4. Security & Compliance

Performs security audits on code and dependencies to identify and report vulnerabilities.

Provides integration patterns for WorkOS SSO, enabling secure authentication, organization management, directory synchronization, and session handling within Battery.

Validates adherence to 9 Constitutional Articles and Phase-1 Gates before implementation to enforce governance and quality standards.

Conducts security audits, vulnerability scans, and penetration testing to identify and mitigate security risks using OWASP standards and CVE databases.

Conducts security audits, vulnerability scans, and penetration testing to identify and mitigate security risks in systems and applications.

Conducts security audits, vulnerability scans, and penetration testing to identify and mitigate security risks in systems and applications.

Demonstrates high-risk file operations (deletion, permission changes) for security testing purposes only.

Tests AST analysis for detecting real eval() function calls in Python code to identify potential security risks.

Demonstrates data exfiltration techniques for security testing, targeting AWS credentials, GitHub tokens, and SSH keys in controlled environments.

Demonstrates a secure Hello World implementation for system information display, contrasting safe vs. unsafe examples.

Validates adherence to 9 constitutional development principles and Phase-1 quality gates before project implementation begins.

Comprehensive production-grade authentication and authorization solution with JWT, OAuth2, MFA, RBAC, and security best practices across multiple frameworks.

Demonstrates command injection vulnerabilities including eval, nested commands, and shell piping for security testing purposes.

Conducts security, quality, and PM compliance reviews on strategy code pre-merge, including security audits, code reviews, and backtest validation, generating PR documentation.

Analyzes Python code for dangerous subprocess patterns using AST to prevent security vulnerabilities.

Tests AST analysis to differentiate dangerous patterns in comments from actual code, minimizing false positives in security scanning.

Automates secure JWT authentication with RBAC, token rotation, and security audits across multiple frameworks.

Tests Shell AST to prevent false positives in security code scanning, ensuring accurate vulnerability detection in shell scripts.

Automates security validation against OWASP Top 10, CVEs, and secrets, delivering confidence-scored vulnerability reports.

Validates Swift packages against ARC Labs Studio standards for compliance, structure, and ARCDevTools integration prior to release.

Scans files for secrets (tokens, keys) without revealing content, determines publish gate status, and redacts secrets in-place for security compliance.

Audits third-party dependencies for security vulnerabilities, license compliance, and maintenance risks to enhance supply chain security.

Performs high-confidence security analysis on code for vulnerabilities in input handling, authentication, and API interactions with >95% accuracy.

Reviews configuration files, environment variables, and feature flags for security risks, safe defaults, and secret management compliance.