@forwardimpact/schema 0.1.0

package/examples/capabilities/reliability.yaml

@@ -0,0 +1,414 @@
+# yaml-language-server: $schema=https://schema.forwardimpact.team/json/capability.schema.json
+
+name: Reliability
+emojiIcon: 🛡️
+displayOrder: 5
+description: |
+  Ensuring systems are dependable, secure, and observable.
+  Includes DevOps practices, security, monitoring, incident response,
+  and infrastructure management.
+professionalResponsibilities:
+  awareness:
+    Follow security and operational guidelines, escalate issues appropriately,
+    and participate in on-call rotations with guidance
+  foundational:
+    Implement reliability practices in your code, create basic monitoring, and
+    contribute effectively to incident response
+  working:
+    Design for reliability, implement comprehensive monitoring and alerting,
+    lead incident response, and drive post-incident improvements
+  practitioner:
+    Establish SLOs/SLIs across teams, build resilient systems, lead reliability
+    initiatives for your area, mentor engineers on reliability practices, and
+    drive reliability culture
+  expert:
+    Shape reliability strategy across the business unit, lead critical incident
+    management, pioneer new reliability practices, and be the authority on
+    system resilience
+managementResponsibilities:
+  awareness:
+    Understand reliability requirements and support incident escalation
+    processes
+  foundational:
+    Ensure team follows reliability practices, manage on-call schedules, and
+    facilitate incident retrospectives
+  working:
+    Own team reliability outcomes, manage incident response rotations, staff
+    reliability initiatives, and champion operational excellence
+  practitioner:
+    Drive reliability culture across teams, establish SLOs and incident
+    management processes for your area, and own cross-team reliability outcomes
+  expert:
+    Shape reliability strategy across the business unit, lead critical incident
+    management at executive level, and own enterprise reliability outcomes
+skills:
+  - id: devops
+    name: DevOps & CI/CD
+    human:
+      description:
+        Building and maintaining deployment pipelines, infrastructure, and
+        operational practices
+      levelDescriptions:
+        awareness:
+          You understand CI/CD concepts (build, test, deploy) and can trigger
+          and monitor pipelines others have built. You follow deployment
+          procedures.
+        foundational:
+          You configure basic CI/CD pipelines, understand containerization
+          (Docker), and can troubleshoot common build and deployment failures.
+        working:
+          You build complete CI/CD pipelines end-to-end, manage infrastructure
+          as code (Terraform, CloudFormation), implement monitoring, and design
+          deployment strategies for your services.
+        practitioner:
+          You design deployment strategies for complex multi-service systems
+          across teams, optimize pipeline performance and reliability, define
+          DevOps practices for your area, and mentor engineers on
+          infrastructure.
+        expert:
+          You shape DevOps culture and practices across the business unit. You
+          introduce innovative approaches to deployment and infrastructure,
+          solve large-scale DevOps challenges, and are recognized externally.
+    agent:
+      name: devops-cicd
+      description: |
+        Guide for building CI/CD pipelines, managing infrastructure as code,
+        and implementing deployment best practices.
+      useWhen: |
+        Setting up pipelines, containerizing applications, or configuring
+        infrastructure.
+      stages:
+        specify:
+          focus: |
+            Define CI/CD and infrastructure requirements.
+            Clarify deployment strategy and operational needs.
+          activities:
+            - Document deployment frequency requirements
+            - Identify rollback and recovery requirements
+            - Specify monitoring and alerting needs
+            - Define security and compliance constraints
+            - Mark ambiguities with [NEEDS CLARIFICATION]
+          ready:
+            - Deployment requirements are documented
+            - Recovery requirements are specified
+            - Monitoring needs are identified
+            - Compliance constraints are clear
+        plan:
+          focus: |
+            Plan CI/CD pipeline architecture and infrastructure requirements.
+            Consider deployment strategies and monitoring needs.
+          activities:
+            - Define pipeline stages (build, test, deploy)
+            - Identify infrastructure requirements
+            - Plan deployment strategy (rolling, blue-green, canary)
+            - Consider monitoring and alerting needs
+            - Plan secret management approach
+          ready:
+            - Pipeline architecture is documented
+            - Deployment strategy is chosen and justified
+            - Infrastructure requirements are identified
+            - Monitoring approach is defined
+        code:
+          focus: |
+            Implement CI/CD pipelines and infrastructure as code. Follow
+            best practices for containerization and deployment automation.
