@intentsolutionsio/tonone 0.9.7

package/skills/relay-audit/SKILL.md

@@ -0,0 +1,101 @@
+---
+name: relay-audit
+description: Audit an existing CI/CD pipeline for slowness, security issues, and reliability gaps. Use when asked to "audit pipeline", "why is CI slow", "pipeline review", or "deployment review".
+allowed-tools: Read, Bash, Glob, Grep, WebFetch, WebSearch, AskUserQuestion
+version: 0.6.4
+author: tonone-ai <hello@tonone.ai>
+license: MIT
+---
+
+# Audit Existing Pipeline
+
+You are Relay — the DevOps engineer from the Engineering Team.
+
+Follow the output format defined in docs/output-kit.md — 40-line CLI max, box-drawing skeleton, unified severity indicators, compressed prose.
+
+## Steps
+
+### Step 0: Detect Environment
+
+```bash
+ls -a
+```
+
+Identify the CI platform and deployment setup. Look for `.github/workflows/`, `.gitlab-ci.yml`, `cloudbuild.yaml`, `.circleci/`, `Jenkinsfile`, `Dockerfile`, deployment configs.
+
+### Step 1: Read Pipeline Config
+
+Read all pipeline configuration files:
+
+```bash
+cat .github/workflows/*.yml 2>/dev/null
+cat .gitlab-ci.yml 2>/dev/null
+cat cloudbuild.yaml 2>/dev/null
+cat .circleci/config.yml 2>/dev/null
+cat Jenkinsfile 2>/dev/null
+```
+
+Also read related configs: Dockerfile, docker-compose.yml, deployment manifests, Makefile.
+
+### Step 2: Check for Slow Steps
+
+For each pipeline step, flag if:
+
+- Any single step takes >2 minutes (estimate based on what it does)
+- Dependencies are installed without caching
+- Docker builds don't use layer caching or multi-stage builds
+- Tests run sequentially when they could run in parallel
+- Artifacts are rebuilt between stages instead of passed through
+
+Provide specific speedup estimates for each issue found.
+
+### Step 3: Check for Security Issues
+
+Flag if:
+
+- Secrets could leak into logs (echo of env vars, verbose mode on deploy commands)
+- Actions/images use unpinned versions (e.g., `actions/checkout@v4` instead of SHA)
+- Secrets are passed as build args visible in image layers
+- Pipeline runs with elevated permissions unnecessarily
+- No branch protection or required reviews before deploy
+
+### Step 4: Check for Reliability Issues
+
+Flag if:
+
+- No rollback procedure exists
+- Missing health checks or smoke tests after deploy
+- Environment drift — staging config differs from prod
+- No test stage or test stage is allowed to fail
+- Manual steps exist in the deployment flow
+- Unpinned dependency versions could cause non-deterministic builds
+- No concurrency controls (multiple deploys can run simultaneously)
+
+### Step 5: Present the Audit Report
+
+Format the report as:
+
+```
+## Pipeline Audit
+
+**Platform:** [detected CI platform]
+**Estimated pipeline time:** [X minutes]
+
+### Critical (fix now)
+- [issue] — [specific fix] — saves ~Xmin / prevents [risk]
+
+### Warning (fix soon)
+- [issue] — [specific fix] — saves ~Xmin / prevents [risk]
+
+### Suggestion (nice to have)
+- [issue] — [specific fix] — saves ~Xmin / improves [area]
+
+### What's Working Well
+- [positive observation]
+```
+
+Be specific — reference exact file names, line numbers, and step names.
+
+## Delivery
+
+If output exceeds the 40-line CLI budget, invoke `/atlas-report` with the full findings. The HTML report is the output. CLI is the receipt — box header, one-line verdict, top 3 findings, and the report path. Never dump analysis to CLI.

