JWT plugins

Implement secure coding practices and conduct vulnerability reviews for frontend (XSS, CSP), backend (injections, headers), authentication (JWT, OAuth), APIs (rate limiting, GraphQL/REST/WebSocket), and PCI DSS payment compliance directly in Claude Code workflows.

Conduct DevSecOps security audits on CI/CD pipelines, SDLC controls, and threat models; execute authorized penetration tests on web apps with Burp Suite, cloud infrastructure across AWS/Azure/GCP, and Linux systems via reconnaissance, enumeration, privilege escalation; scan projects for OWASP Top 10 vulnerabilities and reference 100 critical web exploits with mitigations.

Build and optimize Next.js App Router apps: scaffold pages/layouts/components/API routes/server actions, implement authentication with Auth.js/Prisma/middleware, guide server/client components usage, and analyze/generate performance reports with recommendations.

Audit authentication in JavaScript, Python, and Java web apps/APIs against OWASP/NIST standards—covering password hashing, JWT handling, sessions, OAuth flows, MFA, and account controls. Validate project setups by checking credentials, tokens, and config files for errors and compliance status.

Delegate specialized AI agents to automate code reviews on git diffs, security audits for APIs and auth per OWASP, debugging of errors and incidents, test generation with Jest/pytest, performance profiling, and quality assurance across dev workflows.

Delegate security engineering tasks to an AI agent that performs vulnerability assessments, fixes issues like SQL injection and XSS, implements authentication with OAuth/JWT and RBAC, protects PII, conducts threat modeling, code reviews, and ensures OWASP/GDPR compliance in your codebase.

Automate Duende Software docs lifecycle for IdentityServer, BFF, Access Token Management, IdentityModel, OidcClient: scrape sources, validate and rebuild indexes, perform keyword/NLP searches, resolve doc sections, and maintain searchable storage to accelerate authentication research.

Audit codebases, PRs, staged changes, and dependencies for OWASP Top 10, CWE vulnerabilities, secrets, and CVEs; scan containers and supply chains; model threats with STRIDE/DREAD; implement secure auth patterns, crypto, zero-trust, and DevSecOps workflows.

Generate complete RESTful APIs, GraphQL schemas, and microservice architectures including code, OpenAPI documentation, validation, JWT/OAuth security, tests, and PostgreSQL database integration.

Design and implement enterprise API integrations for microservices and third-party services in B2B applications, using REST, GraphQL, gRPC, webhooks for connectivity, with authentication, data transformation, error handling, API gateways, service mesh, and monitoring to build scalable architectures.

Design and implement scalable enterprise microservices architectures for distributed systems. Decompose monoliths using DDD/Strangler patterns, implement communication via REST/gRPC/events/sagas, deploy API gateways, orchestrate with Kubernetes, and add observability plus resilience.

Bootstrap Auth0 authentication by auto-detecting frameworks like React, Next.js, Vue, Angular, Express, or React Native; migrate user auth from Firebase, Cognito, Supabase, Clerk, or custom setups; enable MFA/2FA via TOTP, SMS, push, passkeys with step-up verification and adaptive risk-based auth for compliance.

Run AI-guided, phase-chained penetration tests and bug bounty hunts: initialize targets, perform recon and subdomain enumeration, hunt secrets and API keys, test web/API vulns like SQLi/XSS/SSRF/race conditions/OAuth, audit cloud/AD infra misconfigs, exploit chains, triage findings with precision gating, and generate Markdown reports.

Build secure backend services by designing REST/GraphQL APIs, implementing OAuth/JWT authentication, integrating LLMs with RAG pipelines and prompt engineering, and conducting OWASP Top 10 security reviews with threat modeling and vulnerability fixes.

Master core developer workflows: systematically debug bugs and performance issues, optimize SQL queries via EXPLAIN and indexing, implement cross-language error handling and JWT/OAuth authentication, build reliable Playwright/Cypress E2E tests, manage Turborepo/Nx monorepos with pnpm, conduct constructive code reviews, and execute advanced Git operations like interactive rebase and bisect.

Implement Universal Commerce Protocol (UCP) for agentic commerce systems, building merchant servers and AI agent clients that handle discovery, checkout sessions, payments (Google Pay, Shop Pay), fulfillment, orders, discounts, identity linking, and consent across REST, MCP, A2A, Embedded bindings, with conformance testing, project scaffolding, and Shopify integration.

Manage Checkpoint Harmony Email (Avanan) security via API: triage incidents and threats with IOC extraction, tune DLP/anti-phishing/malware policies, search/release quarantined emails in bulk, and perform threat/policy queries using skills, commands, and remote MCP server.

Manage Blumira SIEM security operations by triaging open findings by severity, investigating alerts with evidence and comments, resolving issues with notes, monitoring agent health and device inventory across organizations, overseeing MSP multi-tenant accounts with cross-account queries, and analyzing security posture trends over time.

Build Google's AP2 agentic payment systems: scaffold Python projects with multi-agent roles (shopping, merchant, credentials, processor), implement mandates/VDCs for autonomous/human-present flows, cryptographic signing, risk/dispute handling, Stripe/OAuth integration, and MCP/A2A protocols.

Implement A2A agent-to-agent protocol for multi-agent systems: generate Agent Cards for discovery, secure calls with API keys/OAuth/JWT/mTLS, manage task lifecycles/states/artifacts/multi-turn convos, handle JSON-RPC/streaming/push notifications, integrate with LangGraph/CrewAI/AutoGen/Google ADK/AWS Bedrock/MCP, build servers/clients, and scaffold Python/JS projects.

Design and audit RESTful APIs using 12 research-backed principles from Stripe, GitHub, Twilio: invoke skills to craft routes, HTTP methods, status codes, auth, versioning, errors, webhooks, caching, security, and docs. Review code violations with commands and audit endpoints with agents.

Conduct AI-orchestrated pentests on deployed web apps via CLI: run passive recon, discovery of APIs/secrets/cloud backends, scans for injections/auth/business logic/cloud misconfigs/WAFs, optional active exploits with consent, and generate PDF reports with severity-ranked findings and remediations.

Implement Auth0 authentication in Next.js and Express.js apps using patterns for JWT middleware with scopes, permissions, and RBAC; client-side providers, hooks, and protected routes; server sessions; plus M2M flows, token caching, and user/organization management via TypeScript SDKs.