Software Development
Intelligent PR Composer
Generates pull request descriptions that capture context, alternatives considered, test plan, risk areas, and reviewer guidance beyond a simple diff summary. Useful for teams that want senior-quality PRs without manual authoring. Engineers shipping non-trivial PRs, tech leads who want a consistently high review experience, teams with distributed reviewers who cannot fall back on in-person context. every reviewer, every future archaeologist, and every post-incident investigator reads them. But most PRs get a one-line "what changed" description written from the exhausted tail end of the author's attention. The best engineers write PRs that include the motivation, what alternatives they ruled out, how to test the change, what could go wrong, and where the reviewer should look hardest. That quality is not hard to produce if you have the source material — it is just tedious. A structured composer turns the available material (diff, commits, related issues, session context) into the PR a senior engineer would write.
One-Time Purchase
$19.99
Refactor auth token refresh to use sliding expiration
Summary
Replaces the fixed 1-hour token TTL with sliding expiration that resets on activity. Extracts the refresh policy from AuthMiddleware into a dedicated TokenRefreshService so it can be tested in isolation. Behavior is gated behind a token_refresh_policy feature flag defaulting to fixed, so deploy is a no-op until the flag is flipped per environment. Closes #1847.
Why this change
The current fixed-TTL approach logs ~340 forced logouts per day for users in long-running workflows (reported in #1847). The root cause is that AuthMiddleware refreshes the token only on initial validation, not on subsequent requests within the window.
This was deferred during the original auth implementation (see ADR-012) with a note to revisit once session analytics were available. We now have 30 days of data confirming the pattern.
Alternatives considered
Extend fixed TTL to 4 hours — Reduces logouts but doesn't eliminate them for day-long sessions; widens the blast radius if a token is compromised. Rejected.
Refresh on every request — Correct UX but adds a Redis write on every authenticated endpoint (~4ms p99 overhead under load). Sliding expiration achieves the same outcome with ~60% fewer writes. Rejected in favor of sliding window.
What changed
File-by-file
| Review area | Status | Why it matters |
|---|---|---|
| Behavior flag | Safe default | Deploy is a no-op until enabled |
| Redis writes | Monitor | Sliding refresh adds write load |
| Auth path | Reviewer focus | Mistakes affect active sessions |
Test plan
- Unit (
token-refresh.service.spec.ts) — window expiry, threshold not-yet-reached, threshold exactly at boundary, clock-skew tolerance - Unit (
auth.middleware.spec.ts) — verifies middleware delegates correctly and does not call Redis directly - Manual — enabled
slidingflag in local dev; session persists across a 90-minute workflow without re-login - Reviewer action needed: integration test against staging Redis once the flag is flipped — see rollout note below
Risk areas for reviewers
token-refresh.service.ts lines 44–67
The threshold guard (remainingTtl < thresholdSeconds) must be evaluated after fetching current TTL from Redis, not from the in-memory request timestamp. A race condition here could cause double-refresh under high concurrency. Please verify the ordering before approving.
config/feature-flags.yaml
Default is intentionally fixed to preserve current behavior on deploy. If this file is cached by the config service at startup, a deploy without restart will not pick up a flag flip. Confirm with the platform team before staging test.
auth.module.ts scoping
TokenRefreshService is registered as request-scoped. If accidentally changed to singleton, sliding state will leak across users. Worth a second look on the module registration.
Rollout
This change touches production auth paths
Roll out behind the flag. Do not flip in production until staging soak is clean.
Rollout sequence
Related
- Closes #1847
- Refs ADR-012:
docs/adr/012-session-management.md - Follow-up: #1902 (flag removal)
This sample illustrates the skill's output format. File paths and PR numbers are illustrative.
View full sample →
All sales final. No refunds on digital products.
Includes support for Claude Code, Codex, OpenClaw, and Google Antigravity in the same license.
Also in Code Generation & Review
Bundle price: $44. Compare this skill with the full workflow bundle or Pro access.
Best for
Engineers shipping non-trivial PRs (>200 lines, multiple files, or architecture-touching changes) where the reviewer will need motivation, alternatives considered, and a real test plan to do a useful review. Especially valuable for distributed teams where the reviewer can’t walk over to the author’s desk.
Not ideal for
Tiny fixes, dependency bumps, and pure-formatting PRs where a one-line description is more honest than a structured composition. Also a poor fit when the change is highly speculative and the author wants a fast sanity-check from a peer rather than a full ceremony review.
Included in this purchase
- Claude Code, Codex, OpenClaw, and Google Antigravity skill files.
- Setup guidance for the right adapter in your workspace.
- One-time license for the purchased skill version.
Setup
Plan for a short setup in the repository or workspace where the skill will run. Some coding familiarity helps for implementation-heavy outputs.
Related Skills
$19.99
One-time license
$19.99
One-time license
$19.99
One-time license
Future Updates
This purchase includes the current version of the skill. If you want future adapter updates — meaning compatibility and packaging updates as supported platforms evolve — plus new catalog additions included automatically, upgrade to Pro.