diff --git a/.dockerignore b/.dockerignore
index 990531f..4238e42 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -13,3 +13,4 @@ data/
 examples/
 scripts/
 skills-lock.json
+.tmp/
diff --git a/.gitignore b/.gitignore
index 9677573..0127ce9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,5 @@ dashboard-*.png
 scans-*.png
 scan-*.png
 dashboard-*.png
+
+.tmp/
diff --git a/.tmp/tasks/review-fixes/subtask_01.json b/.tmp/tasks/review-fixes/subtask_01.json
deleted file mode 100644
index 1cd3314..0000000
--- a/.tmp/tasks/review-fixes/subtask_01.json
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  "id": "review-fixes-01",
-  "seq": "01",
-  "title": "Fix _validate_report mutating input dict (immutability)",
-  "status": "pending",
-  "depends_on": [],
-  "parallel": true,
-  "suggested_agent": "CoderAgent",
-  "context_files": [
-    "/home/marker/guarddog-nexus/AGENTS.md"
-  ],
-  "reference_files": [
-    "/home/marker/guarddog-nexus/guarddog_nexus/core/llm.py"
-  ],
-  "acceptance_criteria": [
-    "_validate_report() returns a new dict without mutating the input argument",
-    "All existing test_llm* tests still pass",
-    "ruff check/format passes on guarddog_nexus/core/llm.py"
-  ],
-  "deliverables": [
-    "/home/marker/guarddog-nexus/guarddog_nexus/core/llm.py"
-  ],
-  "agent_id": null,
-  "started_at": null,
-  "completed_at": null,
-  "completion_summary": null
-}
diff --git a/.tmp/tasks/review-fixes/subtask_02.json b/.tmp/tasks/review-fixes/subtask_02.json
deleted file mode 100644
index c7a2fdc..0000000
--- a/.tmp/tasks/review-fixes/subtask_02.json
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-  "id": "review-fixes-02",
-  "seq": "02",
-  "title": "Fix _parse_flagged never returning False",
-  "status": "pending",
-  "depends_on": [],
-  "parallel": true,
-  "suggested_agent": "CoderAgent",
-  "context_files": [
-    "/home/marker/guarddog-nexus/AGENTS.md"
-  ],
-  "reference_files": [
-    "/home/marker/guarddog-nexus/guarddog_nexus/routes/web.py"
-  ],
-  "acceptance_criteria": [
-    "_parse_flagged returns True for '1', False for '0', None for other values",
-    "Existing filtering behavior in /scans and /packages routes is preserved",
-    "Adding ?flagged=0 to scan list URL correctly filters to non-flagged scans",
-    "ruff check/format passes on guarddog_nexus/routes/web.py"
-  ],
-  "deliverables": [
-    "/home/marker/guarddog-nexus/guarddog_nexus/routes/web.py"
-  ],
-  "agent_id": null,
-  "started_at": null,
-  "completed_at": null,
-  "completion_summary": null
-}
diff --git a/.tmp/tasks/review-fixes/subtask_03.json b/.tmp/tasks/review-fixes/subtask_03.json
deleted file mode 100644
index 4f7c732..0000000
--- a/.tmp/tasks/review-fixes/subtask_03.json
+++ /dev/null
@@ -1,30 +0,0 @@
-{
-  "id": "review-fixes-03",
-  "seq": "03",
-  "title": "Fix CSV export missing .csv extension in Content-Disposition",
-  "status": "pending",
-  "depends_on": [],
-  "parallel": true,
-  "suggested_agent": "CoderAgent",
-  "context_files": [
-    "/home/marker/guarddog-nexus/AGENTS.md"
-  ],
-  "reference_files": [
-    "/home/marker/guarddog-nexus/guarddog_nexus/routes/api_scans.py",
-    "/home/marker/guarddog-nexus/guarddog_nexus/routes/api_packages.py"
-  ],
-  "acceptance_criteria": [
-    "Content-Disposition header in api_scans.py uses 'attachment; filename=\"scans_export.csv\"'",
