home / skills / yonatangross / orchestkit / security-patterns

security-patterns skill

safe

This skill enforces comprehensive security patterns for authentication, input validation, LLM safety, and PII masking to harden applications.

npx playbooks add skill yonatangross/orchestkit --skill security-patterns

Review the files below or copy the command above to add this skill to your agents.

Files (53)

SKILL.md

10.9 KB

---
name: security-patterns
license: MIT
compatibility: "Claude Code 2.1.34+."
description: Security patterns for authentication, defense-in-depth, input validation, OWASP Top 10, LLM safety, and PII masking. Use when implementing auth flows, security layers, input sanitization, vulnerability prevention, prompt injection defense, or data redaction.
tags: [security, authentication, authorization, defense-in-depth, owasp, input-validation, llm-safety, pii-masking, jwt, oauth]
context: fork
agent: security-auditor
version: 2.0.0
author: OrchestKit
user-invocable: false
complexity: high
metadata:
  category: document-asset-creation
---

# Security Patterns

Comprehensive security patterns for building hardened applications. Each category has individual rule files in `rules/` loaded on-demand.

## Quick Reference

| Category | Rules | Impact | When to Use |
|----------|-------|--------|-------------|
| [Authentication](#authentication) | 3 | CRITICAL | JWT tokens, OAuth 2.1/PKCE, RBAC/permissions |
| [Defense-in-Depth](#defense-in-depth) | 2 | CRITICAL | Multi-layer security, zero-trust architecture |
| [Input Validation](#input-validation) | 3 | HIGH | Schema validation (Zod/Pydantic), output encoding, file uploads |
| [OWASP Top 10](#owasp-top-10) | 2 | CRITICAL | Injection prevention, broken authentication fixes |
| [LLM Safety](#llm-safety) | 3 | HIGH | Prompt injection defense, output guardrails, content filtering |
| [PII Masking](#pii-masking) | 2 | HIGH | PII detection/redaction with Presidio, Langfuse, LLM Guard |
| [Scanning](#scanning) | 3 | HIGH | Dependency audit, SAST (Semgrep/Bandit), secret detection |
| [Advanced Guardrails](#advanced-guardrails) | 2 | CRITICAL | NeMo/Guardrails AI validators, red-teaming, OWASP LLM |

**Total: 20 rules across 8 categories**

## Quick Start

```python
# Argon2id password hashing
from argon2 import PasswordHasher
ph = PasswordHasher()
password_hash = ph.hash(password)
ph.verify(password_hash, password)
```

```python
# JWT access token (15-min expiry)
import jwt
from datetime import datetime, timedelta, timezone
payload = {
    'sub': user_id, 'type': 'access',
    'exp': datetime.now(timezone.utc) + timedelta(minutes=15),
}
token = jwt.encode(payload, SECRET_KEY, algorithm='HS256')
```

```typescript
// Zod v4 schema validation
import { z } from 'zod';
const UserSchema = z.object({
  email: z.string().email(),
  name: z.string().min(2).max(100),
  role: z.enum(['user', 'admin']).default('user'),
});
const result = UserSchema.safeParse(req.body);
```

```python
# PII masking with Langfuse
import re
from langfuse import Langfuse

def mask_pii(data, **kwargs):
    if isinstance(data, str):
        data = re.sub(r'\b[\w.-]+@[\w.-]+\.\w+\b', '[REDACTED_EMAIL]', data)
        data = re.sub(r'\b\d{3}-\d{2}-\d{4}\b', '[REDACTED_SSN]', data)
    return data

langfuse = Langfuse(mask=mask_pii)
```

## Authentication

Secure authentication with OAuth 2.1, Passkeys/WebAuthn, JWT tokens, and role-based access control.

| Rule | Description |
|------|-------------|
| `auth-jwt.md` | JWT creation, verification, expiry, refresh token rotation |
| `auth-oauth.md` | OAuth 2.1 with PKCE, DPoP, Passkeys/WebAuthn |
| `auth-rbac.md` | Role-based access control, permission decorators, MFA |

**Key Decisions:** Argon2id > bcrypt | Access tokens 15 min | PKCE required | Passkeys > TOTP > SMS

## Defense-in-Depth

Multi-layer security architecture with no single point of failure.

| Rule | Description |
|------|-------------|
| `defense-layers.md` | 8-layer security architecture (edge to observability) |
| `defense-zero-trust.md` | Immutable request context, tenant isolation, audit logging |

**Key Decisions:** Immutable dataclass context | Query-level tenant filtering | No IDs in LLM prompts

## Input Validation

Validate and sanitize all untrusted input using Zod v4 and Pydantic.

