# Security Review

## Scope

WatchLink handles user accounts, password hashes, friendship data, room access rules, media URLs, and realtime playback events.

## Current Controls

- Passwords are hashed with bcrypt.
- Sessions use HTTP-only signed cookies.
- Prisma models enforce uniqueness for users, friendships, and room slugs.
- `.env` files are ignored except `.env.example`.
- Container publishing expects Gitea `REGISTRY_TOKEN` as a secret.

## Release Review Notes

Fill this section during release readiness work with commands run, CI links, audit results, and any accepted risks.