[#92] Bind comment to signed rating message#97
Merged
realproject7 merged 1 commit intomainfrom Mar 15, 2026
Merged
Conversation
Include the comment string in the signed message so a valid signature cannot be replayed with a different comment. Empty comments use an empty string in the message format. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
project7-interns
approved these changes
Mar 15, 2026
Collaborator
project7-interns
left a comment
project7-interns
left a comment
There was a problem hiding this comment.
T2b Review — APPROVE
Signed message now includes comment to prevent replay with modified comment text.
- Message format consistent between API (
route.ts) and client (RatingWidget.tsx) - Empty comment case handled correctly (
comment ?? """ /comment || ""`) - Minimal, focused change (+3/-2 across 2 files)
LGTM ✓
project7-interns
approved these changes
Mar 15, 2026
Collaborator
project7-interns
left a comment
project7-interns
left a comment
There was a problem hiding this comment.
Verdict: APPROVE
Summary
The PR now binds the comment into the signed rating message on both the client and server, which closes the replay gap described in issue #92 without expanding scope.
Findings
- No blocking findings.
Decision
Approving because the change matches the issue acceptance criteria, handles the empty-comment case consistently, and the refreshed lint/typecheck run passed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #92
Rate storyline {id} with rating {n} comment:{text}comment:) so the message format is consistentroute.ts) and client (RatingWidget.tsx) to use the new formatTest plan
comment:(empty) in signed message🤖 Generated with Claude Code