@jetrabbits/agentic 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (440) hide show
  1. package/AGENTS.md +143 -0
  2. package/README.md +154 -0
  3. package/agentic +1615 -0
  4. package/areas/devops/ci-cd/AGENTS.md +48 -0
  5. package/areas/devops/ci-cd/PROMPTS.md +7 -0
  6. package/areas/devops/ci-cd/prompts/onboard-repo.md +97 -0
  7. package/areas/devops/ci-cd/prompts/pipeline-debug.md +103 -0
  8. package/areas/devops/ci-cd/prompts/release-pipeline.md +115 -0
  9. package/areas/devops/ci-cd/rules/pipeline-standards.md +33 -0
  10. package/areas/devops/ci-cd/rules/quality-gates.md +24 -0
  11. package/areas/devops/ci-cd/rules/supply-chain-security.md +34 -0
  12. package/areas/devops/ci-cd/skills/artifact-management/SKILL.md +157 -0
  13. package/areas/devops/ci-cd/skills/build-optimization/SKILL.md +168 -0
  14. package/areas/devops/ci-cd/skills/github-actions-patterns/SKILL.md +190 -0
  15. package/areas/devops/ci-cd/skills/gitlab-ci-patterns/SKILL.md +169 -0
  16. package/areas/devops/ci-cd/skills/pipeline-security/SKILL.md +161 -0
  17. package/areas/devops/ci-cd/workflows/onboard-repo.md +73 -0
  18. package/areas/devops/ci-cd/workflows/pipeline-debug.md +66 -0
  19. package/areas/devops/ci-cd/workflows/release-pipeline.md +115 -0
  20. package/areas/devops/database-ops/AGENTS.md +47 -0
  21. package/areas/devops/database-ops/prompts/backup-verify.md +83 -0
  22. package/areas/devops/database-ops/prompts/db-incident.md +127 -0
  23. package/areas/devops/database-ops/rules/access-control.md +20 -0
  24. package/areas/devops/database-ops/rules/backup-policy.md +33 -0
  25. package/areas/devops/database-ops/rules/migration-runbook.md +32 -0
  26. package/areas/devops/database-ops/skills/backup-restore/SKILL.md +226 -0
  27. package/areas/devops/database-ops/skills/db-performance/SKILL.md +205 -0
  28. package/areas/devops/database-ops/skills/migration-safety/SKILL.md +155 -0
  29. package/areas/devops/database-ops/skills/postgres-operations/SKILL.md +156 -0
  30. package/areas/devops/database-ops/skills/redis-operations/SKILL.md +174 -0
  31. package/areas/devops/database-ops/workflows/backup-verify.md +107 -0
  32. package/areas/devops/database-ops/workflows/db-incident.md +86 -0
  33. package/areas/devops/devsecops/AGENTS.md +47 -0
  34. package/areas/devops/devsecops/prompts/policy-onboard.md +79 -0
  35. package/areas/devops/devsecops/prompts/security-scan-pipeline.md +131 -0
  36. package/areas/devops/devsecops/rules/container-security.md +22 -0
  37. package/areas/devops/devsecops/rules/policy-as-code.md +37 -0
  38. package/areas/devops/devsecops/rules/shift-left-policy.md +26 -0
  39. package/areas/devops/devsecops/skills/container-hardening/SKILL.md +146 -0
  40. package/areas/devops/devsecops/skills/opa-policies/SKILL.md +188 -0
  41. package/areas/devops/devsecops/skills/sbom-supply-chain/SKILL.md +165 -0
  42. package/areas/devops/devsecops/skills/secret-detection/SKILL.md +190 -0
  43. package/areas/devops/devsecops/skills/sigstore-signing/SKILL.md +184 -0
  44. package/areas/devops/devsecops/workflows/policy-onboard.md +104 -0
  45. package/areas/devops/devsecops/workflows/security-scan-pipeline.md +155 -0
  46. package/areas/devops/infrastructure/AGENTS.md +50 -0
  47. package/areas/devops/infrastructure/prompts/destroy-environment.md +81 -0
  48. package/areas/devops/infrastructure/prompts/drift-remediation.md +71 -0
  49. package/areas/devops/infrastructure/prompts/module-development.md +69 -0
  50. package/areas/devops/infrastructure/prompts/provision-environment.md +121 -0
  51. package/areas/devops/infrastructure/rules/iac-standards.md +80 -0
  52. package/areas/devops/infrastructure/rules/immutability.md +28 -0
  53. package/areas/devops/infrastructure/rules/secret-hygiene.md +53 -0
  54. package/areas/devops/infrastructure/rules/state-management.md +47 -0
  55. package/areas/devops/infrastructure/skills/ansible-playbooks/SKILL.md +174 -0
  56. package/areas/devops/infrastructure/skills/cost-optimization/SKILL.md +177 -0
  57. package/areas/devops/infrastructure/skills/drift-detection/SKILL.md +178 -0
  58. package/areas/devops/infrastructure/skills/state-management/SKILL.md +159 -0
  59. package/areas/devops/infrastructure/skills/terraform-modules/SKILL.md +169 -0
  60. package/areas/devops/infrastructure/workflows/destroy-environment.md +96 -0
  61. package/areas/devops/infrastructure/workflows/drift-remediation.md +66 -0
  62. package/areas/devops/infrastructure/workflows/module-development.md +101 -0
  63. package/areas/devops/infrastructure/workflows/provision-environment.md +96 -0
  64. package/areas/devops/kubernetes/AGENTS.md +57 -0
  65. package/areas/devops/kubernetes/PROMPTS.md +9 -0
  66. package/areas/devops/kubernetes/prompts/cluster-bootstrap.md +67 -0
  67. package/areas/devops/kubernetes/prompts/debug-workload.md +91 -0
  68. package/areas/devops/kubernetes/prompts/onboard-service.md +101 -0
  69. package/areas/devops/kubernetes/prompts/upgrade-cluster.md +63 -0
  70. package/areas/devops/kubernetes/rules/cluster-standards.md +51 -0
  71. package/areas/devops/kubernetes/rules/resource-governance.md +80 -0
  72. package/areas/devops/kubernetes/rules/upgrade-policy.md +52 -0
  73. package/areas/devops/kubernetes/rules/workload-security.md +64 -0
  74. package/areas/devops/kubernetes/skills/cluster-operations/SKILL.md +136 -0
  75. package/areas/devops/kubernetes/skills/helm-charts/SKILL.md +152 -0
  76. package/areas/devops/kubernetes/skills/network-policies/SKILL.md +169 -0
  77. package/areas/devops/kubernetes/skills/pod-troubleshooting/SKILL.md +129 -0
  78. package/areas/devops/kubernetes/skills/rbac-design/SKILL.md +148 -0
  79. package/areas/devops/kubernetes/skills/resource-tuning/SKILL.md +156 -0
  80. package/areas/devops/kubernetes/workflows/cluster-bootstrap.md +194 -0
  81. package/areas/devops/kubernetes/workflows/debug-workload.md +108 -0
  82. package/areas/devops/kubernetes/workflows/onboard-service.md +124 -0
  83. package/areas/devops/kubernetes/workflows/upgrade-cluster.md +165 -0
  84. package/areas/devops/networking/AGENTS.md +47 -0
  85. package/areas/devops/networking/prompts/onboard-ingress.md +119 -0
  86. package/areas/devops/networking/prompts/service-mesh-onboard.md +77 -0
  87. package/areas/devops/networking/rules/ingress-standards.md +17 -0
  88. package/areas/devops/networking/rules/network-segmentation.md +24 -0
  89. package/areas/devops/networking/rules/tls-policy.md +32 -0
  90. package/areas/devops/networking/skills/dns-management/SKILL.md +169 -0
  91. package/areas/devops/networking/skills/ingress-patterns/SKILL.md +165 -0
  92. package/areas/devops/networking/skills/service-mesh/SKILL.md +206 -0
  93. package/areas/devops/networking/skills/tls-termination/SKILL.md +198 -0
  94. package/areas/devops/networking/skills/vpc-design/SKILL.md +132 -0
  95. package/areas/devops/networking/workflows/onboard-ingress.md +64 -0
  96. package/areas/devops/networking/workflows/service-mesh-onboard.md +122 -0
  97. package/areas/devops/observability/AGENTS.md +48 -0
