@amityco/social-plus-vise 0.14.8 → 0.14.9

package/CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to `@amityco/social-plus-vise` are documented in this file.
 
 The format is loosely based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.14.9 — 2026-06-05
+
+### Changed
+- **Product expectation bindings:** product-flow checks now surface platform-agnostic expectation IDs such as `chat.unread-visible`, `chat.message-order-explicit`, `feed.rich-post-composer-scope`, and `profile.social-counts` while retaining the concrete platform validator as `sensorId`/`validator` evidence.
+- **Backwards-compatible compliance contracts:** existing Android rule contracts continue to sync, attest, and explain through their legacy contract IDs, while `vise plan` and `vise check` use the shared product expectation IDs as the public-facing rule IDs.
+
 ## 0.14.8 — 2026-06-05
 
 ### Added

package/dist/outcomes.js

@@ -657,9 +657,9 @@ const addFeed = {
         `${platform}.feed.post-datatype-handled`,
         ...(platform === "android"
             ? [
-                `${platform}.feed.rich-post-composer-surfaced`,
-                `${platform}.comments.thread-ui-states-present`,
-                `${platform}.profile.social-counts-from-sdk`,
+                "feed.rich-post-composer-scope",
+                "comments.thread-read-write",
+                "profile.social-counts",
             ]
             : []),
     ],
@@ -1027,7 +1027,7 @@ const addChat = {
         `${platform}.chat.message-observer-cleanup`,
         `${platform}.chat.send-error-handling`,
         `${platform}.chat.moderation-affordance-present`,
-        ...(platform === "android" ? [`${platform}.chat.unread-visible`, `${platform}.chat.sort-explicit`] : []),
+        ...(platform === "android" ? ["chat.unread-visible", "chat.message-order-explicit"] : []),
     ],
     stopConditions: (ctx) => filterStops(ctx.answers, [
         { id: "chat_shape", text: "The chat shape is unknown; cannot implement without knowing 1:1, group, or community channel." },
@@ -1271,6 +1271,7 @@ const addFollow = {
     validation: () => [
         "follower/following lists use a Live Collection (not a one-shot query)",
         "follow model handled (automatic vs follow-request approval)",
+        "profile.social-counts",
         "no invented userId",
         "relationship observer cleaned up on lifecycle end",
         "validate_setup",

package/dist/productExpectations.js

@@ -0,0 +1,56 @@
+export const PRODUCT_EXPECTATION_BINDINGS = [
+    {
+        expectationId: "feed.rich-post-composer-scope",
+        sensorId: "android.feed.rich-post-composer-surfaced",
+        platform: "android",
+    },
+    {
+        expectationId: "comments.thread-read-write",
+        sensorId: "android.comments.thread-ui-states-present",
+        platform: "android",
+    },
+    {
+        expectationId: "chat.unread-visible",
+        sensorId: "android.chat.unread-visible",
+        platform: "android",
+    },
+    {
+        expectationId: "chat.message-order-explicit",
+        sensorId: "android.chat.sort-explicit",
+        platform: "android",
+    },
+    {
+        expectationId: "profile.social-counts",
+        sensorId: "android.profile.social-counts-from-sdk",
+        platform: "android",
+    },
+];
+const bindingsBySensorId = new Map(PRODUCT_EXPECTATION_BINDINGS.map((binding) => [binding.sensorId, binding]));
+export function productExpectationBindingForSensor(sensorId) {
+    return bindingsBySensorId.get(sensorId);
+}
+export function productFindingIdentity(sensorId) {
+    const binding = productExpectationBindingForSensor(sensorId);
+    if (!binding) {
+        return { ruleId: sensorId };
+    }
+    return {
+        ruleId: binding.expectationId,
+        sensorId: binding.sensorId,
+        validator: {
+            platform: binding.platform,
+            sensorId: binding.sensorId,
+        },
+    };
+}
+export function publicProductRuleId(ruleId) {
+    return productExpectationBindingForSensor(ruleId)?.expectationId ?? ruleId;
+}
+export function findingMatchesId(finding, id) {
+    return finding.ruleId === id || finding.sensorId === id;
+}
+export function contractRuleCandidatesForPublicId(ruleId) {
+    return PRODUCT_EXPECTATION_BINDINGS
+        .filter((binding) => binding.expectationId === ruleId)
+        .map((binding) => binding.sensorId);
+}

