원클릭으로
pre-production
Pre-Production Security & Quality Check with Strix AI. Use BEFORE deploying to production to catch vulnerabilities and issues.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Pre-Production Security & Quality Check with Strix AI. Use BEFORE deploying to production to catch vulnerabilities and issues.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Cross-project audit and sync. Backs up, bootstraps, promotes, syncs, and verifies all downstream projects.
Structured pre-planning research. Explores codebase, asks clarifying questions, and produces a brainstorm output file for /plan-feature input.
Capture knowledge from development sessions. Debug patterns, architecture decisions, framework gotchas, and integration learnings compound over time.
Load project context and show current status. Use at the start of a session or when context is needed.
Run parallel code reviews using specialized agents (security, performance, simplicity, nextjs-react). Produces a structured report.
Initialize a new project from Agent Kit boilerplate. Use when creating a new downstream project.
| name | pre-production |
| description | Pre-Production Security & Quality Check with Strix AI. Use BEFORE deploying to production to catch vulnerabilities and issues. |
| allowed-tools | Bash, Read |
| argument-hint | ["mvp|production"] |
Führe Security- und Quality-Checks durch bevor Code in Production geht.
┌─────────────────────────────────────────────────────────────────┐
│ │
│ MVP / Staging PRODUCTION DELIVERY │
│ ───────────── ─────────────────── │
│ /pre-production mvp /pre-production production │
│ │
│ ✅ Quick Security Scan ✅ Full Security Audit │
│ ✅ Basic Vulnerability Check ✅ Deep Vulnerability Scan │
│ ✅ Essential E2E Tests ✅ Full E2E Test Suite │
│ ✅ Build Verification ✅ Performance Check │
│ │
│ Dauer: ~5 Minuten Dauer: ~15-30 Minuten │
│ │
│ Für: Interne Demos, Für: Echte User, │
│ Beta Testing, Paid Customers, │
│ Staging Deploy Final Release │
│ │
└─────────────────────────────────────────────────────────────────┘
# Via curl
curl -sSL https://strix.ai/install | bash
# Oder via pipx
pipx install strix-agent
# Environment Variables
export STRIX_LLM="anthropic/claude-sonnet-4-20250514"
export LLM_API_KEY="your-api-key"
/pre-production mvp)Schneller Check für interne Demos und Staging:
cd frontend && pnpm run build
cd frontend && pnpm run validate
# Lokaler Code-Scan
strix --target ./frontend --scan-mode quick -n
# Oder gegen Staging URL
strix --target https://staging.your-app.com --scan-mode quick -n
cd frontend && pnpm run test:e2e -- --grep "@critical"
/pre-production production)Vollständiger Check vor echtem Production Deploy:
cd frontend && pnpm run build
cd frontend && pnpm run validate
cd frontend && pnpm run test
# Vollständiger Scan gegen Production-ähnliche Umgebung
strix --target https://staging.your-app.com \
--instruction-file .strix/production-check.md \
-n
# Mit spezifischen Anweisungen
strix --target https://staging.your-app.com \
--instruction "Focus on: authentication bypass, injection attacks, access control, XSS, SSRF"
cd frontend && pnpm run test:e2e
# Lighthouse via agent-browser
agent-browser open https://staging.your-app.com
agent-browser evaluate "JSON.stringify(window.performance.timing)"
Erstelle .strix/production-check.md für konsistente Checks:
# Production Security Check
## Target Information
- Next.js 16 Application
- Convex Database
- Better Auth Authentication
## Focus Areas
### Authentication
- Test login/logout flows
- Check session handling
- Verify JWT/token security
- Test password reset flow
### Authorization
- Test role-based access
- Verify API endpoint protection
- Check for IDOR vulnerabilities
### Injection
- Test all input fields
- Check API parameters
- Verify SQL/NoSQL injection protection
### Client-Side
- Check for XSS in user inputs
- Verify CSP headers
- Test for open redirects
### API Security
- Check rate limiting
- Verify CORS configuration
- Test for SSRF
## Exclude
- /api/health (public)
- Static assets
Development Staging Production
─────────── ─────── ──────────
/visual-verify → /pre-production → /pre-production
mvp production
Schnell Quick Check Full Audit
UI Focus Security Basics Complete Security
/pre-production mvp
/pre-production production
| Issue | Aktion |
|---|---|
| SQL/NoSQL Injection | STOP - Sofort fixen |
| Auth Bypass | STOP - Sofort fixen |
| RCE Vulnerability | STOP - Sofort fixen |
| Issue | Aktion |
|---|---|
| XSS (Stored) | Fix vor Production |
| IDOR | Fix vor Production |
| SSRF | Fix vor Production |
| Issue | Aktion |
|---|---|
| XSS (Reflected) | Dokumentieren, zeitnah fixen |
| Missing Rate Limit | Dokumentieren, zeitnah fixen |
| Issue | Aktion |
|---|---|
| Information Disclosure | Backlog |
| Missing Headers | Backlog |