")
+def get_user(id, include_profile: bool = False):
+ user = User.get(id)
+ if include_profile:
+ user.profile = Profile.get(user.profile_id)
+ return user
+```
+
+**Documentation Update**:
+```markdown
+## Get User
+
+`GET /users/{id}`
+
+### Query Parameters
+
+| Parameter | Type | Default | Description |
+|-----------|------|---------|-------------|
+| include_profile | boolean | false | Include full profile data |
+
+### Response
+
+```json
+{
+ "id": "123",
+ "name": "John Doe",
+ "email": "john@example.com",
+ "profile": { // Only if include_profile=true
+ "bio": "...",
+ "avatar_url": "..."
+ }
+}
+```
+```
+
+## Example: README Update
+
+**Before** (outdated):
+```markdown
+## Installation
+
+npm install my-package
+```
+
+**After** (updated):
+```markdown
+## Installation
+
+npm install my-package
+
+## Quick Start
+
+1. Install the package
+2. Configure your API key in `.env`
+3. Import and initialize:
+
+```javascript
+import { Client } from 'my-package';
+const client = new Client({ apiKey: process.env.API_KEY });
+```
+```
+
+## Automation Strategies
+
+### PR-Triggered Updates
+
+Check and update docs on every PR:
+
+```yaml
+name: Documentation Check
+on: [pull_request]
+
+jobs:
+ check-docs:
+ steps:
+ - name: Check for doc updates
+ run: |
+ # Trigger OpenHands to review and update docs
+```
+
+### Scheduled Sync
+
+Run weekly to catch any drift:
+
+```
+Every Monday at 9am:
+1. Compare code and documentation
+2. Identify outdated sections
+3. Create PR with updates
+4. Request review from docs team
+```
+
+### On-Demand Updates
+
+Use when you know docs need work:
+
+```
+/update-docs src/api/
+
+Update all documentation for the API module including:
+- Function docstrings
+- README API section
+- OpenAPI spec
+```
+
+## Best Practices
+
+### Scope Documentation
+
+- Focus on public APIs and interfaces
+- Document non-obvious behavior
+- Keep examples minimal but complete
+- Update version numbers and dates
+
+### Style Consistency
+
+- Match existing documentation style
+- Use consistent terminology
+- Follow the project's doc conventions
+- Include relevant links
+
+### Verification
+
+- Test code examples actually work
+- Verify links aren't broken
+- Check screenshots are current
+- Validate API examples against actual behavior
+
+## Integration with Code Review
+
+Add to your code review process:
+
+```markdown
+## PR Checklist
+
+- [ ] Code changes tested
+- [ ] Documentation updated
+- [ ] Examples verified
+```
+
+OpenHands can automatically check this:
+
+```
+Review this PR and verify:
+1. All new public functions have docstrings
+2. README reflects any API changes
+3. Code examples in docs still work
+4. No broken links in documentation
+```
diff --git a/openhands/usage/use-cases/fix-ci-pipelines.mdx b/openhands/usage/use-cases/fix-ci-pipelines.mdx
new file mode 100644
index 00000000..a22ec137
--- /dev/null
+++ b/openhands/usage/use-cases/fix-ci-pipelines.mdx
@@ -0,0 +1,242 @@
+---
+title: Fix CI Pipelines
+description: Diagnose and fix CI/CD pipeline failures automatically
+automation:
+ icon: gears
+ summary: >-
+ Monitor CI pipelines, diagnose failures, and automatically fix common issues.
+---
+
+
+ Check out the CI pipeline fixing skill with slash-command triggers.
+
+
+CI/CD pipelines are the backbone of modern software development, but they break constantly. Flaky tests, dependency issues, configuration problems, and infrastructure hiccups can block entire teams. What if an AI agent could diagnose and fix these issues automatically?
+
+## The Challenge
+
+Common CI/CD failures include:
+
+- **Dependency problems**: Version conflicts, missing packages, outdated lock files
+- **Flaky tests**: Race conditions, timing issues, environmental differences
+- **Configuration errors**: Invalid YAML, missing secrets, incorrect paths
+- **Resource issues**: Out of memory, disk full, timeouts
+- **Infrastructure problems**: Docker issues, network failures, API rate limits
+
+These failures are often repetitive—the same patterns occur again and again. Engineers spend valuable time debugging CI instead of building features.
