SentinelXPrime
Stage-aware security skills for Codex, Claude Code, and OpenCode, with explicit compatibility guidance for Cursor and Kilo.
AI coding agents accelerate development but rarely surface security concerns at the right moment. SentinelXPrime fills that gap by embedding stage-aware security skills directly into your coding agent workflow — from planning through release.
The suite helps teams catch missing security requirements during planning, surface scoped concerns during risky implementation work, offer opt-in review help after coding, and propose a practical security check plan before release. It is advisory-first: it improves signal and consistency, but it does not certify a repository as secure, fully reviewed, or production-ready.
How It Works
SentinelXPrime maps to four development stages, each with a dedicated skill:
- Planning —
sentinelx-plan-gap: identifies missing security requirements before code is written. - Implementation —
sentinelx-prime: surfaces scoped security concerns during risky changes. - Review —
sentinelx-review-gate: provides opt-in security review after implementation. - Pre-release —
sentinelx-test-rig: proposes a stack-aware security check plan before release or handoff.
Use using-sentinelx as the lightweight bootstrap skill when a session needs quick orientation to the suite.
Supported Stacks
.NET / ASP.NET Core · Java / Spring · Node / TypeScript · Python · Go · Ruby on Rails · PHP / Laravel · Rust
If the stack is unclear, SentinelXPrime falls back to common web-security guidance and notes that the stack inference is uncertain.
For crypto-sensitive discussions, cross-check skills/shared/crypto-guidance.md.
Stage Decision Aid
| Situation | Recommended Skill |
|---|---|
| Code is done; "is this implementation safe enough?" | sentinelx-review-gate |
| Next step is release or handoff hardening | sentinelx-test-rig |
| Stage evidence is weak or contradictory | Stay in uncertain mode — keep guidance advisory until the stage becomes clearer |
Installation
| Platform | Status | Entry Point |
|---|---|---|
| Codex | Supported | .codex/INSTALL.md and docs/README.codex.md |
| Claude Code | Supported | .claude-plugin/plugin.json and docs/README.claude.md |
| OpenCode | Supported | .opencode/INSTALL.md and docs/README.opencode.md |
| Cursor | Compatibility guidance | docs/README.cursor.md |
| Kilo | Compatibility guidance | docs/README.kilo.md |
Supported means the repository ships a documented install surface that exists in this repo. Compatibility guidance means the repo documents a low-risk way to reuse the instructions and skills without claiming an officially validated plugin path.
Release or handoff claims for supported platforms should be backed by recorded smoke evidence in docs/validation/release-readiness.md. Run node scripts/check-release-readiness.mjs or the Release Claim Readiness workflow before making an external release-ready or handoff claim.
Quick Start
Start a fresh session and try one of these prompts:
Use sentinelx-prime while we plan this new ASP.NET Core feature.
Use sentinelx-plan-gap to review this Node/TypeScript API design for missing security requirements.
Use sentinelx-review-gate to run a focused security review on the completed auth changes.
Use sentinelx-test-rig to propose a stack-aware security check plan for this release handoff.
More examples in docs/examples/example-prompts.md.
What's Inside
| Skill | Purpose |
|---|---|
using-sentinelx | Lightweight bootstrap and orientation skill |
sentinelx-prime | Orchestrator for stage-aware security guidance |
sentinelx-plan-gap | Planning-stage security gap analysis |
sentinelx-review-gate | Opt-in post-implementation security review |
sentinelx-test-rig | Opt-in security test/check planning before release |
shared/* | Common threat references, finding schema, and stack profiles |
Philosophy
SentinelXPrime is built on a clear safety model: