diff --git a/.specify/prd.md b/.specify/prd.md
new file mode 100644
index 00000000..5bf88b86
--- /dev/null
+++ b/.specify/prd.md
@@ -0,0 +1,102 @@
+# PRD: Implement All Spec-Kit Specs for gh-aw-firewall
+
+## Goal
+Work through all valid specs in `.specify/specs/`, implementing each one, testing it, creating a PR, and iterating until the PR is mergeable. Each task corresponds to one spec.
+
+## Workflow Per Task
+1. Read the spec file in `.specify/specs/NNN-title/spec.md`
+2. Create a new branch from `main`: `fix/NNN-short-title` or `feat/NNN-short-title`
+3. Implement the changes described in the spec
+4. Run `npm run build && npm test && npm run lint` to verify
+5. Commit changes with conventional commit message (e.g., `fix: description` or `feat: description`)
+6. Create a PR referencing the GitHub issue mentioned in the spec
+7. Check CI status with `gh pr checks`. If CI fails, fix and push
+8. Check for review comments with `gh pr view --comments`. Address any feedback
+9. Iterate until PR is green and approved
+10. Mark the task as done below
+
+## Important Notes
+- Always branch from `main`, not from the current branch
+- Run `npm run build && npm test` before creating PRs
+- Reference the GitHub issue number in the PR body (e.g., "Fixes #NUMBER")
+- Do NOT push to `main` directly - always use PRs
+- After compiling any workflow `.md` files, run: `npx tsx scripts/ci/postprocess-smoke-workflows.ts`
+- Keep changes minimal and focused on what the spec describes
+
+## Tasks (Ordered by Priority)
+
+### Quick Wins - Security (Low complexity, High impact)
+- [x] **002**: Fix minimatch ReDoS vulnerability - `npm audit fix` (Spec: `.specify/specs/002-minimatch-redos-vuln/spec.md`, Issue: #1147)
+- [ ] **097**: Disable IPv6 when ip6tables unavailable (Spec: `.specify/specs/097-ipv6-disable-fallback/spec.md`, Issue: #245)
+- [ ] **095**: Run Squid container as non-root user (Spec: `.specify/specs/095-squid-non-root/spec.md`, Issue: #250)
+- [ ] **096**: SSL Bump key secure wiping via tmpfs (Spec: `.specify/specs/096-ssl-bump-key-security/spec.md`, Issue: #247)
+- [ ] **054**: Stop logging partial token values (Spec: `.specify/specs/054-token-logging-leak/spec.md`, Issue: #758)
+- [ ] **037**: Fix TOCTOU race conditions in ssl-bump.ts (Spec: `.specify/specs/037-toctou-ssl-bump/spec.md`, Issue: #838)
+- [ ] **104**: Fix direct IP+TLS bypass of domain filtering (Spec: `.specify/specs/104-ip-tls-bypass/spec.md`, Issue: #137)
+
+### Quick Wins - Testing (Low complexity)
+- [ ] **038**: Add TOCTOU test coverage (Spec: `.specify/specs/038-toctou-test-coverage/spec.md`, Issue: #837)
+- [ ] **042**: Add chroot escape test coverage (Spec: `.specify/specs/042-chroot-escape-test-gaps/spec.md`, Issue: #762)
+- [ ] **052**: Expand credential hiding tests to all 14 paths (Spec: `.specify/specs/052-credential-hiding-tests/spec.md`, Issue: #761)
+- [ ] **053**: Add workDir tmpfs hiding test (Spec: `.specify/specs/053-workdir-tmpfs-test/spec.md`, Issue: #759)
+- [ ] **069**: Add --proxy-logs-dir tests (Spec: `.specify/specs/069-proxy-logs-dir-tests/spec.md`, Issue: #499)
+- [ ] **070**: Add --allow-host-ports validation tests (Spec: `.specify/specs/070-allow-host-ports-tests/spec.md`, Issue: #498)
+- [ ] **071**: Add --skip-pull integration test (Spec: `.specify/specs/071-skip-pull-integration-test/spec.md`, Issue: #497)
+- [ ] **100**: Add logger/aggregator tests (Spec: `.specify/specs/100-logger-tests/spec.md`, Issue: #100)
+
+### Quick Wins - Documentation & DX
+- [ ] **039**: Sync version references and missing CLI flags in docs (Spec: `.specify/specs/039-docs-sync-versions/spec.md`, Issue: #836)
+- [ ] **066**: Clarify --image-tag behavior with presets (Spec: `.specify/specs/066-image-tag-preset-docs/spec.md`, Issue: #502)
+- [ ] **067**: Add short flags (-d, -b, -k) (Spec: `.specify/specs/067-short-flags/spec.md`, Issue: #501)
+- [ ] **072**: Document flag validation constraints (Spec: `.specify/specs/072-doc-flag-validation/spec.md`, Issue: #496)
+
+### Medium Complexity - Bugs
+- [ ] **012**: Fix Copilot CLI v0.0.411 404 download (Spec: `.specify/specs/012-copilot-cli-404/spec.md`, Issue: #1119)
+- [ ] **013**: Fix integration test failures (4 categories) (Spec: `.specify/specs/013-integration-test-failures/spec.md`, Issue: #1102)
+- [ ] **023**: Fix LD_PRELOAD breaking Deno scoped permissions (Spec: `.specify/specs/023-ld-preload-deno-conflict/spec.md`, Issue: #1001)
