Skip to content

CI validation for forbidden language and disallowed claims in normative docs #3

Description

@klssxx

Context

The project forbids the term "auto-approval" and any claim of OS-level sandboxing, total security, tamper-proofing, invulnerability, risk-free operation, or impossibility of manipulation. A CI check should catch violations instead of manual review.

Requisito o riesgo al que responde

  • Requisito: THEKEY_CONTRACT (terminology rule) — "deterministic policy authorization", never "auto-approval"; honest claims only.
  • Riesgo cubierto: THREAT surface "Alteración de artefactos de evidencia" extended to docs — false claims in README/THREAT_MODEL erode trust and contradict the honest-threat-model stance.

Impacto si no se resuelve

A single disallowed phrase in a translated doc ships a false guarantee; the project's core honesty claim is violated and only caught by a human re-reading.

Acceptance criteria

  • scripts/ci/docs_claims.py scans normative docs (ES+EN) for the forbidden terms and for the required "deterministic policy authorization" / "workflow isolation" phrasing.
  • Exits non-zero on any forbidden term (negative test proven).
  • Runs in the docs-gates CI job on every PR.

Cómo se verifica

python scripts/ci/docs_claims.py
# expected: exit 0 on current docs; exit 1 if a forbidden term is injected
python -m thekey demo
# expected: RELEASE_ELIGIBLE, gates_passed: 4/4

Evidencia en event store

On merge record Closes #3 + docs_claims.py output in the PR body; the demo run must reach RELEASE_ELIGIBLE with evidence_mismatches: [].

Docs afectados

  • README / README.en actualizado (only if a claim is corrected)
  • CHANGELOG entrada añadida
  • DECISIONS.md si hay decisión de diseño

Metadata

Metadata

Assignees

No one assigned

    Labels

    cibacklog labeldocumentationImprovements or additions to documentationgood first issueGood for newcomerswindowsbacklog label

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions