Rule handbook metadata
- Rule
AI.CREDIBILITY.NO_OVERCLAIM· laneai- Page status
- stale
- page_version
b6ac8bcdc1ace2f7490170e0cacd3998d65907b6706a1567725aef7d4629a357- generated_at
- 2026-05-19T21:45:00.000Z
- registry_fingerprint
6773fda516344e110b5a7b1435e655e1264e773825ca8bbe62194189891c42ba
How this rule is fixed
This is an AI-enabled rule. Pass/fail requires model judgment; there is no deterministic fixer in the pilot registry.
- Harness:
invoke-ai-ruleset-harness.shrunsdesign-rules/ai/run-design-ai-rule.shon the Before fixture and expects findings with matchingprincipleId. - Remediation: Cursor agent plans from
forge-ux-remediation.plan.mdafter sitewide audit — not handbook After copy.
Detection module: docs/design/ux-audit/ai-enabled-design-principles.md#ai-credibility-no-overclaim. Scroll down for Before / After examples and Evidence and remediation steps.
Purpose
Public Forge pages built with landing_page, product_page, and forge-card trust bands must earn confidence without fabricating proof. This AI rule judges whether capabilities are stated in bounded, verifiable ways—not whether the product is good.
Deterministic checks catch empty CTAs and hierarchy (DET.CTA.*); they do not detect invented SOC 2 badges, customer logos, uptime percentages, or compliance-ready language that has no source in the repo or published evidence. Reviewers apply this rule on heroes, outcome cards, trust strips, and footer-adjacent proof rows.
Plan: List every numeric claim, certification name, customer mark, and superlative on the page; ask what artifact would disprove it. Do: Replace unverifiable proof with mechanism language, explicit scope, and links to docs the team actually maintains. Check: No claim requires a logo file, audit PDF, or metric you cannot point to in source content. Adjust: If the same overclaim pattern repeats (e.g. fake badge row in forge-section), propose a deterministic DET.* companion such as a trust-block schema or banned-phrase lint.
Passing signals
- Hero and tagline use outcome + mechanism language (governed delivery, bounded job execution) without unsourced superlatives or certification shorthand.
- Trust or proof bands describe inspectable boundaries (data stays local, human approval points, token-scoped APIs)—not implied third-party endorsement.
- Metrics, if present, name what was measured, over what scope, and link to a doc, changelog, or reproducible benchmark—not a naked number in
forge-support. - Customer or partner references use real assets from
assets/or documented relationships; no placeholder logo grids. - Certifications and compliance language are qualified or omitted when unsupported.
- CTAs promise actions the site can deliver (
btn-forgeto Quickstart, docs, or contact)—not compliance downloads without a real destination. - Absolute words (only, always, fully automated) are avoided or paired with explicit limits matching
AI.TRUST.BOUNDARY_CLARITY.
Failing signals
- Badge row or
forge-cardtiles show SOC 2, ISO 27001, HIPAA-ready, or similar marks with no maintained evidence page. - Invented customer logos, trusted-by-thousands copy, or unnamed leading teams without verifiable references.
- Fabricated metrics in hero or cards with no methodology or source.
- Compliance-ready or certified shorthand that reads like an attestation the product does not publish.
- Logo wall of grayscale placeholders implying partnerships.
- Primary CTA copy overpromises capability contradicted by docs linked below.
- Testimonials quote roles or companies not present in content source.
- Security or privacy claims that conflict with documented architecture.
Before example
Before (failing example)
Forge Platform
The only SOC 2 Type II certified AI delivery platform
Trusted by 2,000+ enterprises. 99.99% uptime. Deploy in under five minutes—fully automated, compliance-ready.
Trusted worldwide
Proven at scale
Certified
SOC 2 · ISO 27001 · HIPAA
Badges shown for illustration—no audit artifacts linked.
Performance
10× faster releases
No benchmark, cohort, or doc citation.
Failing KS markup: invented certification badges, unsourced metrics, and a logo wall in a trust band.
After example
After (passing example)
Forge Platform
Governed delivery you can inspect
Structure intent, delegate safely, and keep human review points—not marketing superlatives.
Security and compliance depend on your deployment, identity, and data boundaries. We document what the software does; we do not claim third-party certifications here.
Trust model
What we can stand behind
Need a formal attestation? Use your own compliance program; this site explains product behavior only.
Passing KS markup: bounded claims, explicit trust boundaries, and CTAs that match real destinations.
Evidence and remediation
Capture: screenshot of hero and any trust/proof band; inventory of claims (numbers, cert names, logos, superlatives); link targets for each CTA; note mismatches with linked docs or repo content.
Remediate (in order):
- Remove or qualify every certification badge, logo, and metric that lacks a published source—replace with mechanism + boundary copy.
- Rewrite hero and
card-labeltiles to outcome + inspectable proof (AI.GOVERNANCE.CREDIBILITY); defer legal/compliance language to maintainer-owned pages. - Point CTAs at real routes (
/quickstart,/trust,/docs/…); fixDET.CTA.LABEL_NONEMPTYandDET.CTA.HIERARCHYafter copy changes. - Add explicit scope limits instead of absolute promises.
- If customer proof is required, use named, sourced quotes or logos from approved assets—never placeholder grids.
- Re-run AI batch with
principleId: AI.CREDIBILITY.NO_OVERCLAIMand recorddeterministicCoverage; if badge rows or banned phrases repeat, propose aDET.*trust-block or copy-pattern check.