///
///

CAVESTACK.

Why use many word when few do?

Claude Code skills that prevent bad work before it ships. 40 skills. Caveman voice. Finished product.

$ curl -fsSL https://cavestack.jerkyjesse.com/install | sh
sha256-verified install · zero telemetry · MIT
see benchmarks characters saved on 10-task benchmark · methodology →
GITHUB METHODOLOGY BEFORE / AFTER ALL SKILLS ISSUES

Before / After

Same /review. Same patch. Watch the difference.

Default verbose
# patch /review

Analyzing your changes...

I'll review the changes in auth/middleware.ts and provide
comprehensive feedback on the implementation.

## Summary

This pull request modifies the authentication middleware
to add token expiry validation. The changes look generally
good, but I have several observations and recommendations
that I'd like to share with you.

## Detailed Analysis

### Finding 1: Token Expiry Check (Medium)

In auth/middleware.ts:47, the token expiry comparison
uses a strict less-than operator (<) when it should
use less-than-or-equal-to (<=). This means tokens
that expire at exactly the current timestamp will
incorrectly be treated as valid.

Recommendation: Change the comparison operator from
< to <= to ensure tokens are invalidated at exactly
their expiry time.

### Finding 2: Missing Error Context (Low)

The error response at line 52 returns a generic 401
without diagnostic information. Consider adding a
"reason" field to the error response.

## Overall Assessment

The changes demonstrate a solid understanding of the
authentication flow. With the operator fix applied,
this should be ready to merge.
CaveStack (caveman mode)
# patch /review

## Findings: 2

1. auth/middleware.ts:47 — token expiry check
   use < not <=. Token at exact expiry time
   passes validation. Fix:

   - if (token.exp < now) {
   + if (token.exp <= now) {

2. auth/middleware.ts:52 — 401 response
   missing reason field. Add:

   { error: "unauthorized", reason: "token_expired" }

Status: Fix #1, merge.
187 fewer words (82% less)
SIX FEATURED SKILLS

Think before code.

Six judgment-layer skills prevent bad work before it ships. 34 more under /skills.

/office-hours
Six forcing questions. Kill bad ideas before you build.
/investigate
Root-cause systematic debug. Reproduce, isolate, diagnose, fix.
/plan-eng-review
Architecture gate. Finds hidden coupling, tests, failure modes.
/plan-design-review
UI/UX audit before implementation. Kills slop patterns early.
/plan-devex-review
Developer experience critique. Finds friction in your tooling.
/cso
Security audit: OWASP Top 10, STRIDE, supply chain.
34 more skills ship with CaveStack. /ship /review /qa /checkpoint /health /retro /document-release /land-and-deploy /autoplan /codex /browse · · ·
Run any by full name, or type /help inside Claude Code to list them. No flag needed. see all →

Keep all gstack functionality. Upgrade it. Ship it finished.

How It Work

Two grunt. That all.

1
Install
One line. Auto-detect bun. No signup.
curl -fsSL https://cavestack.jerkyjesse.com/install | sh
2
Open Claude Code
Caveman active. Try /help or /office-hours. Done.
claude # caveman hooks fire on SessionStart

Already have gstack/cavestack? /cavestack-upgrade handles the migration.

Caveman Control

Three intensity. Pick grunt level.

/caveman lite
Lite
Gentle compression. Drop filler words. Keep articles.
"The bug is in the authentication
middleware. Token expiry check
uses wrong operator."
/caveman full
Full
Classic caveman. Fragments OK. No articles. Short synonyms.
"Bug in auth middleware. Token
expiry check use wrong operator."
/caveman ultra
Ultra
Maximum grunt. Fragments only. Bare minimum.
"auth middleware:47. Token expiry.
< not <=. Fix."