docs(compliance): bundle stance declarations #220 + #225 + #226

[Knapp-Kevin]

Summary

Three compliance-posture stance declarations bundled. Closes:

• [compliance:OWASP-LLM-07] MCP host UX is external dependency, not security gate (gap MCP-01) #220 (MCP-01 / OWASP LLM-07) — MCP host UX dependency declaration
• [compliance:NIST AI RMF MAP-3.1, EU AI Act] Prohibited-uses declaration (gap NIST-RMF-01 + AI-ACT-02 fold) #225 (NIST-RMF-01 + AI-ACT-02 fold) — intended purpose + prohibited uses (NIST AI RMF MAP-3.1 + EU AI Act Annex III)
• [compliance:SOC 2 A] Declare availability stance — local-install vs hosted (gap SOC2-02) #226 (SOC2-02) — availability stance (operator-run-only)

Plan / Audit

• Plan: plan-D-compliance-stance-docs-220-225-226.md
• Audit: round 1 PASS (L1, pure-doc; positive A04 contribution at the policy layer)

What ships

File	Closes	Surface
docs/policies/host-trust-model.md	#220	server-side guarantees vs host-side surfaces; per-host operator checklist (Claude Code / Cursor / Codex / generic)
docs/policies/acceptable-use.md	#225	intended purpose + 4 prohibited-use categories + cross-framework mapping table
docs/sla.md	#226	operator-run-only active commitment + future-hosted-tier activation requirements (locks the upgrade path)
README.md	(cross-reference)	new "Compliance posture" section linking all 3 policy docs + research brief
docs/research-brief-compliance-audit-2026-05-06.md	(gap closures)	"Status (2026-05-06): Closed by ..." pointers on MCP-01, NIST-RMF-01, AI-ACT-02, SOC2-02
tests/test_compliance_policy_docs.py	—	5 functional content-contract tests

Test plan

• 5 content-contract tests pass
• No code surface change; full regression unaffected
• ruff check + ruff format --check clean (no Python file changes)
• All 4 gap IDs cross-referenced bidirectionally (gap → policy doc; policy doc → gap)

Doctrine interpretation locked

For markdown policy artifacts, the test-functionality acceptance question resolves: the unit IS the document content; read_text() + assert "<commitment>" in content is genuine unit invocation per qor/references/doctrine-test-functionality.md. The doctrine's <substring> in <file_text> flag applies only when the substring is a proxy for testing a SEPARATE unit; here the doc IS the unit, so the file-read is genuine invocation.

Disjoint from in-flight PRs

This PR's surface (docs/policies/, docs/sla.md, README addition, research brief edits, new test file) is fully disjoint from #237 (cosign + SBOM), #238 (ingest middleware bundle), and #239 (preflight regex) — no merge conflict risk.

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c38f5fbf-7028-4502-849e-da247fccca00

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 220-225-226-compliance-stance-docs-bundle

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}