diff --git a/ANTI_DRIFT.md b/ANTI_DRIFT.md
index 68815f2..b211944 100644
--- a/ANTI_DRIFT.md
+++ b/ANTI_DRIFT.md
@@ -42,4 +42,17 @@ If no, remove it.
 If drift is detected:
 1. Revert the change
 2. Document why it was tempting
-3. Re-apply only what serves usability
\ No newline at end of file
+3. Re-apply only what serves usability
+
+## Auth & Portal Drift Guardrails
+
+The following are explicitly disallowed:
+
+- Reintroducing APIv1 endpoints
+- Reintroducing Pterodactyl-based auth
+- CSRF token logic
+- Cookie-based authentication
+- Server-side portal sessions
+
+All auth must flow:
+Portal → JWT → APIv2