@intentsolutionsio/fairdb-ops-manager 1.0.0

package/scripts/sop-checklist.sh

@@ -0,0 +1,354 @@
+#!/bin/bash
+# FairDB SOP Completion Checklist
+# Interactive checklist for tracking SOP completion
+# Deploy to: /opt/fairdb/scripts/sop-checklist.sh
+
+# Colors for output
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Function to check status
+check_item() {
+    local description="$1"
+    local command="$2"
+
+    echo -n "  Checking: $description... "
+    if eval "$command" &>/dev/null; then
+        echo -e "${GREEN}✅ PASS${NC}"
+        return 0
+    else
+        echo -e "${RED}❌ FAIL${NC}"
+        return 1
+    fi
+}
+
+# Function to print header
+print_header() {
+    echo ""
+    echo "======================================"
+    echo "  $1"
+    echo "======================================"
+    echo ""
+}
+
+# Main menu
+show_menu() {
+    clear
+    echo "======================================"
+    echo "  FairDB SOP Completion Checker"
+    echo "======================================"
+    echo ""
+    echo "Select SOP to verify:"
+    echo ""
+    echo "  1) SOP-001: VPS Initial Setup & Hardening"
+    echo "  2) SOP-002: PostgreSQL Installation & Configuration"
+    echo "  3) SOP-003: Backup System Setup & Verification"
+    echo "  4) ALL: Complete System Verification"
+    echo "  5) Exit"
+    echo ""
+    read -p "Enter choice [1-5]: " choice
+}
+
+# SOP-001 Checklist
+check_sop_001() {
+    print_header "SOP-001: VPS Initial Setup & Hardening"
+
+    local passed=0
+    local total=0
+
+    # Check system updates
+    ((total++))
+    if check_item "System packages up to date" "test \$(apt list --upgradable 2>/dev/null | wc -l) -lt 5"; then
+        ((passed++))
+    fi
+
+    # Check non-root user
+    ((total++))
+    if check_item "Non-root admin user exists" "id admin &>/dev/null || id \$USER &>/dev/null"; then
+        ((passed++))
+    fi
+
+    # Check SSH configuration
+    ((total++))
+    if check_item "Root login disabled" "sudo grep -q '^PermitRootLogin no' /etc/ssh/sshd_config"; then
+        ((passed++))
+    fi
+
+    ((total++))
+    if check_item "Password authentication disabled" "sudo grep -q '^PasswordAuthentication no' /etc/ssh/sshd_config"; then
+        ((passed++))
+    fi
+
+    ((total++))
+    if check_item "SSH keys configured" "test -f ~/.ssh/authorized_keys"; then
+        ((passed++))
+    fi
+
+    # Check firewall
+    ((total++))
+    if check_item "UFW firewall active" "sudo ufw status | grep -q 'Status: active'"; then
+        ((passed++))
+    fi
+
+    # Check Fail2ban
+    ((total++))
+    if check_item "Fail2ban running" "systemctl is-active --quiet fail2ban"; then
+        ((passed++))
+    fi
+
+    # Check automatic updates
+    ((total++))
+    if check_item "Automatic security updates enabled" "systemctl is-active --quiet unattended-upgrades"; then
+        ((passed++))
+    fi
+
+    # Check timezone and NTP
+    ((total++))
+    if check_item "NTP synchronized" "timedatectl status | grep -q 'NTP.*yes'"; then
+        ((passed++))
+    fi
+
+    # Check directory structure
+    ((total++))
+    if check_item "Operations directory exists" "test -d /opt/fairdb"; then
+        ((passed++))
+    fi
+
+    echo ""
+    echo "======================================"
+    echo -e "SOP-001 Status: ${passed}/${total} checks passed"
+    if [ $passed -eq $total ]; then
+        echo -e "${GREEN}✅ SOP-001 COMPLETE${NC}"
+    else
+        echo -e "${RED}⚠️  SOP-001 INCOMPLETE${NC}"
+    fi
+    echo "======================================"
+}
+
+# SOP-002 Checklist
+check_sop_002() {
+    print_header "SOP-002: PostgreSQL Installation & Configuration"
