Authentication Skill
This skill provides structured guidance for Authentication work. Act as an active guide: confirm triggers, propose the stages below, and adapt if the user wants a lighter pass.
When to Offer This Workflow
Trigger conditions:
- - User mentions authentication or closely related work
- They want a structured workflow rather than ad-hoc tips
- They are preparing a review, rollout, or stakeholder communication
Initial offer:
Explain the four stages briefly and ask whether to follow this workflow or work freeform. If they decline, continue in their preferred style.
Workflow Stages
Stage 1: Clarify context & goals
Anchor on threat model: sessions vs tokens. Ask what success looks like, constraints, and what must not break. Capture unknowns early.
Stage 2: Design or plan the approach
Translate goals into a concrete plan around passwords, MFA, and recovery. Compare alternatives and explicit trade-offs; avoid implicit assumptions.
Stage 3: Implement, validate, and harden
Execute with verification loops tied to token lifetime and refresh. Prefer small steps, measurable checks, and rollback points where risk is high.
Stage 4: Operate, communicate, and iterate
Close the loop with logging, lockout, and abuse: monitoring, documentation, stakeholder updates, and lessons learned for the next cycle.
Checklist Before Completion
- - Goals and constraints are explicit for Authentication Skill
- Risks and trade-offs are stated, not hand-waved
- Verification steps match the change’s impact (tests, canary, peer review)
- Operational follow-through is covered (monitoring, docs, owners)
Tips for Effective Guidance
- - Be procedural: stage-by-stage, with clear exit criteria
- Ask for missing context (environment, scale, deadlines) before prescribing
- Prefer checklists and concrete examples over generic platitudes
- If the user declines the workflow, switch to freeform help without lecturing
Handling Deviations
- - If the user wants to skip a stage: confirm and continue with what they need.
- If context is missing: ask targeted questions before strong recommendations.
- Prefer concrete examples, trade-offs, and verification steps over generic advice.
Quality Bar
- - Each recommendation should be actionable (what to do next).
- Call out failure modes relevant to Authentication (security, scale, UX, or ops).
- Keep tone direct and respectful of the user’s time.
身份验证技能
本技能为身份验证工作提供结构化指导。请扮演主动引导者角色:确认触发条件,提出以下阶段,若用户希望简化流程则灵活调整。
何时提供此工作流
触发条件:
- - 用户提及身份验证或密切相关的工作
- 用户需要结构化工作流而非临时建议
- 用户正在准备审查、部署或利益相关方沟通
初始提议:
简要说明四个阶段,询问是否遵循此工作流或自由协作。若用户拒绝,则按其偏好风格继续。
工作流阶段
第一阶段:明确背景与目标
锚定威胁模型:会话 vs 令牌。询问成功标准、约束条件及不可破坏的要素。尽早捕获未知因素。
第二阶段:设计或规划方案
将目标转化为围绕密码、多因素认证和恢复机制的具体方案。比较备选方案并明确权衡,避免隐含假设。
第三阶段:实施、验证与加固
通过令牌生命周期与刷新的验证循环执行。优先采用小步骤、可量化检查及高风险场景的回滚点。
第四阶段:运维、沟通与迭代
通过日志记录、锁定与滥用防护形成闭环:监控、文档、利益相关方更新及下一周期的经验总结。
完成前检查清单
- - 明确身份验证技能的目标与约束
- 明确说明风险与权衡,而非轻描淡写
- 验证步骤与变更影响匹配(测试、金丝雀发布、同行评审)
- 涵盖运维跟进(监控、文档、负责人)
有效指导技巧
- - 按流程推进:分阶段进行,明确退出标准
- 在给出建议前询问缺失背景(环境、规模、截止日期)
- 优先使用检查清单和具体示例,而非泛泛而谈
- 若用户拒绝工作流,切换为自由协作模式,避免说教
异常处理
- - 若用户希望跳过某阶段:确认后按其需求继续
- 若背景信息缺失:在给出强烈建议前提出针对性问题
- 优先提供具体示例、权衡分析和验证步骤,而非通用建议
质量标准
- - 每条建议应可执行(明确下一步操作)
- 指出与身份验证相关的故障模式(安全、规模、用户体验或运维)
- 保持语气直接,尊重用户时间
