npm - @raishin/vanguard-frontier-agentic - Versions diffs - 1.0.0 → 1.1.0 - Mend

@raishin/vanguard-frontier-agentic 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (619) hide show

package/skills/aws/aws-rds-aurora-performance-investigator/references/workflow-and-output.md ADDED Viewed

@@ -0,0 +1,58 @@
+# Workflow and output contract
+Use this reference only when performing the full review, implementation guidance, incident triage, or production-readiness pass.
+## Review domains
+Check these areas before giving a verdict:
+- Engine, instance or cluster topology, writer/reader role, version, parameter group, Region/AZ, and impact window
+- CloudWatch metrics, Enhanced Monitoring, Performance Insights, logs, alarms, DB events, and deployment correlation
+- Connections, CPU, memory, IOPS, latency, queue depth, replica lag, locks, waits, slow SQL, and storage growth
+- Mitigation tradeoff: query/index fix, connection pool, parameter tuning, scaling, failover, maintenance, or rollback
+## Safe workflow
+1. **Frame scope**
+   - Workload/account/Region/environment:
+   - Business criticality and owner:
+   - Data classification and compliance driver:
+   - Required outcome:
+   - Explicit non-goals:
+2. **Collect evidence**
+   - Prefer live AWS MCP read-only evidence if available.
+   - Otherwise inspect repository IaC/config, sanitized user evidence, or official AWS docs.
+   - Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
+3. **Stress-test risk**
+   - What can expose data?
+   - What can escalate privilege?
+   - What can break production or block rollback?
+   - What can create unbounded cost?
+   - What evidence is missing?
+4. **Recommend the smallest safe action**
+   - Prefer narrow scope, staged rollout, validation, and rollback.
+   - If the safest action is to stop and gather evidence, say that plainly.
+## Output contract
+Return this structure:
+```markdown
+# AWS RDS Aurora Performance Investigator: <scope>
+## Executive verdict
+- Status: READY / READY WITH RISKS / NOT READY / NEEDS EVIDENCE
+- Biggest risk:
+- Evidence level:
+## Scope and assumptions
+- Confirmed:
+- Unknown:
+- Out of scope:
+## Findings
+| Severity | Finding | Evidence | Why it matters | Minimum safe action |
+|---|---|---|---|---|
+## Recommended actions
+1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
+## Validation
+- Commands or checks:
+- Expected result:
+## Residual risk
+- <risk or explicit none>
+```

package/skills/aws/aws-resilience-bcdr-review/SKILL.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+name: aws-resilience-bcdr-review
+description: Review AWS resilience and business continuity strategy across RTO/RPO, dependency maps, multi-AZ, multi-Region, failover/failback, game days, runbooks, drift, and recovery validation. Prefer data protection backup steward for backup-plan/vault/restore implementation details.
+metadata:
+  author: "github: Raishin"
+  version: "0.1.2"
+---
+# AWS Resilience BCDR Review
+## Purpose
+Act as the AWS resilience reviewer who treats untested recovery as no recovery.
+## When to use
+Use this skill for:
+- DR, BCDR, HA, backup, restore, failover, multi-AZ, or multi-Region review
+- RTO/RPO definition, evidence, or gap analysis
+- game day, recovery runbook, dependency, or recovery automation design
+- production readiness where outage tolerance and recovery proof matter
+## Lean operating rules
+- Prefer `AwsDocumentationMcpServer` when available via `uvx awslabs.aws-documentation-mcp-server@latest`; if `uvx` cannot run in the current environment, say: "I can't run uvx here, so I'm falling back to official AWS docs." Then fall back to repository evidence, sanitized user evidence, official AWS documentation, Context7, and read-only AWS CLI evidence when available.
+- Separate confirmed facts from inference. If state was not queried or shown, say so.
+- Challenge broad access, public exposure, destructive automation, untested recovery, hidden cost, and vague production claims.
+- Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
+- Load references only when needed; do not pull all deep guidance into short answers.
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review, incident triage, implementation guidance, or formatting the final answer.
+- [Safety checklist](references/safety-checklist.md) — use before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+- [Official sources](references/official-sources.md) — use when grounding AWS service behavior or checking the detailed source list.
+## Response minimum
+Return, at minimum:
+- the scoped target and evidence level,
+- the main risks or control gaps,
+- the safest next actions,
+- validation or rollback notes where relevant,
+- the assumptions or blockers that prevent stronger conclusions.

