Below is a real Ovi QA analysis — the same comment that lands on your team's PRs and Linear tickets. No signup, no demo gate.
github.com/acme/web · feat(checkout): persist cart across sessions · #412
Openfeat(checkout): persist cart across sessions#412
opened by @sarah-eng · 3 commits · +247 / -82 across 8 files
O
oviai-by-firstqa Bot
QA Analysis – by Ovi (the AI QA)
✅ Analyzing 3 commits across 8 files in this PR.
🎯 Pulse
Metric
Value
Details
Decision
⏸ Hold
2 medium-severity issues — see Bugs & Risks below
Risk
Medium
Cart-persistence touches auth state + cross-session data
Impact
Checkout, cart, session, anonymous-user flow
🔍 Bugs & Risks
🐛 Cart not cleared on logout checkout/CartProvider.tsx:142
Severity: P0 — privacy leak. When user A logs out and user B logs in on the same browser, A's cart items persist in B's session via the localStorage cart_state key. The logout handler clears auth tokens but not the cart provider state.
Severity: P1. When an anonymous user adds items and then signs in, the new code overwrites their server-side saved cart instead of merging. Existing customers who built up a cart before logging in will lose those items.
🧪 Test Recipe
Scenario
Expected
Priority
Anonymous user adds item → logs in → cart preserved