diff --git a/CLAUDE.md b/CLAUDE.md
index cb29f86..612abf1 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -79,3 +79,28 @@ each adapter needs:
 
 see NOTES.txt for cell-grid vs text-crdt mode discussion.
 see docs/ for full research and architecture breakdown.
+
+## security
+
+current state (research prototype):
+- room name validation (alphanumeric, 1-64 chars)
+- message type validation via protocol decoder
+- websocket.send error handling
+
+known gaps (not production ready):
+- no authentication (anyone can join any room by name)
+- no authorization (all peers see all edits)
+- no rate limiting on messages or room creation
+- no message size limits
+- room names guessable via brute force
+- no encryption (deploy behind wss, not ws)
+- no audit logging
+- no persistence (data lost on daemon restart)
+
+before production:
+1. auth layer (jwt tokens or unix socket for local-only)
+2. per-room authorization
+3. rate limiting (msgs/sec, rooms/minute)
+4. message size caps
+5. tls via reverse proxy
+6. access logging