diff --git a/.gitignore b/.gitignore
index 8f4b40d..d1a3646 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,10 +2,15 @@
 .moon/cache/
 .moon/docker/
 
-# Agent/runtime state (`.agents/skills` is committed template content, not ignored)
+# Agent/runtime state. `.agents/skills` holds committed template skills; the
+# entries below are local maintainer tooling and runtime state, not template
+# content. `.codex-security/` is Codex scan output; `codex-security-scan` is a
+# local scanning skill that lives under the otherwise-committed `.agents/skills`.
 .claude/
 .journal/
 .wt/
+.codex-security/
+.agents/skills/codex-security-scan/
 
 # Environment
 .env
diff --git a/README.md b/README.md
index 5159ba5..d25295b 100644
--- a/README.md
+++ b/README.md
@@ -692,6 +692,8 @@ The docs workflow builds the MkDocs site on pull requests and deploys `docs/buil
 The scheduled security scan workflow builds the local container image weekly, scans it for high/critical fixed vulnerabilities, and uploads SARIF results to GitHub code scanning.
 Dependabot covers GitHub Actions, Docker base images, the root Go module, and the docs uv project.
 
+The build CLIs are pinned by version through [Proto](https://moonrepo.dev/proto) and their downloads are integrity-verified: golangci-lint, goose, and mockery verify against their publishers' checksum files (`checksum-url`), while sqlc — which publishes no checksums — is verified against a repository-committed per-platform digest (`.moon/proto/sqlc.sha256`) by the `sqlc-verify` task before it runs. Repo-pinning the other three was considered and deliberately left out: they already verify against upstream checksums, so committing per-platform digests would duplicate that control and add maintenance on every version bump.
+
 Repository settings live in `.github/repository-settings.toml`.
 They default to immutable releases, private vulnerability reporting, signed commits, squash-only merges, GitHub Pages workflow publishing, and protected tags.