npm - @jetrabbits/agentic - Versions diffs - 0.0.1 - Mend

@jetrabbits/agentic 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (440) hide show

package/areas/software/platform/skills/ci-cd-pipelines/SKILL.md ADDED Viewed

@@ -0,0 +1,58 @@
+# Skill: CI/CD Pipeline Patterns
+## When to load
+When designing GitHub Actions workflows, optimizing pipeline speed, implementing deployment gates.
+## Pipeline Structure
+```
+.github/workflows/
+├── ci.yml          # Every PR: lint, test, build, security scan
+├── deploy-stg.yml  # Merge to main: deploy to staging
+└── deploy-prd.yml  # Release tag: deploy to production (with approval)
+```
+## CI Template
+```yaml
+jobs:
+  validate:
+    steps:
+      - uses: actions/cache@v4
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+      - run: npm ci
+      - run: npm run lint && npm run typecheck && npm test -- --coverage
+  terraform-validate:
+    steps:
+      - uses: hashicorp/setup-terraform@v3
+      - run: terraform init -backend=false && terraform validate && terraform fmt -check -recursive
+        working-directory: terraform/
+  security:
+    steps:
+      - uses: aquasecurity/trivy-action@master
+        with: { scan-type: fs, severity: HIGH,CRITICAL, exit-code: 1 }
+```
+## Deployment Gate
+```yaml
+jobs:
+  deploy:
+    environment: production   # Requires reviewer approval in GitHub Environments
+    steps:
+      - run: kubectl set image deployment/api api=$IMAGE
+      - run: npm run test:smoke -- --env production
+```
+## Pipeline Optimization Checklist
+- [ ] Dependencies cached with hash-based keys
+- [ ] Independent jobs parallelized (lint + test + security)
+- [ ] Docker layer caching enabled
+- [ ] Matrix builds for multi-version testing
+- [ ] Concurrency groups prevent redundant runs on same branch

package/areas/software/platform/skills/incident-response/SKILL.md ADDED Viewed

@@ -0,0 +1,41 @@
+# Skill: Incident Response Runbooks
+## When to load
+When responding to a production alert, diagnosing an outage, or writing a postmortem.
+## Severity Classification
+| Severity | Definition | Response Time |
+|:---|:---|:---|
+| P0 | Complete outage, data loss | Immediate |
+| P1 | Significant degradation, key feature broken | 15 min |
+| P2 | Minor degradation, workaround exists | 1 hour |
+| P3 | Non-user-facing | Next business day |
+## P0 Response Playbook
+```
+T+0:  ACKNOWLEDGE — "I'm on this"
+T+5:  SCOPE — What's broken? Who's affected? Since when?
+T+10: COMMUNICATE — Post status page update; notify stakeholders
+T+15: MITIGATE — Rollback > fix. Prefer reversible actions.
+       Order: rollback deploy → feature flag off → scale up → redirect traffic
+T+30: STABILIZE — Confirm metrics returning to normal
+T+60: DOCUMENT — Write preliminary postmortem
+T+24h: POSTMORTEM — Full 5-whys analysis, action items
+```
+## Common Runbooks
+```bash
+# High error rate: check recent deploys
+kubectl rollout history deployment/api
+kubectl logs -l app=api --since=10m | grep ERROR | tail -50
+kubectl rollout undo deployment/api  # If recent deploy
+# DB connection exhaustion
+psql -c "SELECT count(*), state FROM pg_stat_activity GROUP BY state;"
+psql -c "SELECT pg_terminate_backend(pid) FROM pg_stat_activity
+         WHERE state = 'idle' AND age(clock_timestamp(), state_change) > interval '10 minutes';"
+```

package/areas/software/platform/skills/k8s-manifests/SKILL.md ADDED Viewed

@@ -0,0 +1,56 @@
+# Skill: Kubernetes Manifests & Helm
+## When to load
+When writing K8s YAML, designing Helm charts, setting resource limits, configuring probes, or reviewing pod security.
+## Production Deployment Template
+```yaml
+spec:
+  replicas: {{ .Values.replicaCount }}  # Min 2 for Tier 1
+  template:
+    spec:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      terminationGracePeriodSeconds: 60
+      containers:
+        - name: api
+          image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}"
+          resources:
+            requests: { cpu: 100m, memory: 128Mi }
+            limits:   { cpu: 500m, memory: 512Mi }
+          readinessProbe:
+            httpGet: { path: /health/ready, port: http }
+            initialDelaySeconds: 10
+            periodSeconds: 5
+          livenessProbe:
+            httpGet: { path: /health/live, port: http }
+            initialDelaySeconds: 30
+            periodSeconds: 15
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: topology.kubernetes.io/zone
+          whenUnsatisfiable: DoNotSchedule
+```
+## HPA
+```yaml
+spec:
+  minReplicas: 2
+  maxReplicas: 20
+  metrics:
+    - type: Resource
+      resource: { name: cpu, target: { type: Utilization, averageUtilization: 70 } }
+```
+## PodDisruptionBudget (Required for Tier 1)
+```yaml
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels: {{ include "app.selectorLabels" . | nindent 6 }}
+```

package/areas/software/platform/skills/networking/SKILL.md ADDED Viewed

@@ -0,0 +1,44 @@
+# Skill: Cloud Networking
+## When to load
+When designing VPC topology, configuring security groups, setting up NAT, or reviewing network architecture.
+## VPC Design (3-tier)
+```
+VPC (10.0.0.0/16)
+├── Public subnets   (10.0.1.0/24, 10.0.2.0/24) ← ALB, NAT Gateway
+├── Private subnets  (10.0.10.0/24, 10.0.11.0/24) ← App servers, K8s nodes
+└── Isolated subnets (10.0.20.0/24, 10.0.21.0/24) ← RDS, ElastiCache
+```
+## Security Group Rules (Default-Deny)
+```hcl
+# App tier: only accepts traffic from ALB security group
+resource "aws_security_group_rule" "app_from_alb" {
+  type                     = "ingress"
+  from_port                = 8080
+  to_port                  = 8080
+  protocol                 = "tcp"
+  source_security_group_id = aws_security_group.alb.id
+  security_group_id        = aws_security_group.app.id
+}
+# DB tier: only accepts traffic from app security group
+resource "aws_security_group_rule" "db_from_app" {
+  type                     = "ingress"
+  from_port                = 5432
+  to_port                  = 5432
+  protocol                 = "tcp"
+  source_security_group_id = aws_security_group.app.id
+  security_group_id        = aws_security_group.db.id
+}
+```
+## Cost Optimization
+- Use VPC Endpoints for S3/DynamoDB to avoid NAT Gateway costs
+- NAT Gateway: one per AZ in production (not one shared)
+- Transit Gateway for multi-VPC connectivity (cheaper than VPC peering at scale)

package/areas/software/platform/skills/observability-setup/SKILL.md ADDED Viewed

@@ -0,0 +1,49 @@
+# Skill: Observability Setup
+## When to load
+When setting up monitoring for a new service, configuring alerts, debugging production issues.
+## Golden Signals (Mandatory)
+Every service must expose:
+1. **Latency**: p50, p95, p99 response times
+2. **Traffic**: requests per second
+3. **Errors**: 4xx/5xx rate
+4. **Saturation**: CPU %, memory %, queue depth
+## Prometheus Alert Rules
+```yaml
+groups:
+  - name: api-alerts
+    rules:
+      - alert: HighErrorRate
+        expr: |
+          sum(rate(http_requests_total{status=~"5.."}[5m]))
+          / sum(rate(http_requests_total[5m])) > 0.01
+        for: 2m
+        labels: { severity: critical }
+        annotations:
+          summary: "Error rate > 1% for 2 minutes"
+          runbook: "https://runbooks.internal/high-error-rate"
+      - alert: HighLatency
+        expr: histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m])) > 2
+        for: 5m
+        labels: { severity: warning }
+```
+## Structured Logging Contract
+```json
+{
+  "timestamp": "2026-02-16T10:30:00Z",
+  "level": "ERROR",
+  "service": "payments-api",
+  "trace_id": "abc123",
+  "message": "Payment processing failed",
+  "error": { "type": "PaymentGatewayError", "code": "CARD_DECLINED" },
+  "duration_ms": 1240
+}
+```

package/areas/software/platform/skills/secrets-management/SKILL.md ADDED Viewed

@@ -0,0 +1,43 @@
+# Skill: Secrets Management
+## When to load
+When provisioning a new service, rotating credentials, or setting up CI/CD secrets.
+## Secrets Hierarchy
+```
+Level 1: Static secrets (rotate quarterly)
+  → AWS Secrets Manager / HashiCorp Vault
+  → Database passwords, API keys for external services
+Level 2: Dynamic secrets (auto-expire, 1 hour)
+  → Vault dynamic secrets / AWS IAM OIDC roles
+Level 3: Runtime injection (never on disk)
+  → K8s ExternalSecrets Operator → mounts as env vars
+  → Never in container image or Git
+```
+## ExternalSecrets Pattern
+```yaml
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+spec:
+  refreshInterval: 1h
+  secretStoreRef: { kind: ClusterSecretStore, name: aws-secretsmanager }
+  data:
+    - secretKey: DATABASE_URL
+      remoteRef: { key: prod/api/database, property: connection_string }
+    - secretKey: STRIPE_SECRET_KEY
+      remoteRef: { key: prod/api/stripe, property: secret_key }
+```
+## Rotation Checklist
+- [ ] New secret created, old secret still active
+- [ ] Service updated to accept both (dual-read window)
+- [ ] New secret deployed and verified
+- [ ] Old secret revoked
+- [ ] Rotation documented (next rotation: +90 days)

