You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
NEW: Add AI1003.ProvideRequiredRegionProperties validation rule — error when result locations lack a region or required region properties. Mirrors SARIF2017 at error level for AI profile.
NEW: Add AI1004.ProvideVersionControlProvenance validation rule — error when run.versionControlProvenance is missing or empty. Ensures AI findings are traceable to source control.
NEW: Add AI2006.ProvideMessageMarkdown validation rule — error when AI-generated findings do not include message.markdown.
NEW: Add AI1007.ProvideExploitability validation rule — warns when result.properties["ai/exploitability"] is missing or contains an unrecognized value (valid: demonstrated, poc, theoretical). Follows the suppressions pattern (§3.27.23): exploitability must be present on all results or absent from all results; mixed presence is flagged as a data quality error.
NEW: Add AI1012.ProvideAIHandoff validation rule — notes when run.properties["ai/handoff"] is missing or empty. This property is intended to provide human-readable handoff instructions for triaging and acting on AI-generated findings.
NEW: Add SARIF2017.ProvideRequiredRegionProperties validation rule — warns when result locations lack a region or startLine. Fires in standard profile only (--rule-kind Sarif).
NEW: Add RuleKind.AI to SARIF2010.ProvideCodeSnippets and SARIF2011.ProvideContextRegion so these rules fire under --rule-kind AI with no configuration file needed.
DEL: Remove policies/ai.config.xml — AI validation now works zero-config via --rule-kind AI.
