# Guard Rules

Default strictness is `warn`. Ambiguous heuristics are `manual-review-required`.
Only clear customer/auditor default-surface leakage is blocking in v1.

| Rule ID | Purpose | Default Result | Blocking In V1 | Allowlist |
|---|---|---|---|---|
| `UIBLOAT_ZERO_METRIC_CARD` | Detect zero-card spam that makes no-action pages noisy. | warning | no | allowed with scoped reason |
| `UIBLOAT_REPEATED_STATUS` | Detect repeated lifecycle/status/readiness wording. | manual-review-required | no | allowed with scoped reason |
| `UIBLOAT_CUSTOMER_RAW_ID` | Detect raw ID labels on likely customer/auditor defaults. | blocking on customer/auditor; manual review elsewhere | yes | allowed only with explicit technical-details rationale |
| `UIBLOAT_CUSTOMER_INTERNAL_TERM` | Detect internal/debug/provider terms on likely customer/auditor defaults. | blocking on customer/auditor; manual review elsewhere | yes | allowed only with explicit technical-details rationale |
| `UIBLOAT_MISSING_PRIMARY_QUESTION` | Detect pages without a clear question/next-action marker. | manual-review-required | no | allowed with scoped reason |
| `UIBLOAT_HEADER_ACTION_OVERLOAD` | Detect many header actions competing for attention. | manual-review-required | no | allowed with workflow-hub rationale |
| `UIBLOAT_EVIDENCE_DIAGNOSTICS_MIXED` | Detect copy that blurs proof/evidence and diagnostics. | manual-review-required | no | allowed with support-surface rationale |
| `UIBLOAT_TECH_METADATA_MAIN` | Detect technical metadata in main/default content. | manual-review-required | no | allowed with diagnostic/system-surface rationale |
| `UIBLOAT_DIAGNOSTIC_GUIDANCE_MISSING` | Detect diagnostic-heavy files without guidance markers. | manual-review-required | no | allowed with external guidance rationale |
| `UIBLOAT_DIAGNOSTIC_ENTRYPOINT_AMBIGUOUS` | Detect broad diagnostic labels for repair-only/support-only routes. | manual-review-required | no | allowed with named-entrypoint rationale |

## Pattern Examples

- Raw ID labels: `operation id`, `workspace id`, `tenant id`, `provider object id`, `fingerprint`.
- Internal terms: `operation context`, `raw graph payload`, `debug`, `stack trace`, `provider response body`, `internal reason`.
- Guidance markers: `recommended first check`, `start here`, `next check`, `use this when`, `repair diagnostics`, `support diagnostics`.
- Evidence/diagnostics mixing markers: `evidence diagnostics`, `diagnostic evidence`, `proof diagnostics`.

## Strictness

- `report`: returns findings, no blocking exit.
- `warn`: returns findings and marks only hard customer/auditor safety findings as blocking.
- `fail`: treats all warning/manual-review/blocking findings as failing for explicit future hardening.

## Suggested Actions

- Move raw/internal/provider detail behind collapsed technical details.
- Add or clarify the primary operator/customer question.
- Group secondary header actions.
- Separate evidence proof from diagnostics.
- Add diagnostic guidance or rename ambiguous entrypoints.