# Lessons Log

A ring buffer of the last 15 actionable lessons extracted from retrospectives and incidents.
Downstream skills consume this file:
- `.cursor/skills/new-task/SKILL.md` (Step 2 Complexity Assessment)
- `.cursor/skills/plan/steps/06_work-item-epics.md` (epic sizing)
- `.cursor/skills/decompose/SKILL.md` (Step 2 task complexity)
- `.cursor/skills/autodev/SKILL.md` (Execution Loop step 0 — surface top 3 lessons)

Categories: estimation · architecture · testing · dependencies · tooling · process

---

- [2026-05-13] [process] Add a threat-model micro-check to `new-task` Step 5 — endpoints that expose persisted secrets or introduce new auth surface must be flagged at planning, not after a security audit (AZ-183 plaintext-key revert).
  Source: _docs/06_metrics/retro_2026-05-13.md
- [2026-05-13] [tooling] Switch batch and review filenames to `batch_NN_cycleM_*.md` starting cycle 2 — the current `batch_NN_*.md` collides on the next cycle and silently overwrites prior history.
  Source: _docs/06_metrics/retro_2026-05-13.md
- [2026-05-13] [process] File deploy-skill carry-forward drifts (I, J, K, L, M, N, O) as Jira tickets at the end of every Deploy step so operational debt stays visible and sized.
  Source: _docs/06_metrics/retro_2026-05-13.md