4. Security & Compliance

Provides operational security guidance for deployment, monitoring, and maintenance, including middleware configuration, environment variables, and pre-deployment checklists.

Conducts WCAG 2.2 Level AA accessibility audits for React applications, including screen reader testing and color contrast analysis with severity scoring.

Educates on injection vulnerabilities (SQLi, XSS, command) in AI-generated code, including patterns and real-world examples for secure development.

Identifies authentication and authorization vulnerabilities in AI-generated code, including insecure password storage and access control bypasses.

Validates CLAUDE.md configurations against Anthropic documentation and security standards to detect violations before project commits.

Provides an overview of Secure Vibe Coding OS's defense-in-depth security architecture, including the 5-layer stack and OWASP scoring methodology.

Provides secure error handling for APIs to prevent information leakage, avoid stack trace exposure, and deliver environment-appropriate error responses.

Tests and verifies security features including CSRF protection, rate limiting, and security headers prior to deployment.

Enables secure user authentication, authorization, and route protection using Clerk, including subscription-based access control.

Provides battle-tested security prompt templates for implementing secure features including authentication, authorization, file uploads, and threat modeling aligned with OWASP and STRIDE.

Provides comprehensive security prompt templates for implementing secure features with multiple security layers, including forms, endpoints, and file uploads.

Provides prompt templates for implementing and testing role-based access control (RBAC) and authorization systems.

Provides CSRF token validation for API endpoints to prevent cross-site request forgery attacks in form submissions and state-changing requests.

Audits code for security vulnerabilities against OWASP Top 10, identifying XSS, SQL injection, CSRF, and authorization flaws.

Audits, updates, and monitors software dependencies to prevent vulnerabilities and supply chain attacks.

Analyzes supply chain vulnerabilities in AI-generated code, identifying risks from outdated, malicious, or typosquatted dependencies and dependency confusion attacks.

Enables secure payment processing with Stripe and Clerk Billing, ensuring PCI-DSS compliance without handling card data. Manages subscriptions, webhooks, and payment gating.

Provides knowledge on identifying and preventing resource exhaustion and denial of service (DoS) vulnerabilities in AI-generated code, including unbounded loops and missing rate limits.

Identifies and mitigates security risks from hardcoded secrets and verbose logging in AI-generated code, preventing sensitive data exposure.

Provides security awareness for AI-generated code, covering inherent risks, vulnerability statistics, and real-world breach examples in AI-assisted development.

Automates compliance audits for software projects, identifying applicable regulatory frameworks and generating tiered reports with technical findings.

AI security co-pilot for identifying, testing, and fixing vulnerabilities in LLM applications, including prompt injection and compliance mapping.

Validates safety in robotics code and configurations, specifically for URDF files and ROS 2 nodes to ensure compliance with safety standards.

Summarizes constitution principles for the AI-Native Robotics Textbook project to ensure rule compliance and understand project constraints.