PATTERN Cited by 1 source

Advisory over blocking

Definition

Advisory over blocking is a design principle for automated review systems: default findings to advisory (informational, non-blocking) with full traceability back to the source requirement, and reserve blocking enforcement only for confirmed, high-confidence gaps between approved designs and implementation.

Rationale

"False positives destroy trust faster than true positives build it." — Dropbox security team (Source: sources/2026-06-12-dropbox-mcp-dash-design-to-code-security)

Automated systems that block developer workflows on uncertain findings train developers to ignore or circumvent them. The trust cost of one false block exceeds the trust gain of several true catches. By defaulting to advisory:

• Developers engage with findings rather than dismissing them.
• The system builds credibility over time as true-positive rate proves out.
• Escalation to blocking is reserved for cases where confidence is high and the gap is confirmed.

Design requirements

1. Every finding must be validated against actual code before reaching a developer.
2. Every finding must be traceable to a specific requirement and source document — reviewers can verify the reasoning themselves.
3. Escalation criteria must be explicit — what constitutes a "confirmed gap" vs a "potential concern."
4. Stale context must be accounted for — requirements evolve; outdated guidance should not trigger blocking findings.

Seen in

• sources/2026-06-12-dropbox-mcp-dash-design-to-code-security — explicit design principle for Dropbox's security review agent: advisory by default, blocking reserved for confirmed gaps.