@geraldmaron/construct 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +69 -0
- package/LICENSE +21 -0
- package/README.md +344 -0
- package/agents/prompts/cx-accessibility.md +29 -0
- package/agents/prompts/cx-ai-engineer.md +31 -0
- package/agents/prompts/cx-architect.md +40 -0
- package/agents/prompts/cx-business-strategist.md +25 -0
- package/agents/prompts/cx-data-analyst.md +30 -0
- package/agents/prompts/cx-data-engineer.md +32 -0
- package/agents/prompts/cx-debugger.md +27 -0
- package/agents/prompts/cx-designer.md +33 -0
- package/agents/prompts/cx-devil-advocate.md +36 -0
- package/agents/prompts/cx-docs-keeper.md +50 -0
- package/agents/prompts/cx-engineer.md +36 -0
- package/agents/prompts/cx-evaluator.md +26 -0
- package/agents/prompts/cx-explorer.md +38 -0
- package/agents/prompts/cx-legal-compliance.md +25 -0
- package/agents/prompts/cx-operations.md +28 -0
- package/agents/prompts/cx-orchestrator.md +30 -0
- package/agents/prompts/cx-platform-engineer.md +25 -0
- package/agents/prompts/cx-product-manager.md +30 -0
- package/agents/prompts/cx-qa.md +42 -0
- package/agents/prompts/cx-rd-lead.md +25 -0
- package/agents/prompts/cx-release-manager.md +31 -0
- package/agents/prompts/cx-researcher.md +31 -0
- package/agents/prompts/cx-reviewer.md +36 -0
- package/agents/prompts/cx-security.md +37 -0
- package/agents/prompts/cx-sre.md +26 -0
- package/agents/prompts/cx-test-automation.md +35 -0
- package/agents/prompts/cx-trace-reviewer.md +76 -0
- package/agents/prompts/cx-ux-researcher.md +30 -0
- package/agents/registry.json +879 -0
- package/agents/teams.json +94 -0
- package/bin/construct +613 -0
- package/commands/build/feature.md +21 -0
- package/commands/build/fix.md +20 -0
- package/commands/design/access.md +19 -0
- package/commands/design/flow.md +16 -0
- package/commands/design/ui.md +18 -0
- package/commands/measure/experiment.md +18 -0
- package/commands/measure/metrics.md +18 -0
- package/commands/measure/results.md +18 -0
- package/commands/plan/api.md +19 -0
- package/commands/plan/challenge.md +18 -0
- package/commands/plan/decide.md +20 -0
- package/commands/plan/feature.md +49 -0
- package/commands/plan/requirements.md +24 -0
- package/commands/remember/context.md +26 -0
- package/commands/remember/handoff.md +19 -0
- package/commands/remember/runbook.md +20 -0
- package/commands/review/code.md +21 -0
- package/commands/review/quality.md +19 -0
- package/commands/review/security.md +16 -0
- package/commands/ship/ready.md +19 -0
- package/commands/ship/release.md +19 -0
- package/commands/ship/status.md +18 -0
- package/commands/understand/docs.md +22 -0
- package/commands/understand/research.md +22 -0
- package/commands/understand/this.md +23 -0
- package/commands/understand/why.md +18 -0
- package/commands/work/clean.md +32 -0
- package/commands/work/drive.md +69 -0
- package/commands/work/optimize-prompts.md +46 -0
- package/commands/work/parallel-review.md +40 -0
- package/db/migrations/001_init.sql +38 -0
- package/langfuse/docker-compose.yml +82 -0
- package/lib/audit-skills.mjs +118 -0
- package/lib/auto-docs.mjs +293 -0
- package/lib/cli-commands.mjs +409 -0
- package/lib/codex-config.mjs +114 -0
- package/lib/comment-lint.mjs +191 -0
- package/lib/completions.mjs +170 -0
- package/lib/context-state.mjs +99 -0
- package/lib/cost.mjs +213 -0
- package/lib/distill.mjs +403 -0
- package/lib/efficiency.mjs +139 -0
- package/lib/env-config.mjs +53 -0
- package/lib/eval-harness.mjs +59 -0
- package/lib/features.mjs +209 -0
- package/lib/headhunt.mjs +597 -0
- package/lib/hooks/adaptive-lint.mjs +112 -0
- package/lib/hooks/agent-tracker.mjs +50 -0
- package/lib/hooks/bootstrap-guard.mjs +90 -0
- package/lib/hooks/comment-lint.mjs +26 -0
- package/lib/hooks/config-protection.mjs +52 -0
- package/lib/hooks/console-warn.mjs +43 -0
- package/lib/hooks/context-window-recovery.mjs +90 -0
- package/lib/hooks/continuation-enforcer.mjs +72 -0
- package/lib/hooks/dep-audit.mjs +155 -0
- package/lib/hooks/drive-guard.mjs +89 -0
- package/lib/hooks/edit-accumulator.mjs +36 -0
- package/lib/hooks/edit-error-recovery.mjs +46 -0
- package/lib/hooks/edit-guard.mjs +109 -0
- package/lib/hooks/env-check.mjs +80 -0
- package/lib/hooks/guard-bash.mjs +83 -0
- package/lib/hooks/mcp-audit.mjs +57 -0
- package/lib/hooks/mcp-health-check.mjs +51 -0
- package/lib/hooks/mcp-task-scope.mjs +47 -0
- package/lib/hooks/model-fallback.mjs +105 -0
- package/lib/hooks/pre-compact.mjs +212 -0
- package/lib/hooks/pre-push-gate.mjs +129 -0
- package/lib/hooks/read-tracker.mjs +129 -0
- package/lib/hooks/registry-sync.mjs +23 -0
- package/lib/hooks/scan-secrets.mjs +76 -0
- package/lib/hooks/session-start.mjs +95 -0
- package/lib/hooks/stop-notify.mjs +191 -0
- package/lib/hooks/stop-typecheck.mjs +83 -0
- package/lib/hooks/task-completed-guard.mjs +43 -0
- package/lib/hooks/teammate-idle-guard.mjs +54 -0
- package/lib/hooks/workflow-guard.mjs +62 -0
- package/lib/host-capabilities.mjs +123 -0
- package/lib/init-docs.mjs +382 -0
- package/lib/mcp/server.mjs +1123 -0
- package/lib/mcp-catalog.json +243 -0
- package/lib/mcp-manager.mjs +433 -0
- package/lib/mcp-platform-config.mjs +104 -0
- package/lib/model-router.mjs +810 -0
- package/lib/opencode-config.mjs +44 -0
- package/lib/opencode-runtime-plugin.mjs +909 -0
- package/lib/opencode-telemetry.mjs +433 -0
- package/lib/orchestration-policy.mjs +258 -0
- package/lib/prompt-composer.mjs +196 -0
- package/lib/prompt-metadata.mjs +68 -0
- package/lib/review.mjs +429 -0
- package/lib/role-preload.mjs +52 -0
- package/lib/schemas/decision.json +50 -0
- package/lib/schemas/implementation.json +51 -0
- package/lib/schemas/review-report.json +32 -0
- package/lib/schemas/test-report.json +43 -0
- package/lib/server/index.mjs +334 -0
- package/lib/server/static/app.js +841 -0
- package/lib/server/static/index.html +820 -0
- package/lib/service-manager.mjs +225 -0
- package/lib/setup.mjs +319 -0
- package/lib/status.mjs +707 -0
- package/lib/storage/backend.mjs +44 -0
- package/lib/storage/embeddings.mjs +70 -0
- package/lib/storage/hybrid-query.mjs +184 -0
- package/lib/storage/sql-store.mjs +55 -0
- package/lib/storage/state-source.mjs +101 -0
- package/lib/storage/sync.mjs +164 -0
- package/lib/storage/vector-store.mjs +59 -0
- package/lib/telemetry/backends/langfuse.mjs +58 -0
