Axiomo

This scan will expire in 7 days. Sign in to save it and build your scan history.

Get this automatically on every PR

Install the Axiomo GitHub App to get Signals as check runs and PR comments on every pull request.

Install App

Risk Assessment

Risk level: Critical (100%)

Risk Drivers

large_diff: Large change: 16772 lines modified
high_file_spread: Touches 98 files
multiple_concerns: Spans 27 directories
touches_authentication: Modifies authentication code

Intent

0/5 criteria met

Implement RBAC with multiple auth providers and new UI components for authentication.

Acceptance Criteria

?
Support for multiple auth providers with SSO and credential flows is implemented
The diff summary shows changes in planning and architecture documentation. No implementation or code changes show multiple auth providers support or SSO and credential flows. Further information from other files is needed.
✗
RBAC and ACL support is functioning as expected
The provided diff does not show any changes to RBAC or ACL functionalities. The files modified appear to be planning and documentation files, without any implementation details directly related to RBAC or ACL features.
?
New authentication-related UI components such as login page and user menu are working
The diff summary lacks changes directly related to UI components like login pages or user menus, making it unclear if the criterion is satisfied.
?
Admin portal and directory sync features are operational
The diff mainly contains planning and documentation files. There are no specific changes shown in the admin portal or directory sync features verifying their operational status.
✗
E2E Playwright tests for auth/RBAC scenarios pass successfully
The diff does not show any changes related to E2E Playwright tests for auth/RBAC scenarios. Only planning and command documents are modified or added.

Confidence: 90.0% Source: pr description AI: openai

Contributors

YujohnNattrass PR Author 87 commits + Trusted

Account Age: 2578 days

Prior PRs: 253

Merged: 199

Trusted contributor with 199 merged PRs. maintains 137 public repositories. unfamiliar with 10 files being modified.

abhiaiyer91 8 commits + Trusted

Account Age: 4889 days

Prior PRs: 600

Merged: 486

Trusted contributor with 486 merged PRs. maintains 168 public repositories. has 411 followers.

rphansen91 5 commits + Trusted

Account Age: 4417 days

Prior PRs: 84

Merged: 71

Trusted contributor with 71 merged PRs. maintains 181 public repositories.

Evidence

Evidence Completeness: 58.0%

ci_passing Failing

build_successful Failing

security_scan_clean Pending

tests_passing Passing

lint_passing Failing

Missing: coverage_maintained

Supply Chain

Elevated Risk

Modifies dependencies

Modifies lockfile

Modifies CI config

Modifies build scripts

New dependencies: @mastra/auth-better-auth, build:auth, @mastra/auth-workos, @workos/authkit-session, lru-cache, @mastra/core, @workos-inc/node, better-auth, test:auth, hono

Focus Files

Focus on 33 critical file(s)

auth/cloud/src/index.test.ts +620

Modifies authentication code; 620 lines changed; New file; Source code

critical

auth/cloud/src/index.ts +317

Modifies authentication code; 317 lines changed; New file; Source code

critical

auth/workos/src/admin-portal.ts +103

Modifies authentication code; 103 lines changed; New file; Source code

critical

auth/workos/src/auth-provider.ts +504

Modifies authentication code; 504 lines changed; New file; Source code

critical

auth/workos/src/directory-sync.ts +307

Modifies authentication code; 307 lines changed; New file; Source code

critical

auth/workos/src/rbac-provider.ts +282

Modifies authentication code; 282 lines changed; New file; Source code

critical

auth/workos/src/types.ts +231

Modifies authentication code; 231 lines changed; New file; Source code

critical

packages/core/src/auth/capabilities.ts +276

Modifies authentication code; 276 lines changed; New file; Source code

critical

packages/core/src/auth/defaults/rbac/static.ts +167

Modifies authentication code; 167 lines changed; New file; Source code

critical

packages/core/src/auth/defaults/roles.ts +243

Modifies authentication code; 243 lines changed; New file; Source code

critical

+88 more files

Triage

240

minutes to review

extensive

effort level

none

staleness risk

Schedule dedicated review time; consider pair review

Recommendation

REQUEST CHANGES 48.0% readiness

Critical risk level requires changes before approval

Next Steps

Concern

Consider breaking into smaller PRs

Concern


                                    auth/better-auth/package.json

Requires security review for authentication changes

Question

Why is coverage_maintained missing? Consider adding this check.

Concern


                                    auth/cloud/src/index.test.ts

Critical file: Modifies authentication code; 620 lines changed; New file; Source code

Concern


                                    auth/cloud/src/index.ts

Critical file: Modifies authentication code; 317 lines changed; New file; Source code

Concern


                                    auth/workos/src/admin-portal.ts

Critical file: Modifies authentication code; 103 lines changed; New file; Source code

Concern


                                    auth/workos/src/auth-provider.ts

Critical file: Modifies authentication code; 504 lines changed; New file; Source code

Concern


                                    auth/workos/src/directory-sync.ts

Critical file: Modifies authentication code; 307 lines changed; New file; Source code