4. Security & Compliance

Automates security best practice validation and vulnerability prevention for Ruby on Rails applications.

Provides compliance guidance for Brazilian fintech: LGPD, BCB, PIX, and Boleto standards implementation.

Audits Next.js routes and API endpoints for missing auth checks, generating role-based protection logic.

Generates comprehensive security audit reports analyzing headers, cookies, input sanitization, rate limiting, and RLS policies with actionable improvement recommendations.

Generates Content Security Policy (CSP) headers for Next.js applications to prevent XSS attacks and control resource loading via next.config or middleware.

Generates Row-Level Security (RLS) policies for Supabase databases using auth.uid() and JWT claims for role-based access control.

Creates role-based permission matrices in markdown or SQL for RBAC, authorization, and access control documentation.

Converts structure/flows JSON into concrete rotation actions (size, stop, invalidation) for Crypto Rotation Playbook v2, enabling secure key management.

Returns a predefined secret string for testing or verification purposes in security contexts.

Generates bidirectional traceability matrices mapping requirements to implementation and tests with gap analysis for compliance audits.

Provides security best practices and vulnerability prevention guidance for WordPress plugin development, emphasizing code review and secure implementation.

Security middleware for Next.js 13+ App Router API routes, providing authentication, rate limiting, and CSRF protection.

Integrates OWASP ZAP/Burp Suite for dynamic vulnerability scanning, penetration testing planning, and runtime security validation to complement static analysis tools.

Guides users through Philippine tax return preparation and filing to ensure compliance with Bureau of Internal Revenue (BIR) regulations.

Detects hardcoded secrets, prevents SQL injection, adds input validation, and configures security headers for vulnerability remediation and security audits.

Automates Philippine BIR tax compliance for 36 eBIRForms with batch processing, deadline monitoring, and Odoo integration.

Scans codebases for vulnerabilities, hardcoded secrets, and OWASP Top 10 compliance issues to enhance security posture.

Orchestrates security vulnerability detection, priority-based remediation, and verification cycles using Beads integration.

Orchestrates security vulnerability detection, priority-based remediation, and verification cycles via Beads integration for inline security health management.

Ensures organizational adherence to regulatory, legal, and operational standards through compliance audits and policy implementation.

Integrates Heartwood authentication via PKCE OAuth flow into Grove properties with SvelteKit route setup and Wrangler configuration.

Conducts security audits, vulnerability assessments, and enforces secure coding practices to identify and mitigate security risks.

Provides security patterns for authentication, input validation, and CSP nonces, specifically for Supabase SSR implementations.

Analyzes code to identify contracts, usage patterns, and boundary conditions, providing input realism formulas for adversarial security testing preparation.