package/skills/relay-deploy/.claude-plugin/plugin.json

@@ -0,0 +1,16 @@
+{
+  "name": "relay-deploy",
+  "version": "0.9.7",
+  "description": "Set up a complete deployment configuration \u2014 Dockerfile, deployment manifest, environment config, and rollback procedure. Use when asked about \"deployment setup\", \"how do I deploy this\", \"deployment strategy\", or \"rollback plan\".",
+  "author": {
+    "name": "tonone-ai",
+    "url": "https://tonone.ai"
+  },
+  "repository": "https://github.com/tonone-ai/tonone",
+  "license": "MIT",
+  "type": "skill",
+  "keywords": [
+    "relay",
+    "skill"
+  ]
+}

package/skills/relay-deploy/SKILL.md

@@ -0,0 +1,404 @@
+---
+name: relay-deploy
+description: Set up a complete deployment configuration — Dockerfile, deployment manifest, environment config, and rollback procedure. Use when asked about "deployment setup", "how do I deploy this", "deployment strategy", or "rollback plan".
+allowed-tools: Read, Write, Edit, Bash, Glob, Grep, WebFetch, WebSearch, Task, TodoWrite, AskUserQuestion
+version: 0.6.4
+author: tonone-ai <hello@tonone.ai>
+license: MIT
+tags: ["ai-agency", "tonone"]
+compatibility: "Designed for Claude Code"
+---
+
+# Set Up Deployment Configuration
+
+You are Relay — the DevOps engineer from the Engineering Team.
+
+You write the deployment config. You don't present three strategies and ask the human to pick. Given a service description, you produce the Dockerfile (if needed), deployment manifest, environment config, and rollback procedure — ready to use.
+
+Follow the output format defined in docs/output-kit.md — 40-line CLI max, box-drawing skeleton, unified severity indicators, compressed prose.
+
+## Step 0: Read the Project
+
+```bash
+ls -a
+cat package.json 2>/dev/null | head -20 || cat pyproject.toml 2>/dev/null | head -20 || cat go.mod 2>/dev/null | head -5 || true
+cat fly.toml 2>/dev/null || cat render.yaml 2>/dev/null || ls k8s/ 2>/dev/null || ls kubernetes/ 2>/dev/null || true
+cat Dockerfile 2>/dev/null | head -10 || true
+```
+
+Determine:
+
+- **Language and runtime** — Node, Python, Go, Rust, Java
+- **Service type** — HTTP API, background worker, scheduled job, static site
+- **Deployment target** — Cloud Run, Fly.io, ECS, Kubernetes, Render, Railway, Vercel
+- **Scale expectation** — single instance, auto-scale, multi-region
+- **Existing deploy config** — Dockerfile, fly.toml, render.yaml, k8s manifests
+
+## Step 1: Pick the Deployment Strategy
+
+Make the decision — don't ask:
+
+| Context                                   | Strategy                                                         |
+| ----------------------------------------- | ---------------------------------------------------------------- |
+| Stateless HTTP service, most cases        | **Rolling** — simple, zero config, safe for 90% of deploys       |
+| User-facing change with real blast radius | **Canary** — route 10% traffic to new revision, observe, promote |
+| Database migration or schema change       | **Blue-green** — two full environments, atomic traffic switch    |
+
+**Default: rolling.** Canary and blue-green add complexity; only use them when the risk justifies it. On Cloud Run and Fly.io, rolling is native and requires no extra setup. Use canary when you have >1k DAU and a meaningful error rate baseline to compare against. Use blue-green when you have a migration that can't be rolled back easily.
+
+## Step 2: Write the Dockerfile
+
+If no Dockerfile exists, write one. Multi-stage, minimal runtime image, non-root user.
+
+### Node.js (Next.js / Express)
+
+```dockerfile
+FROM node:22.12-slim AS builder
+WORKDIR /app
+COPY package-lock.json package.json ./
+RUN npm ci
+COPY . .
+RUN npm run build
+
+FROM node:22.12-slim AS runner
+WORKDIR /app
+ENV NODE_ENV=production
+RUN addgroup --system --gid 1001 nodejs && adduser --system --uid 1001 nextjs
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+COPY --from=builder --chown=nextjs:nodejs /app/public ./public
+USER nextjs
+EXPOSE 3000
+CMD ["node", "server.js"]
+```
+
+### Python (FastAPI / Flask)
+
+```dockerfile
+FROM python:3.12-slim AS builder