package/dist/tools/compliance.js

@@ -4,6 +4,7 @@ import path from "node:path";
 import { fileURLToPath } from "node:url";
 import { assessProjectCompleteness, assessProjectSelectedOptionalCapabilities, availableOptionalCapabilityIds, optionalCapabilityChecklist, platformCapabilityAvailability, selectedOptionalCapabilityIds, } from "../capabilities.js";
 import { getOutcomeDefinition, hasAnswer, planContextFor, resolveOutcome, } from "../outcomes.js";
+import { contractRuleCandidatesForPublicId, productExpectationBindingForSensor, publicProductRuleId, } from "../productExpectations.js";
 import { objectInput, optionalBooleanField, optionalStringField, stringField, textResult } from "../types.js";
 import { packageVersion } from "../version.js";
 import { DESIGN_CONTRACT_CONFIRMATION_ANSWER_ID, buildDesignBrief, designContractConfirmationFromAnswers, designPreviewPath, readDesignContract, } from "./design.js";
@@ -497,13 +498,19 @@ export async function checkCompliance(repoPath) {
     const platforms = platformsToValidate.length > 0 ? platformsToValidate : ["unknown"];
     const allFindings = await Promise.all(platforms.map((p) => validateSetup(inspection.effectiveRoot, p)));
     const findings = allFindings.flat();
-    const findingsById = new Map(findings.map((finding) => [finding.ruleId, finding]));
+    const findingsById = new Map();
+    for (const finding of findings) {
+        findingsById.set(finding.ruleId, finding);
+        if (finding.sensorId) {
+            findingsById.set(finding.sensorId, finding);
+        }
+    }
     const attestations = await readAttestations(repoRoot);
     const results = [];
     for (const ref of compliance.rules) {
         const rule = rules.get(ref.rule_id);
         if (!rule) {
-            results.push({ ruleId: ref.rule_id, title: ref.rule_id, severity: ref.severity, status: "stale", reason: "Rule is missing from installed Vise." });
+            results.push({ ...checkRuleIdentity(ref.rule_id), title: ref.rule_id, severity: ref.severity, status: "stale", reason: "Rule is missing from installed Vise." });
             continue;
         }
         // Blockers run first. If any external prerequisite is missing, the rule is
@@ -514,7 +521,7 @@ export async function checkCompliance(repoPath) {
         if (blockersFired.length > 0) {
             const attestable = rule.enforcement.attestation.allowed;
             results.push({
-                ruleId: rule.id,
+                ...checkRuleIdentity(rule.id),
                 title: rule.title,
                 severity: rule.severity,
                 status: "blocked",
@@ -532,7 +539,7 @@ export async function checkCompliance(repoPath) {
         const finding = hasDeterministicChecks ? deterministicFinding(rule, findingsById) : undefined;
         if (hasDeterministicChecks && !finding) {
             results.push({
-                ruleId: rule.id,
+                ...checkRuleIdentity(rule.id),
                 title: rule.title,
                 severity: rule.severity,
                 status: "deterministic-pass",
@@ -548,7 +555,7 @@ export async function checkCompliance(repoPath) {
             if (attestation.status === "deterministic-pass") {
                 const failStatus = rule.advisory ? "advisory" : rule.enforcement.attestation.allowed ? "attestation-needed" : "deterministic-fail";
                 results.push({
-                    ruleId: rule.id,
+                    ...checkRuleIdentity(rule.id),
                     title: rule.title,
                     severity: rule.severity,
                     status: failStatus,
@@ -574,7 +581,7 @@ export async function checkCompliance(repoPath) {
                 if (staleFingerprints.length > 0) {
                     const fingerprintStatus = rule.advisory ? "advisory" : rule.enforcement.attestation.allowed ? "attestation-needed" : "deterministic-fail";
                     results.push({
-                        ruleId: rule.id,
+                        ...checkRuleIdentity(rule.id),
                         title: rule.title,
                         severity: rule.severity,
                         status: fingerprintStatus,
@@ -592,7 +599,7 @@ export async function checkCompliance(repoPath) {
                 }
                 const deprecated = grandfathered && (rule.deprecated_versions ?? []).includes(attestation.rule_version);
                 results.push({