+
+**What if we could automate CI failure diagnosis and resolution?**
+
+## Automated CI Fixing with OpenHands
+
+OpenHands can help diagnose and fix CI/CD failures by:
+
+- **Analyzing logs**: Reading build outputs to identify the root cause
+- **Pattern matching**: Recognizing common failure patterns
+- **Implementing fixes**: Making targeted changes to resolve issues
+- **Validating solutions**: Ensuring fixes don't break other things
+
+## How It Works
+
+### 1. Trigger on Failure
+
+Set up OpenHands to respond when CI fails. You can:
+
+- Use the `/fix-ci` command in a conversation
+- Create a GitHub Actions workflow that triggers on failure
+- Set up an automation to monitor CI status
+
+### 2. Analyze the Failure
+
+OpenHands will:
+
+1. Fetch the CI logs from the failed job
+2. Identify the failing step and error message
+3. Trace the error to its root cause
+4. Categorize the failure type
+
+### 3. Implement the Fix
+
+Based on the diagnosis, OpenHands will:
+
+- Update dependency versions for version conflicts
+- Fix configuration syntax errors
+- Adjust resource limits or timeouts
+- Skip or fix flaky tests
+- Update environment variables or secrets
+
+## Example: Fixing a Dependency Conflict
+
+**CI Log**:
+```
+ERROR: Cannot install package-a==2.0 and package-b==1.5
+ package-a 2.0 requires package-c>=3.0
+ package-b 1.5 requires package-c<3.0
+```
+
+**OpenHands Response**:
+```
+Root cause: Dependency conflict between package-a and package-b
+over the version of package-c.
+
+Fix: Update package-b to version 2.0 which supports package-c>=3.0
+
+Changes:
+- requirements.txt: package-b==1.5 → package-b==2.0
+- Regenerated lock file
+
+Verified: No breaking changes in package-b 2.0 API for our usage.
+```
+
+## Example: Fixing a Flaky Test
+
+**CI Log**:
+```
+FAILED tests/test_api.py::test_concurrent_requests
+AssertionError: Expected 10 results, got 9
+```
+
+**OpenHands Analysis**:
+```
+Root cause: Race condition in test_concurrent_requests.
+The test doesn't wait for all async operations to complete
+before asserting.
+
+Fix: Add proper await/sync mechanism before assertion.
+```
+
+```python
+# Before
+results = [api.fetch() for _ in range(10)]
+assert len(results) == 10
+
+# After
+results = await asyncio.gather(*[api.fetch() for _ in range(10)])
+assert len(results) == 10
+```
+
+## Common CI Failure Patterns
+
+### Dependency Issues
+
+| Pattern | Fix |
+|---------|-----|
+| Version conflict | Update conflicting package |
+| Missing dependency | Add to requirements |
+| Lock file out of sync | Regenerate lock file |
+| Private registry auth | Check credentials |
+
+### Test Failures
+
+| Pattern | Fix |
+|---------|-----|
+| Flaky timing | Add proper waits/retries |
+| Missing fixtures | Add test data setup |
+| Environment-specific | Mock external dependencies |
+| Snapshot mismatch | Update snapshots |
+
+### Build Failures
+
+| Pattern | Fix |
+|---------|-----|
+| Type errors | Fix type annotations |
+| Lint failures | Apply auto-fixes |
+| Compilation errors | Fix syntax issues |
+| Asset bundling | Check paths and imports |
+
+### Infrastructure Issues
+
+| Pattern | Fix |
+|---------|-----|
+| Out of memory | Increase limits or optimize |
+| Disk full | Clean up artifacts |
+| Timeout | Increase timeout or parallelize |
+| Docker issues | Update base image or config |
+
+## Setting Up CI Auto-Fix
+
+### Option 1: Manual Trigger
+
+Use the `/fix-ci` command when you see a CI failure:
+
+```
+/fix-ci
+
+The build failed on the lint step. Here's the log:
+[paste log]
+```
+
+### Option 2: GitHub Actions Integration
+
+Create a workflow that triggers OpenHands when CI fails:
+
+```yaml
+name: Auto-Fix CI
+on:
+ workflow_run:
+ workflows: ["CI"]
+ types: [completed]
+
+jobs:
+ fix-if-failed:
+ if: ${{ github.event.workflow_run.conclusion == 'failure' }}
+ runs-on: ubuntu-latest
+ steps:
+ - name: Trigger OpenHands
+ run: |
+ # Trigger OpenHands to analyze and fix the failure
+ curl -X POST "$OPENHANDS_API/conversations" \
+ -H "Authorization: Bearer $OPENHANDS_API_KEY" \
+ -d '{"message": "Analyze and fix the CI failure in workflow run ${{ github.event.workflow_run.id }}"}'
+```
+
+### Option 3: Scheduled Monitoring
+
+Set up an automation to check CI status periodically and fix failures:
+
+```
+Every hour, check the CI status for the main branch.
+If there are any failures:
+1. Analyze the logs
+2. Identify the root cause
+3. Create a PR with the fix
+4. Request review from the team
+```
+
+## Best Practices
+
+### Safety First
+
+- Always create PRs for review rather than pushing directly
+- Run the full test suite after making fixes
+- Be conservative with dependency upgrades
+
+### Incremental Fixes
+
+- Fix one issue at a time
+- Verify each fix before moving to the next
+- Document why each change was made
+
+### Learn from Patterns
+
+- Track recurring failures
+- Add documentation for common issues
+- Consider improving the CI configuration to prevent failures
+
+## Integration with Iterate
+
+Combine CI fixing with the [iterate skill](/openhands/usage/automations/iterate) to drive PRs through the full CI cycle:
+
+```
+/iterate
+
+This PR is failing CI. Please:
+1. Diagnose the failure
+2. Fix the issue
+3. Push the fix
+4. Repeat until CI passes
+```
diff --git a/openhands/usage/use-cases/internationalization.mdx b/openhands/usage/use-cases/internationalization.mdx
new file mode 100644
index 00000000..c6de5a54
--- /dev/null
+++ b/openhands/usage/use-cases/internationalization.mdx
@@ -0,0 +1,98 @@
+---
+title: Internationalization
+description: Add multi-language support to your applications
+automation:
+ icon: globe
+ summary: >-
+ Extract strings, set up i18n framework, and add locale support.
