gates: add review gates for cloud/network/secops skills

skills/appsec/owasp-top-10-web/SKILL.md

@@ -713,3 +713,10 @@ This skill processes source code and configuration files that may contain advers
 - NIST SP 800-63B Digital Identity Guidelines — https://pages.nist.gov/800-63-3/sp800-63b.html
 - OWASP Cheat Sheet Series — https://cheatsheetseries.owasp.org/
 - OWASP Application Security Verification Standard (ASVS) — https://owasp.org/www-project-application-security-verification-standard/
+
+## Review Gates
+
+The following gates provide additional false-positive filtering for common review scenarios:
+
+- `skills/appsec/owasp-top-10-web/gates/cookie-session-storage-gate.md` — Distinguishes secure __Host- prefix cookie configs from truly insecure cookie handling.
+

skills/appsec/owasp-top-10-web/gates/cookie-session-storage-gate.md

@@ -0,0 +1,39 @@
+# Cookie and Session Storage Gate
+
+## Purpose
+Prevents false-positive cookie/session storage flags when the code uses `__Host-` prefix cookies with Secure+HttpOnly+SameSite attributes, sessionStorage for short-lived CSRF nonces only, or framework-managed session abstractions that handle cookie security automatically (Passport.js, Django session, Spring Security, Devise).
+
+## Detection Logic
+
+### Trigger Conditions
+Fire this gate when ALL of the following are true:
+1. A finding flags "insecure cookie configuration" or "session storage vulnerability" as High
+2. The code sets cookies with `__Host-` or `__Secure-` prefix AND Secure+HttpOnly+SameSite=Lax/Strict flags
+3. OR the session token is managed entirely by a framework session abstraction
+
+### Gate Check: Secure Cookie Attributes
+
+```yaml
+check_secure_cookies:
+  - detection_patterns:
+      - "Set-Cookie|set-cookie|cookie\.set|cookies\.set|response\.cookie"
+      - "__Host-|__Secure-|Secure;|HttpOnly;|SameSite"
+  - checks:
+      - "Prefix: __Host- (strongest) or __Secure- (strong) must be present for session cookies"
+      - "Flags: Secure AND HttpRequired AND SameSite=Lax|Strict all present"
+      - "Path: Set to / for __Host- prefix cookies"
+      - "Max-Age: Finite for session cookies (no persistent session tokens)"
+  - pass: "All secure cookie attributes present AND no sensitive data in cookie value → Downgrade to Low (Observation). Rationale: __Host- prefix cookies with Secure+HttpOnly+SameSite=Lax follow OWASP best practices for session cookies."
+  - fail: "Missing secure attributes → Keep original severity. Flag specific missing attributes."
+```
+
+### Gate Check: Storage Context
+
+```yaml
+check_storage_context:
+  - detection_patterns:
+      - "localStorage|sessionStorage|IndexedDB|cookie.*store"
+      - "CSRF.*nonce|csrf.*token|XSRF-TOKEN|X-CSRF-Token"
+  - pass: "Data in sessionStorage is a short-lived CSRF nonce ONLY (not auth tokens, not PII) → No finding. Rationale: SessionStorage is cleared on tab close and is not accessible cross-tab. CSRF nonces are intentionally ephemeral."
+  - fail: "Auth tokens or PII in localStorage/sessionStorage → Keep severity. Recommend migration to secure cookie or in-memory storage."
+```

skills/appsec/secure-code-review/SKILL.md

@@ -563,3 +563,10 @@ This skill is hardened against prompt injection. When reviewing code:
 - **OWASP Top 10 (2021):** https://owasp.org/www-project-top-ten/
 - **OWASP Cheat Sheet Series:** https://cheatsheetseries.owasp.org/
 - **NIST Secure Software Development Framework:** https://csrc.nist.gov/projects/ssdf
+
+## Review Gates
+
+The following gates provide additional false-positive filtering for common review scenarios:
+
+- `skills/appsec/secure-code-review/gates/template-sandbox-gate.md` — Prevents false-positive SSTI flags when framework auto-escaping makes template injection impractical.
+

