원클릭으로
audit-rbac
Audit & fix RBAC and audit log compliance in API endpoints and frontend components
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Audit & fix RBAC and audit log compliance in API endpoints and frontend components
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
How to reuse ANY integration check's results in a feature via the universal CheckResultsService (apps/api integration-platform). Use whenever a feature needs data produced by an integration check — "show 2FA status on People", "surface AWS S3 findings in X", "reuse a check's results", "per-user/per-resource results from a connected integration", "which integrations feed task T". Read this BEFORE writing your own IntegrationCheckResult / CheckRunRepository query — don't hand-roll it.
MANDATORY for any UI work in apps/app, apps/portal, or packages/design-system — every component, page, or layout change must work on mobile (~375px), tablet (~768px), desktop (~1280px), and large desktop (~1920px) BY DEFAULT, without being asked. Read this before writing or editing any JSX/TSX that renders visible UI. Triggers on: new component, page, layout, table, toolbar, form, modal/sheet, dashboard, "build UI", "add a column", "add a filter", any styling change.
Use when building or editing frontend UI components, layouts, styling, design system usage, colors, dark mode, or icons.
The contract every new or modified API endpoint must follow so it is correct for the public OpenAPI spec, the MCP server (npm @trycompai/mcp-server), the ValidationPipe, and the docs. Triggers on "new endpoint", "add API", "new DTO", "@Body", "@RequirePermission", "MCP tool", "edit controller in apps/api", "OpenAPI", or whenever editing controllers under apps/api/src/.
Use when SDK generation failed or seeing errors. Triggers on "generation failed", "speakeasy run failed", "SDK build error", "workflow failed", "Step Failed", "why did generation fail"
Use when generating an MCP server from an OpenAPI spec with Speakeasy. Triggers on "generate MCP server", "MCP server", "Model Context Protocol", "AI assistant tools", "Claude tools", "speakeasy MCP", "mcp-typescript"
| name | audit-rbac |
| description | Audit & fix RBAC and audit log compliance in API endpoints and frontend components |
Audit the specified files or directories for RBAC and audit log compliance. Fix every issue found immediately.
apps/api/src/)@RequirePermission('resource', 'action'). If missing, add it.@RequirePermission('resource', 'read'). If missing, add it./me/preferences) may skip @RequirePermission — authentication via HybridAuthGuard is sufficient.@Controller({ path: 'name', version: '1' }), NOT @Controller('v1/name'). If wrong, fix it.@UseGuards(HybridAuthGuard, PermissionGuard) at controller or endpoint level. Never skip PermissionGuard.@Public() — no auth required.apps/app/src/)usePermissions from @/hooks/use-permissions. If not:
{hasPermission('resource', 'create') && <Button>...disabled={!canUpdate}disabled={!canUpdate}role.includes('admin')) — use hasPermission().canAccessRoute(permissions, 'routeSegment').requireRoutePermission('segment', orgId) server-side.organization, member, control, evidence, policy, risk, vendor, task, framework, audit, finding, questionnaire, integration, apiKey, trust, pentest, app, compliance
app:read gates compliance dashboard; pentest:read gates security productpolicy, compliance) do NOT grant app access$ARGUMENTS (or scan the directory)bunx turbo run typecheck --filter=@trycompai/api --filter=@trycompai/app