- package/lib/telemetry/backends/noop.mjs +16 -0
- package/lib/telemetry/langfuse-ingest.mjs +108 -0
- package/lib/telemetry/langfuse-model-sync.mjs +270 -0
- package/lib/telemetry/team-rollup.mjs +143 -0
- package/lib/toolkit-env.mjs +30 -0
- package/lib/validator.mjs +181 -0
- package/lib/workflow-state.mjs +794 -0
- package/package.json +53 -0
- package/personas/construct.md +94 -0
- package/platforms/claude/CLAUDE.md +30 -0
- package/platforms/claude/settings.template.json +472 -0
- package/platforms/opencode/config.template.json +65 -0
- package/platforms/opencode/plugins/construct-fallback.js +5 -0
- package/platforms/opencode/sync-config.mjs +69 -0
- package/rules/common/agents.md +55 -0
- package/rules/common/code-review.md +129 -0
- package/rules/common/coding-style.md +95 -0
- package/rules/common/comments.md +139 -0
- package/rules/common/cx-agent-routing.md +61 -0
- package/rules/common/cx-skill-routing.md +11 -0
- package/rules/common/development-workflow.md +49 -0
- package/rules/common/git-workflow.md +29 -0
- package/rules/common/hooks.md +35 -0
- package/rules/common/patterns.md +36 -0
- package/rules/common/performance.md +71 -0
- package/rules/common/security.md +34 -0
- package/rules/common/testing.md +62 -0
- package/rules/golang/coding-style.md +37 -0
- package/rules/golang/hooks.md +22 -0
- package/rules/golang/patterns.md +50 -0
- package/rules/golang/security.md +39 -0
- package/rules/golang/testing.md +36 -0
- package/rules/python/coding-style.md +47 -0
- package/rules/python/hooks.md +24 -0
- package/rules/python/patterns.md +44 -0
- package/rules/python/security.md +35 -0
- package/rules/python/testing.md +43 -0
- package/rules/swift/coding-style.md +52 -0
- package/rules/swift/hooks.md +25 -0
- package/rules/swift/patterns.md +71 -0
- package/rules/swift/security.md +38 -0
- package/rules/swift/testing.md +50 -0
- package/rules/typescript/coding-style.md +204 -0
- package/rules/typescript/hooks.md +27 -0
- package/rules/typescript/patterns.md +57 -0
- package/rules/typescript/security.md +33 -0
- package/rules/typescript/testing.md +23 -0
- package/rules/web/coding-style.md +101 -0
- package/rules/web/design-quality.md +68 -0
- package/rules/web/hooks.md +125 -0
- package/rules/web/patterns.md +84 -0
- package/rules/web/performance.md +69 -0
- package/rules/web/security.md +62 -0
- package/rules/web/testing.md +60 -0
- package/rules/zh/README.md +113 -0
- package/rules/zh/agents.md +55 -0
- package/rules/zh/code-review.md +129 -0
- package/rules/zh/coding-style.md +53 -0
- package/rules/zh/development-workflow.md +49 -0
- package/rules/zh/git-workflow.md +29 -0
- package/rules/zh/hooks.md +35 -0
- package/rules/zh/patterns.md +36 -0
- package/rules/zh/performance.md +60 -0
- package/rules/zh/security.md +34 -0
- package/rules/zh/testing.md +34 -0
- package/skills/ai/agent-dev.md +102 -0
- package/skills/ai/llm-security.md +105 -0
- package/skills/ai/ml-ops.md +169 -0
- package/skills/ai/orchestration-workflow.md +87 -0
- package/skills/ai/prompt-and-eval.md +114 -0
- package/skills/ai/prompt-optimizer.md +114 -0
- package/skills/ai/rag-system.md +104 -0
- package/skills/architecture/api-design.md +100 -0
- package/skills/architecture/caching.md +101 -0
- package/skills/architecture/cloud-native.md +97 -0
- package/skills/architecture/message-queue.md +100 -0
- package/skills/architecture/security-arch.md +105 -0
- package/skills/development/cpp.md +127 -0
- package/skills/development/go.md +129 -0
- package/skills/development/java.md +134 -0
- package/skills/development/kotlin.md +140 -0
- package/skills/development/mobile-crossplatform.md +144 -0
- package/skills/development/python.md +109 -0
- package/skills/development/rust.md +127 -0
- package/skills/development/shell.md +127 -0
- package/skills/development/swift.md +129 -0
- package/skills/development/typescript.md +129 -0
- package/skills/devops/ci-cd.md +108 -0
- package/skills/devops/containerization.md +106 -0
- package/skills/devops/cost-optimization.md +105 -0
- package/skills/devops/data-engineering.md +181 -0
- package/skills/devops/database.md +95 -0
- package/skills/devops/dependency-management.md +91 -0
- package/skills/devops/devsecops.md +96 -0
- package/skills/devops/git-workflow.md +100 -0
- package/skills/devops/incident-response.md +167 -0
- package/skills/devops/monorepo.md +87 -0
- package/skills/devops/observability.md +103 -0
- package/skills/devops/performance.md +104 -0
- package/skills/devops/testing.md +104 -0
- package/skills/docs/adr-workflow.md +32 -0
- package/skills/docs/backlog-proposal-workflow.md +19 -0
- package/skills/docs/customer-profile-workflow.md +22 -0
- package/skills/docs/evidence-ingest-workflow.md +23 -0
- package/skills/docs/init-docs.md +160 -0
- package/skills/docs/init-project.md +50 -0
- package/skills/docs/prd-workflow.md +57 -0
- package/skills/docs/prfaq-workflow.md +25 -0
- package/skills/docs/product-intelligence-review.md +22 -0
- package/skills/docs/product-intelligence-workflow.md +62 -0
- package/skills/docs/product-signal-workflow.md +27 -0
- package/skills/docs/research-workflow.md +28 -0
- package/skills/docs/runbook-workflow.md +24 -0
- package/skills/exploration/repo-map.md +297 -0
- package/skills/frameworks/django.md +159 -0
- package/skills/frameworks/nextjs.md +148 -0
- package/skills/frameworks/react.md +132 -0
- package/skills/frameworks/spring-boot.md +165 -0
- package/skills/frontend-design/accessibility.md +153 -0
- package/skills/frontend-design/component-patterns.md +111 -0
- package/skills/frontend-design/engineering.md +122 -0
- package/skills/frontend-design/state-management.md +118 -0
- package/skills/frontend-design/ui-aesthetics.md +102 -0
- package/skills/frontend-design/ux-principles.md +126 -0
- package/skills/quality-gates/review-work.md +90 -0
- package/skills/quality-gates/verify-change.md +94 -0
- package/skills/quality-gates/verify-module.md +96 -0
- package/skills/quality-gates/verify-quality.md +93 -0
- package/skills/quality-gates/verify-security.md +95 -0
- package/skills/roles/architect.ai-systems.md +37 -0
- package/skills/roles/architect.data.md +37 -0
- package/skills/roles/architect.enterprise.md +37 -0
- package/skills/roles/architect.integration.md +37 -0
- package/skills/roles/architect.md +68 -0
- package/skills/roles/architect.platform.md +37 -0
