Security gate before merge

Security-gate a diff with 3 orthogonal lenses + adversarial refute

Gate a sensitive merge when orthogonal security expertise and adversarial refutation are required.

• · diff ref (PR URL/branch/path)
• · surface area (auth/payment/pii/rbac)
• · project root

• · pass/block decision + structured finding list (title/severity/file/line/rationale)

• · git (diff parsing)

• · diff accessible (URL or local file)
• · three agents available (Ira/Joab/Hushai)
• · OWASP threat model context

• · finding refuted by 2 of 3 (dropped)
• · severity downgraded after refute
• · false positive high/critical finding blocks merge

• · 3-vote consensus pattern (2-of-3 refutation)
• · structured finding schema
• · severity calibrated by refute phase