From 0867b3b0f5248df0b105df4a62253f849011bd96 Mon Sep 17 00:00:00 2001
From: Cursor Agent <cursoragent@cursor.com>
Date: Sat, 21 Mar 2026 16:24:54 +0000
Subject: [PATCH 1/4] docs(tasks): epic for explicit aidd-security-review skill
 in /review

Co-authored-by: Eric Elliott <support@paralleldrive.com>
---
 ...idd-review-explicit-security-skill-epic.md | 59 +++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 tasks/aidd-review-explicit-security-skill-epic.md

diff --git a/tasks/aidd-review-explicit-security-skill-epic.md b/tasks/aidd-review-explicit-security-skill-epic.md
new file mode 100644
index 0000000..ec3d45e
--- /dev/null
+++ b/tasks/aidd-review-explicit-security-skill-epic.md
@@ -0,0 +1,59 @@
+# AIDD Review Explicit Security Skill Epic
+
+**Status**: 📋 PLANNED
+**Goal**: Add a mandatory, checklist-driven security skill so `/aidd-review` catches structural auth and secret-handling failures on the first pass—without relying on OWASP enumeration alone.
+
+## Overview
+
+OWASP Top 10 is a useful backstop but it is too coarse to catch **policy-level** failures that keep showing up in real systems (e.g. optional global auth off, transport-inconsistent gates, secrets in URLs, implicit automation targets). Reviewers need **explicit, project-agnostic rules** that force a **first-pass** search for those patterns. This epic adds a dedicated **AIDD security review** skill with a **non-optional checklist**, wires it into **`aidd-review`**, and documents **how “no shared secrets between our services” interacts with CI and third parties** so agents do not treat it as absolutist fiction.
+
+---
+
+## Author the explicit security review skill
+
+Create `.cursor/skills/aidd-security-review/SKILL.md` (and mirror to `ai/skills/` if required by repo conventions for sync) containing a **numbered or structured checklist** the reviewer must walk on every security-relevant review. The skill must **not** replace OWASP but **must** run **before** or **in addition to** OWASP, and must require **explicit PASS/FAIL (or N/A + rationale)** per item in the written review output.
+
+**Requirements**:
+
+- Given human authentication, should **reject password-based login** as acceptable unless the task explicitly documents a legacy exception; should require **WebAuthn/passkeys** or **federated IdP** patterns for new design.
+- Given **first-party** service-to-service auth, should require **asymmetric** trust (mTLS, workload identity, OIDC token exchange, per-service signing keys) where the verifier holds **public** material only; should flag long-lived symmetric API keys copied into two services as **FAIL** unless N/A is justified (e.g. third-party constraint).
+- Given **CI/CD** calling our APIs, should explain **practical** patterns: **OIDC** (`GITHUB_TOKEN` / cloud workload identity), **short-lived** cloud tokens, **ephemeral** mTLS or **signed** requests—versus storing a **static repo secret**; should mark **static shared secrets in CI** as **WARN or FAIL** with migration path, not hand-wave.
+- Given **third-party** inbound webhooks or vendor APIs that only offer **shared HMAC/bearer** secrets, should allow **documented exception** scoped to **that boundary** and require **per-integration** rotation, **least privilege**, and **no reuse** across services.
+- Given HTTP APIs, should require **no unauthenticated state-changing** methods on any route that mutates **server-side** persisted state (including side effects: spawn, schedule, config write, skill install, webhook trigger).
+- Given read APIs, should require **no unauthenticated** access to **PII** or **persisted operational state** (sessions, agents, integrations, audit, logs, uploads) unless explicitly classified as **non-sensitive public metadata** with justification.
+- Given **alternate transports** (WebSocket, SSE, gRPC, subprocess IPC), should verify they **do not** use **relaxed** or **missing** authentication compared to HTTP for the **same** resource class.
+- Given **channels** (browser tabs, extensions, webhooks, message buses, CLIs), should flag any path that **bypasses** the primary authZ layer or accepts **weaker** proof (e.g. query `token=`, unsigned callbacks, trust-client IP alone).
+- Given logging, tracing, metrics, and error reporting, should require **no credential logging** (headers, cookies, query `token`, `Authorization`, raw URLs with secrets); should list **query keys** that must be redacted when full URIs are captured.
+- Given **default configuration** or **first boot**, should flag **fail-open** behavior (serve full API with empty credential, “dev mode” flags that disable auth in production builds, implicit targets for automation).
+- Given **token or session compare**, should reference **`aidd-timing-safe-compare`** (hash-then-compare for symmetric material) and **`aidd-jwt-security`** where JWT appears; should not treat “we used ConstantTimeEq” as sufficient for **entropy** problems.
+
+---
+
+## Integrate the skill into `aidd-review`
+
+Update `.cursor/skills/aidd-review/SKILL.md` and `ai/skills/aidd-review/SKILL.md` so **`/aidd-review` always invokes** **`aidd-security-review`** for the security phase: add to **Criteria**, add a **ReviewProcess** step, and state that **OWASP alone is insufficient** for merge-ready security review.
+
+**Requirements**:
+
+- Given a `/aidd-review` run on code that touches auth, network listeners, persistence, or secrets, should **load and follow** `aidd-security-review` **before** claiming the security pass is complete.
+- Given the updated review skill, should still reference **`aidd-timing-safe-compare`** and **`aidd-jwt-security`** where applicable without duplicating their full text.
+
+---
+
+## Add references and examples for first-pass coverage
+
+Add `references/` under the new skill (or extend `aidd-review/references/`) with **concrete pattern examples**: insecure vs secure for **empty default auth**, **WS/HTTP split**, **query token**, **webhook default target**, **session in JSON + cookie**, **localStorage API secret**.
+
+**Requirements**:
+
+- Given a reviewer reading only the skill, should find **at least one** “bad pattern / good pattern” pair per **non-negotiable** checklist line so first pass is **mechanical**, not inspirational.
+
+---
+
+## Validate and cross-link agent entry points
+
+Ensure `AGENTS.md`, `aidd-custom/AGENTS.md` (if present), and any **orchestrator** or **review** docs that list skills mention the new **mandatory** security pass.
+
+**Requirements**:
+
+- Given a new contributor following `AGENTS.md` to run `/review`, should discover **`aidd-security-review`** as a **required** companion to **`aidd-review`** for security-sensitive changes.

