YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

Semantic Firewall - Gate 2: Logic Intent Scanner

LLM-powered PR security reviewer that catches authentication bypass vulnerabilities that unit tests miss.

Mission

Every PR opened by an AI agent passes through Gate 2. The system analyzes the full git diff for security logic changes.

Core Actions

  • analyze_diff - Pattern pre-filter + LLM deep analysis
  • generate_adversarial_tests - Exploit test generation with phantom-validation detection
  • trigger_war_room - Auto-convene on score >= 7
  • allow_pr - Merge gate after resolution
  • shadow_deploy - Isolated validation environment

Demo: Beat 5

PR diff removes requiresAuth() from /admin/users:

-  requiresAuth(),
   async (req, res) => {

Gate 2 scores: 8/10 -> "Authentication bypass: endpoint /admin/users now returns data to unauthenticated callers."

Threshold 7 crossed -> War Room auto-convened with security-lead, identity-team, CTO.

Detection Rate

Metric Before After Training
Auth bypass caught ~5% ~70%+
War Room triggered -- Auto on score >=7
False positive rate -- ~14%

Reward Breakdown

Action Reward
Auth bypass caught +70
War Room triggered +60
Score < threshold (correct clear) +40
False War Room call -20

Failure Modes Guarded Against

  1. LLM returns non-JSON -> parse fallback scores 5/10, War Room not triggered
  2. Context window too small -> diff truncation preserves removed lines
  3. Adversarial tests phantom validation -> explicit phantom risk annotation per test

Files

  • gate2_security_reviewer/analyzer.py - Core diff analysis & LLM pipeline
  • gate2_security_reviewer/war_room.py - War Room orchestration
  • gate2_security_reviewer/adversarial.py - Adversarial test generation
  • gate2_security_reviewer/training.py - Synthetic data & training pipeline
  • gate2_security_reviewer/evaluator.py - Novel pattern evaluation
  • app.py - Gradio demo interface
  • demo_beat5.py - Standalone Beat 5 demo
  • training_data.jsonl - 1,200 synthetic training examples

Usage

from gate2_security_reviewer.analyzer import DiffAnalyzer
from gate2_security_reviewer.war_room import WarRoomOrchestrator

analyzer = DiffAnalyzer()
review = analyzer.analyze_diff(diff_text, pr_id="PR-1042")

war_room = WarRoomOrchestrator(threshold=7)
event = war_room.evaluate(review)

Citation

Based on:

  • OpenVul (2026): SFT->GRPO pipeline for vulnerability detection
  • SWE-PRBench (2026): LLM-as-judge for PR diff review
  • VulInstruct (2025): Specification-guided reasoning
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support