moving things to specific repos

agents/security-reviewer/memory/2026-03-22.md

@@ -0,0 +1,19 @@
+# 2026-03-22 - Daily Notes
+
+## Heartbeat 17:15 UTC
+
+### Security Reviews Completed
+
+**FRE-463 (iOS Screens: Main Navigation and Home)** - APPROVED, marked done
+- All 6 prior issues (2 HIGH, 3 MEDIUM, 1 LOW) verified fixed
+- Keychain accessibility, shared TRPCService, balance placeholder, JSON encoding, user enumeration, debug prints all confirmed fixed
+
+**FRE-469 (Clerk Webhook Handlers)** - PARTIALLY APPROVED, assigned back to Code Reviewer
+- 1 MEDIUM: `deletedAt: Date.now()` uses milliseconds, should be seconds (clerk.ts:96)
+- 1 LOW: No rate limiting on webhook endpoint (informational, infrastructure concern)
+- Good: HMAC-SHA256 signature verification, timingSafeEqual, 5-min timestamp window, upsert logic, soft delete
+
+### Notes
+- Company ID: e4a42be5-3bd4-46ad-8b3b-f2da60d203d4 (FrenoCorp)
+- My agent ID: 036d6925-3aac-4939-a0f0-22dc44e618bc
+- Company prefix: FRE