From 757ee230941d3414e6dd5e3062a8095546663add Mon Sep 17 00:00:00 2001
From: Cursor Agent <cursoragent@cursor.com>
Date: Sun, 22 Mar 2026 04:33:33 +0000
Subject: [PATCH 2/4] docs(tasks): anchor security epic in explicit principles,
 drop leading prose

Co-authored-by: Eric Elliott <support@paralleldrive.com>
---
 tasks/aidd-review-explicit-security-skill-epic.md | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/tasks/aidd-review-explicit-security-skill-epic.md b/tasks/aidd-review-explicit-security-skill-epic.md
index ec3d45e..ec10053 100644
--- a/tasks/aidd-review-explicit-security-skill-epic.md
+++ b/tasks/aidd-review-explicit-security-skill-epic.md
@@ -5,13 +5,20 @@
 
 ## Overview
 
-OWASP Top 10 is a useful backstop but it is too coarse to catch **policy-level** failures that keep showing up in real systems (e.g. optional global auth off, transport-inconsistent gates, secrets in URLs, implicit automation targets). Reviewers need **explicit, project-agnostic rules** that force a **first-pass** search for those patterns. This epic adds a dedicated **AIDD security review** skill with a **non-optional checklist**, wires it into **`aidd-review`**, and documents **how “no shared secrets between our services” interacts with CI and third parties** so agents do not treat it as absolutist fiction.
+OWASP Top 10 is a useful backstop but it is too coarse to catch **policy-level** failures that keep showing up in real systems (optional global auth off, transport-inconsistent gates, secrets in URLs, implicit automation targets). Reviewers need **explicit, project-agnostic rules** that force a **first-pass** search for those patterns. This epic adds a dedicated **AIDD security review** skill with a **non-optional checklist**, wires it into **`aidd-review`**, and spells out how **first-party** service trust, **CI**, and **third-party** boundaries fit **least privilege** and **layered** controls—not as a waiver for weak defaults, but as **scoped exceptions** with rotation, isolation, and documentation.
+
+## Principles (anchor the new skill and every review pass)
+
+- **Principle of least knowledge** — components should not receive or retain more about peers’ secrets than they need to verify or authorize; prefer verify-with-public-material where feasible.
+- **Principle of least privilege** — every principal (human, service, integration, CI job) gets the **minimum** access, duration, and scope required; document any broader access as **time-bounded** and **revocable**.
+- **Security in layers** — no single control (TLS, network zone, “it’s localhost”) substitutes for **authn/authz** on the control plane; alternate transports and side-channels get the **same** bar unless explicitly classified and justified.
+- **Prefer the safer option** — if a mechanism is **sometimes** dangerous and a **strictly better** pattern exists for the context (passkeys vs passwords, asymmetric vs duplicated symmetric keys, explicit binding vs implicit defaults), the review should **default to the better option** and treat the weaker one as **FAIL** unless the epic/task documents an approved exception.
 
