Rule engine owns verdict
Findings, severity, category scores, safety score, attack paths, patch previews, and gate decisions are generated by backend logic.
The security verdict is deterministic. Gemini explains results only after rule-based scanning creates findings, severity, scores, patch previews, attack paths, and deployment gate decisions.
GitHub ZIP, uploaded ZIP, or demo agent files are read as text only.
Rule modules detect agent-specific risks and produce stable finding IDs.
The backend generates Prove Mode paths, patch previews, and a deployment gate decision.
Gemini summarizes the deterministic result. It does not decide the verdict.
Frontend shows score, risk panels, findings, patches, DAP, and export actions.
Findings, severity, category scores, safety score, attack paths, patch previews, and gate decisions are generated by backend logic.
Gemini writes compact summaries and DAP answers grounded in the report. It does not invent findings or change scores.
GitHub repositories and ZIP files are safely extracted, limited, read as text, and never executed by the scanner.
The overall safety score is higher when the agent is safer. Category scores are risk scores, so higher means worse in that specific area.
The gate uses safety score, critical findings, secret exposure, unsafe high-impact tools, and missing approval gates to decide if a repo should move forward.