@forwardimpact/pathway 0.4.0 → 0.6.0

package/examples/capabilities/reliability.yaml

@@ -1,412 +0,0 @@
-# yaml-language-server: $schema=https://schema.forwardimpact.team/json/capability.schema.json
-
-name: Reliability
-emoji: 🛡️
-displayOrder: 5
-description: |
-  Ensuring systems are dependable, secure, and observable.
-  Includes DevOps practices, security, monitoring, incident response,
-  and infrastructure management.
-professionalResponsibilities:
-  awareness:
-    Follow security and operational guidelines, escalate issues appropriately,
-    and participate in on-call rotations with guidance
-  foundational:
-    Implement reliability practices in your code, create basic monitoring, and
-    contribute effectively to incident response
-  working:
-    Design for reliability, implement comprehensive monitoring and alerting,
-    lead incident response, and drive post-incident improvements
-  practitioner:
-    Establish SLOs/SLIs across teams, build resilient systems, lead reliability
-    initiatives for your area, mentor engineers on reliability practices, and
-    drive reliability culture
-  expert:
-    Shape reliability strategy across the business unit, lead critical incident
-    management, pioneer new reliability practices, and be the authority on
-    system resilience
-managementResponsibilities:
-  awareness:
-    Understand reliability requirements and support incident escalation
-    processes
-  foundational:
-    Ensure team follows reliability practices, manage on-call schedules, and
-    facilitate incident retrospectives
-  working:
-    Own team reliability outcomes, manage incident response rotations, staff
-    reliability initiatives, and champion operational excellence
-  practitioner:
-    Drive reliability culture across teams, establish SLOs and incident
-    management processes for your area, and own cross-team reliability outcomes
-  expert:
-    Shape reliability strategy across the business unit, lead critical incident
-    management at executive level, and own enterprise reliability outcomes
-skills:
-  - id: devops
-    name: DevOps & CI/CD
-    human:
-      description:
-        Building and maintaining deployment pipelines, infrastructure, and
-        operational practices
-      levelDescriptions:
-        awareness:
-          You understand CI/CD concepts (build, test, deploy) and can trigger
-          and monitor pipelines others have built. You follow deployment
-          procedures.
-        foundational:
-          You configure basic CI/CD pipelines, understand containerization
-          (Docker), and can troubleshoot common build and deployment failures.
-        working:
-          You build complete CI/CD pipelines end-to-end, manage infrastructure
-          as code (Terraform, CloudFormation), implement monitoring, and design
-          deployment strategies for your services.
-        practitioner:
-          You design deployment strategies for complex multi-service systems
-          across teams, optimize pipeline performance and reliability, define
-          DevOps practices for your area, and mentor engineers on
-          infrastructure.
-        expert:
-          You shape DevOps culture and practices across the business unit. You
-          introduce innovative approaches to deployment and infrastructure,
-          solve large-scale DevOps challenges, and are recognized externally.
-    agent:
-      name: devops-cicd
-      description: |
-        Guide for building CI/CD pipelines, managing infrastructure as code,
-        and implementing deployment best practices.
-      useWhen: |
-        Setting up pipelines, containerizing applications, or configuring
-        infrastructure.
-      stages:
-        specify:
-          focus: |
-            Define CI/CD and infrastructure requirements.
-            Clarify deployment strategy and operational needs.
-          activities:
-            - Document deployment frequency requirements
-            - Identify rollback and recovery requirements
-            - Specify monitoring and alerting needs
-            - Define security and compliance constraints
-            - Mark ambiguities with [NEEDS CLARIFICATION]
-          ready:
-            - Deployment requirements are documented
-            - Recovery requirements are specified
-            - Monitoring needs are identified
-            - Compliance constraints are clear
-        plan:
-          focus: |
-            Plan CI/CD pipeline architecture and infrastructure requirements.
-            Consider deployment strategies and monitoring needs.
-          activities:
-            - Define pipeline stages (build, test, deploy)
-            - Identify infrastructure requirements
-            - Plan deployment strategy (rolling, blue-green, canary)
-            - Consider monitoring and alerting needs
-            - Plan secret management approach
-          ready:
-            - Pipeline architecture is documented
-            - Deployment strategy is chosen and justified
-            - Infrastructure requirements are identified
-            - Monitoring approach is defined
-        code:
-          focus: |
-            Implement CI/CD pipelines and infrastructure as code. Follow
-            best practices for containerization and deployment automation.
