@jetrabbits/agentic 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +143 -0
- package/README.md +154 -0
- package/agentic +1615 -0
- package/areas/devops/ci-cd/AGENTS.md +48 -0
- package/areas/devops/ci-cd/PROMPTS.md +7 -0
- package/areas/devops/ci-cd/prompts/onboard-repo.md +97 -0
- package/areas/devops/ci-cd/prompts/pipeline-debug.md +103 -0
- package/areas/devops/ci-cd/prompts/release-pipeline.md +115 -0
- package/areas/devops/ci-cd/rules/pipeline-standards.md +33 -0
- package/areas/devops/ci-cd/rules/quality-gates.md +24 -0
- package/areas/devops/ci-cd/rules/supply-chain-security.md +34 -0
- package/areas/devops/ci-cd/skills/artifact-management/SKILL.md +157 -0
- package/areas/devops/ci-cd/skills/build-optimization/SKILL.md +168 -0
- package/areas/devops/ci-cd/skills/github-actions-patterns/SKILL.md +190 -0
- package/areas/devops/ci-cd/skills/gitlab-ci-patterns/SKILL.md +169 -0
- package/areas/devops/ci-cd/skills/pipeline-security/SKILL.md +161 -0
- package/areas/devops/ci-cd/workflows/onboard-repo.md +73 -0
- package/areas/devops/ci-cd/workflows/pipeline-debug.md +66 -0
- package/areas/devops/ci-cd/workflows/release-pipeline.md +115 -0
- package/areas/devops/database-ops/AGENTS.md +47 -0
- package/areas/devops/database-ops/prompts/backup-verify.md +83 -0
- package/areas/devops/database-ops/prompts/db-incident.md +127 -0
- package/areas/devops/database-ops/rules/access-control.md +20 -0
- package/areas/devops/database-ops/rules/backup-policy.md +33 -0
- package/areas/devops/database-ops/rules/migration-runbook.md +32 -0
- package/areas/devops/database-ops/skills/backup-restore/SKILL.md +226 -0
- package/areas/devops/database-ops/skills/db-performance/SKILL.md +205 -0
- package/areas/devops/database-ops/skills/migration-safety/SKILL.md +155 -0
- package/areas/devops/database-ops/skills/postgres-operations/SKILL.md +156 -0
- package/areas/devops/database-ops/skills/redis-operations/SKILL.md +174 -0
- package/areas/devops/database-ops/workflows/backup-verify.md +107 -0
- package/areas/devops/database-ops/workflows/db-incident.md +86 -0
- package/areas/devops/devsecops/AGENTS.md +47 -0
- package/areas/devops/devsecops/prompts/policy-onboard.md +79 -0
- package/areas/devops/devsecops/prompts/security-scan-pipeline.md +131 -0
- package/areas/devops/devsecops/rules/container-security.md +22 -0
- package/areas/devops/devsecops/rules/policy-as-code.md +37 -0
- package/areas/devops/devsecops/rules/shift-left-policy.md +26 -0
- package/areas/devops/devsecops/skills/container-hardening/SKILL.md +146 -0
- package/areas/devops/devsecops/skills/opa-policies/SKILL.md +188 -0
- package/areas/devops/devsecops/skills/sbom-supply-chain/SKILL.md +165 -0
- package/areas/devops/devsecops/skills/secret-detection/SKILL.md +190 -0
- package/areas/devops/devsecops/skills/sigstore-signing/SKILL.md +184 -0
- package/areas/devops/devsecops/workflows/policy-onboard.md +104 -0
- package/areas/devops/devsecops/workflows/security-scan-pipeline.md +155 -0
- package/areas/devops/infrastructure/AGENTS.md +50 -0
- package/areas/devops/infrastructure/prompts/destroy-environment.md +81 -0
- package/areas/devops/infrastructure/prompts/drift-remediation.md +71 -0
- package/areas/devops/infrastructure/prompts/module-development.md +69 -0
- package/areas/devops/infrastructure/prompts/provision-environment.md +121 -0
- package/areas/devops/infrastructure/rules/iac-standards.md +80 -0
- package/areas/devops/infrastructure/rules/immutability.md +28 -0
- package/areas/devops/infrastructure/rules/secret-hygiene.md +53 -0
- package/areas/devops/infrastructure/rules/state-management.md +47 -0
- package/areas/devops/infrastructure/skills/ansible-playbooks/SKILL.md +174 -0
- package/areas/devops/infrastructure/skills/cost-optimization/SKILL.md +177 -0
- package/areas/devops/infrastructure/skills/drift-detection/SKILL.md +178 -0
- package/areas/devops/infrastructure/skills/state-management/SKILL.md +159 -0
- package/areas/devops/infrastructure/skills/terraform-modules/SKILL.md +169 -0
- package/areas/devops/infrastructure/workflows/destroy-environment.md +96 -0
- package/areas/devops/infrastructure/workflows/drift-remediation.md +66 -0
- package/areas/devops/infrastructure/workflows/module-development.md +101 -0
- package/areas/devops/infrastructure/workflows/provision-environment.md +96 -0
- package/areas/devops/kubernetes/AGENTS.md +57 -0
- package/areas/devops/kubernetes/PROMPTS.md +9 -0
- package/areas/devops/kubernetes/prompts/cluster-bootstrap.md +67 -0
- package/areas/devops/kubernetes/prompts/debug-workload.md +91 -0
- package/areas/devops/kubernetes/prompts/onboard-service.md +101 -0
- package/areas/devops/kubernetes/prompts/upgrade-cluster.md +63 -0
- package/areas/devops/kubernetes/rules/cluster-standards.md +51 -0
- package/areas/devops/kubernetes/rules/resource-governance.md +80 -0
- package/areas/devops/kubernetes/rules/upgrade-policy.md +52 -0
- package/areas/devops/kubernetes/rules/workload-security.md +64 -0
- package/areas/devops/kubernetes/skills/cluster-operations/SKILL.md +136 -0
- package/areas/devops/kubernetes/skills/helm-charts/SKILL.md +152 -0
- package/areas/devops/kubernetes/skills/network-policies/SKILL.md +169 -0
- package/areas/devops/kubernetes/skills/pod-troubleshooting/SKILL.md +129 -0
- package/areas/devops/kubernetes/skills/rbac-design/SKILL.md +148 -0
- package/areas/devops/kubernetes/skills/resource-tuning/SKILL.md +156 -0
- package/areas/devops/kubernetes/workflows/cluster-bootstrap.md +194 -0
- package/areas/devops/kubernetes/workflows/debug-workload.md +108 -0
- package/areas/devops/kubernetes/workflows/onboard-service.md +124 -0
- package/areas/devops/kubernetes/workflows/upgrade-cluster.md +165 -0
- package/areas/devops/networking/AGENTS.md +47 -0
- package/areas/devops/networking/prompts/onboard-ingress.md +119 -0
- package/areas/devops/networking/prompts/service-mesh-onboard.md +77 -0
- package/areas/devops/networking/rules/ingress-standards.md +17 -0
- package/areas/devops/networking/rules/network-segmentation.md +24 -0
- package/areas/devops/networking/rules/tls-policy.md +32 -0
- package/areas/devops/networking/skills/dns-management/SKILL.md +169 -0
- package/areas/devops/networking/skills/ingress-patterns/SKILL.md +165 -0
- package/areas/devops/networking/skills/service-mesh/SKILL.md +206 -0
- package/areas/devops/networking/skills/tls-termination/SKILL.md +198 -0
- package/areas/devops/networking/skills/vpc-design/SKILL.md +132 -0
- package/areas/devops/networking/workflows/onboard-ingress.md +64 -0
- package/areas/devops/networking/workflows/service-mesh-onboard.md +122 -0
- package/areas/devops/observability/AGENTS.md +48 -0
- package/areas/devops/observability/prompts/alert-investigation.md +117 -0
- package/areas/devops/observability/prompts/observability-stack-setup.md +99 -0
- package/areas/devops/observability/prompts/onboard-service-monitoring.md +79 -0
- package/areas/devops/observability/rules/alerting-standards.md +36 -0
- package/areas/devops/observability/rules/data-retention.md +19 -0
- package/areas/devops/observability/rules/golden-signals.md +28 -0
- package/areas/devops/observability/skills/distributed-tracing/SKILL.md +149 -0
- package/areas/devops/observability/skills/grafana-dashboards/SKILL.md +201 -0
- package/areas/devops/observability/skills/log-aggregation/SKILL.md +159 -0
- package/areas/devops/observability/skills/prometheus-alertmanager/SKILL.md +188 -0
- package/areas/devops/observability/skills/slo-implementation/SKILL.md +189 -0
- package/areas/devops/observability/workflows/alert-investigation.md +98 -0
- package/areas/devops/observability/workflows/observability-stack-setup.md +156 -0
- package/areas/devops/observability/workflows/onboard-service-monitoring.md +83 -0
- package/areas/devops/sre/AGENTS.md +48 -0
