Code Room
Vibe codingHardvc-g426
Subject Ai prompt specLevel Senior–Staff~22 minCommon in Security interviewsIndustries Software development, Technology

Question

You're adding a `can(user, action, resource)` permission check to a multi-tenant SaaS in TypeScript, backing role-based access with per-resource ownership and org boundaries. You want an AI agent to implement the authorization core. Write the prompt/spec — constraints, edge cases, acceptance criteria — so it gets it right first try, given this is a security boundary. Explain what a loose prompt ("add a permissions check for roles") gets dangerously wrong.

What a strong answer looks like

Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.

Describe your solution

Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.

Run or narrate your approach, then ask the coach.