Feature Example

type: feature
id: authentication
title: Authentication
status: draft
tags: [auth, security]
context:
  - role/admin
  - domain/auth


{% tldr scope="agent" %}
Allows administrators and standard users to sign in with email/password credentials
and receive a scoped session token granting access to the application.
{% /tldr %}

{% feature id="authentication" domains="domain/auth" roles="role/admin user" scope="public agent" %}

  {% requirement id="authenticate-user" priority="must" tags="[security]" scope="public agent" %}
  The system must authenticate users via email/password and issue a scoped session token.
  {% /requirement %}

  {% requirement id="validation-speed" priority="should" tags="[performance]" scope="agent" %}
  Session token validation must complete within 50ms at p99.
  {% /requirement %}

  {% api %}
    {% action name="submit-credentials" %}
    Accepts email (string) and password (string). Delegates to domain/auth validate-credentials.
    {% /action %}

    {% event name="user-authenticated" %}
    Payload: `{ userId: string, sessionToken: string }`.
    {% /event %}
  {% /api %}

{% /feature %}


{% criteria scope="public agent" %}
  {% criterion id="authenticate-user" requirement="authenticate-user" %}
  Given a registered active user, when valid credentials are submitted,
  then a session token is issued and the user is redirected to the dashboard.
  {% /criterion %}
  {% criterion id="authenticate-invalid" requirement="authenticate-user" %}
  Given invalid credentials, when submitted, then an error is displayed
  and the failed attempt is recorded.
  {% /criterion %}
{% /criteria %}