@jaguilar87/gaia-ops 3.3.2 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/agents/aws-troubleshooter.md +0 -2
- package/agents/devops-developer.md +3 -5
- package/agents/gcp-troubleshooter.md +0 -2
- package/agents/gitops-operator.md +4 -10
- package/agents/terraform-architect.md +4 -9
- package/config/universal-rules.json +48 -0
- package/package.json +1 -1
- package/tests/permissions-validation/MANUAL_VALIDATION.md +290 -8413
- package/tools/2-context/context_provider.py +60 -1
|
@@ -37,7 +37,6 @@ Your final output is a clear report detailing discrepancies between code and liv
|
|
|
37
37
|
|
|
38
38
|
## Forbidden Actions
|
|
39
39
|
|
|
40
|
-
- **NO exploration commands** like `find`, `grep -r`, or `ls -R`
|
|
41
40
|
- **NO code changes** - your output is diagnostic report only
|
|
42
41
|
|
|
43
42
|
## Capabilities by Security Tier
|
|
@@ -109,7 +108,6 @@ You are a strictly T0-T2 agent. **T3 operations are forbidden.**
|
|
|
109
108
|
|
|
110
109
|
### CANNOT DO
|
|
111
110
|
- **Write Operations (T3 BLOCKED):** No `aws create-*/update-*/delete-*`, no `terraform apply`, no `kubectl apply`
|
|
112
|
-
- **Exploration:** No `find`, `grep -r`, `ls -R` (paths provided in contract)
|
|
113
111
|
- **Code Changes:** No modifications to Terraform or YAML files
|
|
114
112
|
- **Infrastructure Modification:** Cannot invoke other agents
|
|
115
113
|
|
|
@@ -37,7 +37,6 @@ Your final output is either a "Realization Package" (new/modified code) or a det
|
|
|
37
37
|
|
|
38
38
|
## Forbidden Actions
|
|
39
39
|
|
|
40
|
-
- **NO exploration commands** like `find`, `grep -r`, or `ls -R`
|
|
41
40
|
- **NO live deployments** or destructive operations
|
|
42
41
|
|
|
43
42
|
## Output Protocol
|
|
@@ -126,8 +125,8 @@ If blocked actions needed, document the requirement, draft the change in code, a
|
|
|
126
125
|
|
|
127
126
|
### Phase 4: Deliver
|
|
128
127
|
1. Stage changes (`git add`)
|
|
129
|
-
2.
|
|
130
|
-
3.
|
|
128
|
+
2. Validate commit message with `commit_validator.py`
|
|
129
|
+
3. Create commit and prepare PR if needed
|
|
131
130
|
|
|
132
131
|
## Explicit Scope
|
|
133
132
|
|
|
@@ -138,8 +137,7 @@ If blocked actions needed, document the requirement, draft the change in code, a
|
|
|
138
137
|
- Generate patches and modifications
|
|
139
138
|
- Run linters, formatters, tests, type checkers
|
|
140
139
|
- Security scans (`npm audit`, `pip-audit`)
|
|
141
|
-
- Git operations (add, commit, push to feature branch
|
|
142
|
-
- File operations with Read, Write, Edit, Grep tools
|
|
140
|
+
- Git operations (add, commit, push to feature branch)
|
|
143
141
|
|
|
144
142
|
### CANNOT DO
|
|
145
143
|
- **Live Deployments (T3 BLOCKED):** No `docker push` to production, no `npm run deploy`, no `kubectl apply`
|
|
@@ -37,7 +37,6 @@ Your final output is a clear report detailing discrepancies between code and liv
|
|
|
37
37
|
|
|
38
38
|
## Forbidden Actions
|
|
39
39
|
|
|
40
|
-
- **NO exploration commands** like `find`, `grep -r`, or `ls -R`
|
|
41
40
|
- **NO code changes** - your output is diagnostic report only
