npm - @marcfargas/skills - Versions diffs - 0.4.1 → 0.5.0 - Mend

@marcfargas/skills 0.4.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/.well-known/skills/index.json +46 -0
package/README.md +9 -1
package/azure/azcli/SKILL.md +150 -0
package/azure/azcli/auth.md +160 -0
package/azure/azcli/automation.md +270 -0
package/azure/azcli/compute.md +222 -0
package/azure/azcli/data.md +220 -0
package/azure/azcli/iam.md +184 -0
package/azure/azcli/serverless.md +242 -0
package/azure/azcli/storage.md +215 -0
package/google-cloud/gcloud/SKILL.md +2 -1
package/google-cloud/gcloud/auth.md +2 -0
package/maintenance/repo-hygiene/SKILL.md +449 -0
package/package.json +13 -2
package/release/pre-release/SKILL.md +21 -29
package/search/web-search/SKILL.md +2 -2
package/sheet-model/SKILL.md +8 -4
package/terminal/vhs/SKILL.md +2 -0
package/search/web-search/package-lock.json +0 -617
package/sheet-model/package-lock.json +0 -1035

package/azure/azcli/compute.md ADDED Viewed

@@ -0,0 +1,222 @@
+# Compute & Networking
+## Virtual Machines
+```bash
+# READ — list VMs
+az vm list -o json
+az vm list --resource-group my-rg -o table
+az vm list --resource-group my-rg --query "[].{Name:name, Size:hardwareProfile.vmSize, Status:powerState}" -o table
+# Show VM details
+az vm show --name my-vm --resource-group my-rg -o json
+# Show VM with instance view (power state)
+az vm get-instance-view --name my-vm --resource-group my-rg \
+  --query "{Name:name, Status:instanceView.statuses[1].displayStatus}" -o json
+# EXPENSIVE — create VM (~$5-2000+/mo depending on size)
+az vm create \
+  --resource-group my-rg \
+  --name my-vm \
+  --image Ubuntu2204 \
+  --size Standard_B2s \
+  --admin-username azureuser \
+  --generate-ssh-keys \
+  --location westeurope
+# Windows VM
+az vm create \
+  --resource-group my-rg \
+  --name my-win-vm \
+  --image Win2022Datacenter \
+  --size Standard_B2s \
+  --admin-username azureuser \
+  --admin-password "$(az keyvault secret show --vault-name my-vault --name vm-pwd --query value -o tsv)"
+# SSH into VM
+az ssh vm --resource-group my-rg --name my-vm
+# Or with native SSH (needs public IP)
+ssh azureuser@$(az vm show --name my-vm -g my-rg --show-details --query publicIps -o tsv)
+# Lifecycle
+az vm start --name my-vm --resource-group my-rg
+az vm stop --name my-vm --resource-group my-rg        # still billed for compute
+az vm deallocate --name my-vm --resource-group my-rg   # stops billing for compute
+az vm restart --name my-vm --resource-group my-rg
+# Resize
+az vm resize --name my-vm --resource-group my-rg --size Standard_B4ms
+# ⚠️ DESTRUCTIVE
+az vm delete --name my-vm --resource-group my-rg
+```
+### VM Images
+```bash
+# List popular images
+az vm image list -o table                         # cached popular images
+az vm image list --all --publisher Canonical -o table  # all from publisher (slow)
+az vm image list --offer UbuntuServer --sku 22_04 --all -o table
+# List available sizes in a region
+az vm list-sizes --location westeurope -o table
+az vm list-sizes --location westeurope --query "[?numberOfCores<=`4`]" -o table
+```
+## Network Security Groups (NSGs)
+```bash
+# Create NSG
+az network nsg create --resource-group my-rg --name my-nsg
+# READ
+az network nsg list --resource-group my-rg -o json
+az network nsg rule list --nsg-name my-nsg --resource-group my-rg -o table
+# ⚠️ SECURITY — open ports
+az network nsg rule create \
+  --resource-group my-rg \
+  --nsg-name my-nsg \
+  --name allow-http \
+  --priority 100 \
+  --access Allow \
+  --protocol Tcp \
+  --destination-port-ranges 80 443 \
+  --direction Inbound
+# ⚠️ DESTRUCTIVE
+az network nsg rule delete --resource-group my-rg --nsg-name my-nsg --name allow-http
+az network nsg delete --resource-group my-rg --name my-nsg
+```
+## Virtual Networks (VNets)
+```bash
+# Create VNet with subnet
+az network vnet create \
+  --resource-group my-rg \
+  --name my-vnet \
+  --address-prefix 10.0.0.0/16 \
+  --subnet-name default \
+  --subnet-prefix 10.0.0.0/24
+# READ
+az network vnet list --resource-group my-rg -o json
+az network vnet show --name my-vnet --resource-group my-rg -o json
+# Add subnet
+az network vnet subnet create \
+  --resource-group my-rg \
+  --vnet-name my-vnet \
+  --name backend-subnet \
+  --address-prefixes 10.0.1.0/24
+# List subnets
+az network vnet subnet list --resource-group my-rg --vnet-name my-vnet -o table
+# ⚠️ DESTRUCTIVE
+az network vnet delete --name my-vnet --resource-group my-rg
+```
+## Public IPs
+```bash
+az network public-ip create --resource-group my-rg --name my-ip --sku Standard
+az network public-ip list --resource-group my-rg -o table
+az network public-ip show --name my-ip --resource-group my-rg --query ipAddress -o tsv
+# ⚠️ Unattached static IPs cost ~$3.65/month
+```
+## DNS Zones
+```bash
+# Create zone
+az network dns zone create --resource-group my-rg --name example.com
+# READ
+az network dns zone list --resource-group my-rg -o json
+az network dns record-set list --resource-group my-rg --zone-name example.com -o table
+# Add A record
+az network dns record-set a add-record \
+  --resource-group my-rg \
+  --zone-name example.com \
+  --record-set-name www \
+  --ipv4-address 1.2.3.4
+# Add CNAME
+az network dns record-set cname set-record \
+  --resource-group my-rg \
+  --zone-name example.com \
+  --record-set-name app \
+  --cname my-app.azurewebsites.net
+# ⚠️ DESTRUCTIVE
+az network dns record-set a remove-record \
+  --resource-group my-rg --zone-name example.com \
+  --record-set-name www --ipv4-address 1.2.3.4
+```
+## Private DNS
+```bash
+az network private-dns zone create --resource-group my-rg --name private.example.com
+az network private-dns link vnet create \
+  --resource-group my-rg \
+  --zone-name private.example.com \
+  --name my-link \
+  --virtual-network my-vnet \
+  --registration-enabled false
+```
+## Load Balancer
+```bash
+# ⚠️ EXPENSIVE — Standard LB ~$18+/month + data processing
+az network lb create \
+  --resource-group my-rg \
+  --name my-lb \
+  --sku Standard \
+  --public-ip-address my-ip \
+  --frontend-ip-name myFrontEnd \
+  --backend-pool-name myBackendPool
+az network lb list --resource-group my-rg -o json
+```
+## Application Gateway
+```bash
+# ⚠️ EXPENSIVE — ~$20+/month (WAF v2 ~$200+/month)
+az network application-gateway list --resource-group my-rg -o json
+```
+## Azure Monitor & Logging
+```bash
+# Activity log (audit trail)
+az monitor activity-log list --resource-group my-rg --max-events 20 -o json
+# Metrics
+az monitor metrics list \
+  --resource "/subscriptions/SUB_ID/resourceGroups/my-rg/providers/Microsoft.Compute/virtualMachines/my-vm" \
+  --metric "Percentage CPU" \
+  --interval PT1H -o json
+# Log Analytics query
+az monitor log-analytics query \
+  --workspace WORKSPACE_ID \
+  --analytics-query "AzureActivity | take 10" -o json
+# Alerts
+az monitor metrics alert list --resource-group my-rg -o json
+az monitor metrics alert create \
+  --name "high-cpu" \
+  --resource-group my-rg \
+  --scopes "/subscriptions/SUB_ID/resourceGroups/my-rg/providers/Microsoft.Compute/virtualMachines/my-vm" \
+  --condition "avg Percentage CPU > 80" \
+  --description "Alert when CPU exceeds 80%"
+```

package/azure/azcli/data.md ADDED Viewed

@@ -0,0 +1,220 @@
+# Data: SQL Database, Cosmos DB, Service Bus, Event Hubs
+## Azure SQL Database
+```bash
+# Create SQL server (logical server — required before creating databases)
+# ⚠️ Never put password in CLI args — use Key Vault
+ADMIN_PWD=$(az keyvault secret show --vault-name my-vault --name sql-admin-pwd --query value -o tsv)
+az sql server create \
+  --resource-group my-rg \
+  --name my-sql-server \
+  --location westeurope \
+  --admin-user sqladmin \
+  --admin-password "$ADMIN_PWD"
+# ⚠️ EXPENSIVE — create database (~$5-2000+/mo depending on tier)
+az sql db create \
+  --resource-group my-rg \
+  --server my-sql-server \
+  --name my-database \
+  --edition GeneralPurpose \
+  --compute-model Serverless \
+  --family Gen5 \
+  --capacity 1 \
+  --auto-pause-delay 60
+# Serverless DTU-based (cheapest for dev/test)
+az sql db create \
+  --resource-group my-rg \
+  --server my-sql-server \
+  --name my-database \
+  --edition Basic \
+  --capacity 5
+# READ
+az sql server list --resource-group my-rg -o json
+az sql db list --server my-sql-server --resource-group my-rg -o table
+az sql db show --name my-database --server my-sql-server --resource-group my-rg -o json
+# Firewall rules
+# ⚠️ SECURITY — allow Azure services
+az sql server firewall-rule create \
+  --resource-group my-rg \
+  --server my-sql-server \
+  --name AllowAzureServices \
+  --start-ip-address 0.0.0.0 \
+  --end-ip-address 0.0.0.0
+# ⚠️ SECURITY — allow specific IP
+az sql server firewall-rule create \
+  --resource-group my-rg \
+  --server my-sql-server \
+  --name my-ip \
+  --start-ip-address 1.2.3.4 \
+  --end-ip-address 1.2.3.4
+az sql server firewall-rule list --server my-sql-server --resource-group my-rg -o table
+# Connection string
+echo "Server=tcp:my-sql-server.database.windows.net,1433;Database=my-database;User ID=sqladmin;Password=...;Encrypt=yes"
+# ⚠️ DESTRUCTIVE
+az sql db delete --name my-database --server my-sql-server --resource-group my-rg
+az sql server delete --name my-sql-server --resource-group my-rg
+```
+### SQL Database Pricing
+| Edition | ~Cost/mo | Notes |
+|---------|----------|-------|
+| Basic (5 DTU) | ~$5 | Dev/test |
+| Standard (S0) | ~$15 | Small workloads |
+| GP Serverless vCore | ~$0.50/hr (auto-pause) | Auto-pause saves cost |
+| Business Critical | ~$400+ | High IOPS, readable secondary |
+## Azure Database for PostgreSQL (Flexible Server)
+```bash
+# ⚠️ EXPENSIVE
+az postgres flexible-server create \
+  --resource-group my-rg \
+  --name my-pg-server \
+  --location westeurope \
+  --admin-user pgadmin \
+  --admin-password "$ADMIN_PWD" \
+  --sku-name Standard_B1ms \
+  --tier Burstable \
+  --storage-size 32
+# Create database
+az postgres flexible-server db create \
+  --resource-group my-rg \
+  --server-name my-pg-server \
+  --database-name mydb
+# READ
+az postgres flexible-server list --resource-group my-rg -o table
+az postgres flexible-server show --name my-pg-server --resource-group my-rg -o json
+az postgres flexible-server db list --resource-group my-rg --server-name my-pg-server -o table
+# Firewall
+az postgres flexible-server firewall-rule create \
+  --resource-group my-rg \
+  --name my-pg-server \
+  --rule-name allow-my-ip \
+  --start-ip-address 1.2.3.4 \
+  --end-ip-address 1.2.3.4
+# Connect
+az postgres flexible-server connect --name my-pg-server --admin-user pgadmin --admin-password "$ADMIN_PWD" --database-name mydb
+# ⚠️ DESTRUCTIVE
+az postgres flexible-server delete --name my-pg-server --resource-group my-rg
+```
+## Cosmos DB
+```bash
+# Create account (multi-region, multi-model)
+az cosmosdb create \
+  --resource-group my-rg \
+  --name my-cosmos \
+  --kind GlobalDocumentDB \
+  --locations regionName=westeurope failoverPriority=0
+# Create SQL database (Core/SQL API)
+az cosmosdb sql database create \
+  --account-name my-cosmos \
+  --resource-group my-rg \
+  --name mydb
+# Create container (collection)
+az cosmosdb sql container create \
+  --account-name my-cosmos \
+  --resource-group my-rg \
+  --database-name mydb \
+  --name mycontainer \
+  --partition-key-path "/partitionKey" \
+  --throughput 400
+# READ
+az cosmosdb list --resource-group my-rg -o json
+az cosmosdb show --name my-cosmos --resource-group my-rg -o json
+az cosmosdb sql database list --account-name my-cosmos --resource-group my-rg -o table
+# Get connection keys
+az cosmosdb keys list --name my-cosmos --resource-group my-rg -o json
+# ⚠️ DESTRUCTIVE
+az cosmosdb sql container delete --account-name my-cosmos --resource-group my-rg --database-name mydb --name mycontainer
+az cosmosdb delete --name my-cosmos --resource-group my-rg
+```
+## Service Bus
+```bash
+# Create namespace
+az servicebus namespace create \
+  --resource-group my-rg \
+  --name my-sb-ns \
+  --location westeurope \
+  --sku Standard
+# Queues
+az servicebus queue create --resource-group my-rg --namespace-name my-sb-ns --name my-queue
+az servicebus queue list --resource-group my-rg --namespace-name my-sb-ns -o table
+# Topics & Subscriptions
+az servicebus topic create --resource-group my-rg --namespace-name my-sb-ns --name my-topic
+az servicebus topic subscription create \
+  --resource-group my-rg --namespace-name my-sb-ns \
+  --topic-name my-topic --name my-sub
+# Get connection string
+az servicebus namespace authorization-rule keys list \
+  --resource-group my-rg --namespace-name my-sb-ns \
+  --name RootManageSharedAccessKey --query primaryConnectionString -o tsv
+# ⚠️ DESTRUCTIVE
+az servicebus queue delete --resource-group my-rg --namespace-name my-sb-ns --name my-queue
+az servicebus topic delete --resource-group my-rg --namespace-name my-sb-ns --name my-topic
+az servicebus namespace delete --resource-group my-rg --name my-sb-ns
+```
+## Event Hubs
+```bash
+# Create namespace
+az eventhubs namespace create \
+  --resource-group my-rg \
+  --name my-eh-ns \
+  --location westeurope \
+  --sku Standard
+# Create event hub
+az eventhubs eventhub create \
+  --resource-group my-rg \
+  --namespace-name my-eh-ns \
+  --name my-hub \
+  --partition-count 4 \
+  --message-retention 1
+# Consumer groups
+az eventhubs eventhub consumer-group create \
+  --resource-group my-rg --namespace-name my-eh-ns \
+  --eventhub-name my-hub --name my-cg
+# READ
+az eventhubs eventhub list --resource-group my-rg --namespace-name my-eh-ns -o table
+# Get connection string
+az eventhubs namespace authorization-rule keys list \
+  --resource-group my-rg --namespace-name my-eh-ns \
+  --name RootManageSharedAccessKey --query primaryConnectionString -o tsv
+# ⚠️ DESTRUCTIVE
+az eventhubs eventhub delete --resource-group my-rg --namespace-name my-eh-ns --name my-hub
+az eventhubs namespace delete --resource-group my-rg --name my-eh-ns
+```

package/azure/azcli/iam.md ADDED Viewed

@@ -0,0 +1,184 @@
+# IAM, Resources & Key Vault
+## Resource Groups
+Resource groups are the fundamental container for all Azure resources.
+```bash
+# CREATE
+az group create --name my-rg --location westeurope
+# READ
+az group list -o json
+az group show --name my-rg -o json
+az group exists --name my-rg   # returns true/false
+# List resources in a group
+az resource list --resource-group my-rg -o table
+# ⚠️ DESTRUCTIVE — deletes ALL resources inside the group
+az group delete --name my-rg
+# Tags
+az group update --name my-rg --tags env=dev team=backend
+```
+## RBAC (Role-Based Access Control)
+```bash
+# List role assignments on a resource group
+az role assignment list --resource-group my-rg -o json
+# List role assignments for a specific user/SP
+az role assignment list --assignee user@example.com -o json
+# WRITE — grant role (confirm with user)
+az role assignment create \
+  --assignee user@example.com \
+  --role "Contributor" \
+  --scope /subscriptions/SUB_ID/resourceGroups/my-rg
+# Grant role to service principal
+az role assignment create \
+  --assignee SP_APP_ID \
+  --role "Reader" \
+  --scope /subscriptions/SUB_ID/resourceGroups/my-rg
+# ⚠️ DESTRUCTIVE — remove role
+az role assignment delete \
+  --assignee user@example.com \
+  --role "Contributor" \
+  --scope /subscriptions/SUB_ID/resourceGroups/my-rg
+# List available role definitions
+az role definition list --query "[].{Name:roleName, Description:description}" -o table
+az role definition list --name "Contributor" -o json
+```
+> **Least privilege**: Prefer specific roles (e.g., `Storage Blob Data Reader`)
+> over broad ones (`Contributor`, `Owner`). Never grant `Owner` to automation.
+### Common Built-in Roles
+| Role | Scope |
+|------|-------|
+| `Reader` | View all resources, no changes |
+| `Contributor` | Manage all resources, no RBAC/policy changes |
+| `Owner` | Full access including RBAC |
+| `Storage Blob Data Contributor` | Read/write/delete blobs |
+| `Key Vault Secrets User` | Read secrets |
+| `AcrPush` | Push images to Container Registry |
+| `Website Contributor` | Manage web apps |
+## Entra ID (Azure AD)
+```bash
+# Users
+az ad user list --query "[].{Name:displayName, UPN:userPrincipalName}" -o table
+az ad user show --id user@example.com -o json
+# Service Principals
+az ad sp list --display-name "my-sp" -o json
+az ad sp show --id SP_APP_ID -o json
+# App Registrations
+az ad app list --display-name "my-app" -o json
+az ad app show --id APP_ID -o json
+# Create app registration
+az ad app create --display-name "my-app"
+# Create service principal for the app
+az ad sp create --id APP_ID
+# ⚠️ SECURITY — create client secret (shown only once)
+az ad app credential reset --id APP_ID --append
+# Groups
+az ad group list -o table
+az ad group member list --group "My Group" -o table
+az ad group member add --group "My Group" --member-id USER_OBJECT_ID
+```
+> ⚠️ **FORBIDDEN**: Do not use `az ad app credential reset` with `--password`
+> plaintext argument. Always let Azure generate the secret or use certificates.
+## Key Vault
+```bash
+# Create vault
+az keyvault create --name my-vault --resource-group my-rg --location westeurope
+# READ
+az keyvault list -o json
+az keyvault show --name my-vault -o json
+# --- Secrets ---
+# Set secret (pipe or use --file, avoid plaintext in CLI args)
+az keyvault secret set --vault-name my-vault --name my-secret --value "$(cat secret.txt)"
+# Get secret value
+az keyvault secret show --vault-name my-vault --name my-secret --query value -o tsv
+# List secrets
+az keyvault secret list --vault-name my-vault -o table
+# New version (just set again — versions are automatic)
+az keyvault secret set --vault-name my-vault --name my-secret --value "new-value"
+# ⚠️ DESTRUCTIVE — soft-delete (recoverable)
+az keyvault secret delete --vault-name my-vault --name my-secret
+# ⚠️ DESTRUCTIVE — purge (permanent, not recoverable)
+az keyvault secret purge --vault-name my-vault --name my-secret
+# --- Keys ---
+az keyvault key create --vault-name my-vault --name my-key --kty RSA --size 2048
+az keyvault key list --vault-name my-vault -o json
+# --- Certificates ---
+az keyvault certificate create --vault-name my-vault --name my-cert --policy @policy.json
+az keyvault certificate list --vault-name my-vault -o json
+# --- Access Policies ---
+# Grant access to a service principal
+az keyvault set-policy --name my-vault \
+  --spn SP_APP_ID \
+  --secret-permissions get list
+# Grant access to a user
+az keyvault set-policy --name my-vault \
+  --upn user@example.com \
+  --secret-permissions get list set delete
+# ⚠️ DESTRUCTIVE — delete vault
+az keyvault delete --name my-vault --resource-group my-rg
+az keyvault purge --name my-vault --location westeurope  # permanent
+```
+## Resource Locks
+```bash
+# Prevent accidental deletion
+az lock create --name no-delete --resource-group my-rg --lock-type CanNotDelete
+# Prevent any changes
+az lock create --name read-only --resource-group my-rg --lock-type ReadOnly
+# List & remove
+az lock list --resource-group my-rg -o table
+az lock delete --name no-delete --resource-group my-rg
+```
+## Resource Providers
+```bash
+# List registered providers
+az provider list --query "[?registrationState=='Registered'].namespace" -o tsv
+# Check specific provider
+az provider show --namespace Microsoft.ContainerApp --query registrationState -o tsv
+# Register (required before first use of some services)
+az provider register --namespace Microsoft.ContainerApp --wait
+```