diff --git a/.storkit/work/1_backlog/359_story_harden_docker_setup_for_security.md b/.storkit/work/1_backlog/359_story_harden_docker_setup_for_security.md
index 2d765d5..ba5dc6d 100644
--- a/.storkit/work/1_backlog/359_story_harden_docker_setup_for_security.md
+++ b/.storkit/work/1_backlog/359_story_harden_docker_setup_for_security.md
@@ -19,7 +19,7 @@ As a storkit operator, I want the Docker container to run with hardened security
 - [ ] ANTHROPIC_API_KEY is passed via Docker secrets or .env file, not hardcoded in compose
 - [ ] Image passes a CVE scan with no critical vulnerabilities
 - [ ] Port binding uses 127.0.0.1 instead of 0.0.0.0 (e.g. "127.0.0.1:3001:3001") so the web UI is not exposed on all interfaces
-- [ ] Git identity (user.name and user.email) is configured for the container user, either via env vars or a mounted .gitconfig, so the filesystem watcher can commit without error
+- [ ] Git identity is configured via explicit GIT_USER_NAME and GIT_USER_EMAIL env vars; container fails loudly on startup if either is missing (note: multi-user/distributed case where different users need different identities is out of scope and will require a different solution)
 
 ## Out of Scope