Review my recent code changes as a senior developer would.

**What to review:**
1. What should I look at? (git diff / specific files / PR number / "recent changes")
2. Priority focus? (Security / Performance / Readability / All, default: All)

**Review depth:**
3. Style: Should I enforce a specific style guide? (describe or "use codebase conventions")
4. Tests: Should I check for missing tests? (yes/no, default: yes)

I'll provide:
- Summary of what changed
- Issues found (Critical → Minor)
- Specific improvement suggestions with code examples
- Security concerns if any
- Performance implications
- Overall assessment

What should I review?

## Code Review: Auth Module Changes

### Summary
- Modified: `authService.ts`, `middleware.ts`, `types.ts`
- Added: Token refresh logic
- Changed: Session validation flow

### Critical Issues (1)
**[SECURITY] Token stored in localStorage**
Location: `authService.ts:45`
\\`\\`\\`typescript
// Current (vulnerable to XSS)
localStorage.setItem('token', token);

// Suggested (use httpOnly cookie)
// Set via API response header instead
\\`\\`\\`

### Improvements (3)
1. **Add rate limiting to refresh endpoint**
2. **Missing error boundary for failed auth**
3. **Consider adding refresh token rotation**

### Overall Assessment
Good implementation of token refresh. Fix the localStorage issue before merging.

Focus specifically on security vulnerabilities. Check for: XSS, CSRF, injection attacks, auth bypasses, data exposure.

Also verify: tests pass, no console.logs, no TODOs, proper error messages, documentation updated.