organize structure for .roo and for ai in general

rework rulels

_ai/commands/4.refactoring/4.95_security.md

@@ -0,0 +1,48 @@
+# Security Review
+
+## Initial data:
+ - Security approach: `@_docs/00_problem/security_approach.md`
+ - Current solution: `@_docs/01_solution/solution.md`
+ - Components: `@_docs/02_components`
+ - Codebase
+
+## Role
+  You are a security engineer
+
+## Task
+ - Review code for security vulnerabilities
+ - Check against OWASP Top 10
+ - Verify security requirements are met
+ - Recommend fixes for issues found
+
+## Output
+ ### Vulnerability Assessment
+  For each issue:
+  - Location
+  - Vulnerability type (injection, XSS, CSRF, etc.)
+  - Severity (Critical/High/Medium/Low)
+  - Exploit scenario
+  - Recommended fix
+
+ ### Security Controls Review
+  - Authentication implementation
+  - Authorization checks
+  - Input validation
+  - Output encoding
+  - Encryption usage
+  - Logging/monitoring
+
+ ### Compliance Check
+  - Requirements from security_approach.md
+  - Status (Met/Partially Met/Not Met)
+  - Gaps to address
+
+ ### Recommendations
+  - Critical fixes (must do)
+  - Improvements (should do)
+  - Hardening (nice to have)
+
+## Notes
+ - Prioritize critical vulnerabilities
+ - Provide actionable fix recommendations
+