{
  "context": "Evaluates whether the solution uses josepy's JWS/JWA primitives to sign and verify compact tokens for HS256, RS256, PS256, and ES256 scenarios defined in the spec. Points reward correct algorithm selection, key handling through josepy JWK helpers, compact serialization, and surfacing josepy verification failures as ValueErrors.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "HS256 signing",
      "description": "Uses josepy.jwa.HS256 with a josepy.jwk.JWKOct secret to produce the compact token and verify it back to the original payload; avoids manual HMAC/base64 implementations.",
      "max_score": 25
    },
    {
      "name": "RS256 keys",
      "description": "Loads RSA material with josepy.jwk.JWKRSA and signs/verifies with josepy.jwa.RS256 so matching public keys succeed while a different key raises ValueError.",
      "max_score": 20
    },
    {
      "name": "PS256 verify",
      "description": "Performs tamper detection through josepy.jwa.PS256.verify (or JWS.verify using PS256) so a modified signature triggers the josepy error path surfaced as ValueError rather than silent acceptance.",
      "max_score": 20
    },
    {
      "name": "ES256 header",
      "description": "Sets a protected alg header of ES256 when signing (e.g., josepy.jws.Header with alg='ES256') and checks the same value when verifying with josepy.jwa.ES256, rejecting mismatched alg inputs.",
      "max_score": 20
    },
    {
      "name": "Compact format",
      "description": "Builds and parses compact serialization via josepy.jws.JWS.to_compact and JWS.from_compact instead of manual base64 concatenation, enforcing alg consistency during verification.",
      "max_score": 15
    }
  ]
}