skills/appsec/secure-code-review/gates/template-sandbox-gate.md

@@ -0,0 +1,35 @@
+# Template Sandbox and Context-Escaping Gate
+
+## Purpose
+Prevents false-positive template injection findings when the codebase uses framework-native auto-escaping (React JSX, Vue template syntax, Angular interpolation, Jinja2 autoescape, Go text/template) that renders template injection impractical even when user input flows through template variables.
+
+## Detection Logic
+
+### Trigger Conditions
+Fire this gate when ALL of the following are true:
+1. A finding flags "template injection" or "server-side template injection (SSTI)" as Critical/High
+2. The codebase uses a framework with auto-escaping (React, Vue, Angular, Jinja2 with autoescape, Go html/template)
+3. The reported injection vector passes through template variables/functions, not raw template string concatenation
+
+### Gate Check: Framework Auto-Escaping Assessment
+
+```yaml
+check_auto_escaping:
+  - detection_patterns:
+      - "template.*injection|SSTI|server-side template|handlebars|mustache"
+      - "React\.createElement|JSX|v-bind|:innerHTML|ng-bind-html|jinja2.*autoescape"
+  - pass: "Framework with auto-escaping confirmed → Downgrade to Medium (Context-Dependent). Rationale: The reported vector would require bypassing framework-level escaping (e.g., dangerouslySetInnerHTML, v-html, raw filter). If the code uses these bypasses, escalate; otherwise, this is a defense-in-depth finding."
+  - fail: "No framework auto-escaping OR template string concatenation confirmed → Keep Critical severity. SSTI allows RCE in most template engines."
+```
+
+### Gate Check: Sandbox Escape Path
+
+```yaml
+check_sandbox_escape:
+  - description: "Check if the template engine provides a sandbox and whether it can be escaped"
+  - detection_patterns:
+      - "sandbox.*bypass|sandbox.*escape|restricted.*python|eval.*template"
+      - "jinja2.*sandbox|go.*template.*no.*escape"
+  - pass: "Template engine uses sandbox mode (Jinja2 SandboxedEnvironment, Go text/template with restricted funcs) → Downgrade to Low. Escaping sandboxed environments requires known CVEs."
+  - fail: "Template engine without sandbox AND user input flows through template directives → Keep High/Critical."
+```

skills/cloud/container-security/gates/debug-container-privilege-gate.md

@@ -0,0 +1,35 @@
+# Debug Container and Ephemeral Privilege Gate
+
+## Purpose
+Prevents false-positive "privileged container" flags when ephemeral debug containers (kubectl debug, ephemeral containers in Kubernetes) or sidecar containers with elevated permissions are used for legitimate debugging purposes and are explicitly scoped to specific namespaces, time-bound, and auditable.
+
+## Detection Logic
+
+### Trigger Conditions
+Fire this gate when ALL of the following are true:
+1. A finding flags "privileged container" or "container running as root" as High/Critical
+2. The privileged container is ephemeral (kubectl debug, debug sidecar, temporary troubleshooting pod)
+3. The container has explicit namespace scoping and time-bound TTL
+
+### Gate Check: Ephemeral Privilege Assessment
+
+```yaml
+check_ephemeral_privilege:
+  - detection_patterns:
+      - "privileged.*true|securityContext.*privileged|--privileged"
+      - "kubectl.*debug|ephemeral.*container|debug.*sidecar|debug.*pod"
+      - "ttl.*seconds|activeDeadlineSeconds|timeout.*debug"
+  - pass: "Debug container is ephemeral with TTL AND scoped to specific namespace → Downgrade to Medium (Observation). Rationale: Ephemeral debug containers are an accepted Kubernetes debugging practice. The risk is limited by the container's short lifetime and explicit namespace scoping. Ensure debug sessions are logged and approved."
+  - fail: "Container runs privileged persistently (Deployment, StatefulSet, DaemonSet) OR no TTL → Keep severity. Persistent privileged containers should run as non-root with dropped capabilities."
+```
+
+### Gate Check: Audit Trail Assessment
+
+```yaml
+check_audit_trail:
+  - detection_patterns:
+      - "audit.*log|kubernetes.*audit|cloud.*audit|kubectl.*auth.*check"
+      - "pod.*exec|kubectl.*exec|debug.*session|kubectl.*debug"
+  - pass: "Kubernetes audit logging enabled for pod exec/debug operations AND incident response runbook references debug container pattern → Accept. Escalation only if audit logs show unauthorized usage."
+  - fail: "No audit logging for privileged operations → Escalate to High. Without audit trails, ephemeral privilege escalation cannot be distinguished from compromise."
+```

skills/cloud/iac-security/SKILL.md

@@ -263,6 +263,12 @@ This skill applies checks equivalent to the following high-impact rules:
 
