1. Audit Gap: Client-Side JWT Module 'create-a-jwt' Excluded from Security Review
A critical TypeScript module responsible for generating and displaying JSON Web Tokens (JWTs) was excluded from a recent security audit, creating a significant verification blind spot. The module, named 'create-a-jwt', powers the `/tokens` page but its source code was not part of the audit scope. This omission prevents...