JWT plugins

Secure full-stack applications with API design patterns, authentication/authorization systems, backend/frontend coding practices, code review for vulnerabilities, and PCI DSS compliance guidance.

Build and optimize Next.js App Router apps: scaffold pages/layouts/components/API routes/server actions, implement authentication with Auth.js/Prisma/middleware, guide server/client components usage, and analyze/generate performance reports with recommendations.

Audit authentication in JavaScript, Python, and Java web apps/APIs against OWASP/NIST standards—covering password hashing, JWT handling, sessions, OAuth flows, MFA, and account controls. Validate project setups by checking credentials, tokens, and config files for errors and compliance status.

Delegate specialized AI agents to automate code reviews on git diffs, security audits for APIs and auth per OWASP, debugging of errors and incidents, test generation with Jest/pytest, performance profiling, and quality assurance across dev workflows.

Administer Keycloak identity and access management with realm/client configuration, authentication flows, authorization policies, and security hardening, plus implement Keycloak.AuthServices .NET library for JWT/OIDC authentication, RBAC, and Admin REST API integration.

Read, write, search, and surgically edit Obsidian notes, tags, and frontmatter via the Local REST API plugin, using either STDIO or Streamable HTTP transport.

Automate Duende Software docs lifecycle for IdentityServer, BFF, Access Token Management, IdentityModel, OidcClient: scrape sources, validate and rebuild indexes, perform keyword/NLP searches, resolve doc sections, and maintain searchable storage to accelerate authentication research.

Scaffolds production-grade .NET Clean Architecture solutions with CQRS, DDD entities, EF Core mappings, authentication, authorization, pipeline behaviors, background jobs, email sending, health checks, structured logging, rate limiting, and comprehensive testing (xUnit, integration with Testcontainers).

Delegate security engineering tasks to an AI agent that performs vulnerability assessments, fixes issues like SQL injection and XSS, implements authentication with OAuth/JWT and RBAC, protects PII, conducts threat modeling, code reviews, and ensures OWASP/GDPR compliance in your codebase.

Bootstrap Auth0 authentication by auto-detecting frameworks like React, Next.js, Vue, Angular, Express, or React Native; migrate user auth from Firebase, Cognito, Supabase, Clerk, or custom setups; enable MFA/2FA via TOTP, SMS, push, passkeys with step-up verification and adaptive risk-based auth for compliance.

Audit codebases, PRs, staged changes, and dependencies for OWASP Top 10, CWE vulnerabilities, secrets, and CVEs; scan containers and supply chains; model threats with STRIDE/DREAD; implement secure auth patterns, crypto, zero-trust, and DevSecOps workflows.

Generate complete RESTful APIs, GraphQL schemas, and microservice architectures including code, OpenAPI documentation, validation, JWT/OAuth security, tests, and PostgreSQL database integration.

Design and implement enterprise API integrations for microservices and third-party services in B2B applications, using REST, GraphQL, gRPC, webhooks for connectivity, with authentication, data transformation, error handling, API gateways, service mesh, and monitoring to build scalable architectures.

Design and implement scalable enterprise microservices architectures for distributed systems. Decompose monoliths using DDD/Strangler patterns, implement communication via REST/gRPC/events/sagas, deploy API gateways, orchestrate with Kubernetes, and add observability plus resilience.

Manage and automate YAML workflow playbooks for LLM agents via MCP, including storing, querying, and creating playbooks with built-in scaffolding, testing, deployment, and security auditing for MCP servers built on @cyanheads/mcp-ts-core.

Run AI-guided, phase-chained penetration tests and bug bounty hunts: initialize targets, perform recon and subdomain enumeration, hunt secrets and API keys, test web/API vulns like SQLi/XSS/SSRF/race conditions/OAuth, audit cloud/AD infra misconfigs, exploit chains, triage findings with precision gating, and generate Markdown reports.

Build secure backend services by designing REST/GraphQL APIs, implementing OAuth/JWT authentication, integrating LLMs with RAG pipelines and prompt engineering, and conducting OWASP Top 10 security reviews with threat modeling and vulnerability fixes.

Implement agentic commerce flows using the Universal Commerce Protocol across REST, MCP, A2A, and Embedded bindings, including checkout, orders, payments, fulfillment, discounts, identity linking, and autonomous agent payments.

Manage Blumira SIEM security operations by triaging open findings by severity, investigating alerts with evidence and comments, resolving issues with notes, monitoring agent health and device inventory across organizations, overseeing MSP multi-tenant accounts with cross-account queries, and analyzing security posture trends over time.

Manage Checkpoint Harmony Email (Avanan) security via API: triage incidents and threats with IOC extraction, tune DLP/anti-phishing/malware policies, search/release quarantined emails in bulk, and perform threat/policy queries using skills, commands, and remote MCP server.

Configure and manage Duende IdentityServer deployments in ASP.NET Core — OAuth/OIDC flows, token management, BFF security patterns, client/scope setup, signing keys, store customization, and production hardening

Implements the AP2 Agent Payments Protocol for multi-agent commerce — creating, signing, and verifying Verifiable Digital Credentials (VDCs) and mandates (Cart, Intent, Payment), orchestrating Shopping/Merchant/Credentials Provider agents through human-present and human-not-present transaction flows, handling 3DS2/OTP challenges, cryptographic signing, and MCP/A2A integrations

Automates end-to-end CVE discovery in open source packages: finds under-audited targets, scans code for 20+ vulnerability classes like injection, auth bypass, and DoS, builds proof-of-concept exploits, validates findings through multi-gate verification, and generates professional disclosure reports for submission channels.

Develop .NET applications in Claude Code with full lifecycle support — from architecture and domain design through C# coding, ASP.NET Core API development, UI across Blazor/MAUI, testing, debugging, CI/CD, security review, and documentation generation

Design and audit RESTful APIs following proven patterns from Stripe, GitHub, Twilio, and other leading APIs. Get research-backed guidance on routes, methods, errors, auth, caching, versioning, webhooks, and more, plus automated review of your API against 12 design principles.

Conduct AI-orchestrated pentests on deployed web apps via CLI: run passive recon, discovery of APIs/secrets/cloud backends, scans for injections/auth/business logic/cloud misconfigs/WAFs, optional active exploits with consent, and generate PDF reports with severity-ranked findings and remediations.

Implement Auth0 authentication in Next.js and Express.js apps using patterns for JWT middleware with scopes, permissions, and RBAC; client-side providers, hooks, and protected routes; server sessions; plus M2M flows, token caching, and user/organization management via TypeScript SDKs.