- safety: drop tools section (moved to sdlc), add explicit kubectl-prod
ban, add no-tofu-direct rule, drop the merge-gate cross-reference into
a separate bullet
- sdlc: add Phase 0 product-analysis intake (CMPO Pawla as gate); add
scheduled penetration testing program (Barkley owns); standardize
authentication to Better-Auth + Google + Apple + Authentik; add
canonical tools section (moved from safety) including ghcr.io/groombook
registry standard; reorganize PR review sections to match the cross-org
pattern (named SDLC pipeline phases)
Chris Farhood
93e70e6d66