I can't tell you why this code is the way it is.

Six months ago one of the engineers on my team shipped a Microsoft SSO integration. Worked first time, tests passed, PR was clean. It went in on a Thursday afternoon.

Last week someone raised a bug. Different flow, adjacent bit of auth. I pulled up the file to understand the shape of what was there before touching it.

The PR was spotless. Fourteen files changed, good commit message, all checks green. So I did what you do — git log auth.ts. Three commits. Dates, hashes, one-liners. Nothing I couldn't have inferred from reading the code.

What I actually wanted to know was: why Entra ID and not Okta? Were other providers considered? Was the session timeout deliberate or just the default? These aren't things you can read from a diff. They're the decisions that happened before the code was written — the ones that would have been in the ticket, or the design doc, or the Slack thread, or the engineer's head.

None of that survived the merge.