Rule handbook metadata

Rule
AI.CREDIBILITY.NO_OVERCLAIM · lane ai
Page status
stale
page_version
b6ac8bcdc1ace2f7490170e0cacd3998d65907b6706a1567725aef7d4629a357
generated_at
2026-05-19T21:45:00.000Z
registry_fingerprint
6773fda516344e110b5a7b1435e655e1264e773825ca8bbe62194189891c42ba

How this rule is fixed

This is an AI-enabled rule. Pass/fail requires model judgment; there is no deterministic fixer in the pilot registry.

  • Harness: invoke-ai-ruleset-harness.sh runs design-rules/ai/run-design-ai-rule.sh on the Before fixture and expects findings with matching principleId.
  • Remediation: Cursor agent plans from forge-ux-remediation.plan.md after sitewide audit — not handbook After copy.

Detection module: docs/design/ux-audit/ai-enabled-design-principles.md#ai-credibility-no-overclaim. Scroll down for Before / After examples and Evidence and remediation steps.

Purpose

Public Forge pages built with landing_page, product_page, and forge-card trust bands must earn confidence without fabricating proof. This AI rule judges whether capabilities are stated in bounded, verifiable ways—not whether the product is good.

Deterministic checks catch empty CTAs and hierarchy (DET.CTA.*); they do not detect invented SOC 2 badges, customer logos, uptime percentages, or compliance-ready language that has no source in the repo or published evidence. Reviewers apply this rule on heroes, outcome cards, trust strips, and footer-adjacent proof rows.

Plan: List every numeric claim, certification name, customer mark, and superlative on the page; ask what artifact would disprove it. Do: Replace unverifiable proof with mechanism language, explicit scope, and links to docs the team actually maintains. Check: No claim requires a logo file, audit PDF, or metric you cannot point to in source content. Adjust: If the same overclaim pattern repeats (e.g. fake badge row in forge-section), propose a deterministic DET.* companion such as a trust-block schema or banned-phrase lint.

Passing signals

  • Hero and tagline use outcome + mechanism language (governed delivery, bounded job execution) without unsourced superlatives or certification shorthand.
  • Trust or proof bands describe inspectable boundaries (data stays local, human approval points, token-scoped APIs)—not implied third-party endorsement.
  • Metrics, if present, name what was measured, over what scope, and link to a doc, changelog, or reproducible benchmark—not a naked number in forge-support.
  • Customer or partner references use real assets from assets/ or documented relationships; no placeholder logo grids.
  • Certifications and compliance language are qualified or omitted when unsupported.
  • CTAs promise actions the site can deliver (btn-forge to Quickstart, docs, or contact)—not compliance downloads without a real destination.
  • Absolute words (only, always, fully automated) are avoided or paired with explicit limits matching AI.TRUST.BOUNDARY_CLARITY.

Failing signals

  • Badge row or forge-card tiles show SOC 2, ISO 27001, HIPAA-ready, or similar marks with no maintained evidence page.
  • Invented customer logos, trusted-by-thousands copy, or unnamed leading teams without verifiable references.
  • Fabricated metrics in hero or cards with no methodology or source.
  • Compliance-ready or certified shorthand that reads like an attestation the product does not publish.
  • Logo wall of grayscale placeholders implying partnerships.
  • Primary CTA copy overpromises capability contradicted by docs linked below.
  • Testimonials quote roles or companies not present in content source.
  • Security or privacy claims that conflict with documented architecture.

Before example

Before (failing example)

Forge Platform

The only SOC 2 Type II certified AI delivery platform

Trusted by 2,000+ enterprises. 99.99% uptime. Deploy in under five minutes—fully automated, compliance-ready.

Proven at scale

Certified

SOC 2 · ISO 27001 · HIPAA

Badges shown for illustration—no audit artifacts linked.

Performance

10× faster releases

No benchmark, cohort, or doc citation.

Failing KS markup: invented certification badges, unsourced metrics, and a logo wall in a trust band.

After example

After (passing example)

Forge Platform

Governed delivery you can inspect

Structure intent, delegate safely, and keep human review points—not marketing superlatives.

Security and compliance depend on your deployment, identity, and data boundaries. We document what the software does; we do not claim third-party certifications here.

Passing KS markup: bounded claims, explicit trust boundaries, and CTAs that match real destinations.

Evidence and remediation

Capture: screenshot of hero and any trust/proof band; inventory of claims (numbers, cert names, logos, superlatives); link targets for each CTA; note mismatches with linked docs or repo content.

Remediate (in order):

  1. Remove or qualify every certification badge, logo, and metric that lacks a published source—replace with mechanism + boundary copy.
  2. Rewrite hero and card-label tiles to outcome + inspectable proof (AI.GOVERNANCE.CREDIBILITY); defer legal/compliance language to maintainer-owned pages.
  3. Point CTAs at real routes (/quickstart, /trust, /docs/…); fix DET.CTA.LABEL_NONEMPTY and DET.CTA.HIERARCHY after copy changes.
  4. Add explicit scope limits instead of absolute promises.
  5. If customer proof is required, use named, sourced quotes or logos from approved assets—never placeholder grids.
  6. Re-run AI batch with principleId: AI.CREDIBILITY.NO_OVERCLAIM and record deterministicCoverage; if badge rows or banned phrases repeat, propose a DET.* trust-block or copy-pattern check.