Security Review Pack

Cloud security and compliance covering IAM policies, network segmentation, secrets management, encryption, container security, logging, and audit across AWS, GCP, and Azure.

Application security hardening covering OWASP ASVS, secure coding patterns, DevSecOps pipelines, dependency scanning, secrets management, and security headers.

GDPR, CCPA/CPRA, and HIPAA compliance implementation covering lawful processing, consent management, privacy impact assessments, data subject rights, and breach notification protocols.

NEAR Protocol JSON-RPC integration. 27 actions covering account state, access keys, contract storage and code, view function calls, blocks, chunks, validators, transaction lifecycle, gas and protocol config, state changes, network status, and light-client proofs. No credentials required for read actions.

Output evaluation, hallucination detection, bias assessment, red-teaming, guardrails, content filtering, and EU AI Act compliance for AI systems.

Open source license evaluation, compatibility analysis, SBOM generation, CLA/DCO workflows, and compliance auditing across permissive and copyleft licenses.

WCAG 2.2 compliance guide covering POUR principles, semantic HTML, keyboard navigation, ARIA patterns, contrast ratios, and screen reader testing.

Threat modeling and security architecture using STRIDE, DREAD, attack trees, data flow diagrams, trust boundaries, and risk-driven control selection.

Smart contract security auditing covering vulnerability taxonomy, static analysis, invariant testing, formal verification, exploit pattern analysis, and remediation for EVM and NEAR.

Authorized penetration testing methodology covering reconnaissance, enumeration, exploitation, privilege escalation, and reporting with OWASP Top 10 focus.

Polymarket public market intelligence integration for IronClaw. Reads markets, events, tags, sports, orderbooks, prices, positions, leaderboards, profiles, and comments across the Polymarket prediction-market platform. No authentication required.

Architect high-performing email campaigns with list segmentation, subject line optimization, drip sequence design, A/B testing, automation workflows, deliverability management, and CAN-SPAM/GDPR compliance.

Brand voice documentation including tone attributes, vocabulary guidelines, audience personas, messaging pillars, and voice consistency audits.

Production TypeScript guidance covering strict type system, advanced generics, discriminated unions, type narrowing, Zod validation, and type-safe database access.

Docker Compose stacks, media servers, home automation, monitoring, backup strategies, and privacy-focused self-hosted services.

Production Python guidance covering type safety, Pydantic v2, FastAPI services, async patterns, pytest testing, virtual environments, and performance profiling.

Systematic code review methodology covering security vulnerabilities, performance bottlenecks, SOLID principles, refactoring techniques, and PR review workflows.

Apply Modern Portfolio Theory, tactical rebalancing, risk metrics, Kelly criterion position sizing, and tax optimization to portfolios from $50K to $5M.