DOCUMENTATION, UNFOLDED

Stop drowning
in tabs.

Engineers hit errors. They open 47 tabs. They drown in context. Nestle peels back documentation layer by layer—surface level → implementation → edge cases → related systems. All in one view. Like opening nested dolls.

Start Peeling →

THE WOW MOMENT

An engineer hits an error, clicks Nestle's extension, and watches a simple explanation bloom in front of them. They hover to reveal implementation details, click to expose edge cases, shift+click to see related systems—all without leaving their IDE. No more 47-tab documentation expeditions.

STARTUP

$999/month
  • Up to 50 engineers
  • Unlimited docs
  • Browser extension
  • IDE integrations
Get Started

SCALE-UP

$2,499/month
  • Up to 200 engineers
  • Custom onboarding
  • Priority support
  • Analytics dashboard
Get Started

OPEN SOURCE

FREE
  • Unlimited engineers
  • Full features
  • Community support
  • Public projects only
Apply

INTERACTIVE DEMO

See how Nestle layers work

Surface Level

Error: "Authentication failed: Invalid JWT signature"

This error occurs when the JSON Web Token (JWT) used for authentication has been tampered with or was signed with a different secret key than the one your server is using to verify it.

Implementation Details

How JWT verification works:

// JWT structure: header.payload.signature
const token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMifQ.signature";
const decoded = jwt.verify(token, SECRET_KEY);

The signature is created by hashing the header and payload with your secret key. If the secret doesn't match, verification fails.

Edge Cases

Common causes:

  • Secret key rotated in production but not in development environment
  • Token generated by a different service (microservices architecture)
  • Manually modified tokens (security testing)
  • Clock skew causing token expiration issues
Related Systems

Connected services that might be affected:

  • /auth-service — Token generation endpoint
  • /user-service — User validation
  • /api-gateway — Request interception & verification
  • Redis cache — Token blacklist storage

Click any layer title to expand/collapse. In the full version, hover for quick previews.