ai-playbook 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (424) hide show
  1. package/README.md +146 -0
  2. package/agents/README.md +168 -0
  3. package/agents/SKILL.md +633 -0
  4. package/agents/architect/AGENT.md +44 -0
  5. package/agents/architect/README.md +5 -0
  6. package/agents/coder/AGENT.md +43 -0
  7. package/agents/coder/README.md +5 -0
  8. package/agents/debugger/AGENT.md +42 -0
  9. package/agents/debugger/README.md +6 -0
  10. package/agents/devops/AGENT.md +43 -0
  11. package/agents/devops/README.md +5 -0
  12. package/agents/documentation/AGENT.md +45 -0
  13. package/agents/documentation/README.md +5 -0
  14. package/agents/examples.md +550 -0
  15. package/agents/performance/AGENT.md +45 -0
  16. package/agents/performance/README.md +6 -0
  17. package/agents/planner/AGENT.md +44 -0
  18. package/agents/planner/README.md +6 -0
  19. package/agents/product-owner/AGENT.md +46 -0
  20. package/agents/product-owner/README.md +6 -0
  21. package/agents/refactorer/AGENT.md +44 -0
  22. package/agents/refactorer/README.md +6 -0
  23. package/agents/release-manager/AGENT.md +45 -0
  24. package/agents/release-manager/README.md +6 -0
  25. package/agents/researcher/AGENT.md +44 -0
  26. package/agents/researcher/README.md +6 -0
  27. package/agents/reviewer/AGENT.md +43 -0
  28. package/agents/reviewer/README.md +6 -0
  29. package/agents/security/AGENT.md +46 -0
  30. package/agents/security/README.md +6 -0
  31. package/agents/support/AGENT.md +45 -0
  32. package/agents/support/README.md +6 -0
  33. package/agents/tester/AGENT.md +46 -0
  34. package/agents/tester/README.md +5 -0
  35. package/bin/cli.js +186 -0
  36. package/commands/README.md +266 -0
  37. package/commands/build.md +135 -0
  38. package/commands/clean.md +126 -0
  39. package/commands/deploy-prod.md +171 -0
  40. package/commands/deploy-staging.md +147 -0
  41. package/commands/deps.md +169 -0
  42. package/commands/dev.md +132 -0
  43. package/commands/format.md +142 -0
  44. package/commands/lint.md +125 -0
  45. package/commands/migrate.md +159 -0
  46. package/commands/release.md +183 -0
  47. package/commands/rollback.md +152 -0
  48. package/commands/seed.md +178 -0
  49. package/commands/setup.md +109 -0
  50. package/commands/test.md +134 -0
  51. package/commands/validate.md +147 -0
  52. package/context/README.md +7 -0
  53. package/context/aem.md +47 -0
  54. package/context/architecture.md +51 -0
  55. package/context/bullminder.md +57 -0
  56. package/context/coding-style.md +42 -0
  57. package/context/communication.md +53 -0
  58. package/context/company.md +46 -0
  59. package/context/engineering.md +63 -0
  60. package/context/project-template.md +71 -0
  61. package/context/trading.md +52 -0
  62. package/hooks/README.md +326 -0
  63. package/hooks/code-review/README.md +6 -0
  64. package/hooks/code-review/check-coverage.md +101 -0
  65. package/hooks/custom/README.md +6 -0
  66. package/hooks/custom/project-specific-hooks.md +273 -0
  67. package/hooks/deployment/README.md +6 -0
  68. package/hooks/deployment/health-check.md +102 -0
  69. package/hooks/deployment/pre-deploy-check.md +84 -0
  70. package/hooks/documentation/README.md +6 -0
  71. package/hooks/documentation/update-changelog.md +146 -0
  72. package/hooks/post-task/README.md +5 -0
  73. package/hooks/post-task/run-tests.md +61 -0
  74. package/hooks/pre-commit/README.md +6 -0
  75. package/hooks/pre-commit/format.md +63 -0
  76. package/hooks/pre-commit/lint.md +62 -0
  77. package/hooks/pre-commit/type-check.md +78 -0
  78. package/hooks/pre-task/README.md +6 -0
  79. package/hooks/pre-task/check-branch.md +48 -0
  80. package/hooks/pre-task/validate-environment.md +48 -0
  81. package/hooks/security-check/README.md +6 -0
  82. package/hooks/security-check/dependency-audit.md +85 -0
  83. package/hooks/security-check/secrets-scan.md +77 -0
  84. package/hooks/test-before-finish/README.md +6 -0
  85. package/hooks/test-before-finish/run-all-tests.md +128 -0
  86. package/index.js +69 -0
  87. package/knowledge/README.md +33 -0
  88. package/knowledge/ai-agents.md +74 -0
  89. package/knowledge/decision-making.md +73 -0
  90. package/knowledge/documentation.md +67 -0
  91. package/knowledge/engineering-principles.md +65 -0
  92. package/knowledge/product-discovery.md +68 -0
  93. package/knowledge/security-privacy.md +54 -0
  94. package/knowledge/testing-quality.md +63 -0
  95. package/package.json +63 -0
  96. package/patterns/README.md +7 -0
  97. package/prompts/README.md +208 -0
  98. package/prompts/architect/README.md +96 -0
  99. package/prompts/architect/design-system.md +140 -0
  100. package/prompts/debugger/README.md +96 -0
  101. package/prompts/debugger/diagnose-issue.md +141 -0
  102. package/prompts/developer/README.md +129 -0
  103. package/prompts/developer/fix-bug.md +136 -0
  104. package/prompts/developer/implement-feature.md +133 -0
  105. package/prompts/product-owner/README.md +116 -0
  106. package/prompts/product-owner/define-feature.md +145 -0
  107. package/prompts/reviewer/README.md +91 -0
  108. package/prompts/reviewer/code-review.md +129 -0
  109. package/prompts/support/README.md +154 -0
  110. package/prompts/support/resolve-issue.md +124 -0
  111. package/roles/README.md +6 -0
  112. package/roles/design-architect/README.md +98 -0
  113. package/roles/design-architect/accessibility/README.md +33 -0
  114. package/roles/design-architect/accessibility/checklists.md +29 -0
  115. package/roles/design-architect/accessibility/examples.md +35 -0
  116. package/roles/design-architect/checklists.md +76 -0
  117. package/roles/design-architect/component-library/README.md +35 -0
  118. package/roles/design-architect/component-library/checklists.md +29 -0
  119. package/roles/design-architect/component-library/examples.md +35 -0
  120. package/roles/design-architect/design-system/README.md +35 -0
  121. package/roles/design-architect/design-system/checklists.md +27 -0
  122. package/roles/design-architect/design-system/examples.md +41 -0
  123. package/roles/design-architect/examples/README.md +31 -0
  124. package/roles/design-architect/examples/checklists.md +26 -0
  125. package/roles/design-architect/examples/examples.md +46 -0
  126. package/roles/design-architect/examples.md +90 -0
  127. package/roles/design-architect/figma/README.md +33 -0
  128. package/roles/design-architect/figma/checklists.md +27 -0
  129. package/roles/design-architect/figma/examples.md +38 -0
  130. package/roles/design-architect/responsibilities.md +73 -0
  131. package/roles/design-architect/responsive/README.md +34 -0
  132. package/roles/design-architect/responsive/checklists.md +26 -0
  133. package/roles/design-architect/responsive/examples.md +39 -0
  134. package/roles/design-architect/role.md +129 -0
  135. package/roles/design-architect/skill-map.md +42 -0
  136. package/roles/design-architect/triggers.md +110 -0
  137. package/roles/design-architect/ui/README.md +36 -0
  138. package/roles/design-architect/ui/checklists.md +29 -0
  139. package/roles/design-architect/ui/examples.md +28 -0
  140. package/roles/design-architect/usability/README.md +34 -0
  141. package/roles/design-architect/usability/checklists.md +28 -0
  142. package/roles/design-architect/usability/examples.md +31 -0
  143. package/roles/design-architect/ux/README.md +36 -0
  144. package/roles/design-architect/ux/checklists.md +28 -0
  145. package/roles/design-architect/ux/examples.md +37 -0
  146. package/roles/design-architect/wireframes/README.md +34 -0
  147. package/roles/design-architect/wireframes/checklists.md +25 -0
  148. package/roles/design-architect/wireframes/examples.md +32 -0
  149. package/roles/design-architect/workflow.md +80 -0
  150. package/roles/devops/README.md +101 -0
  151. package/roles/devops/ansible/README.md +6 -0
  152. package/roles/devops/checklists.md +413 -0
  153. package/roles/devops/ci-cd/README.md +169 -0
  154. package/roles/devops/ci-cd/checklists.md +289 -0
  155. package/roles/devops/ci-cd/examples.md +429 -0
  156. package/roles/devops/cloud-platforms/README.md +109 -0
  157. package/roles/devops/cost-optimization/README.md +131 -0
  158. package/roles/devops/disaster-recovery/README.md +118 -0
  159. package/roles/devops/docker/README.md +6 -0
  160. package/roles/devops/examples/README.md +6 -0
  161. package/roles/devops/examples.md +775 -0
  162. package/roles/devops/github-actions/README.md +6 -0
  163. package/roles/devops/helm/README.md +6 -0
  164. package/roles/devops/infrastructure-as-code/README.md +160 -0
  165. package/roles/devops/infrastructure-as-code/checklists.md +124 -0
  166. package/roles/devops/jenkins/README.md +6 -0
  167. package/roles/devops/kubernetes/README.md +150 -0
  168. package/roles/devops/kubernetes/checklists.md +192 -0
  169. package/roles/devops/kubernetes/examples.md +189 -0
  170. package/roles/devops/monitoring/README.md +93 -0
  171. package/roles/devops/networking/README.md +83 -0
  172. package/roles/devops/performance/README.md +104 -0
  173. package/roles/devops/responsibilities.md +95 -0
  174. package/roles/devops/role.md +130 -0
  175. package/roles/devops/security/README.md +126 -0
  176. package/roles/devops/skill-map.md +162 -0
  177. package/roles/devops/terraform/README.md +6 -0
  178. package/roles/devops/triggers.md +241 -0
  179. package/roles/devops/workflow.md +197 -0
  180. package/roles/qa/README.md +16 -0
  181. package/roles/qa/api-testing/README.md +6 -0
  182. package/roles/qa/automation/README.md +6 -0
  183. package/roles/qa/checklists.md +24 -0
  184. package/roles/qa/examples/README.md +6 -0
  185. package/roles/qa/examples.md +27 -0
  186. package/roles/qa/performance/README.md +6 -0
  187. package/roles/qa/playwright/README.md +6 -0
  188. package/roles/qa/responsibilities.md +16 -0
  189. package/roles/qa/role.md +47 -0
  190. package/roles/qa/selenium/README.md +6 -0
  191. package/roles/qa/skill-map.md +14 -0
  192. package/roles/qa/triggers.md +10 -0
  193. package/roles/qa/workflow.md +9 -0
  194. package/roles/software-architect/README.md +16 -0
  195. package/roles/software-architect/agents/README.md +6 -0
  196. package/roles/software-architect/ai-architecture/README.md +6 -0
  197. package/roles/software-architect/aws/README.md +6 -0
  198. package/roles/software-architect/azure/README.md +6 -0
  199. package/roles/software-architect/caching/README.md +6 -0
  200. package/roles/software-architect/checklists.md +25 -0
  201. package/roles/software-architect/cloud/README.md +6 -0
  202. package/roles/software-architect/database-design/README.md +6 -0
  203. package/roles/software-architect/diagrams/README.md +6 -0
  204. package/roles/software-architect/distributed-systems/README.md +7 -0
  205. package/roles/software-architect/docker/README.md +6 -0
  206. package/roles/software-architect/event-driven/README.md +7 -0
  207. package/roles/software-architect/examples/README.md +6 -0
  208. package/roles/software-architect/examples.md +22 -0
  209. package/roles/software-architect/gcp/README.md +6 -0
  210. package/roles/software-architect/kubernetes/README.md +6 -0
  211. package/roles/software-architect/messaging/README.md +6 -0
  212. package/roles/software-architect/rag/README.md +7 -0
  213. package/roles/software-architect/responsibilities.md +17 -0
  214. package/roles/software-architect/role.md +46 -0
  215. package/roles/software-architect/scalability/README.md +6 -0
  216. package/roles/software-architect/security/README.md +6 -0
  217. package/roles/software-architect/skill-map.md +15 -0
  218. package/roles/software-architect/system-design/README.md +6 -0
  219. package/roles/software-architect/triggers.md +10 -0
  220. package/roles/software-architect/vector-db/README.md +6 -0
  221. package/roles/software-architect/workflow.md +9 -0
  222. package/roles/software-developer/README.md +116 -0
  223. package/roles/software-developer/api/README.md +365 -0
  224. package/roles/software-developer/api/checklist.md +131 -0
  225. package/roles/software-developer/api/examples.md +459 -0
  226. package/roles/software-developer/authentication/README.md +26 -0
  227. package/roles/software-developer/authentication/checklists.md +22 -0
  228. package/roles/software-developer/authentication/examples.md +32 -0
  229. package/roles/software-developer/authorization/README.md +26 -0
  230. package/roles/software-developer/authorization/checklists.md +21 -0
  231. package/roles/software-developer/authorization/examples.md +27 -0
  232. package/roles/software-developer/backend/README.md +26 -0
  233. package/roles/software-developer/backend/checklists.md +21 -0
