Skip to content
Flows
Fix Fake Auth
Debugging45-90 minutes
0/6 steps0%

Step 1 of 6

Diagnose what is fake

Map exactly which parts of auth are theater before rebuilding.

Prompt capsule

Audit the current auth implementation and report precisely what is real vs fake: Does signup write a user record (show where)? Does login verify a password against a stored hash or accept anything? Where does auth state live and does it survive refresh? Are routes guarded before render? Do backend endpoints check the session? Output a table: component -> current behavior -> required behavior.

Paste into Claude · Complete implementation prompt with explicit requirements

Expected after this step

An honest diagnosis table of the entire auth surface.

Should not happen

  • Login that accepts any credentials
  • Auth state in memory only, gone on refresh
  • Protected pages reachable by URL
  • APIs serving private data without any session check

Verify before continuing

Do not move on until every check is true. The complete button stays locked until then.

Do not continue if…

  • !Login that accepts any credentials
  • !Auth state in memory only, gone on refresh
  • !Protected pages reachable by URL
  • !APIs serving private data without any session check

If the AI messes this up

Use this when the AI fakes progress or breaks the feature. It forces a real fix.

The diagnosis is optimistic guesswork. Trace the actual code paths: run a signup, query the user store, attempt a wrong-password login, and hit a private API logged-out. Report what actually happened.

Your notes for this step