review-security

// Security review checklist for OpenAEV code: RBAC, tenant isolation, data exposure, authentication. Use when reviewing PRs or auditing security of a feature.