  234. package/roles/software-developer/backend/examples.md +21 -0
  235. package/roles/software-developer/cache/README.md +25 -0
  236. package/roles/software-developer/cache/checklists.md +21 -0
  237. package/roles/software-developer/cache/examples.md +22 -0
  238. package/roles/software-developer/checklists.md +122 -0
  239. package/roles/software-developer/code-review/README.md +23 -0
  240. package/roles/software-developer/code-review/checklists.md +22 -0
  241. package/roles/software-developer/code-review/examples.md +20 -0
  242. package/roles/software-developer/database/README.md +27 -0
  243. package/roles/software-developer/database/checklists.md +21 -0
  244. package/roles/software-developer/database/examples.md +27 -0
  245. package/roles/software-developer/debugging/README.md +24 -0
  246. package/roles/software-developer/debugging/checklists.md +20 -0
  247. package/roles/software-developer/debugging/examples.md +28 -0
  248. package/roles/software-developer/examples/README.md +22 -0
  249. package/roles/software-developer/examples/checklists.md +8 -0
  250. package/roles/software-developer/examples/examples.md +25 -0
  251. package/roles/software-developer/examples.md +378 -0
  252. package/roles/software-developer/frontend/README.md +76 -0
  253. package/roles/software-developer/frontend/accessibility/README.md +136 -0
  254. package/roles/software-developer/frontend/accessibility/best-practices.md +368 -0
  255. package/roles/software-developer/frontend/code-quality/README.md +136 -0
  256. package/roles/software-developer/frontend/code-quality/best-practices.md +309 -0
  257. package/roles/software-developer/frontend/components/README.md +65 -0
  258. package/roles/software-developer/frontend/components/best-practices.md +273 -0
  259. package/roles/software-developer/frontend/debugging/README.md +149 -0
  260. package/roles/software-developer/frontend/debugging/best-practices.md +329 -0
  261. package/roles/software-developer/frontend/examples/README.md +19 -0
  262. package/roles/software-developer/frontend/examples/checklists.md +8 -0
  263. package/roles/software-developer/frontend/examples/examples.md +17 -0
  264. package/roles/software-developer/frontend/logging-observability/README.md +196 -0
  265. package/roles/software-developer/frontend/logging-observability/best-practices.md +430 -0
  266. package/roles/software-developer/frontend/performance/README.md +99 -0
  267. package/roles/software-developer/frontend/performance/best-practices.md +350 -0
  268. package/roles/software-developer/frontend/state-management/README.md +85 -0
  269. package/roles/software-developer/frontend/state-management/best-practices.md +344 -0
  270. package/roles/software-developer/frontend/testing/README.md +114 -0
  271. package/roles/software-developer/frontend/testing/best-practices.md +272 -0
  272. package/roles/software-developer/fullstack/README.md +25 -0
  273. package/roles/software-developer/fullstack/checklists.md +19 -0
  274. package/roles/software-developer/fullstack/examples.md +14 -0
  275. package/roles/software-developer/graphql/README.md +24 -0
  276. package/roles/software-developer/graphql/checklists.md +20 -0
  277. package/roles/software-developer/graphql/examples.md +24 -0
  278. package/roles/software-developer/integration-tests/README.md +25 -0
  279. package/roles/software-developer/integration-tests/checklists.md +20 -0
  280. package/roles/software-developer/integration-tests/examples.md +18 -0
  281. package/roles/software-developer/java/README.md +24 -0
  282. package/roles/software-developer/java/checklists.md +16 -0
  283. package/roles/software-developer/java/examples.md +22 -0
  284. package/roles/software-developer/javascript/README.md +24 -0
  285. package/roles/software-developer/javascript/checklists.md +15 -0
  286. package/roles/software-developer/javascript/examples.md +18 -0
  287. package/roles/software-developer/logging/README.md +105 -0
  288. package/roles/software-developer/logging/checklists.md +48 -0
  289. package/roles/software-developer/logging/examples.md +135 -0
  290. package/roles/software-developer/messaging/README.md +24 -0
  291. package/roles/software-developer/messaging/checklists.md +21 -0
  292. package/roles/software-developer/messaging/examples.md +26 -0
  293. package/roles/software-developer/microservices/README.md +25 -0
  294. package/roles/software-developer/microservices/checklists.md +21 -0
  295. package/roles/software-developer/microservices/examples.md +21 -0
  296. package/roles/software-developer/node/README.md +25 -0
  297. package/roles/software-developer/node/checklists.md +15 -0
  298. package/roles/software-developer/node/examples.md +15 -0
  299. package/roles/software-developer/nosql/README.md +24 -0
  300. package/roles/software-developer/nosql/checklists.md +21 -0
  301. package/roles/software-developer/nosql/examples.md +20 -0
  302. package/roles/software-developer/observability/README.md +25 -0
  303. package/roles/software-developer/observability/checklists.md +21 -0
  304. package/roles/software-developer/observability/examples.md +22 -0
  305. package/roles/software-developer/performance/README.md +26 -0
  306. package/roles/software-developer/performance/checklists.md +20 -0
  307. package/roles/software-developer/performance/examples.md +20 -0
  308. package/roles/software-developer/python/README.md +25 -0
  309. package/roles/software-developer/python/checklists.md +15 -0
  310. package/roles/software-developer/python/examples.md +17 -0
  311. package/roles/software-developer/react/README.md +24 -0
  312. package/roles/software-developer/react/checklists.md +15 -0
  313. package/roles/software-developer/react/examples.md +22 -0
  314. package/roles/software-developer/refactoring/README.md +23 -0
  315. package/roles/software-developer/refactoring/checklists.md +21 -0
  316. package/roles/software-developer/refactoring/examples.md +11 -0
  317. package/roles/software-developer/responsibilities.md +58 -0
  318. package/roles/software-developer/role.md +127 -0
  319. package/roles/software-developer/skill-map.md +88 -0
  320. package/roles/software-developer/springboot/README.md +25 -0
  321. package/roles/software-developer/springboot/checklists.md +15 -0
  322. package/roles/software-developer/springboot/examples.md +21 -0
  323. package/roles/software-developer/sql/README.md +24 -0
