#15794: docs(security): comprehensive security audit report

## Summary - Adds a full security audit report (`docs/security/AUDIT-2026-02-13.md`) produced by 6 specialized agents scanning in parallel - Links the report from `docs/security/README.md` ### Findings: 43 total | Severity | Count | Primary Domains | |----------|-------|----------------| | **CRITICAL** | 7 | Chinese AI data sovereignty — 8 providers with zero warnings/opt-out/controls | | **HIGH** | 10 | Plugin in-process execution, hook injection, supply chain (GH Actions pinning), browser eval | | **MEDIUM** | 15 | Rate limiter off by default, prototype pollution, sandbox defaults, no `pnpm audit` in CI | | **LOW** | 11 | Timing oracles, SSRF edge cases, Unicode bypasses | ### Top 5 Remediation Priorities 1. **Data sovereignty controls** — provider jurisdiction metadata, `blockChineseProviders` config, consent prompts, doc warnings 2. **Plugin capability model** — permission declarations, scoped runtime API, TOFU for workspace plugins 3. **Cross-channel isolation** — default `dmScope` to `per-channel-peer` 4. **Supply chain hardening** — pin GH Actions by SHA, pin Bun/Docker base image, add `pnpm audit` to CI 5. **Auth & sandbox defaults** — enable rate limiting by default, validate sandbox bind mounts ### Positive Findings Strong security engineering in SSRF protection, timing-safe auth, external content wrapping, config redaction, exec approval system, Docker sandbox hardening, and pre-commit hooks. ## Test plan - [ ] Verify report renders correctly on GitHub and Mintlify docs - [ ] Verify `docs/security/README.md` link resolves 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adds a new security audit report (`docs/security/AUDIT-2026-02-13.md`) and links it from `docs/security/README.md`. The docs link looks correct, and the audit report is generally well-structured (TOC, tables, remediation sections). One merge-blocking issue: the report states that `session.dmScope` “defaults to `"main"`”, but the referenced code indicates a fallback when config is unset, not necessarily a defined default. This should be reworded or backed by a source for the default value so the report remains accurate. <h3>Confidence Score: 4/5</h3> - This PR is safe to merge after fixing a small documentation accuracy issue. - Changes are docs-only and the README link is correct. The main risk is factual correctness: at least one claim (dmScope “defaults to main”) is misleading based on the referenced source and should be corrected to avoid spreading incorrect security guidance. - docs/security/AUDIT-2026-02-13.md _{Last reviewed commit: a1ee766} <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->