sead-method-core

Version:

Specification Enforced Agentic Agile Development - A hybrid methodology preventing AI agent drift through catalog-based constraints with comprehensive external asset integration

github.com/sead-method/core

sead-method/core

696 lines (588 loc) • 24 kB

YAML

# SEAD Authentication & Authorization Pattern Documentation Template template: id: auth-pattern-template-v1 name: SEAD Authentication & Authorization Pattern Documentation Template version: 1.0 constitutional_framework: true catalog_integration: true pattern_domain: authentication_authorization output: format: markdown filename: "{{pattern_name}}-auth-pattern.md" title: "{{pattern_name}} Authentication & Authorization Pattern Documentation" constitutional_requirements: mode_detection: required catalog_read: mandatory context_preservation: enforced quality_validation: continuous anti_pattern_detection: enabled workflow: mode: constitutional_interactive elicitation: guided_extraction catalog_validation: enabled constraint_enforcement: progressive sections: - id: constitutional-initialization title: Constitutional Framework Initialization instruction: | Establish constitutional context for authentication & authorization pattern documentation: 1. Identify development mode and security quality requirements 2. Load constitutional framework for authentication governance 3. Configure catalog integration validation requirements 4. Establish context preservation for auth pattern handoffs 5. Set quality gates appropriate for auth pattern tier sections: - id: pattern-context title: Auth Pattern Context and Constitutional Framework template: | **Documentation Date:** {{documentation_date}} **Development Mode:** {{development_mode}} **Constitutional Framework:** {{constitutional_version}} **Pattern Agent:** sead-pattern-extraction **Auth Quality Tier:** {{pattern_quality_tier}} **Catalog Domain:** Authentication & Authorization > {{auth_subdomain}} **Constitutional Compliance:** {{constitutional_compliance_level}} - id: auth-pattern-overview title: Authentication & Authorization Pattern Overview instruction: | Provide comprehensive auth pattern overview focusing on security and access control: 1. Define auth pattern purpose and security problem it solves 2. Establish security scope, boundaries, and access control responsibilities 3. Document when to use this auth pattern and when NOT to use 4. Identify target systems and security prerequisites 5. Provide value proposition and security benefits elicit: true constitutional_validation: required sections: - id: auth-pattern-summary title: Auth Pattern Summary template: | **Auth Pattern Name:** {{pattern_name}} **Auth Domain:** {{auth_subdomain}} **Quality Tier:** {{quality_tier}} **Security Complexity Level:** {{complexity_level}} **Access Control Scope:** {{access_control_scope}} **Auth Purpose:** {{auth_purpose}} **Security Problem Solved:** {{security_problem_description}} **Key Authentication Benefits:** {{#each auth_benefits}} - {{benefit_description}} {{/each}} - id: auth-usage-guidance title: Auth Usage Guidance template: | **When to Use This Auth Pattern:** {{#each auth_use_cases}} - {{use_case_description}} {{/each}} **When NOT to Use This Auth Pattern:** {{#each auth_anti_use_cases}} - {{anti_use_case_description}} {{/each}} **Auth Prerequisites:** {{#each auth_prerequisites}} - {{prerequisite_description}} {{/each}} **Target Systems and Security Requirements:** - **System Types:** {{target_system_types}} - **Security Level:** {{security_level_required}} - **Compliance Requirements:** {{compliance_requirements}} - id: authentication-design title: Authentication Design and Implementation instruction: | Document comprehensive authentication design and implementation strategies: 1. Define authentication methods and credential management 2. Document session management and token strategies 3. Specify multi-factor authentication and security workflows 4. Include password policies and credential security 5. Address authentication state management and persistence elicit: true constitutional_validation: critical sections: - id: authentication-methods title: Authentication Methods and Credentials template: | **Authentication Strategy:** {{authentication_strategy}} **Primary Auth Method:** {{primary_auth_method}} **Supported Authentication Methods:** {{#each auth_methods}} - **{{method_name}}:** {{method_description}} - **Security Level:** {{method_security_level}} - **Use Cases:** {{method_use_cases}} - **Implementation Complexity:** {{method_complexity}} {{/each}} **Credential