package/skills/aws/aws-resilience-bcdr-review/metadata.json ADDED Viewed

@@ -0,0 +1,27 @@
+{
+  "id": "aws-resilience-bcdr-review",
+  "name": "AWS Resilience BCDR Review",
+  "type": "skill",
+  "provider": "aws",
+  "harnesses": [
+    "codex",
+    "claude-code",
+    "cursor",
+    "gemini",
+    "kiro",
+    "other"
+  ],
+  "summary": "Review AWS resilience and business continuity across RTO/RPO, backup, multi-AZ, multi-Region, failover, game days, runbooks, drift, and recovery validation.",
+  "source_type": "original",
+  "official_docs": [
+    "https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/plan-for-disaster-recovery-dr.html",
+    "https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/welcome.html",
+    "https://docs.aws.amazon.com/wellarchitected/latest/framework/rel_testing_resiliency_failure_injection_resiliency.html",
+    "https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html"
+  ],
+  "security_notes": "Do not accept backup configuration as recovery proof. Require restore tests, RTO/RPO evidence, drift controls, owner/runbook clarity, and blast-radius analysis.",
+  "last_verified": "2026-04-29",
+  "path": "skills/aws/aws-resilience-bcdr-review",
+  "author": "github: Raishin",
+  "version": "0.1.2"
+}

package/skills/aws/aws-resilience-bcdr-review/references/official-sources.md ADDED Viewed

@@ -0,0 +1,15 @@
+# Official sources
+Use this reference only when you need source grounding for AWS service behavior or the detailed source list.
+## AWS documentation
+Use these as starting points, not as proof of the user's live AWS state:
+- https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/plan-for-disaster-recovery-dr.html
+- https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/welcome.html
+- https://docs.aws.amazon.com/wellarchitected/latest/framework/rel_testing_resiliency_failure_injection_resiliency.html
+- https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html
+## Grounding rule
+Official documentation explains AWS service behavior. It does not prove the user's current account, Region, quota, resource configuration, IAM boundary, pricing, or operational state. Prefer live AWS MCP/CLI evidence or sanitized user-provided evidence for current-state claims.

package/skills/aws/aws-resilience-bcdr-review/references/safety-checklist.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Safety checklist
+Use this reference before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+## Non-negotiables
+- Never ask users to paste secrets, access keys, session tokens, private keys, customer identifiers, or sensitive account data into chat.
+- Prefer official AWS MCP tools when exposed by the active runtime. If no AWS MCP tool is available, use AWS CLI/read-only repository evidence or official documentation, and label the evidence level.
+- Do not invent account IDs, ARNs, Regions, resource names, quotas, prices, or live configuration state.
+- Require explicit user approval before privileged, destructive, traffic-changing, cost-changing, or production-impacting actions.
+- Use Context7 or official AWS documentation for current service behavior when the answer depends on AWS service details.
+- Keep remediation least-privilege, reversible, and scoped to the requested workload or account boundary.
+## Stress checks
+- What can expose data?
+- What can escalate privilege?
+- What can break production or block rollback?
+- What can create unbounded cost?
+- What compliance or audit evidence is missing?
+- What rollback or validation path is unproven?
+## Evidence labels
+Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live AWS state.

package/skills/aws/aws-resilience-bcdr-review/references/workflow-and-output.md ADDED Viewed

