# AI Pair Programming Exercises ## Exercise 1: Improve a Vague Prompt **Task:** Someone gave Claude Code this prompt: "Add tests for the user service." Rewrite it to be specific enough for useful output. Include: what to test, which file/module, and any existing test patterns. **Validation:** - [ ] Specifies the module/class/service under test - [ ] Mentions what to test (e.g., happy path, error cases) - [ ] References existing test style if applicable (e.g., Jest, Vitest) **Hints:** 1. "User service" — which file? Which functions? 2. What behaviors matter? Create, update, validation errors? 3. "We use Vitest and `describe`/`it`" — pattern matters --- ## Exercise 2: Provide Context via Example **Task:** Your API client uses a specific pattern for auth headers. Write a 3-sentence prompt that shows the pattern so the AI can add a new authenticated request. Pattern: `headers: { 'Authorization': `Bearer ${token}` }` and token from `getAuth().token`. **Validation:** - [ ] Includes a concrete example of the header format - [ ] Explains where the token comes from - [ ] Specifies the new endpoint or use case **Hints:** 1. Show one real request that uses the pattern 2. Name the auth helper or context 3. State the new endpoint or action needed --- ## Exercise 3: Give Narrow Feedback **Task:** The AI produced a 50-line component with a bug: it doesn't handle the loading state. The loading prop exists but isn't used. Write feedback that fixes just this, without asking for a full rewrite. **Validation:** - [ ] Identifies the exact issue (loading state unused) - [ ] Suggests where/how to use it (e.g., show spinner when loading) - [ ] Doesn't ask for unrelated changes **Hints:** 1. Point to the prop: "The `loading` prop is passed but never used" 2. Suggest the fix: "Show a spinner when loading is true" 3. Optionally show a one-line example --- ## Exercise 4: Review AI Output for Security **Task:** The AI suggested this code for a "forgot password" flow: ```javascript async function resetPassword(email, newPassword) { await fetch('/api/reset', { method: 'POST', body: JSON.stringify({ email, newPassword }) }); } ``` List three security or correctness issues and how you'd fix them. **Validation:** - [ ] Identifies at least: HTTPS, token/verification, plaintext password - [ ] Proposes concrete fixes (e.g., token-based flow, hash on server) **Hints:** 1. Is the password sent in plaintext? How should reset work? 2. Does the API verify the requester? Token in email link? 3. HTTPS, rate limiting, validation? --- ## Exercise 5: Decide AI vs Manual **Task:** For each scenario, choose AI / Manual / Both and write one sentence justifying your choice. 1. Refactor a 200-line function into smaller functions 2. Fix a build error: "Module not found: './utils'" 3. Design the data model for a new feature 4. Write integration tests for an existing API **Validation:** - [ ] Refactor: Both (AI can suggest structure; you verify logic) - [ ] Build error: Manual (path/config is project-specific) - [ ] Data model: Manual or Both (design is yours; AI can draft) - [ ] Integration tests: Both (AI can scaffold; you verify coverage) **Hints:** 1. Refactoring needs your domain knowledge but benefits from AI suggestions 2. Module resolution is often path/casing/config — very project-specific 3. Design decisions are architectural — you own them 4. Tests: AI can generate structure; you ensure they test the right things