-    "Content-Disposition header in api_packages.py uses 'attachment; filename=\"packages_export.csv\"'",
-    "ruff check/format passes on both files",
-    "pytest tests/test_api* passes"
-  ],
-  "deliverables": [
-    "/home/marker/guarddog-nexus/guarddog_nexus/routes/api_scans.py",
-    "/home/marker/guarddog-nexus/guarddog_nexus/routes/api_packages.py"
-  ],
-  "agent_id": null,
-  "started_at": null,
-  "completed_at": null,
-  "completion_summary": null
-}
diff --git a/.tmp/tasks/review-fixes/subtask_04.json b/.tmp/tasks/review-fixes/subtask_04.json
deleted file mode 100644
index 6f28ad3..0000000
--- a/.tmp/tasks/review-fixes/subtask_04.json
+++ /dev/null
@@ -1,31 +0,0 @@
-{
-  "id": "review-fixes-04",
-  "seq": "04",
-  "title": "Strip query params from URLs in SSRF log messages",
-  "status": "pending",
-  "depends_on": [],
-  "parallel": true,
-  "suggested_agent": "CoderAgent",
-  "context_files": [
-    "/home/marker/guarddog-nexus/AGENTS.md"
-  ],
-  "reference_files": [
-    "/home/marker/guarddog-nexus/guarddog_nexus/core/nexus.py",
-    "/home/marker/guarddog-nexus/guarddog_nexus/core/harvester.py"
-  ],
-  "acceptance_criteria": [
-    "SSRF prevention log (nexus.py:125) logs URL host+path only, no query params",
-    "Download failure log (nexus.py:140) logs URL host+path only, no query params",
-    "harvester.py URL logs (lines 74, 89) also strip query params",
-    "All existing tests pass",
-    "ruff check/format passes"
-  ],
-  "deliverables": [
-    "/home/marker/guarddog-nexus/guarddog_nexus/core/nexus.py",
-    "/home/marker/guarddog-nexus/guarddog_nexus/core/harvester.py"
-  ],
-  "agent_id": null,
-  "started_at": null,
-  "completed_at": null,
-  "completion_summary": null
-}
diff --git a/.tmp/tasks/review-fixes/subtask_05.json b/.tmp/tasks/review-fixes/subtask_05.json
deleted file mode 100644
index 403f372..0000000
--- a/.tmp/tasks/review-fixes/subtask_05.json
+++ /dev/null
@@ -1,30 +0,0 @@
-{
-  "id": "review-fixes-05",
-  "seq": "05",
-  "title": "Reorder Dockerfile COPY/install for layer caching",
-  "status": "pending",
-  "depends_on": [],
-  "parallel": true,
-  "suggested_agent": "CoderAgent",
-  "context_files": [
-    "/home/marker/guarddog-nexus/AGENTS.md"
-  ],
-  "reference_files": [
-    "/home/marker/guarddog-nexus/Dockerfile",
-    "/home/marker/guarddog-nexus/pyproject.toml"
-  ],
-  "acceptance_criteria": [
-    "pyproject.toml and README.md copied before guarddog_nexus/ source",
-    "uv pip install commands run before COPY guarddog_nexus/",
-    "Docker build succeeds: docker compose build",
-    "Container starts correctly: docker compose up -d",
-    "Layer caching works: rebuilding without source changes uses pip cache"
-  ],
-  "deliverables": [
-    "/home/marker/guarddog-nexus/Dockerfile"
-  ],
-  "agent_id": null,
-  "started_at": null,
-  "completed_at": null,
-  "completion_summary": null
-}
diff --git a/.tmp/tasks/review-fixes/subtask_06.json b/.tmp/tasks/review-fixes/subtask_06.json
deleted file mode 100644
index 544781c..0000000
--- a/.tmp/tasks/review-fixes/subtask_06.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  "id": "review-fixes-06",
-  "seq": "06",
-  "title": "Add resource limits and logging rotation to docker-compose.yml",
-  "status": "pending",
-  "depends_on": [],
-  "parallel": true,
-  "suggested_agent": "CoderAgent",
-  "context_files": [
