SecondaryAuthFlow.tsx:197 derives the session ID via (authSession as unknown as Record<string, unknown>).id as string, defeating type checking and accepting arbitrary session shapes. Type the fallback field on the AuthSession model (or normalize sessionId/id upstream) instead of double-casting. (Source: docs/archive/AUDIT_REPORT_2026-04-16.md P0 #4 — still present on HEAD.)
SecondaryAuthFlow.tsx:197derives the session ID via(authSession as unknown as Record<string, unknown>).id as string, defeating type checking and accepting arbitrary session shapes. Type the fallback field on the AuthSession model (or normalizesessionId/idupstream) instead of double-casting. (Source: docs/archive/AUDIT_REPORT_2026-04-16.md P0 #4 — still present on HEAD.)