{
  "context": "Evaluates how well the solution leverages python-jose for constructing, registering, and exporting JWKs while handling multiple crypto backends. Checks focus on correct calls into jose.jwk and jose.backends rather than general coding practices. Emphasis is on using library hooks for key creation, backend selection, custom key types, and JWKS serialization.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Symmetric construct",
      "description": "Uses jose.jwk.construct with an HS* algorithm and raw secret input to build the symmetric key, setting the provided kid/use without reimplementing key parsing.",
      "max_score": 25
    },
    {
      "name": "RSA PEM construct",
      "description": "Builds an RSA JWK directly from PEM material via jose.jwk.construct (is_private=True) and specifies the desired backend parameter (e.g., 'cryptography') instead of manual PEM handling.",
      "max_score": 25
    },
    {
      "name": "Backend fallback",
      "description": "Implements backend preference with a fallback by attempting jose.jwk.construct using jose.backends.get_backend to choose an alternate backend (e.g., 'native' when preferred fails) so RSA/EC keys still load.",
      "max_score": 20
    },
    {
      "name": "Custom key registration",
      "description": "Defines a Key subclass (from jose.backends.base.Key or derived key) for the custom symmetric label and registers it through jose.jwk.register_key so the new algorithm can be constructed alongside built-ins.",
      "max_score": 20
    },
    {
      "name": "JWKS export",
      "description": "Exports public JWKS entries using python-jose key helpers (e.g., Key.to_public_dict or to_dict) instead of manual JSON assembly, omitting private/symmetric material as required.",
      "max_score": 10
    }
  ]
}