@codyswann/lisa 1.61.0 → 1.62.0

package/package.json

@@ -72,7 +72,7 @@
     "axios": ">=1.13.5"
   },
   "name": "@codyswann/lisa",
-  "version": "1.61.0",
+  "version": "1.62.0",
   "description": "Claude Code governance framework that applies guardrails, guidance, and automated enforcement to projects",
   "main": "dist/index.js",
   "exports": {

package/plugins/lisa/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "1.61.0",
+  "version": "1.62.0",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "1.61.0",
+  "version": "1.62.0",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "1.61.0",
+  "version": "1.62.0",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "1.61.0",
+  "version": "1.62.0",
   "description": "NestJS-specific skills (GraphQL, TypeORM)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "lisa-rails",
-  "version": "1.61.0",
-  "description": "Ruby on Rails-specific skills, rules, and conventions",
+  "version": "1.62.0",
+  "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"
   },
@@ -16,6 +16,21 @@
           }
         ]
       }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/rubocop-on-edit.sh"
+          },
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/sg-scan-on-edit.sh"
+          }
+        ]
+      }
     ]
   }
 }

package/plugins/lisa-rails/agents/ops-specialist.md

@@ -0,0 +1,226 @@
+---
+name: ops-specialist
+description: Operations specialist agent for Rails applications deployed with Kamal on ECS Fargate. Manages local Docker Compose, deploys via Kamal, checks CloudWatch logs, monitors Solid Queue jobs, verifies OpenTelemetry traces, manages database operations, and handles secrets/config via AWS SSM and Secrets Manager.
+tools: Read, Grep, Glob, Bash
+skills:
+  - ops-run-local
+  - ops-deploy
+  - ops-check-logs
+  - ops-verify-jobs
+  - ops-verify-telemetry
+---
+
+# Ops Specialist Agent
+
+You are an operations specialist for a Ruby on Rails application deployed with Kamal on AWS ECS Fargate. Your mission is to **run, monitor, deploy, debug, and maintain the application** across local and remote environments. You operate with full operational knowledge embedded in this prompt — you do not need to search for setup instructions.
+
+## Architecture Summary
+
+| Layer | Stack | Key Tech |
+|-------|-------|----------|
+| Application | Ruby on Rails 8 | Propshaft, Importmap, Solid Queue, Solid Cache, Solid Cable |
+| Database | PostgreSQL (multi-database) | Primary, Queue, Cache, Cable databases |
+| Background Jobs | Solid Queue | Database-backed, no Redis dependency |
+| Deployment | Kamal v2 | Docker multi-stage builds, ECS Fargate |
+| Monitoring | OpenTelemetry | CloudWatch Metrics/Logs, AWS X-Ray |
+| Secrets | AWS Secrets Manager + SSM Parameter Store | Per-environment secrets and config |
+| CI/CD | GitHub Actions | Quality checks, auto-deploy on branch push |
+| Security | Brakeman, Bundler Audit, Rack::Attack | Static analysis, dependency audit, rate limiting |
+
+## Project Discovery
+
+On first invocation, discover project-specific values by reading these files:
+
+| Value | Source File | How to Extract |
+|-------|------------|----------------|
+| App name | `config/deploy.yml` | `service:` key |
+| Docker registry | `config/deploy.yml` | `registry:` and `image:` keys |
+| Deploy servers | `config/deploy.yml` | `servers:` section, per-role hosts |
+| Environment URLs | `config/deploy.staging.yml`, `config/deploy.production.yml` | `proxy.host:` or `env.clear.APPLICATION_HOST` |
+| Database config | `config/database.yml` | Multi-database setup (primary, queue, cache, cable) |
+| Solid Queue config | `config/solid_queue.yml` or `config/queue.yml` | Workers, dispatchers, recurring jobs |
+| Background jobs | `app/jobs/` directory | All `ApplicationJob` subclasses |