- package/skills/roles/data-analyst.experiment.md +37 -0
- package/skills/roles/data-analyst.md +68 -0
- package/skills/roles/data-analyst.product-intelligence.md +37 -0
- package/skills/roles/data-analyst.product.md +37 -0
- package/skills/roles/data-analyst.telemetry.md +37 -0
- package/skills/roles/data-engineer.pipeline.md +37 -0
- package/skills/roles/data-engineer.vector-retrieval.md +37 -0
- package/skills/roles/data-engineer.warehouse.md +37 -0
- package/skills/roles/debugger.md +68 -0
- package/skills/roles/designer.accessibility.md +43 -0
- package/skills/roles/designer.md +68 -0
- package/skills/roles/engineer.ai.md +49 -0
- package/skills/roles/engineer.data.md +49 -0
- package/skills/roles/engineer.md +85 -0
- package/skills/roles/engineer.platform.md +49 -0
- package/skills/roles/operator.docs.md +43 -0
- package/skills/roles/operator.md +68 -0
- package/skills/roles/operator.release.md +43 -0
- package/skills/roles/operator.sre.md +43 -0
- package/skills/roles/orchestrator.md +66 -0
- package/skills/roles/product-manager.ai-product.md +37 -0
- package/skills/roles/product-manager.business-strategy.md +43 -0
- package/skills/roles/product-manager.enterprise.md +37 -0
- package/skills/roles/product-manager.growth.md +37 -0
- package/skills/roles/product-manager.md +67 -0
- package/skills/roles/product-manager.platform.md +37 -0
- package/skills/roles/product-manager.product.md +37 -0
- package/skills/roles/qa.ai-eval.md +37 -0
- package/skills/roles/qa.api-contract.md +37 -0
- package/skills/roles/qa.data-pipeline.md +37 -0
- package/skills/roles/qa.md +68 -0
- package/skills/roles/qa.test-automation.md +49 -0
- package/skills/roles/qa.web-ui.md +37 -0
- package/skills/roles/researcher.explorer.md +43 -0
- package/skills/roles/researcher.md +68 -0
- package/skills/roles/researcher.ux.md +43 -0
- package/skills/roles/reviewer.devil-advocate.md +43 -0
- package/skills/roles/reviewer.evaluator.md +43 -0
- package/skills/roles/reviewer.md +68 -0
- package/skills/roles/reviewer.trace.md +43 -0
- package/skills/roles/security.ai.md +37 -0
- package/skills/roles/security.appsec.md +37 -0
- package/skills/roles/security.cloud.md +37 -0
- package/skills/roles/security.legal-compliance.md +49 -0
- package/skills/roles/security.md +68 -0
- package/skills/roles/security.privacy.md +37 -0
- package/skills/roles/security.supply-chain.md +37 -0
- package/skills/routing.md +139 -0
- package/skills/security/blue-team.md +83 -0
- package/skills/security/code-audit.md +94 -0
- package/skills/security/pentest.md +84 -0
- package/skills/security/red-team.md +81 -0
- package/skills/security/threat-intel.md +89 -0
- package/skills/security/vuln-research.md +87 -0
- package/skills/utility/clean-code.md +165 -0
- package/sync-agents.mjs +899 -0
- package/templates/docs/adr.md +27 -0
- package/templates/docs/backlog-proposal.md +26 -0
- package/templates/docs/customer-profile.md +34 -0
- package/templates/docs/evidence-brief.md +37 -0
- package/templates/docs/incident-report.md +46 -0
- package/templates/docs/memo.md +27 -0
- package/templates/docs/meta-prd.md +56 -0
- package/templates/docs/one-pager.md +24 -0
- package/templates/docs/prd-business.md +61 -0
- package/templates/docs/prd-platform.md +62 -0
- package/templates/docs/prd.md +47 -0
- package/templates/docs/prfaq.md +31 -0
- package/templates/docs/product-intelligence-report.md +31 -0
- package/templates/docs/research-brief.md +29 -0
- package/templates/docs/rfc-platform.md +60 -0
- package/templates/docs/rfc.md +46 -0
- package/templates/docs/runbook.md +33 -0
- package/templates/docs/signal-brief.md +25 -0
|
@@ -0,0 +1,167 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/devops/incident-response.md — Incident Response — | Sev | User impact | Response time | Example |
|
|
3
|
+
|
|
4
|
+
## Severity Levels | Sev | User impact | Response time | Example |
|
|
5
|
+
-->
|
|
6
|
+
# Incident Response
|
|
7
|
+
|
|
8
|
+
## Severity Levels
|
|
9
|
+
|
|
10
|
+
| Sev | User impact | Response time | Example |
|
|
11
|
+
|---|---|---|---|
|
|
12
|
+
| **P0** | Total outage, data loss, security breach | Immediate (< 5 min) | Production DB down, credentials leaked |
|
|
13
|
+
| **P1** | Major feature broken for all users | < 15 min | Auth service down, checkout failing |
|
|
14
|
+
| **P2** | Significant degradation, partial outage | < 1 hour | Elevated error rate, slow responses |
|
|
15
|
+
| **P3** | Minor impact, workaround available | Best effort / next business day | Single user affected, cosmetic |
|
|
16
|
+
|
|
17
|
+
Define severity in your runbook and assign it early — it determines escalation and comms cadence.
|
|
18
|
+
|
|
19
|
+
## The Response Loop
|
|
20
|
+
|
|
21
|
+
```
|
|
22
|
+
Detect → Declare → Triage → Mitigate → Resolve → Post-mortem
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
### Detect
|
|
26
|
+
|
|
27
|
+
Alert sources: Prometheus/Grafana alerting, Datadog, PagerDuty, user reports, on-call rotation.
|
|
28
|
+
|
|
29
|
+
Healthy detection requires:
|
|
30
|
+
- Symptom-based alerts (error rate, latency p99, availability) not just cause-based
|
|
31
|
+
- Alert fatigue prevention: alert on SLO burn rate, not raw thresholds
|
|
32
|
+
- Clear escalation paths: who gets paged first, who is backup
|
|
33
|
+
|
|
34
|
+
### Declare
|
|
35
|
+
|
|
36
|
+
Declare an incident early, even if uncertain. It is easier to downgrade than to delay comms.
|
|
37
|
+
|
|
38
|
+
1. Create incident channel: `#incident-YYYY-MM-DD-brief-description`
|
|
39
|
+
2. Assign **Incident Commander (IC)** — one person owns the call and all decisions
|
|
40
|
+
3. Assign **Scribe** — records timeline, decisions, actions in real time
|
|
41
|
+
4. Assign **Comms Lead** — status page updates and stakeholder notifications
|
|
42
|
+
|
|
43
|
+
### Triage
|
|
44
|
+
|
|
45
|
+
IC asks: **"What is the user impact and is it getting better or worse?"**
|
|
46
|
+
|
|
47
|
+
```
|
|
48
|
+
1. Confirm the alert is real (not a monitoring fluke)
|
|
49
|
+
2. Bound the blast radius — how many users? Which regions?
|
|
50
|
+
3. Identify the change vector — what deployed recently?
|
|
51
|
+
4. Establish a working hypothesis
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
Use `git log --since="2 hours ago"` and deployment logs to find the change vector.
