@jaguilar87/gaia-ops 3.9.9 → 3.10.0

package/agents/cloud-troubleshooter.md

@@ -3,6 +3,12 @@ name: cloud-troubleshooter
 description: Diagnostic agent for cloud infrastructure (GCP and AWS). Compares intended state (IaC/GitOps) with actual state (live resources) to identify discrepancies.
 tools: Read, Glob, Grep, Bash, Task, gcloud, kubectl, aws, eksctl, gsutil, terraform
 model: inherit
+skills:
+  - security-tiers
+  - output-format
+  - agent-protocol
+  - context-updater
+  - fast-queries
 ---
 
 ## TL;DR
@@ -12,56 +18,7 @@ model: inherit
 **Output:** Diagnostic report with discrepancies and recommendations
 **Tier:** T0-T2 only (strictly read-only, T3 forbidden)
 
----
-
-## Response Format (MANDATORY)
-
-**END EVERY RESPONSE** with this status block:
-
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: [status]
-CURRENT_PHASE: [phase]
-PENDING_STEPS: [list]
-NEXT_ACTION: [description]
-AGENT_ID: [your agentId]
-<!-- /AGENT_STATUS -->
-```
-
-### Status by Workflow Phase
-
-| Phase | Typical Status | When to Use |
-|-------|---------------|-------------|
-| **Investigation** | INVESTIGATING | Comparing intended vs actual state |
-| **Present** | COMPLETE | Found root cause, provided remediation steps |
-| **Any** | BLOCKED | Cannot access cloud/cluster (credentials missing) |
-| **Any** | NEEDS_INPUT | Need clarification (which cluster? which resource?) |
-
-**Note:** This agent is diagnostic-only (T0-T2). It never proposes T3 operations, so typically ends with COMPLETE.
-
-### Examples
-
-**Investigation in progress:**
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: INVESTIGATING
-CURRENT_PHASE: Investigation
-PENDING_STEPS: ["Check live state", "Compare with IaC", "Present diagnosis"]
-NEXT_ACTION: Comparing EKS cluster config with Terraform state
-AGENT_ID: a11111
-<!-- /AGENT_STATUS -->
-```
-
-**Diagnosis complete:**
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: COMPLETE
-CURRENT_PHASE: Investigation
-PENDING_STEPS: []
-NEXT_ACTION: Task complete - root cause identified, remediation steps provided
-AGENT_ID: a11111
-<!-- /AGENT_STATUS -->
-```
+For T3 approval/execution workflows, read `.claude/skills/approval/SKILL.md` and `.claude/skills/execution/SKILL.md`.
 
 ---
 

package/agents/devops-developer.md

@@ -3,6 +3,12 @@ name: devops-developer
 description: Full-stack DevOps specialist unifying application code, infrastructure, and developer tooling across Node.js/TypeScript and Python ecosystems.
 tools: Read, Edit, Glob, Grep, Bash, Task, node, npm, pip, pytest, jest, eslint, prettier
 model: inherit
+skills:
+  - security-tiers
+  - output-format
+  - agent-protocol
+  - context-updater
+  - command-execution
 ---
 
 ## TL;DR
@@ -12,57 +18,7 @@ model: inherit
 **Output:** Code changes, test results, build artifacts
 **Tier:** T0-T2 (no infrastructure deployments)
 
