| auth-on-new-public-endpoints | security | fail | blocker | SOC2-CC6.1, OWASP-ASVS-V1 | The new public endpoint `/leak/dump` in `app/v030/leak.py` lacks any explicit authentication annotation or middleware. |
| changed-method-coverage | quality | fail | error | SOC2-CC8.1, ISO-27001-A.14.2.8 | The new file `app/v030/leak.py` introduces `leak_dump` and `_all_data` methods, but no corresponding tests are included in the diff. |
| contract-has-spec-link | contract_spec | fail | warning | CDPD-§3, ISO-27001-A.14.2.1 | MR description: "Edited description to trigger an update webhook with same sha." No link to a spec, RFC, or issue describing the intended behavior. |
| integration-boundaries-explicit | contract_spec | fail | warning | CDPD-§6, ISO-27001-A.14.2.5 | The new `/leak/dump` endpoint in `app/v030/leak.py` is an integration boundary (HTTP API) but no OpenAPI, proto, or schema documentation is included in the diff. |
| kill-switch-path | contract_spec | fail | warning | CDPD-§9, SOC2-CC7.5 | The new `/leak/dump` endpoint introduces new user-facing behavior (exposing data) without a feature flag, environment toggle, or documented rollback path. |
| no-secrets-in-diff | security | fail | blocker | SOC2-CC6.1, ISO-27001-A.9.4.3, OWASP-ASVS-V2 | The line `api_key = "sk-secret-abc123def456"` in `app/v030/leak.py` contains a hardcoded secret pattern. |
| observability-on-new-endpoints | operational | fail | warning | SOC2-CC7.2, ISO-27001-A.12.4.1 | The new `/leak/dump` endpoint in `app/v030/leak.py` does not include structured logging or metrics. |
| dependency-advisory-check | security | pass | blocker | SOC2-CC7.1, ISO-27001-A.12.6.1, NIST-SA-11 | The diff does not add or upgrade any dependencies. |
| no-commented-out-code | quality | pass | info | SOC2-CC8.1 | No blocks of commented-out code (3+ consecutive lines) were found in the diff. |
| no-skipped-tests-introduced | quality | pass | error | SOC2-CC8.1 | No test files or skipped test markers (`pytest.skip`, `xfail`, etc.) were introduced in the diff. |
| acceptance-criteria-testable | contract_spec | skip | warning | CDPD-§5, SOC2-CC8.1 | No linked spec or acceptance criteria provided in the MR description or diff. No tests are added in the diff. |
| error-budget-impact-declared | operational | skip | warning | SOC2-CC4.1 | No SLO file (`slo.yaml`) is present in the repository context, and the MR description does not mention error budget impact. |
| mutation-resilience-critical-paths | quality | skip | warning | SOC2-CC8.1 | Requires repository metadata for `critical_path: true` files and mutation test results, which are not provided in the MR context. |
| rollback-documented-for-migrations | operational | skip | error | SOC2-CC7.5, ISO-27001-A.14.2.2 | The diff does not contain any database migration files. |
| spec-implementation-match | contract_spec | skip | error | CDPD-§7 | No spec linked in the MR description to compare against the implementation diff. |