diff --git a/.cargo/audit.toml b/.cargo/audit.toml
index 20bc935..9afa0cf 100644
--- a/.cargo/audit.toml
+++ b/.cargo/audit.toml
@@ -16,3 +16,11 @@ ignore = [
     # observable to a remote attacker. Threat model does not apply.
     "RUSTSEC-2023-0071",
 ]
+
+# Forward-looking note (no waiver yet — RustSec hasn't issued an ID):
+# CVE-2026-43868 / GHSA-2f9f-gq7v-9h6m affects the `thrift` Rust crate
+# (≤ 0.22.0). Latest published is 0.17.0; Apache Thrift hasn't released
+# a fixed Rust crate (the "0.23.0 fix" is in C++/Java/Python only). We
+# pull thrift transitively via `parquet` in hyperdb-mcp. When RustSec
+# assigns a `RUSTSEC-2026-NNNN` ID, add it to the ignore list above
+# with the matching entry in deny.toml.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0509dfc..189b54e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,9 +5,29 @@ name: ci
 # HEADs the pinned release's URLs.
 
 on:
+  # Pure-prose changes don't affect Rust compilation, lint output,
+  # advisory checks, or the publish dry-run. The paths-ignore lists
+  # below skip CI on docs-only PRs to avoid burning CI minutes. Note:
+  # `deny.toml` and `.cargo/audit.toml` are deliberately NOT in the
+  # ignore list — those files configure the security checks themselves
+  # and a typo would silently disable them. Keep the two lists in sync.
   push:
     branches: [main]
-  pull_request: {}
+    paths-ignore:
+      - "**/*.md"
+      - "docs/**"
+      - "LICENSE-*"
+      - "NOTICE"
+      - ".github/ISSUE_TEMPLATE/**"
+      - ".github/pull_request_template.md"
+  pull_request:
+    paths-ignore:
+      - "**/*.md"
+      - "docs/**"
+      - "LICENSE-*"
+      - "NOTICE"
+      - ".github/ISSUE_TEMPLATE/**"
+      - ".github/pull_request_template.md"
   workflow_dispatch: {}
 
 # Cancel a PR's in-progress CI runs when a new push lands on the PR.
diff --git a/deny.toml b/deny.toml
index 8c6bb93..873b8f3 100644
--- a/deny.toml
+++ b/deny.toml
@@ -69,6 +69,17 @@ ignore = [
     { id = "RUSTSEC-2023-0071", reason = "rsa used only for outbound JWT signing where Marvin Attack threat model does not apply" },
 ]
 
+# Forward-looking note (no waiver yet — RustSec hasn't issued an ID):
+# CVE-2026-43868 / GHSA-2f9f-gq7v-9h6m affects the `thrift` Rust crate
+# (≤ 0.22.0). The latest published version on crates.io is 0.17.0 — Apache
+# Thrift has not released a fixed Rust crate (the project's "0.23.0 fix"
+# is in C++/Java/Python only). We pull `thrift` transitively via `parquet`
+# in hyperdb-mcp (parquet metadata parsing only — used against operator-
+# supplied local files via `load_file`/`query_file`/`export`). When
+# RustSec assigns a `RUSTSEC-2026-NNNN` ID, add it to the ignore list
+# above with rationale: "thrift transitively via parquet; no fix
+# available on crates.io; operator-controlled inputs only."
+
 # -------------------------------------------------------------------------
 # Banned / duplicate crates
 # -------------------------------------------------------------------------