  324. package/roles/software-developer/sql/checklists.md +22 -0
  325. package/roles/software-developer/sql/examples.md +20 -0
  326. package/roles/software-developer/testing/README.md +25 -0
  327. package/roles/software-developer/testing/checklists.md +21 -0
  328. package/roles/software-developer/testing/examples.md +19 -0
  329. package/roles/software-developer/triggers.md +550 -0
  330. package/roles/software-developer/typescript/README.md +25 -0
  331. package/roles/software-developer/typescript/checklists.md +15 -0
  332. package/roles/software-developer/typescript/examples.md +18 -0
  333. package/roles/software-developer/unit-tests/README.md +24 -0
  334. package/roles/software-developer/unit-tests/checklists.md +19 -0
  335. package/roles/software-developer/unit-tests/examples.md +22 -0
  336. package/roles/software-developer/workflow.md +196 -0
  337. package/roles/sre/README.md +16 -0
  338. package/roles/sre/alerts/README.md +6 -0
  339. package/roles/sre/availability/README.md +6 -0
  340. package/roles/sre/chaos/README.md +6 -0
  341. package/roles/sre/checklists.md +24 -0
  342. package/roles/sre/examples/README.md +6 -0
  343. package/roles/sre/examples.md +19 -0
  344. package/roles/sre/observability/README.md +6 -0
  345. package/roles/sre/reliability/README.md +6 -0
  346. package/roles/sre/responsibilities.md +16 -0
  347. package/roles/sre/role.md +46 -0
  348. package/roles/sre/skill-map.md +14 -0
  349. package/roles/sre/slos/README.md +6 -0
  350. package/roles/sre/triggers.md +10 -0
  351. package/roles/sre/workflow.md +9 -0
  352. package/roles/support-engineer/README.md +16 -0
  353. package/roles/support-engineer/checklists.md +24 -0
  354. package/roles/support-engineer/datadog/README.md +6 -0
  355. package/roles/support-engineer/examples/README.md +6 -0
  356. package/roles/support-engineer/examples.md +17 -0
  357. package/roles/support-engineer/incident-response/README.md +6 -0
  358. package/roles/support-engineer/kubernetes/README.md +6 -0
  359. package/roles/support-engineer/linux/README.md +6 -0
  360. package/roles/support-engineer/logs/README.md +6 -0
  361. package/roles/support-engineer/monitoring/README.md +6 -0
  362. package/roles/support-engineer/networking/README.md +6 -0
  363. package/roles/support-engineer/newrelic/README.md +6 -0
  364. package/roles/support-engineer/postmortem/README.md +6 -0
  365. package/roles/support-engineer/production/README.md +6 -0
  366. package/roles/support-engineer/responsibilities.md +16 -0
  367. package/roles/support-engineer/role.md +47 -0
  368. package/roles/support-engineer/root-cause-analysis/README.md +6 -0
  369. package/roles/support-engineer/runbooks/README.md +6 -0
  370. package/roles/support-engineer/skill-map.md +14 -0
  371. package/roles/support-engineer/splunk/README.md +6 -0
  372. package/roles/support-engineer/triggers.md +10 -0
  373. package/roles/support-engineer/troubleshooting/README.md +6 -0
  374. package/roles/support-engineer/workflow.md +9 -0
  375. package/setup.sh +204 -0
  376. package/skills/.claude/README.md +7 -0
  377. package/skills/README.md +21 -0
  378. package/skills/ai-agents/README.md +207 -0
  379. package/skills/ai-agents/examples.md +335 -0
  380. package/skills/ai-agents/skill.md +392 -0
  381. package/skills/architecture/README.md +198 -0
  382. package/skills/architecture/examples.md +316 -0
  383. package/skills/architecture/skill.md +189 -0
  384. package/skills/design-architecture/README.md +107 -0
  385. package/skills/design-architecture/examples.md +84 -0
  386. package/skills/design-architecture/skill.md +192 -0
  387. package/skills/devops/README.md +177 -0
  388. package/skills/devops/examples.md +376 -0
  389. package/skills/devops/skill.md +210 -0
  390. package/skills/documentation/README.md +182 -0
  391. package/skills/documentation/examples.md +364 -0
  392. package/skills/documentation/skill.md +200 -0
  393. package/skills/performance/README.md +177 -0
  394. package/skills/performance/examples.md +376 -0
  395. package/skills/performance/skill.md +199 -0
  396. package/skills/qa/README.md +106 -0
  397. package/skills/qa/examples.md +84 -0
  398. package/skills/qa/skill.md +384 -0
  399. package/skills/security/README.md +108 -0
  400. package/skills/security/examples.md +85 -0
  401. package/skills/security/skill.md +223 -0
  402. package/skills/software-development/README.md +239 -0
  403. package/skills/software-development/assessment.md +0 -0
  404. package/skills/software-development/checklists.md +0 -0
  405. package/skills/software-development/examples.md +375 -0
  406. package/skills/software-development/prompts.md +0 -0
  407. package/skills/software-development/skill.md +390 -0
  408. package/skills/software-development/templates/README.md +7 -0
  409. package/skills/software-development/templates/api-development.md +0 -0
  410. package/skills/software-development/templates/bug-fix.md +0 -0
  411. package/skills/software-development/templates/code-review.md +0 -0
  412. package/skills/software-development/templates/feature-implementation.md +0 -0
  413. package/skills/software-development/templates/llm-integration.md +0 -0
  414. package/skills/software-development/templates/performance-review.md +0 -0
  415. package/skills/software-development/templates/security-review.md +0 -0
  416. package/skills/software-development/templates/test-generation.md +0 -0
  417. package/skills/software-development/tools.md +0 -0
  418. package/skills/software-development/workflows.md +0 -0
  419. package/skills/sre/README.md +107 -0
  420. package/skills/sre/examples.md +379 -0
  421. package/skills/sre/skill.md +256 -0
  422. package/skills/support-engineering/README.md +107 -0
  423. package/skills/support-engineering/examples.md +85 -0
  424. package/skills/support-engineering/skill.md +103 -0
@@ -0,0 +1,131 @@
1
+ # API‑Development Checklists
2
+
3
+ A concise, reusable list of tasks that must be completed before, during, and after implementing any public API surface (REST, GraphQL, gRPC, or async inference endpoints) in the **Software‑Developer** role that works with **Claude‑Skills**.
4
+ Each checklist is written in GitHub‑flavoured Markdown task‑list syntax (`- [ ]` = pending, `- [x]` = done) so you can tick items directly in most editors or on GitHub.
