ワンクリックで
audit-rbac
Audit & fix RBAC and audit log compliance in API endpoints and frontend components
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Audit & fix RBAC and audit log compliance in API endpoints and frontend components
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
How to reuse ANY integration check's results in a feature via the universal CheckResultsService (apps/api integration-platform). Use whenever a feature needs data produced by an integration check — "show 2FA status on People", "surface AWS S3 findings in X", "reuse a check's results", "per-user/per-resource results from a connected integration", "which integrations feed task T". Read this BEFORE writing your own IntegrationCheckResult / CheckRunRepository query — don't hand-roll it.
MANDATORY for any UI work in apps/app, apps/portal, or packages/design-system — every component, page, or layout change must work on mobile (~375px), tablet (~768px), desktop (~1280px), and large desktop (~1920px) BY DEFAULT, without being asked. Read this before writing or editing any JSX/TSX that renders visible UI. Triggers on: new component, page, layout, table, toolbar, form, modal/sheet, dashboard, "build UI", "add a column", "add a filter", any styling change.
Use when building or editing frontend UI components, layouts, styling, design system usage, colors, dark mode, or icons.
The contract every new or modified API endpoint must follow so it is correct for the public OpenAPI spec, the MCP server (npm @trycompai/mcp-server), the ValidationPipe, and the docs. Triggers on "new endpoint", "add API", "new DTO", "@Body", "@RequirePermission", "MCP tool", "edit controller in apps/api", "OpenAPI", or whenever editing controllers under apps/api/src/.
Use when SDK generation failed or seeing errors. Triggers on "generation failed", "speakeasy run failed", "SDK build error", "workflow failed", "Step Failed", "why did generation fail"
Use when generating an MCP server from an OpenAPI spec with Speakeasy. Triggers on "generate MCP server", "MCP server", "Model Context Protocol", "AI assistant tools", "Claude tools", "speakeasy MCP", "mcp-typescript"
| name | audit-rbac |
| description | Audit & fix RBAC and audit log compliance in API endpoints and frontend components |
Audit the specified files or directories for RBAC and audit log compliance. Fix every issue found immediately.
apps/api/src/)@RequirePermission('resource', 'action'). If missing, add it.@RequirePermission('resource', 'read'). If missing, add it./me/preferences) may skip @RequirePermission — authentication via HybridAuthGuard is sufficient.@Controller({ path: 'name', version: '1' }), NOT @Controller('v1/name'). If wrong, fix it.@UseGuards(HybridAuthGuard, PermissionGuard) at controller or endpoint level. Never skip PermissionGuard.@Public() — no auth required.apps/app/src/)usePermissions from @/hooks/use-permissions. If not:
{hasPermission('resource', 'create') && <Button>...disabled={!canUpdate}disabled={!canUpdate}role.includes('admin')) — use hasPermission().canAccessRoute(permissions, 'routeSegment').requireRoutePermission('segment', orgId) server-side.organization, member, control, evidence, policy, risk, vendor, task, framework, audit, finding, questionnaire, integration, apiKey, trust, pentest, app, compliance
app:read gates compliance dashboard; pentest:read gates security productpolicy, compliance) do NOT grant app access$ARGUMENTS (or scan the directory)bunx turbo run typecheck --filter=@trycompai/api --filter=@trycompai/app