| Rule | Description |
|------|-------------|
| `validation-input.md` | Schema validation with Zod v4 and Pydantic, type coercion |
| `validation-output.md` | HTML sanitization, output encoding, XSS prevention |
| `validation-schemas.md` | Discriminated unions, file upload validation, URL allowlists |

**Key Decisions:** Allowlist over blocklist | Server-side always | Validate magic bytes not extensions

## OWASP Top 10

Protection against the most critical web application security risks.

| Rule | Description |
|------|-------------|
| `owasp-injection.md` | SQL/command injection, parameterized queries, SSRF prevention |
| `owasp-broken-auth.md` | JWT algorithm confusion, CSRF protection, timing attacks |

**Key Decisions:** Parameterized queries only | Hardcode JWT algorithm | SameSite=Strict cookies

## LLM Safety

Security patterns for LLM integrations including context separation and output validation.

| Rule | Description |
|------|-------------|
| `llm-prompt-injection.md` | Context separation, prompt auditing, forbidden patterns |
| `llm-guardrails.md` | Output validation pipeline: schema, grounding, safety, size |
| `llm-content-filtering.md` | Pre-LLM filtering, post-LLM attribution, three-phase pattern |

**Key Decisions:** IDs flow around LLM, never through | Attribution is deterministic | Audit every prompt

## PII Masking

PII detection and masking for LLM observability pipelines and logging.

| Rule | Description |
|------|-------------|
| `pii-detection.md` | Microsoft Presidio, regex patterns, LLM Guard Anonymize |
| `pii-redaction.md` | Langfuse mask callback, structlog/loguru processors, Vault deanonymization |

**Key Decisions:** Presidio for enterprise | Replace with type tokens | Use mask callback at init

## Scanning

Automated security scanning for dependencies, code, and secrets.

| Rule | Description |
|------|-------------|
| `scanning-dependency.md` | npm audit, pip-audit, Trivy container scanning, CI gating |
| `scanning-sast.md` | Semgrep and Bandit static analysis, custom rules, pre-commit |
| `scanning-secrets.md` | Gitleaks, TruffleHog, detect-secrets with baseline management |

**Key Decisions:** Pre-commit hooks for shift-left | Block on critical/high | Gitleaks + detect-secrets baseline

## Advanced Guardrails

Production LLM safety with NeMo Guardrails, Guardrails AI validators, and DeepTeam red-teaming.

| Rule | Description |
|------|-------------|
| `guardrails-nemo.md` | NeMo Guardrails, Colang 2.0 flows, Guardrails AI validators, layered validation |
| `guardrails-llm-validation.md` | DeepTeam red-teaming (40+ vulnerabilities), OWASP LLM Top 10 compliance |

**Key Decisions:** NeMo for flows, Guardrails AI for validators | Toxicity 0.5 threshold | Red-team pre-release + quarterly

## Anti-Patterns (FORBIDDEN)

```python
# Authentication
user.password = request.form['password']       # Plaintext password storage
response_type=token                             # Implicit OAuth grant (deprecated)
return "Email not found"                        # Information disclosure

# Input Validation
"SELECT * FROM users WHERE name = '" + name + "'"  # SQL injection
if (file.type === 'image/png') {...}               # Trusting Content-Type header

# LLM Safety
prompt = f"Analyze for user {user_id}"             # ID in prompt
artifact.user_id = llm_output["user_id"]           # Trusting LLM-generated IDs

# PII
logger.info(f"User email: {user.email}")           # Raw PII in logs
langfuse.trace(input=raw_prompt)                   # Unmasked observability data
```

## Detailed Documentation

| Resource | Description |
|----------|-------------|
| [references/oauth-2.1-passkeys.md](references/oauth-2.1-passkeys.md) | OAuth 2.1, PKCE, DPoP, Passkeys/WebAuthn |
| [references/request-context-pattern.md](references/request-context-pattern.md) | Immutable request context for identity flow |
| [references/tenant-isolation.md](references/tenant-isolation.md) | Tenant-scoped repository, vector/full-text search |
| [references/audit-logging.md](references/audit-logging.md) | Sanitized structured logging, compliance |
| [references/zod-v4-api.md](references/zod-v4-api.md) | Zod v4 types, coercion, transforms, refinements |
| [references/vulnerability-demos.md](references/vulnerability-demos.md) | OWASP vulnerable vs secure code examples |
| [references/context-separation.md](references/context-separation.md) | LLM context separation architecture |
| [references/output-guardrails.md](references/output-guardrails.md) | Output validation pipeline implementation |
| [references/pre-llm-filtering.md](references/pre-llm-filtering.md) | Tenant-scoped retrieval, content extraction |
| [references/post-llm-attribution.md](references/post-llm-attribution.md) | Deterministic attribution pattern |
| [references/prompt-audit.md](references/prompt-audit.md) | Prompt audit patterns, safe prompt builder |
| [references/presidio-integration.md](references/presidio-integration.md) | Microsoft Presidio setup, custom recognizers |
| [references/langfuse-mask-callback.md](references/langfuse-mask-callback.md) | Langfuse SDK mask implementation |
| [references/llm-guard-sanitization.md](references/llm-guard-sanitization.md) | LLM Guard Anonymize/Deanonymize with Vault |
| [references/logging-redaction.md](references/logging-redaction.md) | structlog/loguru pre-logging redaction |

