Security invariants, enforced at machine speed
Meet Terminus
Coding agents ship code faster than anyone can review it. The Guardrail Engineer writes the security rules your codebase must follow, as invariants, and checks them at pre-commit and on every pull request. When a check fails, the agent sees what broke and fixes it. Nothing merges that breaks an invariant.
Derived from your environment
Invariants come from your code, your deployment, and vulnerabilities Konvu has proven exploitable. Not from a generic template.
Deterministic verdicts
Same input, same verdict, every run. Seconds per check, regardless of which model wrote the code.
Enforced, not suggested
A failing invariant check shows the agent exactly which rule broke and where, so it can rework the code until it holds.
Fixed stays fixed
Once Konvu proves and fixes a finding, the invariant makes regression unmergeable.
The threat model, compiled into rules
The Guardrail Engineer maintains a threat model of your application: attack surface, trust boundaries, authorization model. It translates it into the invariants the codebase must hold: versioned, executable, bound to real routes and ownership clauses, each carrying its provenance. Not prose in a context file. Rules.
# Derived by Konvu Guardrails. Do not edit rationale by hand.
invariant: org-scoped-reads
class: broken-access-control
rule: >
Every read on Report must be scoped by the
organization_id of the session principal,
never by an identifier from request input.
binds:
- api/reports/handlers.py (get_report, list_reports)
- api/middleware/auth.py (require_org_scope)
derived_from:
finding: KONVU-2331
status: reproduced # exploit confirmed 2026-06-14
fixed_in: a41c2ef
enforce: [pre-commit, ci, merge-check]konvu / invariants · failing
1 invariant breached: org-scoped-reads
PATCH /api/reports/:id reads Report without org scope · introduced in 2f8d1c3 · derived from KONVU-2331 (reproduced)
konvu / invariants · 14 invariants hold
Deterministic. 3.2s.
Required check: merging is blocked until invariants hold.
A required check agents iterate against
Local hooks can be bypassed; the pull request can't. The Konvu GitHub App evaluates every PR against the invariant set in seconds. The violated invariant and the offending code path land in the PR; agents fix and re-push without a human in the loop.
Red at pre-commit, before the PR even opens
The fastest fix happens while the context is hot. Via the pre-commit hook and MCP, agents check invariants as they work: red, read why, fix, commit green. Same session, no review cycle burned.
▸ agent: git commit -m "add bulk report export"
konvu ✗ invariant breached: org-scoped-reads
api/reports/export.py:42 queries Report without org scope
▸ agent: reading invariant org-scoped-reads…
derived from KONVU-2331 · exploit reproduced · fixed in a41c2ef
▸ agent: scoping export query to session organization
▸ agent: git commit -m "add bulk report export"
konvu ✓ 14/14 invariants hold THREAT MODEL
attack surface
trust boundaries
authorization model
│
▼
KONVU GUARDRAILS derives
invariant: org-scoped-reads
│
▼
┌──▶︎ commit ──▶︎ checked ──▶︎ ✓ holds ──┐
│ │
└─────────────────◀︎───────────────────┘
each derived once, enforced on every changeFrom the threat model, and from every proven finding
Invariants come from two directions. The threat model generates them up front, before any finding exists. Every proven finding adds one more: the Application Security Engineer confirms, the Pentester reproduces, the Remediation Engineer fixes, Konvu Guardrails encodes. Each invariant is derived once, then enforced on every change after.