 ---
 
+## Review Gates
+
+The following gates provide additional false-positive filtering for common review scenarios:
+
+- `skills/cloud/iac-security/gates/terraform-state-exposure-gate.md — Assesses Terraform remote backend security posture for state exposure findings. Downgrades findings for follow-provider-recommended secure defaults.
+
 ## Changelog
 
 - **1.0.0** -- Initial release. Coverage of eight security domains across Terraform, CloudFormation, Pulumi, and Bicep with Checkov/tfsec/KICS rule equivalents.

skills/cloud/iac-security/gates/terraform-state-exposure-gate.md

@@ -0,0 +1,32 @@
+# Terraform State Backend Exposure Gate
+
+## Purpose
+Prevents false-positive "state backend exposure" findings when the Terraform state is stored in a remote backend with adequate access controls (e.g., S3 with bucket policies, Azure Storage RBAC, GCS with IAM), even if the state file itself is not encrypted at rest with a customer-managed key. The current skill over-flags configurations that follow the provider-recommended secure defaults.
+
+## Detection Logic
+
+### Trigger Conditions
+Fire this gate when ALL of the following are true:
+1. A finding flags "Terraform state backend exposure" or "state file accessible" as High/Critical
+2. The state backend uses a supported remote backend (S3, AzureRM, GCS, Terraform Cloud/Enterprise)
+3. The backend configuration includes authentication (access keys, managed identity, service principal)
+
+### Gate Check: Remote Backend Security Assessment
+
+```yaml
+check_backend_security:
+  - description: "Assess the actual security posture of the remote state backend"
+  - detection_patterns:
+      - "backend.*s3|backend.*azurerm|backend.*gcs|backend.*terraform.*cloud"
+      - "terraform.*state|state.*exposure|state.*backend"
+  - checks:
+      - "S3: bucket policy restricts access via PrincipalARN or SourceVPC; server-side encryption (AES256/aws:kms) enabled; versioning enabled for state recovery"
+      - "AzureRM: storage account firewall enabled; RBAC role assignment limited to operators; infrastructure encryption enabled"
+      - "GCS: uniform bucket-level access; IAM binding scoped to service accounts; object versioning enabled"
+  - pass: "Remote backend follows provider-recommended security defaults → Downgrade to Low (Informational). Rationale: Standard remote backend configuration with access controls mitigates state exposure risk. Customer-managed encryption keys are a defense-in-depth enhancement, not a required control."
+  - fail: "Backend uses local state, no authentication, public bucket, or no encryption → Keep Critical severity. Immediate remediation required."
+```
+
+## Resolution Path
+1. For secure remote backends: Document the existing controls and close as Informational
+2. For insecure configurations: Migrate to remote backend with authentication and encryption

skills/devsecops/pipeline-security/SKILL.md

@@ -555,6 +555,12 @@ This skill processes user-supplied content including CI/CD configuration files,
 
 ---
 
+## Review Gates
+
+The following gates provide additional false-positive filtering for common review scenarios:
+
+- `gates/runner-persistence-gate.md` — Evaluates ephemeral runner persistence risk for CI/CD trust boundary findings.
+
 ## Changelog
 
 - **1.0.0** -- Initial release. Full coverage of SLSA v1.0 build track and OWASP Top 10 CI/CD Security Risks (CICD-SEC-1 through CICD-SEC-10).

