/audit — Security Audit
Scope
Input: directory path, module name, or blank for full codebase. Examples: src/auth, payments, /audit.
Audit: $ARGUMENTS (or full codebase if no arguments)
Flow
- •Read
.claude/project.yml→ invariants and critical_flows - •Read
.claude/memory/architecture.md→ security patterns - •Analyze codebase for:
- •Tenant isolation violations (missing tenant column filters)
- •Auth bypasses (missing role checks)
- •Input validation gaps (SQL injection, XSS)
- •Hardcoded secrets or credentials
- •RLS policy gaps
- •Generate report
Output
- •Summary in conversation
- •Full report:
/docs/audits/[date]-audit-full.md - •Action items:
/docs/audits/TODO.md