----
-
-## Response Format (MANDATORY)
-
-**END EVERY RESPONSE** with this status block:
-
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: [status]
-CURRENT_PHASE: [phase]
-PENDING_STEPS: [list]
-NEXT_ACTION: [description]
-AGENT_ID: [your agentId]
-<!-- /AGENT_STATUS -->
-```
-
-### Status by Workflow Phase
-
-| Phase | Typical Status | When to Use |
-|-------|---------------|-------------|
-| **Investigation** | INVESTIGATING | Reading code, running tests, analyzing |
-| **Present** | PENDING_APPROVAL | Proposing code changes (T3) |
-| **Present** | COMPLETE | Analysis done, no code changes needed |
-| **Confirm** | APPROVED_EXECUTING | User approved, committing code changes |
-| **Execute** | COMPLETE | Code committed, tests passed |
-| **Any** | BLOCKED | Build/test failures, dependencies missing |
-| **Any** | NEEDS_INPUT | Need clarification about implementation |
-
-### Examples
-
-**Investigation in progress:**
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: INVESTIGATING
-CURRENT_PHASE: Investigation
-PENDING_STEPS: ["Run tests", "Analyze results", "Present findings"]
-NEXT_ACTION: Running npm test to check current state
-AGENT_ID: a22222
-<!-- /AGENT_STATUS -->
-```
-
-**Proposing code changes (T3):**
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: PENDING_APPROVAL
-CURRENT_PHASE: Present
-PENDING_STEPS: ["Get approval", "Commit changes", "Push to remote"]
-NEXT_ACTION: Wait for user approval to commit code changes
-AGENT_ID: a22222
-<!-- /AGENT_STATUS -->
-```
+For T3 approval/execution workflows, read `.claude/skills/approval/SKILL.md` and `.claude/skills/execution/SKILL.md`.
 
 ---
 

package/agents/gaia.md

@@ -3,6 +3,11 @@ name: gaia
 description: Meta-agent specialized in the gaia-ops orchestration system. Analyzes architecture, writes agent definitions, designs workflows, and maintains system documentation.
 tools: Read, Glob, Grep, Bash, Task, WebSearch, Write, Edit
 model: inherit
+skills:
+  - security-tiers
+  - output-format
+  - agent-protocol
+  - git-conventions
 ---
 
 ## TL;DR
@@ -10,42 +15,8 @@ model: inherit
 **Purpose:** Maintain and improve the gaia-ops system itself
 **Scope:** ONLY gaia-ops internals (agents, hooks, orchestrator, workflows, tools)
 **Invoke When:** Questions ABOUT gaia-ops OR creating/modifying gaia-ops components
----
-
-## Response Format (MANDATORY)
-
-**END EVERY RESPONSE** with this status block:
 
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: [status]
-CURRENT_PHASE: [phase]
-PENDING_STEPS: [list]
-NEXT_ACTION: [description]
-AGENT_ID: [your agentId]
-<!-- /AGENT_STATUS -->
-```
-
-### Status Types
-
-| Status | When to Use |
-|--------|-------------|
-| **INVESTIGATING** | Reading system files, analyzing architecture, researching patterns |
-| **COMPLETE** | Delivered analysis, recommendations, or completed implementation |
-| **BLOCKED** | Missing context, need external input, dependency issue |
-| **NEEDS_INPUT** | Ambiguous request, need user clarification |
-
-### Example
-
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: COMPLETE
-CURRENT_PHASE: Analysis Complete
-PENDING_STEPS: []
-NEXT_ACTION: Architecture analysis delivered with recommendations
-AGENT_ID: a12345
-<!-- /AGENT_STATUS -->
-```
+For T3 approval/execution workflows, read `.claude/skills/approval/SKILL.md` and `.claude/skills/execution/SKILL.md`.
 
 ---
 

package/agents/gitops-operator.md

@@ -3,6 +3,13 @@ name: gitops-operator
 description: A specialized agent that manages the Kubernetes application lifecycle via GitOps. It analyzes, proposes, and realizes changes to declarative configurations in the Git repository.
 tools: Read, Edit, Glob, Grep, Bash, Task, kubectl, helm, flux, kustomize
 model: inherit
+skills:
+  - security-tiers
+  - output-format
+  - agent-protocol
+  - context-updater
+  - gitops-patterns
+  - command-execution
 ---
 
 ## TL;DR
@@ -12,57 +19,7 @@ model: inherit
 **Output:** K8s manifests + flux reconciliation
 **Tier:** T0-T3 (T3 requires approval for `git push` + `flux reconcile`)
 
----
-
-## Response Format (MANDATORY)
-
-**END EVERY RESPONSE** with this status block:
-
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: [status]
-CURRENT_PHASE: [phase]
-PENDING_STEPS: [list]
-NEXT_ACTION: [description]
-AGENT_ID: [your agentId]
-<!-- /AGENT_STATUS -->
-```
-
-### Status by Workflow Phase
-
-| Phase | Typical Status | When to Use |
-|-------|---------------|-------------|
-| **Investigation** | INVESTIGATING | Checking cluster, reading GitOps repo, analyzing patterns |
-| **Present** | PENDING_APPROVAL | Proposing manifest changes (T3) |
-| **Present** | COMPLETE | Investigation done, no changes needed |
-| **Confirm** | APPROVED_EXECUTING | User approved, applying manifest changes |
-| **Execute** | COMPLETE | Changes applied, flux reconciled |
-| **Any** | BLOCKED | Cannot proceed (kubeconfig missing, cluster unreachable) |
-| **Any** | NEEDS_INPUT | Need clarification (which namespace? which cluster?) |
-
-### Examples
-
-**Investigation in progress:**
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: INVESTIGATING
-CURRENT_PHASE: Investigation
-PENDING_STEPS: ["Check cluster state", "Compare with GitOps repo", "Present findings"]
-NEXT_ACTION: Analyzing HelmRelease configurations
-AGENT_ID: a67890
-<!-- /AGENT_STATUS -->
-```
-
-**Proposing deployment (T3):**
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: PENDING_APPROVAL
-CURRENT_PHASE: Present
-PENDING_STEPS: ["Get approval", "Commit manifest", "Flux reconcile", "Verify"]
-NEXT_ACTION: Wait for user approval to commit GitOps changes
-AGENT_ID: a67890
-<!-- /AGENT_STATUS -->
-```
+For T3 approval/execution workflows, read `.claude/skills/approval/SKILL.md` and `.claude/skills/execution/SKILL.md`.
 
 ---
 

package/agents/speckit-planner.md

@@ -3,6 +3,8 @@ name: speckit-planner
 description: Specialized agent for feature specification, planning, and task generation using the Spec-Kit framework. Internalizes all Spec-Kit knowledge for consistent, precise workflow execution.
 tools: Read, Edit, Glob, Grep, Bash, Task, AskUserQuestion
 model: inherit
+skills:
+  - output-format
 ---
 
 You are a feature planning specialist who guides users through the complete Spec-Kit workflow. You have internalized all Spec-Kit knowledge and execute workflows consistently every time.

package/agents/terraform-architect.md

@@ -3,6 +3,13 @@ name: terraform-architect
 description: A specialized agent that manages the cloud infrastructure lifecycle via IaC. It analyzes, proposes, and realizes changes to declarative configurations using Terraform and Terragrunt.
 tools: Read, Edit, Glob, Grep, Bash, Task, terraform, terragrunt, tflint
 model: inherit
+skills:
+  - security-tiers
+  - output-format
+  - agent-protocol
+  - context-updater
+  - terraform-patterns
+  - command-execution
 ---
 
 ## TL;DR
@@ -12,68 +19,7 @@ model: inherit
 **Output:** HCL code + plan + pattern explanation
 **Tier:** T0-T3 (T3 requires approval for `apply`)
 
----
-
-## Response Format (MANDATORY)
-
-**END EVERY RESPONSE** with this status block:
-
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: [status]
-CURRENT_PHASE: [phase]
-PENDING_STEPS: [list]
-NEXT_ACTION: [description]
-AGENT_ID: [your agentId]
-<!-- /AGENT_STATUS -->
-```
-
-### Status by Workflow Phase
-
-| Phase | Typical Status | When to Use |
-|-------|---------------|-------------|
-| **Investigation** | INVESTIGATING | Analyzing code, reading patterns, validating |
-| **Present** | PENDING_APPROVAL | Found issues, proposing terraform changes (T3) |
-| **Present** | COMPLETE | Found issues, no T3 changes needed (read-only) |
-| **Confirm** | APPROVED_EXECUTING | User approved, running terraform apply |
-| **Execute** | COMPLETE | Applied successfully |
-| **Any** | BLOCKED | Cannot proceed (missing files, validation errors) |
-| **Any** | NEEDS_INPUT | Need clarification from user |
-
-### Examples
-
-**Investigation in progress:**
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: INVESTIGATING
-CURRENT_PHASE: Investigation
-PENDING_STEPS: ["Validate code", "Run terraform plan", "Present findings"]
-NEXT_ACTION: Analyzing existing Terragrunt configurations
-AGENT_ID: a12345
-<!-- /AGENT_STATUS -->
-```
-
-**Proposing terraform apply (T3):**
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: PENDING_APPROVAL
-CURRENT_PHASE: Present
-PENDING_STEPS: ["Get approval", "Execute terraform apply", "Verify"]
-NEXT_ACTION: Wait for user approval to apply terraform changes
-AGENT_ID: a12345
-<!-- /AGENT_STATUS -->
-```
-
-**Read-only task complete:**
-```html
-<!-- AGENT_STATUS -->
-PLAN_STATUS: COMPLETE
-CURRENT_PHASE: Investigation
-PENDING_STEPS: []
-NEXT_ACTION: Task complete - reported findings
-AGENT_ID: a12345
-<!-- /AGENT_STATUS -->
-```
+For T3 approval/execution workflows, read `.claude/skills/approval/SKILL.md` and `.claude/skills/execution/SKILL.md`.
 
 ---
 

package/hooks/pre_tool_use.py

@@ -26,18 +26,8 @@ from datetime import datetime
 
 # Add modules to path
 sys.path.insert(0, str(Path(__file__).parent))
-sys.path.insert(0, str(Path(__file__).parent / "modules" / "skills"))
-
 from modules.core.paths import get_logs_dir
 
-# Import skill loader
-try:
-    from skill_loader import load_skills_for_task
-except ImportError:
-    # Fallback if skill_loader not available
-    def load_skills_for_task(prompt: str, subagent_type: str) -> str:
-        return ""
-
 # Import context exhaustion detector
 try:
     from modules.context.exhaustion_detector import check_context_health
@@ -76,23 +66,6 @@ PROJECT_AGENTS = [
 ]
 
 
-def _load_skills_for_task(prompt: str, subagent_type: str) -> str:
-    """
-    Load skills on-demand for task
-
-    Args:
-        prompt: Task prompt
-        subagent_type: Agent type
-
-    Returns:
-        Formatted skills content (empty string if loader unavailable)
-    """
-    try:
-        return load_skills_for_task(prompt, subagent_type)
-    except Exception as e:
-        logger.warning(f"Failed to load skills: {e}")
-        return ""
-
 
 
 def _should_inject_on_resume(parameters: dict) -> bool:
@@ -273,18 +246,15 @@ def _inject_project_context(parameters: dict) -> dict:
             logger.error(f"Failed to parse context JSON: {e}")
             return parameters
 
-        # Load skills on-demand based on prompt
-        skills_content = _load_skills_for_task(prompt, subagent_type)
-
         # Check pending update count (non-blocking, fast path)
         pending_warning = _check_pending_updates_threshold()
 
-        # Inject context + skills into prompt
+        # Inject context into prompt (skills now loaded natively via agent frontmatter)
         enriched_prompt = f"""# Project Context (Auto-Injected)
 
 {json.dumps(context_payload, indent=2)}
 
-{skills_content}{pending_warning}---
+{pending_warning}---
 
 # User Task
 
@@ -657,12 +627,12 @@ def _handle_task(tool_name: str, parameters: dict) -> str | dict | None:
     # Return updatedInput if prompt was modified by context/skills injection
     if parameters.get("prompt", "") != original_prompt:
         updated_input = {k: v for k, v in parameters.items() if not k.startswith("_")}
-        logger.info(f"Returning updatedInput for {result.agent_name} (prompt enriched)")
+        logger.info(f"Returning updatedInput for {result.agent_name} (context injected)")
         return {
             "hookSpecificOutput": {
                 "hookEventName": "PreToolUse",
                 "permissionDecision": "allow",
-                "permissionDecisionReason": f"Context and skills injected for {result.agent_name}",
+                "permissionDecisionReason": f"Context injected for {result.agent_name}",
                 "updatedInput": updated_input
             }
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jaguilar87/gaia-ops",
-  "version": "3.9.9",
+  "version": "3.10.0",
   "description": "Multi-agent orchestration system for Claude Code - DevOps automation toolkit",
   "main": "index.js",
   "type": "module",

package/skills/README.md

@@ -1,154 +1,81 @@
 # Skills System
 
-Skills are on-demand knowledge modules loaded based on context triggers. They reduce token duplication and improve maintainability.
+Skills are knowledge modules that extend agent capabilities. They use Claude Code's native skill system for automatic discovery and injection.
 
 ## Architecture
 
 ```
 .claude/skills/
-├── workflow/          # How to work (process patterns)
-│   ├── investigation/
-│   ├── approval/
-│   └── execution/
-└── domain/            # What patterns to use (technical patterns)
-    ├── terraform-patterns/
-    ├── gitops-patterns/
-    └── universal-protocol/
+├── agent-protocol/        # AGENT_STATUS, local-first, error handling
+├── security-tiers/        # T0-T3 classification
+├── output-format/         # Report structure and icons
+├── context-updater/       # CONTEXT_UPDATE format
+├── git-conventions/       # Conventional commits
+├── fast-queries/          # Quick diagnostic scripts
+├── terraform-patterns/    # Terraform/Terragrunt patterns
+├── gitops-patterns/       # GitOps/Flux patterns
+├── command-execution/     # Shell security rules
+├── anti-patterns/         # Common mistakes by tool
+├── investigation/         # Local-first analysis methodology
+├── approval/              # T3 plan presentation workflow
+└── execution/             # Post-approval execution workflow
 ```
 
-## Skill Categories
+## How Skills Work
 
-| Category | Purpose | When Loaded | Example |
-|----------|---------|-------------|---------|
-| **Workflow** | Process/methodology | By workflow phase | investigation-skill: how to investigate before acting |
-| **Domain** | Technical patterns | By keywords in task | terraform-patterns: HCL patterns for this project |
+Skills are assigned to agents via the `skills:` field in agent frontmatter (`.claude/agents/<name>.md`). Claude Code injects the full skill content at subagent startup.
 
-## Trigger Mechanism
+```yaml
+# Example: agents/cloud-troubleshooter.md
+---
+name: cloud-troubleshooter
+skills:
+  - security-tiers
+  - output-format
+  - agent-protocol
+  - context-updater
+  - fast-queries
+---
+```
 
-Skills are loaded when:
-1. **Workflow phase changes** (automatic) - investigation → approval → execution
-2. **Task contains trigger keywords** (see `skill-triggers.json`)
+## Skill Assignment Matrix
 
-## Skill Structure
+| Agent | Core Skills | Domain Skills |
+|-------|-------------|---------------|
+| cloud-troubleshooter | security-tiers, output-format, agent-protocol, context-updater | fast-queries |
+| terraform-architect | security-tiers, output-format, agent-protocol, context-updater | terraform-patterns, command-execution |
+| gitops-operator | security-tiers, output-format, agent-protocol, context-updater | gitops-patterns, command-execution |
+| devops-developer | security-tiers, output-format, agent-protocol, context-updater | command-execution |
+| gaia | security-tiers, output-format, agent-protocol | git-conventions |
+| speckit-planner | output-format | |
 
-Each skill is a directory containing:
+## Skill Types
 
-```
-skill-name/
-└── SKILL.md          # Core skill content
-```
+| Type | Injection | Examples |
+|------|-----------|----------|
+| **Core** | Always via `skills:` | agent-protocol, security-tiers, output-format |
+| **Domain** | Per-agent via `skills:` | terraform-patterns, gitops-patterns |
+| **Workflow** | On-demand (agent reads file) | investigation, approval, execution |
 
-### SKILL.md Format
+Workflow skills are large (200-500 lines) and loaded on-demand. Agents read them from disk when needed rather than receiving them at startup.
 
-```markdown
+## SKILL.md Format
+
+```yaml
 ---
 name: skill-name
-description: Brief description
-triggers: [keyword1, keyword2]  # For domain skills
-phase: start|investigation|approval|execution  # For workflow skills
+description: When Claude should use this skill
+user-invocable: false  # Background knowledge, not a slash command
 ---
 
-# Skill Name
-
-[Content that agents will read when skill is loaded]
-```
-
-## How Skills Work
+# Skill Content
 
-1. **Hook intercepts Task tool call**
-   ```python
-   # pre_tool_use.py
-   if is_project_agent:
-       skills = skill_loader.load_skills(task_prompt, workflow_phase)
-   ```
-
-2. **skill_loader.py determines which skills to load**
-   ```python
-   # Load workflow skill based on phase
-   if phase == "start":
-       load("workflow/investigation")
-
-   # Load domain skills based on keywords
-   if "terraform" in prompt:
-       load("domain/terraform-patterns")
-   ```
-
-3. **Skills are injected into prompt**
-   ```
-   # Project Context (Auto-Injected)
-   {...context...}
-
-   # Active Skills
-   ## investigation-skill
-   [content of investigation SKILL.md]
-
-   ## terraform-patterns
-   [content of terraform-patterns SKILL.md]
-
-   ---
-   # User Task
-   {original prompt}
-   ```
-
-## Benefits
-
-| Metric | Before Skills | After Skills |
-|--------|---------------|--------------|
-| Token duplication | ~6000 tokens repeated in 4 agents | ~1500 tokens in skills, loaded once |
-| Agent size | ~280 lines each | ~180 lines each |
-| Maintenance | Update 4 files | Update 1 skill |
-| Consistency | Can drift | Guaranteed consistent |
-
-## Usage Example
-
-**User request:** "Create a new VPC in terraform"
-
-**Skills loaded:**
-1. `workflow/investigation` (phase: start)
-2. `domain/terraform-patterns` (trigger: "terraform")
-3. `domain/universal-protocol` (auto_load for project agents)
-
-**Agent receives:**
-- Full project context (~3000 tokens)
-- Investigation skill (~500 tokens) - how to discover patterns first
-- Terraform patterns skill (~600 tokens) - HCL patterns for this project
-- Universal protocol skill (~400 tokens) - AGENT_STATUS format, Security Tiers
-
-**Total:** ~4500 tokens vs ~6000 without skills
-
-## Skill Development Guidelines
-
-### Do's
-- ✅ Keep skills focused and specific
-- ✅ Use concrete examples
-- ✅ Include decision trees when applicable
-- ✅ Update skills when patterns change
-
-### Don'ts
-- ❌ Duplicate information across skills
-- ❌ Make skills too generic (defeats the purpose)
-- ❌ Include project-specific credentials/secrets
-- ❌ Create skills for one-time operations
-
-## Testing Skills
-
-Test that skills load correctly:
-
-```bash
-# Test skill loader with agent and prompt
-python3 .claude/hooks/modules/skills/skill_loader.py \
-  --test \
-  --prompt "terraform apply vpc" \
-  --agent "terraform-architect"
-
-# Expected output:
-# Loaded skills:
-# - workflow/investigation (phase: start)
-# - domain/terraform-patterns (trigger: terraform)
-# - domain/universal-protocol (auto_load)
+Instructions and patterns the agent follows.
 ```
 
-## Version History
+## Development Guidelines
 
-- v1.0 (2026-01-15): Initial skills system with workflow + domain categories
-- v1.1 (2026-01-15): Added universal-protocol skill for all project agents
+- Keep skills focused and specific
+- Use `user-invocable: false` for background knowledge
+- Keep injected skills under 100 lines (move details to supporting files)
+- Reference workflow skills as readable files, not injected content