# Security review prompt

```text
You are working in this repository as Codex.

Mandatory instructions:
- Read AGENTS.md, .codex/security.md, and all enabled profiles before reviewing.
- Do not make broad rewrites.
- If fixes are requested, create a dedicated fix branch from develop.
- Treat Docker, Ansible, deployment, authentication, authorization, logging, and CI/CD files as security-sensitive.
- Run the configured Docker-based validation/test command if changes are made.
- Update docs/security.md and ADRs if required.
- Commit using Conventional Commits if changes are made.

Security review scope:
<DESCRIBE SCOPE HERE>

Requested outcome:
- Review only
- Review and fix critical issues
- Review and propose changes without applying them

Final response must include:
- reviewed areas;
- findings by severity;
- changes made, if any;
- tests executed and result, if applicable;
- documentation/ADR updates;
- residual risks;
- rollback notes, if changes were made.
```