Getting Started
Manicode provides 328 code security prompts that configure LLM coding assistants to follow secure coding patterns for specific frameworks and languages. Each prompt encodes vulnerability mitigations from OWASP ASVS, CWE entries, and framework-specific security documentation.
When a prompt is active, the LLM produces code that includes security controls by default — parameterized queries instead of string concatenation, CSRF tokens on state-changing endpoints, bcrypt for password hashing, and so on.
Prompts contain no executable code — they are instructions that shape model behavior.
What You Get
328 prompts across 13 security categories:
| Category | Prompts | What It Covers |
|---|---|---|
| Backend Frameworks | 122 | Node.js, Python, Java, Go, .NET, PHP, Ruby on Rails, Rust, Scala, Elixir, GraphQL, gRPC, ServiceNow, SQL/RDBMS, Unity, Swift, message brokers |
| Infrastructure | 54 | Secret management, Terraform, OAuth2/OIDC, Kubernetes, Docker, serverless, WAF, monitoring, CI/CD, service mesh, cloud security |
| Client-Side Frameworks | 49 | React, Vue, Angular, Next.js, Svelte, TypeScript, Flutter, SolidJS, Alpine.js, Astro, Deno Fresh, Ember.js, HTMX, Lit, Preact, Qwik |
| AI Security | 41 | Agentic AI (OWASP Top 10), AI agent frameworks, RAG security, AI agent IAM, AI supply chain, AI governance |
| Web and API Security | 18 | SSRF, XXE, XSS, SQL injection, CSRF, CORS, file upload, JWT, WebSocket, CSP, rate limiting, API keys, webhooks, tRPC, OpenAPI |
| Authorization | 8 | RBAC, ABAC, ReBAC with OPA, OpenFGA, SpiceDB, Casbin, Cedar |
| Mobile | 8 | Android, iOS, React Native, Flutter, Kotlin Multiplatform, Electron, supply chain, data protection |
| Authentication | 7 | Password storage, MFA, session management, account recovery, credential stuffing defense, SSO, passwordless |
| Cryptography | 6 | Symmetric/asymmetric encryption, password hashing, TLS configuration, key management, secure RNG |
| Embedded and IoT | 6 | FreeRTOS, Zephyr RTOS, embedded Linux, IoT protocols, IoT cloud, firmware analysis |
| WASM | 5 | Browser WASM, server-side WASM, cryptography, supply chain, memory safety |
| C and C++ | 3 | Secure C, secure C++, embedded C |
| Code Quality | 1 | General code quality patterns |
Supported Models
Each prompt is available in up to 5 model-specific variants:
| Vendor | Model | Variant Suffix |
|---|---|---|
| Anthropic | Claude Opus 4.6 | (Opus 4.6) |
| OpenAI | GPT 5.3 Codex | (GPT 5.3 Codex) |
| Gemini 3.1 Pro | (Gemini 3.1 Pro) | |
| xAI | Grok 4.1 | (Grok 4.1) |
| Microsoft | GitHub Copilot | (Copilot) |
See Model-Specific Guidance for selection criteria and behavior differences.
Next Steps
- Quick Start — Get a prompt running in your workflow in minutes
- Browse Code Security Prompts — Find the prompt for your framework
- Architecture Overview — How prompts work, trust boundaries, and security invariants
- Integration: Claude Code — End-to-end example with secure and insecure output comparison
- Integration: GitHub Actions — CI/CD validation pipeline example
- Security Assumptions — What Manicode guarantees and does not guarantee
- Model-Specific Guidance — Choosing between models, determinism, cost