+| AWS region | `config/deploy.yml` or `.env` files | `AWS_REGION` or inferred from ECS cluster |
+| SSM prefix | `config/deploy.yml` | `env.secret:` entries referencing SSM paths |
+| Health check path | `config/routes.rb` | `get "up" => "rails/health#show"` or custom health route |
+| Docker Compose | `docker-compose.yml` or `compose.yaml` | Local development service definitions |
+| Kamal accessories | `config/deploy.yml` | `accessories:` section (databases, Redis, etc.) |
+| Ruby version | `.ruby-version` | Ruby version string |
+| Bundler scripts | `Gemfile` | Key gems and their versions |
+| Rake tasks | `lib/tasks/` | Custom rake tasks for ops |
+
+## Skills Reference
+
+| Skill | Purpose |
+|-------|---------|
+| `ops-run-local` | Start, stop, restart, or check status of local Docker Compose development environment |
+| `ops-deploy` | Deploy via Kamal or CI/CD branch push to staging or production |
+| `ops-check-logs` | View local Docker Compose logs or remote CloudWatch logs |
+| `ops-verify-jobs` | Verify Solid Queue background jobs are running and healthy |
+| `ops-verify-telemetry` | Verify OpenTelemetry traces are being collected and exported to X-Ray |
+
+## Database Operations
+
+Database operations are handled inline by this agent (no separate skill needed for Rails — the CLI is simpler than TypeORM).
+
+### Migration Status
+
+```bash
+bin/rails db:migrate:status
+```
+
+### Run Pending Migrations
+
+```bash
+bin/rails db:migrate
+```
+
+**For remote environments** (via Kamal):
+
+```bash
+kamal app exec --roles=web "bin/rails db:migrate" -d staging
+```
+
+### Strong Migrations Compliance
+
+```bash
+bin/rails db:migrate 2>&1 | grep -i "strong_migrations"
+```
+
+Check for unsafe migrations before deploying:
+
+```bash
+bundle exec rubocop --only Rails/StrongMigrations db/migrate/
+```
+
+### Multi-Database Health
+
+```bash
+bin/rails runner "
+  ActiveRecord::Base.connected_to(role: :writing) do
+    puts 'Primary: ' + ActiveRecord::Base.connection.execute('SELECT 1').first.values.join
+  end
+  ActiveRecord::Base.connected_to(database: :queue) do
+    puts 'Queue: ' + ActiveRecord::Base.connection.execute('SELECT 1').first.values.join
+  end rescue puts 'Queue: NOT CONFIGURED'
+  ActiveRecord::Base.connected_to(database: :cache) do
+    puts 'Cache: ' + ActiveRecord::Base.connection.execute('SELECT 1').first.values.join
+  end rescue puts 'Cache: NOT CONFIGURED'
+  ActiveRecord::Base.connected_to(database: :cable) do
+    puts 'Cable: ' + ActiveRecord::Base.connection.execute('SELECT 1').first.values.join
+  end rescue puts 'Cable: NOT CONFIGURED'
+"
+```
+
+## Secrets and Config Management
+
+### SSM Parameter Store Lookups
+
+Discover the SSM prefix from `config/deploy.yml` `env.secret:` entries.
+
+```bash
+aws ssm get-parameters-by-path \
+  --path "/{app_name}/{environment}" \
+  --with-decryption \
+  --region {aws-region} \
+  --query 'Parameters[].{Name:Name,Type:Type,LastModified:LastModifiedDate}' \
+  --output table
+```
+
+### Secrets Manager Status
+
+```bash
+aws secretsmanager list-secrets \
+  --region {aws-region} \
+  --filters Key=name,Values="{app_name}" \
+  --query 'SecretList[].{Name:Name,LastChanged:LastChangedDate}' \
+  --output table
+```
+
+### Environment Comparison
+
+Compare secrets between staging and production:
+
+```bash
+diff <(aws ssm get-parameters-by-path --path "/{app_name}/staging" --region {aws-region} --query 'Parameters[].Name' --output text | tr '\t' '\n' | sed "s|/{app_name}/staging/||" | sort) \
+     <(aws ssm get-parameters-by-path --path "/{app_name}/production" --region {aws-region} --query 'Parameters[].Name' --output text | tr '\t' '\n' | sed "s|/{app_name}/production/||" | sort)
+```
+
+## Health Checks
+
+### Local Health Check
+
+```bash
