diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2c3eff6..649f039 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/), and this
 
 Graph Notes reaches 1.0 — a local-first, graph-based note-taking app built with Tauri, React, and Rust.
 
+### Hardened
+- **Atomic writes** — all file saves use write→fsync→rename→fsync-parent to prevent corruption on crash/power loss
+- **Path validation** — `safe_vault_path()` applied to all 20 file-access commands, preventing directory traversal
+- **Filename sanitization** — `safe_name()` rejects path separators in workspace, canvas, and attachment names
+- **Note-switch save race** — debounced save now captures note path at call time, preventing old content from being written to wrong note
+- **Save pipeline consistency** — slash command insert and image paste now route through the standard debounced save with `domToMarkdown()`
+- **Git error handling** — `git_status`, `git_commit`, `git_init` now check exit codes and surface stderr on failure
+- **Silent error swallowing** — fixed 2 `let _ = fs::write()` sites to propagate errors
+- **Panic prevention** — replaced `unwrap()` with `unwrap_or_default()` on fallible `file_name()` calls
+- **Export safety** — `export_vault_zip` skips in-progress `~tmp` atomic write files
+- **Regex performance** — all 10 per-call `Regex::new()` migrated to `LazyLock` statics
+
 ### Fixed
 - **Rust compilation** — resolved duplicate `dirs_config_path()` definition and removed reference to unlinked `dirs` crate
 - **Content Security Policy** — replaced `null` CSP with a proper baseline policy allowing local resources and Google Fonts