+
+    local passed=0
+    local total=0
+
+    # Check PostgreSQL installed
+    ((total++))
+    if check_item "PostgreSQL 16 installed" "dpkg -l | grep -q postgresql-16"; then
+        ((passed++))
+    fi
+
+    # Check PostgreSQL running
+    ((total++))
+    if check_item "PostgreSQL service running" "systemctl is-active --quiet postgresql"; then
+        ((passed++))
+    fi
+
+    # Check can connect
+    ((total++))
+    if check_item "Database connection works" "sudo -u postgres psql -c 'SELECT 1' &>/dev/null"; then
+        ((passed++))
+    fi
+
+    # Check SSL enabled
+    ((total++))
+    if check_item "SSL enabled" "sudo -u postgres psql -t -c 'SHOW ssl' | grep -q 'on'"; then
+        ((passed++))
+    fi
+
+    # Check remote connections
+    ((total++))
+    if check_item "Remote connections enabled" "sudo grep -q '^listen_addresses.*\*' /etc/postgresql/16/main/postgresql.conf"; then
+        ((passed++))
+    fi
+
+    # Check pg_stat_statements
+    ((total++))
+    if check_item "pg_stat_statements enabled" "sudo -u postgres psql -c '\\dx' | grep -q pg_stat_statements"; then
+        ((passed++))
+    fi
+
+    # Check health check script
+    ((total++))
+    if check_item "Health check script exists" "test -x /opt/fairdb/scripts/pg-health-check.sh"; then
+        ((passed++))
+    fi
+
+    # Check health check scheduled
+    ((total++))
+    if check_item "Health check scheduled" "sudo -u postgres crontab -l 2>/dev/null | grep -q pg-health-check"; then
+        ((passed++))
+    fi
+
+    # Check monitoring queries
+    ((total++))
+    if check_item "Monitoring queries exist" "test -f /opt/fairdb/scripts/pg-queries.sql"; then
+        ((passed++))
+    fi
+
+    # Check PostgreSQL config documented
+    ((total++))
+    if check_item "PostgreSQL config documented" "test -f ~/fairdb/POSTGRESQL-CONFIG.md"; then
+        ((passed++))
+    fi
+
+    echo ""
+    echo "======================================"
+    echo -e "SOP-002 Status: ${passed}/${total} checks passed"
+    if [ $passed -eq $total ]; then
+        echo -e "${GREEN}✅ SOP-002 COMPLETE${NC}"
+    else
+        echo -e "${RED}⚠️  SOP-002 INCOMPLETE${NC}"
+    fi
+    echo "======================================"
+}
+
+# SOP-003 Checklist
+check_sop_003() {
+    print_header "SOP-003: Backup System Setup & Verification"
+
+    local passed=0
+    local total=0
+
+    # Check pgBackRest installed
+    ((total++))
+    if check_item "pgBackRest installed" "command -v pgbackrest &>/dev/null"; then
+        ((passed++))
+    fi
+
+    # Check pgBackRest config
+    ((total++))
+    if check_item "pgBackRest config exists" "sudo test -f /etc/pgbackrest.conf"; then
+        ((passed++))
+    fi
+
+    # Check config permissions
+    ((total++))
+    if check_item "Config permissions secure (640)" "sudo stat -c %a /etc/pgbackrest.conf | grep -q 640"; then
+        ((passed++))
+    fi
+
+    # Check WAL archiving enabled
+    ((total++))
+    if check_item "WAL archiving enabled" "sudo -u postgres psql -t -c 'SHOW archive_mode' | grep -q 'on'"; then
+        ((passed++))
+    fi
+
+    # Check stanza created
+    ((total++))
+    if check_item "pgBackRest stanza exists" "sudo -u postgres pgbackrest --stanza=main info &>/dev/null"; then
+        ((passed++))
+    fi
+
+    # Check backup exists
+    ((total++))
+    if check_item "At least one backup exists" "sudo -u postgres pgbackrest --stanza=main info 2>/dev/null | grep -q 'full backup'"; then
+        ((passed++))
+    fi
+
+    # Check backup age
+    ((total++))
+    if command -v jq &>/dev/null; then