  98. package/areas/devops/observability/prompts/alert-investigation.md +117 -0
  99. package/areas/devops/observability/prompts/observability-stack-setup.md +99 -0
  100. package/areas/devops/observability/prompts/onboard-service-monitoring.md +79 -0
  101. package/areas/devops/observability/rules/alerting-standards.md +36 -0
  102. package/areas/devops/observability/rules/data-retention.md +19 -0
  103. package/areas/devops/observability/rules/golden-signals.md +28 -0
  104. package/areas/devops/observability/skills/distributed-tracing/SKILL.md +149 -0
  105. package/areas/devops/observability/skills/grafana-dashboards/SKILL.md +201 -0
  106. package/areas/devops/observability/skills/log-aggregation/SKILL.md +159 -0
  107. package/areas/devops/observability/skills/prometheus-alertmanager/SKILL.md +188 -0
  108. package/areas/devops/observability/skills/slo-implementation/SKILL.md +189 -0
  109. package/areas/devops/observability/workflows/alert-investigation.md +98 -0
  110. package/areas/devops/observability/workflows/observability-stack-setup.md +156 -0
  111. package/areas/devops/observability/workflows/onboard-service-monitoring.md +83 -0
  112. package/areas/devops/sre/AGENTS.md +48 -0
  113. package/areas/devops/sre/prompts/incident-response.md +129 -0
  114. package/areas/devops/sre/prompts/postmortem.md +101 -0
  115. package/areas/devops/sre/prompts/slo-review.md +125 -0
  116. package/areas/devops/sre/rules/error-budget-policy.md +25 -0
  117. package/areas/devops/sre/rules/on-call-standards.md +25 -0
  118. package/areas/devops/sre/rules/slo-policy.md +31 -0
  119. package/areas/devops/sre/skills/capacity-planning/SKILL.md +162 -0
  120. package/areas/devops/sre/skills/chaos-engineering/SKILL.md +186 -0
  121. package/areas/devops/sre/skills/incident-command/SKILL.md +119 -0
  122. package/areas/devops/sre/skills/postmortem-analysis/SKILL.md +104 -0
  123. package/areas/devops/sre/skills/slo-sli-design/SKILL.md +145 -0
  124. package/areas/devops/sre/workflows/incident-response.md +66 -0
  125. package/areas/devops/sre/workflows/postmortem.md +90 -0
  126. package/areas/devops/sre/workflows/slo-review.md +95 -0
  127. package/areas/software/backend/AGENTS.md +59 -0
  128. package/areas/software/backend/PROMPTS.md +50 -0
  129. package/areas/software/backend/README.md +48 -0
  130. package/areas/software/backend/prompts/add-migration.md +93 -0
  131. package/areas/software/backend/prompts/create-endpoint.md +97 -0
  132. package/areas/software/backend/prompts/debug-issue.md +87 -0
  133. package/areas/software/backend/prompts/develop-epic.md +83 -0
  134. package/areas/software/backend/prompts/develop-feature.md +91 -0
  135. package/areas/software/backend/prompts/refactor-module.md +79 -0
  136. package/areas/software/backend/prompts/test-feature.md +89 -0
  137. package/areas/software/backend/rules/architecture.md +20 -0
  138. package/areas/software/backend/rules/data_access.md +20 -0
  139. package/areas/software/backend/rules/security.md +20 -0
  140. package/areas/software/backend/rules/testing.md +19 -0
  141. package/areas/software/backend/skills/api-design/SKILL.md +170 -0
  142. package/areas/software/backend/skills/async-processing/SKILL.md +152 -0
  143. package/areas/software/backend/skills/database-modeling/SKILL.md +173 -0
  144. package/areas/software/backend/skills/observability/SKILL.md +162 -0
  145. package/areas/software/backend/skills/troubleshooting/SKILL.md +139 -0
  146. package/areas/software/backend/workflows/add-migration.md +79 -0
  147. package/areas/software/backend/workflows/create-endpoint.md +89 -0
  148. package/areas/software/backend/workflows/debug-issue.md +77 -0
  149. package/areas/software/backend/workflows/develop-epic.md +78 -0
  150. package/areas/software/backend/workflows/develop-feature.md +98 -0
  151. package/areas/software/backend/workflows/refactor-module.md +73 -0
  152. package/areas/software/backend/workflows/test-feature.md +67 -0
  153. package/areas/software/data-engineering/AGENTS.md +59 -0
  154. package/areas/software/data-engineering/PROMPTS.md +32 -0
  155. package/areas/software/data-engineering/prompts/backfill-data.md +107 -0
  156. package/areas/software/data-engineering/prompts/data-quality-incident.md +109 -0
  157. package/areas/software/data-engineering/prompts/lineage-trace.md +121 -0
  158. package/areas/software/data-engineering/prompts/new-model.md +117 -0
  159. package/areas/software/data-engineering/prompts/schema-migration.md +111 -0
  160. package/areas/software/data-engineering/rules/data-governance.md +11 -0
  161. package/areas/software/data-engineering/rules/pii-handling.md +19 -0
  162. package/areas/software/data-engineering/rules/pipeline-integrity.md +11 -0
  163. package/areas/software/data-engineering/rules/schema-management.md +21 -0
  164. package/areas/software/data-engineering/skills/data-modeling/SKILL.md +49 -0
  165. package/areas/software/data-engineering/skills/dbt-patterns/SKILL.md +43 -0
  166. package/areas/software/data-engineering/skills/lineage-governance/SKILL.md +38 -0
  167. package/areas/software/data-engineering/skills/orchestration/SKILL.md +35 -0
  168. package/areas/software/data-engineering/skills/quality-checks/SKILL.md +50 -0
  169. package/areas/software/data-engineering/skills/sql-optimization/SKILL.md +47 -0
  170. package/areas/software/data-engineering/skills/streaming-patterns/SKILL.md +48 -0
  171. package/areas/software/data-engineering/workflows/backfill-data.md +59 -0
  172. package/areas/software/data-engineering/workflows/data-quality-incident.md +64 -0
  173. package/areas/software/data-engineering/workflows/lineage-trace.md +56 -0
  174. package/areas/software/data-engineering/workflows/new-model.md +71 -0
  175. package/areas/software/data-engineering/workflows/schema-migration.md +67 -0
  176. package/areas/software/frontend/AGENTS.md +60 -0
  177. package/areas/software/frontend/PROMPTS.md +32 -0
  178. package/areas/software/frontend/prompts/a11y-fix.md +75 -0
  179. package/areas/software/frontend/prompts/bundle-analyze.md +75 -0
  180. package/areas/software/frontend/prompts/release-prep.md +83 -0
  181. package/areas/software/frontend/prompts/scaffold-component.md +69 -0
  182. package/areas/software/frontend/prompts/visual-regression.md +73 -0
  183. package/areas/software/frontend/rules/accessibility.md +16 -0
  184. package/areas/software/frontend/rules/architecture.md +29 -0
  185. package/areas/software/frontend/rules/performance.md +23 -0
  186. package/areas/software/frontend/rules/quality.md +12 -0
  187. package/areas/software/frontend/skills/a11y-audit/SKILL.md +61 -0
  188. package/areas/software/frontend/skills/api-integration/SKILL.md +58 -0
  189. package/areas/software/frontend/skills/component-design/SKILL.md +171 -0
  190. package/areas/software/frontend/skills/css-architecture/SKILL.md +146 -0
  191. package/areas/software/frontend/skills/error-handling/SKILL.md +55 -0
  192. package/areas/software/frontend/skills/performance-tuning/SKILL.md +58 -0