- package/areas/devops/sre/prompts/incident-response.md +129 -0
- package/areas/devops/sre/prompts/postmortem.md +101 -0
- package/areas/devops/sre/prompts/slo-review.md +125 -0
- package/areas/devops/sre/rules/error-budget-policy.md +25 -0
- package/areas/devops/sre/rules/on-call-standards.md +25 -0
- package/areas/devops/sre/rules/slo-policy.md +31 -0
- package/areas/devops/sre/skills/capacity-planning/SKILL.md +162 -0
- package/areas/devops/sre/skills/chaos-engineering/SKILL.md +186 -0
- package/areas/devops/sre/skills/incident-command/SKILL.md +119 -0
- package/areas/devops/sre/skills/postmortem-analysis/SKILL.md +104 -0
- package/areas/devops/sre/skills/slo-sli-design/SKILL.md +145 -0
- package/areas/devops/sre/workflows/incident-response.md +66 -0
- package/areas/devops/sre/workflows/postmortem.md +90 -0
- package/areas/devops/sre/workflows/slo-review.md +95 -0
- package/areas/software/backend/AGENTS.md +59 -0
- package/areas/software/backend/PROMPTS.md +50 -0
- package/areas/software/backend/README.md +48 -0
- package/areas/software/backend/prompts/add-migration.md +93 -0
- package/areas/software/backend/prompts/create-endpoint.md +97 -0
- package/areas/software/backend/prompts/debug-issue.md +87 -0
- package/areas/software/backend/prompts/develop-epic.md +83 -0
- package/areas/software/backend/prompts/develop-feature.md +91 -0
- package/areas/software/backend/prompts/refactor-module.md +79 -0
- package/areas/software/backend/prompts/test-feature.md +89 -0
- package/areas/software/backend/rules/architecture.md +20 -0
- package/areas/software/backend/rules/data_access.md +20 -0
- package/areas/software/backend/rules/security.md +20 -0
- package/areas/software/backend/rules/testing.md +19 -0
- package/areas/software/backend/skills/api-design/SKILL.md +170 -0
- package/areas/software/backend/skills/async-processing/SKILL.md +152 -0
- package/areas/software/backend/skills/database-modeling/SKILL.md +173 -0
- package/areas/software/backend/skills/observability/SKILL.md +162 -0
- package/areas/software/backend/skills/troubleshooting/SKILL.md +139 -0
- package/areas/software/backend/workflows/add-migration.md +79 -0
- package/areas/software/backend/workflows/create-endpoint.md +89 -0
- package/areas/software/backend/workflows/debug-issue.md +77 -0
- package/areas/software/backend/workflows/develop-epic.md +78 -0
- package/areas/software/backend/workflows/develop-feature.md +98 -0
- package/areas/software/backend/workflows/refactor-module.md +73 -0
- package/areas/software/backend/workflows/test-feature.md +67 -0
- package/areas/software/data-engineering/AGENTS.md +59 -0
- package/areas/software/data-engineering/PROMPTS.md +32 -0
- package/areas/software/data-engineering/prompts/backfill-data.md +107 -0
- package/areas/software/data-engineering/prompts/data-quality-incident.md +109 -0
- package/areas/software/data-engineering/prompts/lineage-trace.md +121 -0
- package/areas/software/data-engineering/prompts/new-model.md +117 -0
- package/areas/software/data-engineering/prompts/schema-migration.md +111 -0
- package/areas/software/data-engineering/rules/data-governance.md +11 -0
- package/areas/software/data-engineering/rules/pii-handling.md +19 -0
- package/areas/software/data-engineering/rules/pipeline-integrity.md +11 -0
- package/areas/software/data-engineering/rules/schema-management.md +21 -0
- package/areas/software/data-engineering/skills/data-modeling/SKILL.md +49 -0
- package/areas/software/data-engineering/skills/dbt-patterns/SKILL.md +43 -0
- package/areas/software/data-engineering/skills/lineage-governance/SKILL.md +38 -0
- package/areas/software/data-engineering/skills/orchestration/SKILL.md +35 -0
- package/areas/software/data-engineering/skills/quality-checks/SKILL.md +50 -0
- package/areas/software/data-engineering/skills/sql-optimization/SKILL.md +47 -0
- package/areas/software/data-engineering/skills/streaming-patterns/SKILL.md +48 -0
- package/areas/software/data-engineering/workflows/backfill-data.md +59 -0
- package/areas/software/data-engineering/workflows/data-quality-incident.md +64 -0
- package/areas/software/data-engineering/workflows/lineage-trace.md +56 -0
- package/areas/software/data-engineering/workflows/new-model.md +71 -0
- package/areas/software/data-engineering/workflows/schema-migration.md +67 -0
- package/areas/software/frontend/AGENTS.md +60 -0
- package/areas/software/frontend/PROMPTS.md +32 -0
- package/areas/software/frontend/prompts/a11y-fix.md +75 -0
- package/areas/software/frontend/prompts/bundle-analyze.md +75 -0
- package/areas/software/frontend/prompts/release-prep.md +83 -0
- package/areas/software/frontend/prompts/scaffold-component.md +69 -0
- package/areas/software/frontend/prompts/visual-regression.md +73 -0
- package/areas/software/frontend/rules/accessibility.md +16 -0
- package/areas/software/frontend/rules/architecture.md +29 -0
- package/areas/software/frontend/rules/performance.md +23 -0
- package/areas/software/frontend/rules/quality.md +12 -0
- package/areas/software/frontend/skills/a11y-audit/SKILL.md +61 -0
- package/areas/software/frontend/skills/api-integration/SKILL.md +58 -0
- package/areas/software/frontend/skills/component-design/SKILL.md +171 -0
- package/areas/software/frontend/skills/css-architecture/SKILL.md +146 -0
- package/areas/software/frontend/skills/error-handling/SKILL.md +55 -0
- package/areas/software/frontend/skills/performance-tuning/SKILL.md +58 -0
- package/areas/software/frontend/skills/state-management/SKILL.md +54 -0
- package/areas/software/frontend/skills/testing-patterns/SKILL.md +69 -0
- package/areas/software/frontend/workflows/a11y-fix.md +63 -0
- package/areas/software/frontend/workflows/bundle-analyze.md +56 -0
- package/areas/software/frontend/workflows/release-prep.md +66 -0
- package/areas/software/frontend/workflows/scaffold-component.md +67 -0
- package/areas/software/frontend/workflows/visual-regression.md +65 -0
- package/areas/software/full-stack/AGENTS.md +72 -0
- package/areas/software/full-stack/PROMPTS.md +66 -0
- package/areas/software/full-stack/prompts/backend-project-full-cycle.md +141 -0
- package/areas/software/full-stack/prompts/debug-issue.md +115 -0
- package/areas/software/full-stack/prompts/develop-feature.md +119 -0
- package/areas/software/full-stack/prompts/feature-implementation-flow.md +137 -0
- package/areas/software/full-stack/prompts/testing-ci-pipeline.md +119 -0
- package/areas/software/full-stack/rules/api-design-guide.md +24 -0
- package/areas/software/full-stack/rules/async-concurrency-guide.md +21 -0
- package/areas/software/full-stack/rules/backend-architecture-rule.md +41 -0
- package/areas/software/full-stack/rules/background-jobs-guide.md +20 -0
- package/areas/software/full-stack/rules/code-quality-guide.md +22 -0
- package/areas/software/full-stack/rules/database-access-guide.md +24 -0
- package/areas/software/full-stack/rules/database-migrations-guide.md +24 -0
- package/areas/software/full-stack/rules/domain-models-guide.md +28 -0
- package/areas/software/full-stack/rules/e2e-test-guide.md +18 -0
- package/areas/software/full-stack/rules/env-settings-guide.md +34 -0
- package/areas/software/full-stack/rules/error-handling-guide.md +20 -0
- package/areas/software/full-stack/rules/logging-observability-guide.md +22 -0
- package/areas/software/full-stack/rules/project-guide.md +34 -0
- package/areas/software/full-stack/rules/python-venv-guide.md +23 -0
- package/areas/software/full-stack/rules/security-guide.md +22 -0
- package/areas/software/full-stack/rules/svt-test-guide.md +17 -0
- package/areas/software/full-stack/rules/testing-ci-guide.md +25 -0
- package/areas/software/full-stack/skills/api-design-principles/SKILL.md +125 -0
- package/areas/software/full-stack/skills/api-design-principles/assets/api-design-checklist.md +155 -0
- package/areas/software/full-stack/skills/api-design-principles/assets/rest-api-template.py +182 -0
- package/areas/software/full-stack/skills/api-design-principles/references/graphql-schema-design.md +583 -0
- package/areas/software/full-stack/skills/api-design-principles/references/rest-best-practices.md +408 -0
- package/areas/software/full-stack/skills/api-design-principles/resources/implementation-playbook.md +513 -0
- package/areas/software/full-stack/skills/api-patterns/SKILL.md +81 -0
- package/areas/software/full-stack/skills/api-patterns/api-style.md +42 -0
- package/areas/software/full-stack/skills/api-patterns/auth.md +24 -0
- package/areas/software/full-stack/skills/api-patterns/documentation.md +26 -0
- package/areas/software/full-stack/skills/api-patterns/graphql.md +41 -0
- package/areas/software/full-stack/skills/api-patterns/rate-limiting.md +31 -0
- package/areas/software/full-stack/skills/api-patterns/response.md +37 -0
- package/areas/software/full-stack/skills/api-patterns/rest.md +40 -0
- package/areas/software/full-stack/skills/api-patterns/scripts/api_validator.py +211 -0
- package/areas/software/full-stack/skills/api-patterns/security-testing.md +122 -0
- package/areas/software/full-stack/skills/api-patterns/trpc.md +41 -0
- package/areas/software/full-stack/skills/api-patterns/versioning.md +22 -0
- package/areas/software/full-stack/skills/app-builder/SKILL.md +135 -0
- package/areas/software/full-stack/skills/app-builder/agent-coordination.md +71 -0
- package/areas/software/full-stack/skills/app-builder/feature-building.md +53 -0
- package/areas/software/full-stack/skills/app-builder/project-detection.md +34 -0
- package/areas/software/full-stack/skills/app-builder/scaffolding.md +118 -0
- package/areas/software/full-stack/skills/app-builder/tech-stack.md +40 -0
- package/areas/software/full-stack/skills/app-builder/templates/SKILL.md +39 -0
- package/areas/software/full-stack/skills/app-builder/templates/astro-static/TEMPLATE.md +76 -0
- package/areas/software/full-stack/skills/app-builder/templates/chrome-extension/TEMPLATE.md +92 -0
- package/areas/software/full-stack/skills/app-builder/templates/cli-tool/TEMPLATE.md +88 -0
- package/areas/software/full-stack/skills/app-builder/templates/electron-desktop/TEMPLATE.md +88 -0
- package/areas/software/full-stack/skills/app-builder/templates/express-api/TEMPLATE.md +83 -0
- package/areas/software/full-stack/skills/app-builder/templates/flutter-app/TEMPLATE.md +90 -0
- package/areas/software/full-stack/skills/app-builder/templates/monorepo-turborepo/TEMPLATE.md +90 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-fullstack/TEMPLATE.md +82 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-saas/TEMPLATE.md +100 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-static/TEMPLATE.md +106 -0
- package/areas/software/full-stack/skills/app-builder/templates/nuxt-app/TEMPLATE.md +101 -0
- package/areas/software/full-stack/skills/app-builder/templates/python-fastapi/TEMPLATE.md +83 -0
- package/areas/software/full-stack/skills/app-builder/templates/react-native-app/TEMPLATE.md +93 -0
- package/areas/software/full-stack/skills/backend-developer/SKILL.md +58 -0
- package/areas/software/full-stack/skills/bash-pro/SKILL.md +310 -0
- package/areas/software/full-stack/skills/blackbox-test/SKILL.md +84 -0
- package/areas/software/full-stack/skills/prompt-project-planner/SKILL.md +130 -0
- package/areas/software/full-stack/skills/prompt-project-planner/output.schema.md +68 -0
- package/areas/software/full-stack/skills/prompt-project-planner/questions.md +80 -0
- package/areas/software/full-stack/skills/python-pro/SKILL.md +158 -0
- package/areas/software/full-stack/skills/skill-creator/LICENSE.txt +202 -0
- package/areas/software/full-stack/skills/skill-creator/SKILL.md +356 -0
- package/areas/software/full-stack/skills/skill-creator/references/output-patterns.md +82 -0
- package/areas/software/full-stack/skills/skill-creator/references/workflows.md +28 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/init_skill.py +303 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/package_skill.py +110 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/quick_validate.py +95 -0
- package/areas/software/full-stack/workflows/backend-project-full-cycle.md +132 -0
- package/areas/software/full-stack/workflows/debug-issue.md +70 -0
- package/areas/software/full-stack/workflows/develop-feature.md +85 -0
- package/areas/software/full-stack/workflows/feature-implementation-flow.md +78 -0
- package/areas/software/full-stack/workflows/testing-ci-pipeline.md +65 -0
- package/areas/software/general/AGENTS.md +68 -0
- package/areas/software/general/prompts/code-review-workflow.md +87 -0
- package/areas/software/general/prompts/development-cycle-workflow.md +83 -0
- package/areas/software/general/prompts/project-setup-workflow.md +93 -0
- package/areas/software/general/rules/code-style-guide.md +31 -0
- package/areas/software/general/rules/docker-compose-guide.md +27 -0
- package/areas/software/general/rules/git-workflow-guide.md +27 -0
- package/areas/software/general/rules/github-workflow-guide.md +27 -0
- package/areas/software/general/rules/gitlab-ci-guide.md +27 -0
- package/areas/software/general/rules/lint-format-guide.md +29 -0
- package/areas/software/general/rules/makefile-guide.md +34 -0
- package/areas/software/general/rules/readme-sync-guide.md +40 -0
- package/areas/software/general/rules/sdlc-methodology-guide.md +27 -0
- package/areas/software/general/rules/sdlc-role-responsibilities.md +108 -0
- package/areas/software/general/skills/general-dev-tools/SKILL.md +324 -0
- package/areas/software/general/workflows/code-review-workflow.md +84 -0
- package/areas/software/general/workflows/development-cycle-workflow.md +85 -0
- package/areas/software/general/workflows/project-setup-workflow.md +94 -0
- package/areas/software/mlops/AGENTS.md +57 -0
- package/areas/software/mlops/PROMPTS.md +32 -0
- package/areas/software/mlops/prompts/champion-challenger.md +87 -0
- package/areas/software/mlops/prompts/deploy-endpoint.md +91 -0
- package/areas/software/mlops/prompts/evaluate-model.md +87 -0
- package/areas/software/mlops/prompts/model-incident.md +87 -0
- package/areas/software/mlops/prompts/train-experiment.md +83 -0
- package/areas/software/mlops/rules/data-integrity.md +9 -0
- package/areas/software/mlops/rules/model-governance.md +9 -0
- package/areas/software/mlops/rules/production-safety.md +9 -0
- package/areas/software/mlops/rules/reproducibility.md +9 -0
- package/areas/software/mlops/skills/experiment-tracking/SKILL.md +29 -0
- package/areas/software/mlops/skills/feature-engineering/SKILL.md +44 -0
- package/areas/software/mlops/skills/inference-serving/SKILL.md +35 -0
- package/areas/software/mlops/skills/model-evaluation/SKILL.md +40 -0
- package/areas/software/mlops/skills/model-monitoring/SKILL.md +32 -0
- package/areas/software/mlops/workflows/champion-challenger.md +65 -0
- package/areas/software/mlops/workflows/deploy-endpoint.md +70 -0
- package/areas/software/mlops/workflows/evaluate-model.md +63 -0
- package/areas/software/mlops/workflows/model-incident.md +64 -0
- package/areas/software/mlops/workflows/train-experiment.md +56 -0
- package/areas/software/mobile/AGENTS.md +58 -0
- package/areas/software/mobile/PROMPTS.md +32 -0
- package/areas/software/mobile/prompts/crash-triage.md +63 -0
- package/areas/software/mobile/prompts/device-testing.md +83 -0
- package/areas/software/mobile/prompts/ota-update.md +75 -0
- package/areas/software/mobile/prompts/release-build.md +67 -0
- package/areas/software/mobile/prompts/store-submission.md +79 -0
- package/areas/software/mobile/rules/offline-first.md +10 -0
- package/areas/software/mobile/rules/performance-budget.md +20 -0
- package/areas/software/mobile/rules/platform-compliance.md +17 -0
- package/areas/software/mobile/rules/security-mobile.md +9 -0
- package/areas/software/mobile/skills/app-store-prep/SKILL.md +27 -0
- package/areas/software/mobile/skills/mobile-testing/SKILL.md +36 -0
- package/areas/software/mobile/skills/native-modules/SKILL.md +38 -0
- package/areas/software/mobile/skills/navigation-patterns/SKILL.md +49 -0
- package/areas/software/mobile/skills/push-notifications/SKILL.md +40 -0
- package/areas/software/mobile/skills/state-sync/SKILL.md +48 -0
- package/areas/software/mobile/workflows/crash-triage.md +63 -0
- package/areas/software/mobile/workflows/device-testing.md +54 -0
- package/areas/software/mobile/workflows/ota-update.md +54 -0
- package/areas/software/mobile/workflows/release-build.md +67 -0
- package/areas/software/mobile/workflows/store-submission.md +63 -0
- package/areas/software/platform/AGENTS.md +67 -0
- package/areas/software/platform/PROMPTS.md +32 -0
- package/areas/software/platform/prompts/cost-audit.md +117 -0
- package/areas/software/platform/prompts/deploy-production.md +109 -0
- package/areas/software/platform/prompts/drift-check.md +107 -0
- package/areas/software/platform/prompts/incident-response.md +121 -0
- package/areas/software/platform/prompts/provision-env.md +113 -0
- package/areas/software/platform/rules/cost-governance.md +11 -0
- package/areas/software/platform/rules/immutability.md +17 -0
- package/areas/software/platform/rules/reliability.md +19 -0
- package/areas/software/platform/rules/security-posture.md +12 -0
- package/areas/software/platform/skills/ci-cd-pipelines/SKILL.md +58 -0
- package/areas/software/platform/skills/incident-response/SKILL.md +41 -0
- package/areas/software/platform/skills/k8s-manifests/SKILL.md +56 -0
- package/areas/software/platform/skills/networking/SKILL.md +44 -0
- package/areas/software/platform/skills/observability-setup/SKILL.md +49 -0
- package/areas/software/platform/skills/secrets-management/SKILL.md +43 -0
- package/areas/software/platform/skills/terraform-patterns/SKILL.md +75 -0
- package/areas/software/platform/workflows/cost-audit.md +61 -0
- package/areas/software/platform/workflows/deploy-production.md +67 -0
- package/areas/software/platform/workflows/drift-check.md +61 -0
- package/areas/software/platform/workflows/incident-response.md +69 -0
- package/areas/software/platform/workflows/provision-env.md +77 -0
- package/areas/software/qa/AGENTS.md +58 -0
- package/areas/software/qa/PROMPTS.md +32 -0
- package/areas/software/qa/prompts/flakiness-investigation.md +61 -0
- package/areas/software/qa/prompts/performance-audit.md +65 -0
- package/areas/software/qa/prompts/regression-suite.md +61 -0
- package/areas/software/qa/prompts/smoke-test.md +65 -0
- package/areas/software/qa/prompts/test-coverage-report.md +61 -0
- package/areas/software/qa/rules/flakiness-policy.md +12 -0
- package/areas/software/qa/rules/quality-gates.md +28 -0
- package/areas/software/qa/rules/test-data.md +9 -0
- package/areas/software/qa/rules/test-strategy.md +11 -0
- package/areas/software/qa/skills/accessibility-testing/SKILL.md +139 -0
- package/areas/software/qa/skills/api-testing/SKILL.md +140 -0
- package/areas/software/qa/skills/e2e-patterns/SKILL.md +152 -0
- package/areas/software/qa/skills/performance-testing/SKILL.md +177 -0
- package/areas/software/qa/skills/test-data-management/SKILL.md +161 -0
- package/areas/software/qa/skills/test-pyramid/SKILL.md +127 -0
- package/areas/software/qa/workflows/flakiness-investigation.md +63 -0
- package/areas/software/qa/workflows/performance-audit.md +59 -0
- package/areas/software/qa/workflows/regression-suite.md +59 -0
- package/areas/software/qa/workflows/smoke-test.md +64 -0
- package/areas/software/qa/workflows/test-coverage-report.md +57 -0
- package/areas/software/security/AGENTS.md +58 -0
- package/areas/software/security/PROMPTS.md +32 -0
- package/areas/software/security/prompts/compliance-report.md +113 -0
- package/areas/software/security/prompts/pen-test-sim.md +113 -0
- package/areas/software/security/prompts/secret-rotation.md +115 -0
- package/areas/software/security/prompts/security-scan.md +91 -0
- package/areas/software/security/prompts/threat-model-review.md +105 -0
- package/areas/software/security/rules/compliance-baseline.md +23 -0
- package/areas/software/security/rules/dependency-policy.md +12 -0
- package/areas/software/security/rules/secrets-policy.md +22 -0
- package/areas/software/security/rules/secure-coding.md +22 -0
- package/areas/software/security/skills/auth-patterns/SKILL.md +42 -0
- package/areas/software/security/skills/crypto-standards/SKILL.md +42 -0
- package/areas/software/security/skills/dependency-audit/SKILL.md +29 -0
- package/areas/software/security/skills/sast-dast-interpretation/SKILL.md +33 -0
- package/areas/software/security/skills/security-headers/SKILL.md +29 -0
- package/areas/software/security/skills/threat-modeling/SKILL.md +36 -0
- package/areas/software/security/workflows/compliance-report.md +57 -0
- package/areas/software/security/workflows/pen-test-sim.md +63 -0
- package/areas/software/security/workflows/secret-rotation.md +67 -0
- package/areas/software/security/workflows/security-scan.md +64 -0
- package/areas/software/security/workflows/threat-model-review.md +62 -0
- package/areas/template/AGENTS-area.tmpl.md +61 -0
- package/areas/template/AGENTS.tmpl.md +67 -0
- package/areas/template/GUIDE.md +102 -0
- package/areas/template/PROMPTS.tmpl.md +29 -0
- package/areas/template/README.md +57 -0
- package/areas/template/README.tmpl.md +51 -0
- package/areas/template/prompt.tmpl.md +101 -0
- package/areas/template/rule.tmpl.md +71 -0
- package/areas/template/skill.tmpl.md +108 -0
- package/areas/template/workflow.tmpl.md +104 -0
- package/bin/agentic.js +24 -0
- package/extensions/antigravity/GEMINI.md +10 -0
- package/extensions/claude/CLAUDE.md +10 -0
- package/extensions/codex/AGENTS.override.md +93 -0
- package/extensions/gemini/GEMINI.md +10 -0
- package/extensions/opencode/agents/designer.md +65 -0
- package/extensions/opencode/agents/developer.md +63 -0
- package/extensions/opencode/agents/devops-engineer.md +69 -0
- package/extensions/opencode/agents/pm.md +61 -0
- package/extensions/opencode/agents/product-owner.md +76 -0
- package/extensions/opencode/agents/qa.md +66 -0
- package/extensions/opencode/agents/team-lead.md +67 -0
- package/extensions/opencode/commands/feature.md +75 -0
- package/extensions/opencode/opencode.json +93 -0
- package/extensions/opencode/plugins/model-checker.json +14 -0
- package/extensions/opencode/plugins/model-checker.ts +279 -0
- package/extensions/opencode/plugins/sound-notification.ts +13 -0
- package/extensions/opencode/plugins/telegram-notification.ts +86 -0
- package/extensions/opencode/skills/code_review_expert/SKILL.md +144 -0
- package/extensions/opencode/skills/design_expert/SKILL.md +42 -0
- package/extensions/opencode/skills/qa_expert/SKILL.md +116 -0
- package/package.json +19 -0
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: postgres-operations
|
|
3
|
+
type: skill
|
|
4
|
+
description: PostgreSQL operational runbooks — health checks, vacuum, bloat, locks, PITR, connection pool management.
|
|
5
|
+
related-rules:
|
|
6
|
+
- backup-policy.md
|
|
7
|
+
- access-control.md
|
|
8
|
+
- migration-runbook.md
|
|
9
|
+
allowed-tools: Read, Bash
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
# Skill: PostgreSQL Operations
|
|
13
|
+
|
|
14
|
+
> **Expertise:** PostgreSQL health, vacuuming, lock analysis, PITR, WAL archiving, PgBouncer, K8s-hosted PostgreSQL.
|
|
15
|
+
|
|
16
|
+
## When to load
|
|
17
|
+
|
|
18
|
+
When investigating a slow database, diagnosing lock waits, running PITR recovery, or managing a PostgreSQL instance.
|
|
19
|
+
|
|
20
|
+
## Health Check Commands
|
|
21
|
+
|
|
22
|
+
```sql
|
|
23
|
+
-- Database size overview
|
|
24
|
+
SELECT
|
|
25
|
+
datname,
|
|
26
|
+
pg_size_pretty(pg_database_size(datname)) AS size,
|
|
27
|
+
numbackends AS active_connections
|
|
28
|
+
FROM pg_stat_database
|
|
29
|
+
ORDER BY pg_database_size(datname) DESC;
|
|
30
|
+
|
|
31
|
+
-- Table sizes (top 20)
|
|
32
|
+
SELECT
|
|
33
|
+
schemaname || '.' || tablename AS table,
|
|
34
|
+
pg_size_pretty(pg_total_relation_size(schemaname || '.' || tablename)) AS total_size,
|
|
35
|
+
pg_size_pretty(pg_relation_size(schemaname || '.' || tablename)) AS table_size,
|
|
36
|
+
pg_size_pretty(pg_indexes_size(schemaname || '.' || tablename)) AS index_size
|
|
37
|
+
FROM pg_tables
|
|
38
|
+
ORDER BY pg_total_relation_size(schemaname || '.' || tablename) DESC
|
|
39
|
+
LIMIT 20;
|
|
40
|
+
|
|
41
|
+
-- Replication lag (primary)
|
|
42
|
+
SELECT
|
|
43
|
+
client_addr,
|
|
44
|
+
state,
|
|
45
|
+
pg_size_pretty(pg_wal_lsn_diff(sent_lsn, replay_lsn)) AS replication_lag
|
|
46
|
+
FROM pg_stat_replication;
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
## Lock Investigation
|
|
50
|
+
|
|
51
|
+
```sql
|
|
52
|
+
-- Active locks and blocking queries
|
|
53
|
+
SELECT
|
|
54
|
+
blocking.pid AS blocking_pid,
|
|
55
|
+
blocking.query AS blocking_query,
|
|
56
|
+
blocked.pid AS blocked_pid,
|
|
57
|
+
blocked.query AS blocked_query,
|
|
58
|
+
blocked.wait_event_type,
|
|
59
|
+
blocked.wait_event
|
|
60
|
+
FROM pg_stat_activity blocking
|
|
61
|
+
JOIN pg_stat_activity blocked
|
|
62
|
+
ON blocked.wait_event_type = 'Lock'
|
|
63
|
+
AND blocking.pid != blocked.pid
|
|
64
|
+
WHERE blocking.state = 'active';
|
|
65
|
+
|
|
66
|
+
-- Kill blocking query (confirm before running!)
|
|
67
|
+
SELECT pg_terminate_backend(<blocking_pid>);
|
|
68
|
+
|
|
69
|
+
-- Long-running queries (> 5 min)
|
|
70
|
+
SELECT pid, now() - pg_stat_activity.query_start AS duration, query, state
|
|
71
|
+
FROM pg_stat_activity
|
|
72
|
+
WHERE (now() - pg_stat_activity.query_start) > interval '5 minutes'
|
|
73
|
+
AND state = 'active';
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
## VACUUM and Bloat
|
|
77
|
+
|
|
78
|
+
```sql
|
|
79
|
+
-- Check autovacuum health
|
|
80
|
+
SELECT
|
|
81
|
+
schemaname || '.' || relname AS table,
|
|
82
|
+
last_autovacuum,
|
|
83
|
+
last_autoanalyze,
|
|
84
|
+
n_dead_tup,
|
|
85
|
+
n_live_tup,
|
|
86
|
+
round(n_dead_tup::numeric / NULLIF(n_live_tup + n_dead_tup, 0) * 100, 2) AS dead_pct
|
|
87
|
+
FROM pg_stat_user_tables
|
|
88
|
+
ORDER BY n_dead_tup DESC
|
|
89
|
+
LIMIT 20;
|
|
90
|
+
|
|
91
|
+
-- Manual VACUUM ANALYZE (non-blocking)
|
|
92
|
+
VACUUM ANALYZE VERBOSE orders;
|
|
93
|
+
|
|
94
|
+
-- VACUUM FULL (rewrites table — locks! use with maintenance window)
|
|
95
|
+
VACUUM FULL orders;
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
## Connection Pool (PgBouncer)
|
|
99
|
+
|
|
100
|
+
```bash
|
|
101
|
+
# Check PgBouncer stats
|
|
102
|
+
psql -h pgbouncer -p 6432 pgbouncer -c "SHOW POOLS;"
|
|
103
|
+
psql -h pgbouncer -p 6432 pgbouncer -c "SHOW STATS;"
|
|
104
|
+
psql -h pgbouncer -p 6432 pgbouncer -c "SHOW CLIENTS;"
|
|
105
|
+
|
|
106
|
+
# Reload config (no restart needed)
|
|
107
|
+
psql -h pgbouncer -p 6432 pgbouncer -c "RELOAD;"
|
|
108
|
+
|
|
109
|
+
# PgBouncer config for transaction mode (K8s apps)
|
|
110
|
+
[databases]
|
|
111
|
+
mydb = host=postgres-primary port=5432 dbname=mydb
|
|
112
|
+
|
|
113
|
+
[pgbouncer]
|
|
114
|
+
pool_mode = transaction
|
|
115
|
+
max_client_conn = 1000
|
|
116
|
+
default_pool_size = 20
|
|
117
|
+
min_pool_size = 5
|
|
118
|
+
server_idle_timeout = 600
|
|
119
|
+
```
|
|
120
|
+
|
|
121
|
+
## PITR (Point-in-Time Recovery) — pgBackRest
|
|
122
|
+
|
|
123
|
+
```bash
|
|
124
|
+
# Verify backup status
|
|
125
|
+
pgbackrest --stanza=main info
|
|
126
|
+
|
|
127
|
+
# Take full backup
|
|
128
|
+
pgbackrest --stanza=main --type=full backup
|
|
129
|
+
|
|
130
|
+
# PITR restore to specific time
|
|
131
|
+
pgbackrest --stanza=main --delta restore \
|
|
132
|
+
--target="2024-11-15 03:40:00" \
|
|
133
|
+
--target-action=promote
|
|
134
|
+
|
|
135
|
+
# After restore: promote replica to primary
|
|
136
|
+
pg_ctl promote -D /var/lib/postgresql/data
|
|
137
|
+
```
|
|
138
|
+
|
|
139
|
+
## K8s PostgreSQL (CloudNativePG / Zalando Operator)
|
|
140
|
+
|
|
141
|
+
```bash
|
|
142
|
+
# Check cluster status (CloudNativePG)
|
|
143
|
+
kubectl get cluster -n database
|
|
144
|
+
kubectl describe cluster postgres-cluster -n database
|
|
145
|
+
|
|
146
|
+
# Connect to primary
|
|
147
|
+
kubectl exec -it -n database \
|
|
148
|
+
$(kubectl get pods -n database -l cnpg.io/cluster=postgres-cluster,role=primary -o name) \
|
|
149
|
+
-- psql -U postgres mydb
|
|
150
|
+
|
|
151
|
+
# Manual failover
|
|
152
|
+
kubectl cnpg promote postgres-cluster -n database
|
|
153
|
+
|
|
154
|
+
# Check backup status
|
|
155
|
+
kubectl get backup -n database
|
|
156
|
+
```
|
|
@@ -0,0 +1,174 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: redis-operations
|
|
3
|
+
type: skill
|
|
4
|
+
description: Redis operational runbooks — memory management, eviction policy, persistence config, Sentinel/Cluster, K8s-hosted Redis ops.
|
|
5
|
+
related-rules:
|
|
6
|
+
- backup-policy.md
|
|
7
|
+
- access-control.md
|
|
8
|
+
allowed-tools: Read, Bash
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# Skill: Redis Operations
|
|
12
|
+
|
|
13
|
+
> **Expertise:** Redis memory management, eviction, persistence (RDB+AOF), Redis Sentinel, Redis Cluster, K8s Redis (Bitnami/Spotahome operator).
|
|
14
|
+
|
|
15
|
+
## When to load
|
|
16
|
+
|
|
17
|
+
When investigating Redis memory pressure, configuring persistence, debugging eviction, or setting up Redis HA.
|
|
18
|
+
|
|
19
|
+
## Health Check Commands
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
# Connect to Redis
|
|
23
|
+
redis-cli -h redis-master -p 6379 -a $REDIS_PASSWORD
|
|
24
|
+
|
|
25
|
+
# Server info overview
|
|
26
|
+
redis-cli INFO server | grep -E "redis_version|uptime|tcp_port"
|
|
27
|
+
redis-cli INFO memory | grep -E "used_memory_human|used_memory_peak_human|mem_fragmentation_ratio|maxmemory"
|
|
28
|
+
redis-cli INFO stats | grep -E "total_commands_processed|rejected_connections|evicted_keys"
|
|
29
|
+
redis-cli INFO keyspace # databases with key counts + expires
|
|
30
|
+
|
|
31
|
+
# Real-time monitoring (ops/sec per command)
|
|
32
|
+
redis-cli --stat # 1-second interval stats
|
|
33
|
+
redis-cli MONITOR # log every command (NEVER in production for long — high overhead)
|
|
34
|
+
|
|
35
|
+
# Slow log (commands over threshold)
|
|
36
|
+
redis-cli CONFIG SET slowlog-log-slower-than 10000 # 10ms threshold
|
|
37
|
+
redis-cli SLOWLOG GET 20 # last 20 slow commands
|
|
38
|
+
redis-cli SLOWLOG LEN
|
|
39
|
+
redis-cli SLOWLOG RESET
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
## Memory Management
|
|
43
|
+
|
|
44
|
+
```bash
|
|
45
|
+
# Check memory usage breakdown
|
|
46
|
+
redis-cli MEMORY DOCTOR # health analysis + recommendations
|
|
47
|
+
redis-cli MEMORY STATS # detailed breakdown
|
|
48
|
+
redis-cli MEMORY USAGE <key> # bytes used by a specific key
|
|
49
|
+
|
|
50
|
+
# Find big keys (scan, not KEYS — non-blocking)
|
|
51
|
+
redis-cli --bigkeys # sample-based big key finder
|
|
52
|
+
redis-cli --memkeys # memory usage per key (sample)
|
|
53
|
+
|
|
54
|
+
# Memory fragmentation: ratio > 1.5 = fragmentation, < 1.0 = swap
|
|
55
|
+
redis-cli INFO memory | grep mem_fragmentation_ratio
|
|
56
|
+
|
|
57
|
+
# Defragment memory online (Redis 4+)
|
|
58
|
+
redis-cli CONFIG SET activedefrag yes
|
|
59
|
+
redis-cli CONFIG SET active-defrag-threshold-lower 10 # start at 10% frag
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
## Eviction Policy
|
|
63
|
+
|
|
64
|
+
```bash
|
|
65
|
+
# View current policy
|
|
66
|
+
redis-cli CONFIG GET maxmemory-policy
|
|
67
|
+
|
|
68
|
+
# Set eviction policy
|
|
69
|
+
# allkeys-lru — evict any key by LRU (general-purpose cache)
|
|
70
|
+
# volatile-lru — evict only keys with TTL by LRU (mixed TTL/no-TTL use)
|
|
71
|
+
# allkeys-lfu — evict by LFU (access frequency, Redis 4+) — best for skewed access
|
|
72
|
+
# noeviction — return OOM error when full (use for session store / queue — no silent data loss)
|
|
73
|
+
redis-cli CONFIG SET maxmemory-policy allkeys-lru
|
|
74
|
+
|
|
75
|
+
# Set memory limit
|
|
76
|
+
redis-cli CONFIG SET maxmemory 4gb
|
|
77
|
+
|
|
78
|
+
# Persist config to redis.conf
|
|
79
|
+
redis-cli CONFIG REWRITE
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
## Persistence Configuration
|
|
83
|
+
|
|
84
|
+
```bash
|
|
85
|
+
# RDB snapshot (point-in-time)
|
|
86
|
+
redis-cli CONFIG SET save "3600 1 300 100 60 10000" # save if N changes in M seconds
|
|
87
|
+
|
|
88
|
+
# AOF (append-only file — more durable)
|
|
89
|
+
redis-cli CONFIG SET appendonly yes
|
|
90
|
+
redis-cli CONFIG SET appendfsync everysec # fsync every second (balance: perf vs durability)
|
|
91
|
+
# appendfsync always — safest (every write) — high IOPS
|
|
92
|
+
# appendfsync everysec — recommended — max 1s data loss
|
|
93
|
+
# appendfsync no — fastest — OS decides when to flush
|
|
94
|
+
|
|
95
|
+
# AOF rewrite (compaction)
|
|
96
|
+
redis-cli BGREWRITEAOF
|
|
97
|
+
|
|
98
|
+
# Manual RDB snapshot
|
|
99
|
+
redis-cli BGSAVE
|
|
100
|
+
redis-cli LASTSAVE # Unix timestamp of last successful save
|
|
101
|
+
|
|
102
|
+
# Best practice: enable both RDB + AOF
|
|
103
|
+
# RDB for fast restarts, AOF for minimal data loss
|
|
104
|
+
```
|
|
105
|
+
|
|
106
|
+
## Redis Sentinel (HA)
|
|
107
|
+
|
|
108
|
+
```bash
|
|
109
|
+
# Check Sentinel status
|
|
110
|
+
redis-cli -p 26379 SENTINEL masters
|
|
111
|
+
redis-cli -p 26379 SENTINEL slaves mymaster
|
|
112
|
+
redis-cli -p 26379 SENTINEL sentinels mymaster
|
|
113
|
+
|
|
114
|
+
# Force failover (test)
|
|
115
|
+
redis-cli -p 26379 SENTINEL failover mymaster
|
|
116
|
+
|
|
117
|
+
# sentinel.conf (minimal)
|
|
118
|
+
sentinel monitor mymaster redis-master 6379 2 # quorum=2
|
|
119
|
+
sentinel down-after-milliseconds mymaster 5000
|
|
120
|
+
sentinel failover-timeout mymaster 60000
|
|
121
|
+
sentinel parallel-syncs mymaster 1
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
## K8s Redis (Bitnami Helm)
|
|
125
|
+
|
|
126
|
+
```yaml
|
|
127
|
+
# values.yaml (Redis Sentinel mode)
|
|
128
|
+
architecture: replication
|
|
129
|
+
auth:
|
|
130
|
+
enabled: true
|
|
131
|
+
existingSecret: redis-password
|
|
132
|
+
existingSecretPasswordKey: password
|
|
133
|
+
|
|
134
|
+
master:
|
|
135
|
+
resources:
|
|
136
|
+
requests: { memory: 256Mi, cpu: 100m }
|
|
137
|
+
limits: { memory: 1Gi, cpu: 500m }
|
|
138
|
+
persistence:
|
|
139
|
+
enabled: true
|
|
140
|
+
size: 8Gi
|
|
141
|
+
|
|
142
|
+
replica:
|
|
143
|
+
replicaCount: 2
|
|
144
|
+
|
|
145
|
+
sentinel:
|
|
146
|
+
enabled: true
|
|
147
|
+
resources:
|
|
148
|
+
requests: { memory: 64Mi, cpu: 50m }
|
|
149
|
+
limits: { memory: 128Mi, cpu: 100m }
|
|
150
|
+
```
|
|
151
|
+
|
|
152
|
+
```bash
|
|
153
|
+
# K8s Redis health check
|
|
154
|
+
kubectl exec -it redis-master-0 -n cache -- redis-cli ping
|
|
155
|
+
kubectl exec -it redis-master-0 -n cache -- redis-cli INFO replication
|
|
156
|
+
|
|
157
|
+
# Force failover in K8s
|
|
158
|
+
kubectl exec -it redis-master-0 -n cache -- \
|
|
159
|
+
redis-cli -p 26379 SENTINEL failover mymaster
|
|
160
|
+
|
|
161
|
+
# Check pod resources vs actual memory usage
|
|
162
|
+
kubectl top pods -n cache -l app.kubernetes.io/name=redis
|
|
163
|
+
```
|
|
164
|
+
|
|
165
|
+
## Common Issues & Fixes
|
|
166
|
+
|
|
167
|
+
| Symptom | Diagnosis | Fix |
|
|
168
|
+
|:---|:---|:---|
|
|
169
|
+
| `OOM command not allowed` | maxmemory reached + `noeviction` | Increase maxmemory or change eviction policy |
|
|
170
|
+
| High eviction rate | Cache too small or no TTLs on keys | Increase maxmemory; audit keys without TTL |
|
|
171
|
+
| `WRONGTYPE` errors | Key type mismatch in application | Flush specific key: `DEL <key>` |
|
|
172
|
+
| Connection refused | maxclients reached | `CONFIG SET maxclients 10000` |
|
|
173
|
+
| Slow KEYS command | Running `KEYS *` in production | Replace with SCAN; never use KEYS in prod |
|
|
174
|
+
| AOF growing unbounded | Auto-rewrite threshold too high | Lower `auto-aof-rewrite-percentage` to 50 |
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: backup-verify
|
|
3
|
+
type: workflow
|
|
4
|
+
trigger: /backup-verify
|
|
5
|
+
description: Verify database backup integrity — automated restore test, row count validation, alert if backup fails.
|
|
6
|
+
inputs:
|
|
7
|
+
- database_name
|
|
8
|
+
- backup_tool (pgbackrest|barman|custom)
|
|
9
|
+
outputs:
|
|
10
|
+
- verification_report
|
|
11
|
+
- restore_test_passed (bool)
|
|
12
|
+
roles:
|
|
13
|
+
- devops-engineer
|
|
14
|
+
execution:
|
|
15
|
+
initiator: developer
|
|
16
|
+
related-rules:
|
|
17
|
+
- backup-policy.md
|
|
18
|
+
uses-skills:
|
|
19
|
+
- backup-restore
|
|
20
|
+
- postgres-operations
|
|
21
|
+
quality-gates:
|
|
22
|
+
- restore test completes without error
|
|
23
|
+
- row counts match production within 1%
|
|
24
|
+
- backup age < 26 hours
|
|
25
|
+
- test environment destroyed after verification
|
|
26
|
+
---
|
|
27
|
+
|
|
28
|
+
## Steps
|
|
29
|
+
|
|
30
|
+
### 1. Pre-Check: Backup Catalog — `@devops-engineer`
|
|
31
|
+
```bash
|
|
32
|
+
# pgBackRest
|
|
33
|
+
pgbackrest --stanza=main info
|
|
34
|
+
|
|
35
|
+
# Verify: last full backup age < 24h; WAL archiving current
|
|
36
|
+
# Exit non-zero if no backup found → alert on-call immediately
|
|
37
|
+
LAST_FULL=$(pgbackrest --stanza=main info --output=json | jq -r '.[] | .backup[-1].timestamp.stop')
|
|
38
|
+
AGE_HOURS=$(( ( $(date +%s) - $LAST_FULL ) / 3600 ))
|
|
39
|
+
if [ $AGE_HOURS -gt 26 ]; then
|
|
40
|
+
echo "ALERT: Last backup is ${AGE_HOURS}h old (> 26h threshold)" && exit 1
|
|
41
|
+
fi
|
|
42
|
+
```
|
|
43
|
+
- **Done when:** backup catalog exists, last backup < 26h old
|
|
44
|
+
|
|
45
|
+
### 2. Provision Test Environment — `@devops-engineer`
|
|
46
|
+
```bash
|
|
47
|
+
# Spin up isolated postgres pod for restore test
|
|
48
|
+
kubectl run restore-test \
|
|
49
|
+
--image=postgres:16-alpine \
|
|
50
|
+
--env="POSTGRES_PASSWORD=testpass" \
|
|
51
|
+
--restart=Never \
|
|
52
|
+
-n database-ops
|
|
53
|
+
kubectl wait pod/restore-test --for=condition=Ready --timeout=60s
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
### 3. Restore Latest Backup — `@devops-engineer`
|
|
57
|
+
```bash
|
|
58
|
+
# Restore to test pod (pgBackRest delta restore is faster if data dir pre-exists)
|
|
59
|
+
pgbackrest --stanza=main restore \
|
|
60
|
+
--pg1-path=/var/lib/postgresql/data \
|
|
61
|
+
--target-action=promote \
|
|
62
|
+
--delta
|
|
63
|
+
|
|
64
|
+
# Start postgres and confirm it accepts connections
|
|
65
|
+
pg_ctl start -D /var/lib/postgresql/data
|
|
66
|
+
psql -c "SELECT 1" postgres # must succeed
|
|
67
|
+
```
|
|
68
|
+
- **Done when:** postgres starts cleanly; no recovery errors in log
|
|
69
|
+
|
|
70
|
+
### 4. Row Count Validation — `@devops-engineer`
|
|
71
|
+
```bash
|
|
72
|
+
# Compare critical table row counts: restored vs production
|
|
73
|
+
TABLES="orders payments users products"
|
|
74
|
+
for table in $TABLES; do
|
|
75
|
+
PROD=$(psql -h postgres-primary -c "SELECT count(*) FROM $table" -t | tr -d ' ')
|
|
76
|
+
REST=$(psql -h restore-test-svc -c "SELECT count(*) FROM $table" -t | tr -d ' ')
|
|
77
|
+
DIFF=$(echo "scale=4; ($PROD - $REST) / $PROD * 100" | bc)
|
|
78
|
+
echo "$table: prod=$PROD restored=$REST diff=$DIFF%"
|
|
79
|
+
# Alert if diff > 1%
|
|
80
|
+
done
|
|
81
|
+
```
|
|
82
|
+
- **Done when:** all critical tables within 1% row count of production
|
|
83
|
+
|
|
84
|
+
### 5. Report + Cleanup — `@devops-engineer`
|
|
85
|
+
```bash
|
|
86
|
+
# Destroy test pod immediately after verification
|
|
87
|
+
kubectl delete pod restore-test -n database-ops
|
|
88
|
+
|
|
89
|
+
# Write report
|
|
90
|
+
cat > backup-verify-$(date +%Y%m%d).txt << EOF
|
|
91
|
+
Date: $(date -u)
|
|
92
|
+
Backup age: ${AGE_HOURS}h
|
|
93
|
+
Restore: SUCCESS
|
|
94
|
+
Tables validated: $TABLES
|
|
95
|
+
Row count drift: all within 1%
|
|
96
|
+
Test env: destroyed
|
|
97
|
+
EOF
|
|
98
|
+
|
|
99
|
+
# Post result to Slack
|
|
100
|
+
curl -X POST $SLACK_WEBHOOK \
|
|
101
|
+
-H 'Content-type: application/json' \
|
|
102
|
+
--data "{\"text\":\"✅ DB backup verified $(date +%Y-%m-%d) — restore successful, all tables within 1%\"}"
|
|
103
|
+
```
|
|
104
|
+
- **If any step fails:** post failure to Slack + page on-call → P1 incident
|
|
105
|
+
|
|
106
|
+
## Exit
|
|
107
|
+
Restore successful + row counts validated + test env destroyed + report posted = backup verified.
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: db-incident
|
|
3
|
+
type: workflow
|
|
4
|
+
trigger: /db-incident
|
|
5
|
+
description: Respond to a database incident — connection exhaustion, lock contention, replication lag, performance degradation.
|
|
6
|
+
inputs:
|
|
7
|
+
- database_name
|
|
8
|
+
- symptom
|
|
9
|
+
- severity
|
|
10
|
+
outputs:
|
|
11
|
+
- root_cause_summary
|
|
12
|
+
- remediation_applied
|
|
13
|
+
roles:
|
|
14
|
+
- devops-engineer
|
|
15
|
+
- developer
|
|
16
|
+
execution:
|
|
17
|
+
initiator: developer
|
|
18
|
+
related-rules:
|
|
19
|
+
- backup-policy.md
|
|
20
|
+
- access-control.md
|
|
21
|
+
uses-skills:
|
|
22
|
+
- postgres-operations
|
|
23
|
+
- db-performance
|
|
24
|
+
quality-gates:
|
|
25
|
+
- backup verified before any destructive action
|
|
26
|
+
- connection pool not bypassed during incident
|
|
27
|
+
---
|
|
28
|
+
|
|
29
|
+
## Steps
|
|
30
|
+
|
|
31
|
+
### 1. Triage — `@devops-engineer`
|
|
32
|
+
- Check: connection count, active queries, lock waits, replication lag
|
|
33
|
+
```sql
|
|
34
|
+
SELECT count(*), state FROM pg_stat_activity GROUP BY state;
|
|
35
|
+
SELECT * FROM pg_stat_replication;
|
|
36
|
+
```
|
|
37
|
+
- Check PgBouncer: `SHOW POOLS; SHOW STATS;`
|
|
38
|
+
- **Done when:** failure mode classified (connection exhaustion / lock / slow query / replication)
|
|
39
|
+
|
|
40
|
+
### 2. Immediate Mitigation by Type
|
|
41
|
+
|
|
42
|
+
**Connection exhaustion (max_connections reached):**
|
|
43
|
+
```sql
|
|
44
|
+
-- Kill idle connections (not in transaction)
|
|
45
|
+
SELECT pg_terminate_backend(pid)
|
|
46
|
+
FROM pg_stat_activity
|
|
47
|
+
WHERE state = 'idle' AND query_start < now() - interval '30 minutes';
|
|
48
|
+
```
|
|
49
|
+
- Check PgBouncer pool size — increase `default_pool_size` in pgbouncer.ini; `RELOAD`
|
|
50
|
+
|
|
51
|
+
**Lock contention:**
|
|
52
|
+
```sql
|
|
53
|
+
-- Identify and kill blocking query (after confirming safe)
|
|
54
|
+
SELECT pg_terminate_backend(<blocking_pid>);
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
**Slow query (high CPU, degraded performance):**
|
|
58
|
+
```sql
|
|
59
|
+
-- Find and kill runaway query
|
|
60
|
+
SELECT pid, query_start, state, query FROM pg_stat_activity
|
|
61
|
+
WHERE state = 'active' ORDER BY query_start ASC LIMIT 10;
|
|
62
|
+
SELECT pg_cancel_backend(<pid>); -- graceful
|
|
63
|
+
SELECT pg_terminate_backend(<pid>); -- forceful
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
**Replication lag > RPO threshold:**
|
|
67
|
+
- Check WAL receiver on replica: `SELECT * FROM pg_stat_wal_receiver;`
|
|
68
|
+
- Check network between primary and replica
|
|
69
|
+
- If lag growing: consider increasing `wal_sender_timeout`
|
|
70
|
+
|
|
71
|
+
### 3. Root Cause — `@devops-engineer` + `@developer`
|
|
72
|
+
- Check `pg_stat_statements` for query regressions (new slow query after deploy?)
|
|
73
|
+
- Check recent schema migrations (new index missing? index not created concurrently?)
|
|
74
|
+
- Review application logs for query pattern change
|
|
75
|
+
|
|
76
|
+
### 4. Fix & Verify — `@devops-engineer`
|
|
77
|
+
- Apply fix (create missing index, kill leaked connections, tune pgbouncer)
|
|
78
|
+
- Watch metrics stabilize over 5 min
|
|
79
|
+
- **Done when:** connection count normal, query latency normal, no lock waits
|
|
80
|
+
|
|
81
|
+
### 5. Document — `@devops-engineer`
|
|
82
|
+
- Root cause + fix in incident ticket
|
|
83
|
+
- If query regression: create optimization ticket for development team
|
|
84
|
+
|
|
85
|
+
## Exit
|
|
86
|
+
Metrics normal + root cause documented = db incident resolved.
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# DevSecOps — guidance index
|
|
2
|
+
|
|
3
|
+
## What this area covers
|
|
4
|
+
|
|
5
|
+
Shift-left security integration: container hardening, SBOM and supply-chain attestation, OPA / Kyverno policy enforcement, secret detection, and Sigstore artifact signing. Security controls are embedded in the delivery pipeline, not applied after the fact.
|
|
6
|
+
|
|
7
|
+
## Guidance chain
|
|
8
|
+
|
|
9
|
+
1. Project `.agent/` baseline
|
|
10
|
+
2. `devsecops/rules/*` — load all
|
|
11
|
+
3. `devsecops/skills/*/SKILL.md` — load only the skill matching the current task
|
|
12
|
+
4. `devsecops/workflows/*` — load the workflow matching the triggered command
|
|
13
|
+
|
|
14
|
+
## Cross-cutting constraints
|
|
15
|
+
|
|
16
|
+
- **Shift left** — security checks run in CI, not in a post-deploy audit.
|
|
17
|
+
- **Policy as code** — all security policies are version-controlled and machine-enforced; manual review is a supplement, not a substitute.
|
|
18
|
+
- **Container images are immutable artifacts** — no shell access, no package installs at runtime.
|
|
19
|
+
- **Every artifact is signed** — unsigned images and binaries are rejected at admission.
|
|
20
|
+
|
|
21
|
+
## Spec map
|
|
22
|
+
|
|
23
|
+
```text
|
|
24
|
+
devsecops/
|
|
25
|
+
├── rules/
|
|
26
|
+
│ ├── shift-left-policy.md ← required CI checks, fail-fast thresholds
|
|
27
|
+
│ ├── container-security.md ← base image standards, rootless, read-only FS
|
|
28
|
+
│ └── policy-as-code.md ← OPA/Kyverno enforcement points, violation handling
|
|
29
|
+
├── skills/
|
|
30
|
+
│ ├── container-hardening/SKILL.md ← distroless, non-root, capability drops
|
|
31
|
+
│ ├── sbom-supply-chain/SKILL.md ← Syft, CycloneDX, SLSA provenance
|
|
32
|
+
│ ├── opa-policies/SKILL.md ← Rego authoring, Conftest, Gatekeeper
|
|
33
|
+
│ ├── secret-detection/SKILL.md ← Gitleaks, truffleHog, pre-commit integration
|
|
34
|
+
│ └── sigstore-signing/SKILL.md ← Cosign, keyless signing, Rekor transparency log
|
|
35
|
+
├── workflows/
|
|
36
|
+
│ ├── security-scan-pipeline.md ← /security-scan-pipeline
|
|
37
|
+
│ └── policy-onboard.md ← /policy-onboard
|
|
38
|
+
└── prompts/
|
|
39
|
+
└── *.md
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
## Discovery patterns
|
|
43
|
+
|
|
44
|
+
- `rules/*.md`
|
|
45
|
+
- `skills/*/SKILL.md`
|
|
46
|
+
- `workflows/*.md`
|
|
47
|
+
- `prompts/*.md`
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
---
|
|
2
|
+
workflow: policy-onboard
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# Prompt: `/policy-onboard`
|
|
6
|
+
|
|
7
|
+
Use when: adding OPA/Kyverno admission policies to a cluster or namespace.
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Example 1 — Full admission policy baseline for new cluster
|
|
12
|
+
|
|
13
|
+
**EN:**
|
|
14
|
+
```
|
|
15
|
+
/policy-onboard
|
|
16
|
+
|
|
17
|
+
Cluster: prod-cluster-eu
|
|
18
|
+
Policy engine: OPA/Gatekeeper (already installed)
|
|
19
|
+
Scope: all namespaces labelled environment=production or environment=staging
|
|
20
|
+
Policies to deploy (enforcement: deny for prod, warn for staging):
|
|
21
|
+
- require-non-root (runAsNonRoot: true, UID != 0)
|
|
22
|
+
- disallow-privileged-containers
|
|
23
|
+
- require-resource-limits (CPU + memory both required)
|
|
24
|
+
- require-image-digest (no :latest or mutable tags)
|
|
25
|
+
- disallow-host-namespaces (no hostNetwork/hostPID/hostIPC)
|
|
26
|
+
- require-labels: app, team, environment on all Deployments
|
|
27
|
+
Test each policy with: passing manifest + failing manifest before deploying
|
|
28
|
+
```
|
|
29
|
+
|
|
30
|
+
**RU:**
|
|
31
|
+
```
|
|
32
|
+
/policy-onboard
|
|
33
|
+
|
|
34
|
+
Кластер: prod-cluster-eu
|
|
35
|
+
Policy engine: OPA/Gatekeeper (уже установлен)
|
|
36
|
+
Скоуп: все namespaces с лейблом environment=production или environment=staging
|
|
37
|
+
Политики для деплоя (enforcement: deny для prod, warn для staging):
|
|
38
|
+
- require-non-root (runAsNonRoot: true, UID != 0)
|
|
39
|
+
- disallow-privileged-containers
|
|
40
|
+
- require-resource-limits (CPU + memory оба обязательны)
|
|
41
|
+
- require-image-digest (без :latest и mutable тегов)
|
|
42
|
+
- disallow-host-namespaces (без hostNetwork/hostPID/hostIPC)
|
|
43
|
+
- require-labels: app, team, environment на всех Deployment
|
|
44
|
+
Протестировать каждую политику с: passing манифест + failing манифест перед деплоем
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
---
|
|
48
|
+
|
|
49
|
+
## Example 2 — Fix policy-blocked deployment
|
|
50
|
+
|
|
51
|
+
**EN:**
|
|
52
|
+
```
|
|
53
|
+
/policy-onboard
|
|
54
|
+
|
|
55
|
+
Problem: Deployment of order-service v3.0.0 blocked by admission webhook
|
|
56
|
+
Error: "admission webhook gatekeeper denied: Container 'app' must set runAsNonRoot: true"
|
|
57
|
+
Current Dockerfile: no USER instruction; runs as root
|
|
58
|
+
Fix needed:
|
|
59
|
+
1. Add USER 1000:1000 to Dockerfile
|
|
60
|
+
2. Add securityContext.runAsNonRoot: true + runAsUser: 1000 to Helm values
|
|
61
|
+
3. Verify readOnlyRootFilesystem: true won't break app (check for writes to / )
|
|
62
|
+
4. Rebuild image + re-deploy
|
|
63
|
+
5. Confirm no other policy violations in the same deployment
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
**RU:**
|
|
67
|
+
```
|
|
68
|
+
/policy-onboard
|
|
69
|
+
|
|
70
|
+
Проблема: деплой order-service v3.0.0 заблокирован admission webhook
|
|
71
|
+
Ошибка: "admission webhook gatekeeper denied: Container 'app' must set runAsNonRoot: true"
|
|
72
|
+
Текущий Dockerfile: нет инструкции USER; запускается от root
|
|
73
|
+
Необходимое исправление:
|
|
74
|
+
1. Добавить USER 1000:1000 в Dockerfile
|
|
75
|
+
2. Добавить securityContext.runAsNonRoot: true + runAsUser: 1000 в Helm values
|
|
76
|
+
3. Убедиться что readOnlyRootFilesystem: true не сломает приложение (проверить записи в /)
|
|
77
|
+
4. Пересобрать образ + повторить деплой
|
|
78
|
+
5. Подтвердить отсутствие других нарушений политик в том же deployment
|
|
79
|
+
```
|