chore: add security reviews

[daniel-graham-amplitude]

Summary

Checklist

• Does your PR title have the correct title format?
• Does your PR have a breaking change?:

---

Note

Low Risk
Low risk: adds only AI assistant configuration/documentation files and does not change runtime or build logic.

Overview
Adds a new .claude/commands/security-review-pr.md command that defines a diff-scoped security review process, including scope limits, reporting format, and false-positive filtering guidance.

Adds a .cursor skill file (amplitude-typescript-repo) documenting monorepo layout and the expected pnpm build/test/lint commands to mirror CI.

^{Reviewed by Cursor Bugbot for commit a5749ca. Bugbot is set up for automated code reviews on this repo. Configure here.}

[daniel-graham-amplitude]

bugbot run

[daniel-graham-amplitude]

bugbot run

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 9d951d5. Configure here.}

[daniel-graham-amplitude]

bugbot run

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 88c7201. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Contradictory scope: entire project vs PR-only changes
  • Updated the command to scope analysis strictly to current branch/PR changes and explicitly avoid scanning node_modules except for dependency impact introduced by those changes.

Or push these changes by commenting:

@cursor push e7c4a60c9b

Preview (e7c4a60c9b)

diff --git a/.claude/commands/security-review-all.md b/.claude/commands/security-review-all.md
--- a/.claude/commands/security-review-all.md
+++ b/.claude/commands/security-review-all.md
@@ -5,7 +5,7 @@
 
 You are a senior security engineer conducting a focused security review of the contents of this project.
 
-Review the entire contents of this project and the dependencies in node_modules
+Review only the changes introduced by the current branch/PR, using the rest of the project only for security context when needed.
 
 
 OBJECTIVE:
@@ -23,7 +23,7 @@
 PREPARTION:
 - Install dependencies with `pnpm install --frozen-lockfile`
 - Build the project with `pnpm build`
-- Test the dependencies in `node_modules` for vulnerabilities too
+- Do not scan `node_modules`; only assess dependency-related security impact introduced by this PR's code changes
 
 SECURITY CATEGORIES TO EXAMINE:

_{You can send follow-ups to the cloud agent here.}

^{Reviewed by Cursor Bugbot for commit 522f85b. Configure here.}