  193. package/areas/software/frontend/skills/state-management/SKILL.md +54 -0
  194. package/areas/software/frontend/skills/testing-patterns/SKILL.md +69 -0
  195. package/areas/software/frontend/workflows/a11y-fix.md +63 -0
  196. package/areas/software/frontend/workflows/bundle-analyze.md +56 -0
  197. package/areas/software/frontend/workflows/release-prep.md +66 -0
  198. package/areas/software/frontend/workflows/scaffold-component.md +67 -0
  199. package/areas/software/frontend/workflows/visual-regression.md +65 -0
  200. package/areas/software/full-stack/AGENTS.md +72 -0
  201. package/areas/software/full-stack/PROMPTS.md +66 -0
  202. package/areas/software/full-stack/prompts/backend-project-full-cycle.md +141 -0
  203. package/areas/software/full-stack/prompts/debug-issue.md +115 -0
  204. package/areas/software/full-stack/prompts/develop-feature.md +119 -0
  205. package/areas/software/full-stack/prompts/feature-implementation-flow.md +137 -0
  206. package/areas/software/full-stack/prompts/testing-ci-pipeline.md +119 -0
  207. package/areas/software/full-stack/rules/api-design-guide.md +24 -0
  208. package/areas/software/full-stack/rules/async-concurrency-guide.md +21 -0
  209. package/areas/software/full-stack/rules/backend-architecture-rule.md +41 -0
  210. package/areas/software/full-stack/rules/background-jobs-guide.md +20 -0
  211. package/areas/software/full-stack/rules/code-quality-guide.md +22 -0
  212. package/areas/software/full-stack/rules/database-access-guide.md +24 -0
  213. package/areas/software/full-stack/rules/database-migrations-guide.md +24 -0
  214. package/areas/software/full-stack/rules/domain-models-guide.md +28 -0
  215. package/areas/software/full-stack/rules/e2e-test-guide.md +18 -0
  216. package/areas/software/full-stack/rules/env-settings-guide.md +34 -0
  217. package/areas/software/full-stack/rules/error-handling-guide.md +20 -0
  218. package/areas/software/full-stack/rules/logging-observability-guide.md +22 -0
  219. package/areas/software/full-stack/rules/project-guide.md +34 -0
  220. package/areas/software/full-stack/rules/python-venv-guide.md +23 -0
  221. package/areas/software/full-stack/rules/security-guide.md +22 -0
  222. package/areas/software/full-stack/rules/svt-test-guide.md +17 -0
  223. package/areas/software/full-stack/rules/testing-ci-guide.md +25 -0
  224. package/areas/software/full-stack/skills/api-design-principles/SKILL.md +125 -0
  225. package/areas/software/full-stack/skills/api-design-principles/assets/api-design-checklist.md +155 -0
  226. package/areas/software/full-stack/skills/api-design-principles/assets/rest-api-template.py +182 -0
  227. package/areas/software/full-stack/skills/api-design-principles/references/graphql-schema-design.md +583 -0
  228. package/areas/software/full-stack/skills/api-design-principles/references/rest-best-practices.md +408 -0
  229. package/areas/software/full-stack/skills/api-design-principles/resources/implementation-playbook.md +513 -0
  230. package/areas/software/full-stack/skills/api-patterns/SKILL.md +81 -0
  231. package/areas/software/full-stack/skills/api-patterns/api-style.md +42 -0
  232. package/areas/software/full-stack/skills/api-patterns/auth.md +24 -0
  233. package/areas/software/full-stack/skills/api-patterns/documentation.md +26 -0
  234. package/areas/software/full-stack/skills/api-patterns/graphql.md +41 -0
  235. package/areas/software/full-stack/skills/api-patterns/rate-limiting.md +31 -0
  236. package/areas/software/full-stack/skills/api-patterns/response.md +37 -0
  237. package/areas/software/full-stack/skills/api-patterns/rest.md +40 -0
  238. package/areas/software/full-stack/skills/api-patterns/scripts/api_validator.py +211 -0
  239. package/areas/software/full-stack/skills/api-patterns/security-testing.md +122 -0
  240. package/areas/software/full-stack/skills/api-patterns/trpc.md +41 -0
  241. package/areas/software/full-stack/skills/api-patterns/versioning.md +22 -0
  242. package/areas/software/full-stack/skills/app-builder/SKILL.md +135 -0
  243. package/areas/software/full-stack/skills/app-builder/agent-coordination.md +71 -0
  244. package/areas/software/full-stack/skills/app-builder/feature-building.md +53 -0
  245. package/areas/software/full-stack/skills/app-builder/project-detection.md +34 -0
  246. package/areas/software/full-stack/skills/app-builder/scaffolding.md +118 -0
  247. package/areas/software/full-stack/skills/app-builder/tech-stack.md +40 -0
  248. package/areas/software/full-stack/skills/app-builder/templates/SKILL.md +39 -0
  249. package/areas/software/full-stack/skills/app-builder/templates/astro-static/TEMPLATE.md +76 -0
  250. package/areas/software/full-stack/skills/app-builder/templates/chrome-extension/TEMPLATE.md +92 -0
  251. package/areas/software/full-stack/skills/app-builder/templates/cli-tool/TEMPLATE.md +88 -0
  252. package/areas/software/full-stack/skills/app-builder/templates/electron-desktop/TEMPLATE.md +88 -0
  253. package/areas/software/full-stack/skills/app-builder/templates/express-api/TEMPLATE.md +83 -0
  254. package/areas/software/full-stack/skills/app-builder/templates/flutter-app/TEMPLATE.md +90 -0
  255. package/areas/software/full-stack/skills/app-builder/templates/monorepo-turborepo/TEMPLATE.md +90 -0
  256. package/areas/software/full-stack/skills/app-builder/templates/nextjs-fullstack/TEMPLATE.md +82 -0
  257. package/areas/software/full-stack/skills/app-builder/templates/nextjs-saas/TEMPLATE.md +100 -0
  258. package/areas/software/full-stack/skills/app-builder/templates/nextjs-static/TEMPLATE.md +106 -0
  259. package/areas/software/full-stack/skills/app-builder/templates/nuxt-app/TEMPLATE.md +101 -0
  260. package/areas/software/full-stack/skills/app-builder/templates/python-fastapi/TEMPLATE.md +83 -0
  261. package/areas/software/full-stack/skills/app-builder/templates/react-native-app/TEMPLATE.md +93 -0
  262. package/areas/software/full-stack/skills/backend-developer/SKILL.md +58 -0
  263. package/areas/software/full-stack/skills/bash-pro/SKILL.md +310 -0
  264. package/areas/software/full-stack/skills/blackbox-test/SKILL.md +84 -0
  265. package/areas/software/full-stack/skills/prompt-project-planner/SKILL.md +130 -0
  266. package/areas/software/full-stack/skills/prompt-project-planner/output.schema.md +68 -0
  267. package/areas/software/full-stack/skills/prompt-project-planner/questions.md +80 -0
  268. package/areas/software/full-stack/skills/python-pro/SKILL.md +158 -0
  269. package/areas/software/full-stack/skills/skill-creator/LICENSE.txt +202 -0
  270. package/areas/software/full-stack/skills/skill-creator/SKILL.md +356 -0
  271. package/areas/software/full-stack/skills/skill-creator/references/output-patterns.md +82 -0
  272. package/areas/software/full-stack/skills/skill-creator/references/workflows.md +28 -0
  273. package/areas/software/full-stack/skills/skill-creator/scripts/init_skill.py +303 -0
  274. package/areas/software/full-stack/skills/skill-creator/scripts/package_skill.py +110 -0
