No need for AGENTS.md to worry about SECURITY.md

nedtwigg · nedtwigg · commit 7f87e0f956b8 · 2026-05-22T14:42:32.000-07:00
diff --git a/AGENTS.md b/AGENTS.md
@@ -43,10 +43,6 @@ The primary job of a spec is to be an accurate reference for the current state o
 
 When updating code covered by a spec, update the spec to match. When the two specs overlap (e.g. pane header elements appear in both), layout.md documents placement and sizing while alert.md documents behavior and visual states.
 
-## Security
-
-See [SECURITY.md](SECURITY.md). It enumerates concrete `FAIL IF` checks across dependencies, GitHub Actions, release pipelines, and the tend automation surface, and it is enforced by `.github/workflows/security-audit.yaml` (nightly + as a required gate before VS Code publish). Read it before touching: `.github/workflows/`, `.github/dependabot.yml`, `.config/tend.yaml`, `pnpm-workspace.yaml`, `scripts/sign-and-deploy.sh`, or anything that introduces a new secret, workflow trigger, or environment. Failures are tracked under the `security-audit-failure` issue label.
-
 ## Design
 
 See [DESIGN.md](DESIGN.md) for full design context. Key principles:
