@jetrabbits/agentic 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +143 -0
- package/README.md +154 -0
- package/agentic +1615 -0
- package/areas/devops/ci-cd/AGENTS.md +48 -0
- package/areas/devops/ci-cd/PROMPTS.md +7 -0
- package/areas/devops/ci-cd/prompts/onboard-repo.md +97 -0
- package/areas/devops/ci-cd/prompts/pipeline-debug.md +103 -0
- package/areas/devops/ci-cd/prompts/release-pipeline.md +115 -0
- package/areas/devops/ci-cd/rules/pipeline-standards.md +33 -0
- package/areas/devops/ci-cd/rules/quality-gates.md +24 -0
- package/areas/devops/ci-cd/rules/supply-chain-security.md +34 -0
- package/areas/devops/ci-cd/skills/artifact-management/SKILL.md +157 -0
- package/areas/devops/ci-cd/skills/build-optimization/SKILL.md +168 -0
- package/areas/devops/ci-cd/skills/github-actions-patterns/SKILL.md +190 -0
- package/areas/devops/ci-cd/skills/gitlab-ci-patterns/SKILL.md +169 -0
- package/areas/devops/ci-cd/skills/pipeline-security/SKILL.md +161 -0
- package/areas/devops/ci-cd/workflows/onboard-repo.md +73 -0
- package/areas/devops/ci-cd/workflows/pipeline-debug.md +66 -0
- package/areas/devops/ci-cd/workflows/release-pipeline.md +115 -0
- package/areas/devops/database-ops/AGENTS.md +47 -0
- package/areas/devops/database-ops/prompts/backup-verify.md +83 -0
- package/areas/devops/database-ops/prompts/db-incident.md +127 -0
- package/areas/devops/database-ops/rules/access-control.md +20 -0
- package/areas/devops/database-ops/rules/backup-policy.md +33 -0
- package/areas/devops/database-ops/rules/migration-runbook.md +32 -0
- package/areas/devops/database-ops/skills/backup-restore/SKILL.md +226 -0
- package/areas/devops/database-ops/skills/db-performance/SKILL.md +205 -0
- package/areas/devops/database-ops/skills/migration-safety/SKILL.md +155 -0
- package/areas/devops/database-ops/skills/postgres-operations/SKILL.md +156 -0
- package/areas/devops/database-ops/skills/redis-operations/SKILL.md +174 -0
- package/areas/devops/database-ops/workflows/backup-verify.md +107 -0
- package/areas/devops/database-ops/workflows/db-incident.md +86 -0
- package/areas/devops/devsecops/AGENTS.md +47 -0
- package/areas/devops/devsecops/prompts/policy-onboard.md +79 -0
- package/areas/devops/devsecops/prompts/security-scan-pipeline.md +131 -0
- package/areas/devops/devsecops/rules/container-security.md +22 -0
- package/areas/devops/devsecops/rules/policy-as-code.md +37 -0
- package/areas/devops/devsecops/rules/shift-left-policy.md +26 -0
- package/areas/devops/devsecops/skills/container-hardening/SKILL.md +146 -0
- package/areas/devops/devsecops/skills/opa-policies/SKILL.md +188 -0
- package/areas/devops/devsecops/skills/sbom-supply-chain/SKILL.md +165 -0
- package/areas/devops/devsecops/skills/secret-detection/SKILL.md +190 -0
- package/areas/devops/devsecops/skills/sigstore-signing/SKILL.md +184 -0
- package/areas/devops/devsecops/workflows/policy-onboard.md +104 -0
- package/areas/devops/devsecops/workflows/security-scan-pipeline.md +155 -0
- package/areas/devops/infrastructure/AGENTS.md +50 -0
- package/areas/devops/infrastructure/prompts/destroy-environment.md +81 -0
- package/areas/devops/infrastructure/prompts/drift-remediation.md +71 -0
- package/areas/devops/infrastructure/prompts/module-development.md +69 -0
- package/areas/devops/infrastructure/prompts/provision-environment.md +121 -0
- package/areas/devops/infrastructure/rules/iac-standards.md +80 -0
- package/areas/devops/infrastructure/rules/immutability.md +28 -0
- package/areas/devops/infrastructure/rules/secret-hygiene.md +53 -0
- package/areas/devops/infrastructure/rules/state-management.md +47 -0
- package/areas/devops/infrastructure/skills/ansible-playbooks/SKILL.md +174 -0
- package/areas/devops/infrastructure/skills/cost-optimization/SKILL.md +177 -0
- package/areas/devops/infrastructure/skills/drift-detection/SKILL.md +178 -0
- package/areas/devops/infrastructure/skills/state-management/SKILL.md +159 -0
- package/areas/devops/infrastructure/skills/terraform-modules/SKILL.md +169 -0
- package/areas/devops/infrastructure/workflows/destroy-environment.md +96 -0
- package/areas/devops/infrastructure/workflows/drift-remediation.md +66 -0
- package/areas/devops/infrastructure/workflows/module-development.md +101 -0
- package/areas/devops/infrastructure/workflows/provision-environment.md +96 -0
- package/areas/devops/kubernetes/AGENTS.md +57 -0
- package/areas/devops/kubernetes/PROMPTS.md +9 -0
- package/areas/devops/kubernetes/prompts/cluster-bootstrap.md +67 -0
- package/areas/devops/kubernetes/prompts/debug-workload.md +91 -0
- package/areas/devops/kubernetes/prompts/onboard-service.md +101 -0
- package/areas/devops/kubernetes/prompts/upgrade-cluster.md +63 -0
- package/areas/devops/kubernetes/rules/cluster-standards.md +51 -0
- package/areas/devops/kubernetes/rules/resource-governance.md +80 -0
- package/areas/devops/kubernetes/rules/upgrade-policy.md +52 -0
- package/areas/devops/kubernetes/rules/workload-security.md +64 -0
- package/areas/devops/kubernetes/skills/cluster-operations/SKILL.md +136 -0
- package/areas/devops/kubernetes/skills/helm-charts/SKILL.md +152 -0
- package/areas/devops/kubernetes/skills/network-policies/SKILL.md +169 -0
- package/areas/devops/kubernetes/skills/pod-troubleshooting/SKILL.md +129 -0
- package/areas/devops/kubernetes/skills/rbac-design/SKILL.md +148 -0
- package/areas/devops/kubernetes/skills/resource-tuning/SKILL.md +156 -0
- package/areas/devops/kubernetes/workflows/cluster-bootstrap.md +194 -0
- package/areas/devops/kubernetes/workflows/debug-workload.md +108 -0
- package/areas/devops/kubernetes/workflows/onboard-service.md +124 -0
- package/areas/devops/kubernetes/workflows/upgrade-cluster.md +165 -0
- package/areas/devops/networking/AGENTS.md +47 -0
- package/areas/devops/networking/prompts/onboard-ingress.md +119 -0
- package/areas/devops/networking/prompts/service-mesh-onboard.md +77 -0
- package/areas/devops/networking/rules/ingress-standards.md +17 -0
- package/areas/devops/networking/rules/network-segmentation.md +24 -0
- package/areas/devops/networking/rules/tls-policy.md +32 -0
- package/areas/devops/networking/skills/dns-management/SKILL.md +169 -0
- package/areas/devops/networking/skills/ingress-patterns/SKILL.md +165 -0
- package/areas/devops/networking/skills/service-mesh/SKILL.md +206 -0
- package/areas/devops/networking/skills/tls-termination/SKILL.md +198 -0
- package/areas/devops/networking/skills/vpc-design/SKILL.md +132 -0
- package/areas/devops/networking/workflows/onboard-ingress.md +64 -0
- package/areas/devops/networking/workflows/service-mesh-onboard.md +122 -0
- package/areas/devops/observability/AGENTS.md +48 -0
- package/areas/devops/observability/prompts/alert-investigation.md +117 -0
- package/areas/devops/observability/prompts/observability-stack-setup.md +99 -0
- package/areas/devops/observability/prompts/onboard-service-monitoring.md +79 -0
- package/areas/devops/observability/rules/alerting-standards.md +36 -0
- package/areas/devops/observability/rules/data-retention.md +19 -0
- package/areas/devops/observability/rules/golden-signals.md +28 -0
- package/areas/devops/observability/skills/distributed-tracing/SKILL.md +149 -0
- package/areas/devops/observability/skills/grafana-dashboards/SKILL.md +201 -0
- package/areas/devops/observability/skills/log-aggregation/SKILL.md +159 -0
- package/areas/devops/observability/skills/prometheus-alertmanager/SKILL.md +188 -0
- package/areas/devops/observability/skills/slo-implementation/SKILL.md +189 -0
- package/areas/devops/observability/workflows/alert-investigation.md +98 -0
- package/areas/devops/observability/workflows/observability-stack-setup.md +156 -0
- package/areas/devops/observability/workflows/onboard-service-monitoring.md +83 -0
- package/areas/devops/sre/AGENTS.md +48 -0
- package/areas/devops/sre/prompts/incident-response.md +129 -0
- package/areas/devops/sre/prompts/postmortem.md +101 -0
- package/areas/devops/sre/prompts/slo-review.md +125 -0
- package/areas/devops/sre/rules/error-budget-policy.md +25 -0
- package/areas/devops/sre/rules/on-call-standards.md +25 -0
- package/areas/devops/sre/rules/slo-policy.md +31 -0
- package/areas/devops/sre/skills/capacity-planning/SKILL.md +162 -0
- package/areas/devops/sre/skills/chaos-engineering/SKILL.md +186 -0
- package/areas/devops/sre/skills/incident-command/SKILL.md +119 -0
- package/areas/devops/sre/skills/postmortem-analysis/SKILL.md +104 -0
- package/areas/devops/sre/skills/slo-sli-design/SKILL.md +145 -0
- package/areas/devops/sre/workflows/incident-response.md +66 -0
- package/areas/devops/sre/workflows/postmortem.md +90 -0
- package/areas/devops/sre/workflows/slo-review.md +95 -0
- package/areas/software/backend/AGENTS.md +59 -0
- package/areas/software/backend/PROMPTS.md +50 -0
- package/areas/software/backend/README.md +48 -0
- package/areas/software/backend/prompts/add-migration.md +93 -0
- package/areas/software/backend/prompts/create-endpoint.md +97 -0
- package/areas/software/backend/prompts/debug-issue.md +87 -0
- package/areas/software/backend/prompts/develop-epic.md +83 -0
- package/areas/software/backend/prompts/develop-feature.md +91 -0
- package/areas/software/backend/prompts/refactor-module.md +79 -0
- package/areas/software/backend/prompts/test-feature.md +89 -0
- package/areas/software/backend/rules/architecture.md +20 -0
- package/areas/software/backend/rules/data_access.md +20 -0
- package/areas/software/backend/rules/security.md +20 -0
- package/areas/software/backend/rules/testing.md +19 -0
- package/areas/software/backend/skills/api-design/SKILL.md +170 -0
- package/areas/software/backend/skills/async-processing/SKILL.md +152 -0
- package/areas/software/backend/skills/database-modeling/SKILL.md +173 -0
- package/areas/software/backend/skills/observability/SKILL.md +162 -0
- package/areas/software/backend/skills/troubleshooting/SKILL.md +139 -0
- package/areas/software/backend/workflows/add-migration.md +79 -0
- package/areas/software/backend/workflows/create-endpoint.md +89 -0
- package/areas/software/backend/workflows/debug-issue.md +77 -0
- package/areas/software/backend/workflows/develop-epic.md +78 -0
- package/areas/software/backend/workflows/develop-feature.md +98 -0
- package/areas/software/backend/workflows/refactor-module.md +73 -0
- package/areas/software/backend/workflows/test-feature.md +67 -0
- package/areas/software/data-engineering/AGENTS.md +59 -0
- package/areas/software/data-engineering/PROMPTS.md +32 -0
- package/areas/software/data-engineering/prompts/backfill-data.md +107 -0
- package/areas/software/data-engineering/prompts/data-quality-incident.md +109 -0
- package/areas/software/data-engineering/prompts/lineage-trace.md +121 -0
- package/areas/software/data-engineering/prompts/new-model.md +117 -0
- package/areas/software/data-engineering/prompts/schema-migration.md +111 -0
- package/areas/software/data-engineering/rules/data-governance.md +11 -0
- package/areas/software/data-engineering/rules/pii-handling.md +19 -0
- package/areas/software/data-engineering/rules/pipeline-integrity.md +11 -0
- package/areas/software/data-engineering/rules/schema-management.md +21 -0
- package/areas/software/data-engineering/skills/data-modeling/SKILL.md +49 -0
- package/areas/software/data-engineering/skills/dbt-patterns/SKILL.md +43 -0
- package/areas/software/data-engineering/skills/lineage-governance/SKILL.md +38 -0
- package/areas/software/data-engineering/skills/orchestration/SKILL.md +35 -0
- package/areas/software/data-engineering/skills/quality-checks/SKILL.md +50 -0
- package/areas/software/data-engineering/skills/sql-optimization/SKILL.md +47 -0
- package/areas/software/data-engineering/skills/streaming-patterns/SKILL.md +48 -0
- package/areas/software/data-engineering/workflows/backfill-data.md +59 -0
- package/areas/software/data-engineering/workflows/data-quality-incident.md +64 -0
- package/areas/software/data-engineering/workflows/lineage-trace.md +56 -0
- package/areas/software/data-engineering/workflows/new-model.md +71 -0
- package/areas/software/data-engineering/workflows/schema-migration.md +67 -0
- package/areas/software/frontend/AGENTS.md +60 -0
- package/areas/software/frontend/PROMPTS.md +32 -0
- package/areas/software/frontend/prompts/a11y-fix.md +75 -0
- package/areas/software/frontend/prompts/bundle-analyze.md +75 -0
- package/areas/software/frontend/prompts/release-prep.md +83 -0
- package/areas/software/frontend/prompts/scaffold-component.md +69 -0
- package/areas/software/frontend/prompts/visual-regression.md +73 -0
- package/areas/software/frontend/rules/accessibility.md +16 -0
- package/areas/software/frontend/rules/architecture.md +29 -0
- package/areas/software/frontend/rules/performance.md +23 -0
- package/areas/software/frontend/rules/quality.md +12 -0
- package/areas/software/frontend/skills/a11y-audit/SKILL.md +61 -0
- package/areas/software/frontend/skills/api-integration/SKILL.md +58 -0
- package/areas/software/frontend/skills/component-design/SKILL.md +171 -0
- package/areas/software/frontend/skills/css-architecture/SKILL.md +146 -0
- package/areas/software/frontend/skills/error-handling/SKILL.md +55 -0
- package/areas/software/frontend/skills/performance-tuning/SKILL.md +58 -0
- package/areas/software/frontend/skills/state-management/SKILL.md +54 -0
- package/areas/software/frontend/skills/testing-patterns/SKILL.md +69 -0
- package/areas/software/frontend/workflows/a11y-fix.md +63 -0
- package/areas/software/frontend/workflows/bundle-analyze.md +56 -0
- package/areas/software/frontend/workflows/release-prep.md +66 -0
- package/areas/software/frontend/workflows/scaffold-component.md +67 -0
- package/areas/software/frontend/workflows/visual-regression.md +65 -0
- package/areas/software/full-stack/AGENTS.md +72 -0
- package/areas/software/full-stack/PROMPTS.md +66 -0
- package/areas/software/full-stack/prompts/backend-project-full-cycle.md +141 -0
- package/areas/software/full-stack/prompts/debug-issue.md +115 -0
- package/areas/software/full-stack/prompts/develop-feature.md +119 -0
- package/areas/software/full-stack/prompts/feature-implementation-flow.md +137 -0
- package/areas/software/full-stack/prompts/testing-ci-pipeline.md +119 -0
- package/areas/software/full-stack/rules/api-design-guide.md +24 -0
- package/areas/software/full-stack/rules/async-concurrency-guide.md +21 -0
- package/areas/software/full-stack/rules/backend-architecture-rule.md +41 -0
- package/areas/software/full-stack/rules/background-jobs-guide.md +20 -0
- package/areas/software/full-stack/rules/code-quality-guide.md +22 -0
- package/areas/software/full-stack/rules/database-access-guide.md +24 -0
- package/areas/software/full-stack/rules/database-migrations-guide.md +24 -0
- package/areas/software/full-stack/rules/domain-models-guide.md +28 -0
- package/areas/software/full-stack/rules/e2e-test-guide.md +18 -0
- package/areas/software/full-stack/rules/env-settings-guide.md +34 -0
- package/areas/software/full-stack/rules/error-handling-guide.md +20 -0
- package/areas/software/full-stack/rules/logging-observability-guide.md +22 -0
- package/areas/software/full-stack/rules/project-guide.md +34 -0
- package/areas/software/full-stack/rules/python-venv-guide.md +23 -0
- package/areas/software/full-stack/rules/security-guide.md +22 -0
- package/areas/software/full-stack/rules/svt-test-guide.md +17 -0
- package/areas/software/full-stack/rules/testing-ci-guide.md +25 -0
- package/areas/software/full-stack/skills/api-design-principles/SKILL.md +125 -0
- package/areas/software/full-stack/skills/api-design-principles/assets/api-design-checklist.md +155 -0
- package/areas/software/full-stack/skills/api-design-principles/assets/rest-api-template.py +182 -0
- package/areas/software/full-stack/skills/api-design-principles/references/graphql-schema-design.md +583 -0
- package/areas/software/full-stack/skills/api-design-principles/references/rest-best-practices.md +408 -0
- package/areas/software/full-stack/skills/api-design-principles/resources/implementation-playbook.md +513 -0
- package/areas/software/full-stack/skills/api-patterns/SKILL.md +81 -0
- package/areas/software/full-stack/skills/api-patterns/api-style.md +42 -0
- package/areas/software/full-stack/skills/api-patterns/auth.md +24 -0
- package/areas/software/full-stack/skills/api-patterns/documentation.md +26 -0
- package/areas/software/full-stack/skills/api-patterns/graphql.md +41 -0
- package/areas/software/full-stack/skills/api-patterns/rate-limiting.md +31 -0
- package/areas/software/full-stack/skills/api-patterns/response.md +37 -0
- package/areas/software/full-stack/skills/api-patterns/rest.md +40 -0
- package/areas/software/full-stack/skills/api-patterns/scripts/api_validator.py +211 -0
- package/areas/software/full-stack/skills/api-patterns/security-testing.md +122 -0
- package/areas/software/full-stack/skills/api-patterns/trpc.md +41 -0
- package/areas/software/full-stack/skills/api-patterns/versioning.md +22 -0
- package/areas/software/full-stack/skills/app-builder/SKILL.md +135 -0
- package/areas/software/full-stack/skills/app-builder/agent-coordination.md +71 -0
- package/areas/software/full-stack/skills/app-builder/feature-building.md +53 -0
- package/areas/software/full-stack/skills/app-builder/project-detection.md +34 -0
- package/areas/software/full-stack/skills/app-builder/scaffolding.md +118 -0
- package/areas/software/full-stack/skills/app-builder/tech-stack.md +40 -0
- package/areas/software/full-stack/skills/app-builder/templates/SKILL.md +39 -0
- package/areas/software/full-stack/skills/app-builder/templates/astro-static/TEMPLATE.md +76 -0
- package/areas/software/full-stack/skills/app-builder/templates/chrome-extension/TEMPLATE.md +92 -0
- package/areas/software/full-stack/skills/app-builder/templates/cli-tool/TEMPLATE.md +88 -0
- package/areas/software/full-stack/skills/app-builder/templates/electron-desktop/TEMPLATE.md +88 -0
- package/areas/software/full-stack/skills/app-builder/templates/express-api/TEMPLATE.md +83 -0
- package/areas/software/full-stack/skills/app-builder/templates/flutter-app/TEMPLATE.md +90 -0
- package/areas/software/full-stack/skills/app-builder/templates/monorepo-turborepo/TEMPLATE.md +90 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-fullstack/TEMPLATE.md +82 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-saas/TEMPLATE.md +100 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-static/TEMPLATE.md +106 -0
- package/areas/software/full-stack/skills/app-builder/templates/nuxt-app/TEMPLATE.md +101 -0
- package/areas/software/full-stack/skills/app-builder/templates/python-fastapi/TEMPLATE.md +83 -0
- package/areas/software/full-stack/skills/app-builder/templates/react-native-app/TEMPLATE.md +93 -0
- package/areas/software/full-stack/skills/backend-developer/SKILL.md +58 -0
- package/areas/software/full-stack/skills/bash-pro/SKILL.md +310 -0
- package/areas/software/full-stack/skills/blackbox-test/SKILL.md +84 -0
- package/areas/software/full-stack/skills/prompt-project-planner/SKILL.md +130 -0
- package/areas/software/full-stack/skills/prompt-project-planner/output.schema.md +68 -0
- package/areas/software/full-stack/skills/prompt-project-planner/questions.md +80 -0
- package/areas/software/full-stack/skills/python-pro/SKILL.md +158 -0
- package/areas/software/full-stack/skills/skill-creator/LICENSE.txt +202 -0
- package/areas/software/full-stack/skills/skill-creator/SKILL.md +356 -0
- package/areas/software/full-stack/skills/skill-creator/references/output-patterns.md +82 -0
- package/areas/software/full-stack/skills/skill-creator/references/workflows.md +28 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/init_skill.py +303 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/package_skill.py +110 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/quick_validate.py +95 -0
- package/areas/software/full-stack/workflows/backend-project-full-cycle.md +132 -0
- package/areas/software/full-stack/workflows/debug-issue.md +70 -0
- package/areas/software/full-stack/workflows/develop-feature.md +85 -0
- package/areas/software/full-stack/workflows/feature-implementation-flow.md +78 -0
- package/areas/software/full-stack/workflows/testing-ci-pipeline.md +65 -0
- package/areas/software/general/AGENTS.md +68 -0
- package/areas/software/general/prompts/code-review-workflow.md +87 -0
- package/areas/software/general/prompts/development-cycle-workflow.md +83 -0
- package/areas/software/general/prompts/project-setup-workflow.md +93 -0
- package/areas/software/general/rules/code-style-guide.md +31 -0
- package/areas/software/general/rules/docker-compose-guide.md +27 -0
- package/areas/software/general/rules/git-workflow-guide.md +27 -0
- package/areas/software/general/rules/github-workflow-guide.md +27 -0
- package/areas/software/general/rules/gitlab-ci-guide.md +27 -0
- package/areas/software/general/rules/lint-format-guide.md +29 -0
- package/areas/software/general/rules/makefile-guide.md +34 -0
- package/areas/software/general/rules/readme-sync-guide.md +40 -0
- package/areas/software/general/rules/sdlc-methodology-guide.md +27 -0
- package/areas/software/general/rules/sdlc-role-responsibilities.md +108 -0
- package/areas/software/general/skills/general-dev-tools/SKILL.md +324 -0
- package/areas/software/general/workflows/code-review-workflow.md +84 -0
- package/areas/software/general/workflows/development-cycle-workflow.md +85 -0
- package/areas/software/general/workflows/project-setup-workflow.md +94 -0
- package/areas/software/mlops/AGENTS.md +57 -0
- package/areas/software/mlops/PROMPTS.md +32 -0
- package/areas/software/mlops/prompts/champion-challenger.md +87 -0
- package/areas/software/mlops/prompts/deploy-endpoint.md +91 -0
- package/areas/software/mlops/prompts/evaluate-model.md +87 -0
- package/areas/software/mlops/prompts/model-incident.md +87 -0
- package/areas/software/mlops/prompts/train-experiment.md +83 -0
- package/areas/software/mlops/rules/data-integrity.md +9 -0
- package/areas/software/mlops/rules/model-governance.md +9 -0
- package/areas/software/mlops/rules/production-safety.md +9 -0
- package/areas/software/mlops/rules/reproducibility.md +9 -0
- package/areas/software/mlops/skills/experiment-tracking/SKILL.md +29 -0
- package/areas/software/mlops/skills/feature-engineering/SKILL.md +44 -0
- package/areas/software/mlops/skills/inference-serving/SKILL.md +35 -0
- package/areas/software/mlops/skills/model-evaluation/SKILL.md +40 -0
- package/areas/software/mlops/skills/model-monitoring/SKILL.md +32 -0
- package/areas/software/mlops/workflows/champion-challenger.md +65 -0
- package/areas/software/mlops/workflows/deploy-endpoint.md +70 -0
- package/areas/software/mlops/workflows/evaluate-model.md +63 -0
- package/areas/software/mlops/workflows/model-incident.md +64 -0
- package/areas/software/mlops/workflows/train-experiment.md +56 -0
- package/areas/software/mobile/AGENTS.md +58 -0
- package/areas/software/mobile/PROMPTS.md +32 -0
- package/areas/software/mobile/prompts/crash-triage.md +63 -0
- package/areas/software/mobile/prompts/device-testing.md +83 -0
- package/areas/software/mobile/prompts/ota-update.md +75 -0
- package/areas/software/mobile/prompts/release-build.md +67 -0
- package/areas/software/mobile/prompts/store-submission.md +79 -0
- package/areas/software/mobile/rules/offline-first.md +10 -0
- package/areas/software/mobile/rules/performance-budget.md +20 -0
- package/areas/software/mobile/rules/platform-compliance.md +17 -0
- package/areas/software/mobile/rules/security-mobile.md +9 -0
- package/areas/software/mobile/skills/app-store-prep/SKILL.md +27 -0
- package/areas/software/mobile/skills/mobile-testing/SKILL.md +36 -0
- package/areas/software/mobile/skills/native-modules/SKILL.md +38 -0
- package/areas/software/mobile/skills/navigation-patterns/SKILL.md +49 -0
- package/areas/software/mobile/skills/push-notifications/SKILL.md +40 -0
- package/areas/software/mobile/skills/state-sync/SKILL.md +48 -0
- package/areas/software/mobile/workflows/crash-triage.md +63 -0
- package/areas/software/mobile/workflows/device-testing.md +54 -0
- package/areas/software/mobile/workflows/ota-update.md +54 -0
- package/areas/software/mobile/workflows/release-build.md +67 -0
- package/areas/software/mobile/workflows/store-submission.md +63 -0
- package/areas/software/platform/AGENTS.md +67 -0
- package/areas/software/platform/PROMPTS.md +32 -0
- package/areas/software/platform/prompts/cost-audit.md +117 -0
- package/areas/software/platform/prompts/deploy-production.md +109 -0
- package/areas/software/platform/prompts/drift-check.md +107 -0
- package/areas/software/platform/prompts/incident-response.md +121 -0
- package/areas/software/platform/prompts/provision-env.md +113 -0
- package/areas/software/platform/rules/cost-governance.md +11 -0
- package/areas/software/platform/rules/immutability.md +17 -0
- package/areas/software/platform/rules/reliability.md +19 -0
- package/areas/software/platform/rules/security-posture.md +12 -0
- package/areas/software/platform/skills/ci-cd-pipelines/SKILL.md +58 -0
- package/areas/software/platform/skills/incident-response/SKILL.md +41 -0
- package/areas/software/platform/skills/k8s-manifests/SKILL.md +56 -0
- package/areas/software/platform/skills/networking/SKILL.md +44 -0
- package/areas/software/platform/skills/observability-setup/SKILL.md +49 -0
- package/areas/software/platform/skills/secrets-management/SKILL.md +43 -0
- package/areas/software/platform/skills/terraform-patterns/SKILL.md +75 -0
- package/areas/software/platform/workflows/cost-audit.md +61 -0
- package/areas/software/platform/workflows/deploy-production.md +67 -0
- package/areas/software/platform/workflows/drift-check.md +61 -0
- package/areas/software/platform/workflows/incident-response.md +69 -0
- package/areas/software/platform/workflows/provision-env.md +77 -0
- package/areas/software/qa/AGENTS.md +58 -0
- package/areas/software/qa/PROMPTS.md +32 -0
- package/areas/software/qa/prompts/flakiness-investigation.md +61 -0
- package/areas/software/qa/prompts/performance-audit.md +65 -0
- package/areas/software/qa/prompts/regression-suite.md +61 -0
- package/areas/software/qa/prompts/smoke-test.md +65 -0
- package/areas/software/qa/prompts/test-coverage-report.md +61 -0
- package/areas/software/qa/rules/flakiness-policy.md +12 -0
- package/areas/software/qa/rules/quality-gates.md +28 -0
- package/areas/software/qa/rules/test-data.md +9 -0
- package/areas/software/qa/rules/test-strategy.md +11 -0
- package/areas/software/qa/skills/accessibility-testing/SKILL.md +139 -0
- package/areas/software/qa/skills/api-testing/SKILL.md +140 -0
- package/areas/software/qa/skills/e2e-patterns/SKILL.md +152 -0
- package/areas/software/qa/skills/performance-testing/SKILL.md +177 -0
- package/areas/software/qa/skills/test-data-management/SKILL.md +161 -0
- package/areas/software/qa/skills/test-pyramid/SKILL.md +127 -0
- package/areas/software/qa/workflows/flakiness-investigation.md +63 -0
- package/areas/software/qa/workflows/performance-audit.md +59 -0
- package/areas/software/qa/workflows/regression-suite.md +59 -0
- package/areas/software/qa/workflows/smoke-test.md +64 -0
- package/areas/software/qa/workflows/test-coverage-report.md +57 -0
- package/areas/software/security/AGENTS.md +58 -0
- package/areas/software/security/PROMPTS.md +32 -0
- package/areas/software/security/prompts/compliance-report.md +113 -0
- package/areas/software/security/prompts/pen-test-sim.md +113 -0
- package/areas/software/security/prompts/secret-rotation.md +115 -0
- package/areas/software/security/prompts/security-scan.md +91 -0
- package/areas/software/security/prompts/threat-model-review.md +105 -0
- package/areas/software/security/rules/compliance-baseline.md +23 -0
- package/areas/software/security/rules/dependency-policy.md +12 -0
- package/areas/software/security/rules/secrets-policy.md +22 -0
- package/areas/software/security/rules/secure-coding.md +22 -0
- package/areas/software/security/skills/auth-patterns/SKILL.md +42 -0
- package/areas/software/security/skills/crypto-standards/SKILL.md +42 -0
- package/areas/software/security/skills/dependency-audit/SKILL.md +29 -0
- package/areas/software/security/skills/sast-dast-interpretation/SKILL.md +33 -0
- package/areas/software/security/skills/security-headers/SKILL.md +29 -0
- package/areas/software/security/skills/threat-modeling/SKILL.md +36 -0
- package/areas/software/security/workflows/compliance-report.md +57 -0
- package/areas/software/security/workflows/pen-test-sim.md +63 -0
- package/areas/software/security/workflows/secret-rotation.md +67 -0
- package/areas/software/security/workflows/security-scan.md +64 -0
- package/areas/software/security/workflows/threat-model-review.md +62 -0
- package/areas/template/AGENTS-area.tmpl.md +61 -0
- package/areas/template/AGENTS.tmpl.md +67 -0
- package/areas/template/GUIDE.md +102 -0
- package/areas/template/PROMPTS.tmpl.md +29 -0
- package/areas/template/README.md +57 -0
- package/areas/template/README.tmpl.md +51 -0
- package/areas/template/prompt.tmpl.md +101 -0
- package/areas/template/rule.tmpl.md +71 -0
- package/areas/template/skill.tmpl.md +108 -0
- package/areas/template/workflow.tmpl.md +104 -0
- package/bin/agentic.js +24 -0
- package/extensions/antigravity/GEMINI.md +10 -0
- package/extensions/claude/CLAUDE.md +10 -0
- package/extensions/codex/AGENTS.override.md +93 -0
- package/extensions/gemini/GEMINI.md +10 -0
- package/extensions/opencode/agents/designer.md +65 -0
- package/extensions/opencode/agents/developer.md +63 -0
- package/extensions/opencode/agents/devops-engineer.md +69 -0
- package/extensions/opencode/agents/pm.md +61 -0
- package/extensions/opencode/agents/product-owner.md +76 -0
- package/extensions/opencode/agents/qa.md +66 -0
- package/extensions/opencode/agents/team-lead.md +67 -0
- package/extensions/opencode/commands/feature.md +75 -0
- package/extensions/opencode/opencode.json +93 -0
- package/extensions/opencode/plugins/model-checker.json +14 -0
- package/extensions/opencode/plugins/model-checker.ts +279 -0
- package/extensions/opencode/plugins/sound-notification.ts +13 -0
- package/extensions/opencode/plugins/telegram-notification.ts +86 -0
- package/extensions/opencode/skills/code_review_expert/SKILL.md +144 -0
- package/extensions/opencode/skills/design_expert/SKILL.md +42 -0
- package/extensions/opencode/skills/qa_expert/SKILL.md +116 -0
- package/package.json +19 -0
|
@@ -0,0 +1,159 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: state-management
|
|
3
|
+
type: skill
|
|
4
|
+
description: Manage Terraform remote state — backend setup, state isolation, locking, import, mv, and state surgery.
|
|
5
|
+
related-rules:
|
|
6
|
+
- state-management.md
|
|
7
|
+
- iac-standards.md
|
|
8
|
+
allowed-tools: Read, Write, Edit, Bash
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# Skill: Terraform State Management
|
|
12
|
+
|
|
13
|
+
> **Expertise:** Remote backends, state isolation, import, mv, rm, state surgery, cross-stack references.
|
|
14
|
+
|
|
15
|
+
## When to load
|
|
16
|
+
|
|
17
|
+
When setting up a new Terraform backend, debugging state lock, importing manually-created resources, or safely moving resources between state files.
|
|
18
|
+
|
|
19
|
+
## Backend Setup Patterns
|
|
20
|
+
|
|
21
|
+
```hcl
|
|
22
|
+
# AWS S3 + DynamoDB lock
|
|
23
|
+
terraform {
|
|
24
|
+
backend "s3" {
|
|
25
|
+
bucket = "mycompany-terraform-state"
|
|
26
|
+
key = "${var.environment}/${var.component}/terraform.tfstate"
|
|
27
|
+
region = "us-east-1"
|
|
28
|
+
encrypt = true
|
|
29
|
+
kms_key_id = "alias/terraform-state"
|
|
30
|
+
dynamodb_table = "terraform-state-lock"
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
# GCS (GCP) — built-in locking, no separate lock table needed
|
|
35
|
+
terraform {
|
|
36
|
+
backend "gcs" {
|
|
37
|
+
bucket = "mycompany-terraform-state"
|
|
38
|
+
prefix = "${var.environment}/${var.component}"
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
# Terraform Cloud / HCP Terraform
|
|
43
|
+
terraform {
|
|
44
|
+
cloud {
|
|
45
|
+
organization = "mycompany"
|
|
46
|
+
workspaces { name = "production-network" }
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
## State Isolation (per environment × component)
|
|
52
|
+
|
|
53
|
+
```
|
|
54
|
+
state/
|
|
55
|
+
├── staging/
|
|
56
|
+
│ ├── network/terraform.tfstate
|
|
57
|
+
│ ├── k8s-cluster/terraform.tfstate
|
|
58
|
+
│ └── databases/terraform.tfstate
|
|
59
|
+
└── production/
|
|
60
|
+
├── network/terraform.tfstate
|
|
61
|
+
├── k8s-cluster/terraform.tfstate
|
|
62
|
+
└── databases/terraform.tfstate
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
**Rule**: Staging and production **must** use separate state files (separate key/prefix, ideally separate bucket).
|
|
66
|
+
|
|
67
|
+
## Cross-Stack Values (avoid `terraform_remote_state`)
|
|
68
|
+
|
|
69
|
+
```hcl
|
|
70
|
+
# ✅ Publish outputs to SSM Parameter Store
|
|
71
|
+
resource "aws_ssm_parameter" "vpc_id" {
|
|
72
|
+
name = "/${var.environment}/network/vpc_id"
|
|
73
|
+
type = "String"
|
|
74
|
+
value = aws_vpc.this.id
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
# ✅ Consume in another stack via data source
|
|
78
|
+
data "aws_ssm_parameter" "vpc_id" {
|
|
79
|
+
name = "/${var.environment}/network/vpc_id"
|
|
80
|
+
}
|
|
81
|
+
|
|
82
|
+
resource "aws_subnet" "app" {
|
|
83
|
+
vpc_id = data.aws_ssm_parameter.vpc_id.value
|
|
84
|
+
}
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
## State Import (bring unmanaged resource under TF control)
|
|
88
|
+
|
|
89
|
+
```bash
|
|
90
|
+
# 1. Write the resource block in .tf first
|
|
91
|
+
resource "aws_s3_bucket" "legacy" {
|
|
92
|
+
bucket = "my-legacy-bucket"
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
# 2. Import the existing resource
|
|
96
|
+
terraform import aws_s3_bucket.legacy my-legacy-bucket
|
|
97
|
+
|
|
98
|
+
# 3. Run plan — should show no changes if .tf matches reality
|
|
99
|
+
terraform plan # should be: "No changes."
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
## State Move (rename / reorganize)
|
|
103
|
+
|
|
104
|
+
```hcl
|
|
105
|
+
# Safe rename using moved{} block (Terraform 1.1+) — no CLI required
|
|
106
|
+
moved {
|
|
107
|
+
from = aws_instance.web
|
|
108
|
+
to = aws_instance.this["web-01"]
|
|
109
|
+
}
|
|
110
|
+
|
|
111
|
+
# After apply, remove the moved{} block
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
```bash
|
|
115
|
+
# Manual state mv (use when moved{} block is not applicable)
|
|
116
|
+
# ALWAYS take a backup first
|
|
117
|
+
terraform state pull > backup-$(date +%Y%m%d-%H%M%S).tfstate
|
|
118
|
+
|
|
119
|
+
terraform state mv \
|
|
120
|
+
'aws_security_group.old_name' \
|
|
121
|
+
'aws_security_group.new_name'
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
## State Surgery (break-glass commands)
|
|
125
|
+
|
|
126
|
+
```bash
|
|
127
|
+
# List all resources in state
|
|
128
|
+
terraform state list
|
|
129
|
+
|
|
130
|
+
# Show a specific resource's state
|
|
131
|
+
terraform state show 'aws_instance.this["web-01"]'
|
|
132
|
+
|
|
133
|
+
# Remove a resource from state WITHOUT destroying it (use when managed outside TF)
|
|
134
|
+
terraform state rm 'aws_s3_bucket.legacy'
|
|
135
|
+
|
|
136
|
+
# Force-unlock a stuck state lock (use only when lock is genuinely stale)
|
|
137
|
+
terraform force-unlock <LOCK_ID>
|
|
138
|
+
# Lock ID from error message: "Error acquiring the state lock"
|
|
139
|
+
|
|
140
|
+
# Pull state for manual inspection
|
|
141
|
+
terraform state pull | jq '.resources[] | {type: .type, name: .name}'
|
|
142
|
+
|
|
143
|
+
# Replace a resource (force-recreate without destroy first)
|
|
144
|
+
terraform apply -replace='aws_instance.this["web-01"]'
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
## Debugging Lock Issues
|
|
148
|
+
|
|
149
|
+
```bash
|
|
150
|
+
# Error: "Error acquiring the state lock" + lock ID
|
|
151
|
+
# Check DynamoDB for stale lock:
|
|
152
|
+
aws dynamodb get-item \
|
|
153
|
+
--table-name terraform-state-lock \
|
|
154
|
+
--key '{"LockID": {"S": "mycompany-terraform-state/production/network/terraform.tfstate"}}'
|
|
155
|
+
|
|
156
|
+
# Verify no apply is actually running before force-unlock
|
|
157
|
+
# Only force-unlock if you are certain no other process holds the lock
|
|
158
|
+
terraform force-unlock <LOCK_ID_FROM_ERROR>
|
|
159
|
+
```
|
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: terraform-modules
|
|
3
|
+
type: skill
|
|
4
|
+
description: Design reusable, well-tested Terraform modules with cloud-agnostic interfaces and safe state management.
|
|
5
|
+
related-rules:
|
|
6
|
+
- iac-standards.md
|
|
7
|
+
- state-management.md
|
|
8
|
+
- secret-hygiene.md
|
|
9
|
+
allowed-tools: Read, Write, Edit, Bash
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
# Skill: Terraform Modules
|
|
13
|
+
|
|
14
|
+
> **Expertise:** Reusable module design, for_each patterns, remote state, data sources, module testing with Terratest.
|
|
15
|
+
|
|
16
|
+
## When to load
|
|
17
|
+
|
|
18
|
+
When writing new Terraform, reviewing IaC PRs, designing module interfaces, or debugging plan/apply failures.
|
|
19
|
+
|
|
20
|
+
## Module Interface Design
|
|
21
|
+
|
|
22
|
+
```hcl
|
|
23
|
+
# variables.tf — define a clean, minimal interface
|
|
24
|
+
variable "project" {
|
|
25
|
+
description = "Project name used in resource naming and tags"
|
|
26
|
+
type = string
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
variable "environment" {
|
|
30
|
+
description = "Deployment environment (dev|staging|production)"
|
|
31
|
+
type = string
|
|
32
|
+
validation {
|
|
33
|
+
condition = contains(["dev", "staging", "production"], var.environment)
|
|
34
|
+
error_message = "environment must be dev, staging, or production."
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
variable "instance_count" {
|
|
39
|
+
description = "Number of instances to create"
|
|
40
|
+
type = number
|
|
41
|
+
default = 1
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
# outputs.tf — expose only what callers need
|
|
45
|
+
output "instance_ids" {
|
|
46
|
+
description = "List of created instance IDs"
|
|
47
|
+
value = aws_instance.this[*].id
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
output "private_ips" {
|
|
51
|
+
description = "Private IP addresses"
|
|
52
|
+
value = aws_instance.this[*].private_ip
|
|
53
|
+
sensitive = false
|
|
54
|
+
}
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
## for_each vs count
|
|
58
|
+
|
|
59
|
+
```hcl
|
|
60
|
+
# ✅ for_each — stable keys, safe to add/remove
|
|
61
|
+
resource "aws_security_group_rule" "allow" {
|
|
62
|
+
for_each = var.allowed_ports # map: { "http" = 80, "https" = 443 }
|
|
63
|
+
type = "ingress"
|
|
64
|
+
from_port = each.value
|
|
65
|
+
to_port = each.value
|
|
66
|
+
protocol = "tcp"
|
|
67
|
+
cidr_blocks = ["0.0.0.0/0"]
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
# ❌ count — index-based, removing item N shifts all subsequent items
|
|
71
|
+
resource "aws_instance" "this" {
|
|
72
|
+
count = var.instance_count # removing instance 0 destroys ALL and recreates
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
# ✅ for_each with map for instances
|
|
76
|
+
resource "aws_instance" "this" {
|
|
77
|
+
for_each = var.instances # map: { "web-1" = {...}, "web-2" = {...} }
|
|
78
|
+
instance_type = each.value.instance_type
|
|
79
|
+
}
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
## Dynamic Blocks
|
|
83
|
+
|
|
84
|
+
```hcl
|
|
85
|
+
resource "aws_security_group" "this" {
|
|
86
|
+
name = "${var.project}-${var.environment}-sg"
|
|
87
|
+
|
|
88
|
+
dynamic "ingress" {
|
|
89
|
+
for_each = var.ingress_rules
|
|
90
|
+
content {
|
|
91
|
+
from_port = ingress.value.from_port
|
|
92
|
+
to_port = ingress.value.to_port
|
|
93
|
+
protocol = ingress.value.protocol
|
|
94
|
+
cidr_blocks = ingress.value.cidr_blocks
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
```
|
|
99
|
+
|
|
100
|
+
## Data Sources (cloud-agnostic patterns)
|
|
101
|
+
|
|
102
|
+
```hcl
|
|
103
|
+
# Latest Ubuntu 22.04 AMI (AWS)
|
|
104
|
+
data "aws_ami" "ubuntu" {
|
|
105
|
+
most_recent = true
|
|
106
|
+
owners = ["099720109477"] # Canonical
|
|
107
|
+
filter {
|
|
108
|
+
name = "name"
|
|
109
|
+
values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
# Cross-stack reference via SSM (avoid terraform_remote_state across envs)
|
|
114
|
+
data "aws_ssm_parameter" "vpc_id" {
|
|
115
|
+
name = "/${var.environment}/network/vpc_id"
|
|
116
|
+
}
|
|
117
|
+
```
|
|
118
|
+
|
|
119
|
+
## Locals for DRY Code
|
|
120
|
+
|
|
121
|
+
```hcl
|
|
122
|
+
locals {
|
|
123
|
+
name_prefix = "${var.project}-${var.environment}"
|
|
124
|
+
common_tags = {
|
|
125
|
+
Project = var.project
|
|
126
|
+
Environment = var.environment
|
|
127
|
+
ManagedBy = "terraform"
|
|
128
|
+
Owner = var.owner
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
resource "aws_s3_bucket" "this" {
|
|
133
|
+
bucket = "${local.name_prefix}-assets-${random_id.suffix.hex}"
|
|
134
|
+
tags = local.common_tags
|
|
135
|
+
}
|
|
136
|
+
```
|
|
137
|
+
|
|
138
|
+
## moved Block (safe refactoring)
|
|
139
|
+
|
|
140
|
+
```hcl
|
|
141
|
+
# When renaming a resource — prevents destroy+create
|
|
142
|
+
moved {
|
|
143
|
+
from = aws_instance.web
|
|
144
|
+
to = aws_instance.this["web-1"]
|
|
145
|
+
}
|
|
146
|
+
```
|
|
147
|
+
|
|
148
|
+
## CI/CD Integration
|
|
149
|
+
|
|
150
|
+
```bash
|
|
151
|
+
# Standard pipeline steps
|
|
152
|
+
terraform init -backend-config=environments/${ENV}/backend.hcl
|
|
153
|
+
terraform validate
|
|
154
|
+
terraform fmt -check -recursive
|
|
155
|
+
terraform plan -var-file=environments/${ENV}/terraform.tfvars -out=tfplan
|
|
156
|
+
# After approval:
|
|
157
|
+
terraform apply tfplan
|
|
158
|
+
```
|
|
159
|
+
|
|
160
|
+
## Anti-Patterns
|
|
161
|
+
|
|
162
|
+
| Anti-pattern | Fix |
|
|
163
|
+
|:---|:---|
|
|
164
|
+
| `count` for multi-instance | Use `for_each` with map keys |
|
|
165
|
+
| Hardcoded region/AZ | Use `data` source or variable |
|
|
166
|
+
| `?ref=main` module source | Pin to version tag |
|
|
167
|
+
| Provider config inside module | Provider in root module only |
|
|
168
|
+
| `terraform_remote_state` across envs | SSM / Consul KV for cross-stack values |
|
|
169
|
+
| Sensitive values in outputs without `sensitive=true` | Mark all secret outputs as sensitive |
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: destroy-environment
|
|
3
|
+
type: workflow
|
|
4
|
+
trigger: /destroy-environment
|
|
5
|
+
description: Safely destroy a Terraform-managed environment — pre-checks, approval gate, ordered teardown, and state cleanup.
|
|
6
|
+
inputs:
|
|
7
|
+
- environment_name
|
|
8
|
+
- reason (decommission|cost-saving|reset)
|
|
9
|
+
outputs:
|
|
10
|
+
- environment_destroyed
|
|
11
|
+
- state_cleaned
|
|
12
|
+
roles:
|
|
13
|
+
- devops-engineer
|
|
14
|
+
- team-lead
|
|
15
|
+
execution:
|
|
16
|
+
initiator: developer
|
|
17
|
+
related-rules:
|
|
18
|
+
- state-management.md
|
|
19
|
+
- immutability.md
|
|
20
|
+
uses-skills:
|
|
21
|
+
- terraform-modules
|
|
22
|
+
- state-management
|
|
23
|
+
quality-gates:
|
|
24
|
+
- explicit team-lead approval required before any destroy
|
|
25
|
+
- backup of state file taken before destroy
|
|
26
|
+
- production environment requires VP Engineering sign-off
|
|
27
|
+
---
|
|
28
|
+
|
|
29
|
+
## Steps
|
|
30
|
+
|
|
31
|
+
### 1. Confirm Scope — `@devops-engineer`
|
|
32
|
+
- List all resources to be destroyed: `terraform plan -destroy -var-file=terraform.tfvars`
|
|
33
|
+
- Verify: is there **production data** in this environment? (databases, object storage)
|
|
34
|
+
- Confirm no active traffic or dependent services
|
|
35
|
+
- **Stop here if**: environment has active users or unarchived data
|
|
36
|
+
|
|
37
|
+
### 2. Approval — `@team-lead` (+ VP Eng if production)
|
|
38
|
+
- Review the destroy plan output
|
|
39
|
+
- Confirm: data archived or migrated
|
|
40
|
+
- Sign off in the PR/ticket: `APPROVED FOR DESTROY — [name] [date]`
|
|
41
|
+
- **Done when:** written approval recorded
|
|
42
|
+
|
|
43
|
+
### 3. Pre-Destroy Backup — `@devops-engineer`
|
|
44
|
+
```bash
|
|
45
|
+
# Back up Terraform state file
|
|
46
|
+
terraform state pull > backups/state-${ENV}-$(date +%Y%m%d-%H%M%S).tfstate
|
|
47
|
+
|
|
48
|
+
# If databases present: take final snapshot
|
|
49
|
+
pgbackrest --stanza=${ENV}-db --type=full backup
|
|
50
|
+
|
|
51
|
+
# Export any S3/GCS bucket contents if needed
|
|
52
|
+
aws s3 sync s3://${ENV}-data ./backups/s3-${ENV}/
|
|
53
|
+
```
|
|
54
|
+
- **Done when:** backups verified (not just initiated)
|
|
55
|
+
|
|
56
|
+
### 4. Ordered Teardown — `@devops-engineer`
|
|
57
|
+
```bash
|
|
58
|
+
# Destroy in reverse dependency order
|
|
59
|
+
# Workloads first, then networking, then storage last
|
|
60
|
+
|
|
61
|
+
# Option A: full destroy
|
|
62
|
+
terraform destroy -var-file=terraform.tfvars -auto-approve
|
|
63
|
+
|
|
64
|
+
# Option B: targeted destroy (preferred for partial teardown)
|
|
65
|
+
# 1. Destroy compute/K8s cluster first
|
|
66
|
+
terraform destroy -target=module.k8s_cluster -var-file=terraform.tfvars -auto-approve
|
|
67
|
+
# 2. Then networking
|
|
68
|
+
terraform destroy -target=module.vpc -var-file=terraform.tfvars -auto-approve
|
|
69
|
+
# 3. Finally storage (confirm buckets are empty first)
|
|
70
|
+
terraform destroy -target=module.object_storage -var-file=terraform.tfvars -auto-approve
|
|
71
|
+
```
|
|
72
|
+
- Watch for destroy errors; some resources require manual intervention (e.g., non-empty S3 buckets)
|
|
73
|
+
|
|
74
|
+
### 5. Verify & Cleanup — `@devops-engineer`
|
|
75
|
+
```bash
|
|
76
|
+
# Confirm no resources remain
|
|
77
|
+
terraform state list # should be empty
|
|
78
|
+
|
|
79
|
+
# Remove backend state file (only after confirming destroy is complete)
|
|
80
|
+
# AWS S3:
|
|
81
|
+
aws s3 rm s3://mycompany-terraform-state/${ENV}/ --recursive
|
|
82
|
+
# GCS:
|
|
83
|
+
gsutil -m rm -r gs://mycompany-terraform-state/${ENV}/
|
|
84
|
+
|
|
85
|
+
# Remove DynamoDB lock entries
|
|
86
|
+
aws dynamodb delete-item \
|
|
87
|
+
--table-name terraform-state-lock \
|
|
88
|
+
--key '{"LockID": {"S": "mycompany-terraform-state/${ENV}/terraform.tfstate"}}'
|
|
89
|
+
```
|
|
90
|
+
- **Done when:** state list empty; DNS entries removed; cloud console confirms no resources
|
|
91
|
+
|
|
92
|
+
### 6. Document — `@devops-engineer`
|
|
93
|
+
- Record in decommission log: environment, date, approver, reason, data disposition
|
|
94
|
+
|
|
95
|
+
## Exit
|
|
96
|
+
Terraform state empty + cloud console clean + documentation filed = environment destroyed.
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: drift-remediation
|
|
3
|
+
type: workflow
|
|
4
|
+
trigger: /drift-remediation
|
|
5
|
+
description: Detect, classify, and remediate infrastructure drift between Terraform state and actual cloud state.
|
|
6
|
+
inputs:
|
|
7
|
+
- environment
|
|
8
|
+
- component (optional — specific module to check)
|
|
9
|
+
outputs:
|
|
10
|
+
- drift_report
|
|
11
|
+
- remediation_applied or deferred
|
|
12
|
+
roles:
|
|
13
|
+
- devops-engineer
|
|
14
|
+
- team-lead
|
|
15
|
+
execution:
|
|
16
|
+
initiator: developer
|
|
17
|
+
related-rules:
|
|
18
|
+
- immutability.md
|
|
19
|
+
- iac-standards.md
|
|
20
|
+
uses-skills:
|
|
21
|
+
- drift-detection
|
|
22
|
+
- terraform-modules
|
|
23
|
+
quality-gates:
|
|
24
|
+
- drift classified before any apply
|
|
25
|
+
- INVESTIGATE drift treated as security incident
|
|
26
|
+
---
|
|
27
|
+
|
|
28
|
+
## Steps
|
|
29
|
+
|
|
30
|
+
### 1. Detect Drift — `@devops-engineer`
|
|
31
|
+
```bash
|
|
32
|
+
# Run plan across all components; capture exit code
|
|
33
|
+
# Exit 0 = no changes, Exit 2 = changes detected
|
|
34
|
+
terraform plan -var-file=terraform.tfvars -detailed-exitcode 2>&1 | tee drift-report.txt
|
|
35
|
+
echo "Exit code: $?"
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
### 2. Classify Findings — `@devops-engineer` + `@team-lead`
|
|
39
|
+
|
|
40
|
+
| Class | Criteria | Action |
|
|
41
|
+
|:---|:---|:---|
|
|
42
|
+
| `ACCEPT` | Documented exception in PR comment | Suppress; add to ignore list |
|
|
43
|
+
| `REMEDIATE` | Unintended config change | Terraform apply within 48h |
|
|
44
|
+
| `INVESTIGATE` | Unknown origin; IAM/SG/encryption changes | Treat as P1; audit access logs |
|
|
45
|
+
|
|
46
|
+
- Any change to: IAM policies, security groups, encryption settings → **automatic INVESTIGATE**
|
|
47
|
+
|
|
48
|
+
### 3. Remediate (if REMEDIATE class) — `@devops-engineer`
|
|
49
|
+
```bash
|
|
50
|
+
# Review plan again — confirm only expected changes
|
|
51
|
+
terraform plan -var-file=terraform.tfvars -out=remediation.plan
|
|
52
|
+
# Apply after team-lead approval
|
|
53
|
+
terraform apply remediation.plan
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
### 4. Investigate (if INVESTIGATE class) — `@devops-engineer` + security
|
|
57
|
+
- Open P1 incident
|
|
58
|
+
- Pull cloud provider audit logs (CloudTrail / GCP Audit Logs) for affected resource
|
|
59
|
+
- Identify who/what made the change and when
|
|
60
|
+
- Remediate AND file security incident report
|
|
61
|
+
|
|
62
|
+
### 5. Report — `@devops-engineer`
|
|
63
|
+
- Update `drift-log.md` with date, resources affected, classification, action taken
|
|
64
|
+
|
|
65
|
+
## Exit
|
|
66
|
+
All drift classified + REMEDIATE resolved + INVESTIGATE escalated = drift cycle complete.
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: module-development
|
|
3
|
+
type: workflow
|
|
4
|
+
trigger: /module-development
|
|
5
|
+
description: Develop, test, and publish a new reusable Terraform module — design, implementation, examples, tests, and versioned release.
|
|
6
|
+
inputs:
|
|
7
|
+
- module_name
|
|
8
|
+
- module_purpose
|
|
9
|
+
- cloud_targets
|
|
10
|
+
outputs:
|
|
11
|
+
- published_module
|
|
12
|
+
- module_documentation
|
|
13
|
+
roles:
|
|
14
|
+
- devops-engineer
|
|
15
|
+
- team-lead
|
|
16
|
+
execution:
|
|
17
|
+
initiator: developer
|
|
18
|
+
related-rules:
|
|
19
|
+
- iac-standards.md
|
|
20
|
+
- state-management.md
|
|
21
|
+
uses-skills:
|
|
22
|
+
- terraform-modules
|
|
23
|
+
- drift-detection
|
|
24
|
+
quality-gates:
|
|
25
|
+
- all examples produce clean plan (no-op on re-apply)
|
|
26
|
+
- terraform validate passes
|
|
27
|
+
- no provider config inside module
|
|
28
|
+
- README documents all variables and outputs
|
|
29
|
+
---
|
|
30
|
+
|
|
31
|
+
## Steps
|
|
32
|
+
|
|
33
|
+
### 1. Design Interface — `@devops-engineer` + `@team-lead`
|
|
34
|
+
- Define: what problem does this module solve?
|
|
35
|
+
- Map all input variables (required vs optional with defaults)
|
|
36
|
+
- Map all outputs callers will need
|
|
37
|
+
- Decide: cloud-specific or cloud-agnostic? (prefer agnostic with per-cloud examples)
|
|
38
|
+
- **Done when:** interface design reviewed and signed off
|
|
39
|
+
|
|
40
|
+
### 2. Implement Module — `@devops-engineer`
|
|
41
|
+
```
|
|
42
|
+
modules/<module-name>/
|
|
43
|
+
├── main.tf ← resource definitions
|
|
44
|
+
├── variables.tf ← all inputs with descriptions + validation
|
|
45
|
+
├── outputs.tf ← all outputs with descriptions
|
|
46
|
+
├── versions.tf ← required_version + required_providers (no provider block)
|
|
47
|
+
└── README.md ← auto-generated with terraform-docs
|
|
48
|
+
```
|
|
49
|
+
- Add `validation {}` blocks to all critical variables
|
|
50
|
+
- Use `for_each` over `count` for multi-instance resources
|
|
51
|
+
- No hardcoded regions, account IDs, or environment names
|
|
52
|
+
- **Done when:** `terraform validate` passes; `terraform fmt -check` passes
|
|
53
|
+
|
|
54
|
+
### 3. Write Examples — `@devops-engineer`
|
|
55
|
+
```
|
|
56
|
+
modules/<module-name>/examples/
|
|
57
|
+
├── basic/ ← minimal config, happy path
|
|
58
|
+
│ ├── main.tf
|
|
59
|
+
│ └── README.md
|
|
60
|
+
└── advanced/ ← all options exercised
|
|
61
|
+
├── main.tf
|
|
62
|
+
└── README.md
|
|
63
|
+
```
|
|
64
|
+
- Examples must have complete provider configs
|
|
65
|
+
- Run each example against a test account/project: `terraform init && terraform plan`
|
|
66
|
+
- **Done when:** both examples produce a clean plan
|
|
67
|
+
|
|
68
|
+
### 4. Test — `@devops-engineer`
|
|
69
|
+
```bash
|
|
70
|
+
# Terratest (Go)
|
|
71
|
+
cd modules/<module-name>/test
|
|
72
|
+
go test -v -timeout 30m
|
|
73
|
+
|
|
74
|
+
# Or: checkov for static security analysis
|
|
75
|
+
checkov -d modules/<module-name>/ --quiet
|
|
76
|
+
|
|
77
|
+
# terraform-docs: generate README from code
|
|
78
|
+
terraform-docs markdown table modules/<module-name>/ \
|
|
79
|
+
> modules/<module-name>/README.md
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
### 5. Code Review — `@team-lead`
|
|
83
|
+
- Interface is minimal (no unnecessary variables)
|
|
84
|
+
- No provider config in module
|
|
85
|
+
- Examples clean
|
|
86
|
+
- README complete (all variables, outputs, usage examples)
|
|
87
|
+
- **Done when:** PR approved
|
|
88
|
+
|
|
89
|
+
### 6. Release — `@devops-engineer`
|
|
90
|
+
```bash
|
|
91
|
+
# Semantic version tag
|
|
92
|
+
git tag -a modules/<module-name>/v1.0.0 \
|
|
93
|
+
-m "Initial release of <module-name> module"
|
|
94
|
+
git push origin modules/<module-name>/v1.0.0
|
|
95
|
+
|
|
96
|
+
# Update module registry / internal docs
|
|
97
|
+
# Reference in other modules: ?ref=v1.0.0 (never ?ref=main)
|
|
98
|
+
```
|
|
99
|
+
|
|
100
|
+
## Exit
|
|
101
|
+
Module published + examples tested + documentation complete = module released.
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: provision-environment
|
|
3
|
+
type: workflow
|
|
4
|
+
trigger: /provision-environment
|
|
5
|
+
description: Provision a complete infrastructure environment using Terraform + Ansible — from VPC to configured K8s-ready nodes.
|
|
6
|
+
inputs:
|
|
7
|
+
- environment_name (staging|production)
|
|
8
|
+
- cloud_provider (aws|gcp|hetzner|bare-metal)
|
|
9
|
+
- component_scope (network|compute|all)
|
|
10
|
+
outputs:
|
|
11
|
+
- provisioned_environment
|
|
12
|
+
- provision_report
|
|
13
|
+
roles:
|
|
14
|
+
- devops-engineer
|
|
15
|
+
- team-lead
|
|
16
|
+
execution:
|
|
17
|
+
initiator: developer
|
|
18
|
+
related-rules:
|
|
19
|
+
- iac-standards.md
|
|
20
|
+
- state-management.md
|
|
21
|
+
- secret-hygiene.md
|
|
22
|
+
- immutability.md
|
|
23
|
+
uses-skills:
|
|
24
|
+
- terraform-modules
|
|
25
|
+
- ansible-playbooks
|
|
26
|
+
quality-gates:
|
|
27
|
+
- terraform plan reviewed and approved before apply
|
|
28
|
+
- no secrets in plan output
|
|
29
|
+
- smoke test passes post-provision
|
|
30
|
+
---
|
|
31
|
+
|
|
32
|
+
## Steps
|
|
33
|
+
|
|
34
|
+
### 1. Plan & Review — `@devops-engineer` + `@team-lead`
|
|
35
|
+
- **Actions:**
|
|
36
|
+
```bash
|
|
37
|
+
cd terraform/environments/${ENV}
|
|
38
|
+
terraform init -backend-config=backend.hcl
|
|
39
|
+
terraform validate
|
|
40
|
+
terraform fmt -check -recursive
|
|
41
|
+
|
|
42
|
+
# Generate plan
|
|
43
|
+
terraform plan \
|
|
44
|
+
-var-file=terraform.tfvars \
|
|
45
|
+
-out=tfplan.binary \
|
|
46
|
+
2>&1 | tee tfplan.txt
|
|
47
|
+
```
|
|
48
|
+
- Review plan output for: unexpected destroys, missing tags, security group wildcards, unencrypted storage
|
|
49
|
+
- **Done when:** `@team-lead` approves plan; no unexpected destroys
|
|
50
|
+
|
|
51
|
+
### 2. Apply Infrastructure — `@devops-engineer`
|
|
52
|
+
- **Actions:**
|
|
53
|
+
```bash
|
|
54
|
+
terraform apply tfplan.binary
|
|
55
|
+
# Save outputs for Ansible
|
|
56
|
+
terraform output -json > environments/${ENV}/tf-outputs.json
|
|
57
|
+
```
|
|
58
|
+
- **Done when:** apply exits 0; all resources in state
|
|
59
|
+
|
|
60
|
+
### 3. Configure Nodes (Ansible) — `@devops-engineer`
|
|
61
|
+
- **Actions:**
|
|
62
|
+
```bash
|
|
63
|
+
# Generate dynamic inventory from Terraform outputs
|
|
64
|
+
python3 scripts/tf-to-inventory.py tf-outputs.json > inventory/${ENV}/hosts.ini
|
|
65
|
+
|
|
66
|
+
# Dry run first
|
|
67
|
+
ansible-playbook -i inventory/${ENV}/hosts.ini \
|
|
68
|
+
playbooks/site.yml --check --diff \
|
|
69
|
+
--vault-password-file ~/.vault-pass
|
|
70
|
+
|
|
71
|
+
# Apply configuration
|
|
72
|
+
ansible-playbook -i inventory/${ENV}/hosts.ini \
|
|
73
|
+
playbooks/site.yml \
|
|
74
|
+
--vault-password-file ~/.vault-pass
|
|
75
|
+
```
|
|
76
|
+
- **Done when:** all plays complete with 0 failures
|
|
77
|
+
|
|
78
|
+
### 4. Smoke Tests — `@devops-engineer`
|
|
79
|
+
- **Actions:**
|
|
80
|
+
- For cloud environments: verify VPC, subnets, security groups via AWS/GCP CLI
|
|
81
|
+
- For K8s-destined nodes: run `kubeadm init phase preflight` (pre-check only)
|
|
82
|
+
- Connectivity: SSH to each node, verify ports
|
|
83
|
+
```bash
|
|
84
|
+
ansible -i inventory/${ENV}/hosts.ini all -m ping
|
|
85
|
+
ansible -i inventory/${ENV}/hosts.ini k8s_cluster -m command -a "systemctl is-active containerd"
|
|
86
|
+
```
|
|
87
|
+
- **Done when:** all nodes reachable; containerd/kubelet running
|
|
88
|
+
|
|
89
|
+
### 5. Document & Store Outputs — `@devops-engineer`
|
|
90
|
+
- Commit any generated inventory/config to Git
|
|
91
|
+
- Store node IPs in SSM / Consul KV for downstream use
|
|
92
|
+
- Write `provision_report.md`: environment, resources created, cost estimate, next steps
|
|
93
|
+
- **Done when:** report committed; outputs stored
|
|
94
|
+
|
|
95
|
+
## Exit
|
|
96
|
+
Terraform apply clean + Ansible 0 failures + smoke tests pass = environment provisioned.
|