-                    ruleId: rule.id,
+                    ...checkRuleIdentity(rule.id),
                     title: rule.title,
                     severity: rule.severity,
                     status: "attested",
@@ -623,7 +630,7 @@ export async function checkCompliance(repoPath) {
             fallbackReason = "Deterministic check failed and no valid attestation exists.";
         }
         results.push({
-            ruleId: rule.id,
+            ...checkRuleIdentity(rule.id),
             title: rule.title,
             severity: rule.severity,
             status: baseStatus,
@@ -692,9 +699,10 @@ export async function syncCompliance(repoPath) {
     const removed = [];
     await mkdir(attestationsDir(repoRoot), { recursive: true });
     for (const result of check.rules) {
-        const filePath = path.join(attestationsDir(repoRoot), attestationPathFor(result.ruleId));
+        const contractRuleId = result.contractRuleId ?? result.ruleId;
+        const filePath = path.join(attestationsDir(repoRoot), attestationPathFor(contractRuleId));
         if (result.status === "deterministic-pass") {
-            const rule = (await rulesById()).get(result.ruleId);
+            const rule = (await rulesById()).get(contractRuleId);
             if (!rule) {
                 continue;
             }
@@ -727,17 +735,18 @@ export async function attestRule(args) {
     const repoRoot = path.resolve(args.repoPath);
     const compliance = await readCompliance(repoRoot);
     const rules = await rulesById();
-    const rule = rules.get(args.ruleId);
-    if (!rule || !compliance.rules.some((ref) => ref.rule_id === args.ruleId)) {
+    const contractRuleId = resolveRuleIdForContract(args.ruleId, compliance, rules);
+    const rule = contractRuleId ? rules.get(contractRuleId) : undefined;
+    if (!rule || !contractRuleId) {
         // Collect up to 8 applicable attestable rule ids from this contract for the error hint. Prefer
         // ids that share the bad id's non-wildcard prefix so the agent can narrow down quickly.
         const attestableIds = compliance.rules
             .map((ref) => rules.get(ref.rule_id))
             .filter((r) => r !== undefined && r.enforcement.attestation.allowed);
         const prefix = args.ruleId.replace(/\.\*$|\*$/, "");
-        const prefixed = prefix !== args.ruleId ? attestableIds.filter((r) => r.id.startsWith(prefix) || r.id.includes(prefix)) : [];
+        const prefixed = prefix !== args.ruleId ? attestableIds.filter((r) => r.id.startsWith(prefix) || r.id.includes(prefix) || publicProductRuleId(r.id).startsWith(prefix)) : [];
         const candidates = prefixed.length > 0 ? prefixed : attestableIds;
-        const hintIds = candidates.slice(0, 8).map((r) => r.id);
+        const hintIds = candidates.slice(0, 8).map((r) => publicProductRuleId(r.id));
         const hintSuffix = hintIds.length > 0 ? ` Applicable attestable rules: ${hintIds.join(", ")}.` : " Applicable attestable rules: none.";
         const preamble = args.ruleId.includes("*")
             ? `Wildcards are not supported — attest one rule at a time.`
@@ -757,11 +766,11 @@ export async function attestRule(args) {
     await mkdir(attestationsDir(repoRoot), { recursive: true });
     const sourceFingerprints = await collectSourceFingerprints(repoRoot, sourceRootForCompliance(repoRoot, compliance), args.evidence);
     const attestation = buildAttestation(compliance, rule, args.signer, args.confidence, args.identity, args.rationale, args.evidence, sourceFingerprints);
-    const filePath = path.join(attestationsDir(repoRoot), attestationPathFor(args.ruleId));
+    const filePath = path.join(attestationsDir(repoRoot), attestationPathFor(contractRuleId));
     await writeJson(filePath, attestation);
     return {
         status: "attested",
-        ruleId: args.ruleId,
+        ...checkRuleIdentity(contractRuleId),
         destination: filePath,
         signer_claim: attestation.signer_claim,
         source_fingerprints: sourceFingerprints,
@@ -769,12 +778,14 @@ export async function attestRule(args) {
 }
 export async function explainRule(ruleId) {
     const rules = await rulesById();
-    const rule = rules.get(ruleId);
-    if (!rule) {
+    const contractRuleId = resolveRuleIdForInstalledRules(ruleId, rules);
+    const rule = contractRuleId ? rules.get(contractRuleId) : undefined;
+    if (!rule || !contractRuleId) {
