Counts are overlaps across 300 constructed case units, not probabilities. Click category tabs or search by cue, strategy, or keyword.
S0172 / 300 · 24.0%
Party-command anchoring
party center signal → security mandate → bounded implementation
Read every political-protection problem through the formal party line, while recording the boundary between political loyalty and administrative overreach.
Questions, artifact, caution
Diagnostic questions- Which central directive or party priority is actually controlling the decision?
- What administrative body is responsible for implementation?
- What would make the protection logic become personalistic or unlawful?
Likely artifactline-to-mandate note, responsibility matrix, restraint memo
Failure modeTreating political command as unlimited permission creates legitimacy and abuse risk.
S0258 / 300 · 19.3%
Political-risk triage
event / actor / discourse → regime-risk category → response threshold
Separate ideological sensitivity, public-order risk, foreign-policy signal, and ordinary governance failure before escalating.
Questions, artifact, caution
Diagnostic questions- Is the issue political, administrative, criminal, social, or reputational?
- What evidence would justify escalation?
- Who benefits if ordinary grievance is labeled hostile?
Likely artifactrisk-tier sheet, escalation threshold, de-escalation option
Failure modeOver-classification turns normal politics and complaints into security threats.
S0346 / 300 · 15.3%
Loyalty-inspection loop
cadre conduct → political reliability → correction / discipline
Assess whether political-security work is being carried out as institutional duty rather than factional service.
Questions, artifact, caution
Diagnostic questions- Which cadres control the decision?
- Are incentives encouraging exaggeration?
- What independent review checks loyalty claims?
Likely artifactcadre reliability note, inspection question list
Failure modeLoyalty language can conceal factional struggle or personal retaliation.
S0452 / 300 · 17.3%
Center-local signal alignment
central priority + local pressure → implementation variance map
Compare central messages with local enforcement patterns to detect distortion, competition, and selective severity.
Questions, artifact, caution
Diagnostic questions- What did the center say in exact terms?
- How has the locality translated it?
- Where does local performance pressure create excess?
Likely artifactcenter-local variance map, implementation memo
Failure modeLocal officials may amplify security language to solve unrelated performance problems.
S0537 / 300 · 12.3%
Cadre-protection boundary setting
protect leader / institution → define lawful perimeter → preserve public trust
Treat political protection as institutional continuity, not personal immunity from accountability.
Questions, artifact, caution
Diagnostic questions- What is being protected: person, office, meeting, secret, or public order?
- Which protection activity has a legal basis?
- What oversight can review it later?
Likely artifactprotection perimeter note, authority ledger
Failure modeProtection can slide into impunity if accountability channels are blocked.
S0641 / 300 · 13.7%
Sensitive-calendar anticipation
anniversary / congress / visit → risk forecast → proportional readiness
Plan around politically sensitive dates without turning memory, mourning, or criticism into automatic threat categories.
Questions, artifact, caution
Diagnostic questions- Why is this date sensitive?
- What would a proportionate public-order response look like?
- What reaction would create more attention than the original event?
Likely artifactcalendar risk register, proportionality note
Failure modeDate-based security can manufacture the instability it predicts.
S0764 / 300 · 21.3%
政法 coordination map
police + courts + procuratorate + justice + party committee → coordination lane
Map the party-state legal-security bodies involved before assigning responsibility or interpreting an action.
Questions, artifact, caution
Diagnostic questions- Which body owns investigation, prosecution, trial, correction, or political coordination?
- Where does party leadership intersect with legal procedure?
- Who can say no?
Likely artifact政法 coordination chart, institutional lane memo
Failure modeCoordination can become pressure on adjudication if legal independence safeguards are absent.
S0848 / 300 · 16.0%
Law-instrument translation
political objective → statute / regulation / campaign document → implementation lane
Translate slogans into actual legal instruments, then test what the instrument authorizes and what it does not.
Questions, artifact, caution
Diagnostic questions- Which law or regulation is cited?