  275. package/areas/software/full-stack/skills/skill-creator/scripts/quick_validate.py +95 -0
  276. package/areas/software/full-stack/workflows/backend-project-full-cycle.md +132 -0
  277. package/areas/software/full-stack/workflows/debug-issue.md +70 -0
  278. package/areas/software/full-stack/workflows/develop-feature.md +85 -0
  279. package/areas/software/full-stack/workflows/feature-implementation-flow.md +78 -0
  280. package/areas/software/full-stack/workflows/testing-ci-pipeline.md +65 -0
  281. package/areas/software/general/AGENTS.md +68 -0
  282. package/areas/software/general/prompts/code-review-workflow.md +87 -0
  283. package/areas/software/general/prompts/development-cycle-workflow.md +83 -0
  284. package/areas/software/general/prompts/project-setup-workflow.md +93 -0
  285. package/areas/software/general/rules/code-style-guide.md +31 -0
  286. package/areas/software/general/rules/docker-compose-guide.md +27 -0
  287. package/areas/software/general/rules/git-workflow-guide.md +27 -0
  288. package/areas/software/general/rules/github-workflow-guide.md +27 -0
  289. package/areas/software/general/rules/gitlab-ci-guide.md +27 -0
  290. package/areas/software/general/rules/lint-format-guide.md +29 -0
  291. package/areas/software/general/rules/makefile-guide.md +34 -0
  292. package/areas/software/general/rules/readme-sync-guide.md +40 -0
  293. package/areas/software/general/rules/sdlc-methodology-guide.md +27 -0
  294. package/areas/software/general/rules/sdlc-role-responsibilities.md +108 -0
  295. package/areas/software/general/skills/general-dev-tools/SKILL.md +324 -0
  296. package/areas/software/general/workflows/code-review-workflow.md +84 -0
  297. package/areas/software/general/workflows/development-cycle-workflow.md +85 -0
  298. package/areas/software/general/workflows/project-setup-workflow.md +94 -0
  299. package/areas/software/mlops/AGENTS.md +57 -0
  300. package/areas/software/mlops/PROMPTS.md +32 -0
  301. package/areas/software/mlops/prompts/champion-challenger.md +87 -0
  302. package/areas/software/mlops/prompts/deploy-endpoint.md +91 -0
  303. package/areas/software/mlops/prompts/evaluate-model.md +87 -0
  304. package/areas/software/mlops/prompts/model-incident.md +87 -0
  305. package/areas/software/mlops/prompts/train-experiment.md +83 -0
  306. package/areas/software/mlops/rules/data-integrity.md +9 -0
  307. package/areas/software/mlops/rules/model-governance.md +9 -0
  308. package/areas/software/mlops/rules/production-safety.md +9 -0
  309. package/areas/software/mlops/rules/reproducibility.md +9 -0
  310. package/areas/software/mlops/skills/experiment-tracking/SKILL.md +29 -0
  311. package/areas/software/mlops/skills/feature-engineering/SKILL.md +44 -0
  312. package/areas/software/mlops/skills/inference-serving/SKILL.md +35 -0
  313. package/areas/software/mlops/skills/model-evaluation/SKILL.md +40 -0
  314. package/areas/software/mlops/skills/model-monitoring/SKILL.md +32 -0
  315. package/areas/software/mlops/workflows/champion-challenger.md +65 -0
  316. package/areas/software/mlops/workflows/deploy-endpoint.md +70 -0
  317. package/areas/software/mlops/workflows/evaluate-model.md +63 -0
  318. package/areas/software/mlops/workflows/model-incident.md +64 -0
  319. package/areas/software/mlops/workflows/train-experiment.md +56 -0
  320. package/areas/software/mobile/AGENTS.md +58 -0
  321. package/areas/software/mobile/PROMPTS.md +32 -0
  322. package/areas/software/mobile/prompts/crash-triage.md +63 -0
  323. package/areas/software/mobile/prompts/device-testing.md +83 -0
  324. package/areas/software/mobile/prompts/ota-update.md +75 -0
  325. package/areas/software/mobile/prompts/release-build.md +67 -0
  326. package/areas/software/mobile/prompts/store-submission.md +79 -0
  327. package/areas/software/mobile/rules/offline-first.md +10 -0
  328. package/areas/software/mobile/rules/performance-budget.md +20 -0
  329. package/areas/software/mobile/rules/platform-compliance.md +17 -0
  330. package/areas/software/mobile/rules/security-mobile.md +9 -0
  331. package/areas/software/mobile/skills/app-store-prep/SKILL.md +27 -0
  332. package/areas/software/mobile/skills/mobile-testing/SKILL.md +36 -0
  333. package/areas/software/mobile/skills/native-modules/SKILL.md +38 -0
  334. package/areas/software/mobile/skills/navigation-patterns/SKILL.md +49 -0
  335. package/areas/software/mobile/skills/push-notifications/SKILL.md +40 -0
  336. package/areas/software/mobile/skills/state-sync/SKILL.md +48 -0
  337. package/areas/software/mobile/workflows/crash-triage.md +63 -0
  338. package/areas/software/mobile/workflows/device-testing.md +54 -0
  339. package/areas/software/mobile/workflows/ota-update.md +54 -0
  340. package/areas/software/mobile/workflows/release-build.md +67 -0
  341. package/areas/software/mobile/workflows/store-submission.md +63 -0
  342. package/areas/software/platform/AGENTS.md +67 -0
  343. package/areas/software/platform/PROMPTS.md +32 -0
  344. package/areas/software/platform/prompts/cost-audit.md +117 -0
  345. package/areas/software/platform/prompts/deploy-production.md +109 -0
  346. package/areas/software/platform/prompts/drift-check.md +107 -0
  347. package/areas/software/platform/prompts/incident-response.md +121 -0
  348. package/areas/software/platform/prompts/provision-env.md +113 -0
  349. package/areas/software/platform/rules/cost-governance.md +11 -0
  350. package/areas/software/platform/rules/immutability.md +17 -0
  351. package/areas/software/platform/rules/reliability.md +19 -0
  352. package/areas/software/platform/rules/security-posture.md +12 -0
  353. package/areas/software/platform/skills/ci-cd-pipelines/SKILL.md +58 -0
  354. package/areas/software/platform/skills/incident-response/SKILL.md +41 -0
  355. package/areas/software/platform/skills/k8s-manifests/SKILL.md +56 -0
  356. package/areas/software/platform/skills/networking/SKILL.md +44 -0
  357. package/areas/software/platform/skills/observability-setup/SKILL.md +49 -0
  358. package/areas/software/platform/skills/secrets-management/SKILL.md +43 -0
  359. package/areas/software/platform/skills/terraform-patterns/SKILL.md +75 -0
  360. package/areas/software/platform/workflows/cost-audit.md +61 -0
  361. package/areas/software/platform/workflows/deploy-production.md +67 -0
  362. package/areas/software/platform/workflows/drift-check.md +61 -0
  363. package/areas/software/platform/workflows/incident-response.md +69 -0
  364. package/areas/software/platform/workflows/provision-env.md +77 -0
  365. package/areas/software/qa/AGENTS.md +58 -0
  366. package/areas/software/qa/PROMPTS.md +32 -0
  367. package/areas/software/qa/prompts/flakiness-investigation.md +61 -0
  368. package/areas/software/qa/prompts/performance-audit.md +65 -0
  369. package/areas/software/qa/prompts/regression-suite.md +61 -0
  370. package/areas/software/qa/prompts/smoke-test.md +65 -0
  371. package/areas/software/qa/prompts/test-coverage-report.md +61 -0
  372. package/areas/software/qa/rules/flakiness-policy.md +12 -0