package/areas/software/platform/skills/terraform-patterns/SKILL.md ADDED Viewed

@@ -0,0 +1,75 @@
+# Skill: Terraform Patterns
+## When to load
+When writing new Terraform, reviewing IaC PRs, designing module structure, or debugging plan/apply failures.
+## Module Structure
+```
+terraform/
+├── modules/
+│   ├── vpc/
+│   ├── eks-cluster/
+│   ├── rds-postgres/
+│   └── static-site/
+└── environments/
+    ├── staging/
+    │   ├── main.tf
+    │   ├── variables.tf
+    │   └── terraform.tfvars
+    └── production/
+        ├── main.tf
+        ├── variables.tf
+        └── terraform.tfvars
+```
+**Rule**: Modules must be generic. Environment-specific values live in `tfvars`, never hardcoded in modules.
+## Resource Naming
+```hcl
+resource "aws_s3_bucket" "this" {
+  bucket = "${var.project}-${var.environment}-assets-${random_id.suffix.hex}"
+  tags = merge(var.common_tags, { Name = "${var.project}-${var.environment}-assets" })
+}
+```
+## Remote State (Mandatory)
+```hcl
+terraform {
+  backend "s3" {
+    bucket         = "my-company-terraform-state"
+    key            = "${var.project}/${var.environment}/terraform.tfstate"
+    region         = "us-east-1"
+    encrypt        = true
+    kms_key_id     = "arn:aws:kms:us-east-1:123456789:key/..."
+    dynamodb_table = "terraform-state-lock"
+  }
+}
+```
+## IAM Least Privilege
+```hcl
+# ✅ Scoped policy
+resource "aws_iam_policy" "app_s3_read" {
+  policy = jsonencode({
+    Statement = [{
+      Effect   = "Allow"
+      Action   = ["s3:GetObject", "s3:ListBucket"]
+      Resource = [aws_s3_bucket.assets.arn, "${aws_s3_bucket.assets.arn}/*"]
+    }]
+  })
+}
+# ❌ Never: Action = ["s3:*"], Resource = ["*"]
+```
+## Anti-Patterns
+| Anti-pattern | Fix |
+|:---|:---|
+| `count` for module variants | Use `for_each` with meaningful keys |
+| Hardcoded AMI IDs | Use `data "aws_ami"` with filters |
+| `terraform_remote_state` across all envs | Use SSM Parameter Store for cross-stack values |

package/areas/software/platform/workflows/cost-audit.md ADDED Viewed

@@ -0,0 +1,61 @@
+---
+name: cost-audit
+type: workflow
+trigger: /cost-audit
+description: Analyze cloud spend, identify waste, and generate actionable optimization recommendations with Terraform snippets.
+inputs:
+  - audit_period
+  - account_scope
+outputs:
+  - cost_report
+  - optimization_recommendations
+roles:
+  - qa
+  - team-lead
+execution:
+  initiator: qa
+related-rules:
+  - cost-governance.md
+  - immutability.md
+uses-skills:
+  - terraform-patterns
+  - observability-setup
+quality-gates:
+  - all waste categories checked (EBS, EC2, ELB, S3, RDS)
+  - recommendations include specific resource IDs and estimated savings
+---
+## Steps
+### 1. Fetch Billing Data — `@qa`
+- **Input:** audit period, account scope
+- **Actions:** query AWS Cost Explorer for target period; group by: service, environment tag, team tag
+- **Output:** billing data grouped by service and tag
+- **Done when:** data fetched; groupings confirmed
+### 2. Analyze Spend Patterns — `@qa`
+- **Input:** billing data
+- **Actions:** compare to same period last month; flag services with > 20% month-over-month increase
+- **Output:** spend pattern analysis; anomalies flagged
+- **Done when:** anomalies identified
+### 3. Detect Waste — `@qa`
+- **Input:** billing data + resource inventory
+- **Actions:** check for: unattached EBS volumes (> 7 days); stopped EC2 instances with EBS; idle load balancers (< 1 req/min for 7 days); S3 buckets without Intelligent Tiering (> 10 GB); over-provisioned RDS (CPU < 10% for 30 days)
+- **Output:** waste list with resource IDs and current monthly cost
+- **Done when:** all waste categories checked
+### 4. Generate Recommendations — `@team-lead`
+- **Input:** waste list + anomalies
+- **Actions:** per waste item: resource ID, current monthly cost, recommended action, estimated savings, Terraform snippet for the fix; prioritize by savings impact
+- **Output:** prioritized recommendation list with Terraform snippets
+- **Done when:** all waste items have actionable recommendations
+### 5. Report — `@team-lead`
+- **Input:** analysis + recommendations
+- **Actions:** produce `cost_report.md`: executive summary (total spend vs. budget vs. last month), total identified savings opportunity, full recommendation list; share with engineering leads
+- **Output:** `cost_report.md`
+- **Done when:** report shared; owners assigned for top recommendations
+## Exit
+Published report + owners assigned for top recommendations = audit complete.