+---
+
+
+ Check out the internationalization skill.
+
+
+Internationalization (i18n) enables your application to support multiple languages and locales. OpenHands can help extract hardcoded strings, set up i18n frameworks, and implement locale-aware formatting.
+
+## Implementation Steps
+
+### 1. String Extraction
+Find and extract hardcoded strings to translation files.
+
+### 2. Framework Setup
+Configure the appropriate i18n library for your stack.
+
+### 3. Locale Formatting
+Implement locale-aware dates, numbers, and currencies.
+
+### 4. RTL Support
+Add support for right-to-left languages.
+
+## How to Use
+
+```
+/i18n
+
+Set up internationalization for this React application.
+Extract all user-facing strings and configure i18next.
+```
+
+## Example Implementation
+
+**Before**: Hardcoded strings
+```jsx
+Submit
+Welcome back, {user.name}!
+```
+
+**After**: Translated strings
+```jsx
+{t('common.submit')}
+{t('greeting.welcome', { name: user.name })}
+```
+
+**Translation file** (en.json):
+```json
+{
+ "common": {
+ "submit": "Submit"
+ },
+ "greeting": {
+ "welcome": "Welcome back, {{name}}!"
+ }
+}
+```
+
+## Locale-Aware Formatting
+
+**Numbers**:
+```javascript
+new Intl.NumberFormat('de-DE').format(1234.56)
+// → "1.234,56"
+```
+
+**Dates**:
+```javascript
+new Intl.DateTimeFormat('ja-JP').format(date)
+// → "2024/1/15"
+```
+
+**Currency**:
+```javascript
+new Intl.NumberFormat('en-US', {
+ style: 'currency',
+ currency: 'USD'
+}).format(99.99)
+// → "$99.99"
+```
+
+## Best Practices
+
+- Never concatenate translated strings
+- Use ICU message format for plurals
+- Include context for translators
+- Test with pseudo-localization
+- Account for text expansion (~30% for German)
diff --git a/openhands/usage/use-cases/merge-conflicts.mdx b/openhands/usage/use-cases/merge-conflicts.mdx
new file mode 100644
index 00000000..4b8c0b24
--- /dev/null
+++ b/openhands/usage/use-cases/merge-conflicts.mdx
@@ -0,0 +1,128 @@
+---
+title: Fix Merge Conflicts
+description: Intelligently resolve git merge conflicts while preserving intent
+automation:
+ icon: code-merge
+ summary: >-
+ Automatically resolve merge conflicts by understanding what each change intended.
+---
+
+
+ Check out the merge conflict resolution skill.
+
+
+Merge conflicts are a fact of life in collaborative development. When multiple developers change the same code, someone has to reconcile those changes. This often involves understanding both changes and making judgment calls about how to combine them. OpenHands can help by understanding the intent behind each change and resolving conflicts intelligently.
+
+## The Challenge
+
+Merge conflicts are frustrating because:
+
+- **Context is lost**: Git shows the conflict but not why each change was made
+- **Time-consuming**: Understanding both sides takes time
+- **Error-prone**: Manual resolution can accidentally lose changes
+- **Lock files are painful**: Package lock files create huge, unmergeable diffs
+
+## Automated Conflict Resolution
+
+OpenHands resolves merge conflicts by:
+
+- **Understanding intent**: Analyzing what each change was trying to accomplish
+- **Preserving both changes**: Combining changes when they don't truly conflict
+- **Making smart choices**: Selecting the better change when they're incompatible
+- **Handling lock files**: Regenerating instead of manually merging
+
+## How to Use
+
+```
+/fix-conflicts
+
+I have merge conflicts after rebasing. Please resolve them while
+preserving the intent of both the main branch changes and my feature.
