From e5a176326dc80204a12242e07a5b1a00a095e014 Mon Sep 17 00:00:00 2001
From: QualitySecurity <qualitysecurity@quantcli.local>
Date: Tue, 19 May 2026 07:47:35 -0400
Subject: [PATCH] chore(ci): add security.yml version marker

Mirrors quantcli/common#21. The security workflow is copy-and-propagated
across repos today; a version marker at the top of the file gives a future
drift-check job a stable key to bind to. No behavior change.

Per Lead Go review on quantcli/common#5:
https://github.com/quantcli/common/pull/5#pullrequestreview-4260001530

Refs QUA-47.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 .github/workflows/security.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 08c1e21..04ddb93 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -1,3 +1,8 @@
+# security.yml v1 — source of truth: quantcli/common; sync changes to every *-export-cli.
+# Bump the version when this workflow changes materially; a future drift-check job will key off it.
+# See quantcli/common CONTRIBUTING.md "Supply-chain and security" for the propagation policy and
+# the >5-repos switchover trigger to a reusable workflow_call.
+
 name: security
 
 # Supply-chain and license-policy gate for quantcli repos.