## Related Skills

- `api-design-framework` - API security patterns
- `rag-retrieval` - RAG pipeline patterns requiring tenant-scoped retrieval
- `llm-evaluation` - Output quality assessment including hallucination detection

## Capability Details

### authentication
**Keywords:** password, hashing, JWT, token, OAuth, PKCE, passkey, WebAuthn, RBAC, session
**Solves:**
- Implement secure authentication with modern standards
- JWT token management with proper expiry
- OAuth 2.1 with PKCE flow
- Passkeys/WebAuthn registration and login
- Role-based access control

### defense-in-depth
**Keywords:** defense in depth, security layers, multi-layer, request context, tenant isolation
**Solves:**
- How to secure AI applications end-to-end
- Implement 8-layer security architecture
- Create immutable request context
- Ensure tenant isolation at query level

### input-validation
**Keywords:** schema, validate, Zod, Pydantic, sanitize, HTML, XSS, file upload
**Solves:**
- Validate input against schemas (Zod v4, Pydantic)
- Prevent injection attacks with allowlists
- Sanitize HTML and prevent XSS
- Validate file uploads by magic bytes

### owasp-top-10
**Keywords:** OWASP, sql injection, broken access control, CSRF, XSS, SSRF
**Solves:**
- Fix OWASP Top 10 vulnerabilities
- Prevent SQL and command injection
- Implement CSRF protection
- Fix broken authentication

### llm-safety
**Keywords:** prompt injection, context separation, guardrails, hallucination, LLM output
**Solves:**
- Prevent prompt injection attacks
- Implement context separation (IDs around LLM)
- Validate LLM output with guardrail pipeline
- Deterministic post-LLM attribution

### pii-masking
**Keywords:** PII, masking, Presidio, Langfuse, redact, GDPR, privacy
**Solves:**
- Detect and mask PII in LLM pipelines
- Integrate masking with Langfuse observability
- Implement pre-logging redaction
- GDPR-compliant data handling

Overview

This skill provides production-ready security patterns for authentication, defense-in-depth, input validation, OWASP Top 10 mitigation, LLM safety, and PII masking. It bundles concrete rules, code snippets, and recommended decisions to harden AI-enabled applications using TypeScript/Python stacks. Use it to standardize secure auth flows, layered defenses, and safe LLM integrations across services.

How this skill works

The skill exposes a set of focused rules grouped by category (authentication, validation, LLM safety, scanning, etc.) and loads specific guidance on demand. Each rule includes actionable steps, example code, and key decisions (e.g., Argon2id for hashing, 15-minute JWT access tokens, PKCE required) so teams can implement consistent controls in CI, runtime, and observability pipelines.

When to use it

Implementing or auditing authentication flows (JWT, OAuth 2.1, Passkeys/WebAuthn)
Designing multi-layer security or zero-trust request contexts
Adding schema validation and XSS/injection prevention to APIs
Hardening LLM integrations against prompt injection and hallucinations
Building PII masking and redaction into logging/observability
Setting up automated dependency, SAST, and secret scanning in CI

Best practices

Prefer Argon2id for password hashing and short-lived access tokens (e.g., 15 minutes)
Enforce server-side schema validation (Zod v4 / Pydantic) and allowlists over blocklists
Keep IDs and sensitive identifiers out of LLM prompts; use deterministic post-LLM attribution
Apply defense-in-depth: multiple validation and enforcement layers from edge to observability
Mask PII at ingestion with Presidio or Langfuse mask callbacks and avoid raw PII in logs
Shift-left with pre-commit hooks and CI gates for dependency audits, SAST, and secret detection

Example use cases

Implementing OAuth 2.1 with PKCE and refresh token rotation for a web app
Adding Zod validation and HTML sanitization to a FastAPI/React API to prevent XSS and injection
Integrating Langfuse masking and Presidio recognizers into an LLM observability pipeline
Designing request-context patterns for tenant isolation and query-level filtering in a RAG system
Configuring Semgrep and Gitleaks in CI to block commits with high/severe security findings

FAQ

Which password hashing algorithm should I use?

Use Argon2id over bcrypt for modern password hashing; combine with proper pepper/salting and rate limits.

How do I prevent prompt injection and LLM hallucinations?

Apply context separation, pre- and post-LLM filters, schema-based output validation, and an audit trail for every prompt.