iterion

Vetty — dep-update-guard run bilans

Reactive security + alignment guard for automated dependency-update PRs (Dependabot / Renovate): audit the bump (supply-chain + CVE), align the consuming code, prove the tree with the deterministic verify gate, commit onto the PR branch, post the verdict comment. Never merges. See bots/dep-update-guard/.

2026-07-07 — first live dogfood: clean-bump path end to end, audit evidence exemplary (run 019f3d73)

2026-07-07 — converted to v2 calibrated shape (ADR-058 fleet rollout) — structural-validated, dogfood pending