Intent-Code Divergence
Medium
- Confidence
- 97% confidence
- Finding
- The report asserts that POST /participants is a working endpoint even though the only documented result is an anonymous insert blocked by RLS with HTTP 401. This is dangerous because it misrepresents a failed authorization-path test as success, which can mislead users into trusting unverified write behavior and deploying or operating against production with incorrect security assumptions.