package/areas/software/platform/workflows/deploy-production.md ADDED Viewed

@@ -0,0 +1,67 @@
+---
+name: deploy-production
+type: workflow
+trigger: /deploy-production
+description: Execute a gated, observable production deployment with progressive rollout and automatic rollback on SLO breach.
+inputs:
+  - version
+  - deployment_strategy
+outputs:
+  - deployed_version
+  - deployment_report
+roles:
+  - team-lead
+  - developer
+  - qa
+execution:
+  initiator: team-lead
+related-rules:
+  - reliability.md
+  - security-posture.md
+  - immutability.md
+uses-skills:
+  - ci-cd-pipelines
+  - observability-setup
+quality-gates:
+  - no active P0/P1 incidents before deploy starts
+  - canary passes error rate and latency SLOs
+  - smoke tests pass against production post-deploy
+---
+## Steps
+### 1. Pre-flight — `@team-lead`
+- **Input:** version tag
+- **Actions:** confirm version tag exists and CI passed; verify staging is healthy with same version; check active incidents — HALT if P0/P1 open; post to `#deployments`: "Deploying <version> to production"
+- **Output:** pre-flight sign-off
+- **Done when:** all checks pass; team notified
+### 2. Canary (10% traffic) — `@developer`
+- **Input:** pre-flight sign-off
+- **Actions:** deploy new image to canary pod group; monitor 5 minutes:
+  - error rate delta > 0.5% → AUTO-ROLLBACK
+  - p99 latency delta > 500ms → AUTO-ROLLBACK
+  - pod crash loops → AUTO-ROLLBACK
+- **Output:** canary health metrics
+- **Done when:** canary stable for 5 minutes
+### 3. Progressive Rollout — `@developer`
+- **Input:** healthy canary
+- **Actions:** 25% → wait 2 min → 50% → wait 2 min → 100%; continue SLO monitoring at each step; rollback if any threshold breached
+- **Output:** 100% traffic on new version
+- **Done when:** full rollout complete with no SLO breaches
+### 4. Post-Deploy Validation — `@qa`
+- **Input:** fully deployed version
+- **Actions:** run smoke test suite against production; verify key business metrics not degraded > 10%; confirm monitoring dashboards reflect new version baseline
+- **Output:** smoke test results; metric comparison
+- **Done when:** all smoke tests pass; metrics stable
+### 5. Complete — `@pm`
+- **Input:** validated deployment
+- **Actions:** post success to `#deployments` and status page; if rollback was triggered — create P1 incident, preserve logs, assign postmortem
+- **Output:** `deployment_report.md`
+- **Done when:** team and stakeholders informed
+## Exit
+Green smoke tests + stable metrics + deployment report = release complete.

package/areas/software/platform/workflows/drift-check.md ADDED Viewed

@@ -0,0 +1,61 @@
+---
+name: drift-check
+type: workflow
+trigger: /drift-check
+description: Detect and report differences between IaC definitions and actual cloud state, with optional auto-remediation.
+inputs:
+  - target_environment
+  - auto_fix
+outputs:
+  - drift_report
+  - remediation_issues
+roles:
+  - qa
+  - team-lead
+  - developer
+execution:
+  initiator: qa
+related-rules:
+  - immutability.md
+  - security-posture.md
+uses-skills:
+  - terraform-patterns
+quality-gates:
+  - Category D drift (unexpected destroy) pages on-call immediately
+  - auto-fix applies only Category A (tag-only) drift
+---
+## Steps
+### 1. Fetch Live State — `@qa`
+- **Input:** target environment
+- **Actions:** `terraform refresh` for target environment; ensure state backend is up to date
+- **Output:** refreshed state
+- **Done when:** state reflects current cloud reality
+### 2. Compute Diff — `@qa`
+- **Input:** refreshed state
+- **Actions:** `terraform plan -detailed-exitcode`; exit code 2 = drift detected; capture full diff output
+- **Output:** diff report
+- **Done when:** drift computed; exit code recorded
+### 3. Classify Drift — `@team-lead`
+- **Input:** diff report
+- **Actions:** A: tag-only drift → auto-fixable, low risk; B: config drift → review required; C: missing resource (created manually) → investigate origin; D: unexpected destroy → CRITICAL, page on-call immediately
+- **Output:** drift classification per item
+- **Done when:** all drift items classified
+### 4. Report — `@team-lead`
+- **Input:** classified drift
+- **Actions:** post summary to Slack `#infra-alerts`; Category D → page on-call immediately, do not wait
+- **Output:** Slack notification; on-call paged if D
+- **Done when:** team informed
+### 5. Remediate — `@developer` (if `--fix` flag)
+- **Input:** classified drift
+- **Actions:** auto-apply Category A only: `terraform apply -target=<resource>`; for B/C/D: create GitHub issue, assign to IaC owner; do NOT auto-apply B/C/D
+- **Output:** Category A drift resolved; issues created for B/C/D
+- **Done when:** Category A applied; B/C/D tracked in issues
+## Exit
+Drift report published + Category A resolved (if --fix) + B/C/D tracked = drift check complete.

package/areas/software/platform/workflows/incident-response.md ADDED Viewed

@@ -0,0 +1,69 @@
+---
+name: incident-response
+type: workflow
+trigger: /incident-response
+description: Guide on-call engineer through structured incident response — triage, mitigation, and postmortem.
+inputs:
+  - severity
+  - service
+outputs:
+  - resolved_incident
+  - postmortem_draft
+roles:
+  - team-lead
+  - developer
+  - qa
+execution:
+  initiator: team-lead
+related-rules:
+  - reliability.md
+  - security-posture.md
+uses-skills:
+  - incident-response
+  - observability-setup
+quality-gates:
+  - incident channel created within 5 minutes of P0/P1 alert
+  - mitigation attempted per runbook before ad-hoc debugging
+  - postmortem scheduled within 48 hours
+---
+## Steps
+### 1. Triage — `@team-lead`
+- **Input:** incident alert, severity
+- **Actions:** fetch last 30 min of metrics for named service; check recent deployments (last 2 hours); identify correlated alerts; confirm severity classification
+- **Output:** severity confirmed; initial impact summary
+- **Done when:** impact is understood; owner assigned
+### 2. Establish Incident Channel — `@team-lead`
+- **Input:** confirmed severity
+- **Actions:** create `#incident-YYYY-MM-DD-<service>` Slack channel; post initial summary: what's broken, impact, timeline, current hypothesis
+- **Output:** incident channel active; team assembled
+- **Done when:** all relevant responders in channel
+### 3. Generate Hypothesis List — `@team-lead` + `@developer`
+- **Input:** metrics + recent deployment history
+- **Actions:** surface top 3 most likely causes: recent deployment? → test rollback hypothesis; DB connection errors? → check pool exhaustion runbook; 5xx spike? → check upstream dependencies
+- **Output:** prioritized hypothesis list with runbook links
+- **Done when:** top hypothesis identified; runbook commands ready
+### 4. Execute Mitigation — `@developer`
+- **Input:** prioritized hypothesis + runbook
+- **Actions:** per hypothesis (most likely first): provide exact kubectl / aws / psql commands; execute; monitor 2 minutes; if metrics improve → STABILIZE; else → next hypothesis
+- **Output:** metrics stabilizing or next hypothesis attempted
+- **Done when:** services healthy; error rate returned to baseline
+### 5. Draft Postmortem — `@team-lead`
+- **Input:** resolved incident + timeline
+- **Actions:** auto-generate postmortem template with timeline from monitoring data; flag gaps requiring human input; schedule postmortem review within 48 hours
+- **Output:** `postmortem_draft.md`
+- **Done when:** draft complete; meeting scheduled
+### 6. Communicate Resolution — `@pm`
+- **Input:** resolved incident
+- **Actions:** post resolution to `#deployments` and status page with impact summary and next steps
+- **Output:** stakeholders informed; status page updated
+- **Done when:** all affected parties notified
+## Exit
+Services healthy + postmortem scheduled + stakeholders notified = incident resolved.