Add comprehensive brainstorming commands for synthesis, system architecture, UI design, and user research perspectives

- Implemented the `brainstorm:synthesis` command to integrate insights from various roles into a cohesive analysis and recommendations report.
- Created `brainstorm:system-architect` command for technical architecture and scalability analysis, including detailed execution protocols and output structures.
- Developed `brainstorm:ui-designer` command focusing on user experience and interface design, with a structured approach to analysis and documentation.
- Introduced `brainstorm:user-researcher` command for user behavior analysis and research insights, emphasizing user needs and usability assessments.

.claude/commands/workflow/brainstorm/security-expert.md

@@ -0,0 +1,261 @@
+---
+name: brainstorm:security-expert
+description: Security expert perspective brainstorming for threat modeling and security architecture analysis
+usage: /brainstorm:security-expert <topic>
+argument-hint: "topic or challenge to analyze from security perspective"
+examples:
+  - /brainstorm:security-expert "user authentication security"
+  - /brainstorm:security-expert "API security architecture"
+  - /brainstorm:security-expert "data privacy compliance"
+allowed-tools: Task(conceptual-planning-agent), TodoWrite(*)
+---
+
+## 🔒 **角色定义: Security Expert**
+
+### 核心职责
+- **威胁建模**: 识别和评估安全威胁和攻击向量
+- **安全架构**: 设计防御性安全控制和保护机制
+- **合规评估**: 确保符合安全标准和法规要求
+- **风险管理**: 评估和缓解安全风险
+
+### 关注领域
+- **应用安全**: 代码安全、输入验证、会话管理
+- **基础设施安全**: 网络安全、服务器加固、云安全
+- **数据保护**: 数据加密、访问控制、隐私保护
+- **合规管理**: GDPR、SOC2、ISO27001、行业标准
+
+## 🧠 **分析框架**
+
+@~/.claude/workflows/brainstorming-principles.md
+@~/.claude/workflows/conceptual-planning-agent.md
+
+### 核心分析问题
+1. **威胁识别和建模**:
+   - 主要的安全威胁和攻击向量是什么？
+   - 资产价值和风险评估？
+   - 攻击者画像和攻击路径分析？
+
+2. **安全控制和防护**:
+   - 需要实施哪些安全控制？
+   - 身份认证和授权机制？
+   - 数据保护和加密策略？
+
+3. **合规和标准**:
+   - 适用的合规要求和标准？
+   - 安全审计和监控需求？
+   - 事件响应和恢复计划？
+
+4. **风险评估和缓解**:
+   - 安全风险等级和影响评估？
+   - 风险缓解策略和优先级？
+   - 持续监控和改进机制？
+
+## ⚙️ **执行协议**
+
+### Phase 1: 会话检测与初始化
+```bash
+# 自动检测活动会话
+CHECK: .workflow/.active-* marker files
+IF active_session EXISTS:
+    session_id = get_active_session()
+    load_context_from(session_id)
+ELSE:
+    request_user_for_session_creation()
+```
+
+### Phase 2: 目录结构创建
+```bash
+# 创建安全专家分析目录
+mkdir -p .workflow/WFS-{topic-slug}/.brainstorming/security-expert/
+```
+
+### Phase 3: TodoWrite 初始化
+设置安全专家视角分析的任务跟踪：
+```json
+[
+  {"content": "Initialize security expert brainstorming session", "status": "completed", "activeForm": "Initializing session"},
+  {"content": "Conduct threat modeling and risk assessment", "status": "in_progress", "activeForm": "Conducting threat modeling"},
+  {"content": "Design security architecture and controls", "status": "pending", "activeForm": "Designing security architecture"},
+  {"content": "Evaluate compliance requirements", "status": "pending", "activeForm": "Evaluating compliance"},
+  {"content": "Plan incident response and monitoring", "status": "pending", "activeForm": "Planning incident response"},
+  {"content": "Assess data protection and privacy", "status": "pending", "activeForm": "Assessing data protection"},
+  {"content": "Generate comprehensive security documentation", "status": "pending", "activeForm": "Generating documentation"}
+]
+```
+
+### Phase 4: 概念规划代理协调
+```bash
+Task(conceptual-planning-agent): "
+Conduct security expert perspective brainstorming for: {topic}
+
+ROLE CONTEXT: Security Expert
+- Focus Areas: Threat modeling, security architecture, compliance, risk management
+- Analysis Framework: Defense-in-depth approach with risk-based security controls
+- Success Metrics: Threat coverage, vulnerability reduction, compliance adherence, incident response time
+
+USER CONTEXT: {captured_user_requirements_from_session}
+
+ANALYSIS REQUIREMENTS:
+1. Threat Modeling and Risk Assessment
+   - Identify threat actors and attack vectors
+   - Analyze attack surfaces and entry points
+   - Assess asset value and potential impact
+   - Create threat model diagrams and scenarios
+   - Evaluate existing security posture and gaps
+
+2. Security Architecture Design
+   - Design authentication and authorization mechanisms
+   - Plan encryption strategies for data at rest and in transit
