Question
You're asking an AI agent to write a Node/TypeScript middleware that verifies incoming JWTs issued by your identity provider and authorizes requests. Write the spec that makes verification actually secure. What checks, algorithm policy, and key handling do you mandate, and what acceptance criteria prove a forged token is rejected? Then describe the specific, well-known vulnerability a naive prompt ('verify the JWT and read the user from it') tends to introduce.
Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.
Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.