-          activities:
-            - Configure CI/CD pipeline stages
-            - Implement infrastructure as code (Terraform, CloudFormation)
-            - Create Dockerfiles with security best practices
-            - Set up monitoring and alerting
-            - Configure secret management
-            - Implement deployment automation
-          ready:
-            - Pipeline runs on every commit
-            - Tests run before deployment
-            - Deployments are automated
-            - Infrastructure is version controlled
-            - Secrets are managed securely
-            - Monitoring is in place
-        review:
-          focus: |
-            Verify pipeline reliability, security, and operational readiness.
-            Ensure rollback procedures work and documentation is complete.
-          activities:
-            - Verify pipeline runs successfully end-to-end
-            - Test rollback procedures
-            - Review security configurations
-            - Validate monitoring and alerts
-            - Check documentation completeness
-          ready:
-            - Pipeline is tested and reliable
-            - Rollback procedure is documented and tested
-            - Alerts are configured and tested
-            - Runbooks exist for common issues
-        deploy:
-          focus: |
-            Deploy pipeline and infrastructure changes to production.
-            Verify operational readiness.
-          activities:
-            - Deploy pipeline configuration to production
-            - Verify deployment workflows work correctly
-            - Confirm monitoring and alerting are operational
-            - Run deployment through the new pipeline
-          ready:
-            - Pipeline deployed and operational
-            - Workflows tested in production
-            - Monitoring confirms healthy operation
-            - First deployment through pipeline succeeded
-    toolReferences:
-      - name: Terraform
-        url: https://developer.hashicorp.com/terraform/docs
-        description: Infrastructure as code tool
-        useWhen: Provisioning and managing cloud infrastructure
-      - name: Docker
-        url: https://docs.docker.com/
-        description: Container platform
-        useWhen: Containerizing applications or managing container environments
-    implementationReference: |
-      ## CI/CD Pipeline Stages
-
-      ### Build
-      - Install dependencies
-      - Compile/transpile code
-      - Generate artifacts
-      - Cache dependencies for speed
-
-      ### Test
-      - Run unit tests
-      - Run integration tests
-      - Static analysis and linting
-      - Security scanning
-
-      ### Deploy
-      - Deploy to staging environment
-      - Run smoke tests
-      - Deploy to production
-      - Verify deployment health
-
-      ## Infrastructure as Code
-
-      ### Terraform
-      ```hcl
-      # Define resources declaratively
-      resource "aws_instance" "example" {
-        ami           = "ami-0c55b159cbfafe1f0"
-        instance_type = "t2.micro"
-      }
-      ```
-
-      ### Docker
-      ```dockerfile
-      FROM node:18-alpine
-      WORKDIR /app
-      COPY package*.json ./
-      RUN npm ci --only=production
-      COPY . .
-      CMD ["node", "server.js"]
-      ```
-
-      ## Deployment Strategies
-
-      ### Rolling Deployment
-      - Gradual replacement of instances
-      - Zero downtime
-      - Easy rollback
-
-      ### Blue-Green Deployment
-      - Two identical environments
-      - Switch traffic atomically
-      - Fast rollback
-
-      ### Canary Deployment
-      - Route small percentage to new version
-      - Monitor for issues
-      - Gradually increase traffic
-  - id: sre_practices
-    name: Site Reliability Engineering
-    human:
-      description:
-        Ensuring system reliability through observability, incident response,
-        and capacity planning
-      levelDescriptions:
-        awareness:
-          You understand SLIs, SLOs, and error budgets conceptually. You can use
-          monitoring dashboards and escalate issues appropriately.
-        foundational:
-          You create basic alerts and dashboards. You participate in on-call
-          rotations and contribute to incident response under guidance.
-        working:
-          You design observability strategies for your services, lead incident
-          response, implement resilience testing, and conduct blameless
-          post-mortems. You balance reliability investment with feature
-          velocity.
-        practitioner:
-          You define reliability standards across teams in your area, drive
-          post-incident improvements systematically, design capacity planning
-          processes, and mentor engineers on SRE practices.
-        expert:
-          You shape reliability culture and standards across the business unit.
-          You pioneer new reliability practices, solve large-scale reliability
-          challenges, and are recognized as an authority on system resilience.
-    agent:
-      name: sre-practices
-      description: |
-        Guide for ensuring system reliability through observability, incident
-        response, and capacity planning.
-      useWhen: |
-        Designing monitoring, handling incidents, setting SLOs, or improving
-        system resilience.
-      stages:
-        specify:
-          focus: |
-            Define reliability requirements and SLO targets.
-            Identify critical user journeys that need protection.
-          activities:
-            - Identify critical user journeys and business impact
-            - Document reliability requirements (availability, latency)
-            - Define SLO targets with stakeholder agreement
-            - Specify acceptable error budgets
-            - Mark ambiguities with [NEEDS CLARIFICATION]
-          ready:
-            - Critical user journeys are identified
-            - Reliability requirements are documented
-            - SLO targets are defined
-            - Error budgets are agreed
-        plan:
-          focus: |
-            Define reliability requirements, SLIs/SLOs, and observability
-            strategy. Plan for resilience and capacity needs.