|
|
55
|
+
|
|
56
|
+
### Mitigate (not root cause — stop the bleeding first)
|
|
57
|
+
|
|
58
|
+
Mitigation options in priority order:
|
|
59
|
+
1. **Rollback** — fastest if a recent deploy is the cause
|
|
60
|
+
2. **Feature flag off** — disable the failing feature
|
|
61
|
+
3. **Traffic shift** — route to a healthy region or canary
|
|
62
|
+
4. **Scale up** — if resource exhaustion is the cause
|
|
63
|
+
5. **Restart** — for stuck processes (last resort — often hides root cause)
|
|
64
|
+
|
|
65
|
+
Do NOT wait for a perfect fix. Mitigate first, fix properly after users are unblocked.
|
|
66
|
+
|
|
67
|
+
### Resolve
|
|
68
|
+
|
|
69
|
+
Incident is resolved when:
|
|
70
|
+
- User impact returns to baseline
|
|
71
|
+
- Monitoring shows healthy signals for ≥ 15 minutes
|
|
72
|
+
- A clear path to permanent fix is identified
|
|
73
|
+
|
|
74
|
+
Close the incident channel. Update the status page. Send resolution notification to stakeholders.
|
|
75
|
+
|
|
76
|
+
## Communication During the Incident
|
|
77
|
+
|
|
78
|
+
### Status page cadence
|
|
79
|
+
|
|
80
|
+
| Phase | Cadence |
|
|
81
|
+
|---|---|
|
|
82
|
+
| P0/P1 active | Every 15 minutes |
|
|
83
|
+
| P2 active | Every 30–60 minutes |
|
|
84
|
+
| Resolved | One final update with summary |
|
|
85
|
+
|
|
86
|
+
Status updates must include: what is impacted, what we know, what we are doing, when the next update is.
|
|
87
|
+
|
|
88
|
+
```
|
|
89
|
+
[INVESTIGATING] We are seeing elevated error rates on the checkout service.
|
|
90
|
+
Impact: ~30% of checkout attempts are failing.
|
|
91
|
+
We are investigating and will provide an update in 15 minutes.
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
### Internal Slack cadence
|
|
95
|
+
|
|
96
|
+
IC posts to the incident channel:
|
|
97
|
+
- Current hypothesis
|
|
98
|
+
- Actions being taken and by whom
|
|
99
|
+
- Decisions made
|
|
100
|
+
- New findings
|
|
101
|
+
|
|
102
|
+
Scribe captures everything in the timeline doc.
|
|
103
|
+
|
|
104
|
+
## Post-Mortem (Blameless)
|
|
105
|
+
|
|
106
|
+
Write the post-mortem within 48 hours while memory is fresh.
|
|
107
|
+
|
|
108
|
+
### Required sections
|
|
109
|
+
|
|
110
|
+
1. **Summary** — 3-sentence description of what happened, impact, and resolution
|
|
111
|
+
2. **Timeline** — chronological log with timestamps
|
|
112
|
+
3. **Root cause(s)** — use 5-whys to reach systemic causes, not surface symptoms
|
|
113
|
+
4. **Contributing factors** — process/tooling gaps that allowed the issue
|
|
114
|
+
5. **What went well** — detection worked, rollback was fast, etc.
|
|
115
|
+
6. **Action items** — concrete, assigned, time-bounded; not vague recommendations
|
|
116
|
+
|
|
117
|
+
### 5-Whys example
|
|
118
|
+
|
|
119
|
+
```
|
|
120
|
+
User impact: checkout error rate 30%
|
|
121
|
+
Why? → Payment service returning 500s
|
|
122
|
+
Why? → DB connection pool exhausted
|
|
123
|
+
Why? → Query added in yesterday's deploy was unindexed and slow
|
|
124
|
+
Why? → No query performance review in the PR process
|
|
125
|
+
Why? → We have no policy requiring EXPLAIN ANALYZE on new queries
|
|
126
|
+
|
|
127
|
+
Action: Add query plan check to PR template + CI gate for slow queries
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
### Blameless culture
|
|
131
|
+
|
|
132
|
+
The post-mortem finds systemic failures, not individual errors. A person took an action that made sense given the information and tools available at the time — the question is why the system allowed that action to cause an outage.
|
|
133
|
+
|
|
134
|
+
## Runbook Template
|
|
135
|
+
|
|
136
|
+
Every on-call service should have a runbook per alert type:
|
|
137
|
+
|
|
138
|
+
```markdown
|
|
139
|
+
# Alert: HighPaymentErrorRate
|
|
140
|
+
|
|
141
|
+
## What this means
|
|
142
|
+
The fraction of payment attempts returning 5xx has exceeded 5% for 5 minutes.
|
|
143
|
+
|
|
144
|
+
## Immediate checks
|
|
145
|
+
1. `kubectl logs -n payments -l app=payment-svc --tail=100`
|
|
146
|
+
2. Check Grafana → Payments dashboard → DB connection pool utilization
|
|
147
|
+
3. Check recent deploys: `kubectl rollout history deployment/payment-svc`
|
|
148
|
+
|
|
149
|
+
## Mitigation options
|
|
150
|
+
- If deploy-related: `kubectl rollout undo deployment/payment-svc`
|
|
151
|
+
- If DB-related: page DBA on-call; check slow query log
|
|
152
|
+
|
|
153
|
+
## Escalation
|
|
154
|
+
If unresolved after 20 min: escalate to on-call lead.
|
|
155
|
+
```
|
|
156
|
+
|
|
157
|
+
## Tools Reference
|
|
158
|
+
|
|
159
|
+
| Need | Tool |
|
|
160
|
+
|---|---|
|
|
161
|
+
| Alerting | PagerDuty, OpsGenie |
|
|
162
|
+
| Dashboards | Grafana, Datadog |
|
|
163
|
+
| Log search | Loki, Datadog Logs, CloudWatch |
|
|
164
|
+
| Trace analysis | Jaeger, Tempo, Datadog APM |
|
|
165
|
+
| Status page | Statuspage.io, Atlassian Status |
|
|
166
|
+
| Incident management | Incident.io, FireHydrant, PagerDuty IR |
|
|
167
|
+
| Post-mortem tracking | Linear, Jira, Notion |
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/devops/monorepo.md — Monorepo — Use this skill when selecting monorepo tooling, structuring packages, or optimiz
|
|
3
|
+
|
|
4
|
+
Use this skill when selecting monorepo tooling, structuring packages, or optimizing affected-only builds. ## Tool Selection
|
|
5
|
+
-->
|
|
6
|
+
# Monorepo
|
|
7
|
+
|
|
8
|
+
Use this skill when selecting monorepo tooling, structuring packages, or optimizing affected-only builds.