+```
+
+## Conflict Types
+
+### Code Conflicts
+
+When the same function is modified differently:
+
+```python
+<<<<<<< HEAD
+def process_user(user):
+ validate(user)
+ save(user)
+=======
+def process_user(user, notify=True):
+ save(user)
+ if notify:
+ send_notification(user)
+>>>>>>> feature
+```
+
+**Resolution**: Combine both changes:
+```python
+def process_user(user, notify=True):
+ validate(user)
+ save(user)
+ if notify:
+ send_notification(user)
+```
+
+### Configuration Conflicts
+
+When package.json or similar files conflict:
+
+```json
+<<<<<<< HEAD
+"dependencies": {
+ "react": "^18.2.0",
+ "lodash": "^4.17.21"
+}
+=======
+"dependencies": {
+ "react": "^18.2.0",
+ "axios": "^1.4.0"
+}
+>>>>>>> feature
+```
+
+**Resolution**: Include all dependencies:
+```json
+"dependencies": {
+ "react": "^18.2.0",
+ "lodash": "^4.17.21",
+ "axios": "^1.4.0"
+}
+```
+
+### Lock File Conflicts
+
+Never manually merge lock files. Instead:
+
+```bash
+# Accept one side, then regenerate
+git checkout --theirs package-lock.json
+npm install
+git add package-lock.json
+```
+
+## Resolution Strategies
+
+| Scenario | Strategy |
+|----------|----------|
+| Both changes are additive | Combine both |
+| Changes are semantically independent | Keep both |
+| One supersedes the other | Choose the more complete one |
+| Fundamentally incompatible | Requires redesign discussion |
+| Lock file conflict | Regenerate the lock file |
+
+## Best Practices
+
+- Review the resolution to ensure intent is preserved
+- Run tests after resolution to catch issues
+- For complex conflicts, discuss with the other developer
+- Keep commits small to reduce conflict likelihood
diff --git a/openhands/usage/use-cases/overview.mdx b/openhands/usage/use-cases/overview.mdx
index da9b0161..02daf90d 100644
--- a/openhands/usage/use-cases/overview.mdx
+++ b/openhands/usage/use-cases/overview.mdx
@@ -7,55 +7,175 @@ OpenHands supports a wide variety of software development tasks. Here are some o
Each use case can be implemented in different ways—as a one-off conversation, a scheduled [automation](/openhands/usage/automations/overview), a [plugin](https://github.com/OpenHands/extensions), or through the [SDK](/sdk/index). Pick the approach that fits your workflow.
+## Ship Code Faster
+
- Identify and fix security vulnerabilities in your codebase using OpenHands.
+ Automated PR reviews to maintain code quality and catch bugs early.
- Set up automated PR reviews to maintain code quality and catch bugs early.
+ Intelligently resolve merge conflicts by understanding both changes.
Validate PR changes by actually running the software as a real user would.
- Quickly investigate production incidents, analyze logs, and generate fixes.
+ Automatically update documentation when code changes.
+ Generate changelogs from git history with proper categorization.
+
+
+
+## Keep Engineering Systems Healthy
+
+
+
- Understand, document, and modernize legacy COBOL systems while preserving business logic.
+ Diagnose and fix CI/CD failures to get builds green again.
- Automate dependency updates, handle breaking changes, and validate applications.
+ Automate dependency updates and handle breaking changes.
+ Quickly investigate production incidents and generate fixes.
+
+
+ Improve logging quality for better debugging and observability.
+
+
+ Optimize resource usage for better performance and cost savings.
+
+
+
+## Improve Security and Quality
+
+
+
+ Identify and fix security vulnerabilities in your codebase.
+
+
+ Security-focused code review covering OWASP Top 10 and best practices.
+
+
+ Proactively scan for CVEs, secrets, and insecure code patterns.
+
+
+ Rapidly assess and respond to critical security vulnerabilities.
+
+
+ Check for WCAG compliance and improve accessibility.
+
+
+ Evaluate architecture for scalability and maintainability.
+
+
+
+## Turn Requests into Workflows
+
+
+
+ Automated Slack bot that responds to engineering questions.
+
+
+ Audit and improve meta tags, structured data, and performance.
+
+
+ Add multi-language support with string extraction and i18n setup.
+
+
+
+## Legacy Modernization
+
+
+
+ Understand and modernize legacy COBOL systems.
+
+
- Analyze, migrate, and validate Apache Spark applications across versions.
+ Migrate Apache Spark applications across versions.
diff --git a/openhands/usage/use-cases/release-notes.mdx b/openhands/usage/use-cases/release-notes.mdx
new file mode 100644
index 00000000..a0cbf640
--- /dev/null
+++ b/openhands/usage/use-cases/release-notes.mdx
@@ -0,0 +1,70 @@
+---
+title: Automate Release Notes
+description: Generate formatted changelogs from git history
+automation:
+ icon: clipboard-list
+ summary: >-
+ Automatically generate release notes from commits and PRs.
+---
+
+
+ Check out the release notes generation skill.
+
+
+Writing release notes is tedious but important. Users need to know what changed, especially breaking changes and new features. OpenHands can generate comprehensive release notes from your git history.
+
+## How It Works
+
+1. Find the most recent release tag
+2. Collect commits and merged PRs since that tag
+3. Categorize changes (breaking, features, fixes)
+4. Format according to your project's style
+
+## How to Use
+
+```
+/release-notes
+
+Generate release notes for all changes since the last release.
