Source-backed rules for reviewing remote MCP server authorization boundaries: protected resource metadata, OAuth resource indicators, token audience checks, least-privilege scopes, and cross-server token isolation.

Source-backed rules for AI coding assistants that must avoid exposing, copying, logging, committing, or normalizing secrets while editing code, configs, tests, prompts, documentation, and CI workflows.

Source-backed rules for reviewing AI-generated frontend UI changes for accessibility before merge, with semantic HTML, keyboard paths, focus management, labels, automated scan limits, manual checks, and privacy-safe evidence.

Source-backed rules for requiring coding agents to provide fresh, scoped, and reviewer-visible test evidence before a pull request can be approved or merged.

Source-backed rules for AI workflow directories that need to classify commercial, sponsored, affiliate, vendor-authored, and thin promotional submissions before they enter the ordinary editorial content queue.

Source-backed rules for preparing direct content-only pull requests with one raw MDX file, reachable provenance URLs, issue closure, duplicate history, validation evidence, and no generated artifact churn.

Source-backed rules for contributor pull requests that need clear commit messages, release-note-ready changelog entries, issue links, breaking-change markers, and privacy-safe history.

Source-backed rules for reviewing dependency update pull requests with supply-chain context, lockfile discipline, advisory checks, compatibility evidence, and privacy-safe metadata handling.

Source-backed rules for public AI workflow registries that need to keep directory entries, source links, version claims, examples, install guidance, compatibility notes, and last-reviewed metadata fresh enough to trust.

Source-backed rules for registry repositories that must keep contributor PRs focused on source files while generated indexes, feeds, downloads, search data, README output, and previews are rebuilt by trusted automation.

Source-backed rules for deciding when an AI-assisted code review must escalate high-risk changes to security, infrastructure, data, release, or domain owners before merge.

Source-backed rules for safely connecting MCP servers that expose local tools, resources, prompts, roots, transports, credentials, files, and logs to AI clients during active development sessions.

Source-backed rules for AI workflow directories that need consistent privacy metadata before accepting entries that touch prompts, files, local tools, hosted services, telemetry, generated artifacts, or personal data.

Source-backed rules for reviewing production database migrations before merge with lock-risk checks, expand-contract rollout, backfill controls, rollback limits, and privacy-safe migration evidence.

Source-backed rules for AI coding agents that propose, compose, review, or run shell commands during coding sessions where quoting, expansion, command injection, file writes, network calls, and destructive operations can cause harm.

Source-backed rules for reviewing TypeScript API client compatibility before merge, with exported type-surface diffs, inferred router inputs and outputs, runtime validator alignment, downstream compile checks, and privacy-safe evidence.

API-first development expert with OpenAPI/Swagger schema design, tRPC type-safe procedures, REST best practices, GraphQL federation, and contract-driven development for scalable backend architectures.

Monorepo workspace management expert with Turborepo, pnpm workspaces, Nx integration, package coordination, and cross-package dependency optimization for scalable multi-package repositories.

Test-driven development expert enforcing red-green-refactor cycles, Vitest/Jest configuration, test coverage requirements, mocking strategies, and test-first coding discipline for robust software development.

Biome linting rules configuration for code quality validation. Strict enforcement, custom overrides, VCS integration, and automated fixes for TypeScript.

Expert in AI prompt engineering for Claude Code and Claude Desktop, focusing on coding tasks, test-driven development patterns, iterative refinement, and context management for optimal AI assistance

Expert in GraphQL Federation architecture for microservices, specializing in Apollo Federation, schema composition, and distributed graph patterns

Expert in Kubernetes DevSecOps with GitOps workflows, pod security standards, RBAC, secret management, and automated security scanning for production clusters

Expert in Next.js 15 performance optimization with Turbopack, partial prerendering, advanced caching strategies, and Core Web Vitals excellence

React 19 concurrent features specialist with useTransition, useDeferredValue, Suspense boundaries, streaming SSR, and selective hydration patterns

Expert in React Server Components (RSC) with React 19 and Next.js 15, specializing in server-first rendering patterns, data fetching strategies, and streaming architectures

Security-first React component architect with XSS prevention, CSP integration, input sanitization, and OWASP Top 10 mitigation patterns

Expert in Terraform infrastructure as code with AI-assisted generation, modular patterns, state management, and multi-cloud deployments

TypeScript 5.x strict mode expert with template literal types, strict null checks, type guards, and ESLint integration for enterprise-grade type safety

Expert in WCAG 2.2 Level AA accessibility compliance, automated testing tools, ARIA patterns, and inclusive design for web applications