Surface
Join the Waitlist

Development velocity has outpaced review capacity.
Surface closes the gap.

Open

Refactor auth + rate limiting + session handling

#847·acme-bot·feat/auth-overhaulmain
Conversation12
Commits8
Files changed47
Checks
Showing 47 changed files with 1,404 additions and 381 deletions
src/middleware/auth.ts
+18241
src/config/rate-limit.ts
+8912
src/handlers/session.ts
+347198
src/lib/crypto.ts
+21887
tests/integration.test.ts
+4120
src/lib/validators.ts
+15643
Review surface: 10 files · +202 54
Auth middleware refactor3 files
+428
Approved
Rate limiting config1 file
+153
Approved
Session handling overhaul4 files
+8931
Needs review
Crypto implementation2 files
+5612
Needs review

surface / context

Agentic development demands continuity.

01

Agents lack shared memory

Agentic tools collapsed the cost of writing code, but agents do not carry design decisions forward. Without continuity, work on one task contradicts choices made in another.

02

The codebase becomes the source of truth

Prior decisions must live in the code itself. Tasks build directly on top of each other so accumulated context keeps each agent consistent.

03

Stopping means losing context

Breaking to wait for review means the next task loses its foundation. Developers keep moving to preserve the continuity their agents depend on.

04

Changesets grow by design

Task A flows into B, then C, then D, all on a single evolving branch. The coupling is intentional. The changesets grow massive.

surface / workflow

Code continuously, review with precision

Terminal
~ % |

The continuous workflow

Surface imposes review structure after development, not before.

review stack
1
Auth middleware refactorApproved
middleware/auth.ts
2
Rate limiting configurationApproved
config/rate-limit.ts
3
Session handling overhaulIn review
handlers/session.ts, lib/crypto.ts
4
Integration test coveragePending
tests/integration.test.ts

One concern per review

Decomposition scopes each review to a single concern and restores the rigor that large changesets erode.

triage results
Auth middleware refactor3 files
Pass through
Rate limit configuration2 files
Pass through
Session token signing4 files
Human review
Crypto layer changes2 files
Human review
Integration test coverage1 file
Pass through

Intelligent triage

Surface passes low-risk changes through automatically and concentrates human attention where it carries consequence.

review unit #3
SummaryReplaces the stateless session validator with a signed-token approach. Introduces HMAC verification in the crypto layer and updates all session read paths to validate signatures before granting access.
RationalePrior implementation trusted session IDs without verifying integrity. Signed tokens prevent session forgery at the middleware boundary without requiring a database lookup on every request.
Dependencies
#1 Auth#2 Rate limit#3 Session

Generated context

Summaries, rationale, and dependency diagrams orient reviewers before they read a single line of code.

Code without speed limits.

We'll handle the rest.

Get started