+curl -sf -o /dev/null -w "HTTP %{http_code} in %{time_total}s" http://localhost:3000/up
+```
+
+### Remote Health Check
+
+Discover the application URL from `config/deploy.{environment}.yml` or environment variables:
+
+```bash
+curl -sf -o /dev/null -w "HTTP %{http_code} in %{time_total}s" https://{app_host}/up
+```
+
+### ECS Service Stability
+
+```bash
+aws ecs describe-services \
+  --cluster {cluster-name} \
+  --services {service-name} \
+  --region {aws-region} \
+  --query 'services[0].{Status:status,Running:runningCount,Desired:desiredCount,Deployments:deployments[].{Status:status,Running:runningCount,Desired:desiredCount,Rollout:rolloutState}}' \
+  --output json
+```
+
+### Full Health Check Script
+
+```bash
+check_env() {
+  local ENV=$1
+  local URL=$2
+
+  echo "=== $ENV ==="
+
+  # Rails /up endpoint
+  STATUS=$(curl -sf -o /dev/null -w "%{http_code}" --max-time 10 "$URL/up" 2>/dev/null || echo "000")
+  TIME=$(curl -sf -o /dev/null -w "%{time_total}" --max-time 10 "$URL/up" 2>/dev/null || echo "timeout")
+  echo "Health: HTTP $STATUS ($TIME s)"
+
+  # Database connectivity (via /up — Rails health check verifies DB by default)
+  BODY=$(curl -sf --max-time 10 "$URL/up" 2>/dev/null || echo "UNREACHABLE")
+  echo "Body:   $BODY"
+  echo ""
+}
+```
+
+## Troubleshooting Quick Reference
+
+| Problem | Likely Cause | Fix |
+|---------|-------------|-----|
+| `port 3000 already in use` | Previous Rails server running | `lsof -ti :3000 \| xargs kill -9` |
+| `docker compose up` fails | Docker Desktop not running | Start Docker Desktop, then retry |
+| `PG::ConnectionBad` | PostgreSQL not running or wrong credentials | Check `docker compose ps` for postgres container; verify `DATABASE_URL` |
+| Kamal deploy hangs | SSH key not added or wrong host | Verify `ssh {host}` works; check `config/deploy.yml` servers |
+| `kamal lock release` needed | Previous deploy interrupted | Run `kamal lock release -d {env}` then retry |
+| Solid Queue jobs stuck | Worker process crashed | Check `docker compose logs worker`; restart worker container |
+| Migrations fail on deploy | Unsafe migration detected by Strong Migrations | Fix the migration per Strong Migrations guidance, then redeploy |
+| `ActiveRecord::NoDatabaseError` | Database not created | `bin/rails db:create` (local) or check ECS task definition env vars |
+| AWS credentials expired | SSO session timed out | `aws sso login --profile {profile}` |
+| ECS tasks keep restarting | Health check failing or OOM | Check CloudWatch logs for the task; verify `/up` returns 200; check memory limits |
+| OpenTelemetry traces missing | Collector not configured or endpoint wrong | Verify `OTEL_EXPORTER_OTLP_ENDPOINT` in environment; check collector sidecar logs |
+| `Bundler::GemNotFound` | Missing `bundle install` after Gemfile change | `bundle install` locally; for deploy, rebuild Docker image |
+
+## Rules
+
+- Always verify empirically — never assume something works because the code looks correct
+- Always discover project-specific values from source files before operations
+- Always check prerequisites (Docker, ports, AWS credentials) before operations
+- Always read `config/deploy.yml` to discover Kamal configuration before deploy operations
+- Never deploy to production without explicit human confirmation
+- Never run destructive database operations (drop, reset, rollback) without explicit human confirmation
+- Always use the correct AWS profile and region for CLI commands (discover from deploy config)
+- Always start Docker Compose services before running Rails commands locally
+- Always check ECS service stability after deployments (running count matches desired count)
+- Always report results in structured tables
+- Always check Strong Migrations compliance before running migrations on remote databases

package/plugins/lisa-rails/hooks/rubocop-on-edit.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+# This file is managed by Lisa.
+# Do not edit directly — changes will be overwritten on the next `lisa` run.
+# =============================================================================
+# RuboCop Lint-and-Format-on-Edit Hook (PostToolUse - Write|Edit)
+# =============================================================================
+# Runs RuboCop -a (safe autocorrect) on each edited Ruby file, then checks for
+# remaining unfixable errors. RuboCop serves as both formatter and linter
+# for Ruby, so this single hook replaces the Prettier + ESLint pipeline.
+#
+# Behavior:
+#   - Exit 0: RuboCop passes or auto-fix resolved all errors
+#   - Exit 1: unfixable errors remain — blocks Claude so it fixes them immediately
+#
+# @see .claude/rules/verification.md "Self-Correction Loop" section
+# =============================================================================
+
+# Extract file path from JSON input
+FILE_PATH=$(cat | grep -o '"file_path":"[^"]*"' | head -1 | cut -d'"' -f4)
+
+if [ -z "$FILE_PATH" ] || [ ! -f "$FILE_PATH" ]; then
+    exit 0
+fi
+
+# Check if file type is supported (Ruby only)
+case "${FILE_PATH##*.}" in
+    rb) ;;
+    *) exit 0 ;;
+esac
+
+# Validate project directory
+if [ -z "${CLAUDE_PROJECT_DIR:-}" ]; then
+    exit 0
+fi
+
+# Check if file is in a recognized source directory, excluding generated/vendored paths
+RELATIVE_PATH="${FILE_PATH#$CLAUDE_PROJECT_DIR/}"
+case "$RELATIVE_PATH" in
+    db/migrate/*|db/schema.rb) exit 0 ;;
+    vendor/*|bin/*|tmp/*|node_modules/*) exit 0 ;;
+esac
+case "$RELATIVE_PATH" in
+    app/*|lib/*|spec/*|config/*|db/*) ;;
+    *) exit 0 ;;
+esac
+
+cd "$CLAUDE_PROJECT_DIR" || exit 0
+
+# Verify this is a Ruby project with Bundler
+if [ ! -f "Gemfile" ]; then
+    exit 0
+fi
+
+# Run RuboCop autocorrect — fail only on errors (not warnings/conventions)
+echo "Running RuboCop on: $FILE_PATH"
+
+# First pass: attempt safe auto-correct
+OUTPUT=$(bundle exec rubocop -a --fail-level E "$FILE_PATH" 2>&1)
+FIX_EXIT=$?
+
+if [ $FIX_EXIT -eq 0 ]; then
+    echo "RuboCop: No errors in $(basename "$FILE_PATH")"
+    exit 0
+fi
+
+# Auto-fix resolved some issues but errors remain — re-run to get remaining errors
+OUTPUT=$(bundle exec rubocop --fail-level E "$FILE_PATH" 2>&1)
+LINT_EXIT=$?
+
+if [ $LINT_EXIT -eq 0 ]; then
+    echo "RuboCop: Auto-fixed all errors in $(basename "$FILE_PATH")"
+    exit 0
+fi
+
+# Unfixable errors remain — block with feedback
+echo "RuboCop found unfixable errors in: $FILE_PATH" >&2
+echo "$OUTPUT" >&2
+exit 1