  373. package/areas/software/qa/rules/quality-gates.md +28 -0
  374. package/areas/software/qa/rules/test-data.md +9 -0
  375. package/areas/software/qa/rules/test-strategy.md +11 -0
  376. package/areas/software/qa/skills/accessibility-testing/SKILL.md +139 -0
  377. package/areas/software/qa/skills/api-testing/SKILL.md +140 -0
  378. package/areas/software/qa/skills/e2e-patterns/SKILL.md +152 -0
  379. package/areas/software/qa/skills/performance-testing/SKILL.md +177 -0
  380. package/areas/software/qa/skills/test-data-management/SKILL.md +161 -0
  381. package/areas/software/qa/skills/test-pyramid/SKILL.md +127 -0
  382. package/areas/software/qa/workflows/flakiness-investigation.md +63 -0
  383. package/areas/software/qa/workflows/performance-audit.md +59 -0
  384. package/areas/software/qa/workflows/regression-suite.md +59 -0
  385. package/areas/software/qa/workflows/smoke-test.md +64 -0
  386. package/areas/software/qa/workflows/test-coverage-report.md +57 -0
  387. package/areas/software/security/AGENTS.md +58 -0
  388. package/areas/software/security/PROMPTS.md +32 -0
  389. package/areas/software/security/prompts/compliance-report.md +113 -0
  390. package/areas/software/security/prompts/pen-test-sim.md +113 -0
  391. package/areas/software/security/prompts/secret-rotation.md +115 -0
  392. package/areas/software/security/prompts/security-scan.md +91 -0
  393. package/areas/software/security/prompts/threat-model-review.md +105 -0
  394. package/areas/software/security/rules/compliance-baseline.md +23 -0
  395. package/areas/software/security/rules/dependency-policy.md +12 -0
  396. package/areas/software/security/rules/secrets-policy.md +22 -0
  397. package/areas/software/security/rules/secure-coding.md +22 -0
  398. package/areas/software/security/skills/auth-patterns/SKILL.md +42 -0
  399. package/areas/software/security/skills/crypto-standards/SKILL.md +42 -0
  400. package/areas/software/security/skills/dependency-audit/SKILL.md +29 -0
  401. package/areas/software/security/skills/sast-dast-interpretation/SKILL.md +33 -0
  402. package/areas/software/security/skills/security-headers/SKILL.md +29 -0
  403. package/areas/software/security/skills/threat-modeling/SKILL.md +36 -0
  404. package/areas/software/security/workflows/compliance-report.md +57 -0
  405. package/areas/software/security/workflows/pen-test-sim.md +63 -0
  406. package/areas/software/security/workflows/secret-rotation.md +67 -0
  407. package/areas/software/security/workflows/security-scan.md +64 -0
  408. package/areas/software/security/workflows/threat-model-review.md +62 -0
  409. package/areas/template/AGENTS-area.tmpl.md +61 -0
  410. package/areas/template/AGENTS.tmpl.md +67 -0
  411. package/areas/template/GUIDE.md +102 -0
  412. package/areas/template/PROMPTS.tmpl.md +29 -0
  413. package/areas/template/README.md +57 -0
  414. package/areas/template/README.tmpl.md +51 -0
  415. package/areas/template/prompt.tmpl.md +101 -0
  416. package/areas/template/rule.tmpl.md +71 -0
  417. package/areas/template/skill.tmpl.md +108 -0
  418. package/areas/template/workflow.tmpl.md +104 -0
  419. package/bin/agentic.js +24 -0
  420. package/extensions/antigravity/GEMINI.md +10 -0
  421. package/extensions/claude/CLAUDE.md +10 -0
  422. package/extensions/codex/AGENTS.override.md +93 -0
  423. package/extensions/gemini/GEMINI.md +10 -0
  424. package/extensions/opencode/agents/designer.md +65 -0
  425. package/extensions/opencode/agents/developer.md +63 -0
  426. package/extensions/opencode/agents/devops-engineer.md +69 -0
  427. package/extensions/opencode/agents/pm.md +61 -0
  428. package/extensions/opencode/agents/product-owner.md +76 -0
  429. package/extensions/opencode/agents/qa.md +66 -0
  430. package/extensions/opencode/agents/team-lead.md +67 -0
  431. package/extensions/opencode/commands/feature.md +75 -0
  432. package/extensions/opencode/opencode.json +93 -0
  433. package/extensions/opencode/plugins/model-checker.json +14 -0
  434. package/extensions/opencode/plugins/model-checker.ts +279 -0
  435. package/extensions/opencode/plugins/sound-notification.ts +13 -0
  436. package/extensions/opencode/plugins/telegram-notification.ts +86 -0
  437. package/extensions/opencode/skills/code_review_expert/SKILL.md +144 -0
  438. package/extensions/opencode/skills/design_expert/SKILL.md +42 -0
  439. package/extensions/opencode/skills/qa_expert/SKILL.md +116 -0
  440. package/package.json +19 -0
package/areas/devops/kubernetes/skills/rbac-design/SKILL.md ADDED
@@ -0,0 +1,148 @@
1
+ ---
2
+ name: rbac-design
3
+ type: skill
4
+ description: Design minimal-privilege RBAC for workloads, operators, and human access in multi-tenant clusters.
5
+ related-rules:
6
+ - workload-security.md
7
+ allowed-tools: Read, Write, Edit, Bash
8
+ ---
9
+
10
+ # Skill: RBAC Design
11
+
12
+ > **Expertise:** Kubernetes RBAC — service accounts, Roles, ClusterRoles, namespace isolation, human access patterns.
13
+
14
+ ## When to load
15
+
16
+ When onboarding a new service, setting up CI/CD cluster access, auditing permissions, or debugging "forbidden" API errors.
17
+
18
+ ## RBAC Object Hierarchy
19
+
20
+ ```
21
+ ClusterRole → cluster-scoped permissions (nodes, PVs, namespaces)
22
+ Role → namespace-scoped permissions (pods, services, configmaps)
23
+ ClusterRoleBinding → binds ClusterRole to subject cluster-wide
24
+ RoleBinding → binds Role OR ClusterRole to subject in one namespace
25
+ ```
26
+
27
+ ## Workload Service Account Pattern
28
+
29
+ ```yaml
30
+ # 1. Dedicated ServiceAccount per workload
31
+ apiVersion: v1
32
+ kind: ServiceAccount
33
+ metadata:
34
+ name: order-service
35
+ namespace: production
36
+ annotations:
37
+ # For cloud IAM federation (AWS IRSA, GCP Workload Identity)
38
+ eks.amazonaws.com/role-arn: arn:aws:iam::123456789:role/order-service-prod
39
+ automountServiceAccountToken: false # disable unless needed
40
+
41
+ ---
42
+ # 2. Role — minimal permissions
43
+ apiVersion: rbac.authorization.k8s.io/v1
44
+ kind: Role
45
+ metadata:
46
+ name: order-service
47
+ namespace: production
48
+ rules:
49
+ - apiGroups: [""]
50
+ resources: ["configmaps"]
51
+ verbs: ["get", "list", "watch"]
52
+ resourceNames: ["order-service-config"] # scope to specific resource
53
+ - apiGroups: [""]
54
+ resources: ["secrets"]
55
+ verbs: ["get"]
56
+ resourceNames: ["order-service-tls"]
57
+
58
+ ---
59
+ # 3. RoleBinding
60
+ apiVersion: rbac.authorization.k8s.io/v1
61
+ kind: RoleBinding
62
+ metadata:
63
+ name: order-service
64
+ namespace: production
65
+ subjects:
66
+ - kind: ServiceAccount
67
+ name: order-service
68
+ namespace: production
69
+ roleRef:
70
+ kind: Role
71
+ apiGroupv: rbac.authorization.k8s.io
72
+ name: order-service
73
+ ```
74
+
75
+ ## Human Access Patterns
76
+
77
+ ```yaml
78
+ # Dev read-only access to staging namespace
79
+ apiVersion: rbac.authorization.k8s.io/v1
80
+ kind: RoleBinding
81
+ metadata:
82
+ name: devs-view-staging
83
+ namespace: staging
84
+ subjects:
85
+ - kind: Group
86
+ name: developers # from OIDC provider (Dex, Okta, etc.)
