diff --git a/Codex/Portal/DECISIONS.md b/Codex/Portal/DECISIONS.md
index 945a169..e9b5a98 100644
--- a/Codex/Portal/DECISIONS.md
+++ b/Codex/Portal/DECISIONS.md
@@ -10,6 +10,9 @@
 - confirmed-unused HUD wrapper components and stale legacy CSS should stay removed rather than being reintroduced as dead scaffolding.
 - runtime/tooling cleanup is allowed when it preserves user-visible behavior and keeps lint/build green.
 - Portal should preserve compatibility with API auth and hosted IDE flows even when API token verification is tightened.
+- password reset request UX must remain account-enumeration safe: the user-facing success copy is generic and must not show account-not-found state.
+- reset-password confirmation must not auto-login; successful reset should direct the user to log in again.
+- authenticated profile password changes use `POST /api/auth/change-password` with `{ currentPassword, newPassword }`.
 
 ## Tracking rule
 - when Portal work completes, remove it from `OPEN_ITEMS.md`