-          activities:
-            - Define SLIs for key user journeys
-            - Set SLOs with stakeholder agreement
-            - Plan observability strategy (metrics, logs, traces)
-            - Identify failure modes and resilience patterns
-            - Define alerting thresholds
-          ready:
-            - SLIs defined for key user journeys
-            - SLOs set with stakeholder agreement
-            - Monitoring strategy is planned
-            - Failure modes are identified
-            - Alerting thresholds are defined
-        code:
-          focus: |
-            Implement observability, resilience patterns, and operational
-            tooling. Build systems that fail gracefully and recover quickly.
-          activities:
-            - Implement metrics, logging, and tracing
-            - Configure alerts based on SLOs
-            - Implement resilience patterns (timeouts, retries, circuit
-              breakers)
-            - Create runbooks for common issues
-            - Set up error budget tracking
-          ready:
-            - Comprehensive monitoring is in place
-            - Alerts are actionable and low-noise
-            - Resilience patterns are implemented
-            - Runbooks exist for common issues
-            - Error budget tracking is in place
-        review:
-          focus: |
-            Verify reliability implementation meets SLOs and operational
-            readiness. Ensure incident response procedures are in place.
-          activities:
-            - Validate SLOs are measurable
-            - Test failure scenarios
-            - Review runbook completeness
-            - Verify incident response procedures
-            - Check alert quality and coverage
-          ready:
-            - SLOs are measurable and validated
-            - Failure scenarios are tested
-            - Incident response process documented
-            - Post-mortem culture established
-            - Disaster recovery approach is tested
-        deploy:
-          focus: |
-            Deploy reliability infrastructure and verify production
-            monitoring. Ensure on-call readiness.
-          activities:
-            - Deploy monitoring and alerting to production
-            - Verify dashboards and alerts work correctly
-            - Confirm on-call rotation is ready
-            - Run production readiness review
-          ready:
-            - Monitoring is live in production
-            - Alerts fire correctly for SLO breaches
-            - On-call team is trained and ready
-            - Production readiness review is complete
-    implementationReference: |
-      ## Service Level Concepts
-
-      ### SLI (Service Level Indicator)
-      Quantitative measure of service behavior:
-      - Request latency (p50, p95, p99)
-      - Error rate (% of failed requests)
-      - Availability (% of successful requests)
-      - Throughput (requests per second)
-
-      ### SLO (Service Level Objective)
-      Target value for an SLI:
-      - "99.9% of requests complete in < 200ms"
-      - "Error rate < 0.1% over 30 days"
-      - "99.95% availability monthly"
-
-      ### Error Budget
-      Allowed unreliability: 100% - SLO
-      - 99.9% SLO = 0.1% error budget
-      - ~43 minutes downtime per month
-      - Spend on features or reliability
-
-      ## Observability
-
-      ### Three Pillars
-      - **Metrics**: Aggregated numeric data (counters, gauges, histograms)
-      - **Logs**: Discrete event records with context
-      - **Traces**: Request flow across services
-
-      ### Alerting Principles
-      - Alert on symptoms, not causes
-      - Every alert should be actionable
-      - Reduce noise ruthlessly
-      - Page only for user-impacting issues
-      - Use severity levels appropriately
-
-      ## Incident Response
-
-      ### Incident Lifecycle
-      1. **Detection**: Automated alerts or user reports
-      2. **Triage**: Assess severity and impact
-      3. **Mitigation**: Stop the bleeding first
-      4. **Resolution**: Fix the underlying issue
-      5. **Post-mortem**: Learn and improve
-
-      ### During an Incident
-      - Communicate early and often
-      - Focus on mitigation before root cause
-      - Document actions in real-time
-      - Escalate when needed
-      - Update stakeholders regularly
-
-      ## Post-Mortem Process
-
-      ### Blameless Culture
-      - Focus on systems, not individuals
-      - Assume good intentions
-      - Ask "how did the system allow this?"
-      - Share findings openly
-
-      ### Post-Mortem Template
-      1. Incident summary
-      2. Timeline of events
-      3. Root cause analysis
-      4. What went well
-      5. What could be improved
-      6. Action items with owners
-
-      ## Resilience Patterns
-
-      - **Timeouts**: Don't wait forever
-      - **Retries**: With exponential backoff
-      - **Circuit breakers**: Fail fast when downstream is unhealthy
-      - **Bulkheads**: Isolate failures
-      - **Graceful degradation**: Partial functionality over total failure