- Does the cited instrument fit the facts?
- What remedy exists for error?
Likely artifactlegal-instrument table, authority note
Failure modeLegal citation can become decorative if facts and remedies are ignored.
S0933 / 300 · 11.0%
Case-classification caution
ordinary case ? political case ? security case → evidence burden
Force an evidence threshold before classifying a matter as political security or national security.
Questions, artifact, caution
Diagnostic questions- What facts make the case political rather than ordinary?
- What alternative classification is less intrusive?
- What happens to rights after reclassification?
Likely artifactclassification memo, evidence threshold checklist
Failure modeSecurity labels may reduce transparency and procedural protections.
S1045 / 300 · 15.0%
Discipline-law boundary audit
party discipline + state law → boundary / sequence / record
Distinguish party discipline, administrative supervision, criminal law, and intelligence/security procedures.
Questions, artifact, caution
Diagnostic questions- Is this a party discipline issue or a legal case?
- Which procedure comes first?
- What record prevents double punishment or hidden punishment?
Likely artifactdiscipline-law matrix, sequence log
Failure modeBlurring discipline and law can create opaque coercion.
S1142 / 300 · 14.0%
Petition-to-stability fork
petition / grievance → remedy path or stability response
Read petitions and grievances as governance information first; use security framing only when evidence supports it.
Questions, artifact, caution
Diagnostic questions- What concrete harm is the petitioner alleging?
- Which ordinary remedy has failed?
- Would suppressing the complaint worsen legitimacy?
Likely artifactgrievance map, remedy referral, escalation guardrail
Failure modeTreating grievances as disturbances can erase the evidence needed to solve them.
S1269 / 300 · 23.0%
Paper-trail discipline
decision today → review tomorrow → reconstructable record
Preserve enough record for later review by party inspectors, courts, historians, or public accountability processes.
Questions, artifact, caution
Diagnostic questions- Who made the decision?
- What evidence did they rely on?
- Which dissent or caveat was recorded?
Likely artifactdecision log, notification record, dissent note
Failure modeA missing record often indicates either poor governance or deliberate deniability.
S1354 / 300 · 18.0%
Threat-narrative validation
threat claim → source motive → independent corroboration
Treat every political-security claim as a hypothesis, not a conclusion, until independent evidence supports it.
Questions, artifact, caution
Diagnostic questions- Who is making the claim and why?
- What independent trace supports it?
- What would disprove the claim?
Likely artifactthreat-validation sheet, corroboration table
Failure modeThreat narratives can become self-confirming once institutions are rewarded for finding threats.
S1447 / 300 · 15.7%
Foreign-influence hypothesis control
foreign link claim → evidence test → proportional policy response
Analyze foreign-influence allegations without collapsing foreign contact, dissent, civil society, and espionage into one bucket.
Questions, artifact, caution
Diagnostic questions- What is the alleged foreign connection?
- Is influence, funding, coordination, espionage, or speech being alleged?
- What response is proportionate to the evidence?
Likely artifactinfluence hypothesis memo, evidence ladder
Failure modeVague foreign-influence claims can delegitimize lawful association or criticism.
S1539 / 300 · 13.0%
Counterespionage public-communications discipline
secret investigation + public warning → credibility / panic balance
Use public warnings about espionage or security risk as civic education, not as unverified panic messaging.
Questions, artifact, caution
Diagnostic questions- What can be said publicly without compromising facts?
- Does the message educate or merely mobilize suspicion?
- How will false positives be corrected?
Likely artifactpublic-warning review, credibility note
Failure modeOverheated warnings can normalize suspicion and damage trust.
S1644 / 300 · 14.7%
Cyber/data-security escalation gate
data event → technical facts → national-security threshold
Require a technical fact base before escalating a cyber, data, or platform issue to political security.
Questions, artifact, caution
Diagnostic questions- What systems or data are actually involved?
- What is technical failure versus hostile action?
- What evidence supports national-security treatment?