+- [ ] **024**: Fix Yarn SSL/network errors through Squid proxy (Spec: `.specify/specs/024-yarn-ssl-squid-proxy/spec.md`, Issue: #949)
+- [ ] **034**: Verify capsh execution chain after PR #715 (Spec: `.specify/specs/034-capsh-bash-wrapping/spec.md`, Issue: #842)
+- [ ] **035**: Collect agent output on execution failure (Spec: `.specify/specs/035-collect-agent-output-failure/spec.md`, Issue: #840)
+
+### Medium Complexity - Features
+- [ ] **025**: Configurable agent timeout (Spec: `.specify/specs/025-agent-timeout-large-projects/spec.md`, Issue: #948)
+- [ ] **068**: Improve help text organization (Spec: `.specify/specs/068-help-text-organization/spec.md`, Issue: #500)
+- [ ] **092**: Configurable memory limit with --memory-limit flag (Spec: `.specify/specs/092-memory-limit-config/spec.md`, Issue: #310)
+- [ ] **103**: Predownload images command (Spec: `.specify/specs/103-predownload-images/spec.md`, Issue: #193)
+- [ ] **116**: Add --no-dind flag to disallow DinD (Spec: `.specify/specs/116-disallow-dind-mode/spec.md`, Issue: #116)
+
+### Medium Complexity - Security
+- [ ] **055**: Fix secure_getenv() bypass for one-shot token (Spec: `.specify/specs/055-secure-getenv-bypass/spec.md`, Issue: #756)
+- [ ] **011**: Simplify security model - reject non-localhost IP (Spec: `.specify/specs/011-simplify-security-model/spec.md`, Issue: #11)
+
+### Medium Complexity - CI/Infrastructure
+- [ ] **036**: Cherry-pick API proxy fixes to sidecar branch (Spec: `.specify/specs/036-api-proxy-sidecar-cherry-pick/spec.md`, Issue: #839)
+- [ ] **082**: CI quality gates - markdown linting, link checking, CODEOWNERS (Spec: `.specify/specs/082-ci-quality-gates/spec.md`, Issues: #348,#352,#353,#350)
+- [ ] **083**: Performance monitoring workflow (Spec: `.specify/specs/083-performance-monitoring/spec.md`, Issue: #337)
+- [ ] **085**: Agentic maturity Level 4 (Spec: `.specify/specs/085-agentic-maturity-level4/spec.md`, Issues: #332,#313)
+- [ ] **102**: Documentation preview environment for PRs (Spec: `.specify/specs/102-docs-preview/spec.md`, Issue: #235)
+
+### High Complexity
+- [ ] **062**: Restrict /proc/self/environ and docker-compose.yml secret exposure (Spec: `.specify/specs/062-proc-environ-secret-exposure/spec.md`, Issue: #620)
+- [ ] **064**: Fix chroot binary interception (Java, Rust, Bun) (Spec: `.specify/specs/064-chroot-binary-interception/spec.md`, Issue: #518)
+- [ ] **073**: Propagate host.docker.internal DNS to spawned containers (Spec: `.specify/specs/073-host-docker-internal-dns/spec.md`, Issue: #422)
+- [ ] **074**: Mount host filesystem as read-only (Spec: `.specify/specs/074-readonly-host-mount/spec.md`, Issue: #420)
+- [ ] **075**: Init container for iptables separation (Spec: `.specify/specs/075-init-container-iptables/spec.md`, Issue: #375)
+- [ ] **084**: Seccomp deny-by-default hardening (Spec: `.specify/specs/084-seccomp-hardening/spec.md`, Issue: #311)
+- [ ] **093**: Content inspection DLP (Spec: `.specify/specs/093-content-inspection-dlp/spec.md`, Issue: #308)
+- [ ] **094**: DNS-over-HTTPS support (Spec: `.specify/specs/094-dns-over-https/spec.md`, Issue: #307)
+- [ ] **098**: Performance benchmarking suite (Spec: `.specify/specs/098-performance-benchmarking/spec.md`, Issue: #240)
+- [ ] **105**: YAML rule configuration (Spec: `.specify/specs/105-yaml-rules/spec.md`, Issue: #136)
+- [ ] **106**: Child container NAT rule inheritance (Spec: `.specify/specs/106-child-container-nat/spec.md`, Issue: #130)
+
+## Excluded Specs (Do NOT work on these)
+- **022**: Duplicate of 002 (minimatch ReDoS)
+- **032**: Misfiled - belongs in gh-aw repo, not gh-aw-firewall
+- **033**: Already resolved in main (Java proxy config)
+- **063**: Already resolved in main (Smoke chroot permissions)
+
+## Success Criteria
+1. All tasks above are checked off
+2. Each task has a PR created
+3. All PRs pass CI
+4. No regressions in existing tests
diff --git a/.specify/progress.txt b/.specify/progress.txt
new file mode 100644
index 00000000..8da44d67
--- /dev/null
+++ b/.specify/progress.txt
@@ -0,0 +1 @@
+2026-03-05: Task 002 - Fix minimatch ReDoS vulnerability. Ran `npm audit fix` to update minimatch from 10.2.1 to 10.2.4 and ajv to patched version. Build, tests (821 passed), and lint all pass. npm audit shows 0 vulnerabilities. Branch: fix/002-minimatch-redos-vuln.
