ProPartial execution

Security Review Support

Security Review Support builds on Avorelo's secret boundary, redaction policy, prompt-injection defenses, and proof adapters for security-oriented review tasks. It is real and test-backed, but it remains intentionally bounded.

Current truth

PARTIAL_EXECUTION

Primary evidence

src/avorelo/capabilities/secret-boundary/index.ts and src/avorelo/kernel/tool-adapters/adapters/semgrep.ts

Runtime surface

Redacted receipts, runtime-session proof metadata, blocked unsafe actions, semgrep proof summaries where supported.

Tests

tests/secret-boundary.test.ts, tests/proof-adapter-pack.test.ts, tests/real-tool-execution.test.ts

What exists today

Avorelo detects fake secrets, redacts raw values before persistence, blocks unsafe runs, records proof metadata for security-scan flows, and routes high-risk auth or security tasks away from casual delegated execution.

Claim boundary

This is not a penetration testing service and not a full professional security audit. Avorelo flags patterns, protects boundaries, and produces bounded proof. It does not guarantee zero leaks or zero vulnerabilities.

What it does not do

It does not replace a human security reviewer, does not silently run destructive security tooling, and does not claim live external-system validation without an explicit, separately approved execution path.