Structure:** ```{{auth_language}} {{credential_structure_example}} ``` - id: session-token-management title: Session and Token Management template: | **Session Strategy:** {{session_strategy}} **Token Type:** {{token_type}} **Token Generation:** ```{{auth_language}} {{token_generation_example}} ``` **Session Management:** ```{{auth_language}} {{session_management_example}} ``` **Token Refresh Pattern:** ```{{auth_language}} {{token_refresh_example}} ``` **Token Validation:** ```{{auth_language}} {{token_validation_example}} ``` - id: multi-factor-authentication title: Multi-Factor Authentication template: | **MFA Strategy:** {{mfa_strategy}} **Supported Factors:** {{supported_mfa_factors}} **MFA Flow Implementation:** ```{{auth_language}} {{mfa_flow_example}} ``` **TOTP Implementation:** ```{{auth_language}} {{totp_implementation_example}} ``` **SMS/Email Verification:** ```{{auth_language}} {{sms_email_verification_example}} ``` - id: password-credential-security title: Password Policies and Credential Security template: | **Password Policy:** {{password_policy}} **Hashing Strategy:** {{password_hashing_strategy}} **Password Hashing:** ```{{auth_language}} {{password_hashing_example}} ``` **Password Validation:** ```{{auth_language}} {{password_validation_example}} ``` **Password Reset Flow:** ```{{auth_language}} {{password_reset_example}} ``` **Account Lockout Protection:** ```{{auth_language}} {{account_lockout_example}} ``` - id: authorization-access-control title: Authorization and Access Control instruction: | Document comprehensive authorization and access control strategies: 1. Define authorization models and permission frameworks 2. Document role-based and attribute-based access control 3. Specify resource-level authorization and ownership patterns 4. Include permission inheritance and delegation strategies 5. Address dynamic authorization and context-aware access control elicit: true constitutional_validation: critical sections: - id: authorization-models title: Authorization Models and Frameworks template: | **Authorization Model:** {{authorization_model}} **Access Control Framework:** {{access_control_framework}} **Permission Structure:** ```{{auth_language}} {{permission_structure_example}} ``` **Role Definition:** ```{{auth_language}} {{role_definition_example}} ``` **Authorization Check:** ```{{auth_language}} {{authorization_check_example}} ``` - id: rbac-abac-implementation title: RBAC and ABAC Implementation template: | **RBAC Implementation:** {{rbac_implementation_strategy}} **Role-Based Access Control:** ```{{auth_language}} {{rbac_implementation_example}} ``` **Attribute-Based Access Control:** ```{{auth_language}} {{abac_implementation_example}} ``` **Policy Engine:** ```{{auth_language}} {{policy_engine_example}} ``` - id: resource-level-authorization title: Resource-Level Authorization template: | **Resource Authorization Strategy:** {{resource_auth_strategy}} **Resource Ownership:** ```{{auth_language}} {{resource_ownership_example}} ``` **Fine-Grained Permissions:** ```{{auth_language}} {{fine_grained_permissions_example}} ``` **Hierarchical Authorization:** ```{{auth_language}} {{hierarchical_authorization_example}} ``` - id: dynamic-context-authorization title: Dynamic and Context-Aware Authorization template: | **Dynamic Authorization Strategy:** {{dynamic_auth_strategy}} **Context-Aware Access Control:** ```{{auth_language}} {{context_aware_access_example}} ``` **Time-Based Authorization:** ```{{auth_language}} {{time_based_authorization_example}} ``` **Location-Based Access Control:** ```{{auth_language}} {{location_based_access_example}} ``` - id: security-implementation title: Security Implementation and Best Practices instruction: | Document comprehensive security implementation and best practices: 1. Define secure communication and encryption strategies 2. Document input validation and security headers 3. Include CSRF, XSS, and injection attack prevention 4. Address session security and cookie management 5. Include security monitoring and threat detection elicit: true constitutional_validation: critical sections: - id: secure-communication title: Secure Communication and Encryption template: | **Communication Security Strategy:** {{communication_security_strategy}} **HTTPS Configuration:** ```{{config_language}} {{https_configuration_example}} ``` **Certificate Management:** ```{{config_language}} {{certificate_management_example}} ``` **Data Encryption at Rest:** ```{{auth_language}} {{data_encryption_example}} ``` - id: input-validation-headers title: Input Validation and Security Headers template: | **Input