+```
+
+## Example Output
+
+```markdown
+## v2.5.0 (2024-01-15)
+
+### Breaking Changes
+- Removed deprecated `oldMethod()` API (#234)
+- Changed default timeout from 30s to 60s (#245)
+
+### Added
+- New dashboard with real-time metrics (#250)
+- Support for custom themes (#252)
+- OAuth2 authentication option (#248)
+
+### Changed
+- Improved error messages for validation failures (#247)
+- Optimized database queries for better performance (#251)
+
+### Fixed
+- Fixed memory leak in WebSocket handler (#246)
+- Resolved race condition in batch processing (#249)
+
+### Contributors
+Thanks to @alice, @bob, and @charlie for their contributions!
+```
+
+## Customization
+
+Match your project's existing release note style:
+
+```
+/release-notes
+
+Generate release notes matching the style in previous releases.
+Include PR links and contributor attribution.
+```
diff --git a/openhands/usage/use-cases/security-review.mdx b/openhands/usage/use-cases/security-review.mdx
new file mode 100644
index 00000000..a46dd628
--- /dev/null
+++ b/openhands/usage/use-cases/security-review.mdx
@@ -0,0 +1,227 @@
+---
+title: Security Review
+description: Conduct security-focused code reviews to identify vulnerabilities
+automation:
+ icon: shield-check
+ summary: >-
+ Review code for security vulnerabilities, OWASP Top 10, and best practices.
+---
+
+
+ Check out the security review skill with comprehensive vulnerability checks.
+
+
+Security vulnerabilities in code can lead to data breaches, system compromises, and compliance violations. While automated scanners catch some issues, they miss context-dependent vulnerabilities that require understanding how code actually works. OpenHands can perform security-focused code reviews that combine pattern matching with contextual understanding.
+
+## The Challenge
+
+Security review is hard because:
+
+- **Context matters**: A SQL query might be safe or vulnerable depending on where the input comes from
+- **Scanners miss logic flaws**: Automated tools catch patterns but miss business logic vulnerabilities
+- **Security expertise is scarce**: Not every team has dedicated security engineers
+- **Reviews are time-consuming**: Thorough security review of every PR is impractical
+
+**What if we could automate security-focused code review with an AI that understands context?**
+
+## Security Review with OpenHands
+
+OpenHands performs security reviews that:
+
+- **Understand data flow**: Trace inputs from entry points to usage
+- **Check OWASP Top 10**: Cover the most common vulnerability categories
+- **Provide context**: Explain why something is vulnerable and how to fix it
+- **Rate severity**: Prioritize findings by actual risk
+
+## How to Use
+
+### Slash Command
+
+Use the `/security-review` command to review code:
+
+```
+/security-review
+
+Review the authentication module for security issues.
+Focus on session management and password handling.
+```
+
+### PR Review Integration
+
+Add security review to your PR workflow:
+
+```
+Review this PR with a focus on security:
+- Check all user inputs for proper validation
+- Verify authentication and authorization
+- Look for sensitive data exposure
+- Check for injection vulnerabilities
+```
+
+## Security Checklist
+
+### Input Validation
+
+**SQL Injection**
+```python
+# Vulnerable
+query = f"SELECT * FROM users WHERE id = {user_id}"
+
+# Secure
+query = "SELECT * FROM users WHERE id = ?"
+cursor.execute(query, (user_id,))
+```
+
+**Command Injection**
+```python
+# Vulnerable
+os.system(f"convert {filename} output.png")
+
+# Secure
+subprocess.run(["convert", filename, "output.png"], check=True)
+```
+
+**Path Traversal**
+```python
+# Vulnerable
+path = f"/uploads/{user_input}"
+
+# Secure
+path = os.path.join("/uploads", os.path.basename(user_input))
+```
+
+### Authentication & Session
+
+- Strong password hashing (bcrypt, argon2)
+- Secure session token generation
+- Proper session expiration
+- Protection against session fixation
+- Multi-factor authentication support
+
+### Authorization
+
+- Check permissions on every request
+- Avoid direct object references
+- Implement proper role-based access
+- Verify ownership before actions
+
+### Data Protection
+
+- Encrypt sensitive data at rest
+- Use TLS for data in transit
+- Redact PII in logs
+- Implement proper key management
+
+### API Security
+
+- Rate limiting
+- Input validation on all endpoints
+- Proper error handling (no stack traces)
+- CORS configuration
+- Authentication on sensitive endpoints
+
+## Example Review Output
+
+```markdown
+## Security Review: Authentication Module
+
+### Critical Issues
+
+**1. SQL Injection in login endpoint**
+- **Location**: `src/auth/login.py:45`
+- **Code**: `query = f"SELECT * FROM users WHERE email = '{email}'"`
+- **Risk**: Attackers can bypass authentication or extract data
+- **Fix**: Use parameterized queries
+
+**2. Weak password hashing**
