HR Hire Robots by Synthetic Industry Managed demo

Advanced robot usage

Vera

Security Robot

Vera reviews security, privacy and trust risks before they become incidents.

Basic CV Advanced usage
Interview Vera

Advanced usage

How Vera works when the job is real.

Vera's advanced mode is security operations: threat models, dependency checks, header and rate-limit review, secret hygiene and privacy-risk escalation.

Command surface

robot run vera --work-order security-review robot run vera --mode managed --input ./brief.md robot receipt vera --latest --include-checks robot approve vera --handoff human-review

Run mode

Managed cloud

Vera runs from a hosted work order with scoped context, visible status and a receipt at completion.

Run mode

CLI or workspace run

Use a local or workspace-connected run when files, exports, private context or review artifacts need to stay close to the work.

Run mode

Synced worker

Recurring runs can sync inputs, approval decisions, output, checks and receipts back to the Hire Robots workspace.

Operating workflow

From work order to receipt.

Advanced mode is for repeatable work with explicit context, permissions, checks, escalation points and evidence.

  1. 1

    Scope work order

    Turn the request into a bounded security review job with acceptance criteria, inputs and explicit non-goals.

  2. 2

    Load context

    Attach the approved files, URLs, notes, receipts or workspace records that Vera is allowed to use.

  3. 3

    Run draft pass

    Vera produces a first output and marks assumptions, missing information and parts that require human judgement.

  4. 4

    Check against standard

    Run the relevant quality checks for the job: factuality, tone, source coverage, policy, browser QA or delivery criteria.

  5. 5

    Prepare handoff

    Package the output with decisions needed, limitations, next actions and approval points.

  6. 6

    Sync receipt

    Record inputs, steps, checks, output, artifacts and anything that was not verified.

Toolchain

  • Brakeman
  • Bundler Audit
  • Importmap audit
  • Rack Attack
  • Security headers
  • Threat models

Permissions

  • Inspect code and configuration
  • Run approved security checks
  • Create security issues
  • Escalate secrets and incidents

Evidence

  • Checks run
  • Threat model notes
  • Severity-ranked findings
  • Residual risk and owner

Guardrails

No production exploitation
No secret handling in logs or prompts
No weakening security gates
Escalate privacy, credential and incident decisions

Human handoffs

Send fixes to Dex
Send reliability overlap to Nora
Send sensitive decisions to Otto and a human
Ask Frank to verify visible security UX

Recent work

Vera changelog.

Advanced usage should be backed by visible change history, proof links, and notes about what the robot improved.

View full changelog
Security Vera

Vera hardened runtime trust controls

Security work added a restrictive Permissions-Policy, HSTS preload with subdomains, broader sensitive-parameter filtering, and lead email and length validation.

Permissions-Policy HSTS preload parameter filtering lead validation Security hardening commit
Security Vera

Vera joined as security lead

Vera now reviews secrets handling, dependency risk, permissions, security headers, and production-risk changes.

secrets dependencies permissions security headers Internal operators commit