## Context Issue #76 (Security Audit) was closed after PR #79 (JWT refresh) and related work. Some items may still be outstanding. ## Checklist from #76 - [x] JWT token expiration settings - [x] Password hashing (bcrypt) - [x] Rate limiting implementation - [x] Input validation and sanitization - [ ] Add `bandit` for Python security linting - [ ] Add pre-commit hook for secret detection - [ ] Create `SECURITY.md` with vulnerability reporting process - [ ] Docker containers run as non-root user ## Acceptance Criteria - [ ] `bandit` added to dev dependencies and CI - [ ] `detect-secrets` or similar pre-commit hook configured - [ ] `SECURITY.md` file created with responsible disclosure policy - [ ] Dockerfile uses non-root user - [ ] CI includes security scanning step ## Definition of Done - [ ] All checklist items completed - [ ] CI passes with new security checks - [ ] Documentation updated
Context
Issue #76 (Security Audit) was closed after PR #79 (JWT refresh) and related work. Some items may still be outstanding.
Checklist from #76
banditfor Python security lintingSECURITY.mdwith vulnerability reporting processAcceptance Criteria
banditadded to dev dependencies and CIdetect-secretsor similar pre-commit hook configuredSECURITY.mdfile created with responsible disclosure policyDefinition of Done