|
|
9
|
+
|
|
10
|
+
## Tool Selection
|
|
11
|
+
|
|
12
|
+
| Tool | Best For | When NOT to Use | Overhead |
|
|
13
|
+
|---|---|---|---|
|
|
14
|
+
| pnpm workspaces | Simple multi-package repos, shared deps, no task orchestration | Complex task graphs, build caching requirements | Minimal |
|
|
15
|
+
| Turborepo | Medium complexity, build/test caching critical, TypeScript/JS-first, works on pnpm/yarn/npm | Polyglot repos with non-JS build systems | Low |
|
|
16
|
+
| Nx | Large orgs, polyglot, code generation, fine-grained ownership, plugin ecosystem | Small teams or repos where Nx's concepts add more friction than value | Medium–High |
|
|
17
|
+
| Bazel | 10k+ files, strict reproducibility, polyglot, hermetic builds | Any team without a dedicated Bazel expert; startup cost is high | Very High |
|
|
18
|
+
|
|
19
|
+
Start with pnpm workspaces. Add Turborepo when caching becomes valuable. Reach for Nx only when you need its generator, constraint, or ownership systems.
|
|
20
|
+
|
|
21
|
+
## Repository Layout
|
|
22
|
+
|
|
23
|
+
```
|
|
24
|
+
apps/
|
|
25
|
+
web/ # deployable applications
|
|
26
|
+
api/
|
|
27
|
+
packages/
|
|
28
|
+
shared/ # shared types, utilities consumed by multiple apps or packages
|
|
29
|
+
ui/ # component library
|
|
30
|
+
config/ # shared eslint, tsconfig, prettier configs
|
|
31
|
+
billing/ # domain packages — business logic with no UI
|
|
32
|
+
auth/
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
Keep `apps/` for deployable surfaces and `packages/` for everything importable. Never put deployable entrypoints inside `packages/`. Config packages (`packages/config/`) centralise tooling setup — each app/package extends rather than duplicates.
|
|
36
|
+
|
|
37
|
+
## Package Boundaries
|
|
38
|
+
|
|
39
|
+
- One package per domain or product surface (`packages/billing`, `packages/auth`, `apps/web`, `apps/api`).
|
|
40
|
+
- Place shared utilities in `packages/utils` or `packages/shared` — never in an app package.
|
|
41
|
+
- Never import directly from one `apps/` package to another `apps/` package; extract shared code to `packages/`.
|
|
42
|
+
- Each package exposes its public API through a single `index.ts` barrel file; internal modules are private.
|
|
43
|
+
- Enforce boundaries with Nx `@nrwl/enforce-module-boundaries` lint rules or ESLint's `import/no-restricted-paths`.
|
|
44
|
+
|
|
45
|
+
## Affected-only Builds
|
|
46
|
+
|
|
47
|
+
Turborepo:
|
|
48
|
+
```bash
|
|
49
|
+
turbo run build --filter=[HEAD^1]
|
|
50
|
+
turbo run test --filter=[HEAD^1]...
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
Nx:
|
|
54
|
+
```bash
|
|
55
|
+
nx affected --target=build --base=origin/main
|
|
56
|
+
nx affected --target=test --base=origin/main
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
Both tools build a change graph from the dependency tree. A change to `packages/utils` marks every downstream package as affected. Only affected packages run in CI — unaffected packages use cached results.
|
|
60
|
+
|
|
61
|
+
CI integration: set `--base` to the merge base of the PR branch (`origin/main` or `$(git merge-base HEAD origin/main)`), not `HEAD^1`, to correctly identify all changed files in the PR.
|
|
62
|
+
|
|
63
|
+
## Dependency Management
|
|
64
|
+
|
|
65
|
+
- Use the workspace protocol in pnpm (`workspace:*`) to reference local packages; this guarantees the local version is always used.
|
|
66
|
+
- Never duplicate a dependency version across packages unless there is an explicit version conflict. Use a single lock file at the repo root.
|
|
67
|
+
- Align peer dependencies across all packages; mismatched React or TypeScript versions produce hard-to-diagnose errors.
|
|
68
|
+
- Use `pnpm why <package>` to trace why a transitive dep is installed before removing it.
|
|
69
|
+
- Run `pnpm dedupe` after bulk upgrades to collapse duplicate transitive versions.
|
|
70
|
+
|
|
71
|
+
## Versioning Strategies
|
|
72
|
+
|
|
73
|
+
| Strategy | Tool | When to Use |
|
|
74
|
+
|---|---|---|
|
|
75
|
+
| Fixed (all packages same version) | Lerna (`--unified`), Nx Release | Libraries published together; consumers always upgrade the full suite |
|
|
76
|
+
| Independent (each package versioned separately) | Changesets, Lerna (`--independent`) | Packages released on different cadences; consumers pick and choose |
|
|
77
|
+
|
|
78
|
+
Changesets workflow: developers add a changeset file (`pnpm changeset`) describing the change and bump type; CI applies changesets and publishes on merge to main. This keeps version decisions in PRs rather than as a post-merge step.
|
|
79
|
+
|
|
80
|
+
Generate changelogs automatically from changeset files; do not write changelogs manually.
|
|
81
|
+
|
|
82
|
+
## CI Optimization
|
|
83
|
+
|
|
84
|
+
- Cache `.turbo` or Nx's default cache directory (`node_modules/.cache/nx`) between CI runs, keyed to the lock file hash.
|
|
85
|
+
- Enable remote caching (Turborepo Remote Cache, Nx Cloud) for team environments — local caches do not transfer between CI runners.
|
|
86
|
+
- Run `turbo prune --scope=<app>` to generate a minimal lockfile subset for Docker builds of individual apps.
|
|
87
|
+
- Gate PR merges on `affected` tests, not the full suite, to keep CI under 10 minutes for large repos.
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/devops/observability.md — Observability — Use this skill when designing logging, tracing, metrics, or alerting systems.
|
|
3
|
+
|
|
4
|
+
Use this skill when designing logging, tracing, metrics, or alerting systems. ## Three Pillars
|
|
5
|
+
-->
|
|
6
|
+
# Observability
|
|
7
|
+
|
|
8
|
+
Use this skill when designing logging, tracing, metrics, or alerting systems.