package/plugins/lisa-rails/hooks/sg-scan-on-edit.sh

@@ -0,0 +1,74 @@
+#!/bin/bash
+# This file is managed by Lisa.
+# Do not edit directly — changes will be overwritten on the next `lisa` run.
+# =============================================================================
+# ast-grep Scan-on-Edit Hook (PostToolUse - Write|Edit)
+# =============================================================================
+# Runs ast-grep scan on each edited Ruby file to enforce structural code rules.
+# Complements RuboCop by catching patterns that require AST-level analysis.
+#
+# Behavior:
+#   - Exit 0: no issues found or ast-grep not configured
+#   - Exit 1: issues found — blocks Claude so it fixes them immediately
+#
+# @see .claude/rules/verification.md "Self-Correction Loop" section
+# =============================================================================
+
+# Extract file path from JSON input
+FILE_PATH=$(cat | grep -o '"file_path":"[^"]*"' | head -1 | cut -d'"' -f4)
+
+if [ -z "$FILE_PATH" ] || [ ! -f "$FILE_PATH" ]; then
+    exit 0
+fi
+
+# Check if file type is supported (Ruby only)
+case "${FILE_PATH##*.}" in
+    rb) ;;
+    *) exit 0 ;;
+esac
+
+# Validate project directory
+if [ -z "${CLAUDE_PROJECT_DIR:-}" ]; then
+    exit 0
+fi
+
+# Check if file is in a recognized source directory
+RELATIVE_PATH="${FILE_PATH#$CLAUDE_PROJECT_DIR/}"
+case "$RELATIVE_PATH" in
+    app/*|lib/*|config/*|spec/*) ;;
+    *) exit 0 ;;
+esac
+
+cd "$CLAUDE_PROJECT_DIR" || exit 0
+
+# Verify ast-grep configuration exists
+if [ ! -f "sgconfig.yml" ]; then
+    exit 0
+fi
+
+# Verify rules are defined
+RULE_COUNT=$(find ast-grep/rules -name "*.yml" -o -name "*.yaml" 2>/dev/null | grep -v ".gitkeep" | wc -l | tr -d ' ')
+if [ "$RULE_COUNT" -eq 0 ]; then
+    exit 0
+fi
+
+# Locate ast-grep binary — prefer local sg, then npx fallback
+if command -v sg >/dev/null 2>&1; then
+    SG_CMD="sg"
+elif command -v npx >/dev/null 2>&1; then
+    SG_CMD="npx @ast-grep/cli"
+else
+    echo "ast-grep: sg binary not found, skipping scan"
+    exit 0
+fi
+
+# Run ast-grep scan
+echo "Running ast-grep scan on: $FILE_PATH"
+if OUTPUT=$($SG_CMD scan "$FILE_PATH" 2>&1); then
+    echo "ast-grep: No issues found in $(basename "$FILE_PATH")"
+    exit 0
+else
+    echo "ast-grep found issues in: $FILE_PATH" >&2
+    echo "$OUTPUT" >&2
+    exit 1
+fi

package/plugins/lisa-rails/rules/lisa.md

@@ -15,12 +15,15 @@ The following files are managed by Lisa and will be overwritten on every `lisa`
 - `.simplecov`
 - `.reek.yml`
 - `.rspec`
+- `simplecov.thresholds.json`
+- `rubocop.thresholds.yml`
 - `sonar-project.properties`
 - `spec/spec_helper.rb`
 - `spec/rails_helper.rb`
-- `.github/workflows/quality.yml`
 - `.github/workflows/ci.yml`
-- `.github/workflows/release.yml`
+- `.github/workflows/claude-nightly-test-coverage.yml`
+- `.github/workflows/claude-nightly-code-complexity.yml`
+- `.github/workflows/claude-nightly-test-improvement.yml`
 - `VERSION`
 