Likely artifacttechnical fact sheet, escalation gate, incident chronology
Failure modeCyber language can inflate bureaucratic power when technical evidence is weak.
S1735 / 300 · 11.7%
Reporting-chain integrity
local report → provincial filter → central picture
Test whether security reports are being distorted as they rise through the hierarchy.
Questions, artifact, caution
Diagnostic questions- What was changed between field report and summary?
- Which bad news disappeared?
- Who is incentivized to exaggerate stability or threat?
Likely artifactreport-drift comparison, caveat register
Failure modeUpward reporting often filters out ambiguity and policy failure.
S1832 / 300 · 10.7%
Rumor and deception skepticism
rumor / viral claim / informant report → verification clock
Slow down before acting on rumors, denunciations, or viral claims that can trigger coercive response.
Questions, artifact, caution
Diagnostic questions- What is the origin of the claim?
- Has it been independently verified?
- What harm follows from acting too soon?
Likely artifactrumor-verification log, false-positive review
Failure modeSecurity systems can be weaponized by informants, rivals, and rumor cascades.
S1961 / 300 · 20.3%
Early-warning without overreach
social tension → warning indicators → remedy-first response
Use early warning to identify unresolved social problems, not merely to pre-position coercion.
Questions, artifact, caution
Diagnostic questions- What underlying grievance is visible?
- Which remedy would reduce risk?
- What response would escalate resentment?
Likely artifactearly-warning memo, root-cause register
Failure modeWarning systems become repressive when they ignore remedies.
S2055 / 300 · 18.3%
Grievance root-cause fork
incident → economic / legal / social / political cause map
Fork the analysis before choosing a security response: many apparent security issues start as governance failures.
Questions, artifact, caution
Diagnostic questions- What concrete problem started the incident?
- Which agency can solve it without coercion?
- What does public anger reveal about institutional trust?
Likely artifactroot-cause map, remedy owner list
Failure modeSecurity treatment of non-security failures preserves the cause.
S2153 / 300 · 17.7%
Local coercion-risk audit
local pressure + security tools → abuse-risk forecast
Audit where local officials may use political-security language to suppress critics, petitioners, workers, or rivals.
Questions, artifact, caution
Diagnostic questions- Who gains locally from escalation?
- What less intrusive response exists?
- How can abuse be reported safely?
Likely artifactcoercion-risk memo, local incentive map
Failure modeLocal discretion can turn policy into arbitrary control.
S2249 / 300 · 16.3%
Public-order proportionality lens
crowd / event / protest → harm threshold → least-intrusive response
Frame public order as harm reduction, rights preservation, and de-escalation rather than automatic suppression.
Questions, artifact, caution
Diagnostic questions- What concrete harm is likely?
- What response protects people with least intrusion?
- How will mistakes be reviewed?
Likely artifactproportionality review, de-escalation plan
Failure modeDisproportionate responses can create the disorder they claim to prevent.
S2336 / 300 · 12.0%
Mass-organization interface
party organs + unions + neighborhood committees → social information loop
Study how formal mass organizations and grassroots committees convert social problems into political-security signals.
Questions, artifact, caution
Diagnostic questions- Who hears the problem first?
- Does the channel solve, report, or suppress?
- What voices are missing from the loop?
Likely artifactgrassroots channel map, voice-gap note
Failure modeDense reporting networks can flatten society into risk categories.
S2438 / 300 · 12.7%
Crisis-communications containment
incident + information vacuum → credible timeline → rumor control
Fill information vacuums with verified, time-stamped facts instead of relying on censorship or denial.
Questions, artifact, caution
Diagnostic questions- What facts are known now?
- What is not yet known?
- Who will be trusted to communicate?
Likely artifactincident timeline, public facts log
Failure modeInformation control without credibility feeds rumor and distrust.
S2557 / 300 · 19.0%
Political-legal cadre formation
training + doctrine + professional skill → enforceable norms
Read cadre training as the place where political loyalty, legal technique, public order, and technology are fused.