 ---
 
 ## Author the explicit security review skill
 
-Create `.cursor/skills/aidd-security-review/SKILL.md` (and mirror to `ai/skills/` if required by repo conventions for sync) containing a **numbered or structured checklist** the reviewer must walk on every security-relevant review. The skill must **not** replace OWASP but **must** run **before** or **in addition to** OWASP, and must require **explicit PASS/FAIL (or N/A + rationale)** per item in the written review output.
+Create `.cursor/skills/aidd-security-review/SKILL.md` (and mirror to `ai/skills/` if required by repo conventions for sync) containing a **numbered or structured checklist** the reviewer must walk on every security-relevant review. Open the skill with the **Principles** block from this epic (least knowledge, least privilege, security in layers, prefer the safer option). The skill must **not** replace OWASP but **must** run **before** or **in addition to** OWASP, and must require **explicit PASS/FAIL (or N/A + rationale)** per item in the written review output.
 
 **Requirements**:
 

From f05c5b079020ef48d10108cafe33be78b1deaa1f Mon Sep 17 00:00:00 2001
From: Cursor Agent <cursoragent@cursor.com>
Date: Sun, 22 Mar 2026 04:36:05 +0000
Subject: [PATCH 3/4] docs(tasks): tighten security-review epic, dedupe wording

Co-authored-by: Eric Elliott <support@paralleldrive.com>
---
 ...idd-review-explicit-security-skill-epic.md | 56 +++++++++----------
 1 file changed, 27 insertions(+), 29 deletions(-)

diff --git a/tasks/aidd-review-explicit-security-skill-epic.md b/tasks/aidd-review-explicit-security-skill-epic.md
index ec10053..f71829f 100644
--- a/tasks/aidd-review-explicit-security-skill-epic.md
+++ b/tasks/aidd-review-explicit-security-skill-epic.md
@@ -1,66 +1,64 @@
 # AIDD Review Explicit Security Skill Epic
 
 **Status**: 📋 PLANNED
-**Goal**: Add a mandatory, checklist-driven security skill so `/aidd-review` catches structural auth and secret-handling failures on the first pass—without relying on OWASP enumeration alone.
+**Goal**: Mandatory checklist skill for `/aidd-review` so structural auth/secret failures surface on first pass—not only via OWASP Top 10.
 
 ## Overview
 
-OWASP Top 10 is a useful backstop but it is too coarse to catch **policy-level** failures that keep showing up in real systems (optional global auth off, transport-inconsistent gates, secrets in URLs, implicit automation targets). Reviewers need **explicit, project-agnostic rules** that force a **first-pass** search for those patterns. This epic adds a dedicated **AIDD security review** skill with a **non-optional checklist**, wires it into **`aidd-review`**, and spells out how **first-party** service trust, **CI**, and **third-party** boundaries fit **least privilege** and **layered** controls—not as a waiver for weak defaults, but as **scoped exceptions** with rotation, isolation, and documentation.
+OWASP is too coarse for **policy** bugs (auth off by default, transport mismatch, secrets in URLs, implicit automation targets). This epic adds **`aidd-security-review`** (non-optional checklist + **PASS / FAIL / N/A+rationale** per item), wires it into **`aidd-review`**, and defines how **first-party**, **CI**, and **third-party** fit **least privilege** and **layered** controls: **scoped exceptions** only, with rotation, isolation, and docs—never weak defaults by default.
 