|
|
42
41
|
|
|
43
42
|
## Capabilities by Security Tier
|
|
@@ -123,7 +122,6 @@ bash .claude/tools/fast-queries/cloud/gcp/quicktriage_gcp_troubleshooter.sh [pro
|
|
|
123
122
|
|
|
124
123
|
### CANNOT DO
|
|
125
124
|
- **Write Operations (T3 BLOCKED):** No `gcloud create/update/delete`, no `terraform apply`, no `kubectl apply`
|
|
126
|
-
- **Exploration:** No `find`, `grep -r`, `ls -R` (paths provided in contract)
|
|
127
125
|
- **Code Changes:** No modifications to Terraform or YAML files
|
|
128
126
|
- **Infrastructure Modification:** Cannot invoke other agents
|
|
129
127
|
|
|
@@ -32,8 +32,8 @@ Your contract contains the GitOps repository path under `gitops_configuration.re
|
|
|
32
32
|
**Before generating ANY new resource, you MUST:**
|
|
33
33
|
|
|
34
34
|
**Step A: Discover similar resources**
|
|
35
|
-
```
|
|
36
|
-
|
|
35
|
+
```
|
|
36
|
+
Glob("**/release.yaml", path=gitops_path)
|
|
37
37
|
```
|
|
38
38
|
|
|
39
39
|
**Step B: Read and analyze examples**
|
|
@@ -132,14 +132,9 @@ kubectl wait --for=condition=Ready helmrelease/<name> -n <namespace> --timeout=1
|
|
|
132
132
|
kubectl get helmrelease <name> -n <namespace> -o jsonpath='{.status.conditions[?(@.type=="Ready")]}'
|
|
133
133
|
```
|
|
134
134
|
|
|
135
|
-
**CRITICAL:** Always use `--timeout=90s` or less with flux reconcile.
|
|
136
|
-
|
|
137
135
|
## Commit Message Protocol
|
|
138
136
|
|
|
139
|
-
|
|
140
|
-
- Scope: Kubernetes component (e.g., `workload-identity`, `helmrelease`, `networking`)
|
|
141
|
-
- **Example:** `feat(workload-identity): add pg-web-sa service account`
|
|
142
|
-
- **MUST NOT** add footers like "Generated by Claude" or "Co-Authored-By"
|
|
137
|
+
Use `commit_validator.py` to validate all commit messages before committing. See universal rules in context payload.
|
|
143
138
|
|
|
144
139
|
## Quick Diagnostics
|
|
145
140
|
|
|
@@ -195,8 +190,7 @@ bash .claude/tools/fast-queries/gitops/quicktriage_gitops_operator.sh [namespace
|
|
|
195
190
|
- Run kubectl commands (get, describe, logs, apply --dry-run, diff)
|
|
196
191
|
- Run helm commands (template, lint, list, status)
|
|
197
192
|
- Run flux commands (get, reconcile with timeout)
|
|
198
|
-
- Git operations for realization (add, commit, push
|
|
199
|
-
- File operations with Read, Write, Edit, Grep, Glob tools
|
|
193
|
+
- Git operations for realization (add, commit, push)
|
|
200
194
|
|
|
201
195
|
### CANNOT DO
|
|
202
196
|
- **Infrastructure/Terraform Operations:** No terraform/terragrunt commands (delegate to terraform-architect)
|
|
@@ -32,8 +32,8 @@ Your contract contains the Terraform repository path under `terraform_infrastruc
|
|
|
32
32
|
**Before generating ANY new resource, you MUST:**
|
|
33
33
|
|
|
34
34
|
**Step A: Discover similar resources**
|
|
35
|
-
```
|
|
36
|
-
|
|
35
|
+
```
|
|
36
|
+
Glob("**/terragrunt.hcl", path=terraform_path)
|
|
37
37
|
```
|
|
38
38
|
|
|
39
39
|
**Step B: Read and analyze examples**
|
|
@@ -103,11 +103,7 @@ You will NEVER apply changes that are not verifiably versioned in Git.
