Signup Blueprint
Register a new user account with email and password
| Feature | signup |
| Category | Auth |
| Version | 1.0.0 |
| Tags | registration, onboarding, account-creation, identity, saas |
| YAML Source | View on GitHub |
| JSON API | signup.json |
Fields
| Name | Type | Required | Label | Description |
|---|---|---|---|---|
first_name | text | Yes | First Name | Validations: required, minLength, maxLength, pattern |
last_name | text | Yes | Last Name | Validations: required, minLength, maxLength, pattern |
email | Yes | Email Address | Validations: required, email, maxLength, unique | |
password | password | Yes | Password | Validations: required, minLength, maxLength, pattern |
confirm_password | password | Yes | Confirm Password | Validations: required, match |
terms_accepted | boolean | Yes | I agree to the Terms of Service and Privacy Policy | Validations: required |
Rules
- security:
- password_hashing:
- algorithm: bcrypt
- salt_rounds: 12
- rate_limit:
- window_seconds: 3600
- max_requests: 5
- scope: per_ip
- email_enumeration_prevention:
- enabled: true
- bot_protection:
- type: none
- password_hashing:
- account:
- default_role: user
- email_verified_on_signup: false
- auto_login_after_signup: false
- email:
- case_sensitive: false
- trim_whitespace: true
Outcomes
Rate_limited (Priority: 1) — Error: SIGNUP_RATE_LIMITED
Given:
request_count(computed) gt5
Result: show “Too many attempts. Please try again later.”
Validation_failed (Priority: 2) — Error: SIGNUP_VALIDATION_ERROR
Given:
- any field fails its validation rules
Result: show per-field error messages inline
Bot_detected (Priority: 3) — Error: SIGNUP_RATE_LIMITED
Given:
- ANY:
honeypot(input) exists ORcaptcha(input) eqfalse
Then:
- emit_event event:
signup.bot_detected
Result: show generic rate limit error (don’t reveal bot detection triggered)
Email_already_registered (Priority: 4) — Error: SIGNUP_EMAIL_TAKEN
Given:
email(db) exists
Then:
- emit_event event:
signup.duplicate_email - notify to:
existing_user— Alert the existing account holder
Result: show SAME success response as new signup (enumeration prevention)
Successful_signup (Priority: 10) | Transaction: atomic
Given:
first_name(input) matches^[\p{L}\s'-]+$last_name(input) matches^[\p{L}\s'-]+$email(input) matches^[^\s@]+@[^\s@]+\.[^\s@]+$email(db) not_existspassword(input) matches^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,64}$confirm_password(input) eqpasswordterms_accepted(input) eqtrue
Then:
- create_record target:
user— Create user with hashed password (bcrypt, 12 rounds), role ‘user’, email_verified false - notify to:
user— Send email verification link - emit_event event:
signup.success
Result: redirect to confirmation page with “Account created! Please check your email to verify.”
Errors
| Code | Status | Message | Retry |
|---|---|---|---|
SIGNUP_VALIDATION_ERROR | 422 | Please check your input and try again | Yes |
SIGNUP_EMAIL_TAKEN | 409 | Unable to create account. Please try a different email or sign in. | Yes |
SIGNUP_RATE_LIMITED | 429 | Too many attempts. Please try again later. | No |
SIGNUP_TERMS_NOT_ACCEPTED | 422 | You must accept the terms to create an account | Yes |
SIGNUP_PASSWORD_WEAK | 422 | Password does not meet security requirements | Yes |
SIGNUP_PASSWORD_MISMATCH | 422 | Passwords do not match | Yes |
Events
| Event | Description | Payload |
|---|---|---|
signup.success | New account created successfully | user_id, email, timestamp, ip_address, user_agent |
signup.duplicate_email | Signup attempted with an existing email | email, timestamp, ip_address |
signup.bot_detected | Bot protection triggered during signup | ip_address, timestamp, detection_method |
signup.verification_sent | Verification email dispatched | user_id, email, timestamp, expires_at |
Related Blueprints
| Feature | Relationship | Reason |
|---|---|---|
| login | required | After signup, user needs to log in |
| email-verification | required | New accounts must verify their email |
| password-reset | recommended | Users who just signed up may still need password reset |
AGI Readiness
Goals
Reliable Signup
Register a new user account with email and password
Success Metrics:
| Metric | Target | Measurement |
|---|---|---|
| unauthorized_access_rate | 0% | Failed authorization attempts that succeed |
| response_time_p95 | < 500ms | 95th percentile response time |
Constraints:
- security (non-negotiable): Follow OWASP security recommendations
- security (non-negotiable): Sensitive fields must be encrypted at rest and never logged in plaintext
Autonomy
Level: supervised
Human Checkpoints:
- before modifying sensitive data fields
Escalation Triggers:
error_rate > 5consecutive_failures > 3
Verification
Invariants:
- sensitive fields are never logged in plaintext
- all data access is authenticated and authorized
- error messages never expose internal system details
Tradeoffs
| Prefer | Over | Reason |
|---|---|---|
| security | performance | authentication must prioritize preventing unauthorized access |
Coordination
Protocol: request_response
Consumes:
| Capability | From | Fallback |
|---|---|---|
login | login | fail |
email_verification | email-verification | fail |
Safety
| Action | Permission | Cooldown | Max Auto |
|---|---|---|---|
| rate_limited | autonomous | - | - |
| validation_failed | autonomous | - | - |
| bot_detected | autonomous | - | - |
| email_already_registered | autonomous | - | - |
| successful_signup | autonomous | - | - |