Question
You're implementing the receiving end of Stripe-style webhooks in Node/TypeScript: verify the `Stripe-Signature` HMAC, reject forgeries and replays, and hand off valid events. You'll have an AI agent write the verifier. Write the prompt/spec — constraints, edge cases, acceptance criteria — so it's correct first try, given this guards money-moving events. What does a loose prompt ("verify the webhook signature") get dangerously wrong?
Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.
Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.