1.4 KiB
1.4 KiB
| plan_version | source_findings | |||
|---|---|---|---|---|
| 1.7 |
|
Remediation Plan: JWT auth review findings
Generated by ultraplan-local v3.2.0 on 2026-05-01 —
plan_version: 1.7.Synthetic fixture — Handover 6 SC3(b) structural test only.
Context
This synthetic plan is consumed by tests/lib/source-findings.test.mjs to verify
the structural contract of Handover 6: a plan generated from a type: ultrareview
brief carries a source_findings: block-style YAML list of 40-char hex IDs in
its frontmatter. The IDs trace back to the consumed findings in review.md.
This is NOT a runnable plan. It exists only to exercise the parser.
Implementation Plan
Step 1: Fix UNIMPLEMENTED_CRITERION in lib/handlers/login.mjs:23
- Files:
lib/handlers/login.mjs - Changes: Return 401 with WWW-Authenticate header when password mismatch occurs.
- Verify:
node --test tests/handlers/login.test.mjs→ expected: pass. - Checkpoint:
git commit -m "fix(auth): login returns 401 on invalid credentials" - Manifest:
manifest: expected_paths: - lib/handlers/login.mjs min_file_count: 1 commit_message_pattern: "^fix\\(auth\\): login returns 401" bash_syntax_check: [] forbidden_paths: [] must_contain: - path: lib/handlers/login.mjs pattern: "401"