后端安装
- 作者仓库星标 0
- 作者更新于 实时读取
- 作者仓库 skills-registry
- 领域
- 运维部署
- 兼容 Agent
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- 信任分
- 88 / 100 · 社区维护
- 作者 / 版本 / 许可
- @tomevault-io · 未声明 license
- Token 消耗评级
- 低消耗
- 接入复杂程度
- 需手动接入
- 是否需要外部 API Key
- 不需要
- 兼容的系统
- Docker
- 底层运行要求
- Python · Docker
- 文件与系统权限
-
- 只读
- 允许写入 / 修改
- Shell 执行
- 读取环境变量
- 网络行为
- 允许外网请求
- 安装命令数
- 26 条
档案由构建时根据 SKILL.md 与安装命令自动衍生,可能与作者实际意图存在差异。
需要注意: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: auth-quickstart
description: Scaffold a new FastAPI microservice from zero with ab0t-auth already integrated. Use when creati…
category: 运维部署
runtime: Python / Docker
---
# auth-quickstart 输出预览
## PART A: 任务判断
- 适用问题:部署、CI、环境检查、发布或运维排障。
- 输入要求:目标材料、限制条件、期望输出和验收方式。
- 证据边界:围绕“When to Use This vs authfastapiskill / Scaffold Workflow / Step 1: Gather Requirements”读取原文规则,不把推断写成作者承诺。
## PART B: 执行结果
- **01** 任务判断:确认你的需求是否属于部署、CI、环境检查、发布或运维排障,并标出输入、限制和预期结果。
- **02** 执行计划:优先按“When to Use This vs authfastapiskill / Scaffold Workflow / Step 1: Gather Requirements”拆成步骤,说明每一步会读取什么、修改什么、产出什么。
- **03** 交付结果:给出可复制的命令、文件改动、检查清单或内容草稿,并说明如何继续迭代。
- **04** 风险边界:结合 读取文件、写入/修改文件、执行终端命令、读取环境变量、会按任务需要访问外部网络、通常不需要额外 API Key 给出执行前确认项。
## Running Rules
- 读取文件、写入/修改文件、执行终端命令、读取环境变量;会按任务需要访问外部网络;通常不需要额外 API Key。
- 先小样例验证,再放大到真实任务。
- 交付时同时给结果、检查口径和下一步迭代建议。 原文出现了 `/health`、`/items` 这类斜杠命令;如果你的 Agent 支持命令触发,优先用命令开场,再补充目标和边界。
告诉 Agent 目标文件或材料、期望结果、不可改范围、是否允许联网或执行命令。本 Skill 的权限画像是:读取文件、写入/修改文件、执行终端命令、读取环境变量。
先用一个小任务确认它会围绕“When to Use This vs authfastapiskill / Scaffold Workflow / Step 1: Gather Requirements”工作;涉及文件或命令时,先看 diff、日志、预览或测试结果。
检查最终产物是否包含明确结果、必要证据和下一步动作;如果输出泛泛而谈,就补充输入、边界和验收标准后重跑。
---
name: auth-quickstart
description: Scaffold a new FastAPI microservice from zero with ab0t-auth already integrated. Use when creati…
category: 运维部署
source: tomevault-io/skills-registry
---
# auth-quickstart
## 什么时候使用
- 把部署运维方向的常用动作沉淀成 Agent 可调用的技能 适合处理部署、CI、发布、回滚、环境检查和运维排障,核心价值是把输入、判断、执行、验证和交付边界固定下来,避免 Agent 泛泛回答。 把任务拆成可执行、可检查、可继续迭代的步骤…
- 面向部署、CI、环境检查、发布或运维排障,优先处理能明确输入、步骤和验收标准的工作。
## 需要提供什么
- 目标材料、目录范围、期望结果和不可改动内容。
- 是否允许联网、执行命令、读写文件或调用外部服务。
## 执行规则
- 围绕「When to Use This vs authfastapiskill / Scaffold Workflow / Step 1: Gather Requirements」组织步骤,不把推断写成作者事实。
- 读取文件、写入/修改文件、执行终端命令、读取环境变量;会按任务需要访问外部网络;通常不需要额外 API Key。
- 先跑小样例,确认结果可检查后再扩大任务范围。
## 输出要求
- 给出最终产物、关键证据、验证方式和下一步动作。
- 信息不足时标记 unknown,不编造命令、平台或依赖。 作者原文负责流程事实;仓库文件负责来源和命令;流狐只补充适用场景、限制和质量判断。
skill "auth-quickstart" {
输入层 -> 用户目标 + 目标文件 + 禁止范围 + 验收标准
上下文层 -> When to Use This vs authfastapiskill / Scaffold Workflow / Step 1: Gather Requirements
规则层 -> SKILL.md 触发条件 / 执行顺序 / 输出格式
运行层 -> Python / Docker | 读取文件、写入/修改文件、执行终端命令、读取环境变量 | 会按任务需要访问外部网络
安全层 -> 通常不需要额外 API Key + 小任务验证 + diff / 日志复核
输出层 -> 可复制结果 + 检查清单 + 下一步迭代
} Auth Quickstart: Zero to Running Service
Scaffold a complete FastAPI service with ab0t-auth baked in from the start.
