Kjell Tore Guttormsen
7a90d348ad
Session 5 of voyage-rebrand (V6). Operator-authorized cross-plugin scope. - git mv plugins/ultraplan-local plugins/voyage (rename detected, history preserved) - .claude-plugin/marketplace.json: voyage entry replaces ultraplan-local - CLAUDE.md: voyage row in plugin list, voyage in design-system consumer list - README.md: bulk rename ultra*-local commands -> trek* commands; ultraplan-local refs -> voyage; type discriminators (type: trekbrief/trekreview); session-title pattern (voyage:<command>:<slug>); v4.0.0 release-note paragraph - plugins/voyage/.claude-plugin/plugin.json: homepage/repository URLs point to monorepo voyage path - plugins/voyage/verify.sh: drop URL whitelist exception (no longer needed) Closes voyage-rebrand. bash plugins/voyage/verify.sh PASS 7/7. npm test 361/361.
63 lines
2.2 KiB
Markdown
63 lines
2.2 KiB
Markdown
---
|
|
type: trekreview-synthetic
|
|
review_version: "1.0"
|
|
created: 2026-05-04
|
|
task: "Add JWT authentication with refresh-token rotation"
|
|
slug: jwt-auth-synthetic
|
|
run_id: B
|
|
verdict: WARN
|
|
findings:
|
|
- 44b18cf6b84fcb23ef1d52682504c2edeed24f66
|
|
- f7e307a427154c2c15df4c63eaff6fd846e075a7
|
|
- 31fa81fa5bf9b84c70864ee09aa8d087870c473a
|
|
- bfc0e3a7c1a5b13dbdc6ed8325140100b02db45d
|
|
- be76c6dba12bfd9073b1737de5813e316a158dc6
|
|
- f0928545e7c1dc48796fe857138fab7f100ce8c7
|
|
- 4189ba4236119184017fd26735bfb582706994e9
|
|
- 46f07246ff17c013740c0726b7be9a65fff10c67
|
|
- 5501c54bda4a39df17d66938f4a7fe872e365a0f
|
|
- 0173116735f75aabab36ecec863cb429d2f30528
|
|
- 8f7fc683dc78d3adea8d35221915839702869af0
|
|
- ee986665d695ca46c9a7f0d5c38bab73e73450a9
|
|
- d863b17426ddec54bf7624405f3b64e206a73ed7
|
|
- 64ea0bbf43c44dbf0da53f25755e0112ce2eb08b
|
|
- 6971113644b777a8c164dfd8473739b03d1796be
|
|
- 65f6edb11fed982b921ff018bd0fb1dcd10a1703
|
|
- 9133851cf557f5955301803479936733b296f125
|
|
- ffb170a0d19e4afac6379e64d26485883267bea8
|
|
- 89f990535da373f5e97a091e5bbbf47a777c13d6
|
|
- 664d4ec53e90ef6d24525a85b8d4071bfb037da8
|
|
- 137db625a1ee639698c9e095e25845ef25879599
|
|
- 6e586f167fac4cd57dc8178ceb4ca265a37404dc
|
|
- 24671775282593381af4a8fa77eb3f7a36f9f84e
|
|
- 71dbed32baf440d94f0ccaa6a997a6922cee7679
|
|
- 5de9b2b26d03590845183d42387fcb22007b3f5d
|
|
- c9aca8c3a265e2f083d75ac6da3e6d67909091b9
|
|
- 75f32c9d304b742af2a7bafc354ec3666e53c054
|
|
- 6547dfd19035bc012a50c19f4321fcfc9535fec8
|
|
- a5fbe85476128bb67796ecf97a42065b6a0bf9c4
|
|
- 19ec9d34e1d6560b56f885a5a12ce491354c4b40
|
|
---
|
|
|
|
# Synthetic review run B — JWT authentication with refresh-token rotation
|
|
|
|
Companion to `review-run-A.md`. See run A's body for the determinism
|
|
contract.
|
|
|
|
## Fixture math
|
|
|
|
- A has 30 unique finding-IDs
|
|
- B has 30 unique finding-IDs
|
|
- Intersection (shared IDs): 28
|
|
- Union: 32
|
|
- Jaccard: 28/32 = 0.875 (above 0.833 floor)
|
|
|
|
## Differences from run A
|
|
|
|
- A's last 2 IDs come from `src/auth/jwt.ts:201:rule-1` and
|
|
`src/auth/refresh.ts:55:rule-3`
|
|
- B's last 2 IDs come from `src/auth/jwt.ts:202:rule-1` and
|
|
`src/auth/refresh.ts:56:rule-3`
|
|
|
|
The off-by-one line anchoring models realistic post-edit drift between two
|
|
review runs against subtly different working trees.
|