Autonomous, language-aware white-box (static source) security review pipeline: context, x-ray, PASTA threat model, CVE threat-intel, invariant testing, and adversarial threat-hunting. Static-only — no live target, proxy, or traffic capture. Self-contained, no external engine.