-## Principles (anchor the new skill and every review pass)
+## Principles (copy into the new skill verbatim)
 
-- **Principle of least knowledge** — components should not receive or retain more about peers’ secrets than they need to verify or authorize; prefer verify-with-public-material where feasible.
-- **Principle of least privilege** — every principal (human, service, integration, CI job) gets the **minimum** access, duration, and scope required; document any broader access as **time-bounded** and **revocable**.
-- **Security in layers** — no single control (TLS, network zone, “it’s localhost”) substitutes for **authn/authz** on the control plane; alternate transports and side-channels get the **same** bar unless explicitly classified and justified.
-- **Prefer the safer option** — if a mechanism is **sometimes** dangerous and a **strictly better** pattern exists for the context (passkeys vs passwords, asymmetric vs duplicated symmetric keys, explicit binding vs implicit defaults), the review should **default to the better option** and treat the weaker one as **FAIL** unless the epic/task documents an approved exception.
+- **Least knowledge** — verify with **public** material where feasible; minimize what each component holds about peers’ secrets.
+- **Least privilege** — minimum access, duration, scope per human, service, integration, CI job; broader access must be **time-bounded**, **revocable**, **documented**.
+- **Security in layers** — TLS, network zone, localhost **do not** replace control-plane **authn/authz**; WebSocket, SSE, gRPC, IPC match HTTP for the **same** resource class unless **classified and justified**.
+- **Prefer the safer option** — if a pattern is only *sometimes* safe and a better one exists (passkeys vs passwords, asymmetric vs duplicated symmetric keys, explicit vs implicit automation binding), **FAIL** the weaker choice unless the **epic/task** records an approved exception.
 
 ---
 
 ## Author the explicit security review skill
 
-Create `.cursor/skills/aidd-security-review/SKILL.md` (and mirror to `ai/skills/` if required by repo conventions for sync) containing a **numbered or structured checklist** the reviewer must walk on every security-relevant review. Open the skill with the **Principles** block from this epic (least knowledge, least privilege, security in layers, prefer the safer option). The skill must **not** replace OWASP but **must** run **before** or **in addition to** OWASP, and must require **explicit PASS/FAIL (or N/A + rationale)** per item in the written review output.
+Add `.cursor/skills/aidd-security-review/SKILL.md` (mirror to `ai/skills/` if repo requires). Lead with the **Principles** block above, then a **checklist** for every security-relevant review. Run it **with** OWASP (not instead). Each checklist item: **PASS / FAIL / N/A + rationale** in the review artifact.
 
