fulll
diff --git a/‎.github/actions/start-preview-server/action.yml‎
Lines changed: 10 additions & 4 deletions b/‎.github/actions/start-preview-server/action.yml‎
Lines changed: 10 additions & 4 deletions
diff --git a/‎.github/instructions/aikido_rules.instructions.md‎
Lines changed: 14 additions & 0 deletions b/‎.github/instructions/aikido_rules.instructions.md‎
Lines changed: 14 additions & 0 deletions
@@ -32,17 +32,23 @@ runs:
   steps:
     - name: Start VitePress preview
       shell: bash
-      run: bun run docs:preview -- --port ${{ inputs.port }} &
+      env:
+        PORT: ${{ inputs.port }}
+      run: bun run docs:preview -- --port $PORT &
 
     - name: Wait for preview server to be ready
       shell: bash
+      env:
+        PORT: ${{ inputs.port }}
+        BASE: ${{ inputs.base }}
+        TIMEOUT: ${{ inputs.timeout }}
       run: |
-        URL="http://localhost:${{ inputs.port }}${{ inputs.base }}"
+        URL="http://localhost:${PORT}${BASE}"
         echo "Waiting for ${URL} …"
-        DEADLINE=$(( $(date +%s) + ${{ inputs.timeout }} ))
+        DEADLINE=$(( $(date +%s) + ${TIMEOUT} ))
         until curl -sf "${URL}" > /dev/null 2>&1; do
           if [ "$(date +%s)" -ge "${DEADLINE}" ]; then
-            echo "::error::Preview server did not respond within ${{ inputs.timeout }} s on ${URL}."
+            echo "::error::Preview server did not respond within ${TIMEOUT} s on ${URL}."
             exit 1
           fi
           echo "… retrying in 2 s"
 
@@ -0,0 +1,14 @@
+---
+applyTo: "**"
+description: Aikido MCP Security Rules
+---
+
+# Project security best practices
+
+- Always run **aikido_full_scan** on generated, added and modified first-party code, unless the prompt explicitly says not to.
+- Always provide the full file content to the scanner.
+- If the scan identifies any security issues in newly generated or modified code, fix the issues using the scan result and remediation provided by **Aikido**.
+- After applying fixes, run aikido_full_scan again to verify that the issues were successfully resolved, and no new issues were introduced.
+- Repeat the fix-and-rescan cycle until the code passes with zero remaining or newly introduced security issues.
+- If the **Aikido MCP server** required to run scans is not installed or not started successfully, inform the user with a message directing them to install it using the official Aikido MCP setup guide at:  
+  **https://help.aikido.dev/ide-plugins/aikido-mcp**.