open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/voyage/tests/fixtures/trekreview/plan-with-source-findings.md
Kjell Tore Guttormsen 7a90d348ad feat(voyage)!: marketplace handoff — rename plugins/ultraplan-local to plugins/voyage [skip-docs] 
Session 5 of voyage-rebrand (V6). Operator-authorized cross-plugin scope.

- git mv plugins/ultraplan-local plugins/voyage (rename detected, history preserved)
- .claude-plugin/marketplace.json: voyage entry replaces ultraplan-local
- CLAUDE.md: voyage row in plugin list, voyage in design-system consumer list
- README.md: bulk rename ultra*-local commands -> trek* commands; ultraplan-local refs -> voyage; type discriminators (type: trekbrief/trekreview); session-title pattern (voyage:<command>:<slug>); v4.0.0 release-note paragraph
- plugins/voyage/.claude-plugin/plugin.json: homepage/repository URLs point to monorepo voyage path
- plugins/voyage/verify.sh: drop URL whitelist exception (no longer needed)

Closes voyage-rebrand. bash plugins/voyage/verify.sh PASS 7/7. npm test 361/361.
2026-05-05 15:37:52 +02:00

1.4 KiB
Raw Blame History

plan_version source_findings
1.7
763d174e6c519fafbadcba5d1706708479e36e61
d2d0e27875ae9ef0d818cb08bb6f14e6d33c4232
7861519c326c207aabf17072db51c469bebc217b

Remediation Plan: JWT auth review findings

Generated by trekplan v3.2.0 on 2026-05-01 — plan_version: 1.7.

Synthetic fixture — Handover 6 SC3(b) structural test only.

Context

This synthetic plan is consumed by tests/lib/source-findings.test.mjs to verify the structural contract of Handover 6: a plan generated from a type: trekreview brief carries a source_findings: block-style YAML list of 40-char hex IDs in its frontmatter. The IDs trace back to the consumed findings in review.md.

This is NOT a runnable plan. It exists only to exercise the parser.

Implementation Plan

Step 1: Fix UNIMPLEMENTED_CRITERION in lib/handlers/login.mjs:23

  • Files: lib/handlers/login.mjs
  • Changes: Return 401 with WWW-Authenticate header when password mismatch occurs.
  • Verify: node --test tests/handlers/login.test.mjs → expected: pass.
  • Checkpoint: git commit -m "fix(auth): login returns 401 on invalid credentials"
  • Manifest: 
    manifest:
  expected_paths:
    - lib/handlers/login.mjs
  min_file_count: 1
  commit_message_pattern: "^fix\\(auth\\): login returns 401"
  bash_syntax_check: []
  forbidden_paths: []
  must_contain:
    - path: lib/handlers/login.mjs
      pattern: "401"