5
+
6
+ ---
7
+
8
+ ## 📦 0️⃣ Prerequisites (run once per change)
9
+
10
+ - [ ] **Ticket ready** – Issue contains a clear title, acceptance criteria, and success metrics.
11
+ - [ ] **Context loaded** –
12
+ - `context/engineering.md`
13
+ - `projects/<PROJECT>/context.md`
14
+ - [ ] **Relevant skill files loaded** –
15
+ - `skills/software-development/skill.md` (API Design)
16
+ - `skills/qa/skill.md` (Testing)
17
+ - `skills/security/skill.md` (Security)
18
+ - `skills/performance/skill.md` (Performance)
19
+ - [ ] **Branch created** – `git checkout -b api/<JIRA_ID>-<short‑desc>` and pushed.
20
+
21
+ ---
22
+
23
+ ## ✍️ 1️⃣ Design & Specification
24
+
25
+ | ✅ | Checklist Item |
26
+ |----|----------------|
27
+ | [ ] | Draft an **OpenAPI (or GraphQL) schema** in `docs/openapi.yaml` (or `graphql/schema.graphql`). |
28
+ | [ ] | Add a **design note** (`docs/design/<TICKET_ID>-<short>.md`) that states: <br/> • endpoint purpose <br/> • request/response contract <br/> • authentication/authorization expectations <br/> • error handling (RFC 7807) <br/> • any relevant **skill‑map** rows (e.g., *API Design – Proficiency 5*). |
29
+ | [ ] | Verify **naming conventions** (kebab‑case for URLs, snake_case for fields, versioned under `/v1/`). |
30
+ | [ ] | Confirm **authentication** requirements – API‑Key header `X-Api-Key` must be documented and enforced. |
31
+ | [ ] | Document **rate‑limit** expectations in the spec and add a comment in the design note. |
32
+ | [ ] | Review **privacy / data‑ residency** rules – ensure no PII is exposed unintentionally. |
33
+
34
+ ---
35
+
36
+ ## 🛠️ 2️⃣ Implementation
37
+
38
+ | ✅ | Checklist Item |
39
+ |----|----------------|
40
+ | [ ] | Implement the handler **inside** the appropriate package (`src/<package>/api/v1/`). |
41
+ | [ ] | Keep the function **pure** – no hidden side‑effects outside the returned response. |
42
+ | [ ] | Validate **input** using Pydantic (or GraphQL validation) – reject malformed payloads early. |
43
+ | [ ] | Re‑use **shared utilities** (`src/myapp/api/v1/utils.py`) – e.g., `parse_api_key()`, `rate_limit_exceeded()`. |
44
+ | [ ] | Add **inline comments** only for non‑obvious logic; do **not** comment every line. |
45
+ | [ ] | Apply **type hints** (`-> dict`, `-> User`) and run `mypy` with `--strict`. |
46
+ | [ ] | Run **local linting** (`ruff check .`) and fix all violations. |
47
+ | [ ] | Add **unit tests** for pure functions and **integration tests** for the full request‑response cycle. |
48
+ | [ ] | Ensure **code coverage** for new lines ≥ 80 % (checked by CI). |
49
+ | [ ] | Run **security scans** locally (`bandit -r . && safety check -r .`) – fix any HIGH severity findings. |
50
+ | [ ] | Add **performance sanity** check – verify latency < target ms for a mock payload (use `time.perf_counter`). |
51
+ | [ ] | Write **docstrings** that follow the Google/NumPy style and include `@param`/`@return` tags. |
52
+ | [ ] | Register the new endpoint in the **router** (`src/myapp/api/v1/router.py`) and update the **OpenAPI spec** accordingly. |
53
+
54
+ ---
55
+
56
+ ## 🧪 3️⃣ Testing & Quality Gates
57
+
58
+ | ✅ | Checklist Item |
59
+ |----|----------------|
60
+ | [ ] | **Unit tests** cover all new/modified functions (≥ 80 % line coverage). |
61
+ | [ ] | **Integration tests** exercise the full HTTP flow (use `httpx` or `testclient`). |
62
+ | [ ] | **Contract tests** validate request/response schemas against the OpenAPI spec (`schemathesis` or similar). |
63
+ | [ ] | **Model‑specific validation** (if the endpoint calls Claude) runs `scripts/model_validation.py` – check accuracy >= target and latency ≤ target. |
64
+ | [ ] | **Mutation testing** (optional) passes on changed files (`mutmut run`). |
65
+ | [ ] | **Static security analysis** passes (`bandit`, `safety`). |
66
+ | [ ] | **Performance benchmark** runs against a local staging of the endpoint; exit status must be 0 if latency ≤ SLA. |
67
+ | [ ] | All CI stages **pass** on the first push (no re‑run required). |
68
+ | [ ] | Test data is **mocked** or **seeded**; no real secrets are written to logs. |
69
+
70
+ ---
71
+
72
+ ## 📦 4️⃣ Code Review & Refactor
73
+
74
+ | ✅ | Checklist Item |
75
+ |----|----------------|
76
+ | [ ] | Open a **Pull Request** with: <br/> • Title prefixed by the ticket ID (`Fix #1234 – Add user create endpoint`) <br/> • Description linking to the design note and acceptance criteria <br/> • Checklist items ticked (copy‑paste from this file). |
77
+ | [ ] | Request **at least two reviewers**: one senior engineer and one domain expert (e.g., AI/ML). |
78
+ | [ ] | Address all **review comments** – fix lint failures, update tests, or adjust documentation as needed. |
79
+ | [ ] | Re‑run **CI** after each push; CI must end with a green check before merging. |
80
+ | [ ] | Perform a **final refactor pass** to eliminate dead code, debug prints, or temporary TODOs. |
81
+ | [ ] | Verify **test suite** still passes after refactor. |
82
+ | [ ] | Ensure **no new third‑party dependencies** are introduced without approval. |
83
+ | [ ] | Confirm **code style** adheres to the project’s `.style.yaml` (e.g., max line length, import ordering). |
84
+
85
+ ---
86
+
87
+ ## 📚 5️⃣ Documentation Update
88
+
89
+ | ✅ | Checklist Item |
90
+ |----|----------------|
91
+ | [ ] | Update **API reference docs** – add the new endpoint description to `docs/api_reference.md`. |
92
+ | [ ] | Regenerate **OpenAPI spec** (`scripts/generate-openapi.sh`) and commit the updated `docs/openapi.yaml`. |
93
+ | [ ] | Add **examples** for request/response payloads in the design note and in the README. |
94
+ | [ ] | Commit a **runbook entry** for the new endpoint (`ops/runbooks/<endpoint>.md`) covering: <br/> • health‑check URL <br/> • scaling limits <br/> • rollback steps. |
95
+ | [ ] | Link the new documentation from the **ticket** and **PR description**. |
96
+ | [ ] | Ensure the **CHANGELOG.md** entry mentions the new feature (semantic version bump). |
97
+
98
+ ---
99
+
100
+ ## 🚀 6️⃣ Deployment & Release
