# #1539 capability — prose Steps 2.1/2.3/3: security readiness reviewer.
apiVersion: flow.aiwg.io/v1
kind: FlowCapability
metadata:
  name: gatechk-review-security
  labels: { domain: quality-gate }
spec:
  description: >-
    Validate security readiness for the gate — data classification, threat
    assessment, compliance requirements, and (for IOC / security gates) SAST/DAST
    results, dependency and secret scans, OWASP compliance. Pass criteria: no
    High/Critical without accepted risk. Report READY | GAPS | BLOCKED or
    PASS | FAIL with remediation (flow-gate-check Steps 2.1, 2.3, and 3 security gate).
  version: "1.0.0"
  inputs:
    - { name: gate_type, type: string, required: true }
  outputs:
    - { name: review, type: string }
    - { name: readiness, type: string }
  agent: security-architect
  idempotent: true
