actual configuration, leading to silent failures or API errors.",