87
+ apiGroup: rbac.authorization.k8s.io
88
+ roleRef:
89
+ kind: ClusterRole
90
+ name: view # built-in read-only ClusterRole
91
+ apiGroup: rbac.authorization.k8s.io
92
+ ```
93
+
94
+ ## Built-in ClusterRoles (use before creating custom)
95
+
96
+ | ClusterRole | Access level |
97
+ |:---|:---|
98
+ | `view` | Read-only all namespaced resources |
99
+ | `edit` | Read/write most namespaced resources; no RBAC |
100
+ | `admin` | Full namespace access including RBAC |
101
+ | `cluster-admin` | Full cluster access — **never bind to apps** |
102
+
103
+ ## CI/CD Access Pattern
104
+
105
+ ```yaml
106
+ # CI system gets minimal cluster access
107
+ apiVersion: rbac.authorization.k8s.io/v1
108
+ kind: ClusterRole
109
+ metadata:
110
+ name: ci-deployer
111
+ rules:
112
+ - apiGroups: ["apps"]
113
+ resources: ["deployments", "statefulsets"]
114
+ verbs: ["get", "list", "patch", "update"]
115
+ - apiGroups: [""]
116
+ resources: ["pods"]
117
+ verbs: ["get", "list"]
118
+ # NOT: create/delete pods, access secrets, modify RBAC
119
+ ```
120
+
121
+ ## RBAC Audit Commands
122
+
123
+ ```bash
124
+ # What can a ServiceAccount do?
125
+ kubectl auth can-i --list \
126
+ --as=system:serviceaccount:production:order-service \
127
+ -n production
128
+
129
+ # Who can do X in namespace Y?
130
+ kubectl who-can get secrets -n production # requires kubectl-who-can plugin
131
+
132
+ # Find all RoleBindings in a namespace
133
+ kubectl get rolebindings,clusterrolebindings -n production -o wide
134
+
135
+ # Check if a specific action is allowed
136
+ kubectl auth can-i delete pods -n production \
137
+ --as=system:serviceaccount:production:order-service
138
+ ```
139
+
140
+ ## Common Misconfigurations
141
+
142
+ | Mistake | Risk | Fix |
143
+ |:---|:---|:---|
144
+ | Using `default` ServiceAccount | All pods in namespace share permissions | Dedicate one SA per workload |
145
+ | `verbs: ["*"]` | Full resource control | Enumerate exact verbs needed |
146
+ | `resources: ["*"]` | Access to all resources | List explicitly |
147
+ | Binding `cluster-admin` to CI | Breach = full cluster takeover | Use scoped `ci-deployer` ClusterRole |
148
+ | `automountServiceAccountToken: true` (default) | Token injected into all pods | Set to `false` unless needed |
package/areas/devops/kubernetes/skills/resource-tuning/SKILL.md ADDED
@@ -0,0 +1,156 @@
1
+ ---
2
+ name: resource-tuning
3
+ type: skill
4
+ description: Right-size pod resources, configure HPA/VPA/KEDA, and eliminate resource waste in Kubernetes.
5
+ related-rules:
6
+ - resource-governance.md
7
+ allowed-tools: Read, Bash
8
+ ---
9
+
10
+ # Skill: Resource Tuning
11
+
12
+ > **Expertise:** CPU/memory right-sizing, HPA, VPA, KEDA event-driven scaling, namespace quota design.
13
+
14
+ ## When to load
15
+
16
+ When pods are OOMKilled, CPU-throttled, underutilised, or autoscaling isn't working as expected.
17
+
18
+ ## Right-Sizing Methodology
19
+
20
+ ```
21
+ 1. Observe → 7-day peak metrics (kubectl top / Prometheus)
22
+ 2. Set request = average × 1.1 (room for normal variance)
23
+ 3. Set limit = p99 peak × 1.3 (room for spike without OOM)
24
+ 4. Verify no throttling with: throttled_cpu_seconds metric
25
+ 5. Adjust after 2 weeks of production data
26
+ ```
27
+
28
+ ```bash
29
+ # Current resource usage (snapshot)
30
+ kubectl top pods -n <ns> --sort-by=memory
31
+ kubectl top pods -n <ns> --sort-by=cpu
32
+
33
+ # Historical usage via Prometheus (7-day p99)
34
+ # CPU p99:
35
+ rate(container_cpu_usage_seconds_total{namespace="<ns>",pod=~"my-app-.*"}[5m])
36
+ > quantile_over_time(0.99, rate(...[5m])[7d:5m])
37
+
38
+ # Memory p99:
39
+ quantile_over_time(0.99,
40
+ container_memory_working_set_bytes{namespace="<ns>",pod=~"my-app-.*"}[7d:5m])
41
+ ```
42
+
43
+ ## HPA Configuration
44
+
45
+ ```yaml
46
+ # CPU + Memory HPA (Kubernetes 1.23+)
47
+ apiVersion: autoscaling/v2
48
+ kind: HorizontalPodAutoscaler
49
+ metadata:
50
+ name: my-service
51
+ namespace: production
52
+ spec:
53
+ scaleTargetRef:
54
+ apiVersion: apps/v1
55
+ kind: Deployment
56
+ name: my-service
57
+ minReplicas: 2
58
+ maxReplicas: 20
59
+ metrics:
60
+ - type: Resource
61
+ resource:
62
+ name: cpu
63
+ target:
64
+ type: Utilization
65
+ averageUtilization: 70 # scale out at 70% avg CPU
66
+ - type: Resource
67
+ resource:
68
+ name: memory
69
+ target:
70
+ type: AverageValue
71
+ averageValue: 400Mi # scale out if avg pod memory > 400Mi
72
+ behavior:
73
+ scaleDown:
74
+ stabilizationWindowSeconds: 300 # wait 5 min before scaling down
75
+ policies:
76
+ - type: Pods
77
+ value: 1
78
+ periodSeconds: 60 # scale down max 1 pod per minute
79
+ scaleUp:
80
+ stabilizationWindowSeconds: 0 # scale up immediately
81
+ policies:
82
+ - type: Percent
83
+ value: 100
84
+ periodSeconds: 15 # can double every 15 seconds
85
+ ```
86
+
87
+ ## VPA (Vertical Pod Autoscaler)
88
+
89
+ ```yaml
90
+ # VPA in "Off" mode — recommendations only, no auto-apply
91
+ apiVersion: autoscaling.k8s.io/v1
92
+ kind: VerticalPodAutoscaler
93
+ metadata:
94
+ name: my-service-vpa
95
+ namespace: production
96
+ spec:
97
+ targetRef:
98
+ apiVersion: apps/v1
99
+ kind: Deployment
100
+ name: my-service
101
+ updatePolicy:
102
+ updateMode: "Off" # "Auto" restarts pods — risky in prod; use "Off" first
103
+ resourcePolicy:
104
+ containerPolicies:
105
+ - containerName: "*"
106
+ minAllowed: { cpu: 50m, memory: 64Mi }
107
+ maxAllowed: { cpu: 2, memory: 2Gi }
108
+
109
+ # Check VPA recommendations
110
+ kubectl describe vpa my-service-vpa -n production | grep -A20 "Recommendation:"
111
+ ```
112
+
113
+ ## KEDA (Event-Driven Autoscaling)
114
+
115
+ ```yaml
116
+ # Scale based on RabbitMQ queue depth
117
+ apiVersion: keda.sh/v1alpha1
118
+ kind: ScaledObject
119
+ metadata:
120
+ name: worker-scaledobject
121
+ namespace: production
122
+ spec:
123
+ scaleTargetRef:
124
+ name: task-worker
125
+ minReplicaCount: 1
126
+ maxReplicaCount: 30
127
+ cooldownPeriod: 60
128
+ triggers:
129
+ - type: rabbitmq
130
+ metadata:
131
+ host: amqp://rabbitmq.infra.svc.cluster.local:5672
132
+ queueName: task-queue
133
+ queueLength: "20" # 1 replica per 20 messages in queue
134
+ ```
135
+
136
+ ## CPU Throttling Detection
137
+
138
+ ```bash
139
+ # Check CPU throttling in Prometheus
140
+ # > 25% throttling indicates limit is too low
141
+ 100 * sum(rate(container_cpu_throttled_seconds_total{
142
+ namespace="<ns>", container!=""}[5m]))
143
+ / sum(rate(container_cpu_usage_seconds_total{
144
+ namespace="<ns>", container!=""}[5m]))
145
+
146
+ # Quick check per pod
147
+ kubectl exec -it <pod> -n <ns> -- cat /sys/fs/cgroup/cpu/cpu.stat | grep throttled
148
+ ```
149
+
150
+ ## ResourceQuota Design by Team Size
151
+
152
+ | Team size | CPU quota | Memory quota | Pod count |
153
+ |:---|:---|:---|:---|
154
+ | 1–3 services | 8 cores | 16Gi | 50 |
155
+ | 4–10 services | 20 cores | 40Gi | 150 |
156
+ | >10 services | per-capacity-plan | per-capacity-plan | 300+ |
package/areas/devops/kubernetes/workflows/cluster-bootstrap.md ADDED
@@ -0,0 +1,194 @@
1
+ ---
2
+ name: cluster-bootstrap
3
+ type: workflow
4
+ trigger: /cluster-bootstrap
5
+ description: Bootstrap a production-grade self-hosted Kubernetes cluster from bare-metal using kubeadm, with Cilium CNI, MetalLB, ArgoCD, and cert-manager.
