chore: security and local rules compliance

[metyatech]

This PR addresses several compliance gaps identified against AGENTS.md:

• Added a security workflow (.github/workflows/security.yml) using \osv-scanner\ for automated dependency scanning.
• Included \�gent-rules-local/release.md\ in \�gent-ruleset.json\ to ensure distribution and release rules are part of the composed \AGENTS.md.
• Added \metyatech\ to \package.json\ keywords.
• Fixed dependency vulnerabilities via
  pm audit fix.

Note: This PR intentionally avoids regenerating \AGENTS.md\ and adding @types/diff\ to avoid overlap with PR #8. This PR depends on the build fix in PR #8 to pass CI/build.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[Copilot]

Pull request overview

This PR addresses security and compliance requirements by adding automated dependency scanning, updating the ruleset configuration, and fixing dependency vulnerabilities.

Changes:

• Added a security workflow using osv-scanner for automated dependency vulnerability scanning on push, pull requests, and weekly schedule
• Included agent-rules-local/release.md in the ruleset to ensure distribution and release rules are part of AGENTS.md
• Added "metyatech" to package.json keywords for better discoverability
• Updated ajv dependency from 8.17.1 to 8.18.0 via npm audit fix

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
.github/workflows/security.yml	New security workflow for automated dependency scanning using osv-scanner
agent-ruleset.json	Added agent-rules-local/release.md to extra rules array
package.json	Added "metyatech" keyword
package-lock.json	Updated ajv dependency to 8.18.0 for security fix
CHANGELOG.md	Documented all changes in Unreleased section

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The GitHub Action reference appears to be incorrect. The path google/osv-scanner-action/osv-scanner-action@v1 contains a duplicated path component. GitHub Actions should be referenced as owner/repo@version, not owner/repo/path@version. The correct reference should be google/osv-scanner-action@v1 or possibly google/osv-scanner@v1 depending on the actual repository name. This will cause the workflow to fail when executed.

Suggested change

	uses: google/osv-scanner-action/osv-scanner-action@v1
	uses: google/osv-scanner-action@v1

[metyatech]

Agent runner idle completed.

Repo: metyatech/compose-agentsmd
Engine: gemini-flash
Notify: @metyatech

Summary:
(missing)

[metyatech]

Closing: superseded by #8 which passes CI.