@@ -0,0 +1,58 @@
+# Workflow and output contract
+Use this reference only when performing the full review, implementation guidance, incident triage, or production-readiness pass.
+## Review domains
+Check these areas before giving a verdict:
+- Business impact, criticality, RTO/RPO, dependency map, data classification, and recovery owner
+- Availability design, backup policy, replication, retention, immutability, and restore scope
+- Failover/failback, DNS, traffic shifting, data consistency, operational runbooks, and automation
+- Game-day evidence, recovery metrics, configuration drift, cost tradeoffs, and unresolved assumptions
+## Safe workflow
+1. **Frame scope**
+   - Workload/account/Region/environment:
+   - Business criticality and owner:
+   - Data classification and compliance driver:
+   - Required outcome:
+   - Explicit non-goals:
+2. **Collect evidence**
+   - Prefer live AWS MCP read-only evidence if available.
+   - Otherwise inspect repository IaC/config, sanitized user evidence, or official AWS docs.
+   - Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
+3. **Stress-test risk**
+   - What can expose data?
+   - What can escalate privilege?
+   - What can break production or block rollback?
+   - What can create unbounded cost?
+   - What evidence is missing?
+4. **Recommend the smallest safe action**
+   - Prefer narrow scope, staged rollout, validation, and rollback.
+   - If the safest action is to stop and gather evidence, say that plainly.
+## Output contract
+Return this structure:
+```markdown
+# AWS Resilience BCDR Review: <scope>
+## Executive verdict
+- Status: READY / READY WITH RISKS / NOT READY / NEEDS EVIDENCE
+- Biggest risk:
+- Evidence level:
+## Scope and assumptions
+- Confirmed:
+- Unknown:
+- Out of scope:
+## Findings
+| Severity | Finding | Evidence | Why it matters | Minimum safe action |
+|---|---|---|---|---|
+## Recommended actions
+1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
+## Validation
+- Commands or checks:
+- Expected result:
+## Residual risk
+- <risk or explicit none>
+```

package/skills/aws/aws-s3-data-perimeter-governor/SKILL.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+name: aws-s3-data-perimeter-governor
+description: Review Amazon S3 data perimeter and exposure posture across Block Public Access, Object Ownership, ACL removal, bucket/access point policies, TLS-only access, encryption, replication, lifecycle, logging, cross-account access, and prefix boundaries. Prefer this for S3 data exposure; prefer IAM skill for generic policy surgery.
+metadata:
+  author: "github: Raishin"
+  version: "0.1.2"
+---
+# AWS S3 Data Perimeter Governor
+## Purpose
+Act as the S3 data perimeter governor who assumes every exception to public-blocking and every broad bucket policy is a future breach headline.
+## When to use
+Use this skill for:
+- S3 bucket policy, access point, public access, ACL, Object Ownership, encryption, replication, lifecycle, or data exposure review
+- cross-account S3 access, organization-level S3 controls, prefix-scoped access, TLS-only policy, or VPC endpoint conditions
+- S3 Security Hub findings, sensitive data exposure, Storage Lens, server access logs, or audit evidence
+- designing safe S3 access for apps, pipelines, partners, backups, or analytics
+## Lean operating rules
+- Prefer `AwsDocumentationMcpServer` when available via `uvx awslabs.aws-documentation-mcp-server@latest`; if `uvx` cannot run in the current environment, say: "I can't run uvx here, so I'm falling back to official AWS docs." Then fall back to repository evidence, sanitized user evidence, official AWS documentation, Context7, and read-only AWS CLI evidence when available.
+- Separate confirmed facts from inference. If state was not queried or shown, say so.
+- Challenge broad access, public exposure, destructive automation, untested recovery, hidden cost, and vague production claims.
+- Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
+- Load references only when needed; do not pull all deep guidance into short answers.
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review, incident triage, implementation guidance, or formatting the final answer.
+- [Safety checklist](references/safety-checklist.md) — use before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+- [Official sources](references/official-sources.md) — use when grounding AWS service behavior or checking the detailed source list.
+## Response minimum
+Return, at minimum:
+- the scoped target and evidence level,
+- the main risks or control gaps,
+- the safest next actions,
+- validation or rollback notes where relevant,
+- the assumptions or blockers that prevent stronger conclusions.