         throw new Error(`Unknown compliance rule: ${ruleId}`);
     }
     return {
-        id: rule.id,
+        id: publicProductRuleId(rule.id),
+        ...(publicProductRuleId(rule.id) !== rule.id ? { contract_rule_id: rule.id } : {}),
         version: rule.version,
         title: rule.title,
         severity: rule.severity,
@@ -836,6 +847,34 @@ export async function rulesById() {
     const rules = (await loadRuleFiles()).flatMap((file) => file.rules);
     return new Map(rules.map((rule) => [rule.id, rule]));
 }
+function checkRuleIdentity(contractRuleId) {
+    const binding = productExpectationBindingForSensor(contractRuleId);
+    if (!binding) {
+        return { ruleId: contractRuleId };
+    }
+    return {
+        ruleId: binding.expectationId,
+        contractRuleId,
+        validator: {
+            platform: binding.platform,
+            sensorId: binding.sensorId,
+        },
+    };
+}
+function resolveRuleIdForContract(ruleId, compliance, rules) {
+    if (rules.has(ruleId) && compliance.rules.some((ref) => ref.rule_id === ruleId)) {
+        return ruleId;
+    }
+    const candidates = contractRuleCandidatesForPublicId(ruleId).filter((candidate) => rules.has(candidate) && compliance.rules.some((ref) => ref.rule_id === candidate));
+    return candidates.length === 1 ? candidates[0] : null;
+}
+function resolveRuleIdForInstalledRules(ruleId, rules) {
+    if (rules.has(ruleId)) {
+        return ruleId;
+    }
+    const candidates = contractRuleCandidatesForPublicId(ruleId).filter((candidate) => rules.has(candidate));
+    return candidates.length === 1 ? candidates[0] : null;
+}
 function ruleRef(rule) {
     return {
         rule_id: rule.id,
@@ -847,15 +886,21 @@ function ruleRef(rule) {
 // Extends ruleRef with the human-readable title for file output (compliance.json,
 // applicableRules in integration plans). Not used for digest computation.
 function ruleRefForFile(rule) {
-    return { ...ruleRef(rule), title: rule.title };
+    const publicRuleId = publicProductRuleId(rule.id);
+    return {
+        ...ruleRef(rule),
+        ...(publicRuleId !== rule.id ? { public_rule_id: publicRuleId } : {}),
+        title: rule.title,
+    };
 }
 // Benchmark-measured friction: agents looped on attest dialect for ~25 min/cell when docs and SDK
 // disagreed on exact invocation syntax (capability-matrix 2026-06, Row 5). Hand them the exact incantation.
 function attestHint(rule) {
     const minConfidence = rule.enforcement.attestation.host_agent_min_confidence ?? "high";
     const fields = rule.enforcement.attestation.evidence_required ?? [];
+    const publicRuleId = publicProductRuleId(rule.id);
     return {
-        attest_command: `vise attest --rule ${rule.id} --confidence ${minConfidence} --signer host-agent --evidence-file sp-vise/evidence/${rule.id}.json --rationale "<why this rule is satisfied (or cannot apply) in this codebase>"`,
+        attest_command: `vise attest --rule ${publicRuleId} --confidence ${minConfidence} --signer host-agent --evidence-file sp-vise/evidence/${rule.id}.json --rationale "<why this rule is satisfied (or cannot apply) in this codebase>"`,
         evidence_template: Object.fromEntries(fields.map((f) => [f.field, `<${f.description}>`])),
     };
 }
@@ -878,7 +923,7 @@ function contractDrift(compliance, rules) {
     for (const ref of compliance.rules) {
         const rule = rules.get(ref.rule_id);
         if (!rule) {
-            results.push({ ruleId: ref.rule_id, title: ref.rule_id, severity: ref.severity, status: "stale", reason: "Rule is missing from installed Vise." });
+            results.push({ ...checkRuleIdentity(ref.rule_id), title: ref.rule_id, severity: ref.severity, status: "stale", reason: "Rule is missing from installed Vise." });
             continue;
         }
         const digest = digestRule(rule);
@@ -888,7 +933,7 @@ function contractDrift(compliance, rules) {
                 ? `Rule digest changed since vise init (v${ref.rule_version} → v${rule.version}; new version is backwards-compatible — re-run vise init; existing attestations will be grandfathered).`
                 : `Rule digest changed since vise init (v${ref.rule_version} → v${rule.version}).`;
             results.push({
-                ruleId: ref.rule_id,
+                ...checkRuleIdentity(ref.rule_id),
                 title: rule.title,
                 severity: ref.severity,
                 status: "stale",

