Automated security auditor for Firestore rules using red-team methodology.

• Evaluates rules against a mandatory checklist covering update bypasses, authority sources, business logic alignment, resource exhaustion, and type safety
• Identifies vulnerabilities across six critical dimensions: privilege escalation, data integrity, PII exposure, validation inconsistencies, and access control gaps
• Scores findings on a 1–5 scale (critical to secure) with detailed recommendations for each issue discovered
• Includes special handling for admin bootstrapping patterns to avoid false positives on legitimate hardcoded admin email checks