Skip to content

Wardline 01 04 non goals

4. Non-goals

The following are explicitly outside the scope of this framework:

  1. Wardline does not prove semantic correctness in full. It detects syntactic proxies for semantic violations in declared contexts (structural signals that correlate with semantic errors, not the semantic errors themselves). See §13 for the residual risk analysis of this limitation.
  2. Wardline does not replace human judgement. It structures what judgement must address. The governance model (§10) defines the decision points; the framework makes them visible but does not resolve them.
  3. Wardline does not independently establish provenance truth across serialisation boundaries. The framework can enforce structural checks at restoration points (§6.3), but the ultimate provenance claim rests on institutional trust and governance assurance, not technical proof.
  4. Wardline does not eliminate the need for ordinary assurance controls. It supplements them. The standard assurance stack (linters, type checkers, SAST, DAST, unit tests, peer review) remains necessary; the wardline adds the semantic-boundary layer that the standard stack cannot address.
  5. Wardline does not guarantee complete coverage of all risky code paths. Coverage depends on annotation investment, and the coverage boundary is made visible through the annotation fingerprint baseline. Unannotated code is outside the enforcement perimeter by definition.
  6. Wardline does not encode performance trade-offs, library choices, concurrency models, deployment constraints, or operational assumptions. A wardline manifest captures data-flow boundaries, validation requirements, restoration semantics, failure posture, exception models, and audit obligations. Everything outside that list remains an engineering decision that the manifest neither encodes nor eliminates.
  7. Wardline does not provide runtime security enforcement. Runtime structural checks (§9.3) verify data shape at declared boundaries; they do not constitute a security control against adversarial input. The runtime layer enforces structural guarantees (e.g., raising on invalid field access rather than returning a default), not input sanitisation, authentication, or access control.
  8. Wardline operates within a single process or compilation unit. Inter-service trust, network-level data classification, cross-process taint propagation, and delegation to subprocesses or dynamically loaded modules across process boundaries are outside enforcement scope and require separate governance controls.
  9. Wardline does not address implicit type, encoding, or format coercion beyond default-based coercion (WL-001). Type coercion (float() hiding precision loss), encoding coercion (locale-dependent string operations), and format coercion (date parsing with assumed timezone) are not covered by the current pattern rule set.
  10. Wardline does not make scanner compliance equivalent to institutional understanding. A developer can remove a flagged pattern without understanding why the pattern was dangerous in that context. The framework is designed to structure judgement and make semantic boundaries visible; it is not a substitute for domain understanding, training, or accountable review.