← All examples
ResetPassword
examples/ResetPassword.intent
ResetPassword.intent
1# ResetPassword.intent2# The secure password-reset mission, end to end: a name and a goal grow into3# guarantees, never-rules, an executable decision, and tests that prove it.4# Compiles clean and runs 3/3 with the deterministic `intent` compiler (no AI).56mission ResetPassword78goal9 Let a user securely reset their password1011why12 A weak reset flow is a common path to account takeover.1314requires15 verified email16 reset token1718input19 email: Email20 token: ResetToken21 newPassword: Secret2223output24 result: PasswordResetResult2526constraints27 token.ttl <= 15 minutes28 password.minLength >= 122930guarantees31 token expires after 15 minutes32 token can only be used once33 password is never logged3435guarantee token expires after 15 minutes36 because a long-lived reset token widens the account-takeover window37 verify test token expiration3839guarantee token can only be used once40 because a reusable reset token is an account-takeover risk41 verify test one time use4243guarantee password is never logged44 because a plaintext password in logs is a credential leak45 verify test raw password not logged4647never48 log the new password49 return the token to the client5051never log the new password52 because logs are visible to support and observability tools53 verify test raw password not logged5455never return the token to the client56 because a returned token can be replayed to seize the account57 verify test token not returned5859# The reset policy is a decision, it runs, it is not a wish. `intent run` / `intent test`.60decision CanReset61 inputs62 tokenAgeMinutes63 attempts64 rule expired65 when tokenAgeMinutes > 1566 return Denied67 rule tooManyAttempts68 when attempts >= 569 return Denied70 rule allowed71 when attempts < 572 return Allowed73 default74 return Denied7576target77 DotNet78 Tests7980style81 ASP.NET Core82 EntityFramework83 BCrypt8485test CanReset86 case fresh token87 given tokenAgeMinutes 3, attempts 188 expect Allowed89 case expired token90 given tokenAgeMinutes 20, attempts 191 expect Denied92 case locked out93 given tokenAgeMinutes 3, attempts 594 expect DeniedDraft syntax. This file is illustrative and does not run yet.
More examples
AlertRoutingApiGatewayBillingServiceCalculateRiskScoreCertificationAttemptCertificationCheckoutCertificationEligibilityCertificationStudyPlanCreateInvoiceCreateStudyPlanCustomerDataRequestDuplicateInvoicePreventionGroundedAnswerIngestClickstreamInvoiceCreatedNetworkEgressPolicyPlaceOrderResearchAgentRunStorefrontStyleSubscriptionUpgradeTenantIsolationUploadStudyMaterial