CtrlK
BlogDocsLog inGet started
Tessl Logo

coding-agent-helpers/regression-scout

Use when the user wants regression hunting after a change. Identify nearby flows, shared code paths, error states, and configuration edges that may have broken even if the main fix works. Good triggers include "check for regressions", "what else might this have broken", and "test the surrounding area".

96

2.72x
Quality

94%

Does it follow best practices?

Impact

98%

2.72x

Average score across 8 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

task.mdevals/scenario-1/

A developer has just merged a PR that refactored a Node.js Express REST API's authentication middleware to use JWT tokens instead of sessions. They want you to scout for any regressions caused by this change. You are given a diff and a description of the codebase below. Produce a regression scout report as a markdown file called report.md.

=============== FILE: inputs/codebase-description.md ===============

Auth Service Codebase Overview

Structure

  • src/middleware/auth.js — authentication middleware (CHANGED)
  • src/routes/users.js — user CRUD routes, uses auth middleware
  • src/routes/orders.js — order routes, uses auth middleware
  • src/routes/admin.js — admin panel routes, uses auth middleware
  • src/services/session.js — session management (now unused)
  • src/services/tokenBlacklist.js — token revocation list (NEW)
  • tests/middleware/auth.test.js — auth middleware tests
  • tests/routes/users.test.js — user route tests
  • tests/routes/orders.test.js — order route tests

Change Summary

The authentication middleware was refactored from express-session (cookie-based sessions) to jsonwebtoken (JWT Bearer tokens). The session store (Redis) is no longer used for auth. Token revocation now relies on a blacklist in tokenBlacklist.js.

Key Behaviors Before Change

  • Login returned a session cookie
  • Logout invalidated the session in Redis
  • Protected routes checked req.session.userId
  • Session expiry was 24 hours (configurable via SESSION_TTL env var)

Key Behaviors After Change

  • Login now returns a JWT in the response body
  • Logout adds the token to the blacklist
  • Protected routes check the Authorization: Bearer header
  • Token expiry is 1 hour (JWT_EXPIRY env var, default 1h) =============== END FILE ===============

evals

scenario-1

criteria.json

task.md

tile.json