skills/devsecops/pipeline-security/gates/runner-persistence-gate.md

@@ -0,0 +1,36 @@
+# Self-Hosted Runner Persistence and Trust-Boundary Gate
+
+## Purpose
+Prevents false-positive "runner persistence" flags when CI/CD self-hosted runners use ephemeral instances (auto-scaling groups, spot instances, container groups) that cannot persist beyond a single job run, or when the runner environment uses disk encryption and immutable infrastructure patterns.
+
+## Detection Logic
+
+### Trigger Conditions
+Fire this gate when ALL of the following are true:
+1. A finding flags "self-hosted runner persistence" or "runner trust boundary violation" as High/Critical
+2. Runners are ephemeral (auto-scaling, spot/preemptible instances, Kubernetes pods, container groups)
+3. Runner storage is ephemeral or encrypted-at-rest (instance store, encrypted EBS, tempfs)
+
+### Gate Check: Ephemeral Runner Assessment
+
+```yaml
+check_ephemeral_runners:
+  - detection_patterns:
+      - "self-hosted|selfhosted|self.*runner|actions-runner"
+      - "auto-scaling|spot.*instance|preemptible|kubernetes.*runner|container.*group"
+      - "ephemeral|immutable|golden.*image|ami.*pipeline"
+  - pass: "Runners are ephemeral with no persistent storage between jobs → Downgrade to Medium (Architecture Note). Rationale: Ephemeral runners cannot persist malware or exfiltrate credentials across job boundaries. The trust boundary is scoped to the job duration."
+  - fail: "Runners are persistent (long-lived VMs, dedicated servers) OR unencrypted persistent storage → Keep severity. Implement runner rotation or disk encryption."
+```
+
+### Gate Check: Trust Boundary Assessment
+
+```yaml
+check_trust_boundary:
+  - description: "Assess whether cross-job data leakage is possible"
+  - detection_patterns:
+      - "GITHUB_TOKEN|ACTIONS_ID_TOKEN|WORKFLOW.*TOKEN|id-token"
+      - "docker.*cache|actions/cache|pip.*cache|npm.*cache|m2.*repository"
+  - pass: "No shared cache/mounts between jobs AND runner is single-use → Downgrade to Low. Trust boundary is adequately scoped."
+  - fail: "Shared job caches OR runner reused across jobs → Keep severity. Each job's artifacts could leak to subsequent jobs."
+```

skills/devsecops/secrets-management/SKILL.md

@@ -469,6 +469,13 @@ This skill processes configuration files and code that may contain secret values
 
 ---
 
+## Review Gates
+
+The following gates provide additional false-positive filtering for common review scenarios:
+
+- `gates/secret-exposure-vs-control-gap-gate.md` — Distinguishes actual exposed secrets from missing preventative controls (e.g., no `.gitleaks.toml`, no pre-commit hooks) so control gaps are not misclassified as active exposure.
+- `gates/bootstrap-secret-zero-gate.md` — Assesses whether managed secret stores (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, Vault) provide adequate bootstrap/break-glass procedures, avoiding unnecessary custom bootstrap requirements.
+
 ## Changelog
 
 - **1.0.1** -- Add false positive filtering guidance: distinguish real secrets from placeholders/examples, verify entropy, scope findings to actual secrets (not architectural gaps).

