{
  "id": "opencmis-warning-policy",
  "description": "Warning classification policy for local OpenCMIS TCK preparation runs.",
  "warning_policies": [
    {
      "id": "local-loopback-http-transport",
      "match": {
        "message_contains": "HTTPS is not used",
        "source_location": {
          "file": "SecurityTest.java"
        }
      },
      "accepted_when": {
        "scheme": "http",
        "host_scope": "loopback",
        "environments": [
          "local",
          "test",
          "development"
        ]
      },
      "classification": "accepted_local_loopback_transport",
      "severity": "info",
      "reason": "OpenCMIS warns about HTTP credentials. This is acceptable for explicit loopback-only local runs and must not be used as a deployment-release claim.",
      "unaccepted_classification": "deployment_transport_blocker",
      "unaccepted_severity": "blocker",
      "unaccepted_reason": "OpenCMIS reported plain HTTP outside the accepted local loopback boundary. Use HTTPS termination or an explicit approved waiver for deployment-like targets."
    },
    {
      "id": "opencmis-inmemory-thin-client-uri",
      "match": {
        "message_contains": "Thin client URI is not set",
        "source_location": {
          "file": "RepositoryInfoTest.java"
        }
      },
      "accepted_when": {
        "target_profile_refs": [
          "opencmis-inmemory-local"
        ],
        "environments": [
          "local",
          "test"
        ]
      },
      "classification": "accepted_inmemory_self_test_limitation",
      "severity": "info",
      "reason": "The Apache Chemistry in-memory server is a local extension smoke target. Missing thinClientURI is a target-specific self-test limitation, not a guide-board extension defect.",
      "unaccepted_classification": "repository_info_warning",
      "unaccepted_severity": "warning",
      "unaccepted_reason": "A non-in-memory target should expose or intentionally document its thin client URI behavior."
    }
  ]
}