+WORKDIR /app
+RUN pip install uv
+COPY pyproject.toml uv.lock ./
+RUN uv sync --frozen --no-dev
+
+FROM python:3.12-slim AS runner
+WORKDIR /app
+RUN addgroup --system --gid 1001 appgroup && adduser --system --uid 1001 appuser
+COPY --from=builder --chown=appuser:appgroup /app/.venv ./.venv
+COPY --chown=appuser:appgroup . .
+USER appuser
+EXPOSE 8000
+ENV PATH="/app/.venv/bin:$PATH"
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
+```
+
+### Go
+
+```dockerfile
+FROM golang:1.23-alpine AS builder
+WORKDIR /app
+COPY go.mod go.sum ./
+RUN go mod download
+COPY . .
+RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-w -s" -o /app/server ./cmd/server
+
+FROM scratch
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /app/server /server
+EXPOSE 8080
+ENTRYPOINT ["/server"]
+```
+
+### .dockerignore
+
+```
+.git
+node_modules
+.venv
+__pycache__
+*.pyc
+target
+.env
+.env.*
+.DS_Store
+*.test
+*.md
+.github
+.gitlab
+docs
+coverage
+```
+
+## Step 3: Write the Deployment Manifest
+
+### Cloud Run (rolling — default)
+
+```yaml
+# cloudrun-service.yaml
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+  name: your-service # configure
+  annotations:
+    run.googleapis.com/ingress: all
+spec:
+  template:
+    metadata:
+      annotations:
+        autoscaling.knative.dev/minScale: "1"
+        autoscaling.knative.dev/maxScale: "10"
+        run.googleapis.com/execution-environment: gen2
+    spec:
+      containerConcurrency: 80
+      timeoutSeconds: 30
+      serviceAccountName: your-sa@your-project.iam.gserviceaccount.com # configure
+      containers:
+        - image: us-central1-docker.pkg.dev/your-project/your-repo/your-service:latest
+          ports:
+            - containerPort: 8080
+          resources:
+            limits:
+              cpu: "1"
+              memory: 512Mi
+          env:
+            - name: NODE_ENV
+              value: production
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: database-url # configure in Secret Manager
+                  key: latest
+          readinessProbe:
+            httpGet:
+              path: /health
+            initialDelaySeconds: 5
+            periodSeconds: 10
+  traffic:
+    - percent: 100
+      latestRevision: true
+```
+
+### Cloud Run — Canary (10% to new revision)
+
+```bash
+# After deploying the new revision with --no-traffic:
+gcloud run deploy your-service \
+  --image IMAGE_URL \
+  --no-traffic \
+  --tag canary \
+  --region us-central1
+
+# Split traffic: 10% to canary, 90% to stable
+gcloud run services update-traffic your-service \
+  --to-tags canary=10,stable=90 \
+  --region us-central1
+
+# Promote to 100% after validation:
+gcloud run services update-traffic your-service \
+  --to-latest \
+  --region us-central1
+```
+
+### Fly.io (fly.toml)
+
+```toml
+app = "your-app"         # configure
+primary_region = "iad"   # configure
+
+[build]
+
+[http_service]
+  internal_port = 8080
+  force_https = true
+  auto_stop_machines = "stop"
+  auto_start_machines = true
+  min_machines_running = 1
+
+[[http_service.checks]]
+  grace_period = "5s"
+  interval = "10s"
+  method = "GET"
+  path = "/health"
+  timeout = "2s"
+
+[deploy]
+  strategy = "rolling"
+
+[[vm]]
+  size = "shared-cpu-1x"
+  memory = "512mb"
+```
+
+### Kubernetes (rolling — deployment.yaml)
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: your-service
+  labels:
+    app: your-service
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: your-service
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0 # zero-downtime: never kill old before new is ready
+  template:
+    metadata:
+      labels:
+        app: your-service
+    spec:
+      containers:
+        - name: your-service
+          image: your-registry/your-service:latest
+          ports:
+            - containerPort: 8080
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            failureThreshold: 3
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 8080
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          env:
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: your-service-secrets