+        BACKUP_AGE=$(sudo -u postgres pgbackrest --stanza=main info --output=json 2>/dev/null | jq -r '.[0].backup[-1].timestamp.stop' 2>/dev/null)
+        if [ -n "$BACKUP_AGE" ] && [ "$BACKUP_AGE" != "null" ]; then
+            HOURS=$(( ($(date +%s) - $(date -d "$BACKUP_AGE" +%s 2>/dev/null || echo 999999999)) / 3600 ))
+            if [ $HOURS -lt 48 ]; then
+                echo -e "  Checking: Backup is recent (<48 hours)... ${GREEN}✅ PASS${NC} (${HOURS}h old)"
+                ((passed++))
+            else
+                echo -e "  Checking: Backup is recent (<48 hours)... ${RED}❌ FAIL${NC} (${HOURS}h old)"
+            fi
+        else
+            echo -e "  Checking: Backup age... ${YELLOW}⚠️  SKIP${NC} (cannot determine)"
+        fi
+    else
+        echo -e "  Checking: Backup age... ${YELLOW}⚠️  SKIP${NC} (jq not installed)"
+    fi
+
+    # Check backup script
+    ((total++))
+    if check_item "Backup script exists" "sudo test -x /opt/fairdb/scripts/pgbackrest-backup.sh"; then
+        ((passed++))
+    fi
+
+    # Check backup scheduled
+    ((total++))
+    if check_item "Automated backups scheduled" "sudo -u postgres crontab -l 2>/dev/null | grep -q pgbackrest-backup"; then
+        ((passed++))
+    fi
+
+    # Check verification script
+    ((total++))
+    if check_item "Verification script exists" "sudo test -x /opt/fairdb/scripts/pgbackrest-verify.sh"; then
+        ((passed++))
+    fi
+
+    # Check verification scheduled
+    ((total++))
+    if check_item "Verification scheduled" "sudo -u postgres crontab -l 2>/dev/null | grep -q pgbackrest-verify"; then
+        ((passed++))
+    fi
+
+    # Check backup config documented
+    ((total++))
+    if check_item "Backup config documented" "test -f ~/fairdb/BACKUP-CONFIG.md"; then
+        ((passed++))
+    fi
+
+    echo ""
+    echo "======================================"
+    echo -e "SOP-003 Status: ${passed}/${total} checks passed"
+    if [ $passed -eq $total ]; then
+        echo -e "${GREEN}✅ SOP-003 COMPLETE${NC}"
+    else
+        echo -e "${RED}⚠️  SOP-003 INCOMPLETE${NC}"
+    fi
+    echo "======================================"
+}
+
+# Complete system verification
+check_all() {
+    check_sop_001
+    sleep 2
+    check_sop_002
+    sleep 2
+    check_sop_003
+
+    echo ""
+    print_header "OVERALL SYSTEM STATUS"
+
+    # Quick summary
+    echo "System Summary:"
+    echo "  - Security:   $(systemctl is-active postgresql && echo -e "${GREEN}✅${NC}" || echo -e "${RED}❌${NC}")"
+    echo "  - Database:   $(systemctl is-active postgresql && echo -e "${GREEN}✅${NC}" || echo -e "${RED}❌${NC}")"
+    echo "  - Backups:    $(sudo -u postgres pgbackrest --stanza=main info &>/dev/null && echo -e "${GREEN}✅${NC}" || echo -e "${RED}❌${NC}")"
+    echo ""
+
+    # Disk space check
+    DISK_USAGE=$(df -h / | awk 'NR==2 {print $5}' | sed 's/%//')
+    echo -n "  - Disk Space: "
+    if [ "$DISK_USAGE" -lt 80 ]; then
+        echo -e "${GREEN}${DISK_USAGE}% used${NC}"
+    elif [ "$DISK_USAGE" -lt 90 ]; then
+        echo -e "${YELLOW}${DISK_USAGE}% used (warning)${NC}"
+    else
+        echo -e "${RED}${DISK_USAGE}% used (critical)${NC}"
+    fi
+
+    echo ""
+}
+
+# Main program loop
+while true; do
+    show_menu
+    case $choice in
+        1) check_sop_001; read -p "Press Enter to continue..." ;;
+        2) check_sop_002; read -p "Press Enter to continue..." ;;
+        3) check_sop_003; read -p "Press Enter to continue..." ;;
+        4) check_all; read -p "Press Enter to continue..." ;;
+        5) echo "Exiting..."; exit 0 ;;
+        *) echo "Invalid choice. Please try again."; sleep 2 ;;
+    esac
+done