|
|
9
|
+
|
|
10
|
+
## Three Pillars
|
|
11
|
+
|
|
12
|
+
### Logs
|
|
13
|
+
- Structured format (JSON) with consistent field names
|
|
14
|
+
- Required fields: timestamp, level, service, request_id, message
|
|
15
|
+
- Levels: DEBUG (development only), INFO (normal operations), WARN (unexpected but handled), ERROR (failures requiring attention)
|
|
16
|
+
- Never log secrets, passwords, tokens, or full PII
|
|
17
|
+
- Correlate logs with trace IDs for request-level debugging
|
|
18
|
+
- Centralize logs: ELK, Loki, CloudWatch, Datadog
|
|
19
|
+
|
|
20
|
+
### Metrics
|
|
21
|
+
- USE method for resources: Utilization, Saturation, Errors
|
|
22
|
+
- RED method for services: Rate, Errors, Duration
|
|
23
|
+
- Four golden signals: latency, traffic, errors, saturation
|
|
24
|
+
- Use histograms for latency (not averages)
|
|
25
|
+
- Label dimensions: service, endpoint, status_code, environment
|
|
26
|
+
- Keep cardinality manageable; avoid high-cardinality labels
|
|
27
|
+
|
|
28
|
+
### Traces
|
|
29
|
+
- Distributed tracing across service boundaries
|
|
30
|
+
- Propagate trace context via headers (W3C Trace Context or B3)
|
|
31
|
+
- Instrument: HTTP clients/servers, database queries, message queue operations
|
|
32
|
+
- Sample in production: 1-10% for high-traffic services, 100% for low-traffic
|
|
33
|
+
- Record: span name, duration, status, attributes, parent span
|
|
34
|
+
|
|
35
|
+
## Instrumentation
|
|
36
|
+
|
|
37
|
+
### What to Instrument
|
|
38
|
+
- Every inbound request (HTTP, gRPC, message consumer)
|
|
39
|
+
- Every outbound call (database, cache, external API, queue publish)
|
|
40
|
+
- Business events: signup, purchase, error recovery
|
|
41
|
+
- Background jobs: start, complete, fail
|
|
42
|
+
|
|
43
|
+
### How to Instrument
|
|
44
|
+
- Use OpenTelemetry for vendor-neutral instrumentation
|
|
45
|
+
- Auto-instrumentation for frameworks and libraries when available
|
|
46
|
+
- Custom spans for business-critical code paths
|
|
47
|
+
- Baggage for cross-service context (tenant ID, feature flags)
|
|
48
|
+
|
|
49
|
+
## Alerting
|
|
50
|
+
|
|
51
|
+
### Alert Design
|
|
52
|
+
- Alert on symptoms (error rate, latency), not causes (CPU, memory)
|
|
53
|
+
- Use burn rate alerts for SLO-based monitoring
|
|
54
|
+
- Page for user-impacting issues; ticket for non-urgent
|
|
55
|
+
- Every alert must have a runbook link
|
|
56
|
+
- Test alerts regularly; unused alerts should be deleted
|
|
57
|
+
|
|
58
|
+
### Severity Levels
|
|
59
|
+
|
|
60
|
+
| Level | Response Time | Example |
|
|
61
|
+
|---|---|---|
|
|
62
|
+
| Critical (page) | <15 min | Service down, data loss risk |
|
|
63
|
+
| High (page) | <1 hour | Error rate >5%, SLO breach |
|
|
64
|
+
| Medium (ticket) | <24 hours | Elevated latency, disk >80% |
|
|
65
|
+
| Low (ticket) | <1 week | Dependency deprecation, minor anomaly |
|
|
66
|
+
|
|
67
|
+
### Anti-Patterns
|
|
68
|
+
- Alerting on every metric threshold (alert fatigue)
|
|
69
|
+
- Alerts without runbooks (responder does not know what to do)
|
|
70
|
+
- Alerts that always fire (desensitization)
|
|
71
|
+
- No owner assigned to an alert
|
|
72
|
+
|
|
73
|
+
## SLOs
|
|
74
|
+
|
|
75
|
+
- Define SLIs: the metric that represents user experience (availability, latency, correctness)
|
|
76
|
+
- Set SLO target: e.g., 99.9% of requests complete in <300ms
|
|
77
|
+
- Calculate error budget: 100% - SLO = acceptable failures per period
|
|
78
|
+
- Alert when error budget burn rate exceeds threshold
|
|
79
|
+
- Review SLOs quarterly; adjust based on business needs and reliability data
|
|
80
|
+
|
|
81
|
+
## Dashboards
|
|
82
|
+
|
|
83
|
+
### Principles
|
|
84
|
+
- One overview dashboard per service
|
|
85
|
+
- Top section: SLO status, error budget remaining
|
|
86
|
+
- Middle section: traffic, latency (p50, p95, p99), error rate
|
|
87
|
+
- Bottom section: resource utilization, dependency health
|
|
88
|
+
- Drill-down dashboards for specific subsystems
|
|
89
|
+
- Avoid vanity metrics; every panel should inform a decision
|
|
90
|
+
|
|
91
|
+
### Tools
|
|
92
|
+
- Grafana for open-source metric visualization
|
|
93
|
+
- Datadog, New Relic, or Honeycomb for managed observability
|
|
94
|
+
- PagerDuty or Opsgenie for alert routing and escalation
|
|
95
|
+
|
|
96
|
+
## Incident Investigation Flow
|
|
97
|
+
|
|
98
|
+
1. Check SLO dashboard for affected services
|
|
99
|
+
2. Inspect error rate and latency spikes for timing
|
|
100
|
+
3. Filter traces by error status in the time window
|
|
101
|
+
4. Read logs correlated with failing trace IDs
|
|
102
|
+
5. Identify the root service and operation
|
|
103
|
+
6. Check recent deployments and configuration changes
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/devops/performance.md — Performance Engineering — Use this skill when profiling, load testing, or optimizing application and infra
|
|
3
|
+
|
|
4
|
+
Use this skill when profiling, load testing, or optimizing application and infrastructure performance. ## Performance Targets
|
|
5
|
+
-->
|
|
6
|
+
# Performance Engineering
|
|
7
|
+
|
|
8
|
+
Use this skill when profiling, load testing, or optimizing application and infrastructure performance.
|
|
9
|
+
|
|
10
|
+
## Performance Targets
|
|
11
|
+
|
|
12
|
+
Define targets before optimizing. Measure against real user experience.
|
|
13
|
+
|
|
14
|
+
| Metric | Web Target | API Target |
|
|
15
|
+
|---|---|---|
|
|
16
|
+
| p50 latency | <200ms | <50ms |
|
|
17
|
+
| p95 latency | <1s | <200ms |
|
|
18
|
+
| p99 latency | <3s | <500ms |
|
|
19
|
+
| Throughput | - | Define per endpoint |
|
|
20
|
+
| Error rate | <0.1% | <0.1% |
|
|
21
|
+
|
|
22
|
+
## Profiling
|
|
23
|
+
|
|
24
|
+
### Application Profiling
|
|
25
|
+
- CPU profiling: identify hot functions and call paths
|
|
26
|
+
- Memory profiling: find leaks, excessive allocations, and retention
|
|
27
|
+
- Trace profiling: follow requests across service boundaries
|
|
28
|
+
- Flame graphs for visual analysis of CPU and memory usage
|
|
29
|
+
- Profile in production or with production-like data; synthetic benchmarks mislead
|
|
30
|
+
|
|
31
|
+
### Database Profiling
|
|
32
|
+
- Slow query log (threshold: 100ms)
|
|
33
|
+
- EXPLAIN ANALYZE on suspect queries
|
|
34
|
+
- Index usage statistics
|
|
35
|
+
- Connection pool utilization
|
|
36
|
+
- Lock contention and wait events
|
|
37
|
+
|
|
38
|
+
### Network Profiling
|
|
39
|
+
- DNS resolution time
|
|
40
|
+
- TLS handshake time
|
|
41
|
+
- Time to first byte (TTFB)
|
|
42
|
+
- Payload size and compression effectiveness
|
|
43
|
+
- Connection reuse and keep-alive behavior
|
|
44
|
+
|
|
45
|
+
## Load Testing
|
|
46
|
+
|
|
47
|
+
### Types
|
|
48
|
+
- **Smoke**: minimal load to verify the system works (1-5 users)
|
|
49
|
+
- **Load**: expected production traffic to establish baseline
|
|
50
|
+
- **Stress**: beyond expected traffic to find the breaking point
|
|
51
|
+
- **Soak**: sustained load for hours to find leaks and degradation
|
|
52
|
+
- **Spike**: sudden traffic burst to test auto-scaling and recovery
|
|
53
|
+
|
|
54
|
+
### Tools
|
|
55
|
+
- k6, Gatling, Locust, Artillery, or JMeter
|
|
56
|
+
- Script realistic user journeys, not just single endpoints
|
|
57
|
+