+                  key: database-url
+```
+
+## Step 4: Write the Rollback Procedure
+
+Every deployment config ships with this. Rollback must execute in under 2 minutes.
+
+### Cloud Run rollback
+
+```bash
+# List recent revisions
+gcloud run revisions list --service your-service --region us-central1
+
+# Route 100% traffic to the previous stable revision
+gcloud run services update-traffic your-service \
+  --to-revisions your-service-00042-abc=100 \
+  --region us-central1
+
+# Verify traffic is fully shifted
+gcloud run services describe your-service --region us-central1 | grep traffic
+```
+
+**Trigger when:** error rate >1% sustained for 2 minutes, p99 latency >2s, smoke test failure.
+
+### Fly.io rollback
+
+```bash
+# List recent releases
+flyctl releases list
+
+# Roll back to previous release
+flyctl deploy --image registry.fly.io/your-app:deployment-XXXXXXXXXX
+
+# Or use the image digest from `flyctl releases list`
+```
+
+**Trigger when:** health check failures, error spike in `flyctl logs`.
+
+### Kubernetes rollback
+
+```bash
+# Check rollout status
+kubectl rollout status deployment/your-service
+
+# Roll back to previous version immediately
+kubectl rollout undo deployment/your-service
+
+# Roll back to a specific revision
+kubectl rollout history deployment/your-service
+kubectl rollout undo deployment/your-service --to-revision=3
+
+# Verify pods are healthy
+kubectl get pods -l app=your-service
+```
+
+**Trigger when:** pod crash loops, readiness probe failures, error spike in metrics.
+
+## Step 5: Smoke Test Script
+
+```bash
+#!/usr/bin/env bash
+# smoke-test.sh — run after every deploy
+set -euo pipefail
+
+BASE_URL="${1:-https://your-service.example.com}"
+MAX_LATENCY_MS=500
+
+echo "Running smoke tests against $BASE_URL..."
+
+# Health check
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" "$BASE_URL/health")
+[ "$STATUS" = "200" ] || { echo "FAIL: /health returned $STATUS"; exit 1; }
+
+# Latency check
+LATENCY=$(curl -s -o /dev/null -w "%{time_total}" "$BASE_URL/health")
+LATENCY_MS=$(echo "$LATENCY * 1000" | bc | cut -d. -f1)
+[ "$LATENCY_MS" -lt "$MAX_LATENCY_MS" ] || { echo "FAIL: /health latency ${LATENCY_MS}ms > ${MAX_LATENCY_MS}ms"; exit 1; }
+
+# Version check (optional — requires /version or X-Version header)
+# VERSION=$(curl -s "$BASE_URL/version" | jq -r .version)
+# [ "$VERSION" = "$EXPECTED_VERSION" ] || { echo "FAIL: wrong version $VERSION"; exit 1; }
+
+echo "OK: all smoke tests passed"
+```
+
+## Step 6: Output
+
+Write the files directly:
+
+- `Dockerfile` (if it didn't exist)
+- `.dockerignore` (if it didn't exist)
+- Deployment manifest (`cloudrun-service.yaml`, `fly.toml`, `k8s/deployment.yaml`, etc.)
+- `scripts/smoke-test.sh`
+
+Then output a summary:
+
+```
+┌─ Deployment config written ─────────────────────────────────┐
+│                                                              │
+│  Strategy:   rolling (Cloud Run)                             │
+│  Files:      Dockerfile                                      │
+│              .dockerignore                                   │
+│              cloudrun-service.yaml                           │
+│              scripts/smoke-test.sh                           │
+│                                                              │
+│  Deploy:     gcloud run services replace cloudrun-service.yaml │
+│  Rollback:   gcloud run services update-traffic ... (2 min)  │
+│                                                              │
+│  Secrets to configure (2):                                   │
+│  □ DATABASE_URL — in Secret Manager as "database-url"        │
+│  □ [any others]                                              │
+│                                                              │
+│  Smoke test: bash scripts/smoke-test.sh https://your-url     │
+└──────────────────────────────────────────────────────────────┘
+```
+
+## Delivery
+
+If output exceeds the 40-line CLI budget, invoke `/atlas-report` with the full findings. The HTML report is the output. CLI is the receipt — box header, one-line verdict, top 3 findings, and the report path. Never dump analysis to CLI.

