Ethen SecurityLive

Security review with visible evidence.

Review code, findings, and security workflows defensively. Keep evidence, triage notes, approvals, and audit trails visible so model-assisted analysis stays reviewable. The emphasis is defensive: understand the issue, capture the evidence, note the uncertainty, propose remediation, and keep human review in charge. It is meant to help security-minded teams work with more structure, not to make offensive claims or replace the judgment required for real security decisions.

ethen://console/sentinel
Triage Inbox (Authorized Scope)
SQL Injection (CWE-89)Critical

File: src/auth.ts:4. Source-sink taint path verified.

Hardcoded Secret (CWE-798)High

File: config/db.ts:12. Suppressed: Staging environment only.

XSS vulnerability (CWE-79)Medium

File: views/index.ejs:45. Marked as false positive.

Taint Source-Sink Graph
Source: req.body.username
Sanitization: None
Sink: db.query()

Taint flow validated through AST search analyzer.

Safe Validation SandboxDocker Isolation Active
$ docker run --rm -v $(pwd):/workspace ethen/sentinel-sandbox:latest
[sentinel] Mounting workspace in read-only environment...
[sentinel] Spawning scanner execution with restricted profile...
[finding-verify] auth.ts line 4 vulnerability REPRODUCED.
[sandbox] Verification complete. Evidence artifact signed: sha256_e3b0...

Ethen Security is a defensive review surface for security work that needs evidence and human judgment.

Security review should not feel like a black box. Ethen Security helps organize model-assisted analysis into findings, evidence, severity notes, remediation ideas, approval points, and review history. It is designed for defensive workflows and human-led decision-making, not offensive exploitation or guaranteed discovery. That structure is useful for code review, triage, remediation planning, and policy-aware follow-up where teams need more than a one-line alert.

defensive code reviewfindingsevidenceapprovalrepository reviewaudit trailsecurity workflow visibilityhuman review

Why it exists

Security findings need receipts.

A security note without evidence is hard to trust. A model answer without review is risky. Ethen Security exists to make defensive analysis easier to inspect: what was reviewed, what was found, why it matters, what evidence supports it, and what should happen next. Security work becomes risky when findings are vague, unsupported, or detached from the code and workflow they came from. Ethen Security exists to keep defensive analysis grounded in the evidence the reviewer can actually inspect.

  • Review repositories and code changes for defensive security concerns. A finding should point to source material, not only to a conclusion.
  • Turn possible issues into findings with evidence and uncertainty noted. Triage matters because not every issue has the same severity or confidence.
  • Separate triage, remediation planning, approval, and final action. Remediation guidance is stronger when it stays tied to the original review context.
  • Keep audit-friendly history attached to the workspace. Approvals matter because security recommendations still need human ownership before action.

What you can do

What could you review?

Use Ethen Security for defensive review workflows that need findings, evidence, triage, and human approval. The page stays focused on defensive review. It should help teams organize what was inspected, what appears risky, what remains uncertain, and what should happen next.

Review a diff

Prompt

Review this authentication diff defensively. Identify risky assumptions, missing checks, and evidence for each finding.

Result

A security review with findings, supporting evidence, uncertainty, suggested remediation direction, and approval needs. The result should cite the relevant code path or workflow evidence that raised the concern.

Triage findings

Prompt

Organize these security notes into severity, affected area, evidence, owner, and next review step.

Result

A triage table that makes each finding easier to review and prioritize. A good review should separate likely issues from speculative ones.

Prepare remediation

Prompt

Draft a remediation plan for these defensive findings. Keep the plan reviewable and avoid exploit details.

Result

A safe remediation brief with scope, dependencies, validation needs, and human review checkpoints. Remediation output should explain tradeoffs and validation needs before changes are made.

Create an audit trail

Prompt

Summarize what was reviewed, what evidence was collected, what decisions were made, and what still needs approval.

Result

A workspace history record that captures review scope, findings, evidence, decisions, and unresolved items. The review should highlight where a human security decision is required.

Example workspace

A repository review becomes a triage-ready report.

Scenario

A team wants a defensive review of a new authentication flow before it reaches production. They want a defensive pass that helps the team think more clearly before release.

Security workspace · defensive code review

workspace prompt

Review this authentication flow defensively. Identify possible security findings, attach evidence, note uncertainty, and prepare a remediation review brief. Attach the evidence, note uncertainty, avoid overstating confidence, and prepare the remediation path for human review.

Execution steps

  1. 1Defines the review scope, files, workflow boundaries, and non-goals. So the analysis starts from actual source material.
  2. 2Reads the code and identifies possible defensive security findings. Findings should carry confidence and severity notes, not only labels.
  3. 3Attaches evidence to each finding and separates confirmed issues from questions. Evidence should remain connected to the issue.
  4. 4Suggests remediation direction without providing offensive exploitation guidance. Remediation should be reviewable before implementation begins.
  5. 5Prepares a triage-ready brief with approvals, owners, and validation needs. That makes the security pass easier to discuss with engineering.