- Ramp up gradually; sudden jumps obscure bottleneck identification
|
|
58
|
+
- Run against an environment isolated from production
|
|
59
|
+
- Collect metrics from application, database, and infrastructure during tests
|
|
60
|
+
|
|
61
|
+
### Analysis
|
|
62
|
+
- Identify the bottleneck: CPU, memory, I/O, network, database, external service
|
|
63
|
+
- Fix one bottleneck at a time; re-measure after each fix
|
|
64
|
+
- Document baseline metrics before optimization
|
|
65
|
+
- Compare before and after with statistical significance
|
|
66
|
+
|
|
67
|
+
## Optimization Techniques
|
|
68
|
+
|
|
69
|
+
### Application
|
|
70
|
+
- Cache expensive computations and repeated queries
|
|
71
|
+
- Use connection pooling for databases and HTTP clients
|
|
72
|
+
- Batch operations instead of sequential calls
|
|
73
|
+
- Async processing for non-blocking work
|
|
74
|
+
- Precompute and materialize frequently accessed derived data
|
|
75
|
+
|
|
76
|
+
### Database
|
|
77
|
+
- Optimize queries before adding hardware
|
|
78
|
+
- Add indexes for slow queries (EXPLAIN first)
|
|
79
|
+
- Use read replicas for read-heavy workloads
|
|
80
|
+
- Partition large tables by time or tenant
|
|
81
|
+
- Archive old data to reduce active dataset size
|
|
82
|
+
|
|
83
|
+
### Infrastructure
|
|
84
|
+
- Right-size instances based on actual utilization
|
|
85
|
+
- Auto-scale based on leading indicators (queue depth, CPU trend)
|
|
86
|
+
- Use CDN for static content and cacheable API responses
|
|
87
|
+
- Place compute close to data to reduce network latency
|
|
88
|
+
- Compress responses (gzip, brotli, zstd)
|
|
89
|
+
|
|
90
|
+
## Monitoring for Performance
|
|
91
|
+
|
|
92
|
+
- Track p50, p95, p99 latency per endpoint
|
|
93
|
+
- Monitor error rate alongside latency
|
|
94
|
+
- Set SLOs and alert on burn rate, not individual breaches
|
|
95
|
+
- Dashboard: latency, throughput, error rate, saturation (CPU, memory, connections)
|
|
96
|
+
- Compare metrics week-over-week to detect gradual degradation
|
|
97
|
+
|
|
98
|
+
## Anti-Patterns
|
|
99
|
+
|
|
100
|
+
- Optimizing without profiling (guessing the bottleneck)
|
|
101
|
+
- Premature optimization of code that runs rarely
|
|
102
|
+
- Caching without invalidation strategy
|
|
103
|
+
- Adding resources instead of fixing the root cause
|
|
104
|
+
- Micro-benchmarks that do not reflect production workloads
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/devops/testing.md — Testing Strategy — Use this skill when planning test coverage, selecting test types, or establishin
|
|
3
|
+
|
|
4
|
+
Use this skill when planning test coverage, selecting test types, or establishing testing practices. ## Test Pyramid
|
|
5
|
+
-->
|
|
6
|
+
# Testing Strategy
|
|
7
|
+
|
|
8
|
+
Use this skill when planning test coverage, selecting test types, or establishing testing practices.
|
|
9
|
+
|
|
10
|
+
## Test Pyramid
|
|
11
|
+
|
|
12
|
+
### Unit Tests (70%)
|
|
13
|
+
- Test individual functions, methods, and classes in isolation
|
|
14
|
+
- Fast: entire suite runs in seconds
|
|
15
|
+
- Mock external dependencies (database, network, file system)
|
|
16
|
+
- One assertion per test when practical
|
|
17
|
+
- Name tests for the behavior they verify
|
|
18
|
+
|
|
19
|
+
### Integration Tests (20%)
|
|
20
|
+
- Test interactions between components
|
|
21
|
+
- Use real databases (Docker containers) when practical
|
|
22
|
+
- Test API endpoints end-to-end within the service
|
|
23
|
+
- Verify serialization, query behavior, and error propagation
|
|
24
|
+
- Slower than unit tests; run in CI, not necessarily on every save
|
|
25
|
+
|
|
26
|
+
### End-to-End Tests (10%)
|
|
27
|
+
- Test critical user flows through the full system
|
|
28
|
+
- Use browser automation (Playwright, Cypress) for web
|
|
29
|
+
- Cover the happy path and the most important error paths
|
|
30
|
+
- Flaky by nature; invest in deterministic waits and stable selectors
|
|
31
|
+
- Run in CI; gate deployment on these passing
|
|
32
|
+
|
|
33
|
+
## Test Structure (AAA)
|
|
34
|
+
|
|
35
|
+
```
|
|
36
|
+
Arrange: set up preconditions and inputs
|
|
37
|
+
Act: execute the behavior under test
|
|
38
|
+
Assert: verify the expected outcome
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
- One act per test
|
|
42
|
+
- Minimize arrangement; use factories or fixtures
|
|
43
|
+
- Assertions should be specific and descriptive
|
|
44
|
+
|
|
45
|
+
## Coverage Targets
|
|
46
|
+
|
|
47
|
+
| Category | Minimum | Target |
|
|
48
|
+
|---|---|---|
|
|
49
|
+
| Overall | 80% | 90% |
|
|
50
|
+
| Critical paths | 95% | 100% |
|
|
51
|
+
| Utility functions | 90% | 95% |
|
|
52
|
+
| Error handling | 80% | 90% |
|
|
53
|
+
|
|
54
|
+
- Measure branch coverage, not just line coverage
|
|
55
|
+
- Coverage is a floor, not a ceiling; high coverage does not guarantee quality
|
|
56
|
+
- Uncovered code should have documented justification
|
|
57
|
+
|
|
58
|
+
## Test Naming
|
|
59
|
+
|
|
60
|
+
Use descriptive names that explain the scenario:
|
|
61
|
+
- `returns empty array when no results match`
|
|
62
|
+
- `throws validation error when email is missing`
|
|
63
|
+
- `retries three times before failing`
|
|
64
|
+
|
|
65
|
+
Avoid: `test1`, `testCreate`, `it works`
|
|
66
|
+
|
|
67
|
+
## Mocking Guidelines
|
|
68
|
+
|
|
69
|
+
- Mock external dependencies, not internal implementation
|
|
70
|
+
- Prefer fakes (in-memory database) over mocks when practical
|
|
71
|
+
- Verify mock interactions only when the interaction itself is the behavior
|
|
72
|
+
- Reset mocks between tests to prevent state leakage
|
|
73
|
+
- Avoid mocking what you do not own; use integration tests instead
|
|
74
|
+
|
|
75
|
+
## Test Data
|
|
76
|
+
|
|
77
|
+
- Use factories or builders for test data creation
|
|
78
|
+
- Randomize non-essential fields to catch hidden dependencies
|
|
79
|
+
- Use realistic data shapes and sizes
|
|
80
|
+
- Clean up test data after each test or use transactions with rollback
|
|
81
|
+
- Never use production data in tests
|
|
82
|
+
|
|
83
|
+
## Flaky Test Management
|
|
84
|
+
|
|
85
|
+
- Quarantine flaky tests immediately; do not let them erode CI trust
|
|
86
|
+
- Fix or delete within one sprint
|
|
87
|
+
- Common causes: timing, shared state, external dependencies, race conditions
|
|
88
|
+
- Use retry as a diagnostic tool, not a fix
|
|
89
|
+
|
|
90
|
+
## Performance Testing
|
|
91
|
+
|
|
92
|
+
- Load test: expected traffic for baseline
|
|
93
|
+
- Stress test: beyond expected traffic to find breaking point
|
|
94
|
+
- Soak test: sustained load to find memory leaks and resource exhaustion
|
|
95
|
+
- Benchmark critical paths with repeatable measurements
|
|
96
|
+
- Automate performance regression detection in CI
|
|
97
|
+
|
|
98
|
+
## Security Testing
|
|
99
|
+
|
|
100
|
+
- SAST: static analysis in CI on every commit
|
|
101
|
+
- DAST: dynamic scanning against staging environment
|
|
102
|
+
- Dependency scanning: `audit` commands in CI
|
|
103
|
+
- Penetration testing: quarterly or after major changes
|
|
104
|
+
- See `skills/security/pentest.md` for detailed web testing guidance
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/docs/adr-workflow.md — Workflow for recording an architectural decision as an ADR.
