Perform a security checkpoint on the code changes using OWASP Top 10 (2021) categories. Use this to validate:

- A01-broken-access-control: Authorization enforced, no IDOR, least privilege.
- A02-cryptographic-failures: Secrets protected, encryption used correctly, no plaintext leaks.
- A03-injection: Inputs validated/sanitized, safe query/command construction.
- A04-insecure-design: Threats considered, risky flows redesigned.
- A05-security-misconfiguration: Safe defaults, no debug leakage, secure headers/config.
- A06-vulnerable-and-outdated-components: Dependencies checked/updated, avoid known CVEs.
- A07-identification-and-authentication-failures: Strong auth/session handling, no weak patterns.
- A08-software-and-data-integrity-failures: Trusted updates, signed artifacts, safe pipelines.
- A09-security-logging-and-monitoring-failures: Security events logged, alerts possible.
- A10-server-side-request-forgery: SSRF protections on outbound requests, allowlists where needed.

This tool creates a security checkpoint report. Each check should be documented
with whether it passed and any notes about what was verified or improved.

Use this BEFORE marking tasks as complete to ensure code meets security standards.