JWT plugins

Secure full-stack applications with API design patterns, authentication/authorization systems, backend/frontend coding practices, code review for vulnerabilities, and PCI DSS compliance guidance.

Build and optimize Next.js App Router apps: scaffold pages/layouts/components/API routes/server actions, implement authentication with Auth.js/Prisma/middleware, guide server/client components usage, and analyze/generate performance reports with recommendations.

Audit authentication in JavaScript, Python, and Java web apps/APIs against OWASP/NIST standards—covering password hashing, JWT handling, sessions, OAuth flows, MFA, and account controls. Validate project setups by checking credentials, tokens, and config files for errors and compliance status.

Delegate specialized AI agents to automate code reviews on git diffs, security audits for APIs and auth per OWASP, debugging of errors and incidents, test generation with Jest/pytest, performance profiling, and quality assurance across dev workflows.

Administer Keycloak identity and access management with realm/client configuration, authentication flows, authorization policies, and security hardening, plus implement Keycloak.AuthServices .NET library for JWT/OIDC authentication, RBAC, and Admin REST API integration.

Scaffolds production-grade .NET Clean Architecture solutions with CQRS, DDD entities, EF Core mappings, authentication, authorization, pipeline behaviors, background jobs, email sending, health checks, structured logging, rate limiting, and comprehensive testing (xUnit, integration with Testcontainers).

Delegate security engineering tasks to an AI agent that performs vulnerability assessments, fixes issues like SQL injection and XSS, implements authentication with OAuth/JWT and RBAC, protects PII, conducts threat modeling, code reviews, and ensures OWASP/GDPR compliance in your codebase.

Generate complete RESTful APIs, GraphQL schemas, and microservice architectures including code, OpenAPI documentation, validation, JWT/OAuth security, tests, and PostgreSQL database integration.

Design and implement enterprise API integrations for microservices and third-party services in B2B applications, using REST, GraphQL, gRPC, webhooks for connectivity, with authentication, data transformation, error handling, API gateways, service mesh, and monitoring to build scalable architectures.

Design and implement scalable enterprise microservices architectures for distributed systems. Decompose monoliths using DDD/Strangler patterns, implement communication via REST/gRPC/events/sagas, deploy API gateways, orchestrate with Kubernetes, and add observability plus resilience.

Manage and automate YAML workflow playbooks for LLM agents via MCP, including storing, querying, and creating playbooks with built-in scaffolding, testing, deployment, and security auditing for MCP servers built on @cyanheads/mcp-ts-core.

Run AI-guided, phase-chained penetration tests and bug bounty hunts: initialize targets, perform recon and subdomain enumeration, hunt secrets and API keys, test web/API vulns like SQLi/XSS/SSRF/race conditions/OAuth, audit cloud/AD infra misconfigs, exploit chains, triage findings with precision gating, and generate Markdown reports.

Build secure backend services by designing REST/GraphQL APIs, implementing OAuth/JWT authentication, integrating LLMs with RAG pipelines and prompt engineering, and conducting OWASP Top 10 security reviews with threat modeling and vulnerability fixes.

Manage Blumira SIEM security operations by triaging open findings by severity, investigating alerts with evidence and comments, resolving issues with notes, monitoring agent health and device inventory across organizations, overseeing MSP multi-tenant accounts with cross-account queries, and analyzing security posture trends over time.

Manage Checkpoint Harmony Email (Avanan) security via API: triage incidents and threats with IOC extraction, tune DLP/anti-phishing/malware policies, search/release quarantined emails in bulk, and perform threat/policy queries using skills, commands, and remote MCP server.

Configure and manage Duende IdentityServer deployments in ASP.NET Core — OAuth/OIDC flows, token management, BFF security patterns, client/scope setup, signing keys, store customization, and production hardening

Implement agentic commerce flows using the Universal Commerce Protocol across REST, MCP, A2A, and Embedded bindings, including checkout, orders, payments, fulfillment, discounts, identity linking, and autonomous agent payments.

Build and orchestrate agentic commerce payment flows using Google's AP2 protocol — create, sign, and verify verifiable digital credentials, mandates, and transaction steps for autonomous or human-present checkout across multi-agent systems.

Design and audit RESTful APIs following proven patterns from Stripe, GitHub, Twilio, and other leading APIs. Get research-backed guidance on routes, methods, errors, auth, caching, versioning, webhooks, and more, plus automated review of your API against 12 design principles.

Conduct AI-orchestrated pentests on deployed web apps via CLI: run passive recon, discovery of APIs/secrets/cloud backends, scans for injections/auth/business logic/cloud misconfigs/WAFs, optional active exploits with consent, and generate PDF reports with severity-ranked findings and remediations.

Implement Auth0 authentication in Next.js and Express.js apps using patterns for JWT middleware with scopes, permissions, and RBAC; client-side providers, hooks, and protected routes; server sessions; plus M2M flows, token caching, and user/organization management via TypeScript SDKs.