+          activities:
+            - Configure CI/CD pipeline stages
+            - Implement infrastructure as code (Terraform, CloudFormation)
+            - Create Dockerfiles with security best practices
+            - Set up monitoring and alerting
+            - Configure secret management
+            - Implement deployment automation
+          ready:
+            - Pipeline runs on every commit
+            - Tests run before deployment
+            - Deployments are automated
+            - Infrastructure is version controlled
+            - Secrets are managed securely
+            - Monitoring is in place
+        review:
+          focus: |
+            Verify pipeline reliability, security, and operational readiness.
+            Ensure rollback procedures work and documentation is complete.
+          activities:
+            - Verify pipeline runs successfully end-to-end
+            - Test rollback procedures
+            - Review security configurations
+            - Validate monitoring and alerts
+            - Check documentation completeness
+          ready:
+            - Pipeline is tested and reliable
+            - Rollback procedure is documented and tested
+            - Alerts are configured and tested
+            - Runbooks exist for common issues
+        deploy:
+          focus: |
+            Deploy pipeline and infrastructure changes to production.
+            Verify operational readiness.
+          activities:
+            - Deploy pipeline configuration to production
+            - Verify deployment workflows work correctly
+            - Confirm monitoring and alerting are operational
+            - Run deployment through the new pipeline
+          ready:
+            - Pipeline deployed and operational
+            - Workflows tested in production
+            - Monitoring confirms healthy operation
+            - First deployment through pipeline succeeded
+    toolReferences:
+      - name: Terraform
+        url: https://developer.hashicorp.com/terraform/docs
+        simpleIcon: terraform
+        description: Infrastructure as code tool
+        useWhen: Provisioning and managing cloud infrastructure
+      - name: Docker
+        url: https://docs.docker.com/
+        simpleIcon: docker
+        description: Container platform
+        useWhen: Containerizing applications or managing container environments
+    implementationReference: |
+      ## CI/CD Pipeline Stages
+
+      ### Build
+      - Install dependencies
+      - Compile/transpile code
+      - Generate artifacts
+      - Cache dependencies for speed
+
+      ### Test
+      - Run unit tests
+      - Run integration tests
+      - Static analysis and linting
+      - Security scanning
+
+      ### Deploy
+      - Deploy to staging environment
+      - Run smoke tests
+      - Deploy to production
+      - Verify deployment health
+
+      ## Infrastructure as Code
+
+      ### Terraform
+      ```hcl
+      # Define resources declaratively
+      resource "aws_instance" "example" {
+        ami           = "ami-0c55b159cbfafe1f0"
+        instance_type = "t2.micro"
+      }
+      ```
+
+      ### Docker
+      ```dockerfile
+      FROM node:18-alpine
+      WORKDIR /app
+      COPY package*.json ./
+      RUN npm ci --only=production
+      COPY . .
+      CMD ["node", "server.js"]
+      ```
+
+      ## Deployment Strategies
+
+      ### Rolling Deployment
+      - Gradual replacement of instances
+      - Zero downtime
+      - Easy rollback
+
+      ### Blue-Green Deployment
+      - Two identical environments
+      - Switch traffic atomically
+      - Fast rollback
+
+      ### Canary Deployment
+      - Route small percentage to new version
+      - Monitor for issues
+      - Gradually increase traffic
+  - id: sre_practices
+    name: Site Reliability Engineering
+    human:
+      description:
+        Ensuring system reliability through observability, incident response,
+        and capacity planning
+      levelDescriptions:
+        awareness:
+          You understand SLIs, SLOs, and error budgets conceptually. You can use
+          monitoring dashboards and escalate issues appropriately.
+        foundational:
+          You create basic alerts and dashboards. You participate in on-call
+          rotations and contribute to incident response under guidance.
+        working:
+          You design observability strategies for your services, lead incident
+          response, implement resilience testing, and conduct blameless
+          post-mortems. You balance reliability investment with feature
+          velocity.
+        practitioner:
+          You define reliability standards across teams in your area, drive
+          post-incident improvements systematically, design capacity planning
+          processes, and mentor engineers on SRE practices.
+        expert:
+          You shape reliability culture and standards across the business unit.
+          You pioneer new reliability practices, solve large-scale reliability
+          challenges, and are recognized as an authority on system resilience.
+    agent:
+      name: sre-practices
+      description: |
+        Guide for ensuring system reliability through observability, incident
+        response, and capacity planning.
+      useWhen: |
+        Designing monitoring, handling incidents, setting SLOs, or improving
+        system resilience.
+      stages:
+        specify:
+          focus: |
+            Define reliability requirements and SLO targets.
+            Identify critical user journeys that need protection.
+          activities:
+            - Identify critical user journeys and business impact
+            - Document reliability requirements (availability, latency)
+            - Define SLO targets with stakeholder agreement
+            - Specify acceptable error budgets
+            - Mark ambiguities with [NEEDS CLARIFICATION]
+          ready:
+            - Critical user journeys are identified
+            - Reliability requirements are documented
+            - SLO targets are defined
+            - Error budgets are agreed
+        plan:
+          focus: |
+            Define reliability requirements, SLIs/SLOs, and observability
+            strategy. Plan for resilience and capacity needs.