Questions, artifact, caution
Diagnostic questions- What capabilities are being taught?
- What safeguards accompany them?
- How are errors punished or corrected?
Likely artifacttraining curriculum map, safeguards note
Failure modeProfessionalization can increase capacity faster than accountability.
S2651 / 300 · 17.0%
Cross-agency convening power
party committee + agencies → convening agenda → unified action
Analyze who convenes the security apparatus and how the agenda shapes agency behavior.
Questions, artifact, caution
Diagnostic questions- Who called the meeting?
- What outcome was pre-decided?
- Which agency concerns were overridden?
Likely artifactmeeting-agenda analysis, agency-position table
Failure modeConvening power can hide coercive consensus under procedural unity.
S2743 / 300 · 14.3%
Technology-adoption governance
new tool → data source → rule of use → review
Evaluate surveillance, analytics, and digital-platform tools through governance and rights questions, not only efficiency.
Questions, artifact, caution
Diagnostic questions- What data feeds the tool?
- Who can access outputs?
- How are errors corrected?
Likely artifacttechnology governance note, access log, error-review plan
Failure modeAutomated tools can scale bias, secrecy, and false positives.
S2834 / 300 · 11.3%
Security-budget growth check
budget expansion → capability → accountability burden
Treat growth of political-security capability as increasing the need for review, audit, and public justification.
Questions, artifact, caution
Diagnostic questions- What new capability is being funded?
- What threat or need justifies it?
- What oversight grows at the same time?
Likely artifactbudget-capability ledger, oversight parity note
Failure modeSecurity budgets can become self-justifying institutions.
S2931 / 300 · 10.3%
Secret/published line split
classified claim + public slogan → two-level reading
Separate internal security logic from public political language to avoid mistaking slogans for evidence.
Questions, artifact, caution
Diagnostic questions- What is public messaging?
- What is the internal decision logic?
- Where do the two diverge?
Likely artifactpublic/internal line comparison
Failure modePublic slogans can mask ambiguous evidence or bureaucratic uncertainty.
S3076 / 300 · 25.3%
Rights-and-legitimacy pre-mortem
security success scenario + rights cost + public memory
Before action, write the history-book chapter about rights costs, wrongful targeting, and political backlash.
Questions, artifact, caution
Diagnostic questions- Who could be wrongly harmed?
- What grievance will survive the operation?
- What would make the action indefensible later?
Likely artifactlegitimacy pre-mortem, rights-impact note
Failure modeSecurity success can still be institutional failure if legitimacy is destroyed.
S3171 / 300 · 23.7%
Exposure reconstruction test
if exposed tomorrow → evidence + authority + remedy
Ask whether the decision can be defended with records, authority, evidence, and correction mechanisms after exposure.
Questions, artifact, caution
Diagnostic questions- What would an investigator ask first?
- Which record proves authority?
- What remedy exists for the harmed party?
Likely artifactexposure file, investigator-question list
Failure modeIf a decision cannot survive reconstruction, it probably should not proceed.
S3283 / 300 · 27.7%
Over-securitization warning
governance problem → security frame → institutional dependency
Detect when political security becomes the default lens for economic, cultural, legal, or social problems.
Questions, artifact, caution
Diagnostic questions- What non-security explanation fits?
- Who gains power from security framing?
- What capability becomes permanent after the crisis?
Likely artifactover-securitization audit, off-ramp memo
Failure modeThe broadest security system eventually treats ordinary society as its object.
S3380 / 300 · 26.7%
Policy-security firewall
analysis / protection / enforcement / propaganda → separated roles
Keep diagnosis, political protection, enforcement, propaganda, and adjudication visibly distinct.
Questions, artifact, caution
Diagnostic questions- Who is analyzing and who is enforcing?
- Is propaganda shaping the evidence?
- Can legal process resist political pressure?
Likely artifactrole-separation chart, firewall note
Failure modeWhen all roles merge, security analysis becomes political obedience.