 **Requirements**:
 
-- Given human authentication, should **reject password-based login** as acceptable unless the task explicitly documents a legacy exception; should require **WebAuthn/passkeys** or **federated IdP** patterns for new design.
-- Given **first-party** service-to-service auth, should require **asymmetric** trust (mTLS, workload identity, OIDC token exchange, per-service signing keys) where the verifier holds **public** material only; should flag long-lived symmetric API keys copied into two services as **FAIL** unless N/A is justified (e.g. third-party constraint).
-- Given **CI/CD** calling our APIs, should explain **practical** patterns: **OIDC** (`GITHUB_TOKEN` / cloud workload identity), **short-lived** cloud tokens, **ephemeral** mTLS or **signed** requests—versus storing a **static repo secret**; should mark **static shared secrets in CI** as **WARN or FAIL** with migration path, not hand-wave.
-- Given **third-party** inbound webhooks or vendor APIs that only offer **shared HMAC/bearer** secrets, should allow **documented exception** scoped to **that boundary** and require **per-integration** rotation, **least privilege**, and **no reuse** across services.
-- Given HTTP APIs, should require **no unauthenticated state-changing** methods on any route that mutates **server-side** persisted state (including side effects: spawn, schedule, config write, skill install, webhook trigger).
-- Given read APIs, should require **no unauthenticated** access to **PII** or **persisted operational state** (sessions, agents, integrations, audit, logs, uploads) unless explicitly classified as **non-sensitive public metadata** with justification.
-- Given **alternate transports** (WebSocket, SSE, gRPC, subprocess IPC), should verify they **do not** use **relaxed** or **missing** authentication compared to HTTP for the **same** resource class.
-- Given **channels** (browser tabs, extensions, webhooks, message buses, CLIs), should flag any path that **bypasses** the primary authZ layer or accepts **weaker** proof (e.g. query `token=`, unsigned callbacks, trust-client IP alone).
-- Given logging, tracing, metrics, and error reporting, should require **no credential logging** (headers, cookies, query `token`, `Authorization`, raw URLs with secrets); should list **query keys** that must be redacted when full URIs are captured.
-- Given **default configuration** or **first boot**, should flag **fail-open** behavior (serve full API with empty credential, “dev mode” flags that disable auth in production builds, implicit targets for automation).
-- Given **token or session compare**, should reference **`aidd-timing-safe-compare`** (hash-then-compare for symmetric material) and **`aidd-jwt-security`** where JWT appears; should not treat “we used ConstantTimeEq” as sufficient for **entropy** problems.
+- Given **human** auth, should **FAIL** password-based login for new design; allow only with **task-documented** legacy exception; prefer **WebAuthn/passkeys** or **federated IdP**.
+- Given **first-party** service-to-service auth, should require **asymmetric** or workload-bound trust (mTLS, OIDC exchange, per-service signing; verifier keeps **public** keys only); should **FAIL** long-lived symmetric keys **reused** across two services unless **N/A** (third-party-only constraint) with rationale.
+- Given **CI** calling our APIs, should prescribe **OIDC / workload identity**, **short-lived** cloud tokens, **ephemeral** mTLS or **signed** requests; should **WARN or FAIL** **static repo secrets** and require a **migration** note, not silence.
+- Given **third-party** webhooks or vendor APIs limited to **HMAC/bearer**, should allow **documented**, **boundary-scoped** exception with **per-integration** secret, **rotation**, **no cross-service reuse**.
+- Given **HTTP**, should **FAIL** **unauthenticated** **writes** to **persisted** server state (config, spawn, schedule, skills, webhooks, etc.).
+- Given **HTTP reads**, should **FAIL** **unauthenticated** access to **PII** or **persisted operational** data (sessions, agents, integrations, audit, logs, uploads) unless labeled **public metadata** with **justification**.
+- Given **any channel** (WS, SSE, gRPC, IPC, browser, CLI, bus, webhook ingress), should **FAIL** **weaker** or **missing** auth vs HTTP for the same capability, or **bypass** of primary authZ (e.g. **`?token=`** bearer, unsigned callback, **IP-only** trust).
+- Given **logs/metrics/traces/errors**, should **FAIL** credential emission (headers, cookies, `Authorization`, sensitive query); checklist must name **query keys to redact** when URIs are logged.
+- Given **defaults / first boot**, should **FAIL** **fail-open** control plane (empty credential = full API, prod **dev** auth disable, **implicit** automation target).
+- Given **compare / token shape**, should point to **`aidd-timing-safe-compare`** and **`aidd-jwt-security`**; should **FAIL** treating **ConstantTimeEq** alone as fixing **low-entropy** secrets.
 
 ---
 
-## Integrate the skill into `aidd-review`
+## Integrate into `aidd-review`
 
-Update `.cursor/skills/aidd-review/SKILL.md` and `ai/skills/aidd-review/SKILL.md` so **`/aidd-review` always invokes** **`aidd-security-review`** for the security phase: add to **Criteria**, add a **ReviewProcess** step, and state that **OWASP alone is insufficient** for merge-ready security review.
+Patch **Criteria** + **ReviewProcess** in `.cursor/skills/aidd-review/SKILL.md` and `ai/skills/aidd-review/SKILL.md`: **always** run **`aidd-security-review`** before calling the security pass done; state **OWASP is necessary but not sufficient** for merge-ready security review. Keep **pointers** to **`aidd-timing-safe-compare`** and **`aidd-jwt-security`** (no full duplicate of those skills).
 