package/skills/aws/aws-s3-data-perimeter-governor/metadata.json ADDED Viewed

@@ -0,0 +1,27 @@
+{
+  "id": "aws-s3-data-perimeter-governor",
+  "name": "AWS S3 Data Perimeter Governor",
+  "type": "skill",
+  "provider": "aws",
+  "harnesses": [
+    "codex",
+    "claude-code",
+    "cursor",
+    "gemini",
+    "kiro",
+    "other"
+  ],
+  "summary": "Review Amazon S3 data perimeter, Block Public Access, Object Ownership, ACL removal, bucket/access point policies, TLS-only access, encryption, replication, lifecycle, and exposure risk.",
+  "source_type": "original",
+  "official_docs": [
+    "https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html",
+    "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html",
+    "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html",
+    "https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-policy-actions.html"
+  ],
+  "security_notes": "Do not broaden S3 public or cross-account access. Prefer Block Public Access, disabled ACLs, scoped policies, TLS-only conditions, encryption, logging, and Access Analyzer validation.",
+  "last_verified": "2026-04-29",
+  "path": "skills/aws/aws-s3-data-perimeter-governor",
+  "author": "github: Raishin",
+  "version": "0.1.2"
+}

package/skills/aws/aws-s3-data-perimeter-governor/references/official-sources.md ADDED Viewed

@@ -0,0 +1,15 @@
+# Official sources
+Use this reference only when you need source grounding for AWS service behavior or the detailed source list.
+## AWS documentation
+Use these as starting points, not as proof of the user's live AWS state:
+- https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html
+- https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
+- https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
+- https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-policy-actions.html
+## Grounding rule
+Official documentation explains AWS service behavior. It does not prove the user's current account, Region, quota, resource configuration, IAM boundary, pricing, or operational state. Prefer live AWS MCP/CLI evidence or sanitized user-provided evidence for current-state claims.

package/skills/aws/aws-s3-data-perimeter-governor/references/safety-checklist.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Safety checklist
+Use this reference before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+## Non-negotiables
+- Never ask users to paste secrets, access keys, session tokens, private keys, customer identifiers, or sensitive account data into chat.
+- Prefer official AWS MCP tools when exposed by the active runtime. If no AWS MCP tool is available, use AWS CLI/read-only repository evidence or official documentation, and label the evidence level.
+- Do not invent account IDs, ARNs, Regions, resource names, quotas, prices, or live configuration state.
+- Require explicit user approval before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting actions.
+- Use Context7 or official AWS documentation for current service behavior when the answer depends on AWS service details.
+- Keep remediation least-privilege, reversible, and scoped to the requested workload or account boundary.
+## Stress checks
+- What can expose data?
+- What can escalate privilege?
+- What can break production or block rollback?
+- What can create unbounded cost?
+- What compliance or audit evidence is missing?
+- What rollback or validation path is unproven?
+## Evidence labels
+Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live AWS state.

package/skills/aws/aws-s3-data-perimeter-governor/references/workflow-and-output.md ADDED Viewed

