potentially-reportable
A local test gives candidate-with-evidence support. Still requires human review; still not final triage.
Report filter (v7)
Filter candidates against scope before you submit.
arkheionx report-filter classifies each report candidate against the scope
rules — known issues, accepted risks, trusted-role assumptions, out-of-scope areas,
low-only patterns, and duplicate-prone classes — and surfaces a human pre-submission
checklist. It stops a researcher from spending a submission on an invalid or duplicate
report. It is not final triage.
needs-more-evidence
No strong local evidence yet. Write the local test before considering a report.
duplicate-prone
A common bug class many researchers test. Differentiate the impact path before submitting.
likely-known-issue / accepted-risk
Matches a known issue or accepted risk in the scope.
likely-trusted-role-assumption
Depends on a trusted role the scope marks valid. Only report a path that does not rely on trusted-role misbehaviour.
likely-out-of-scope / low-only
Out of scope, or below the scope's Medium/High impact bar.
Run it
Scope-aware classification, locally.
arkheionx report-filter . --scope-file scope.md
arkheionx report-filter . --scope-file scope.md --json
arkheionx report-filter . --scope-file scope.md --out .arkheionx/report-filterBoundary
A pre-submission aid, not final triage.
The report filter does not decide what is valid; it helps a human avoid wasted or invalid
submissions. Every candidate still requires human review and an independent local
proof-of-concept. ArkheionX does not confirm vulnerabilities or assign severity. See
docs/REPORT_FILTER.md.