ea715b65de
Synthetic plan.md fixture with source_findings: block-style YAML list of 3 40-char hex IDs in frontmatter, plus minimal plan structure (Title + Implementation Plan + 1 Step + Manifest). 3 tests verify: 1. plan-validator accepts a plan with source_findings (additive optional field) 2. frontmatter parser extracts source_findings as array of strings 3. each ID matches the 40-char lowercase hex format from finding-id.mjs Closes the SC3(b) gap flagged by adversarial review (scope-guardian Gap 2). LLM-level behavior (planner emitting source_findings) remains non-testable without live invocation; this covers the structural contract. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
1.4 KiB
1.4 KiB
| plan_version | source_findings | |||
|---|---|---|---|---|
| 1.7 |
|
Remediation Plan: JWT auth review findings
Generated by ultraplan-local v3.2.0 on 2026-05-01 —
plan_version: 1.7.Synthetic fixture — Handover 6 SC3(b) structural test only.
Context
This synthetic plan is consumed by tests/lib/source-findings.test.mjs to verify
the structural contract of Handover 6: a plan generated from a type: ultrareview
brief carries a source_findings: block-style YAML list of 40-char hex IDs in
its frontmatter. The IDs trace back to the consumed findings in review.md.
This is NOT a runnable plan. It exists only to exercise the parser.
Implementation Plan
Step 1: Fix UNIMPLEMENTED_CRITERION in lib/handlers/login.mjs:23
- Files:
lib/handlers/login.mjs - Changes: Return 401 with WWW-Authenticate header when password mismatch occurs.
- Verify:
node --test tests/handlers/login.test.mjs→ expected: pass. - Checkpoint:
git commit -m "fix(auth): login returns 401 on invalid credentials" - Manifest:
manifest: expected_paths: - lib/handlers/login.mjs min_file_count: 1 commit_message_pattern: "^fix\\(auth\\): login returns 401" bash_syntax_check: [] forbidden_paths: [] must_contain: - path: lib/handlers/login.mjs pattern: "401"