101
+
102
+ | ✅ | Checklist Item |
103
+ |----|----------------|
104
+ | [ ] | Bump the **version** in `pyproject.toml` / `requirements.txt` and add a Git tag (`vX.Y.Z`). |
105
+ | [ ] | Build the Docker image (`docker build -t mycompany/myapp:<tag> .`) and push to the registry. |
106
+ | [ ] | Update the **Helm values** (`helm/myapp/values.yaml`) with the new image tag and any config changes. |
107
+ | [ ] | Submit a **Helm PR** and have it approved; CI will run `helm lint` and `helm unittest`. |
108
+ | [ ] | Trigger the **Canary Deployment** (Argo Rollouts) – verify 5 % traffic shift. |
109
+ | [ ] | Monitor **Prometheus** metrics (`request_latency_seconds`, `error_rate`, `gpu_utilization`) for the required stability window. |
110
+ | [ ] | Once health checks pass, **promote to production** (either automatic rollout or manual `helm upgrade`). |
111
+ | [ ] | Create a **release note** entry in `CHANGELOG.md` and post a summary to `#releases`. |
112
+ | [ ] | Close the original ticket with status **Done** and transition it to the *Release* board column. |
113
+
114
+ ---
115
+
116
+ ## ✅ 7️⃣ Final Verification (Success Criteria)
117
+
118
+ | Requirement | Checklist Item |
119
+ |-------------|----------------|
120
+ | **Problem solved** | ✅ All acceptance criteria listed in the ticket are met (verify via test output). |
121
+ | **Conforms to conventions** | ✅ Code style, naming, and directory layout follow the project’s standards (checked by lint & reviewers). |
122
+ | **Production‑ready** | ✅ Image builds, Helm chart validates, and deployment succeeds without errors. |
123
+ | **Tests present** | ✅ Unit, integration, contract, and performance tests all pass. |
124
+ | **Technical debt minimized** | ✅ No new TODOs, dead code, or duplicated logic was introduced. |
125
+ | **Decisions explained** | ✅ Design note and PR description clearly articulate why the chosen approach was taken (refer to relevant `skill-map.md` rows). |
126
+
127
+ If any red ❌ appears, return to the appropriate earlier step (usually **Design**, **Implement**, or **Test**) until the issue is resolved.
128
+
129
+ ---
130
+
131
+ ## 📌 Quick Reference (Condensed)
@@ -0,0 +1,459 @@
1
+ # API Examples
2
+
3
+ This document contains production-ready API examples for the public REST API exposed by the AI-enhanced microservice.
4
+
5
+ All endpoints are versioned under **`/v1`**.
6
+
7
+ The OpenAPI specification is located at:
8
+
9
+ ```text
10
+ docs/openapi.yaml
11
+ ```
12
+
13
+ ---
14
+
15
+ # API Requirements
16
+
17
+ Every request must include:
18
+
19
+ * `X-Api-Key`
20
+ * `Content-Type: application/json`
21
+ * `Accept: application/json`
22
+
23
+ API keys are automatically retrieved from the project's secret manager.
24
+
25
+ All responses are JSON encoded.
26
+
27
+ Errors follow **RFC 7807 (Problem Details)**.
28
+
29
+ Rate limiting information is returned via:
30
+
31
+ * `X-RateLimit-Limit`
32
+ * `X-RateLimit-Remaining`
33
+
34
+ ---
35
+
36
+ # 1. Base URL
37
+
38
+ ```
39
+ https://api.mycompany.com/v1
40
+ ```
41
+
42
+ ---
43
+
44
+ # Common Headers
45
+
46
+ | Header | Value |
47
+ | ------------ | --------------------------------------------- |
48
+ | Content-Type | application/json |
49
+ | Accept | application/json |
50
+ | X-Api-Key | Secret retrieved from Vault (`myapp/api_key`) |
51
+
52
+ ---
53
+
54
+ # 2. Create User
55
+
56
+ ## Endpoint
57
+
58
+ ```http
59
+ POST /v1/users
60
+ ```
61
+
62
+ ---
63
+
64
+ ## Request
65
+
66
+ ```http
67
+ POST /v1/users HTTP/1.1
68
+ Host: api.mycompany.com
69
+ Content-Type: application/json
70
+ Accept: application/json
71
+ X-Api-Key: <YOUR_API_KEY>
72
+ ```
73
+
74
+ ```json
75
+ {
76
+ "email": "alice@example.com",
77
+ "first_name": "Alice",
78
+ "last_name": "Anderson",
79
+ "preferences": {
80
+ "notification_channel": "email",
81
+ "theme": "dark"
82
+ }
83
+ }
84
+ ```
85
+
86
+ ---
87
+
88
+ ## Successful Response
89
+
90
+ **201 Created**
91
+
92
+ ```json
93
+ {
94
+ "user_id": "u_9f3a2c7b-5e1d-4b8e-9c33-71d9c1e5b6f2",
95
+ "email": "alice@example.com",
96
+ "full_name": "Alice Anderson",
97
+ "created_at": "2025-11-03T14:32:10Z",
98
+ "api_version": "v1"
99
+ }
100
+ ```
101
+
102
+ ---
103
+
104
+ ## Error Responses
105
+
106
+ | Status | Description |
107
+ | ------ | ------------------------------ |
108
+ | 400 | Missing required field `email` |
109
+ | 401 | Invalid or missing API key |
110
+ | 429 | Rate limit exceeded |
111
+ | 500 | Internal server error |
112
+
113
+ ---
114
+
115
+ # 3. Retrieve User
116
+
117
+ ## Endpoint
118
+
119
+ ```http
120
+ GET /v1/users/{user_id}
121
+ ```
122
+
123
+ ---
124
+
125
+ ## Request
126
+
127
+ ```http
128
+ GET /v1/users/u_9f3a2c7b-5e1d-4b8e-9c33-71d9c1e5b6f2 HTTP/1.1
129
+ Host: api.mycompany.com
130
+ Accept: application/json
131
+ X-Api-Key: <YOUR_API_KEY>
132
+ ```
133
+
134
+ ---
135
+
136
+ ## Response
137
+
138
+ **200 OK**
139
+
140
+ ```json
141
+ {
142
+ "user_id": "u_9f3a2c7b-5e1d-4b8e-9c33-71d9c1e5b6f2",
143
+ "email": "alice@example.com",
144
+ "first_name": "Alice",
145
+ "last_name": "Anderson",
146
+ "created_at": "2025-11-03T14:32:10Z",
147
+ "role": "standard",
148
+ "metadata": {
149
+ "last_login": "2025-11-02T09:15:44Z",
150
+ "device_count": 2
151
+ }
152
+ }
153
+ ```
154
+
155
+ ---
156
+
157
+ # 4. Update User Preferences
158
+
159
+ ## Endpoint
160
+
161
+ ```http
162
+ PATCH /v1/users/{user_id}/preferences
163
+ ```
164
+
165
+ ---
166
+
167
+ ## Request
168
+
169
+ ```json
170
+ {
171
+ "notification_channel": "push",
172
+ "theme": "light"
173
+ }
174
+ ```
175
+
176
+ ---
177
+
178
+ ## Response
179
+
180
+ ```json
181
+ {
182
+ "user_id": "u_9f3a2c7b-5e1d-4b8e-9c33-71d9c1e5b6f2",
183
+ "updated_preferences": {
184
+ "notification_channel": "push",
185
+ "theme": "light"
186
+ },
187
+ "updated_at": "2025-11-03T15:02:07Z"
188
+ }
189
+ ```
190
+
191
+ ---
192
+
193
+ # 5. Generate Text (Model as a Service)
194
+
195
+ This endpoint runs the latest Claude model independently from CRUD operations.