-    "/home/marker/guarddog-nexus/AGENTS.md"
-  ],
-  "reference_files": [
-    "/home/marker/guarddog-nexus/docker-compose.yml"
-  ],
-  "acceptance_criteria": [
-    "guarddog-nexus service has deploy.resources.limits (CPU: 2, memory: 1G) and reservations (CPU: 0.5, memory: 256M)",
-    "nexus service has deploy.resources.limits (CPU: 4, memory: 4G) and reservations (CPU: 1, memory: 2G)",
-    "All services have logging.driver: json-file with max-size: 10m and max-file: 3",
-    "docker compose config validates without errors",
-    "docker compose up works correctly"
-  ],
-  "deliverables": [
-    "/home/marker/guarddog-nexus/docker-compose.yml"
-  ],
-  "agent_id": null,
-  "started_at": null,
-  "completed_at": null,
-  "completion_summary": null
-}
diff --git a/.tmp/tasks/review-fixes/subtask_07.json b/.tmp/tasks/review-fixes/subtask_07.json
deleted file mode 100644
index 66e9253..0000000
--- a/.tmp/tasks/review-fixes/subtask_07.json
+++ /dev/null
@@ -1,32 +0,0 @@
-{
-  "id": "review-fixes-07",
-  "seq": "07",
-  "title": "Fix Makefile: typecheck, check, run, setup-env targets + docker-rebuild fix",
-  "status": "pending",
-  "depends_on": [],
-  "parallel": true,
-  "suggested_agent": "CoderAgent",
-  "context_files": [
-    "/home/marker/guarddog-nexus/AGENTS.md"
-  ],
-  "reference_files": [
-    "/home/marker/guarddog-nexus/Makefile",
-    "/home/marker/guarddog-nexus/pyproject.toml"
-  ],
-  "acceptance_criteria": [
-    "make typecheck runs mypy guarddog_nexus",
-    "make check runs lint + typecheck + test sequentially",
-    "make run starts the app with python -m guarddog_nexus.main",
-    "make setup-env copies .env.example to .env if .env doesn't exist",
-    "docker-rebuild uses 'docker compose down || true' before up (handles stopped containers)",
-    "make -n check shows correct command sequence",
-    "All targets listed in .PHONY"
-  ],
-  "deliverables": [
-    "/home/marker/guarddog-nexus/Makefile"
-  ],
-  "agent_id": null,
-  "started_at": null,
-  "completed_at": null,
-  "completion_summary": null
-}
diff --git a/.tmp/tasks/review-fixes/subtask_08.json b/.tmp/tasks/review-fixes/subtask_08.json
deleted file mode 100644
index c88871f..0000000
--- a/.tmp/tasks/review-fixes/subtask_08.json
+++ /dev/null
@@ -1,31 +0,0 @@
-{
-  "id": "review-fixes-08",
-  "seq": "08",
-  "title": "Add .pre-commit-config.yaml with ruff and mypy hooks",
-  "status": "pending",
-  "depends_on": [],
-  "parallel": true,
-  "suggested_agent": "CoderAgent",
-  "context_files": [
-    "/home/marker/guarddog-nexus/AGENTS.md"
-  ],
-  "reference_files": [
-    "/home/marker/guarddog-nexus/pyproject.toml",
-    "/home/marker/guarddog-nexus/Makefile"
-  ],
-  "acceptance_criteria": [
-    ".pre-commit-config.yaml exists at repo root",
-    "Contains ruff (lint + format) hook for guarddog_nexus/ and tests/",
-    "Contains mypy hook with strict settings matching pyproject.toml",
-    "Minimum pre-commit rev: ruff v0.4+, mypy v1.10+",
-    "File is valid YAML (pre-commit validate-config passes or manual check)",
-    "pre-commit run --all-files executes without errors"
-  ],
-  "deliverables": [
-    "/home/marker/guarddog-nexus/.pre-commit-config.yaml"
-  ],
-  "agent_id": null,
-  "started_at": null,
-  "completed_at": null,
-  "completion_summary": null
-}
diff --git a/.tmp/tasks/review-fixes/subtask_09.json b/.tmp/tasks/review-fixes/subtask_09.json