6
+ inputs:
7
+ - node_inventory (list of IPs/hostnames)
8
+ - cluster_name
9
+ - pod_cidr
10
+ - service_cidr
11
+ outputs:
12
+ - running_cluster
13
+ - kubeconfig
14
+ - bootstrap_report
15
+ roles:
16
+ - devops-engineer
17
+ execution:
18
+ initiator: developer
19
+ related-rules:
20
+ - cluster-standards.md
21
+ - workload-security.md
22
+ uses-skills:
23
+ - cluster-operations
24
+ - helm-charts
25
+ quality-gates:
26
+ - all nodes pass pre-flight checks
27
+ - control plane HA (3 nodes) before adding workers
28
+ - etcd encrypted at rest
29
+ - CNI healthy before any workloads deployed
30
+ ---
31
+
32
+ ## Steps
33
+
34
+ ### 1. Node Pre-Flight — `@devops-engineer`
35
+ - **Actions (all nodes via Ansible or manual):**
36
+ ```bash
37
+ # Disable swap (K8s requirement)
38
+ swapoff -a && sed -i '/swap/d' /etc/fstab
39
+
40
+ # Load required kernel modules
41
+ cat > /etc/modules-load.d/k8s.conf << EOF
42
+ overlay
43
+ br_netfilter
44
+ EOF
45
+ modprobe overlay && modprobe br_netfilter
46
+
47
+ # Kernel parameters
48
+ cat > /etc/sysctl.d/k8s.conf << EOF
49
+ net.bridge.bridge-nf-call-iptables = 1
50
+ net.bridge.bridge-nf-call-ip6tables = 1
51
+ net.ipv4.ip_forward = 1
52
+ EOF
53
+ sysctl --system
54
+
55
+ # Install containerd
56
+ apt-get install -y containerd
57
+ mkdir -p /etc/containerd
58
+ containerd config default > /etc/containerd/config.toml
59
+ # Enable SystemdCgroup in containerd config
60
+ sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
61
+ systemctl restart containerd
62
+
63
+ # Install kubeadm, kubelet, kubectl (pin version)
64
+ apt-get install -y kubeadm=1.31.* kubelet=1.31.* kubectl=1.31.*
65
+ apt-mark hold kubeadm kubelet kubectl
66
+ ```
67
+ - **Done when:** all nodes pass `kubeadm init phase preflight`
68
+
69
+ ### 2. Bootstrap First Control Plane — `@devops-engineer`
70
+ - **Input:** cluster_name, pod_cidr, service_cidr, VIP for HA (keepalived/haproxy)
71
+ - **Actions:**
72
+ ```bash
73
+ # kubeadm config file (preferred over flags)
74
+ cat > kubeadm-config.yaml << EOF
75
+ apiVersion: kubeadm.k8s.io/v1beta3
76
+ kind: ClusterConfiguration
77
+ clusterName: ${CLUSTER_NAME}
78
+ controlPlaneEndpoint: "${VIP}:6443" # HA VIP
79
+ networking:
80
+ podSubnet: "${POD_CIDR}" # e.g. 10.244.0.0/16
81
+ serviceSubnet: "${SVC_CIDR}" # e.g. 10.96.0.0/12
82
+ ---
83
+ apiVersion: kubeadm.k8s.io/v1beta3
84
+ kind: InitConfiguration
85
+ nodeRegistration:
86
+ criSocket: unix:///run/containerd/containerd.sock
87
+ EOF
88
+
89
+ kubeadm init --config kubeadm-config.yaml --upload-certs
90
+
91
+ # Configure kubectl
92
+ mkdir -p ~/.kube
93
+ cp /etc/kubernetes/admin.conf ~/.kube/config
94
+ ```
95
+ - **Done when:** `kubectl get nodes` shows first control plane node (NotReady — CNI not yet installed)
96
+
97
+ ### 3. Install CNI (Cilium) — `@devops-engineer`
98
+ - **Actions:**
99
+ ```bash
100
+ # Install Cilium CLI
101
+ cilium install \
102
+ --set ipam.mode=kubernetes \
103
+ --set kubeProxyReplacement=true \
104
+ --set hubble.enabled=true \
105
+ --set hubble.relay.enabled=true \
106
+ --set hubble.ui.enabled=true
107
+
108
+ # Verify
109
+ cilium status --wait
110
+ ```
111
+ - **Done when:** `kubectl get nodes` shows control plane `Ready`; `cilium status` shows OK
112
+
113
+ ### 4. Join Remaining Control Plane Nodes — `@devops-engineer`
114
+ - **Actions (on each additional CP node):**
115
+ ```bash
116
+ # Use join command from `kubeadm init` output (includes --control-plane --certificate-key)
117
+ kubeadm join ${VIP}:6443 \
118
+ --token <token> \
119
+ --discovery-token-ca-cert-hash sha256:<hash> \
120
+ --control-plane \
121
+ --certificate-key <cert-key>
122
+ ```
123
+ - **Done when:** `kubectl get nodes` shows 3 control plane nodes `Ready`
124
+
125
+ ### 5. Join Worker Nodes — `@devops-engineer`
126
+ - **Actions (on each worker):**
127
+ ```bash
128
+ kubeadm join ${VIP}:6443 \
129
+ --token <token> \
130
+ --discovery-token-ca-cert-hash sha256:<hash>
131
+ ```
132
+ - Label workers: `kubectl label node <n> node-role.kubernetes.io/worker= topology.kubernetes.io/zone=<zone>`
133
+ - **Done when:** all workers `Ready` in `kubectl get nodes`
134
+
135
+ ### 6. etcd Encryption at Rest — `@devops-engineer`
136
+ - **Actions:**
137
+ ```bash
138
+ # Create EncryptionConfiguration
139
+ cat > /etc/kubernetes/enc/encryption-config.yaml << EOF
140
+ apiVersion: apiserver.config.k8s.io/v1
141
+ kind: EncryptionConfiguration
142
+ resources:
143
+ - resources: [secrets, configmaps]
144
+ providers:
145
+ - aescbc:
146
+ keys:
147
+ - name: key1
148
+ secret: $(head -c 32 /dev/urandom | base64)
149
+ - identity: {}
150
+ EOF
151
+
152
+ # Add to kube-apiserver static pod manifest:
153
+ # --encryption-provider-config=/etc/kubernetes/enc/encryption-config.yaml
154
+
155
+ # Re-encrypt all existing secrets
156
+ kubectl get secrets -A -o json | kubectl replace -f -
157
+ ```
158
+
159
+ ### 7. Core Platform Components — `@devops-engineer`
160
+ - **Install in order:**
161
+ ```bash
162
+ # MetalLB (bare-metal load balancer)
163
+ helm upgrade --install metallb metallb/metallb -n metallb-system --create-namespace
164
+ # Apply IPAddressPool with your bare-metal IP range
165
+
166
+ # cert-manager
167
+ helm upgrade --install cert-manager jetstack/cert-manager \
168
+ -n cert-manager --create-namespace \