196
+
197
+ ## Endpoint
198
+
199
+ ```http
200
+ POST /v1/generate
201
+ ```
202
+
203
+ ---
204
+
205
+ ## Request
206
+
207
+ ```json
208
+ {
209
+ "model": "claude-3-opus-2025-10",
210
+ "prompt": "Explain the difference between REST and GraphQL for a non-technical audience.",
211
+ "max_tokens": 250,
212
+ "temperature": 0.7,
213
+ "top_p": 0.9,
214
+ "metadata": {
215
+ "client_id": "c_7d4e9a2f",
216
+ "request_id": "req_4f6b9c1e"
217
+ }
218
+ }
219
+ ```
220
+
221
+ ---
222
+
223
+ ## Successful Response
224
+
225
+ ```json
226
+ {
227
+ "id": "gen_9c8b3f1a-2d7e-4a5c-bb71-3f9e5d6a7b1c",
228
+ "model": "claude-3-opus-2025-10",
229
+ "status": "completed",
230
+ "usage": {
231
+ "prompt_tokens": 35,
232
+ "completion_tokens": 172,
233
+ "total_tokens": 207
234
+ },
235
+ "output": "REST (Representational State Transfer) is an architectural style..."
236
+ }
237
+ ```
238
+
239
+ ---
240
+
241
+ ## Error Responses
242
+
243
+ | HTTP | Description |
244
+ | ---- | ------------------------- |
245
+ | 400 | Missing prompt or model |
246
+ | 422 | Validation error |
247
+ | 429 | Inference queue full |
248
+ | 503 | Model service unavailable |
249
+
250
+ ---
251
+
252
+ # 6. cURL Examples
253
+
254
+ Store the API key:
255
+
256
+ ```bash
257
+ export MYAPP_API_KEY=<your-secret>
258
+ ```
259
+
260
+ ---
261
+
262
+ ## Create User
263
+
264
+ ```bash
265
+ curl -X POST https://api.mycompany.com/v1/users \
266
+ -H "Content-Type: application/json" \
267
+ -H "X-Api-Key: $MYAPP_API_KEY" \
268
+ -d '{
269
+ "email":"bob@example.org",
270
+ "first_name":"Bob",
271
+ "last_name":"Baker"
272
+ }' | jq
273
+ ```
274
+
275
+ ---
276
+
277
+ ## Get User
278
+
279
+ ```bash
280
+ curl -X GET https://api.mycompany.com/v1/users/<ID> \
281
+ -H "Accept: application/json" \
282
+ -H "X-Api-Key: $MYAPP_API_KEY" | jq
283
+ ```
284
+
285
+ ---
286
+
287
+ ## Generate Text
288
+
289
+ ```bash
290
+ curl -X POST https://api.mycompany.com/v1/generate \
291
+ -H "Content-Type: application/json" \
292
+ -H "X-Api-Key: $MYAPP_API_KEY" \
293
+ -d @examples/generate_request.json | jq
294
+ ```
295
+
296
+ ---
297
+
298
+ # 7. OpenAPI Example
299
+
300
+ ```yaml
301
+ openapi: 3.1.0
302
+
303
+ info:
304
+ title: MyCompany AI Service API
305
+ version: 1.0.0
306
+
307
+ paths:
308
+ /v1/users:
309
+ post:
310
+ summary: Create a new user account
311
+
312
+ requestBody:
313
+ required: true
314
+
315
+ content:
316
+ application/json:
317
+
318
+ schema:
319
+ $ref: '#/components/schemas/CreateUserRequest'
320
+
321
+ responses:
322
+
323
+ '201':
324
+ description: User created
325
+
326
+ '400':
327
+ description: Bad Request
328
+
329
+ '401':
330
+ description: Unauthorized
331
+
332
+ '429':
333
+ description: Too Many Requests
334
+ ```
335
+
336
+ The complete specification is available at:
337
+
338
+ ```text
339
+ docs/openapi.yaml
340
+ ```
341
+
342
+ Generate SDKs using:
343
+
344
+ ```bash
345
+ openapi-generator generate \
346
+ -i docs/openapi.yaml \
347
+ -g python \
348
+ -o src/sdk/python
349
+ ```
350
+
351
+ ---
352
+
353
+ # 8. Python SDK Example
354
+
355
+ ```python
356
+ import os
357
+
358
+ from mycompany_api import ApiClient, Configuration
359
+ from mycompany_api.models import CreateUserRequest
360
+ from mycompany_api.models import GenerateRequest
361
+
362
+ API_KEY = os.getenv("MYAPP_API_KEY")
363
+
364
+ cfg = Configuration()
365
+ cfg.api_key["X-Api-Key"] = API_KEY
366
+
367
+ client = ApiClient(cfg)
368
+
369
+ # Create User
370
+
371
+ user = CreateUserRequest(
372
+ email="carol@example.net",
373
+ first_name="Carol",
374
+ last_name="Clarke"
375
+ )
376
+
377
+ api = MyCompanyApi.ApiClient(client)
378
+
379
+ response = api.create_user(
380
+ create_user_request=user
381
+ )
382
+
383
+ print(response.user_id)
384
+
385
+ # Generate Text
386
+
387
+ request = GenerateRequest(
388
+ model="claude-3-opus-2025-10",
389
+ prompt="Write a haiku about cloud computing.",
390
+ max_tokens=100,
391
+ temperature=0.8
392
+ )
393
+
394
+ result = api.generate_text(
395
+ generate_request=request
396
+ )
397
+
398
+ print(result.output)
399
+ ```
400
+
401
+ ---
402
+
403
+ # 9. Common Issues
404
+
405
+ | Problem | Likely Cause | Resolution |
406
+ | ----------------------- | -------------------------- | -------------------------------- |
407
+ | 401 Unauthorized | Missing or invalid API key | Verify `X-Api-Key` header |
408
+ | 429 Too Many Requests | Rate limit exceeded | Honor `Retry-After` header |
409
+ | 503 Service Unavailable | Model service saturated | Retry using exponential backoff |
410
+ | Missing `created_at` | Older API version | Use `/v1` endpoint |
411
+ | JSON Decode Error | HTML error page returned | Inspect Problem Details response |
412
+
413
+ ---
414
+
415
+ # 10. Extending the API
416
+
417
+ When adding a new endpoint:
418
+
419
+ 1. Add the handler under:
420
+
421
+ ```text
422
+ src/myapp/api/v1/
423
+ ```
424
+
425
+ 2. Update:
426
+
427
+ ```text
428
+ docs/openapi.yaml
429
+ ```
430
+
431
+ 3. Create a design document:
432
+
433
+ ```text
434
+ docs/design/<ticket-id>-<feature>.md
435
+ ```
436
+
437
+ 4. Implement the endpoint following the existing request and response patterns.
