Skip to content

Add skill notes on using JWT auth#78

Open
andrewmumblebee wants to merge 3 commits into
mainfrom
work/ah/skill-jwt-auth
Open

Add skill notes on using JWT auth#78
andrewmumblebee wants to merge 3 commits into
mainfrom
work/ah/skill-jwt-auth

Conversation

@andrewmumblebee

@andrewmumblebee andrewmumblebee commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

📋 Summary

Adds guidance for LLMs on how to use the newly added JWT auth handling


🔍 Scope of change

  • Documentation only
  • Repository metadata or configuration
  • CI / automation
  • Other (please describe):

📚 Checklist

Summary by CodeRabbit

  • Documentation
    • Expanded authentication guidance to include JWT Bearer sign-in options.
    • Added details on supported JWT setup variants, including symmetric and asymmetric signing.
    • Clarified JWT configuration rules and request-time behavior.
    • Documented additional JWT options for token placement, header format, and dynamic values.
    • Minor wording cleanup in the text input guidance.

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: d04d104f-3d16-4ad5-9cd3-f7345865283c

📥 Commits

Reviewing files that changed from the base of the PR and between 51a3ab8 and 679e7c6.

📒 Files selected for processing (2)
  • .claude/skills/build-plugin/references/metadata.md
  • .claude/skills/build-plugin/references/ui.md

📝 Walkthrough

Walkthrough

Documentation-only changes across three build-plugin skill files: added a JWT Bearer authentication pattern to the checklist and metadata reference, including HMAC/asymmetric signing options and advanced JWT configuration, plus a minor punctuation fix in the UI field reference.

Changes

JWT Bearer Documentation

Layer / File(s) Summary
JWT Bearer auth pattern documentation
.claude/skills/build-plugin/SKILL.md, .claude/skills/build-plugin/references/metadata.md, .claude/skills/build-plugin/references/ui.md
Adds JWT Bearer to the auth pattern checklist item, documents HMAC-signed (jwtSecret) and asymmetric-signed (jwtPrivateKey) JWT configuration with mutual exclusivity and no caching/refresh behavior, documents advanced options (jwtTokenLocation, jwtQueryParamName, jwtSecretIsBase64, jwtHeaderPrefix, jwtHeaders) and template expression evaluation, and removes a trailing colon in the password field description.
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately reflects the main change: adding JWT auth guidance to the skill notes.
Description check ✅ Passed The description is mostly complete: it states the docs-only scope, summarizes the JWT auth guidance, and includes a checklist.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.claude/skills/build-plugin/references/metadata.md:
- Around line 187-188: The metadata docs for jwtTokenLocation currently present
"queryParam" as a neutral option, but it should be clearly marked as last-resort
because tokens can leak through URLs. Update the jwtTokenLocation and
jwtQueryParamName guidance in the metadata reference to warn that query-param
JWT transport is less secure than header-based transport and should only be used
when unavoidable, while keeping the header option as the default recommendation.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: ac457762-aeef-4a1d-bef1-04ffded5aac3

📥 Commits

Reviewing files that changed from the base of the PR and between 05aeeab and 51a3ab8.

📒 Files selected for processing (3)
  • .claude/skills/build-plugin/SKILL.md
  • .claude/skills/build-plugin/references/metadata.md
  • .claude/skills/build-plugin/references/ui.md

Comment thread .claude/skills/build-plugin/references/metadata.md
andrewmumblebee and others added 2 commits July 3, 2026 13:18
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
@andrewmumblebee andrewmumblebee requested a review from clarkd July 3, 2026 12:20
@andrewmumblebee andrewmumblebee marked this pull request as ready for review July 3, 2026 12:20
@andrewmumblebee andrewmumblebee requested a review from a team July 3, 2026 12:20
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

🧩 Plugin PR Summary

ℹ️ No plugins were modified in this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant