Question
You're asking an AI agent to implement password storage and verification for a TypeScript/Node auth service. Write the spec that gets it right and keeps you out of the next breach post-mortem. What library, algorithm, and parameters do you mandate, what must NEVER be hand-rolled, and what acceptance criteria prove the comparison and hashing are safe? Then describe what a naive prompt ('hash and check the user's password') tends to produce.
Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.
Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.