 **Requirements**:
 
-- Given a `/aidd-review` run on code that touches auth, network listeners, persistence, or secrets, should **load and follow** `aidd-security-review` **before** claiming the security pass is complete.
-- Given the updated review skill, should still reference **`aidd-timing-safe-compare`** and **`aidd-jwt-security`** where applicable without duplicating their full text.
+- Given code touching **auth, listeners, persistence, or secrets**, should **not** mark security complete until **`aidd-security-review`** checklist is executed.
 
 ---
 
-## Add references and examples for first-pass coverage
+## References (bad vs good)
 
-Add `references/` under the new skill (or extend `aidd-review/references/`) with **concrete pattern examples**: insecure vs secure for **empty default auth**, **WS/HTTP split**, **query token**, **webhook default target**, **session in JSON + cookie**, **localStorage API secret**.
+Under the new skill’s `references/` (or shared `aidd-review/references/`), add **one** insecure/secure pair per **checklist** row (empty default auth, WS≠HTTP auth, query `token`, webhook default agent, session token in JSON **and** cookie, `localStorage` API secret).
 
 **Requirements**:
 
-- Given a reviewer reading only the skill, should find **at least one** “bad pattern / good pattern” pair per **non-negotiable** checklist line so first pass is **mechanical**, not inspirational.
+- Given the skill alone, should support **mechanical** first pass without prose improvisation.
 
 ---
 
-## Validate and cross-link agent entry points
+## Cross-link entry points
 
-Ensure `AGENTS.md`, `aidd-custom/AGENTS.md` (if present), and any **orchestrator** or **review** docs that list skills mention the new **mandatory** security pass.
+Update `AGENTS.md`, `aidd-custom/AGENTS.md` (if used), and orchestrator/review listings so **`aidd-security-review`** is **mandatory** with **`aidd-review`** for security-sensitive work.
 
 **Requirements**:
 
-- Given a new contributor following `AGENTS.md` to run `/review`, should discover **`aidd-security-review`** as a **required** companion to **`aidd-review`** for security-sensitive changes.
+- Given `AGENTS.md`, should name **`aidd-security-review`** as required for `/review` when changes are security-sensitive.

From c9c642cdf36526e88e9e632a518dc77f630d7dc2 Mon Sep 17 00:00:00 2001
From: Cursor Agent <cursoragent@cursor.com>
Date: Sun, 22 Mar 2026 04:40:17 +0000
Subject: [PATCH 4/4] docs(tasks): tighten epic prose (AIDD style: concise,
 active, required checklist)

Co-authored-by: Eric Elliott <support@paralleldrive.com>
---
 ...idd-review-explicit-security-skill-epic.md | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/tasks/aidd-review-explicit-security-skill-epic.md b/tasks/aidd-review-explicit-security-skill-epic.md
index f71829f..0da5ef3 100644
--- a/tasks/aidd-review-explicit-security-skill-epic.md
+++ b/tasks/aidd-review-explicit-security-skill-epic.md
@@ -1,24 +1,24 @@
 # AIDD Review Explicit Security Skill Epic
 
 **Status**: 📋 PLANNED
-**Goal**: Mandatory checklist skill for `/aidd-review` so structural auth/secret failures surface on first pass—not only via OWASP Top 10.
+**Goal**: **Require** a checklist skill on `/aidd-review` so structural auth/secret bugs show up on first pass—OWASP alone is not enough.
 
 ## Overview
 
-OWASP is too coarse for **policy** bugs (auth off by default, transport mismatch, secrets in URLs, implicit automation targets). This epic adds **`aidd-security-review`** (non-optional checklist + **PASS / FAIL / N/A+rationale** per item), wires it into **`aidd-review`**, and defines how **first-party**, **CI**, and **third-party** fit **least privilege** and **layered** controls: **scoped exceptions** only, with rotation, isolation, and docs—never weak defaults by default.
+OWASP misses **policy** failures—e.g. **auth off by default**, **HTTP vs WebSocket auth split**, …. This epic ships **`aidd-security-review`**: a **required** checklist; each line gets **PASS / FAIL / N/A + rationale** in the review. Wire it into **`aidd-review`**. Spell out how **first-party**, **CI**, and **third-party** map to **least privilege** and **layers**: **scoped exceptions** only—rotate, isolate, document—no silent weak defaults.
 
