scope-permission-designer

Design and implement scoped permission models

509 stars

Best use case

scope-permission-designer is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Design and implement scoped permission models

Teams using scope-permission-designer should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/scope-permission-designer/SKILL.md --create-dirs "https://raw.githubusercontent.com/a5c-ai/babysitter/main/library/specializations/sdk-platform-development/skills/scope-permission-designer/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/scope-permission-designer/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How scope-permission-designer Compares

Feature / Agent	scope-permission-designer	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Design and implement scoped permission models

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Scope Permission Designer Skill

## Overview

This skill designs and implements OAuth scopes and permission models for APIs, enabling fine-grained access control that maps to business requirements.

## Capabilities

- Design scope hierarchies and inheritance
- Implement permission validation in SDK/API
- Generate comprehensive scope documentation
- Support scope-based access control (SBAC)
- Configure scope consent flows
- Implement resource-level permissions
- Design scope grouping and bundles
- Generate scope matrices for documentation

## Target Processes

- Authentication and Authorization Patterns
- Developer Portal Implementation
- API Design Specification

## Integration Points

- OAuth authorization servers
- Policy engines (OPA, Cedar)
- RBAC/ABAC systems
- API gateway authorization
- Consent management UIs

## Input Requirements

- Business requirements for access control
- Resource and action mapping
- Scope naming conventions
- Hierarchy requirements
- Consent flow needs

## Output Artifacts

- Scope taxonomy documentation
- Permission validation middleware
- Scope documentation for developers
- Consent UI components
- Scope matrices and mappings
- Admin permission management API

## Usage Example

```yaml
skill:
  name: scope-permission-designer
  context:
    scopeFormat: "resource:action"
    hierarchy:
      admin: ["read", "write", "delete"]
      write: ["read"]
    scopes:
      - users:read
      - users:write
      - users:delete
      - projects:read
      - projects:write
    bundles:
      - name: basic
        scopes: ["users:read", "projects:read"]
      - name: full
        scopes: ["users:*", "projects:*"]
```

## Best Practices

1. Use consistent naming conventions
2. Design scopes around resources and actions
3. Implement scope hierarchies to reduce complexity
4. Document all scopes clearly
5. Provide sensible default scope bundles
6. Support both fine-grained and coarse permissions