SARAMALI15792/export-auth
gitagent/skills/export-auth/SKILL.md
Migrates the IntelliStack Better-Auth OIDC authentication system to any target auth framework, preserving OAuth flows, session management, role/permission model, and JWT claim structure.
$ install --global
skillsauthnpx skillsauth add SARAMALI15792/AINativeBook export-authInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 9:21 AM12.5s1 file scanned
SKILL.md
- name:
- export-auth
- description:
- >
- license:
- MIT
- allowed-tools:
- read_file, search_code
- author:
- IntelliStack Team
- version:
- 1.0.0
- category:
- migration
Skill: Export Auth
Purpose
Re-implement IntelliStack's full auth system in any target environment.
IntelliStack Auth Architecture (Source of Truth)
- Server: Better-Auth TypeScript OIDC (
intellistack/auth-server/src/) - Entry:
auth-server/src/index.ts— Express server wrapping Better-Auth - Config:
auth-server/src/auth.ts— providers, session, callbacks - OAuth providers: Google, GitHub
- Session: JWT (access token 15 min) + refresh token (7 days)
- Roles:
student,instructor,admin,institution_admin - JWT claims:
sub,email,role,institution_id,stage_access[]
Supported Target Auth Frameworks
| Target | Language | Notes | |---------------------|------------|------------------------------------| | Auth.js (NextAuth) | TypeScript | Next.js / Edge | | Passport.js + JWT | TypeScript | Express / NestJS | | Spring Security | Java | OAuth2 Resource Server | | Devise + OmniAuth | Ruby | Rails | | Laravel Sanctum | PHP | SPA / API tokens | | Supabase Auth | Any | Managed auth with RLS | | Clerk | Any | Hosted auth, webhook sync | | Keycloak | Any | Self-hosted OIDC | | Better-Auth (keep) | TypeScript | Different backend, same auth |
Instructions
Step 1 — Map the IntelliStack auth flow
Describe:
/auth/sign-in— credential + OAuth entry points/auth/callback— OAuth redirect handling/auth/sign-out— session teardown/auth/refresh— token refresh/auth/me— current user + claims- JWT middleware applied to FastAPI routes
Step 2 — Produce migration plan
## Auth Migration Plan → <target>
- Provider credentials needed: GOOGLE_CLIENT_ID/SECRET, GITHUB_CLIENT_ID/SECRET
- Session storage: [cookie / DB / Redis]
- JWT library: [name + version]
- Breaking changes: [anything the target cannot replicate exactly]
Step 3 — Generate auth configuration
Output complete, working auth config for the target including:
- Provider setup (OAuth client ID/secret via env)
- Session/token configuration
- Role extraction from claims
- Protected route middleware
Step 4 — Role/Permission mapping
Produce a mapping table:
IntelliStack Role → Target Role/Policy
student → ROLE_STUDENT
instructor → ROLE_INSTRUCTOR
admin → ROLE_ADMIN
institution_admin → ROLE_INSTITUTION_ADMIN
Step 5 — Security checklist
- [ ] Rotate all OAuth secrets before deploying
- [ ] Set CORS origins to new domain
- [ ] Update OAuth callback URLs in Google/GitHub console
- [ ] Confirm HTTPS in production (cookies require Secure flag)
- [ ] Test token refresh flow end-to-end
Related Skills
SARAMALI15792/export-rag
development
VerifiedTrustedCommunity
Re-implements the IntelliStack RAG pipeline (Qdrant + Cohere + OpenAI SSE) in any target language or framework, preserving hybrid retrieval, reranking, citation architecture, and stage-based access control.
5SKILL.mdUpdated Apr 20, 2026
SARAMALI15792/export-frontend
tools
VerifiedTrustedCommunity
Generates typed API clients and frontend integration code for any framework consuming the IntelliStack REST API, including auth flows, learning path UI, chatbot UI, and admin dashboards.
5SKILL.mdUpdated Apr 20, 2026
SARAMALI15792/export-database
tools
VerifiedTrustedCommunity
Converts IntelliStack's SQLAlchemy 2.0 models and Alembic migrations to any target ORM or database toolkit, preserving the full schema, indexes, relationships, and cascade rules.
5SKILL.mdUpdated Apr 20, 2026
SARAMALI15792/export-backend
development
VerifiedTrustedCommunity
Migrates IntelliStack FastAPI routers, services, and Pydantic schemas to any target backend framework while preserving every business rule, auth guard, and error contract.
5SKILL.mdUpdated Apr 20, 2026