When to Use This vs auth_fastapi_skill
| Situation | Use |
|---|---|
| No code exists yet | This skill |
| Existing service needs auth added | auth_fastapi_skill |
| Need to understand permission design in depth | auth_fastapi_skill |
| Need scenario walkthroughs by industry | auth_service_ab0t |
Scaffold Workflow
Step 1: Gather Requirements
Ask the user for:
- Service name — human-readable (e.g., "Invoice Service")
- Service slug — lowercase identifier (e.g.,
invoices). Used in permissions, audience, file names. - Domain resources — the nouns (e.g., invoices, payments, customers)
- Actions per resource — the verbs (e.g., read, write, create, delete, send, approve)
- Maintainer email — for
.permissions.json
If the user is vague, suggest reasonable defaults and confirm.
Step 2: Copy and Customize Template
The template lives in assets/template/. Copy the entire directory to the user's target path, then replace all placeholders:
| Placeholder | Replace with |
|---|---|
__SERVICE_NAME__ |
Human-readable name |
__SERVICE_SLUG__ |
Lowercase slug |
__SERVICE_DESCRIPTION__ |
One-line description |
__MAINTAINER_EMAIL__ |
Contact email |
Files to customize:
.permissions.json— Replace starter permissions with real ones derived from the user's resources and actions. Follow the{slug}.{action}.{resource}format. Setadmin.impliesto include all lower permissions. Never implycross_tenant.app/auth.py— Replace starter type aliases (Reader,Writer,Admin) with domain-specific aliases matching the permissions. Example for an invoice service:InvoiceReader = Annotated[AuthenticatedUser, Depends( require_permission(auth, "invoices.read", check=belongs_to_org))] InvoiceSender = Annotated[AuthenticatedUser, Depends( require_permission(auth, "invoices.send", check=belongs_to_org))]app/api/items.py— Rename to match the primary resource (e.g.,invoices.py). Replace the example routes with real ones using the domain-specific type aliases. Keep the same auth patterns (list with filter, get with Phase 2, create without Phase 2, delete with Phase 2, admin-only).app/main.py— Update the router import and prefix to match the renamed module.app/config.py— Add any service-specific settings.
Step 3: Verify Structure
After customization, the project should have:
my-service/
├── app/
│ ├── __init__.py
│ ├── main.py # FastAPI app with auth lifespan
│ ├── config.py # Pydantic settings
│ ├── auth.py # AuthGuard, type aliases, Phase 2, check callbacks
│ └── api/
│ ├── __init__.py
│ ├── health.py # Unauthenticated health check
│ └── {resource}.py # Auth-protected CRUD routes
├── .permissions.json # Permission definitions for registration
├── .env.example # Environment variable reference
├── .gitignore # Excludes credentials/, .env, etc.
├── requirements.txt # Dependencies including ab0t-auth
└── Dockerfile # Production container
Step 4: Run Locally
cd my-service
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
cp .env.example .env # Edit values
# Development with auth bypass
AB0T_AUTH_DEBUG=true AB0T_AUTH_BYPASS=true uvicorn app.main:app --reload
Verify:
GET /healthreturns{"status": "ok"}(no auth)GET /items/returns data with bypass user (auth bypassed)- Routes return proper 401/403 JSON when bypass is off and no token is provided
Step 5: Guide Next Steps
After the scaffold is running, point the user to references/next-steps.md for:
- Adding more permissions and type aliases
- Adding check callbacks (suspension, quota)
- Wiring up Phase 2 ownership verification with a real database
- Registering with the auth service
- Multi-tenancy setup
- Middleware for blanket auth
- Production checklist
For deep dives, reference the auth_fastapi_skill:
- permissions-design.md — full schema and design principles
- route-patterns.md — all 7 route protection patterns
- implementation-details.md — all 19 type aliases, check callbacks
- registration.md — auth service registration walkthrough
Permission Design Quick Reference
Format: {slug}.{action} or {slug}.{action}.{resource}
| Action | Meaning | Risk |
|---|---|---|
read |
View without side effects | low |
write |
Modify existing records | medium |
create |
Create new records | medium |
delete |
Permanently remove | high |
execute |
Run user-provided code | high |
admin |
Full org-level access (implies lower perms) | critical |
cross_tenant |
Cross-org access (NEVER implied by admin) | critical |
Common Mistakes
- Forgetting to rename placeholders — grep for
__SERVICEafter scaffolding to catch any missed replacements - Skipping Phase 2 — every route with
/{id}in the path needsverify_resource_access()after the DB fetch - Implying
cross_tenantfromadmin— never do this; it must be a conscious separate grant - Unscoped list queries — always use
get_user_filter(user)for list/search routes - 404 after 403 — always check resource exists (404) before checking access (403)
Source: ab0t-com/auth_wrapper — distributed by TomeVault.
先判断是否适合
作者设计意图
作者的方法与取舍
边界和复核