|
|
|
103
103
|
|
|
104
104
|
## Commit Message Protocol
|
|
105
105
|
|
|
106
|
-
|
|
107
|
-
- Types: `feat`, `fix`, `build`, `chore`, `ci`, `docs`, `perf`, `refactor`, `revert`, `style`, `test`
|
|
108
|
-
- Scope: infrastructure component (e.g., `gke`, `vpc`, `iam`)
|
|
109
|
-
- **Example:** `feat(iam): add pg-web-sa service account`
|
|
110
|
-
- **MUST NOT** add footers like "Generated by Claude" or "Co-Authored-By"
|
|
106
|
+
Use `commit_validator.py` to validate all commit messages before committing. See universal rules in context payload.
|
|
111
107
|
|
|
112
108
|
## Quick Diagnostics
|
|
113
109
|
|
|
@@ -161,8 +157,7 @@ bash .claude/tools/fast-queries/terraform/quicktriage_terraform_architect.sh [di
|
|
|
161
157
|
- Discover patterns in terraform modules
|
|
162
158
|
- Generate new .tf/.hcl files following patterns
|
|
163
159
|
- Run terraform/terragrunt commands (init, validate, plan, apply with approval)
|
|
164
|
-
- Git operations for realization (add, commit, push
|
|
165
|
-
- File operations with Read, Write, Edit, Grep, Glob tools
|
|
160
|
+
- Git operations for realization (add, commit, push)
|
|
166
161
|
|
|
167
162
|
### CANNOT DO
|
|
168
163
|
- **Kubernetes/GitOps Operations:** No `kubectl`, no Flux manifests (delegate to gitops-operator)
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version": "1.0.0",
|
|
3
|
+
"description": "Universal rules injected via context_provider.py to ensure consistent agent behavior",
|
|
4
|
+
"rules": {
|
|
5
|
+
"universal": [
|
|
6
|
+
{
|
|
7
|
+
"id": "U1",
|
|
8
|
+
"category": "tools",
|
|
9
|
+
"rule": "Use Claude Code native tools for file operations:\n- Search files by name: Glob(pattern, path)\n- Search content: Grep(pattern, path, glob, output_mode, -A/-B/-C for context)\n- Read files: Read(file_path, offset, limit). Use offset/limit for large files\n- Edit files: Edit(file_path, old_string, new_string, replace_all)\n- Write files: Write(file_path, content)\n- For bash, keep commands simple and use tool flags (--working-dir, -C, -n) instead of cd chaining or complex pipes."
|
|
10
|
+
},
|
|
11
|
+
{
|
|
12
|
+
"id": "U2",
|
|
13
|
+
"category": "user_interaction",
|
|
14
|
+
"rule": "When presenting 3 or more valid options to the user, use AskUserQuestion tool with clickable options instead of writing options in plain text. This applies to architecture decisions, tool selection, environment choices, and any situation with multiple valid approaches."
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"id": "U3",
|
|
18
|
+
"category": "paths",
|
|
19
|
+
"rule": "Always use absolute paths in all file operations. Never use relative paths like ../../ or ./something."
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
"id": "U4",
|
|
23
|
+
"category": "commits",
|
|
24
|
+
"rule": "For all git commits, use commit_validator.py to validate message format before committing. Run: python3 .claude/tools/0-guards/commit_validator.py --validate \"<message>\""
|
|
25
|
+
}
|
|
26
|
+
],
|
|
27
|
+
"agent_specific": {
|
|
28
|
+
"gitops-operator": [
|
|
29
|
+
{
|
|
30
|
+
"id": "G1",
|
|
31
|
+
"rule": "For flux reconcile commands, always use --timeout=90s or less to avoid Bash timeout issues."
|
|
32
|
+
}
|
|
33
|
+
],
|
|
34
|
+
"gcp-troubleshooter": [
|
|
35
|
+
{
|
|
36
|
+
"id": "C1",
|
|
37
|
+
"rule": "For gcloud commands with large output, save to file using --format=json > /tmp/output.json, then use Read tool to process."
|
|
38
|
+
}
|
|
39
|
+
],
|
|
40
|
+
"aws-troubleshooter": [
|
|
41
|
+
{
|
|
42
|
+
"id": "A1",
|
|
43
|
+
"rule": "For AWS CLI commands with large output, save to file using --output json > /tmp/output.json, then use Read tool to process."
|
|
44
|
+
}
|
|
45
|
+
]
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
}
|