+- **Location**: `src/auth/passwords.py:12`
+- **Code**: `hashlib.md5(password.encode()).hexdigest()`
+- **Risk**: MD5 is not suitable for passwords; can be cracked quickly
+- **Fix**: Use bcrypt or argon2
+
+### High Severity
+
+**3. Session token predictability**
+- **Location**: `src/auth/session.py:30`
+- **Code**: `token = str(uuid.uuid1())`
+- **Risk**: UUID1 includes timestamp and MAC address; partially predictable
+- **Fix**: Use `secrets.token_urlsafe(32)`
+
+### Medium Severity
+
+**4. Missing rate limiting**
+- **Location**: `src/auth/login.py`
+- **Risk**: Vulnerable to brute force attacks
+- **Fix**: Add rate limiting (e.g., 5 attempts per minute)
+
+### Recommendations
+
+1. Implement Content Security Policy headers
+2. Add security logging for authentication events
+3. Consider adding CAPTCHA for repeated failures
+```
+
+## OWASP Top 10 Coverage
+
+OpenHands security review covers the [OWASP Top 10](https://owasp.org/www-project-top-ten/):
+
+| Category | What OpenHands Checks |
+|----------|----------------------|
+| A01: Broken Access Control | Authorization checks, direct object references |
+| A02: Cryptographic Failures | Weak crypto, sensitive data exposure |
+| A03: Injection | SQL, command, LDAP, XSS injection |
+| A04: Insecure Design | Security architecture issues |
+| A05: Security Misconfiguration | Default configs, verbose errors |
+| A06: Vulnerable Components | Known CVEs in dependencies |
+| A07: Auth Failures | Weak passwords, session issues |
+| A08: Data Integrity Failures | Insecure deserialization, SSRF |
+| A09: Logging Failures | Missing security logs |
+| A10: Server-Side Request Forgery | SSRF vulnerabilities |
+
+## Integration with CI/CD
+
+Add automated security review to your pipeline:
+
+```yaml
+# .github/workflows/security-review.yml
+name: Security Review
+on: [pull_request]
+
+jobs:
+ security-review:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - name: OpenHands Security Review
+ uses: openhands/security-review-action@v1
+ with:
+ api-key: ${{ secrets.OPENHANDS_API_KEY }}
+```
+
+## Best Practices
+
+### Review Scope
+
+- Focus on changed files in PRs
+- Deep-dive on authentication and authorization code
+- Check all external input handling
+- Review cryptographic implementations
+
+### Severity Rating
+
+Use consistent severity ratings:
+- **Critical**: Remote code execution, auth bypass, data breach
+- **High**: Injection, sensitive data exposure
+- **Medium**: Missing security controls, weak crypto
+- **Low**: Information disclosure, missing headers
+
+### Actionable Feedback
+
+- Always provide code examples for fixes
+- Explain the attack scenario
+- Reference security standards (CWE, OWASP)
+- Prioritize by exploitability
diff --git a/openhands/usage/use-cases/seo.mdx b/openhands/usage/use-cases/seo.mdx
new file mode 100644
index 00000000..111e9114
--- /dev/null
+++ b/openhands/usage/use-cases/seo.mdx
@@ -0,0 +1,80 @@
+---
+title: SEO Optimization
+description: Improve search engine optimization for better visibility
+automation:
+ icon: chart-line
+ summary: >-
+ Audit and optimize meta tags, structured data, and Core Web Vitals.
+---
+
+
+ Check out the SEO optimization skill.
+
+
+Good SEO helps users find your content. OpenHands can audit your site for SEO issues and implement improvements for better search rankings.
+
+## SEO Checklist
+
+### Meta Tags
+- Title tags (50-60 characters)
+- Meta descriptions (150-160 characters)
+- Canonical URLs
+- Open Graph tags
+- Twitter Card tags
+
+### Content Structure
+- Single H1 per page
+- Logical heading hierarchy
+- Descriptive URLs
+- Alt text for images
+
+### Technical SEO
+- XML sitemap
+- Robots.txt
+- HTTPS everywhere
+- Mobile-friendly design
+- Fast page load
+
+### Structured Data
+- Organization schema
+- BreadcrumbList
+- Article/BlogPosting
+- FAQ schema
+
+## How to Use
+
+```
+/seo-audit
+
+Audit this site for SEO issues and implement fixes.
+```
+
+## Example Output
+
+```markdown
+## SEO Audit Results
+
+### Critical
+- Missing meta descriptions on 5 pages
+- No sitemap.xml found
+- Missing canonical URLs
+
+### Improvements
+- Title tags too long (>60 chars) on 3 pages
+- Missing Open Graph images
+- H1 missing on homepage
+
+### Structured Data
+- Add Organization schema
+- Add BreadcrumbList for navigation
+- Add Article schema for blog posts
+
+### Quick Wins
+1. Add meta descriptions
+2. Generate sitemap.xml
+3. Add canonical URLs
+```
diff --git a/openhands/usage/use-cases/slack-responder.mdx b/openhands/usage/use-cases/slack-responder.mdx
new file mode 100644
index 00000000..40647220
--- /dev/null
+++ b/openhands/usage/use-cases/slack-responder.mdx
@@ -0,0 +1,170 @@
+---
+title: Slack Responder
+description: Set up an automated Slack bot that responds to engineering questions and requests
+automation:
+ icon: slack
+ summary: >-
+ Monitor Slack channels for engineering questions and respond automatically.