diff --git a/docs-site/package-lock.json b/docs-site/package-lock.json
index 6b4ae0cc..4a705e31 100644
--- a/docs-site/package-lock.json
+++ b/docs-site/package-lock.json
@@ -3901,10 +3901,13 @@
       }
     },
     "node_modules/dompurify": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.1.tgz",
-      "integrity": "sha512-qkdCKzLNtrgPFP1Vo+98FRzJnBRGe4ffyCea9IwHB1fyxPOeNTHpLKYGd4Uk9xvNoH0ZoOjwZxNptyMwqrId1Q==",
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.2.tgz",
+      "integrity": "sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ==",
       "license": "(MPL-2.0 OR Apache-2.0)",
+      "engines": {
+        "node": ">=20"
+      },
       "optionalDependencies": {
         "@types/trusted-types": "^2.0.7"
       }
@@ -7098,10 +7101,13 @@
       "license": "MIT"
     },
     "node_modules/sax": {
-      "version": "1.4.3",
-      "resolved": "https://registry.npmjs.org/sax/-/sax-1.4.3.tgz",
-      "integrity": "sha512-yqYn1JhPczigF94DMS+shiDMjDowYO6y9+wB/4WgO0Y19jWYk0lQ4tuG5KI7kj4FTp1wxPj5IFfcrz/s1c3jjQ==",
-      "license": "BlueOak-1.0.0"
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.5.0.tgz",
+      "integrity": "sha512-21IYA3Q5cQf089Z6tgaUTr7lDAyzoTPx5HRtbhsME8Udispad8dC/+sziTNugOEx54ilvatQ9YCzl4KQLPcRHA==",
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": ">=11.0.0"
+      }
     },
     "node_modules/semver": {
       "version": "7.7.3",
@@ -7323,9 +7329,9 @@
       "license": "MIT"
     },
     "node_modules/svgo": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/svgo/-/svgo-4.0.0.tgz",
-      "integrity": "sha512-VvrHQ+9uniE+Mvx3+C9IEe/lWasXCU0nXMY2kZeLrHNICuRiC8uMPyM14UEaMOFA5mhyQqEkB02VoQ16n3DLaw==",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/svgo/-/svgo-4.0.1.tgz",
+      "integrity": "sha512-XDpWUOPC6FEibaLzjfe0ucaV0YrOjYotGJO1WpF0Zd+n6ZGEQUsSugaoLq9QkEZtAfQIxT42UChcssDVPP3+/w==",
       "license": "MIT",
       "dependencies": {
         "commander": "^11.1.0",
@@ -7334,7 +7340,7 @@
         "css-what": "^6.1.0",
         "csso": "^5.0.5",
         "picocolors": "^1.1.1",
-        "sax": "^1.4.1"
+        "sax": "^1.5.0"
       },
       "bin": {
         "svgo": "bin/svgo.js"
diff --git a/package-lock.json b/package-lock.json
index b1fabdb2..910b801f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1890,9 +1890,9 @@
       }
     },
     "node_modules/@commitlint/config-validator/node_modules/ajv": {
-      "version": "8.17.1",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
-      "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
+      "version": "8.18.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.18.0.tgz",
+      "integrity": "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -3783,9 +3783,9 @@
       }
     },
     "node_modules/ajv": {
-      "version": "6.12.6",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
-      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+      "version": "6.14.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz",
+      "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -6478,16 +6478,16 @@
       }
     },
     "node_modules/minimatch": {
-      "version": "10.2.1",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.1.tgz",
-      "integrity": "sha512-MClCe8IL5nRRmawL6ib/eT4oLyeKMGCghibcDWK+J0hh0Q8kqSdia6BvbRMVk6mPa6WqUa5uR2oxt6C5jd533A==",
+      "version": "10.2.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
+      "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
       "dev": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
         "brace-expansion": "^5.0.2"
       },
       "engines": {
-        "node": "20 || >=22"
+        "node": "18 || 20 || >=22"
       },
       "funding": {
         "url": "https://github.com/sponsors/isaacs"