## Codebase Patterns
- Use async-first patterns for all I/O operations (httpx, asyncio)
- Plugin architecture with abstract base classes for extensibility
- Use table-driven tests with inline_snapshot where possible
- Tests are organized in tests/unit/, tests/integration/, tests/system/
- Use absolute imports, avoid relative imports except within same module
- Minimize docstrings, use quick returns, avoid abstractions without proven need

---

## 2026-01-28 - Initial Setup
- Created PRD with 5 user stories based on research from promptfoo, promptmap, and FuzzyAI
- Key improvements identified:
  1. Dual-LLM evaluation (from Promptmap)
  2. YAML rule system (from Promptmap)
  3. Composable fuzzing chains (from FuzzyAI)
  4. Unified provider abstraction (from FuzzyAI)
  5. Hybrid refusal detection (combining approaches)
- **Learnings for future iterations:**
  - Existing refusal detection is in agentic_security/probe_actor/refusal.py with RefusalClassifierPlugin system
  - Attack data modules are in agentic_security/probe_data/modules/
  - Security utilities are in agentic_security/core/security.py
---

## 2026-01-28 - US-001
- Implemented LLM-based refusal classifier (Dual-LLM evaluation)
- Files created:
  - agentic_security/refusal_classifier/llm_classifier.py
  - tests/unit/refusal_classifier/test_llm_classifier.py
- **Learnings for future iterations:**
  - RefusalClassifierPlugin requires is_refusal(response: str) -> bool method
  - LLMClient Protocol pattern works well for multiple provider support
  - Use lazy initialization for API clients to avoid requiring keys at import time
  - Anthropic response.content[0] can be TextBlock or ToolUseBlock, need hasattr check
  - Pre-existing test failure in test_sanitize_password (regex doesn't match dict syntax)
---