coding-agent-helpers/skeptic-verifier

Use when the user wants an adversarial double-check of a code or config change. Run the strongest checks available, try to break the claim, look for edge cases and hidden regressions, and return PASS, PARTIAL, or FAIL with evidence. Good triggers include "poke holes in this", "stress test this change", "double check this fix", and "try to break it".

1.30x

Quality

94%

Does it follow best practices?

Impact

81%

1.30x

Average score across 8 eval scenarios

Securityby

Passed

No known issues

Verify the Browser Session Persistence Fix

Name: coding-agent-helpers/skeptic-verifier
Rating: 84.89999999999999 (1 reviews)
Author: coding-agent-helpers

Problem/Feature Description

A frontend developer claims to have fixed an issue where authenticated users were randomly getting logged out when switching between browser tabs. The fix modifies the session token refresh logic in the client-side authentication module to use the BroadcastChannel API, allowing all open tabs to share token refresh events without each tab independently triggering a logout.

The QA team tested it in Chrome and it appeared to work, but a customer reported the issue still happening in Safari on iOS. The engineering lead wants an adversarial review of the fix before closing the bug, specifically to assess whether the approach actually solves the multi-tab problem or whether it introduces new failure modes.

Output Specification

Write your analysis to verification_report.md. Include how you approached the verification, what evidence you were able to gather, and a final verdict with your reasoning.

Input Files

The following files are provided as inputs. Extract them before beginning.

=============== FILE: src/auth_session.js =============== /**

AuthSession — manages token refresh across browser tabs using BroadcastChannel.
Fix: previously each tab refreshed independently; now tabs coordinate via a shared channel. */ class AuthSession { constructor(tokenStore, apiClient) { this.tokenStore = tokenStore; this.apiClient = apiClient; this.channel = new BroadcastChannel('auth_session'); this.refreshInProgress = false;

this.channel.onmessage = (event) => { if (event.data.type === 'TOKEN_REFRESHED') { this.tokenStore.setToken(event.data.token); this.refreshInProgress = false; } if (event.data.type === 'LOGOUT') { this.tokenStore.clear(); } }; }

async getValidToken() { const token = this.tokenStore.getToken(); if (!token) return null;

if (this.isExpiringSoon(token) && !this.refreshInProgress) {
  this.refreshInProgress = true;
  try {
    const newToken = await this.apiClient.refreshToken(token);
    this.tokenStore.setToken(newToken);
    this.channel.postMessage({ type: 'TOKEN_REFRESHED', token: newToken });
    return newToken;
  } catch (err) {
    this.refreshInProgress = false;
    throw err;
  }
}

return token;

}

isExpiringSoon(token) { // Token is a JWT; check exp claim try { const payload = JSON.parse(atob(token.split('.')[1])); const expiresIn = payload.exp - Math.floor(Date.now() / 1000); return expiresIn < 60; // refresh if expiring within 60 seconds } catch { return true; // treat malformed token as expiring } }

logout() { this.tokenStore.clear(); this.channel.postMessage({ type: 'LOGOUT' }); } }

evals

scenario-1

scenario-2

scenario-3

scenario-4

criteria.json

task.md

scenario-5

scenario-6

scenario-7

scenario-8

skills

tile.json

coding-agent-helpers/skeptic-verifier

task.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-4/

Verify the Browser Session Persistence Fix

Problem/Feature Description

Output Specification

Input Files

task.mdevals/scenario-4/