4. Security & Compliance

Reviews test cases for OAuth/OIDC error handling, ensuring compliance with OAuth 2.1 and OIDC Core 1.0 standards for error response formats and status codes.

Reviews ID Token test cases against OIDC Core 1.0 standards, verifying structure, claims, and RS256 signature validation.

Ensures test cases for OpenID Connect scope and claims comply with OIDC Core 1.0 specifications, validating standard scopes and claim parameters.

Guide for implementing OAuth 2.1 Bearer Tokens, covering Authorization header usage, resource server validation, and security compliance per OAuth 2.1 Section 5.

Writes and validates Firestore Security Rules for multi-tenancy, enforcing collection-level security, role-based permissions, and data isolation.

Provides automated code review for security vulnerabilities, performance issues, and code quality across Python, JavaScript/TypeScript using structured checklists and analysis scripts.

Provides a comprehensive guide for integrating Semaphore V4 zero-knowledge protocol into privacy-preserving applications including anonymous voting and secure authentication systems.

Conducts security reviews focusing on vulnerability checks, OWASP Top 10 compliance, secret exposure detection, and dependency security audits.

Provides security patterns and standards for NextAuth.js v5 authentication implementation and code review.

Validates email addresses, checks for data breaches, and discovers associated accounts to enhance security and compliance.

Enforces .agentpolicy rules to prevent unauthorized command execution, enhancing system security and compliance.

Provides state-by-state tax nexus thresholds including economic nexus and P.L. 86-272 rules for compliance validation and tax calculation verification.

Establishes foundational security rules, safety protocols, and boundary definitions for GitHub skill usage, including tool escalation procedures.

Identifies politically exposed persons (PEPs), relatives, and close associates to assess corruption and money laundering risks.

Automates entity screening against OFAC, UN, and EU sanctions lists to detect compliance risks and regulatory violations.

Identifies ultimate beneficial owners and control structures to ensure compliance with anti-money laundering and regulatory requirements.

Assesses country and jurisdiction risk levels to ensure regulatory compliance and mitigate legal exposure.

Guides Singapore corporate compliance with ACRA filings, AGM/EGM, director duties, and financial record-keeping for business operations.

Reviews code for security vulnerabilities and ensures compliance with project-specific Gate vs Policy authorization rules before committing changes.

Performs rapid initial risk assessment through sanctions, PEP, and adverse media screening for compliance and regulatory checks.

Conducts comprehensive compliance screening using sanctions, PEP, adverse media, UBO, and business registry checks for thorough due diligence.

Sanitizes HTML and validates inputs to prevent XSS vulnerabilities in web applications.

Offers Singapore tax guidance for founders covering personal income tax, corporate tax (17%), and GST optimization for strategic planning and IRAS filings.

Provides Go security patterns for common vulnerabilities including integer overflow, hardcoded credentials, and weak random usage, using gosec.