package/skills/skill-adapter/assets/README.md

@@ -0,0 +1,5 @@
+# Assets
+
+Bundled resources for fairdb-ops-manager skill
+
+- [ ] example_backup_report.txt: Example backup report output

package/skills/skill-adapter/assets/config-template.json

@@ -0,0 +1,32 @@
+{
+  "skill": {
+    "name": "skill-name",
+    "version": "1.0.0",
+    "enabled": true,
+    "settings": {
+      "verbose": false,
+      "autoActivate": true,
+      "toolRestrictions": true
+    }
+  },
+  "triggers": {
+    "keywords": [
+      "example-trigger-1",
+      "example-trigger-2"
+    ],
+    "patterns": []
+  },
+  "tools": {
+    "allowed": [
+      "Read",
+      "Grep",
+      "Bash"
+    ],
+    "restricted": []
+  },
+  "metadata": {
+    "author": "Plugin Author",
+    "category": "general",
+    "tags": []
+  }
+}

package/skills/skill-adapter/assets/skill-schema.json

@@ -0,0 +1,28 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Claude Skill Configuration",
+  "type": "object",
+  "required": ["name", "description"],
+  "properties": {
+    "name": {
+      "type": "string",
+      "pattern": "^[a-z0-9-]+$",
+      "maxLength": 64,
+      "description": "Skill identifier (lowercase, hyphens only)"
+    },
+    "description": {
+      "type": "string",
+      "maxLength": 1024,
+      "description": "What the skill does and when to use it"
+    },
+    "allowed-tools": {
+      "type": "string",
+      "description": "Comma-separated list of allowed tools"
+    },
+    "version": {
+      "type": "string",
+      "pattern": "^\\d+\\.\\d+\\.\\d+$",
+      "description": "Semantic version (x.y.z)"
+    }
+  }
+}

package/skills/skill-adapter/assets/test-data.json

@@ -0,0 +1,27 @@
+{
+  "testCases": [
+    {
+      "name": "Basic activation test",
+      "input": "trigger phrase example",
+      "expected": {
+        "activated": true,
+        "toolsUsed": ["Read", "Grep"],
+        "success": true
+      }
+    },
+    {
+      "name": "Complex workflow test",
+      "input": "multi-step trigger example",
+      "expected": {
+        "activated": true,
+        "steps": 3,
+        "toolsUsed": ["Read", "Write", "Bash"],
+        "success": true
+      }
+    }
+  ],
+  "fixtures": {
+    "sampleInput": "example data",
+    "expectedOutput": "processed result"
+  }
+}

package/skills/skill-adapter/references/README.md

@@ -0,0 +1,4 @@
+# References
+
+Bundled resources for fairdb-ops-manager skill
+

package/skills/skill-adapter/references/best-practices.md

@@ -0,0 +1,69 @@
+# Skill Best Practices
+
+Guidelines for optimal skill usage and development.
+
+## For Users
+
+### Activation Best Practices
+
+1. **Use Clear Trigger Phrases**
+   - Match phrases from skill description
+   - Be specific about intent
+   - Provide necessary context
+
+2. **Provide Sufficient Context**
+   - Include relevant file paths
+   - Specify scope of analysis
+   - Mention any constraints
+
+3. **Understand Tool Permissions**
+   - Check allowed-tools in frontmatter
+   - Know what the skill can/cannot do
+   - Request appropriate actions
+
+### Workflow Optimization
+
+- Start with simple requests
+- Build up to complex workflows
+- Verify each step before proceeding
+- Use skill consistently for related tasks
+
+## For Developers
+
+### Skill Development Guidelines
+
+1. **Clear Descriptions**
+   - Include explicit trigger phrases
+   - Document all capabilities
+   - Specify limitations
+
+2. **Proper Tool Permissions**
+   - Use minimal necessary tools
+   - Document security implications
+   - Test with restricted tools
+
+3. **Comprehensive Documentation**
+   - Provide usage examples
+   - Document common pitfalls
+   - Include troubleshooting guide
+
+### Maintenance
+
+- Keep version updated
+- Test after tool updates
+- Monitor user feedback
+- Iterate on descriptions
+
+## Performance Tips
+
+- Scope skills to specific domains
+- Avoid overlapping trigger phrases
+- Keep descriptions under 1024 chars
+- Test activation reliability
+
+## Security Considerations
+
+- Never include secrets in skill files
+- Validate all inputs
+- Use read-only tools when possible
+- Document security requirements

