Secure-by-default builder for Claude Code. Use when scaffolding new projects or repos, writing or modifying authentication / authorization / session / password code, file uploads, SSRF-prone server-side fetches, secrets / env handling, deployment configs, Dockerfiles or docker-compose, GitHub Actions / CI workflows, dependency installs (`package.json`, `requirements.txt`, `Cargo.toml`, etc.), or pre-commit / pre-push reviews ("about to commit", "ready to push", "going public"). Skip for routine refactors, renames, typos, doc-only edits in unrelated areas, and pure UI work.
2026-07-11