438
+
439
+ 5. Add unit tests.
440
+
441
+ ```text
442
+ tests/unit/
443
+ ```
444
+
445
+ 6. Add integration tests.
446
+
447
+ ```text
448
+ tests/integration/api/
449
+ ```
450
+
451
+ 7. Validate the OpenAPI schema.
452
+
453
+ ```bash
454
+ scripts/validate-openapi.sh
455
+ ```
456
+
457
+ 8. Open a Pull Request.
458
+
459
+ 9. Follow the Software Development workflow and checklist before merging.
@@ -0,0 +1,26 @@
1
+ # Authentication
2
+
3
+ Use this packet when work identifies users, services, devices, or workloads.
4
+ Authentication answers: "Who is calling?"
5
+
6
+ ## Scope
7
+
8
+ - Login, signup, logout, and session lifecycle.
9
+ - Password, passkey, SSO, OAuth, OIDC, API key, and service-token flows.
10
+ - Token creation, validation, refresh, revocation, and rotation.
11
+ - Identity-provider integration and account linking.
12
+
13
+ ## Standards
14
+
15
+ - Prefer established identity providers and audited libraries.
16
+ - Store only salted password hashes when passwords are unavoidable.
17
+ - Use short-lived access tokens and controlled refresh flows.
18
+ - Bind sessions to explicit expiry, revocation, and rotation rules.
19
+ - Never log credentials, tokens, cookies, authorization headers, or recovery codes.
20
+
21
+ ## Related Files
22
+
23
+ - `../authorization/` for permissions after identity is established.
24
+ - `../api/` for endpoint contract and authentication documentation.
25
+ - `../logging/` for safe auth event logging.
26
+ - `skills/security/` for secret and credential handling.
@@ -0,0 +1,22 @@
1
+ # Authentication Checklists
2
+
3
+ ## Design
4
+
5
+ - [ ] Identify each actor type: user, service, admin, webhook, or job.
6
+ - [ ] Define credential type, token lifetime, refresh behavior, and revocation path.
7
+ - [ ] Document account recovery, lockout, rate limit, and MFA expectations.
8
+ - [ ] Confirm identity-provider configuration and redirect/callback constraints.
9
+
10
+ ## Implementation
11
+
12
+ - [ ] Use approved auth libraries or platform primitives.
13
+ - [ ] Validate issuer, audience, expiry, signature, and nonce where applicable.
14
+ - [ ] Protect cookies with secure, httpOnly, sameSite, and scoped path settings.
15
+ - [ ] Add brute-force and credential-stuffing protections.
16
+ - [ ] Keep secrets in the approved secret manager.
17
+
18
+ ## Verification
19
+
20
+ - [ ] Test success, invalid credential, expired token, revoked token, and replay cases.
21
+ - [ ] Verify no credential material appears in logs, errors, traces, or metrics.
22
+ - [ ] Confirm logout and revocation invalidate the intended sessions or tokens.
@@ -0,0 +1,32 @@
1
+ # Authentication Examples
2
+
3
+ ## Token Validation Shape
4
+
5
+ ```python
6
+ def authenticate_request(token: str) -> Principal:
7
+ claims = token_validator.validate(
8
+ token,
9
+ issuer=settings.auth_issuer,
10
+ audience=settings.auth_audience,
11
+ )
12
+ return Principal(
13
+ subject=claims["sub"],
14
+ tenant_id=claims.get("tenant_id"),
15
+ scopes=set(claims.get("scope", "").split()),
16
+ )
17
+ ```
18
+
19
+ ## Safe Auth Log
20
+
21
+ ```python
22
+ logger.info(
23
+ "Authentication failed",
24
+ extra={
25
+ "event": "auth.authentication.failed",
26
+ "reason": "expired_token",
27
+ "request_id": request_id,
28
+ },
29
+ )
30
+ ```
31
+
32
+ The log explains the failure without storing the token or authorization header.
@@ -0,0 +1,26 @@
1
+ # Authorization
2
+
3
+ Use this packet when deciding whether an authenticated actor may perform an
4
+ action. Authorization answers: "What is this caller allowed to do?"
5
+
6
+ ## Scope
7
+
8
+ - Role-based, attribute-based, relationship-based, and policy-based access.
9
+ - Tenant boundaries and resource ownership checks.
10
+ - Admin actions, impersonation, delegation, and break-glass flows.
11
+ - Permission changes, audit trails, and access review support.
12
+
13
+ ## Standards
14
+
15
+ - Enforce authorization server-side on every protected operation.
16
+ - Keep policy decisions explicit and testable.
17
+ - Deny by default when identity, tenant, ownership, or policy state is unclear.
18
+ - Avoid trusting client-side role flags.
19
+ - Audit sensitive grants, revocations, and privileged actions.
20
+
21
+ ## Related Files
22
+
23
+ - `../authentication/` for identity establishment.
24
+ - `../api/` for endpoint-level access contracts.
25
+ - `../logging/` for audit event expectations.
26
+ - `skills/security/` for least-privilege design.