Validation Strategy:** {{input_validation_strategy}} **Input Sanitization:** ```{{auth_language}} {{input_sanitization_example}} ``` **Security Headers Configuration:** ```{{config_language}} {{security_headers_config}} ``` **Content Security Policy:** ```{{config_language}} {{csp_configuration_example}} ``` - id: attack-prevention title: CSRF, XSS, and Injection Prevention template: | **Attack Prevention Strategy:** {{attack_prevention_strategy}} **CSRF Protection:** ```{{auth_language}} {{csrf_protection_example}} ``` **XSS Prevention:** ```{{auth_language}} {{xss_prevention_example}} ``` **SQL Injection Prevention:** ```{{auth_language}} {{sql_injection_prevention_example}} ``` - id: session-cookie-security title: Session Security and Cookie Management template: | **Session Security Strategy:** {{session_security_strategy}} **Secure Cookie Configuration:** ```{{auth_language}} {{secure_cookie_config}} ``` **Session Fixation Prevention:** ```{{auth_language}} {{session_fixation_prevention}} ``` **Session Timeout Management:** ```{{auth_language}} {{session_timeout_example}} ``` - id: integration-federation title: Integration and Federation Patterns instruction: | Document comprehensive integration and federation strategies: 1. Define OAuth 2.0 and OpenID Connect implementation 2. Document SAML and enterprise federation patterns 3. Include social authentication integration 4. Address API key and service-to-service authentication 5. Include identity provider integration and management elicit: true constitutional_validation: required sections: - id: oauth-openid-implementation title: OAuth 2.0 and OpenID Connect template: | **OAuth Strategy:** {{oauth_strategy}} **OpenID Connect Implementation:** {{oidc_implementation}} **OAuth Flow Implementation:** ```{{auth_language}} {{oauth_flow_example}} ``` **OIDC Integration:** ```{{auth_language}} {{oidc_integration_example}} ``` **Token Introspection:** ```{{auth_language}} {{token_introspection_example}} ``` - id: saml-enterprise-federation title: SAML and Enterprise Federation template: | **SAML Strategy:** {{saml_strategy}} **Federation Approach:** {{federation_approach}} **SAML Configuration:** ```{{config_language}} {{saml_config_example}} ``` **SAML Response Handling:** ```{{auth_language}} {{saml_response_handling}} ``` **Identity Provider Integration:** ```{{auth_language}} {{idp_integration_example}} ``` - id: social-api-authentication title: Social and API Authentication template: | **Social Auth Strategy:** {{social_auth_strategy}} **API Authentication Method:** {{api_auth_method}} **Social Login Integration:** ```{{auth_language}} {{social_login_example}} ``` **API Key Management:** ```{{auth_language}} {{api_key_management_example}} ``` **Service-to-Service Auth:** ```{{auth_language}} {{service_auth_example}} ``` - id: auth-testing-validation title: Auth Testing and Security Validation instruction: | Document comprehensive auth testing and security validation approaches: 1. Define authentication and authorization testing strategies 2. Provide security testing and penetration testing examples 3. Include compliance testing and audit validation 4. Address performance testing for auth systems 5. Include vulnerability assessment and security scanning elicit: true constitutional_validation: required sections: - id: auth-testing-strategy title: Authentication and Authorization Testing template: | **Auth Testing Framework:** {{auth_testing_framework}} **Testing Strategy:** {{auth_testing_strategy}} **Authentication Test Examples:** ```{{test_language}} {{auth_test_example}} ``` **Authorization Test Examples:** ```{{test_language}} {{authorization_test_example}} ``` **Token Validation Testing:** ```{{test_language}} {{token_validation_test}} ``` - id: security-penetration-testing title: Security and Penetration Testing template: | **Security Testing Strategy:** {{security_testing_strategy}} **Vulnerability Testing:** ```{{test_language}} {{vulnerability_test_example}} ``` **Penetration Test Scenarios:** {{#each pentest_scenarios}} - **{{scenario_name}}:** {{scenario_description}} {{/each}} **Security Scanning:** ```{{script_language}} {{security_scanning_example}} ``` - id: compliance-audit-testing title: Compliance and Audit Testing template: | **Compliance Testing Strategy:** {{compliance_testing_strategy}} **Compliance Validation:** ```{{test_language}} {{compliance_validation_example}} ``` **Audit Trail Testing:** ```{{test_language}} {{audit_trail_test_example}} ``` **Access Control Audit:** ```{{test_language}} {{access_control_audit_example}} ``` - id: monitoring-incident-response title: Security Monitoring and Incident Response instruction: | Document comprehensive security monitoring and incident response strategies: 1. Define security event logging and monitoring 2. Document threat detection and anomaly identification 3. Include incident response procedures and escalation 4. Address forensic analysis and evidence collection 5. Include security metrics and compliance reporting elicit: true constitutional_validation: required sections: - id: security-logging-monitoring title: Security Event Logging and Monitoring template: | **Security Monitoring Strategy:** {{security_monitoring_strategy}} **Security Event Logging:** ```{{auth_language}} {{security_event_logging_example}} ``` **Authentication Audit Log:** ```{{logging_format}} {{auth_audit_log_example}} ``` **Failed Login Monitoring:** ```{{monitoring_language}} {{failed_login_monitoring_example}} ``` - id: threat-detection-anomaly title: Threat Detection and Anomaly Identification template: | **Threat Detection Strategy:** {{threat_detection_strategy}} **Anomaly Detection:** ```{{monitoring_language}} {{anomaly_detection_example}} ``` **Brute Force Detection:** ```{{auth_language}} {{brute_force_detection_example}} ``` **Suspicious Activity Alerts:** ```{{config_language}} {{suspicious_activity_alerts}} ``` - id: incident-response-procedures title: Incident Response and Security Procedures template: | **Incident Response Plan:** {{incident_response_plan}} **Security Incident Classification:** {{#each incident_classifications}} - **{{classification_level}}:** {{classification_description}} - **Response Time:** {{response_time}} - **Escalation Path:** {{escalation_path}} {{/each}} **Incident Response Workflow:** {{#each incident_response_steps}} {{step_number}}. {{step_description}} {{/each}} - id: forensics-compliance-reporting title: Forensics and Compliance Reporting template: | **Forensic Analysis Strategy:** {{forensic_strategy}} **Evidence Collection:** ```{{script_language}} {{evidence_collection_example}} ``` **Compliance Reporting:** ```{{reporting_language}} {{compliance_reporting_example}} ``` **Security Metrics Dashboard:** ```{{config_language}} {{security_metrics_config}} ``` - id: constitutional-compliance title: Constitutional Framework Compliance instruction: | Document SEAD constitutional framework compliance for authentication patterns: 1. Detail constitutional requirements for auth design and governance 2. Document mode-aware behavior for different development phases 3. Provide context preservation capabilities for auth pattern handoffs 4. Address audit trail and governance requirements for auth evolution 5. Include compliance validation and monitoring for auth patterns constitutional_validation: mandatory sections: - id: constitutional-integration title: Constitutional Framework Integration template: | **Framework Compliance:** - **Framework Version:** {{constitutional_framework_version}} - **Auth Compliance Level:** {{auth_compliance_level}} - **Integration Date:** {{integration_date}} - **Validation Status:** {{validation_status}} **Mode-Aware Auth Behavior:** - **Prototype Mode:** {{prototype_mode_auth_behavior}} - **Development Mode:** {{development_mode_auth_behavior}} - **Build-to-Deploy Mode:** {{build_deploy_mode_auth_behavior}} **Auth Constraint Enforcement:** {{#each auth_constraints}} - **{{constraint_name}}:** {{constraint_description}} - **Enforcement Level:** {{enforcement_level}} - **Validation:** {{validation_approach}} {{/each}} - id: auth-context-preservation title: Context Preservation and Agent Handoffs template: | **Auth Context Preservation:** - **Auth State Serialization:** {{auth_state_serialization_approach}} - **Context Metadata:** {{auth_context_metadata_description}} - **Handoff Support:** {{auth_handoff_support_level}} **Auth Agent Handoff Requirements:** {{#each auth_handoff_requirements}} - {{requirement_description}} {{/each}} **Auth Context Validation:** ```{{validation_language}} {{auth_context_validation_code}} ``` - id: auth-governance-integration title: Governance and Audit Integration template: | **Auth Governance Framework:** - **Governance Level:** {{auth_governance_level}} - **Approval Process:** {{auth_approval_process}} - **Review Requirements:** {{auth_review_requirements}} **Auth Audit Trail:** - **Audit Events:** {{auth_audit_events}} - **Log Format:** {{auth_audit_log_format}} - **Retention Policy:** {{auth_audit_retention_policy}} **Auth Compliance Monitoring:** {{#each auth_monitoring_mechanisms}} - **{{mechanism_name}}:** {{mechanism_description}} {{/each}}