+   - Design network security and segmentation
+   - Plan secure communication protocols and APIs
+   - Design security monitoring and logging architecture
+
+3. Application Security Assessment
+   - Analyze input validation and sanitization requirements
+   - Assess session management and CSRF protection
+   - Evaluate SQL injection and XSS vulnerabilities
+   - Plan secure coding practices and code review processes
+   - Design security testing and penetration testing strategies
+
+4. Compliance and Regulatory Requirements
+   - Assess applicable regulations (GDPR, CCPA, HIPAA, PCI-DSS, etc.)
+   - Map compliance requirements to security controls
+   - Plan audit trails and documentation requirements
+   - Design privacy impact assessments
+   - Plan compliance monitoring and reporting
+
+5. Incident Response and Recovery
+   - Design security incident detection and alerting
+   - Plan incident response procedures and escalation
+   - Design forensic analysis and evidence collection
+   - Plan business continuity and disaster recovery
+   - Design security awareness and training programs
+
+6. Data Protection and Privacy
+   - Design data classification and handling procedures
+   - Plan data retention and disposal strategies
+   - Assess third-party data sharing risks
+   - Design privacy controls and user consent management
+   - Plan data breach notification procedures
+
+OUTPUT REQUIREMENTS: Save comprehensive analysis to:
+.workflow/WFS-{topic-slug}/.brainstorming/security-expert/
+- analysis.md (main security analysis and threat model)
+- security-architecture.md (detailed security controls and architecture)
+- compliance-framework.md (regulatory requirements and compliance plan)
+- incident-response.md (security incident management and recovery procedures)
+
+Apply security expertise to create robust, compliant, and resilient security solutions."
+```
+
+## 📊 **输出结构**
+
+### 保存位置
+```
+.workflow/WFS-{topic-slug}/.brainstorming/security-expert/
+├── analysis.md                 # 主要安全分析和威胁建模
+├── security-architecture.md    # 详细安全控制和架构
+├── compliance-framework.md     # 法规要求和合规计划
+└── incident-response.md        # 安全事件管理和恢复程序
+```
+
+### 文档模板
+
+#### analysis.md 结构
+```markdown
+# Security Expert Analysis: {Topic}
+*Generated: {timestamp}*
+
+## Executive Summary
+[核心安全发现和建议概述]
+
+## Threat Modeling
+### Threat Actors
+- Internal threats: [内部威胁分析]
+- External threats: [外部威胁分析]
+- Threat capabilities and motivations
+
+### Attack Vectors
+### Attack Surface Analysis
+### Risk Assessment Matrix
+
+## Current Security Posture
+### Existing Security Controls
+### Identified Vulnerabilities
+### Security Gaps and Weaknesses
+### Compliance Status
+
+## Security Architecture Recommendations
+### Authentication and Authorization
+### Data Protection Strategy
+### Network Security Design
+### Application Security Controls
+
+## Risk Management
+### Critical Risks Identified
+### Risk Mitigation Strategies
+### Security Control Prioritization
+### Residual Risk Assessment
+
+## Compliance Requirements
+### Applicable Regulations
+### Compliance Gaps
+### Required Documentation
+### Audit Preparation
+
+## Implementation Roadmap
+### Immediate Security Actions (0-30 days)
+### Short-term Improvements (1-6 months)
+### Long-term Security Strategy (6+ months)
+### Success Metrics and KPIs
+```
+
+## 🔄 **会话集成**
+
+### 状态同步
+分析完成后，更新 `workflow-session.json`:
+```json
+{
+  "phases": {
+    "BRAINSTORM": {
+      "security_expert": {
+        "status": "completed",
+        "completed_at": "timestamp",
+        "output_directory": ".workflow/WFS-{topic}/.brainstorming/security-expert/",
+        "key_insights": ["critical_vulnerability", "compliance_requirement", "security_control"]
+      }
+    }
+  }
+}
+```
+
+### 与其他角色的协作
+安全专家视角为其他角色提供：
+- **安全要求和约束** → System Architect
+- **安全合规影响** → Product Manager
+- **安全用户体验** → UI Designer
+- **数据安全要求** → Data Architect
+- **安全功能需求** → Feature Planner
+
+## ✅ **质量标准**
+
+### 必须包含的安全元素
+- [ ] 全面的威胁模型和风险评估
+- [ ] 详细的安全架构和控制设计
+- [ ] 合规要求映射和实施计划
+- [ ] 事件响应和恢复程序
+- [ ] 安全监控和测试策略
+
+### 安全框架检查
+- [ ] 防御深度：多层安全控制
+- [ ] 最小权限：访问控制最小化
+- [ ] 失败安全：安全失败时的默认行为
+- [ ] 完整监控：全面的安全日志和告警
+- [ ] 持续改进：定期安全评估和更新
+
+### 威胁覆盖验证
+- [ ] OWASP Top 10 威胁评估
+- [ ] 内部和外部威胁分析
+- [ ] 供应链安全风险
+- [ ] 云安全和配置管理
+- [ ] 隐私和数据保护合规