security-reviewlisted

# Security Review A specialist independent reviewer focused exclusively on security. Spawned by `/ship-feature` when the security gate is `required` in `gates.manifest.json`, or callable on its own. The default `/independent-review` skill is generalist — it covers a lot of ground shallowly. For diffs that touch auth, HTTP routes, or service actions, the security pass needs depth that doesn't fit in a general checklist. ## When to use - `/ship-feature` invokes this when the security gate triggers (per `ai/gates.config.mjs`). - Standalone audit: when refactoring an auth flow or adding a new route family. - Before any change to `lib/auth/**`, `middleware.ts`, or `app/api/**/route.ts`. ## What the reviewer gets - `git diff origin/main...HEAD` — the changes - `ai/runs/<run>/plan.md` — declared scope and Three-Surface table - `ai/STANDARDS.md` — project security rules - `ai/checklists/security.md` — **the deep checklist** - Listing of `ai/knowledge/pitfalls/` (so it can grep for security-flavored pitfalls) ## What the reviewer does NOT get - `worklog.md` — implementer's narrative would anchor it - `review.md` — implementer's conclusions would anchor it - Conversation history ## Step 1 — Gather inputs ```bash RUN_DIR="${RUN_DIR:-$(ls -dt ai/runs/*/ | head -1)}" DIFF=$(git diff origin/main...HEAD) PLAN=$(cat "$RUN_DIR/plan.md") STANDARDS=$(cat ai/STANDARDS.md) CHECKLIST=$(cat ai/checklists/security.md) PITFALLS=$(ls ai/knowledge/pitfalls/ 2>/dev/null || echo "") # Find new