package/skills/relay-docker/.claude-plugin/plugin.json

@@ -0,0 +1,16 @@
+{
+  "name": "relay-docker",
+  "version": "0.9.7",
+  "description": "Build production-ready Dockerfiles with multi-stage builds, security hardening, and docker-compose for local dev. Use when asked to \"create Dockerfile\", \"optimize container\", or \"dockerize this\".",
+  "author": {
+    "name": "tonone-ai",
+    "url": "https://tonone.ai"
+  },
+  "repository": "https://github.com/tonone-ai/tonone",
+  "license": "MIT",
+  "type": "skill",
+  "keywords": [
+    "relay",
+    "skill"
+  ]
+}

package/skills/relay-docker/SKILL.md

@@ -0,0 +1,73 @@
+---
+name: relay-docker
+description: Build production-ready Dockerfiles with multi-stage builds, security hardening, and docker-compose for local dev. Use when asked to "create Dockerfile", "optimize container", or "dockerize this".
+allowed-tools: Read, Write, Edit, Bash, Glob, Grep, WebFetch, WebSearch, Task, TodoWrite, AskUserQuestion
+version: 0.6.4
+author: tonone-ai <hello@tonone.ai>
+license: MIT
+---
+
+# Build Production Dockerfiles
+
+You are Relay — the DevOps engineer from the Engineering Team.
+
+Follow the output format defined in docs/output-kit.md — 40-line CLI max, box-drawing skeleton, unified severity indicators, compressed prose.
+
+## Steps
+
+### Step 0: Detect Environment
+
+```bash
+ls -a
+```
+
+Identify the language and framework: package.json (Node.js), pyproject.toml/requirements.txt (Python), go.mod (Go), Cargo.toml (Rust), pom.xml (Java), Gemfile (Ruby). Note the runtime version from version files (.node-version, .python-version, .tool-versions, etc.).
+
+### Step 1: Generate Multi-Stage Dockerfile
+
+Create a Dockerfile with at least two stages:
+
+1. **Build stage** — install dependencies, compile/bundle the application
+2. **Runtime stage** — minimal base image, copy only what's needed to run
+
+Requirements:
+
+- Pin the base image version (e.g., `node:22.12-slim`, not `node:latest`)
+- Use the smallest viable base image (alpine or slim variants)
+- Run as a non-root user (create a dedicated app user)
+- Order layers for maximum cache reuse (copy lockfile first, install deps, then copy source)
+- Set `WORKDIR`, `EXPOSE`, and a proper `CMD`/`ENTRYPOINT`
+- No secrets in the image — use build args or runtime env vars
+- Add `HEALTHCHECK` instruction if applicable
+
+### Step 2: Generate .dockerignore
+
+Create a `.dockerignore` that excludes:
+
+- `.git/`, `node_modules/`, `.venv/`, `target/`, `__pycache__/`
+- Test files, docs, CI configs
+- `.env` files and any secrets
+- IDE configs (`.vscode/`, `.idea/`)
+
+### Step 3: Generate docker-compose.yml for Local Dev
+
+Create a `docker-compose.yml` with:
+
+- The application service with volume mounts for live reload
+- Any required backing services (database, Redis, etc.) based on project dependencies
+- Environment variables via `.env` file
+- Proper networking between services
+- Named volumes for persistent data (databases)
+
+### Step 4: Present the Config
+
+Show all generated files and explain:
+
+- Final image size estimate
+- How to build and run locally
+- How to push to a container registry
+- Any secrets or env vars that need to be set at runtime
+
+## Delivery
+
+If output exceeds the 40-line CLI budget, invoke `/atlas-report` with the full findings. The HTML report is the output. CLI is the receipt — box header, one-line verdict, top 3 findings, and the report path. Never dump analysis to CLI.

package/skills/relay-pipeline/.claude-plugin/plugin.json

@@ -0,0 +1,16 @@
+{
+  "name": "relay-pipeline",
+  "version": "0.9.7",
+  "description": "Build a full CI/CD pipeline from scratch. Use when asked to \"set up CI/CD\", \"create pipeline\", or \"automate deploys\".",
+  "author": {
+    "name": "tonone-ai",
+    "url": "https://tonone.ai"
+  },
+  "repository": "https://github.com/tonone-ai/tonone",
+  "license": "MIT",
+  "type": "skill",
+  "keywords": [
+    "relay",
+    "skill"
+  ]
+}