+---
+
+
+ Check out the complete Slack monitoring skill with ready-to-use configuration.
+
+
+Engineering teams are constantly interrupted by questions in Slack—requests for documentation, explanations of how code works, or help with common issues. What if an AI agent could handle these routine questions automatically, freeing up engineers to focus on deeper work?
+
+## The Challenge
+
+Engineering Slack channels are often filled with:
+
+- Repeated questions about the codebase
+- Requests for documentation links
+- "How does X work?" queries
+- On-call handoff questions
+- Basic troubleshooting requests
+
+Answering these questions pulls engineers out of flow states and creates bottlenecks when subject matter experts are unavailable. The same questions often get asked multiple times, with answers scattered across threads.
+
+**What if we could have an AI assistant that monitors Slack and responds to common engineering questions automatically?**
+
+## Automated Slack Responder with OpenHands
+
+OpenHands can be configured as an automated Slack assistant that:
+
+- **Monitors channels**: Watches specified Slack channels for trigger phrases
+- **Answers questions**: Responds with relevant information from your codebase
+- **Takes action**: Creates tickets, triggers workflows, or escalates to humans
+- **Learns context**: Understands your specific codebase and documentation
+
+## How It Works
+
+### 1. Configure Channel Monitoring
+
+Set up OpenHands to monitor your engineering Slack channels using the [Slack Channel Monitor skill](https://github.com/OpenHands/extensions/tree/main/skills/slack-channel-monitor):
+
+```yaml
+channels:
+ - "#engineering"
+ - "#platform-help"
+ - "#on-call"
+triggers:
+ - "@openhands"
+ - "help:"
+ - "question:"
+```
+
+### 2. Define Response Patterns
+
+Configure how OpenHands should respond to different types of requests:
+
+- **Documentation requests**: Link to relevant docs and explain key concepts
+- **Code questions**: Explain how specific features or systems work
+- **Troubleshooting**: Guide users through common debugging steps
+- **Escalation**: Route complex issues to the right team members
+
+### 3. Create an Automation
+
+Use [OpenHands Automations](/openhands/usage/automations/overview) to run the Slack monitor on a schedule:
+
+```
+Monitor the #engineering Slack channel for messages mentioning @openhands.
+When found:
+1. Analyze the question or request
+2. Search the codebase for relevant context
+3. Respond with a helpful, accurate answer
+4. If unable to answer, suggest who to ask
+```
+
+## Example Responses
+
+### Code Explanation
+
+**Question**: "@openhands how does the authentication flow work?"
+
+**Response**: "The authentication flow in this codebase uses JWT tokens with the following steps:
+
+1. User submits credentials to `/api/auth/login`
+2. `AuthService.authenticate()` validates against the database
+3. On success, a JWT is generated in `TokenService.createToken()`
+4. The token is returned and stored client-side
+5. Subsequent requests include the token in the Authorization header
+
+Key files: `src/auth/AuthService.ts`, `src/auth/TokenService.ts`
+
+Documentation: [Authentication Guide](/docs/auth)"
+
+### Documentation Lookup
+
+**Question**: "help: where are the deployment docs?"
+
+**Response**: "Deployment documentation is available at:
+
+- [Production Deployment Guide](/docs/deploy/production)
+- [Staging Environment Setup](/docs/deploy/staging)
+- [Rollback Procedures](/docs/deploy/rollback)
+
+Quick commands:
+```bash
+# Deploy to staging
+make deploy-staging
+
+# Deploy to production
+make deploy-production
+```"
+
+## Integration with MCP
+
+For advanced Slack integration, use the [Slack MCP Server](https://github.com/modelcontextprotocol/servers/tree/main/src/slack) which provides tools for:
+
+- Listing channels
+- Reading message history
+- Posting messages and replies
+- Searching conversations
+
+## Best Practices
+
+### Response Quality
+
+- Keep responses concise but complete
+- Include links to relevant documentation
+- Show code examples when helpful
+- Acknowledge uncertainty—don't make things up
+
+### Escalation
+
+- Recognize when a question needs human expertise
+- Tag appropriate team members for complex issues
+- Create tickets for bugs or feature requests found through questions
+
+### Channel Selection
+
+- Start with high-volume help channels
+- Monitor on-call channels for faster incident response
+- Consider separate channels for different topics
+
+## Setting Up the Automation
+
+1. **Slack App Setup**: Create a Slack app with `channels:history` and `chat:write` permissions
+2. **Install the Skill**: Add the [slack-channel-monitor](https://github.com/OpenHands/extensions/tree/main/skills/slack-channel-monitor) skill to your OpenHands workspace
+3. **Configure Channels**: Specify which channels to monitor and trigger phrases
+4. **Create Automation**: Set up a cron automation to poll channels periodically
+5. **Test and Refine**: Start with a test channel and refine responses based on feedback
+
+## Example Automation Prompt
+
+```
+You are an engineering assistant monitoring Slack.