package/skills/skill-adapter/references/examples.md

@@ -0,0 +1,73 @@
+# Skill Usage Examples
+
+This document provides practical examples of how to use this skill effectively.
+
+## Basic Usage
+
+### Example 1: Simple Activation
+
+**User Request:**
+```
+[Describe trigger phrase here]
+```
+
+**Skill Response:**
+1. Analyzes the request
+2. Performs the required action
+3. Returns results
+
+### Example 2: Complex Workflow
+
+**User Request:**
+```
+[Describe complex scenario]
+```
+
+**Workflow:**
+1. Step 1: Initial analysis
+2. Step 2: Data processing
+3. Step 3: Result generation
+4. Step 4: Validation
+
+## Advanced Patterns
+
+### Pattern 1: Chaining Operations
+
+Combine this skill with other tools:
+```
+Step 1: Use this skill for [purpose]
+Step 2: Chain with [other tool]
+Step 3: Finalize with [action]
+```
+
+### Pattern 2: Error Handling
+
+If issues occur:
+- Check trigger phrase matches
+- Verify context is available
+- Review allowed-tools permissions
+
+## Tips & Best Practices
+
+- ✅ Be specific with trigger phrases
+- ✅ Provide necessary context
+- ✅ Check tool permissions match needs
+- ❌ Avoid vague requests
+- ❌ Don't mix unrelated tasks
+
+## Common Issues
+
+**Issue:** Skill doesn't activate
+**Solution:** Use exact trigger phrases from description
+
+**Issue:** Unexpected results
+**Solution:** Check input format and context
+
+## See Also
+
+- Main SKILL.md for full documentation
+- scripts/ for automation helpers
+- assets/ for configuration examples
+
+---
+*[Tons of Skills](https://tonsofskills.com) by [Intent Solutions](https://intentsolutions.io) | [jeremylongshore.com](https://jeremylongshore.com)*

package/skills/skill-adapter/scripts/README.md

@@ -0,0 +1,11 @@
+# Scripts
+
+Bundled resources for fairdb-ops-manager skill
+
+- [ ] vps_setup.sh: Automates initial VPS setup and hardening (SOP-001)
+- [ ] pg_install.sh: Automates PostgreSQL 16 installation and configuration (SOP-002)
+- [ ] backup_setup.sh: Automates backup system setup and verification (SOP-003)
+- [ ] health_check.sh: Script to perform health checks on the PostgreSQL server
+- [ ] backup_restore_test.sh: Script to test backup restoration process
+- [ ] incident_diagnosis.sh: Script for diagnosing common PostgreSQL incidents
+- [ ] compliance_audit.sh: Script for running compliance audits on the PostgreSQL server

package/skills/skill-adapter/scripts/helper-template.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+# Helper script template for skill automation
+# Customize this for your skill's specific needs
+
+set -e
+
+function show_usage() {
+    echo "Usage: $0 [options]"
+    echo ""
+    echo "Options:"
+    echo "  -h, --help     Show this help message"
+    echo "  -v, --verbose  Enable verbose output"
+    echo ""
+}
+
+# Parse arguments
+VERBOSE=false
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        -h|--help)
+            show_usage
+            exit 0
+            ;;
+        -v|--verbose)
+            VERBOSE=true
+            shift
+            ;;
+        *)
+            echo "Unknown option: $1"
+            show_usage
+            exit 1
+            ;;
+    esac
+done
+
+# Your skill logic here
+if [ "$VERBOSE" = true ]; then
+    echo "Running skill automation..."
+fi
+
+echo "✅ Complete"

package/skills/skill-adapter/scripts/validation.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# Skill validation helper
+# Validates skill activation and functionality
+
+set -e
+
+echo "🔍 Validating skill..."
+
+# Check if SKILL.md exists
+if [ ! -f "../SKILL.md" ]; then
+    echo "❌ Error: SKILL.md not found"
+    exit 1
+fi
+
+# Validate frontmatter
+if ! grep -q "^---$" "../SKILL.md"; then
+    echo "❌ Error: No frontmatter found"
+    exit 1
+fi
+
+# Check required fields
+if ! grep -q "^name:" "../SKILL.md"; then
+    echo "❌ Error: Missing 'name' field"
+    exit 1
+fi
+
+if ! grep -q "^description:" "../SKILL.md"; then
+    echo "❌ Error: Missing 'description' field"
+    exit 1
+fi
+
+echo "✅ Skill validation passed"