DEV Community

Cover image for The Reality Check: Why AI Coding Assistants Still Need Human Oversight
Rad Code
Rad Code

Posted on

The Reality Check: Why AI Coding Assistants Still Need Human Oversight

#ai #web3 #react #development

A cautionary tale about trusting Cursor's AI too much and the importance of understanding your tools

The Setup

Recently, I was working on a Web3 authentication flow using React, wagmi, and a Node.js backend. The goal was simple: connect wallet → sign message → verify signature → get JWT token. Sounds straightforward, right?

The Problem

The authentication flow wasn't working correctly. When users clicked "Sign Message & Login", the backend verification API was being called immediately, before the user had actually signed anything in MetaMask. This was clearly wrong.

The AI's "Solution"

I asked Cursor's AI assistant to fix this issue. Here's what happened:

First Attempt: The Async/Await Mistake 

// AI's initial "fix"
const signature = await signMessage({ message });
Enter fullscreen mode Exit fullscreen mode

The AI assumed signMessage was an async function and tried to await it. This was completely wrong.

Second Attempt: Still Not Getting It 

// AI's second attempt - still wrong
const { signMessage, isPending } = useSignMessage();
// ... later
const signature = await signMessage({ message }); // Still trying to await!
Enter fullscreen mode Exit fullscreen mode

The AI was still treating signMessage as if it returned a Promise, even after I pointed out it wasn't async.

Third Attempt: Finally Understanding the Hook Pattern

Only after I explicitly explained that signMessage is a function from a React hook (not an async function) did the AI implement the correct pattern:

// Correct implementation
const { signMessage, isPending, data: signature, error: signError } = useSignMessage();

// Use useEffect to listen for signature completion
useEffect(() => {
  if (signature && pendingNonce && address) {
    handleSignatureComplete(signature, pendingNonce, address);
  }
}, [signature, pendingNonce, address]);

// Trigger signing (non-blocking)
const handleSignAndLogin = async () => {
  // ... get nonce
  signMessage({ message }); // This triggers MetaMask popup
  // Don't await this - it's not async!
};
Enter fullscreen mode Exit fullscreen mode

Why This Happened

1. Pattern Recognition vs. Understanding

The AI recognized common patterns (async/await for API calls) but didn't understand the specific React hook pattern for useSignMessage. It applied the wrong mental model.

2. Lack of Context Awareness

Even when I mentioned "wagmi hook", the AI didn't connect this to the specific behavior of React hooks that trigger side effects rather than return promises.

3. Overconfidence in Initial Solutions

The AI presented its first solution with confidence, making it seem like the correct approach. This can lead developers to trust the solution without questioning it.

The Correct Solution

Here's how the authentication flow should actually work:

const { signMessage, isPending, data: signature, error: signError } = useSignMessage();

// Listen for signature completion
useEffect(() => {
  if (signature && pendingNonce && address) {
    handleSignatureComplete(signature, pendingNonce, address);
  }
}, [signature, pendingNonce, address]);

const handleSignAndLogin = async () => {
  setLoading(true);
  try {
    // Get nonce from backend
    const { data } = await axios.get('/auth/nonce');
    const { nonce } = data;

    // Store nonce for later use
    setPendingNonce(nonce);

    // Create message to sign
    const message = `Sign this message to authenticate: ${nonce}`;

    // Trigger signing (shows MetaMask popup)
    signMessage({ message });

  } catch (error) {
    setLoading(false);
    // Handle error
  }
};

const handleSignatureComplete = async (signature, nonce, address) => {
  try {
    // Verify signature with backend
    const { data: authData } = await axios.post('/auth/verify', {
      address,
      signature,
      nonce
    });

    if (authData.success) {
      // Store JWT and update UI
      localStorage.setItem('authToken', authData.token);
      setUser(authData.user);
      setIsAuthenticated(true);
    }
  } catch (error) {
    // Handle verification error
  } finally {
    setLoading(false);
    setPendingNonce(null);
  }
};
Enter fullscreen mode Exit fullscreen mode

Conclusion

Cursor's AI assistant is a powerful tool, but it's not a senior developer. It can help with:

  • ✅ Code generation
  • ✅ Pattern suggestions
  • ✅ Boilerplate reduction
  • ✅ Documentation

But it struggles with:

  • ❌ Complex architectural decisions
  • ❌ Domain-specific patterns
  • ❌ Understanding context deeply
  • ❌ Making critical business logic decisions

The key takeaway: Use Cursor's AI as a powerful junior developer that needs constant oversight, not as a replacement for understanding your code and your tools.

Always question, always test, and always understand what you're building. The AI might write the code, but you're responsible for making sure it works correctly.

Have you had similar experiences with Cursor or other AI coding assistants? Share your stories in the comments below!

Top comments (0)