Skip to content

Policy decision example wanted: add one bounded needs-review case #106

Description

@stacknil

Review target

Add one small policy-decision example where the correct consumer outcome is needs-review rather than a package safety conclusion.

Expected contribution

Show:

  • the synthetic input evidence,
  • the local risk or policy rule involved,
  • the explanation fields such as decision_reason, threshold, and observed value,
  • why the remaining decision requires context outside the tool.

Done when

The example is deterministic, linked from policy documentation, and clearly separated from CVE or safety claims.

Boundaries

No live package reputation claim, vulnerability lookup, malware verdict, or production publishing change.

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentationImprovements or additions to documentationhelp wantedExtra attention is neededquestionFurther information is requested

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions