Question
You're adding a `can(user, action, resource)` permission check to a multi-tenant SaaS in TypeScript, backing role-based access with per-resource ownership and org boundaries. You want an AI agent to implement the authorization core. Write the prompt/spec — constraints, edge cases, acceptance criteria — so it gets it right first try, given this is a security boundary. Explain what a loose prompt ("add a permissions check for roles") gets dangerously wrong.
Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.
Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.