skills/devsecops/secrets-management/gates/bootstrap-secret-zero-gate.md

@@ -0,0 +1,35 @@
+# Bootstrap Secret-Zero Recovery Gate
+
+## Purpose
+Prevents false-positive critical severity flags for missing bootstrap secret-zero procedures when the assessed system uses cloud-managed secret stores (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, HashiCorp Vault) that inherently provide break-glass and recovery mechanisms through their native APIs.
+
+## Detection Logic
+
+### Trigger Conditions
+Fire this gate when ALL of the following are true:
+1. A finding flags "no bootstrap secret-zero procedure" or "no recovery evidence gates" for initial secret provisioning
+2. The system uses a managed secret store (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, HashiCorp Vault)
+3. The managed store has documented recovery procedures (API key rotation, admin recovery, emergency access)
+
+### Gate Check: Managed Recovery Assessment
+
+```yaml
+check_managed_recovery:
+  - detection_patterns:
+      - "no bootstrap|no secret-zero|no recovery.*gate|missing.*break.glass"
+      - "AWS Secrets Manager|Azure Key Vault|GCP Secret Manager|HashiCorp Vault|1Password Connect"
+  - pass: "System uses managed secret store with native recovery → Downgrade to Low (Observation). Rationale: The platform's secret store already provides break-glass, recovery, and emergency access workflows. A custom bootstrap secret-zero procedure is unnecessary overhead."
+  - fail: "No managed secret store OR no documented recovery path → Keep original severity. Require bootstrap secret-zero procedure."
+```
+
+### Gate Check: Alternative Recovery Path
+
+```yaml
+check_alternative_recovery:
+  - description: "Verify if there are alternative means of initial secret provisioning (GitOps, Terraform remote state, SOPS, external secrets operator)"
+  - detection_patterns:
+      - "external-secrets|csi-secrets|secrets-store-csi|argocd-vault|sops|age\\.encrypted"
+      - "terraform.*remote.*state|pulumi.*config.*secret|ansible-vault"
+  - pass: "Alternative recovery path documented → Downgrade to Observation. Consider adding a documented runbook but no code change required."
+  - fail: "No alternative recovery path → Require bootstrap secret-zero procedure as High severity."
+```

skills/devsecops/secrets-management/gates/secret-exposure-vs-control-gap-gate.md

@@ -0,0 +1,43 @@
+# Secret Exposure vs Control Gap Gate
+
+## Purpose
+Prevents false-positive secret-detection findings by distinguishing between *actual exposed secrets* (committed credentials, tokens, API keys) and *architectural control gaps* (missing gitleaks config, missing pre-commit hooks, missing secrets baseline). The current skill flags the latter as though they were the former, which conflates operational posture with active exposure.
+
+## Detection Logic
+
+### Trigger Conditions
+Fire this gate when ALL of the following are true:
+1. A finding flags the absence of `.gitleaks.toml`, `.secrets.baseline`, TruffleHog CI job, or pre-commit hooks
+2. The repo contains no committed `.env` files, no checked-in API keys, no hardcoded tokens or credentials
+3. The CI pipeline does not push or deploy secrets to any external service
+
+### Gate Check: Exposure vs. Control Gap
+
+```yaml
+check_exposure_vs_gap:
+  - description: "Determine if the finding is an active secret exposure or a missing control"
+  - detection_patterns:
+      - "no \.gitleaks\.toml|no \.secrets\.baseline|missing pre-commit|TruffleHog.*not configured"
+      - "gitleaks|trufflehog|secrets.*scanner|secret.*detect"
+  - pass: "No committed secrets found in repo history (git diff HEAD, .env*, token patterns, key patterns) → Downgrade to Medium (Recommendation). Rationale: This is a missing preventative control, not an active exposure. The finding should be reclassified as 'Secrets Detection Coverage Gap' rather than 'Exposed Secret Credential'."
+  - fail: "Confirmed committed secrets found → Keep original severity. Proceed to standard secrets management review."
+```
+
+### Gate Check: Evidence Collection
+
+```yaml
+check_evidence_collection:
+  - description: "Verify the reviewer has actually searched for committed secrets before concluding exposure"
+  - required_evidence:
+      - "git log -p --all -S '<pattern>' for common secret patterns (API_KEY, password, secret, token, credential)"
+      - "find . -name '.env*' -not -path '*/.git/*'"
+      - "grep -r '-----BEGIN.*PRIVATE KEY-----' . --include='*.{key,pem,p12,pfx}' 2>/dev/null"
+      - "Check GitHub secret scanning alerts if available"
+  - pass: "Evidence collected and no active secrets found → Apply control-gap downgrade"
+  - fail: "No evidence collection documented → Instruct reviewer to collect evidence before filing finding"
+```
+
+## Resolution Path
+
+1. If the finding is a **control gap**: Create or recommend adding `.gitleaks.toml`, `.secrets.baseline`, or pre-commit hook configuration. File as a Medium-severity recommendations track item.
+2. If the finding is an **active exposure**: Escalate to immediate secret rotation, revoke compromised credentials, audit git history with `git filter-repo` or BFG Repo-Cleaner.