Review target
Add one small policy-decision example where the correct consumer outcome is needs-review rather than a package safety conclusion.
Expected contribution
Show:
- the synthetic input evidence,
- the local risk or policy rule involved,
- the explanation fields such as
decision_reason, threshold, and observed value,
- why the remaining decision requires context outside the tool.
Done when
The example is deterministic, linked from policy documentation, and clearly separated from CVE or safety claims.
Boundaries
No live package reputation claim, vulnerability lookup, malware verdict, or production publishing change.
Review target
Add one small policy-decision example where the correct consumer outcome is
needs-reviewrather than a package safety conclusion.Expected contribution
Show:
decision_reason, threshold, and observed value,Done when
The example is deterministic, linked from policy documentation, and clearly separated from CVE or safety claims.
Boundaries
No live package reputation claim, vulnerability lookup, malware verdict, or production publishing change.