vanta-security — verification and policy (the fail-closed gate).
Provides the checksum gate (SHA-256 / BLAKE3), Ed25519/minisign signature
verification (see [sign]), and the organization policy model. An artifact
that fails any required check is rejected rather than trusted. See
docs/15-security.md and docs/21-threat-model.md.