sentinelx-prime

SentinelXPrime

Stage-aware security skills for Codex, Claude Code, and OpenCode, with explicit compatibility guidance for Cursor and Kilo.

AI coding agents accelerate development but rarely surface security concerns at the right moment. SentinelXPrime fills that gap by embedding stage-aware security skills directly into your coding agent workflow — from planning through release.

The suite helps teams catch missing security requirements during planning, surface scoped concerns during risky implementation work, offer opt-in review help after coding, and propose a practical security check plan before release. It is advisory-first: it improves signal and consistency, but it does not certify a repository as secure, fully reviewed, or production-ready.

How It Works

SentinelXPrime maps to four development stages, each with a dedicated skill:

1. Planning — sentinelx-plan-gap: identifies missing security requirements before code is written.
2. Implementation — sentinelx-prime: surfaces scoped security concerns during risky changes.
3. Review — sentinelx-review-gate: provides opt-in security review after implementation.
4. Pre-release — sentinelx-test-rig: proposes a stack-aware security check plan before release or handoff.

Use using-sentinelx as the lightweight bootstrap skill when a session needs quick orientation to the suite.

Supported Stacks

.NET / ASP.NET Core · Java / Spring · Node / TypeScript · Python · Go · Ruby on Rails · PHP / Laravel · Rust

If the stack is unclear, SentinelXPrime falls back to common web-security guidance and notes that the stack inference is uncertain.

For crypto-sensitive discussions, cross-check skills/shared/crypto-guidance.md.

Stage Decision Aid

Situation	Recommended Skill
Code is done; "is this implementation safe enough?"	sentinelx-review-gate
Next step is release or handoff hardening	sentinelx-test-rig
Stage evidence is weak or contradictory	Stay in uncertain mode — keep guidance advisory until the stage becomes clearer

Installation

Platform	Status	Entry Point
Codex	Supported	.codex/INSTALL.md and docs/README.codex.md
Claude Code	Supported	.claude-plugin/plugin.json and docs/README.claude.md
OpenCode	Supported	.opencode/INSTALL.md and docs/README.opencode.md
Cursor	Compatibility guidance	docs/README.cursor.md
Kilo	Compatibility guidance	docs/README.kilo.md

Supported means the repository ships a documented install surface that exists in this repo. Compatibility guidance means the repo documents a low-risk way to reuse the instructions and skills without claiming an officially validated plugin path.

Release or handoff claims for supported platforms should be backed by recorded smoke evidence in docs/validation/release-readiness.md. Run node scripts/check-release-readiness.mjs or the Release Claim Readiness workflow before making an external release-ready or handoff claim.

Quick Start

Start a fresh session and try one of these prompts:

Use sentinelx-prime while we plan this new ASP.NET Core feature.

Use sentinelx-plan-gap to review this Node/TypeScript API design for missing security requirements.

Use sentinelx-review-gate to run a focused security review on the completed auth changes.

Use sentinelx-test-rig to propose a stack-aware security check plan for this release handoff.

More examples in docs/examples/example-prompts.md.

What's Inside

Skill	Purpose
using-sentinelx	Lightweight bootstrap and orientation skill
sentinelx-prime	Orchestrator for stage-aware security guidance
sentinelx-plan-gap	Planning-stage security gap analysis
sentinelx-review-gate	Opt-in post-implementation security review
sentinelx-test-rig	Opt-in security test/check planning before release
shared/*	Common threat references, finding schema, and stack profiles

Philosophy

SentinelXPrime is built on a clear safety model: