code-security-review
Code Security Review
Overview
Performs comprehensive security code reviews to identify vulnerabilities, assess security risks, and provide actionable remediation guidance. Covers OWASP Top 10, CWE classifications, compliance requirements, and security best practices.
Security Review Workflow
1. Initial Assessment
Gather context about the application:
- Application type: Web app, API, mobile, desktop, embedded
- Data sensitivity: PII, financial data, healthcare records, proprietary information
- Compliance requirements: PCI-DSS, GDPR, HIPAA, SOC 2, ISO 27001
- Authentication mechanisms: OAuth, JWT, session-based, API keys
- Technology stack: Languages, frameworks, libraries, databases
- External integrations: Third-party APIs, cloud services, payment processors
More from dauquangthanh/hanoi-rainbow
frontend-design-review
Conducts comprehensive frontend design reviews covering UI/UX design quality, design system validation, accessibility compliance, responsive design patterns, component library architecture, and visual design consistency. Evaluates design specifications, Figma/Sketch files, design tokens, interaction patterns, and user experience flows. Identifies usability issues, accessibility violations, design system deviations, and provides actionable recommendations for improvement. Produces detailed design review reports with severity-rated findings, visual examples, and implementation guidelines. Use when reviewing frontend designs, validating design systems, ensuring accessibility compliance, evaluating component libraries, assessing responsive designs, or when users mention design review, UI/UX review, Figma review, design system validation, accessibility audit, or frontend design quality.
286frontend-ui-ux-design
Creates comprehensive frontend UI/UX designs including user interfaces, design systems, component libraries, responsive layouts, and accessibility implementations. Produces wireframes, mockups, design specifications, and implementation guidelines. Use when designing user interfaces, creating design systems, building component libraries, implementing responsive designs, ensuring accessibility compliance, or when users mention UI design, UX design, interface design, design systems, user experience, or frontend design patterns.
186keycloak-administration
Provides comprehensive KeyCloak administration guidance including realm management, user/group administration, client configuration, authentication flows, identity brokering, authorization policies, security hardening, and troubleshooting. Covers SSO configuration, SAML/OIDC setup, role-based access control (RBAC), user federation (LDAP/AD), social login integration, multi-factor authentication (MFA), and high availability deployments. Use when configuring KeyCloak, setting up SSO, managing realms and clients, troubleshooting authentication issues, implementing RBAC, or when users mention "KeyCloak", "SSO", "OIDC", "SAML", "identity provider", "IAM", "authentication flow", "user federation", "realm configuration", or "access management".
173oracle-cloud
Provides comprehensive Oracle Cloud Infrastructure (OCI) guidance including compute instances, networking (VCN, load balancers, VPN), storage (block, object, file), database services (Autonomous Database, MySQL, NoSQL), container orchestration (OKE), identity and access management (IAM), resource management, cost optimization, and infrastructure as code (Terraform OCI provider, Resource Manager). Produces infrastructure code, deployment scripts, configuration guides, and architectural diagrams. Use when designing OCI architecture, provisioning cloud resources, migrating to Oracle Cloud, implementing OCI security, setting up OCI databases, deploying containerized applications on OKE, managing OCI resources, or when users mention "Oracle Cloud", "OCI", "Autonomous Database", "VCN", "OKE", "OCI Terraform", "Resource Manager", "Oracle Cloud Infrastructure", or "OCI migration".
90backend-design
Designs comprehensive backend systems including RESTful APIs, microservices, database architecture, authentication/authorization, caching strategies, message queues, and scalability patterns. Produces API specifications, database schemas, architecture diagrams, and implementation guides. Use when designing backend services, APIs, data models, distributed systems, authentication flows, or when users mention backend architecture, API design, database design, microservices, or server-side development.
61requirement-review
Conducts comprehensive requirements review including completeness validation, clarity assessment, consistency checking, testability evaluation, and standards compliance. Produces detailed review reports with findings, gaps, conflicts, and improvement recommendations. Use when reviewing requirements documents (BRD, SRS, user stories), validating acceptance criteria, assessing requirements quality, identifying gaps and conflicts, or ensuring standards compliance (IEEE 830, INVEST criteria). Trigger when users mention "review requirements", "validate requirements", "check requirements quality", "find requirement issues", or "assess BRD/SRS quality".
54