Security & governance

Worst case is a rejected pull request.

Governance isn’t a slide here — it’s the first thing that was built, and every other subsystem runs inside it. Built for the question a CISO actually asks: what’s the worst that can happen?

The controls

Secrets can't leak

The vault is the only writer of secret values — 0600 files outside the checkout, shredded on rotation. Tokens never touch Jira, logs, or commits. The secret-scan gate blocks committed credentials; it has refused a reviewer's request to hardcode an API key, live.

Prompt injection, neutralized

An ingress firewall screens every inbound human or web reply — pasted secrets are quarantined and injection patterns neutralized before any model sees them. Gate verdicts are deterministic code an injected prompt cannot vote on.

Blast radius = a rejected PR

No direct-to-main, ever. Everything ships through PRs behind branch protection, peer review, and the gate chain. Per-bot least-privilege tokens scope each bot to its repos. One click on the kill switch stops the fleet.

Database safe-fail

Deep-verify blocks irreversible migrations before they ship; risky changes must carry a reversibility plan or they don't merge. In a live run, a seed script containing DROP TABLE was held for human sign-off.

Attributable & replayable

Every action is hash-chained with the actor's identity — which bot, which gate, which approval. Alter one record and every hash after it breaks. Incident forensics and SOC 2 evidence are the same artifact.

Isolation & escalation

Per-tenant state, policy, keys, and kill switch. Control-plane API keys are stored hash-only. Money-moving, irreversible, or cross-team actions hit a hard escalation contract — a human signs, or it doesn't happen.

Tamper-evident audit

Every action, hash-chained.

Each record commits to the one before it. Change any past decision and every subsequent hash breaks — so the log is either intact or provably altered. Optionally HMAC-signed, and exportable for SOC 2.

  • 03:05:12toorunt-sam plan_approved#9f3a1c
  • 03:05:04founder approve_prd#1b77e0
  • 03:04:51toorunt-sam tests_green#c40d92
  • 03:04:39toorunt-tyler peer_review:approve#77a5f1
  • 03:04:22toorunt-sam secret_scan:clean#2e9b04
  • 03:04:08toorunt-sam merge:verified-green#b81c6d
  • 03:03:55toorunt-sam watchdog:armed#5d2af8
  • 03:03:40founder kill_switch:off#0ac913
  • 03:05:12toorunt-sam plan_approved#9f3a1c
  • 03:05:04founder approve_prd#1b77e0
  • 03:04:51toorunt-sam tests_green#c40d92
  • 03:04:39toorunt-tyler peer_review:approve#77a5f1
  • 03:04:22toorunt-sam secret_scan:clean#2e9b04
  • 03:04:08toorunt-sam merge:verified-green#b81c6d
  • 03:03:55toorunt-sam watchdog:armed#5d2af8
  • 03:03:40founder kill_switch:off#0ac913
The 14 gates

What every change passes before it can merge.

01

Right repository

resolves the target repo from the ticket — curated registry or semantic match

02

Requirements understood

no material ambiguity — clarifies with a human before building, never guesses

03

Dependencies built first

nothing this change depends on is missing; parks and resumes if it is

04

Plan approvedhuman

the plan is posted to Jira and waits — it never writes code before a human sees it

05

Novelty calibration

routine work ships; unfamiliar territory forces extra deliberation and a human merge

06

Rework until shippable

when a gate pushes back, it improves the change and re-runs — it doesn't give up

07

Tests green

the change's own suite passes; for a bug, a red→green reproduction proves the fix

08

Code quality

0 findings — no leaks, deadlocks, bug patterns, or injections

09

Every change is tested

each changed file has covering tests; missing ones are written before the PR

10

No secrets in the code

scanned for live credential values and secret patterns: clean

11

Risk & confidence

scores risk and confidence; anything past the cap escalates to a human

12

Independent reviewhuman

a second agent reviews a 7-point checklist; a human reviewer signs the PR

13

Merged

merges only on verified-green tests, CI, no conflicts, and review approval

14

Watched after merge

watches CI and production after merge; raises a revert alert if it regresses

See it on a real ticket.

Every ticket carries its own chain — pass, waiting, or skip, each with the evidence a non-expert can read. Nothing merges around it.

app.toorunt.ai/tickets/SCRUM-307
Toorunt AI gate chain — the 14 checks a change passes before it can merge, each with its evidence

For security teams

Bring the questions. We built for them.

SOC 2 Type I on the roadmap, pen test scheduled, zero-retention model terms. Book a security review.