ReddRadar
Agent skill
scope-permission-designer
Design and implement scoped permission models
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/sdk-platform-development/skills/scope-permission-designer
SKILL.md
Scope Permission Designer Skill
Overview
This skill designs and implements OAuth scopes and permission models for APIs, enabling fine-grained access control that maps to business requirements.
Capabilities
- Design scope hierarchies and inheritance
- Implement permission validation in SDK/API
- Generate comprehensive scope documentation
- Support scope-based access control (SBAC)
- Configure scope consent flows
- Implement resource-level permissions
- Design scope grouping and bundles
- Generate scope matrices for documentation
Target Processes
- Authentication and Authorization Patterns
- Developer Portal Implementation
- API Design Specification
Integration Points
- OAuth authorization servers
- Policy engines (OPA, Cedar)
- RBAC/ABAC systems
- API gateway authorization
- Consent management UIs
Input Requirements
- Business requirements for access control
- Resource and action mapping
- Scope naming conventions
- Hierarchy requirements
- Consent flow needs
Output Artifacts
- Scope taxonomy documentation
- Permission validation middleware
- Scope documentation for developers
- Consent UI components
- Scope matrices and mappings
- Admin permission management API
Usage Example
skill:
name: scope-permission-designer
context:
scopeFormat: "resource:action"
hierarchy:
admin: ["read", "write", "delete"]
write: ["read"]
scopes:
- users:read
- users:write
- users:delete
- projects:read
- projects:write
bundles:
- name: basic
scopes: ["users:read", "projects:read"]
- name: full
scopes: ["users:*", "projects:*"]
Best Practices
- Use consistent naming conventions
- Design scopes around resources and actions
- Implement scope hierarchies to reduce complexity
- Document all scopes clearly
- Provide sensible default scope bundles
- Support both fine-grained and coarse permissions
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?