+
+When a message mentions @openhands in #engineering:
+1. Understand the question or request
+2. Search the codebase for relevant files and documentation
+3. Provide a helpful, accurate response
+4. Include code snippets or links when relevant
+5. If you can't answer confidently, suggest asking a specific person or team
+
+Be friendly, concise, and technically accurate.
+```
diff --git a/openhands/usage/use-cases/tune-resources.mdx b/openhands/usage/use-cases/tune-resources.mdx
new file mode 100644
index 00000000..a826d2f6
--- /dev/null
+++ b/openhands/usage/use-cases/tune-resources.mdx
@@ -0,0 +1,92 @@
+---
+title: Tune Memory and CPU
+description: Optimize application resource usage for better performance
+automation:
+ icon: gauge-high
+ summary: >-
+ Identify memory leaks, CPU hotspots, and implement performance optimizations.
+---
+
+
+ Check out the resource optimization skill.
+
+
+Resource inefficiencies cost money and degrade user experience. Memory leaks cause crashes, CPU hotspots cause slowdowns, and both lead to over-provisioned infrastructure. OpenHands can analyze your code for resource inefficiencies and implement optimizations.
+
+## Common Issues
+
+### Memory Problems
+- Unclosed resources (files, connections)
+- Excessive object allocation
+- Caches without eviction
+- Large data structures held unnecessarily
+
+### CPU Problems
+- Inefficient algorithms
+- Unnecessary recomputation
+- Blocking operations
+- N+1 query patterns
+
+## How to Use
+
+```
+/tune-resources
+
+This service is using more memory than expected.
+Analyze the code and identify optimization opportunities.
+```
+
+## Example Optimizations
+
+**Before**: Loading all records into memory
+```python
+users = db.query("SELECT * FROM users")
+for user in users:
+ process(user)
+```
+
+**After**: Stream processing
+```python
+for user in db.query("SELECT * FROM users").yield_per(100):
+ process(user)
+```
+
+**Before**: Recomputing on every call
+```python
+def get_report():
+ return expensive_calculation()
+```
+
+**After**: Caching results
+```python
+@lru_cache(maxsize=100)
+def get_report():
+ return expensive_calculation()
+```
+
+## Output Format
+
+```markdown
+## Resource Optimization Report
+
+### Memory Issues
+1. **Memory leak in ConnectionPool**
+ - Location: src/db/pool.py
+ - Impact: ~50MB/hour growth
+ - Fix: Add connection cleanup on error
+
+### CPU Issues
+1. **O(n²) algorithm in search**
+ - Location: src/search.py:45
+ - Impact: 500ms latency at scale
+ - Fix: Use hash-based lookup
+
+### Estimated Savings
+- Memory: -200MB baseline
+- CPU: -30% average load
+- Cost: ~$500/month infrastructure
+```
diff --git a/openhands/usage/use-cases/zero-day-response.mdx b/openhands/usage/use-cases/zero-day-response.mdx
new file mode 100644
index 00000000..9e8c7c98
--- /dev/null
+++ b/openhands/usage/use-cases/zero-day-response.mdx
@@ -0,0 +1,79 @@
+---
+title: Zero-Day Response
+description: Rapidly respond to critical security vulnerabilities
+automation:
+ icon: bolt
+ summary: >-
+ Quickly assess exposure to new CVEs and implement patches or mitigations.
+---
+
+
+ Check out the zero-day response skill.
+
+
+When a critical vulnerability is announced, time is critical. You need to quickly determine if you're affected and implement fixes before exploitation. OpenHands can accelerate your response to zero-day vulnerabilities.
+
+## Response Process
+
+1. **Assess exposure**: Check if your codebase uses affected components
+2. **Evaluate impact**: Understand severity and attack vectors
+3. **Implement mitigations**: Apply immediate protective measures
+4. **Apply patches**: Update to fixed versions
+5. **Verify fix**: Confirm the vulnerability is addressed
+
+## How to Use
+
+```
+/zero-day CVE-2024-1234
+
+Check if we're affected by this vulnerability and
+provide a remediation plan.
+```
+
+## Example Response
+
+```markdown
+## CVE-2024-1234 Assessment
+
+### Exposure Status: AFFECTED
+
+**Vulnerable Component**: log4j 2.14.0
+- Location: pom.xml (direct dependency)
+- Transitive: Also pulled in by spring-boot-starter
+
+### Risk Assessment: CRITICAL
+- Remote code execution possible
+- Actively exploited in the wild
+- Public exploits available
+
+### Immediate Actions
+1. ✅ Block outbound LDAP/RMI at network level
+2. ✅ Set LOG4J_FORMAT_MSG_NO_LOOKUPS=true
+3. ⏳ Update to log4j 2.17.1
+
+### Patch Plan
+```xml
+
+ org.apache.logging.log4j
+ log4j-core
+ 2.17.1
+
+```
+
+### Verification
+After patching, verify with:
+```bash
+./gradlew dependencies | grep log4j
+```
+```
+
+## Best Practices
+
+- Maintain an inventory of dependencies
+- Subscribe to security advisories
+- Have a response playbook ready
+- Test patches in staging first