Agents · Early access

    Security invariants, enforced at machine speed

    Meet Terminus

    Coding agents ship code faster than anyone can review it. The Guardrail Engineer writes the security rules your codebase must follow, as invariants, and checks them at pre-commit and on every pull request. When a check fails, the agent sees what broke and fixes it. Nothing merges that breaks an invariant.

    Derived from your environment

    Invariants come from your code, your deployment, and vulnerabilities Konvu has proven exploitable. Not from a generic template.

    Deterministic verdicts

    Same input, same verdict, every run. Seconds per check, regardless of which model wrote the code.

    Enforced, not suggested

    A failing invariant check shows the agent exactly which rule broke and where, so it can rework the code until it holds.

    Fixed stays fixed

    Once Konvu proves and fixes a finding, the invariant makes regression unmergeable.

    The artifact

    The threat model, compiled into rules

    The Guardrail Engineer maintains a threat model of your application: attack surface, trust boundaries, authorization model. It translates it into the invariants the codebase must hold: versioned, executable, bound to real routes and ownership clauses, each carrying its provenance. Not prose in a context file. Rules.

    invariants/access-control/org-scoped-reads.yaml
    # Derived by Konvu Guardrails. Do not edit rationale by hand.
    invariant: org-scoped-reads
    class: broken-access-control
    rule: >
      Every read on Report must be scoped by the
      organization_id of the session principal,
      never by an identifier from request input.
    binds:
      - api/reports/handlers.py (get_report, list_reports)
      - api/middleware/auth.py (require_org_scope)
    derived_from:
      finding: KONVU-2331
      status: reproduced # exploit confirmed 2026-06-14
      fixed_in: a41c2ef
    enforce: [pre-commit, ci, merge-check]
    Pull request #482 · checks

    konvu / invariants · failing

    1 invariant breached: org-scoped-reads

    PATCH /api/reports/:id reads Report without org scope · introduced in 2f8d1c3 · derived from KONVU-2331 (reproduced)

    konvu / invariants · 14 invariants hold

    Deterministic. 3.2s.

    Required check: merging is blocked until invariants hold.

    At the merge boundary

    A required check agents iterate against

    Local hooks can be bypassed; the pull request can't. The Konvu GitHub App evaluates every PR against the invariant set in seconds. The violated invariant and the offending code path land in the PR; agents fix and re-push without a human in the loop.

    In the loop

    Red at pre-commit, before the PR even opens

    The fastest fix happens while the context is hot. Via the pre-commit hook and MCP, agents check invariants as they work: red, read why, fix, commit green. Same session, no review cycle burned.

    agent session · pre-commit
    ▸ agent: git commit -m "add bulk report export"
      konvu ✗ invariant breached: org-scoped-reads
        api/reports/export.py:42 queries Report without org scope
    
    ▸ agent: reading invariant org-scoped-reads…
        derived from KONVU-2331 · exploit reproduced · fixed in a41c2ef
    ▸ agent: scoping export query to session organization
    
    ▸ agent: git commit -m "add bulk report export"
      konvu ✓ 14/14 invariants hold
    threat model → invariants
                    THREAT MODEL
                   attack surface
                  trust boundaries
                 authorization model
    
    
              KONVU GUARDRAILS derives
             invariant: org-scoped-reads
    
    
       ┌──▶︎ commit ──▶︎ checked ──▶︎ ✓ holds ──┐
       │                                     │
       └─────────────────◀︎───────────────────┘
     each derived once, enforced on every change
    Where invariants come from

    From the threat model, and from every proven finding

    Invariants come from two directions. The threat model generates them up front, before any finding exists. Every proven finding adds one more: the Application Security Engineer confirms, the Pentester reproduces, the Remediation Engineer fixes, Konvu Guardrails encodes. Each invariant is derived once, then enforced on every change after.

    Put a guardrail on your coding agents

    The Guardrail Engineer is in early access. Install the Konvu GitHub App, and your first invariants are derived from the findings Konvu has already proven.

    Frequently asked questions