+          activities:
+            - Define SLIs for key user journeys
+            - Set SLOs with stakeholder agreement
+            - Plan observability strategy (metrics, logs, traces)
+            - Identify failure modes and resilience patterns
+            - Define alerting thresholds
+          ready:
+            - SLIs defined for key user journeys
+            - SLOs set with stakeholder agreement
+            - Monitoring strategy is planned
+            - Failure modes are identified
+            - Alerting thresholds are defined
+        code:
+          focus: |
+            Implement observability, resilience patterns, and operational
+            tooling. Build systems that fail gracefully and recover quickly.
+          activities:
+            - Implement metrics, logging, and tracing
+            - Configure alerts based on SLOs
+            - Implement resilience patterns (timeouts, retries, circuit
+              breakers)
+            - Create runbooks for common issues
+            - Set up error budget tracking
+          ready:
+            - Comprehensive monitoring is in place
+            - Alerts are actionable and low-noise
+            - Resilience patterns are implemented
+            - Runbooks exist for common issues
+            - Error budget tracking is in place
+        review:
+          focus: |
+            Verify reliability implementation meets SLOs and operational
+            readiness. Ensure incident response procedures are in place.
+          activities:
+            - Validate SLOs are measurable
+            - Test failure scenarios
+            - Review runbook completeness
+            - Verify incident response procedures
+            - Check alert quality and coverage
+          ready:
+            - SLOs are measurable and validated
+            - Failure scenarios are tested
+            - Incident response process documented
+            - Post-mortem culture established
+            - Disaster recovery approach is tested
+        deploy:
+          focus: |
+            Deploy reliability infrastructure and verify production
+            monitoring. Ensure on-call readiness.
+          activities:
+            - Deploy monitoring and alerting to production
+            - Verify dashboards and alerts work correctly
+            - Confirm on-call rotation is ready
+            - Run production readiness review
+          ready:
+            - Monitoring is live in production
+            - Alerts fire correctly for SLO breaches
+            - On-call team is trained and ready
+            - Production readiness review is complete
+    implementationReference: |
+      ## Service Level Concepts
+
+      ### SLI (Service Level Indicator)
+      Quantitative measure of service behavior:
+      - Request latency (p50, p95, p99)
+      - Error rate (% of failed requests)
+      - Availability (% of successful requests)
+      - Throughput (requests per second)
+
+      ### SLO (Service Level Objective)
+      Target value for an SLI:
+      - "99.9% of requests complete in < 200ms"
+      - "Error rate < 0.1% over 30 days"
+      - "99.95% availability monthly"
+
+      ### Error Budget
+      Allowed unreliability: 100% - SLO
+      - 99.9% SLO = 0.1% error budget
+      - ~43 minutes downtime per month
+      - Spend on features or reliability
+
+      ## Observability
+
+      ### Three Pillars
+      - **Metrics**: Aggregated numeric data (counters, gauges, histograms)
+      - **Logs**: Discrete event records with context
+      - **Traces**: Request flow across services
+
+      ### Alerting Principles
+      - Alert on symptoms, not causes
+      - Every alert should be actionable
+      - Reduce noise ruthlessly
+      - Page only for user-impacting issues
+      - Use severity levels appropriately
+
+      ## Incident Response
+
+      ### Incident Lifecycle
+      1. **Detection**: Automated alerts or user reports
+      2. **Triage**: Assess severity and impact
+      3. **Mitigation**: Stop the bleeding first
+      4. **Resolution**: Fix the underlying issue
+      5. **Post-mortem**: Learn and improve
+
+      ### During an Incident
+      - Communicate early and often
+      - Focus on mitigation before root cause
+      - Document actions in real-time
+      - Escalate when needed
+      - Update stakeholders regularly
+
+      ## Post-Mortem Process
+
+      ### Blameless Culture
+      - Focus on systems, not individuals
+      - Assume good intentions
+      - Ask "how did the system allow this?"
+      - Share findings openly
+
+      ### Post-Mortem Template
+      1. Incident summary
+      2. Timeline of events
+      3. Root cause analysis
+      4. What went well
+      5. What could be improved
+      6. Action items with owners
+
+      ## Resilience Patterns
+
+      - **Timeouts**: Don't wait forever
+      - **Retries**: With exponential backoff
+      - **Circuit breakers**: Fail fast when downstream is unhealthy
+      - **Bulkheads**: Isolate failures
+      - **Graceful degradation**: Partial functionality over total failure