YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Semantic Firewall - Gate 2: Logic Intent Scanner
LLM-powered PR security reviewer that catches authentication bypass vulnerabilities that unit tests miss.
Mission
Every PR opened by an AI agent passes through Gate 2. The system analyzes the full git diff for security logic changes.
Core Actions
analyze_diff- Pattern pre-filter + LLM deep analysisgenerate_adversarial_tests- Exploit test generation with phantom-validation detectiontrigger_war_room- Auto-convene on score >= 7allow_pr- Merge gate after resolutionshadow_deploy- Isolated validation environment
Demo: Beat 5
PR diff removes requiresAuth() from /admin/users:
- requiresAuth(),
async (req, res) => {
Gate 2 scores: 8/10 -> "Authentication bypass: endpoint /admin/users now returns data to unauthenticated callers."
Threshold 7 crossed -> War Room auto-convened with security-lead, identity-team, CTO.
Detection Rate
| Metric | Before | After Training |
|---|---|---|
| Auth bypass caught | ~5% | ~70%+ |
| War Room triggered | -- | Auto on score >=7 |
| False positive rate | -- | ~14% |
Reward Breakdown
| Action | Reward |
|---|---|
| Auth bypass caught | +70 |
| War Room triggered | +60 |
| Score < threshold (correct clear) | +40 |
| False War Room call | -20 |
Failure Modes Guarded Against
- LLM returns non-JSON -> parse fallback scores 5/10, War Room not triggered
- Context window too small -> diff truncation preserves removed lines
- Adversarial tests phantom validation -> explicit phantom risk annotation per test
Files
gate2_security_reviewer/analyzer.py- Core diff analysis & LLM pipelinegate2_security_reviewer/war_room.py- War Room orchestrationgate2_security_reviewer/adversarial.py- Adversarial test generationgate2_security_reviewer/training.py- Synthetic data & training pipelinegate2_security_reviewer/evaluator.py- Novel pattern evaluationapp.py- Gradio demo interfacedemo_beat5.py- Standalone Beat 5 demotraining_data.jsonl- 1,200 synthetic training examples
Usage
from gate2_security_reviewer.analyzer import DiffAnalyzer
from gate2_security_reviewer.war_room import WarRoomOrchestrator
analyzer = DiffAnalyzer()
review = analyzer.analyze_diff(diff_text, pr_id="PR-1042")
war_room = WarRoomOrchestrator(threshold=7)
event = war_room.evaluate(review)
Citation
Based on:
- OpenVul (2026): SFT->GRPO pipeline for vulnerability detection
- SWE-PRBench (2026): LLM-as-judge for PR diff review
- VulInstruct (2025): Specification-guided reasoning
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support