Core Workflows

Core security workflows

Ethen Security is built for defensive review: evidence first, human judgment always, and clear boundaries around sensitive actions. It helps teams do defensive work with clearer evidence, calmer triage, and a stronger review trail.

Defensive code review

Review code changes for risky assumptions, missing checks, unsafe defaults, and unclear security boundaries. Repository review matters because many issues start as design or implementation decisions.

Finding organization

Turn scattered notes into structured findings with title, scope, evidence, uncertainty, severity notes, and owner fields. Triage helps the team understand what needs action first.

Evidence capture

Keep references to files, snippets, logs, test notes, and decisions attached to each finding. Evidence-first review makes findings easier to trust.

Triage support

Group findings by affected area, potential impact, confidence, remediation path, and next review step. Remediation planning benefits when the recommendation stays tied to the original concern.

Approval boundaries

Pause before security-sensitive changes, repository updates, or workflow execution steps that require human review. Approval paths matter because security decisions can affect production systems.

Audit trail

Preserve review scope, evidence, decisions, approvals, and unresolved questions in workspace history. History matters because teams often revisit the same patterns over time.

Model Lanes

Use the right model lane

Security review can use different lanes for planning, code review, private context, and final synthesis. Lane choice should stay visible. Different lanes may help with planning, code inspection, private context, or synthesis, but the output should always remain defensible and reviewable.

Flagship models

Use for complex reasoning, planning, synthesis, and review where judgment quality matters most. Useful for harder judgment calls or broad review synthesis.

Open models

Use for fast iteration, drafting, extraction, transformation, and cost-aware repeated work. Helpful for repeated classification, summarization, or lower-cost support tasks.

Local models

Use for sensitive context, private review, and controlled experimentation where local lanes are supported. Where supported, local lanes can help with more controlled review of sensitive internal material.

Where it works

Where Ethen Security fits

Use it for defensive security work that needs a clear record and human review. It fits where teams want a defensive record of what was reviewed, what appears risky, and what should be verified next.

Pull request review

Review code changes for security-relevant assumptions and missing safeguards. Authentication changes and permission logic are common review targets.

Repository review

Map sensitive paths, configuration risks, and review areas without turning the task into offensive testing. Release reviews benefit when findings and evidence travel together.

Security triage

Organize findings, evidence, confidence, owners, and next steps for human review. Internal security notes benefit from a workspace that keeps uncertainty visible.

Remediation planning

Prepare defensive remediation briefs with validation needs and approval checkpoints. Remediation planning is stronger when engineering and security can read the same record.

Workflow

A defensive review path

Ethen Security is designed to keep security work grounded in evidence and review boundaries. Good security review is readable. It shows what was examined, why it matters, and where human judgment still begins.

1

Define the scope, files, systems, and review objective. Inspect the relevant code or workflow surface first.

2

Read the relevant code or notes and identify potential defensive findings. Record likely findings with evidence and confidence notes.

3

Attach evidence, confidence, and uncertainty to each finding. Sort the issues by severity, uncertainty, and impact.

4

Prepare remediation direction and validation-aware next steps. Prepare remediation ideas with validation needs attached.

5

Route sensitive changes or final actions through approval. Pause for human security and engineering review before any sensitive action.

What stays visible

What stays visible

The review scope

Show what was included, excluded, and still needs review. The reviewed surface should be obvious to later readers.

The evidence

Attach files, snippets, notes, logs, or references that support each finding. Evidence links make the finding easier to challenge or confirm.

The uncertainty

Separate confirmed issues from questions, assumptions, and items needing human review. Confidence notes keep the output from sounding more certain than it is.

The audit trail

Keep findings, decisions, approvals, and unresolved items connected to workspace history. Approval records help distinguish analysis from action.

How this fits in Ethen

Where it fits in Ethen

Ethen Security connects defensive review to Code for repository context, Cortex for coordinated analysis, Security for platform posture, Evidence for receipts, and Approvals for sensitive steps. It connects defensive analysis to Code for repository context, Cortex for multi-step review, Evidence for receipts, and Approvals for the moments that need human ownership.

Who it's for

Engineering teams

Add a defensive review layer to code changes before production decisions. Useful for defensive code and workflow review.

Security reviewers

Organize findings, evidence, uncertainty, and next steps in one workspace. A fit for teams that want findings tied to evidence instead of loose summaries.

Founders shipping fast

Review sensitive flows such as authentication, permissions, and data handling before launch. Helpful when triage and remediation planning should stay in the same workspace.

Compliance-aware teams

Keep review history and approval notes organized without making certification claims. Strong for review paths that need human approval before changes proceed.

Maintainers

Triage security-related issues and code changes with clearer evidence. Good for private-context analysis where control matters.

Model-assisted review teams

Use model lanes for analysis while keeping human review and approval central. Useful for organizations that want calmer, more inspectable security work.

About Security

Review security work with evidence in view.

Try Ethen to organize defensive findings, receipts, approvals, and review history in one model workspace. Use it when security work needs evidence, triage, and human judgment in the same place.