package/dist/tools/debug.js

@@ -42,7 +42,8 @@ export async function debugIssue(repoPath, errorMessage, options = {}) {
         for (const rule of checkResult.rules) {
             if (rule.status === "deterministic-fail" || rule.status === "attestation-needed") {
                 // It failed. Check if symptoms match.
-                const ruleDef = rulesMap.get(rule.ruleId);
+                const contractRuleId = rule.contractRuleId ?? rule.ruleId;
+                const ruleDef = rulesMap.get(contractRuleId);
                 const symptoms = ruleDef?.symptoms || [];
                 if (symptoms.some(s => errorMessage.includes(s))) {
                     correlatedRules.push({
@@ -54,7 +55,8 @@ export async function debugIssue(repoPath, errorMessage, options = {}) {
             }
             else if (rule.status === "attested") {
                 // Check for false-positive attestations
-                const ruleDef = rulesMap.get(rule.ruleId);
+                const contractRuleId = rule.contractRuleId ?? rule.ruleId;
+                const ruleDef = rulesMap.get(contractRuleId);
                 const symptoms = ruleDef?.symptoms || [];
                 if (symptoms.some(s => errorMessage.includes(s))) {
                     correlatedRules.push({

package/dist/tools/project.js

@@ -1,5 +1,6 @@
 import { access, readdir, readFile } from "node:fs/promises";
 import path from "node:path";
+import { productFindingIdentity } from "../productExpectations.js";
 import { objectInput, optionalStringField, stringField, textResult } from "../types.js";
 import { findCallExpressions, parse, tryParse, pickObjectProperty, resolveLiteralValue, stripComments } from "./ast.js";
 async function exists(filePath) {
@@ -1910,7 +1911,7 @@ function statusForFindings(findings) {
     return findings.length === 0 ? "no-obvious-issues" : "needs-review";
 }
 function finding(ruleId, severity, message, file, recommendation) {
-    return { ruleId, severity, message, file, recommendation };
+    return { ...productFindingIdentity(ruleId), severity, message, file, recommendation };
 }
 async function existingFiles(root, relativeFiles) {
     const files = [];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@amityco/social-plus-vise",
-  "version": "0.14.8",
+  "version": "0.14.9",
   "description": "Skill-guided deterministic CLI for social.plus SDK integration assistance.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",