169
+ --set installCRDs=true
170
+
171
+ # NGINX Ingress Controller
172
+ helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
173
+ -n ingress-nginx --create-namespace
174
+
175
+ # ArgoCD
176
+ helm upgrade --install argocd argo/argo-cd \
177
+ -n argocd --create-namespace \
178
+ -f infra/argocd/values.yaml
179
+
180
+ # External Secrets Operator
181
+ helm upgrade --install external-secrets external-secrets/external-secrets \
182
+ -n external-secrets --create-namespace
183
+ ```
184
+
185
+ ### 8. Apply Security Baselines — `@devops-engineer`
186
+ - **Actions:**
187
+ - Apply OPA/Gatekeeper or Kyverno policies from `infra/policies/`
188
+ - Create default namespace deny-all NetworkPolicy template
189
+ - Configure etcd backup CronJob
190
+ - Set up `kube-prometheus-stack` for cluster monitoring
191
+ - **Output:** `bootstrap_report.md` — cluster version, node IPs, installed components, kubeconfig location
192
+
193
+ ## Exit
194
+ All nodes Ready + core components Running + etcd encrypted + monitoring live = cluster bootstrapped.
package/areas/devops/kubernetes/workflows/debug-workload.md ADDED
@@ -0,0 +1,108 @@
1
+ ---
2
+ name: debug-workload
3
+ type: workflow
4
+ trigger: /debug-workload
5
+ description: Systematic diagnosis of Kubernetes workload failures — from symptom to root cause and fix.
6
+ inputs:
7
+ - workload_name
8
+ - namespace
9
+ - symptom_description
10
+ outputs:
11
+ - root_cause_summary
12
+ - remediation_applied
13
+ roles:
14
+ - developer
15
+ - devops-engineer
16
+ execution:
17
+ initiator: developer
18
+ related-rules:
19
+ - workload-security.md
20
+ - resource-governance.md
21
+ uses-skills:
22
+ - pod-troubleshooting
23
+ - cluster-operations
24
+ quality-gates:
25
+ - symptom reproduced before fix applied
26
+ - fix verified in target environment
27
+ - root cause documented
28
+ ---
29
+
30
+ ## Steps
31
+
32
+ ### 1. Classify Symptom — `@devops-engineer`
33
+ - **Input:** workload name, namespace, symptom description
34
+ - **Actions:**
35
+ - `kubectl get pods -n <ns> -l app=<name> -o wide` — check pod statuses
36
+ - Classify into: Scheduling issue / Runtime crash / OOM / ImagePull / Service unreachable
37
+ - Check recent events: `kubectl get events -n <ns> --sort-by='.lastTimestamp' | tail -20`
38
+ - **Output:** symptom classification (one of the above categories)
39
+ - **Done when:** root failure mode identified at pod level
40
+
41
+ ### 2. Deep Diagnosis — `@devops-engineer`
42
+ - **Input:** symptom classification
43
+ - **Actions by category:**
44
+
45
+ **CrashLoopBackOff:**
46
+ ```bash
47
+ kubectl logs <pod> -n <ns> --previous --tail=200
48
+ kubectl describe pod <pod> -n <ns> | grep -A3 "Last State:"
49
+ # Exit 137 = OOMKilled → raise memory limit
50
+ # Exit 1 = app error → read logs
51
+ # Exit 143 = SIGTERM → fix graceful shutdown
52
+ ```
53
+
54
+ **Pending:**
55
+ ```bash
56
+ kubectl describe pod <pod> -n <ns> | grep -A20 "Events:"
57
+ kubectl describe nodes | grep -A5 "Allocated resources:"
58
+ kubectl get nodes --show-labels | grep -v NotReady
59
+ ```
60
+
61
+ **ImagePullBackOff:**
62
+ ```bash
63
+ kubectl describe pod <pod> -n <ns> | grep -A5 "Failed to pull"
64
+ kubectl get secret regcred -n <ns> -o yaml # verify imagePullSecret
65
+ ```
66
+
67
+ **Service unreachable:**
68
+ ```bash
69
+ kubectl get endpoints <svc> -n <ns> # empty = label selector mismatch
70
+ kubectl describe svc <svc> -n <ns> # check selector labels
71
+ # Test DNS: kubectl run test --image=busybox -it --rm -- nslookup <svc>.<ns>
72
+ ```
73
+
74
+ - **Output:** root cause identified with evidence
75
+ - **Done when:** can explain exactly why the workload failed
76
+
77
+ ### 3. Apply Fix — `@developer` + `@devops-engineer`
78
+ - **Input:** root cause
79
+ - **Actions:**
80
+ - Fix via Helm values / manifest change (never `kubectl edit` directly in production)
81
+ - Commit change to Git; deploy via ArgoCD or CI pipeline
82
+ - For P0/P1 only: `kubectl patch` as emergency measure + follow-up Git change within 1 hour
83
+ - **Output:** fixed manifest merged to Git + applied to cluster
84
+ - **Done when:** pods enter `Running` state; readiness probe passing
85
+
86
+ ### 4. Verify & Monitor — `@devops-engineer`
87
+ - **Input:** deployed fix
88
+ - **Actions:**
89
+ ```bash
90
+ kubectl rollout status deployment/<name> -n <ns>
91
+ kubectl get pods -n <ns> -l app=<name> -w # watch for 2 minutes
92
+ kubectl logs -n <ns> -l app=<name> --tail=50 # confirm no new errors
93
+ ```
94
+ - Check relevant Grafana dashboard for error rate and latency
95
+ - **Output:** workload healthy confirmation
96
+ - **Done when:** all pods `Running`, metrics normal, no log errors for 5 minutes
97
+
98
+ ### 5. Document — `@devops-engineer`
99
+ - **Input:** root cause + fix applied
100
+ - **Actions:** write brief `root_cause_summary.md`:
101
+ - What failed, why, which resource/manifest was at fault
102
+ - Fix applied (link to commit)
103
+ - Prevention: add to runbook? Add Prometheus alert? Change default values?
104
+ - **Output:** `docs/incidents/<date>-<workload>-root-cause.md`
105
+ - **Done when:** document committed; alert/runbook created if pattern is recurring
106
+
107
+ ## Exit
108
+ Pod Running + metrics stable + root cause documented = workload debug complete.