joelbyford · joelbyford · Mar 5, 2026 · Feb 27, 2026 · Mar 5, 2026 · Mar 5, 2026
diff --git a/.github/prompts/review.security.md b/.github/prompts/review.security.md
@@ -0,0 +1,9 @@
+# Overall Review (ask mode)
+```
+Reviewing this project, are there any major or minor security concerns with how it's written?  Anything I should consider doing differently?
+```
+
+# Plan for change (plan mode)
+```
+Can you create a plan for mitigating the major issues and can you create it as an execution-ready checklist but be sure it is added to the .gitignore so it is not pushed to the main repo.
+```
diff --git a/.github/workflows/PublishNugetArtifact.yml b/.github/workflows/PublishNugetArtifact.yml
@@ -0,0 +1,54 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Manually Publish NuGet.org
+
+# Controls when the workflow will run
+on:
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  id-token: write   # REQUIRED for OIDC
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v4
+
+      # Get the latest version tag to duplicate it in the nuget package
+      - uses: oprypin/find-latest-tag@v1
+        with:
+          repository: joelbyford/BasicAuth  # The repository to scan.
+          releases-only: true  # We know that all relevant tags have a GitHub release for them.
+        id: latesttag  # The step ID to refer to later.
+
+      # Install DotNet SDK
+      - name: Setup dotnet 10.x
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: 10.x
+
+      # Restore Dependancies (can be omitted if you remove --no-restore on build step)
+      - name: Restore package dependencies
+        run: dotnet restore
+
+      # Build the project
+      - name: dotnet build
+        run: dotnet build --no-restore --configuration Release
+
+      # Pack the project for Nuget
+      - name: dotnet pack
+        if: success()  # this should be implied, but adding just to be sure this runs only when the previous steps are successfull
+        run: dotnet pack -v normal -c Release --no-restore --include-source -p:PackageVersion=${{ steps.latesttag.outputs.tag }} -o ${{env.DOTNET_ROOT}}/myapp
+
+      # Upload the artifact to NuGet.org
+      - name: dotnet nuget push
+        run: dotnet nuget push ${{env.DOTNET_ROOT}}/myapp/*.nupkg --source https://api.nuget.org/v3/index.json --skip-duplicate
diff --git a/.github/workflows/pr-harness-bash-test.yml b/.github/workflows/pr-harness-bash-test.yml
@@ -0,0 +1,67 @@
+name: PR Harness Bash Test
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+jobs:
+  harness-bash-test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup .NET 10 SDK
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: 10.0.x
+
+      - name: Restore harness dependencies
+        run: dotnet restore harness/BasicAuthHarness/BasicAuthHarness.csproj
+
+      - name: Build harness project
+        run: dotnet build harness/BasicAuthHarness/BasicAuthHarness.csproj --configuration Release --no-restore
+
+      - name: Start harness
+        shell: bash
+        run: |
+          dotnet run --project harness/BasicAuthHarness/BasicAuthHarness.csproj --configuration Release --no-build --urls "http://localhost:5057" > harness.log 2>&1 &
+          echo "HARNESS_PID=$!" >> "$GITHUB_ENV"
+
+      - name: Wait for harness readiness
+        shell: bash
+        run: |
+          for i in {1..30}; do
+            status="$(curl -s -o /dev/null -w "%{http_code}" -X POST "http://localhost:5057/bogus" -H "X-Forwarded-Proto: https" || true)"
+            if [ "$status" = "401" ]; then
+              echo "Harness is ready"
+              exit 0
+            fi
+            sleep 1
+          done
+
+          echo "Harness did not become ready in time"
+          cat harness.log || true
+          exit 1
+
+      - name: Run bash auth assertions
+        shell: bash
+        run: bash harness/BasicAuthHarness/testing/test-auth.sh
+
+      - name: Print harness log on failure
+        if: failure()
+        shell: bash
+        run: cat harness.log || true
+
+      - name: Stop harness
+        if: always()
+        shell: bash
+        run: |
+          if [ -n "${HARNESS_PID:-}" ]; then
+            kill "$HARNESS_PID" || true
+          fi