## Purpose

Canonical specification for security-and-performance-test-harness requirements synced from OpenSpec change deltas.

## Requirements

### Requirement: Security test harness runs in CI
The system SHALL run baseline automated security checks in CI.

#### Scenario: Security checks execute
- **WHEN** CI pipeline runs on protected branches
- **THEN** dependency vulnerability and static security checks execute
- **AND** high-severity findings fail the gate

### Requirement: Performance test harness enforces thresholds
The system SHALL run page-speed and API-performance checks against defined thresholds.

#### Scenario: Performance regression detection
- **WHEN** measured performance exceeds regression threshold
- **THEN** performance gate fails
- **AND** reports include metric deltas and failing surfaces