 ## Principles (copy into the new skill verbatim)
 
-- **Least knowledge** — verify with **public** material where feasible; minimize what each component holds about peers’ secrets.
-- **Least privilege** — minimum access, duration, scope per human, service, integration, CI job; broader access must be **time-bounded**, **revocable**, **documented**.
-- **Security in layers** — TLS, network zone, localhost **do not** replace control-plane **authn/authz**; WebSocket, SSE, gRPC, IPC match HTTP for the **same** resource class unless **classified and justified**.
-- **Prefer the safer option** — if a pattern is only *sometimes* safe and a better one exists (passkeys vs passwords, asymmetric vs duplicated symmetric keys, explicit vs implicit automation binding), **FAIL** the weaker choice unless the **epic/task** records an approved exception.
+- **Least knowledge** — Prefer verify-with-**public** material. Hold less of peers’ secrets.
+- **Least privilege** — Minimize access, duration, scope for every human, service, integration, CI job. Widen only with **time bounds**, **revocation**, **docs**.
+- **Security in layers** — TLS, zone, localhost **≠** control-plane **authn/authz**. Match **WS / SSE / gRPC / IPC** to HTTP for the **same** capability unless you **classify and justify** a difference.
+- **Prefer the safer option** — **FAIL** the weaker pattern when a better one fits (passkeys over passwords, asymmetric over duplicated symmetric keys, explicit binding over implicit defaults). **Epic/task** must record any approved exception.
 
 ---
 
 ## Author the explicit security review skill
 
-Add `.cursor/skills/aidd-security-review/SKILL.md` (mirror to `ai/skills/` if repo requires). Lead with the **Principles** block above, then a **checklist** for every security-relevant review. Run it **with** OWASP (not instead). Each checklist item: **PASS / FAIL / N/A + rationale** in the review artifact.
+Add `.cursor/skills/aidd-security-review/SKILL.md` (mirror to `ai/skills/` if repo requires). Open with **Principles**, then the **checklist**. Run **next to** OWASP—OWASP does not replace this list. Emit **PASS / FAIL / N/A + rationale** per row in the review artifact.
 
 **Requirements**:
 
@@ -37,7 +37,7 @@ Add `.cursor/skills/aidd-security-review/SKILL.md` (mirror to `ai/skills/` if re
 
 ## Integrate into `aidd-review`
 
-Patch **Criteria** + **ReviewProcess** in `.cursor/skills/aidd-review/SKILL.md` and `ai/skills/aidd-review/SKILL.md`: **always** run **`aidd-security-review`** before calling the security pass done; state **OWASP is necessary but not sufficient** for merge-ready security review. Keep **pointers** to **`aidd-timing-safe-compare`** and **`aidd-jwt-security`** (no full duplicate of those skills).
+Patch **Criteria** + **ReviewProcess** in `.cursor/skills/aidd-review/SKILL.md` and `ai/skills/aidd-review/SKILL.md`. **Finish `aidd-security-review` before** you call the security pass complete. Say clearly: OWASP **supplements** this checklist; it **does not** replace it. Link **`aidd-timing-safe-compare`** and **`aidd-jwt-security`**—do not fork their bodies here.
 
 **Requirements**:
 
@@ -57,8 +57,8 @@ Under the new skill’s `references/` (or shared `aidd-review/references/`), add
 
 ## Cross-link entry points
 
-Update `AGENTS.md`, `aidd-custom/AGENTS.md` (if used), and orchestrator/review listings so **`aidd-security-review`** is **mandatory** with **`aidd-review`** for security-sensitive work.
+Update `AGENTS.md`, `aidd-custom/AGENTS.md` (if used), and orchestrator/review listings: **`aidd-security-review`** is **required** alongside **`aidd-review`** for security-sensitive work.
 
 **Requirements**:
 
-- Given `AGENTS.md`, should name **`aidd-security-review`** as required for `/review` when changes are security-sensitive.
+- Given `AGENTS.md`, should list **`aidd-security-review`** as **required** for `/review` on security-sensitive changes.