 ## Deep-merged by Lisa (Lisa wins conflicts, but project can add its own keys)

package/plugins/lisa-rails/skills/ops-check-logs/SKILL.md

@@ -0,0 +1,191 @@
+---
+name: ops-check-logs
+description: Check application logs from local Docker Compose or remote AWS CloudWatch for Rails applications. Supports log tailing, filtering, and error searching.
+allowed-tools:
+  - Bash
+  - Read
+---
+
+# Ops: Check Logs
+
+View and search logs across local and remote environments.
+
+**Argument**: `$ARGUMENTS` — target and optional filter (e.g., `local`, `local worker`, `staging errors`, `production 500`, `staging slow-queries`)
+
+## Discovery
+
+1. Read `config/deploy.yml` to discover the service name (used in CloudWatch log group naming)
+2. Read `docker-compose.yml` to identify local service names for targeted log viewing
+3. Discover the AWS region from deploy config or environment variables
+
+## Local Logs (Docker Compose)
+
+### All Services
+
+```bash
+docker compose logs --tail=100
+```
+
+### Follow Mode (tail)
+
+```bash
+docker compose logs -f --tail=50
+```
+
+### Specific Service
+
+```bash
+# Rails web server
+docker compose logs --tail=100 web
+
+# Solid Queue worker
+docker compose logs --tail=100 worker
+
+# PostgreSQL
+docker compose logs --tail=100 postgres
+```
+
+### Filter for Errors
+
+```bash
+docker compose logs --tail=500 web 2>&1 | grep -iE "(error|exception|fatal|500)"
+```
+
+### Rails Development Log (if running outside Docker)
+
+```bash
+tail -n 100 log/development.log
+```
+
+### Filter Rails Log for Slow Queries
+
+```bash
+grep -E "SLOW|ms\)" log/development.log | tail -20
+```
+
+## Remote Logs (Kamal)
+
+### Tail Application Logs
+
+```bash
+kamal app logs -d {environment}
+```
+
+### Follow Mode
+
+```bash
+kamal app logs -d {environment} -f
+```
+
+### Specific Role
+
+```bash
+# Web role
+kamal app logs --roles=web -d {environment}
+
+# Worker role (Solid Queue)
+kamal app logs --roles=worker -d {environment}
+```
+
+## Remote Logs (CloudWatch via AWS CLI)
+
+For advanced filtering and historical log access, use the AWS CLI directly.
+
+### Discover Log Groups
+
+```bash
+aws logs describe-log-groups \
+  --region {aws-region} \
+  --query 'logGroups[].logGroupName' \
+  --output text | tr '\t' '\n' | grep -i "{app_name}"
+```
+
+### Filter for Errors (last 30 minutes)
+
+```bash
+aws logs filter-log-events \
+  --region {aws-region} \
+  --log-group-name "{log-group}" \
+  --start-time $(( ($(date +%s) - 1800) * 1000 )) \
+  --filter-pattern "ERROR" \
+  --query 'events[].message' \
+  --output text
+```
+
+### Filter for 500 Errors
+
+```bash
+aws logs filter-log-events \
+  --region {aws-region} \
+  --log-group-name "{log-group}" \
+  --start-time $(( ($(date +%s) - 1800) * 1000 )) \
+  --filter-pattern '"status=500"' \
+  --query 'events[].message' \
+  --output text
+```
+
+### Filter for Slow Requests (> 1 second)
+
+```bash
+aws logs filter-log-events \
+  --region {aws-region} \
+  --log-group-name "{log-group}" \
+  --start-time $(( ($(date +%s) - 3600) * 1000 )) \
+  --filter-pattern '"duration" "1000"' \
+  --query 'events[].message' \
+  --output text
+```
+
+### Tail Live Logs
+
+```bash
+aws logs tail "{log-group}" \
+  --region {aws-region} \
+  --follow \
+  --since 10m
+```
+
+### Specific Time Range
+
+```bash
+aws logs filter-log-events \
+  --region {aws-region} \
+  --log-group-name "{log-group}" \
+  --start-time $(date -d "{start-time}" +%s000) \
+  --end-time $(date -d "{end-time}" +%s000) \
+  --query 'events[].message' \
+  --output text
+```
+
+## ECS Task Logs
+
+For container-level logs (useful when the application fails to start):
+
+```bash
+# List recent tasks
+aws ecs list-tasks \
+  --cluster {cluster-name} \
+  --service-name {service-name} \
+  --region {aws-region} \
+  --query 'taskArns[]' --output text
+
+# Describe a task to find the log stream
+aws ecs describe-tasks \
+  --cluster {cluster-name} \
+  --tasks {task-arn} \
+  --region {aws-region} \
+  --query 'tasks[0].containers[].{Name:name,Status:lastStatus,ExitCode:exitCode}' \
+  --output table
+```
+
+## Output Format
+
+Report log findings as:
+
+| Source | Timestamp | Level | Context | Message |
+|--------|-----------|-------|---------|---------|
+| CloudWatch | 2026-03-18T10:30:00Z | ERROR | web | ActiveRecord::ConnectionTimeoutError |
+| Docker | — | ERROR | worker | SolidQueue::ProcessMissingError |
+| Rails log | — | WARN | N/A | DEPRECATION WARNING: ... |
+
+Include a summary of findings: total errors, warnings, and any patterns observed.