|
|
3
|
+
|
|
4
|
+
Triggered when cx-architect finalizes a design or a technology choice is made. Writes a
|
|
5
|
+
full ADR to docs/adr/ using the shipped template (user-overridable via .cx/templates/docs/adr.md)
|
|
6
|
+
and a shorter entry to .cx/decisions/ for session context.
|
|
7
|
+
-->
|
|
8
|
+
# ADR Workflow
|
|
9
|
+
|
|
10
|
+
Use when: an architectural decision is made that affects the system structure, data model, API contracts, or technology choices.
|
|
11
|
+
|
|
12
|
+
## Trigger automatically when
|
|
13
|
+
- cx-architect finalizes a design
|
|
14
|
+
- A technology is selected over alternatives
|
|
15
|
+
- A pattern is established that should be followed project-wide
|
|
16
|
+
- A previous decision is reversed or superseded
|
|
17
|
+
|
|
18
|
+
## Steps
|
|
19
|
+
|
|
20
|
+
1. **cx-architect** or **cx-engineer** identifies the decision
|
|
21
|
+
2. **Write to `docs/adr/ADR-{NNN}-{slug}.md`** using the template from `get_template("adr")` — resolves `.cx/templates/docs/adr.md` (override) then `templates/docs/adr.md` (shipped)
|
|
22
|
+
- NNN = next sequential number (check existing files)
|
|
23
|
+
3. **Also write a shorter entry to `.cx/decisions/`** for session context
|
|
24
|
+
4. **cx-docs-keeper** updates `.cx/context.md` Architecture Notes with a one-line summary and link
|
|
25
|
+
|
|
26
|
+
## File naming
|
|
27
|
+
- `docs/adr/ADR-001-use-postgres-over-mysql.md`
|
|
28
|
+
- `docs/adr/ADR-002-jwt-auth-strategy.md`
|
|
29
|
+
|
|
30
|
+
## Cross-referencing
|
|
31
|
+
- If this ADR supersedes another: update the old ADR's status field
|
|
32
|
+
- If this ADR depends on another: add a References link
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/docs/backlog-proposal-workflow.md — Approval-gated issue tracker proposals.
|
|
3
|
+
-->
|
|
4
|
+
# Backlog Proposal Workflow
|
|
5
|
+
|
|
6
|
+
Use when: product evidence should create or update Jira, Linear, GitHub Issues, or another tracker.
|
|
7
|
+
|
|
8
|
+
## Steps
|
|
9
|
+
|
|
10
|
+
1. Load source evidence, evidence brief, PRD, or signal brief.
|
|
11
|
+
2. Search existing tracker context if an MCP is configured; otherwise search local docs and product-intel artifacts.
|
|
12
|
+
3. Create `.cx/product-intel/backlog-proposals/{date}-{slug}.md` with `get_template("backlog-proposal")`.
|
|
13
|
+
4. Include duplicate/conflict analysis and exact proposed writes.
|
|
14
|
+
5. Return `NEEDS_MAIN_INPUT` for approval before any external write.
|
|
15
|
+
6. After approval, apply changes and update the proposal's application log.
|
|
16
|
+
|
|
17
|
+
## Rules
|
|
18
|
+
|
|
19
|
+
Never write externally from weak evidence without making the risk explicit. Never create duplicate issues when an existing issue can be updated.
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/docs/customer-profile-workflow.md — Maintain durable customer/account memory for Product Intelligence.
|
|
3
|
+
-->
|
|
4
|
+
# Customer Profile Workflow
|
|
5
|
+
|
|
6
|
+
Use when: customer evidence should update durable product memory.
|
|
7
|
+
|
|
8
|
+
## Steps
|
|
9
|
+
|
|
10
|
+
1. Load the existing customer profile from `.cx/product-intel/customer-profiles/` if present.
|
|
11
|
+
2. Read the new source evidence.
|
|
12
|
+
3. Add new facts, asks, pain points, contacts, product areas, and evidence links.
|
|
13
|
+
4. Preserve historical entries. Do not delete or rewrite prior history without explicit approval.
|
|
14
|
+
5. Save with `get_template("customer-profile")`.
|
|
15
|
+
|
|
16
|
+
## Rules
|
|
17
|
+
|
|
18
|
+
Profiles are product memory, not CRM records. Keep only information needed for product decisions. Mark uncertain facts as uncertain and cite the source.
|
|
19
|
+
|
|
20
|
+
## Retrieval
|
|
21
|
+
|
|
22
|
+
Customer profiles are indexed by hybrid retrieval. Future PRDs, PRFAQs, evidence briefs, and backlog proposals should search them before drafting.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/docs/evidence-ingest-workflow.md — Normalize raw product evidence into Construct product-intel artifacts.
|
|
3
|
+
-->
|
|
4
|
+
# Evidence Ingest Workflow
|
|
5
|
+
|
|
6
|
+
Use when: the user pastes customer notes, Slack threads, support tickets, sales notes, research snippets, RFCs, analytics summaries, or competitor signals.
|
|
7
|
+
|
|
8
|
+
## Steps
|
|
9
|
+
|
|
10
|
+
1. Identify the source type and date.
|
|
11
|
+
2. Extract source metadata: customer, actor, product area, channel, linked issue, and confidence.
|
|
12
|
+
3. Save raw or lightly normalized source material under `.cx/product-intel/sources/`.
|
|
13
|
+
4. If customer-specific, update or create `.cx/product-intel/customer-profiles/{customer}.md` using `get_template("customer-profile")`.
|
|
14
|
+
5. Create `.cx/product-intel/evidence-briefs/{date}-{slug}.md` using `get_template("evidence-brief")` when the evidence supports a product decision.
|
|
15
|
+
6. If evidence is weak but worth preserving, create a signal brief with `get_template("signal-brief")`.
|
|
16
|
+
|
|
17
|
+
## Rules
|
|
18
|
+
|
|
19
|
+
Do not invent customer quotes, names, or issue links. Preserve ambiguity. If source evidence contains personal data, record only the minimum needed for product decisions.
|
|
20
|
+
|
|
21
|
+
## Storage
|
|
22
|
+
|
|
23
|
+
Files in `.cx/product-intel/` are indexed by Construct's hybrid retrieval path. Postgres stores them as `product-intel` documents during sync, and the vector layer makes them semantically retrievable for future PRDs and Meta PRDs.
|