Authorization Matrix Skill
Build a complete authorization matrix from the codebase and verify every endpoint has appropriate authentication, authorization, and ownership checks.
Trigger Conditions
- •Route configuration changes
- •Auth middleware changes
- •New handlers are added
- •User invokes with "auth matrix" or "authorization-matrix"
Input Contract
- •Required: Path to route configuration (main.go or router files)
- •Required: Path to middleware directory
- •Optional: Path to handler files for ownership check verification
Output Contract
- •Complete route → auth requirement matrix
- •List of unprotected routes (missing auth middleware)
- •List of routes missing account ownership verification
- •Comparison against the whitelist in rule 121
Tool Permissions
- •Read: Route config, middleware, handler files
- •Write: None (read-only analysis)
- •Search: Grep for
Use(middleware.Auth,GetUserID,RequireScope,AccountOwnership
Execution Steps
- •Extract all routes: Parse route registration to build complete endpoint list with HTTP method and path
- •Identify auth middleware: Find which route groups use auth middleware
- •Check whitelist: Compare unauthenticated routes against the whitelist in rule 121
- •Verify ownership: For account-scoped routes (
/accounts/:id/*), verify ownership middleware is applied - •Report: Produce authorization matrix with pass/fail per check
Success Criteria
- •All routes outside the whitelist are authenticated
- •All account-scoped routes verify ownership
- •All financial endpoints require appropriate scopes
- •No route bypasses auth through misconfiguration
References
- •
.cursor/rules/121-route-auth-enforcement.mdc - •
.cursor/rules/042-security-authorization.mdc