Slice 1 (GitLab CI):
- 19 deterministic security rules across 6 categories
- Policy engine with 7 built-in policies + custom YAML
- HTML / JSON / PDF reporters
- LLM enrichment (Anthropic + OpenAI, optional)
- FastAPI web UI + REST API
- Scanner integrations: Semgrep CE, OpenSSF Scorecard, GitLab native
- 133 tests passing

PRD acceptance criteria met:
- Recall: 100% (14/14) on labelled bad fixture
- False positives: 0 on labelled good fixture
- Performance: 166 ms mean parse+analyse on 500-job pipeline