deleted file mode 100644
index 0e59804..0000000
--- a/.tmp/tasks/review-fixes/subtask_09.json
+++ /dev/null
@@ -1,33 +0,0 @@
-{
-  "id": "review-fixes-09",
-  "seq": "09",
-  "title": "Add GitHub Actions CI pipeline (.github/workflows/ci.yml)",
-  "status": "pending",
-  "depends_on": ["07"],
-  "parallel": false,
-  "suggested_agent": "CoderAgent",
-  "context_files": [
-    "/home/marker/guarddog-nexus/AGENTS.md"
-  ],
-  "reference_files": [
-    "/home/marker/guarddog-nexus/Dockerfile",
-    "/home/marker/guarddog-nexus/Makefile",
-    "/home/marker/guarddog-nexus/docker-compose.yml",
-    "/home/marker/guarddog-nexus/pyproject.toml"
-  ],
-  "acceptance_criteria": [
-    ".github/workflows/ci.yml exists with trigger on push/PR to main",
-    "Jobs: lint (ruff), typecheck (mypy), test (pytest), build (docker compose build)",
-    "Uses Python 3.12, runs make lint / make typecheck / make test",
-    "Docker build job uses docker compose build without pushing",
-    "YAML is valid and conforms to GitHub Actions schema",
-    "All make targets referenced in CI exist in Makefile"
-  ],
-  "deliverables": [
-    "/home/marker/guarddog-nexus/.github/workflows/ci.yml"
-  ],
-  "agent_id": null,
-  "started_at": null,
-  "completed_at": null,
-  "completion_summary": null
-}
diff --git a/.tmp/tasks/review-fixes/task.json b/.tmp/tasks/review-fixes/task.json
deleted file mode 100644
index 42e3197..0000000
--- a/.tmp/tasks/review-fixes/task.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-  "id": "review-fixes",
-  "name": "DevOps & Code Review Fixes",
-  "status": "active",
-  "objective": "Fix 12 issues from OpenDevopsSpecialist and CodeReviewer audits: 4 code quality fixes + 8 DevOps/infra improvements",
-  "context_files": [
-    "/home/marker/guarddog-nexus/AGENTS.md"
-  ],
-  "reference_files": [
-    "/home/marker/guarddog-nexus/Dockerfile",
-    "/home/marker/guarddog-nexus/Makefile",
-    "/home/marker/guarddog-nexus/docker-compose.yml",
-    "/home/marker/guarddog-nexus/pyproject.toml",
-    "/home/marker/guarddog-nexus/guarddog_nexus/core/llm.py",
-    "/home/marker/guarddog-nexus/guarddog_nexus/core/nexus.py",
-    "/home/marker/guarddog-nexus/guarddog_nexus/core/harvester.py",
-    "/home/marker/guarddog-nexus/guarddog_nexus/routes/web.py",
-    "/home/marker/guarddog-nexus/guarddog_nexus/routes/api_scans.py",
-    "/home/marker/guarddog-nexus/guarddog_nexus/routes/api_packages.py"
-  ],
-  "exit_criteria": [
-    "All 12 issues fixed and verified",
-    "ruff check passes",
-    "ruff format passes",
-    "pytest -v passes (all 137 tests)",
-    "mypy guarddog_nexus passes",
-    "docker compose build succeeds",
-    "make check passes (lint + typecheck + test)",
-    "pre-commit run --all-files passes"
-  ],
-  "subtask_count": 9,
-  "completed_count": 0,
-  "created_at": "2026-05-11T00:00:00Z",
-  "completed_at": null
-}
diff --git a/docker-compose.yml b/docker-compose.yml
index fe944f5..c033c1b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -24,14 +24,6 @@ services:
       nexus-setup:
         condition: service_completed_successfully
     restart: unless-stopped
-    deploy:
-      resources:
-        limits:
-          cpus: "2.0"
-          memory: 1G
-        reservations:
-          cpus: "0.5"
-          memory: 256M
     logging:
       driver: "json-file"
       options: