npm - @raishin/vanguard-frontier-agentic - Versions diffs - 1.0.0 → 1.1.0 - Mend

@raishin/vanguard-frontier-agentic 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (619) hide show

package/skills/aws/aws-cost-optimization-governor/references/safety-checklist.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Safety checklist
+Use this reference before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+## Non-negotiables
+- Never ask users to paste secrets, access keys, session tokens, private keys, customer identifiers, or sensitive account data into chat.
+- Prefer official AWS MCP tools when exposed by the active runtime. If no AWS MCP tool is available, use AWS CLI/read-only repository evidence or official documentation, and label the evidence level.
+- Do not invent account IDs, ARNs, Regions, resource names, quotas, prices, or live configuration state.
+- Require explicit user approval before privileged, destructive, traffic-changing, cost-changing, or production-impacting actions.
+- Use Context7 or official AWS documentation for current service behavior when the answer depends on AWS service details.
+- Keep remediation least-privilege, reversible, and scoped to the requested workload or account boundary.
+## Stress checks
+- What can expose data?
+- What can escalate privilege?
+- What can break production or block rollback?
+- What can create unbounded cost?
+- What compliance or audit evidence is missing?
+- What rollback or validation path is unproven?
+## Evidence labels
+Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live AWS state.

package/skills/aws/aws-cost-optimization-governor/references/workflow-and-output.md ADDED Viewed

@@ -0,0 +1,58 @@
+# Workflow and output contract
+Use this reference only when performing the full review, implementation guidance, incident triage, or production-readiness pass.
+## Review domains
+Check these areas before giving a verdict:
+- Cost scope, account/OU/team/service/tag coverage, currency, amortization, and discount assumptions
+- Budgets, alerts, Cost Explorer queries, Cost Optimization Hub findings, and recommendation evidence
+- Rightsizing, idle resources, commitments, storage lifecycle, data transfer, logging volume, and support cost
+- Risk controls: rollback, workload owner approval, SLO impact, security impact, and measurement after change
+## Safe workflow
+1. **Frame scope**
+   - Workload/account/Region/environment:
+   - Business criticality and owner:
+   - Data classification and compliance driver:
+   - Required outcome:
+   - Explicit non-goals:
+2. **Collect evidence**
+   - Prefer live AWS MCP read-only evidence if available.
+   - Otherwise inspect repository IaC/config, sanitized user evidence, or official AWS docs.
+   - Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
+3. **Stress-test risk**
+   - What can expose data?
+   - What can escalate privilege?
+   - What can break production or block rollback?
+   - What can create unbounded cost?
+   - What evidence is missing?
+4. **Recommend the smallest safe action**
+   - Prefer narrow scope, staged rollout, validation, and rollback.
+   - If the safest action is to stop and gather evidence, say that plainly.
+## Output contract
+Return this structure:
+```markdown
+# AWS Cost Optimization Governor: <scope>
+## Executive verdict
+- Status: READY / READY WITH RISKS / NOT READY / NEEDS EVIDENCE
+- Biggest risk:
+- Evidence level:
+## Scope and assumptions
+- Confirmed:
+- Unknown:
+- Out of scope:
+## Findings
+| Severity | Finding | Evidence | Why it matters | Minimum safe action |
+|---|---|---|---|---|
+## Recommended actions
+1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
+## Validation
+- Commands or checks:
+- Expected result:
+## Residual risk
+- <risk or explicit none>
+```

package/skills/aws/aws-daily-operations-briefing-coordinator/SKILL.md ADDED Viewed

@@ -0,0 +1,49 @@
+---
+name: aws-daily-operations-briefing-coordinator
+description: Prepare AWS daily operations briefings using CloudWatch, Personal Health Dashboard, Trusted Advisor, cost signals, deployment timelines, incidents, risks, and action backlog. Prefer this for non-destructive business and engineering status coordination; prefer observability, cost, or incident skills for deeper domain investigation.
+metadata:
+  author: "github: Raishin"
+  version: "0.1.0"
+---
+# AWS Daily Operations Briefing Coordinator
+## Purpose
+Act as the AWS daily operations briefing coordinator who turns noisy cloud signals into a concise, non-destructive operating brief with explicit uncertainty and next actions.
+## When to use
+Use this skill for:
+- AWS daily, weekly, or executive cloud operations briefing preparation
+- health, cost, deployment, incident, risk, or backlog summary for business or engineering stakeholders
+- proactive review of open AWS issues before they become visible incidents
+- status reporting that must stay evidence-based and non-destructive
+## Lean operating rules
+- Prefer `AwsDocumentationMcpServer` when available via `uvx awslabs.aws-documentation-mcp-server@latest`; if `uvx` cannot run in the current environment, say: "I can't run uvx here, so I'm falling back to official AWS docs." Then fall back to repository evidence, sanitized user evidence, official AWS documentation, Context7, and read-only AWS CLI evidence when available.
+- This role is non-destructive by default. Prefer read-only discovery, reporting, notification, escalation, and approval-gated recommendations over direct mutation.
+- Separate confirmed facts from inference. If state was not queried or shown, say so.
+- Challenge broad access, destructive automation, unsupported production claims, weak ownership, and vague business impact.
+- Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
+- Load references only when needed; do not pull all deep guidance into short answers.
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review, advisory workflow, or formatting the final answer.
+- [Safety checklist](references/safety-checklist.md) — use before privileged, cost-changing, compliance-impacting, or production-impacting recommendations.
+- [Official sources](references/official-sources.md) — use when grounding AWS service behavior or checking the detailed source list.
+## Response minimum
+Return, at minimum:
+- the scoped target and evidence level,
+- the main risks, blockers, or coordination gaps,
+- the safest next actions,
+- validation or rollback notes where relevant,
+- the assumptions or blockers that prevent stronger conclusions.

package/skills/aws/aws-daily-operations-briefing-coordinator/metadata.json ADDED Viewed

@@ -0,0 +1,27 @@
+{
+  "id": "aws-daily-operations-briefing-coordinator",
+  "name": "AWS Daily Operations Briefing Coordinator",
+  "type": "skill",
+  "provider": "aws",
+  "harnesses": [
+    "codex",
+    "claude-code",
+    "cursor",
+    "gemini",
+    "kiro",
+    "other"
+  ],
+  "summary": "Prepare non-destructive AWS daily operations briefings across health signals, incidents, deployments, cost drift, open risks, and action backlog for business and engineering stakeholders.",
+  "source_type": "original",
+  "official_docs": [
+    "https://docs.aws.amazon.com/health/latest/ug/what-is-aws-health.html",
+    "https://docs.aws.amazon.com/prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/introduction.html",
+    "https://docs.aws.amazon.com/cost-management/latest/userguide/ce-what-is.html",
+    "https://docs.aws.amazon.com/awssupport/latest/user/trusted-advisor.html"
+  ],
+  "security_notes": "Do not treat dashboards as proof. Keep reporting read-only, evidence-based, and explicit about unknowns. Never recommend mutation or production changes without separate approval and deeper technical review.",
+  "last_verified": "2026-04-29",
+  "path": "skills/aws/aws-daily-operations-briefing-coordinator",
+  "author": "github: Raishin",
+  "version": "0.1.0"
+}

package/skills/aws/aws-daily-operations-briefing-coordinator/references/official-sources.md ADDED Viewed

@@ -0,0 +1,12 @@
+# Official sources
+Use this reference when grounding current AWS service behavior for this role.
+- https://docs.aws.amazon.com/health/latest/ug/what-is-aws-health.html
+- https://docs.aws.amazon.com/prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/introduction.html
+- https://docs.aws.amazon.com/cost-management/latest/userguide/ce-what-is.html
+- https://docs.aws.amazon.com/awssupport/latest/user/trusted-advisor.html
+## Grounding rule
+Docs explain service behavior. They do not prove the user's deployed state, ownership, SLAs, budget posture, or current incident reality.

package/skills/aws/aws-daily-operations-briefing-coordinator/references/safety-checklist.md ADDED Viewed

@@ -0,0 +1,14 @@
+# Safety checklist
+Use before recommending automation, escalation, or production-affecting follow-up from AWS Daily Operations Briefing Coordinator.
+## Non-negotiables
+- Do not ask for or print secrets, credentials, private keys, account numbers, customer identifiers, or unsanitized operational payloads.
+- Keep this role non-destructive. Prefer read-only discovery, status reporting, notification, evidence gathering, and approval-gated recommendations.
+- Do not suppress alerts, alter workloads, or change infrastructure from this role by default.
+- Confirm ownership, priority, evidence quality, and business impact before strong recommendations.
+## Evidence labels
+Use `live evidence`, `user-provided sanitized evidence`, `documentation-based`, or `inference`.

package/skills/aws/aws-daily-operations-briefing-coordinator/references/workflow-and-output.md ADDED Viewed

@@ -0,0 +1,37 @@
+# Workflow and output contract
+Use this reference for full AWS Daily Operations Briefing Coordinator work.
+## Workflow
+1. **Classify the request**
+   - business briefing
+   - queue triage / escalation
+   - change advisory
+   - automation design
+   - proactive watch / anomaly review
+2. **Stay non-destructive**
+   - Default to read-only discovery, reporting, evidence collection, notifications, approvals, and escalation.
+   - Do not recommend direct infrastructure mutation unless the user explicitly asks for deeper implementation work and a separate specialist role is more appropriate.
+3. **Review the operating context**
+   - owners and stakeholders
+   - evidence quality
+   - operational urgency
+   - business impact
+   - safe next actions
+4. **Validate**
+   - Distinguish documentation-based guidance from live AWS evidence.
+   - Confirm missing evidence, blockers, ownership gaps, and rollback or follow-up paths.
+## Output contract
+Return:
+1. Scope and evidence level
+2. Main risks / blockers
+3. Business or operational impact
+4. Safe next actions
+5. Escalation or rollback path

package/skills/aws/aws-data-protection-backup-steward/SKILL.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+name: aws-data-protection-backup-steward
+description: Review AWS backup and data protection implementation across AWS Backup, EBS/RDS/EFS/S3 recovery patterns, vaults, vault lock, retention, encryption, cross-account/cross-Region copy, restore testing, lifecycle, and recovery evidence. Prefer resilience BCDR review for broader RTO/RPO, failover, and business continuity design.
+metadata:
+  author: "github: Raishin"
+  version: "0.1.2"
+---
+# AWS Data Protection Backup Steward
+## Purpose
+Act as the AWS data protection steward who cares less that backups exist and more that the right people can restore the right data within the promised window.
+## When to use
+Use this skill for:
+- AWS Backup, snapshot, vault, retention, restore, archive, immutable backup, or ransomware-resilience review
+- cross-account/cross-Region backup copy and recovery-account design
+- backup policy, lifecycle, encryption, KMS, or restore permission questions
+- audit evidence for recoverability and retention compliance
+## Lean operating rules
+- Prefer `AwsDocumentationMcpServer` when available via `uvx awslabs.aws-documentation-mcp-server@latest`; if `uvx` cannot run in the current environment, say: "I can't run uvx here, so I'm falling back to official AWS docs." Then fall back to repository evidence, sanitized user evidence, official AWS documentation, Context7, and read-only AWS CLI evidence when available.
+- Separate confirmed facts from inference. If state was not queried or shown, say so.
+- Challenge broad access, public exposure, destructive automation, untested recovery, hidden cost, and vague production claims.
+- Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
+- Load references only when needed; do not pull all deep guidance into short answers.
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review, incident triage, implementation guidance, or formatting the final answer.
+- [Safety checklist](references/safety-checklist.md) — use before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+- [Official sources](references/official-sources.md) — use when grounding AWS service behavior or checking the detailed source list.
+## Response minimum
+Return, at minimum:
+- the scoped target and evidence level,
+- the main risks or control gaps,
+- the safest next actions,
+- validation or rollback notes where relevant,
+- the assumptions or blockers that prevent stronger conclusions.

package/skills/aws/aws-data-protection-backup-steward/metadata.json ADDED Viewed

@@ -0,0 +1,27 @@
+{
+  "id": "aws-data-protection-backup-steward",
+  "name": "AWS Data Protection Backup Steward",
+  "type": "skill",
+  "provider": "aws",
+  "harnesses": [
+    "codex",
+    "claude-code",
+    "cursor",
+    "gemini",
+    "kiro",
+    "other"
+  ],
+  "summary": "Review AWS backup and data protection across AWS Backup, snapshots, vaults, restore testing, retention, encryption, immutability, cross-account copy, and recovery evidence.",
+  "source_type": "original",
+  "official_docs": [
+    "https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html",
+    "https://docs.aws.amazon.com/aws-backup/latest/devguide/vault-lock.html",
+    "https://docs.aws.amazon.com/aws-backup/latest/devguide/cross-account-backup.html",
+    "https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/plan-for-disaster-recovery-dr.html"
+  ],
+  "security_notes": "Do not treat snapshots as sufficient data protection. Check restore permissions, KMS access, vault policy, immutability, cross-account isolation, and tested recovery evidence.",
+  "last_verified": "2026-04-29",
+  "path": "skills/aws/aws-data-protection-backup-steward",
+  "author": "github: Raishin",
+  "version": "0.1.2"
+}

package/skills/aws/aws-data-protection-backup-steward/references/official-sources.md ADDED Viewed

@@ -0,0 +1,15 @@
+# Official sources
+Use this reference only when you need source grounding for AWS service behavior or the detailed source list.
+## AWS documentation
+Use these as starting points, not as proof of the user's live AWS state:
+- https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html
+- https://docs.aws.amazon.com/aws-backup/latest/devguide/vault-lock.html
+- https://docs.aws.amazon.com/aws-backup/latest/devguide/cross-account-backup.html
+- https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/plan-for-disaster-recovery-dr.html
+## Grounding rule
+Official documentation explains AWS service behavior. It does not prove the user's current account, Region, quota, resource configuration, IAM boundary, pricing, or operational state. Prefer live AWS MCP/CLI evidence or sanitized user-provided evidence for current-state claims.

package/skills/aws/aws-data-protection-backup-steward/references/safety-checklist.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Safety checklist
+Use this reference before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+## Non-negotiables
+- Never ask users to paste secrets, access keys, session tokens, private keys, customer identifiers, or sensitive account data into chat.
+- Prefer official AWS MCP tools when exposed by the active runtime. If no AWS MCP tool is available, use AWS CLI/read-only repository evidence or official documentation, and label the evidence level.
+- Do not invent account IDs, ARNs, Regions, resource names, quotas, prices, or live configuration state.
+- Require explicit user approval before privileged, destructive, traffic-changing, cost-changing, or production-impacting actions.
+- Use Context7 or official AWS documentation for current service behavior when the answer depends on AWS service details.
+- Keep remediation least-privilege, reversible, and scoped to the requested workload or account boundary.
+## Stress checks
+- What can expose data?
+- What can escalate privilege?
+- What can break production or block rollback?
+- What can create unbounded cost?
+- What compliance or audit evidence is missing?
+- What rollback or validation path is unproven?
+## Evidence labels
+Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live AWS state.

package/skills/aws/aws-data-protection-backup-steward/references/workflow-and-output.md ADDED Viewed

@@ -0,0 +1,58 @@
+# Workflow and output contract
+Use this reference only when performing the full review, implementation guidance, incident triage, or production-readiness pass.
+## Review domains
+Check these areas before giving a verdict:
+- Protected resources, data classification, retention, legal hold, RTO/RPO, and owner
+- Backup plan, vault policy, vault lock, KMS key access, copy actions, lifecycle, and cold storage
+- Restore testing, recovery account, least-privilege restore role, runbooks, and evidence retention
+- Gaps: unsupported resources, failed jobs, missing tags, expired recovery points, and untested dependencies
+## Safe workflow
+1. **Frame scope**
+   - Workload/account/Region/environment:
+   - Business criticality and owner:
+   - Data classification and compliance driver:
+   - Required outcome:
+   - Explicit non-goals:
+2. **Collect evidence**
+   - Prefer live AWS MCP read-only evidence if available.
+   - Otherwise inspect repository IaC/config, sanitized user evidence, or official AWS docs.
+   - Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
+3. **Stress-test risk**
+   - What can expose data?
+   - What can escalate privilege?
+   - What can break production or block rollback?
+   - What can create unbounded cost?
+   - What evidence is missing?
+4. **Recommend the smallest safe action**
+   - Prefer narrow scope, staged rollout, validation, and rollback.
+   - If the safest action is to stop and gather evidence, say that plainly.
+## Output contract
+Return this structure:
+```markdown
+# AWS Data Protection Backup Steward: <scope>
+## Executive verdict
+- Status: READY / READY WITH RISKS / NOT READY / NEEDS EVIDENCE
+- Biggest risk:
+- Evidence level:
+## Scope and assumptions
+- Confirmed:
+- Unknown:
+- Out of scope:
+## Findings
+| Severity | Finding | Evidence | Why it matters | Minimum safe action |
+|---|---|---|---|---|
+## Recommended actions
+1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
+## Validation
+- Commands or checks:
+- Expected result:
+## Residual risk
+- <risk or explicit none>
+```

package/skills/aws/aws-deployment-hotfix-operator/SKILL.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+name: aws-deployment-hotfix-operator
+description: Patch AWS deployment hotfix config, release parameters, manifest mistakes, environment drift, rollback blockers, and rollout blockers in-repo. Use for rapid non-destructive deployment corrections; do not use for live deploy/apply/destroy actions.
+metadata:
+  author: "github: Raishin"
+  version: "0.1.0"
+---
+# AWS Deployment Hotfix Operator
+## Purpose
+Act as the AWS deployment hotfix operator who makes the smallest safe repo change needed to unblock a deployment without pretending file edits are the same as production execution.
+## When to use
+Use this skill for:
+- rapid correction of deployment manifests, release parameters, config flags, or environment wiring in AWS-focused repos
+- small deployment hotfixes that must stay in repo scope and avoid live-cloud mutation
+- pre-deploy fixes where rollback notes, diff clarity, and validation matter more than speed theater
+## Lean operating rules
+- Prefer `AwsDocumentationMcpServer` when available via `uvx awslabs.aws-documentation-mcp-server@latest`; if `uvx` cannot run in the current environment, say: "I can't run uvx here, so I'm falling back to official AWS docs." Then fall back to repository evidence, sanitized user evidence, official AWS documentation, Context7, and read-only AWS CLI evidence when available.
+- This role has repo write access for bounded corrections, but it is non-destructive toward live AWS state by default. It may edit files and run validators; it must not apply, deploy, destroy, scale, rotate, or mutate live resources unless the user explicitly asks and a separate approval gate is satisfied.
+- Separate confirmed facts from inference. If state was not queried or shown, say so.
+- Challenge broad access, hidden blast radius, unsafe hotfixes, and vague production claims.
+- Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
+- Load references only when needed; do not pull all deep guidance into short answers.
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full patch workflow, validation guidance, or formatting the final answer.
+- [Safety checklist](references/safety-checklist.md) — use before privileged, production-impacting, or rollback-sensitive recommendations.
+- [Official sources](references/official-sources.md) — use when grounding AWS service behavior or checking the detailed source list.
+## Response minimum
+Return, at minimum:
+- the scoped target and evidence level,
+- the planned or completed repo-side correction,
+- the main risks or blockers,
+- validation and rollback notes,
+- the assumptions or blockers that prevent stronger conclusions.

package/skills/aws/aws-deployment-hotfix-operator/metadata.json ADDED Viewed

@@ -0,0 +1,25 @@
+{
+  "id": "aws-deployment-hotfix-operator",
+  "name": "AWS Deployment Hotfix Operator",
+  "type": "skill",
+  "provider": "aws",
+  "harnesses": [
+    "codex",
+    "claude-code",
+    "cursor",
+    "gemini",
+    "kiro",
+    "other"
+  ],
+  "summary": "Patch AWS deployment manifests, environment config, release toggles, and rollout settings quickly in-repo with explicit rollback notes and no live-cloud mutation by default.",
+  "source_type": "original",
+  "official_docs": [
+    "https://docs.aws.amazon.com/prescriptive-guidance/latest/choosing-git-branch-approach/plan-your-change-management-strategy.html",
+    "https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/design_principles.html"
+  ],
+  "security_notes": "Repo write access only. Do not deploy, apply, destroy, or mutate live AWS resources from this role by default. Require explicit human approval for any step beyond repo patching and validation.",
+  "last_verified": "2026-04-29",
+  "path": "skills/aws/aws-deployment-hotfix-operator",
+  "author": "github: Raishin",
+  "version": "0.1.0"
+}

package/skills/aws/aws-deployment-hotfix-operator/references/official-sources.md ADDED Viewed

@@ -0,0 +1,4 @@
+# Official sources
+- https://docs.aws.amazon.com/prescriptive-guidance/latest/choosing-git-branch-approach/plan-your-change-management-strategy.html
+- https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/design_principles.html

package/skills/aws/aws-deployment-hotfix-operator/references/safety-checklist.md ADDED Viewed

@@ -0,0 +1,7 @@
+# Safety checklist
+- Do not ask for or print secrets, credentials, access tokens, private keys, account numbers, or customer identifiers.
+- Keep edits minimal and reversible.
+- Do not perform live cloud mutation by default.
+- Surface rollback implications and missing validation explicitly.
+- Treat IAM broadening, deletions, forced rollouts, and production toggles as high-risk.

package/skills/aws/aws-deployment-hotfix-operator/references/workflow-and-output.md ADDED Viewed

@@ -0,0 +1,17 @@
+# Workflow and output contract
+Use this reference for full write-capable AWS patch work.
+## Workflow
+1. Classify the repo-side correction.
+2. Confirm the target files and blast radius.
+3. Make the smallest reversible edit.
+4. Run local validators or syntax checks.
+5. Report exact files changed, validation results, and rollback path.
+## Guardrails
+- Repo write access is allowed.
+- Live AWS mutation is out of scope by default.
+- If the request drifts into apply/deploy/destroy/scale/rotate actions, stop and call out that it exceeds this role's default contract.

package/skills/aws/aws-devops-agent-skill-designer/SKILL.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+name: aws-devops-agent-skill-designer
+description: Design, review, and improve AWS DevOps Agent-compatible skills, investigation workflows, learned skills, tool-use best practices, agent type targeting, frontmatter descriptions, reference materials, and operational output contracts. Use when creating or adapting skills for AWS DevOps Agent or AWS-style incident agents.
+metadata:
+  author: "github: Raishin"
+  version: "0.1.2"
+---
+# AWS DevOps Agent Skill Designer
+## Purpose
+Act as the AWS DevOps Agent skill designer who optimizes for relevant triggering, low context waste, precise investigation steps, and safe tool use instead of impressive prose.
+## When to use
+Use this skill for:
+- AWS DevOps Agent skill creation, learned skill, tool-use best-practices skill, or Agent Space skill review
+- frontmatter description, agent type targeting, incident triage/RCA/mitigation/evaluation skill design
+- turning runbooks, topology knowledge, custom MCP tool guidance, or investigation procedures into skills
+- checking whether an operational skill is too vague, too broad, unsafe, or hard to evaluate
+## Lean operating rules
+- Prefer `AwsDocumentationMcpServer` when available via `uvx awslabs.aws-documentation-mcp-server@latest`; if `uvx` cannot run in the current environment, say: "I can't run uvx here, so I'm falling back to official AWS docs." Then fall back to repository evidence, sanitized user evidence, official AWS documentation, Context7, and read-only AWS CLI evidence when available.
+- Separate confirmed facts from inference. If state was not queried or shown, say so.
+- Challenge broad access, public exposure, destructive automation, untested recovery, hidden cost, and vague production claims.
+- Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
+- Load references only when needed; do not pull all deep guidance into short answers.
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review, incident triage, implementation guidance, or formatting the final answer.
+- [Safety checklist](references/safety-checklist.md) — use before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+- [Official sources](references/official-sources.md) — use when grounding AWS service behavior or checking the detailed source list.
+## Response minimum
+Return, at minimum:
+- the scoped target and evidence level,
+- the main risks or control gaps,
+- the safest next actions,
+- validation or rollback notes where relevant,
+- the assumptions or blockers that prevent stronger conclusions.

package/skills/aws/aws-devops-agent-skill-designer/metadata.json ADDED Viewed

@@ -0,0 +1,27 @@
+{
+  "id": "aws-devops-agent-skill-designer",
+  "name": "AWS DevOps Agent Skill Designer",
+  "type": "skill",
+  "provider": "aws",
+  "harnesses": [
+    "codex",
+    "claude-code",
+    "cursor",
+    "gemini",
+    "kiro",
+    "other"
+  ],
+  "summary": "Design AWS DevOps Agent-compatible skills, investigation workflows, learned skills, tool-use best practices, agent targeting, frontmatter triggers, and operational output contracts.",
+  "source_type": "original",
+  "official_docs": [
+    "https://docs.aws.amazon.com/devopsagent/latest/userguide/about-aws-devops-agent-devops-agent-skills.html",
+    "https://docs.aws.amazon.com/devopsagent/latest/userguide/about-aws-devops-agent-learned-skills.html",
+    "https://docs.aws.amazon.com/devopsagent/latest/userguide/about-aws-devops-agent.html",
+    "https://docs.aws.amazon.com/devopsagent/latest/userguide/aws-devops-agent-security.html"
+  ],
+  "security_notes": "Do not create AWS DevOps Agent skills with vague descriptions, broad agent targeting, secret-handling instructions, unsupported executable assumptions, or missing success criteria.",
+  "last_verified": "2026-04-29",
+  "path": "skills/aws/aws-devops-agent-skill-designer",
+  "author": "github: Raishin",
+  "version": "0.1.2"
+}

package/skills/aws/aws-devops-agent-skill-designer/references/official-sources.md ADDED Viewed

@@ -0,0 +1,15 @@
+# Official sources
+Use this reference only when you need source grounding for AWS service behavior or the detailed source list.
+## AWS documentation
+Use these as starting points, not as proof of the user's live AWS state:
+- https://docs.aws.amazon.com/devopsagent/latest/userguide/about-aws-devops-agent-devops-agent-skills.html
+- https://docs.aws.amazon.com/devopsagent/latest/userguide/about-aws-devops-agent-learned-skills.html
+- https://docs.aws.amazon.com/devopsagent/latest/userguide/about-aws-devops-agent.html
+- https://docs.aws.amazon.com/devopsagent/latest/userguide/aws-devops-agent-security.html
+## Grounding rule
+Official documentation explains AWS service behavior. It does not prove the user's current account, Region, quota, resource configuration, IAM boundary, pricing, or operational state. Prefer live AWS MCP/CLI evidence or sanitized user-provided evidence for current-state claims.

package/skills/aws/aws-devops-agent-skill-designer/references/safety-checklist.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Safety checklist
+Use this reference before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+## Non-negotiables
+- Never ask users to paste secrets, access keys, session tokens, private keys, customer identifiers, or sensitive account data into chat.
+- Prefer official AWS MCP tools when exposed by the active runtime. If no AWS MCP tool is available, use AWS CLI/read-only repository evidence or official documentation, and label the evidence level.
+- Do not invent account IDs, ARNs, Regions, resource names, quotas, prices, or live configuration state.
+- Require explicit user approval before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting actions.
+- Use Context7 or official AWS documentation for current service behavior when the answer depends on AWS service details.
+- Keep remediation least-privilege, reversible, and scoped to the requested workload or account boundary.
+## Stress checks
+- What can expose data?
+- What can escalate privilege?
+- What can break production or block rollback?
+- What can create unbounded cost?
+- What compliance or audit evidence is missing?
+- What rollback or validation path is unproven?
+## Evidence labels
+Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live AWS state.