utils/src/main/scala/com/google/example/auth/jwt.scala (4 lines):
	- line 25: // TODO - we're going to be  lazy and put roles right on the token.
	- line 43: // TODO - do we need to validate anything here?
	- line 47: // TODO - do we need to validate anything here?
	- line 59: // TODO - set some safety aspects to the cookie.


simulation/src/main/scala/com/google/example/UserSimulator.scala (3 lines):
	- line 14: // TODO - fun names for users.
	- line 34: // TODO - Save the posted auction and delete it after some time.
	- line 49: // TODO - Pick an auction and bid on it.


utils/src/main/scala/com/google/example/o11y/cask/TraceWrappedHandler.scala (2 lines):
	- line 55: // TODO - set error appropriately
	- line 56: // TODO - check response sizes


auctionServer/src/main/scala/com/google/example/services/auction/AuctionServer.scala (2 lines):
	- line 27: // TODO - Move this to a database.
	- line 63: // TODO - Check that only owner of auction can delete, or that user has superprivilege?


src/main/scala/Main.scala (2 lines):
	- line 53: // TODO - create HTML form login
	- line 59: // TODO - Do something with the response so our token is saved for the whole session.


simulation/src/main/scala/com/google/example/SimulationDsl.scala (1 line):
	- line 18: // TODO - multiple fake users


utils/src/main/scala/com/google/example/o11y/requests/package.scala (1 line):
	- line 67: // TODO - Client spans?


authServer/src/main/scala/com/google/example/AuthServer.scala (1 line):
	- line 30: // TODO - other checks, or "deactivation" of tokens.