Scope Map
Parse a scope note into structured review rules: in/out of scope, severity conditions, trusted and dependency assumptions, known and accepted issues, invariants, focus areas, and do-not-waste-time filters.
Scope-aware orchestration (v7)
Audit scope becomes lanes, tasks, evidence, and filters.
V4 maps value flow, V5 prioritizes likely blind spots, V6 classifies evidence and unresolved interactions, and V7 turns audit scope into review lanes, task packs, evidence requirements, and report filters so AI-assisted security review starts from rules and evidence instead of vague prompts.
Scope-Aware Review Lanes
Select generic review lanes only when a repository surface or the scope makes them relevant, each with priority, targets, hypotheses, required evidence, and a stop condition.
Scope-Aware Tasks
Turn lanes into precise, bounded, testable tasks with a hypothesis, counterfactual, setup, action, required assertions, and a report-candidate threshold.
Evidence Judge
Grade whether a local test actually proves the intended task on a transparent rubric, with an evidence quality and a judgment.
Report Filter / Scope Pack
Classify candidates against the scope before submission, and bundle everything into a complete local pack.
Run it
One pack, ready for a reviewer or an AI agent.
arkheionx scope-pack examples/scope-fixture \
--scope-file examples/scope-fixture/scope-note.md \
--out .arkheionx/scope-packBoundary
Planning artifacts, not findings.
A scope map, review lane, or scope task is a planning artifact, not a finding. Evidence
quality is not vulnerability validity. Candidate-with-evidence is not a confirmed
vulnerability. A report candidate is not final triage. ArkheionX does not confirm
vulnerabilities or replace an audit. See docs/SCOPE_ORCHESTRATION.md.