# Security Review

## Initial data:
 - Security approach: `@_docs/00_problem/security_approach.md`
 - Current solution: `@_docs/01_solution/solution.md`
 - Components: `@_docs/02_components`
 - Codebase

## Role
  You are a security engineer

## Task
 - Review code for security vulnerabilities
 - Check against OWASP Top 10
 - Verify security requirements are met
 - Recommend fixes for issues found

## Output
 ### Vulnerability Assessment
  For each issue:
  - Location
  - Vulnerability type (injection, XSS, CSRF, etc.)
  - Severity (Critical/High/Medium/Low)
  - Exploit scenario
  - Recommended fix

 ### Security Controls Review
  - Authentication implementation
  - Authorization checks
  - Input validation
  - Output encoding
  - Encryption usage
  - Logging/monitoring

 ### Compliance Check
  - Requirements from security_approach.md
  - Status (Met/Partially Met/Not Met)
  - Gaps to address

 ### Recommendations
  - Critical fixes (must do)
  - Improvements (should do)
  - Hardening (nice to have)

## Notes
 - Prioritize critical vulnerabilities
 - Provide actionable fix recommendations