Question
Implement HMAC verification for a webhook receiver. Given a shared secret `key`, the received `message`, and the `signature_hex` the sender claims is the HMAC-SHA256 of the message, return True only if the signature is valid. Compute the HMAC using the secret as the key and verify it matches the provided hex digest. You must compare in a way that does not leak timing information about how many leading bytes matched.
verify_hmac(key: str, message: str, signature_hex: str) → bool["secret","hello","88aab3ede8d3adf94d26ab90d3bafd4a2083070c3bcce9c014ee04a443847c0b"]outtrueState your approach and its time/space complexity out loud before you optimize. Handle the edge cases (empty input, duplicates, overflow), and say why you chose this over the brute force. Green tests are the floor, not the grade.
Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.