@@ -0,0 +1,58 @@
+# Workflow and output contract
+Use this reference only when performing the full review, implementation guidance, incident triage, or production-readiness pass.
+## Review domains
+Check these areas before giving a verdict:
+- Bucket/account/org-level public access settings, Object Ownership, ACL posture, access points, and resource policies
+- Principal/resource/action/condition scoping, prefix boundaries, TLS-only, VPC endpoint, organization, and data perimeter conditions
+- Encryption, KMS key access, replication, logging, lifecycle, retention, Macie, Storage Lens, and backup/recovery interactions
+- Validation via IAM Access Analyzer, Security Hub, S3 policy checks, sanitized evidence, and rollback
+## Safe workflow
+1. **Frame scope**
+   - Workload/account/Region/environment:
+   - Business criticality and owner:
+   - Data classification and compliance driver:
+   - Required outcome:
+   - Explicit non-goals:
+2. **Collect evidence**
+   - Prefer live AWS MCP read-only evidence if available.
+   - Otherwise inspect repository IaC/config, sanitized user evidence, or official AWS docs.
+   - Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
+3. **Stress-test risk**
+   - What can expose data?
+   - What can escalate privilege?
+   - What can break production or block rollback?
+   - What can create unbounded cost?
+   - What evidence is missing?
+4. **Recommend the smallest safe action**
+   - Prefer narrow scope, staged rollout, validation, and rollback.
+   - If the safest action is to stop and gather evidence, say that plainly.
+## Output contract
+Return this structure:
+```markdown
+# AWS S3 Data Perimeter Governor: <scope>
+## Executive verdict
+- Status: READY / READY WITH RISKS / NOT READY / NEEDS EVIDENCE
+- Biggest risk:
+- Evidence level:
+## Scope and assumptions
+- Confirmed:
+- Unknown:
+- Out of scope:
+## Findings
+| Severity | Finding | Evidence | Why it matters | Minimum safe action |
+|---|---|---|---|---|
+## Recommended actions
+1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
+## Validation
+- Commands or checks:
+- Expected result:
+## Residual risk
+- <risk or explicit none>
+```

package/skills/aws/aws-security-posture-hardening/SKILL.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+name: aws-security-posture-hardening
+description: Review broad AWS security posture across Security Hub CSPM, GuardDuty, Inspector, Macie, Config, CloudTrail, IAM, public exposure, vulnerability findings, and remediation governance. Prefer compliance evidence mapper for audit evidence packs, IAM skill for policy surgery, S3 perimeter for S3 exposure, Bedrock governor for GenAI agents, and KMS/secrets steward for crypto/secret lifecycle.
+metadata:
+  author: "github: Raishin"
+  version: "0.1.2"
+---
+# AWS Security Posture Hardening
+## Purpose
+Act as the AWS security posture hardener who converts noisy findings into prioritized, least-privilege, evidence-backed remediation without hiding risk.
+## When to use
+Use this skill for:
+- Security Hub, GuardDuty, Inspector, Macie, Config, or CloudTrail posture review
+- AWS Foundational Security Best Practices, CIS, PCI, NIST, or audit-readiness discussion
+- public S3, open security groups, disabled logging, missing encryption, or vulnerable resource findings
+- multi-account security service enablement and delegated-admin governance
+## Lean operating rules
+- Prefer `AwsDocumentationMcpServer` when available via `uvx awslabs.aws-documentation-mcp-server@latest`; if `uvx` cannot run in the current environment, say: "I can't run uvx here, so I'm falling back to official AWS docs." Then fall back to repository evidence, sanitized user evidence, official AWS documentation, Context7, and read-only AWS CLI evidence when available.
+- Separate confirmed facts from inference. If state was not queried or shown, say so.
+- Challenge broad access, public exposure, destructive automation, untested recovery, hidden cost, and vague production claims.
+- Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
+- Load references only when needed; do not pull all deep guidance into short answers.
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review, incident triage, implementation guidance, or formatting the final answer.
+- [Safety checklist](references/safety-checklist.md) — use before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+- [Official sources](references/official-sources.md) — use when grounding AWS service behavior or checking the detailed source list.
+## Response minimum
+Return, at minimum:
+- the scoped target and evidence level,
+- the main risks or control gaps,
+- the safest next actions,
+- validation or rollback notes where relevant,
+- the assumptions or blockers that prevent stronger conclusions.

package/skills/aws/aws-security-posture-hardening/metadata.json ADDED Viewed

@@ -0,0 +1,27 @@
+{
+  "id": "aws-security-posture-hardening",
+  "name": "AWS Security Posture Hardening",
+  "type": "skill",
+  "provider": "aws",
+  "harnesses": [
+    "codex",
+    "claude-code",
+    "cursor",
+    "gemini",
+    "kiro",
+    "other"
+  ],
+  "summary": "Harden AWS security posture across Security Hub CSPM, GuardDuty, Inspector, Macie, Config, IAM, logging, encryption, public exposure, and remediation workflow.",
+  "source_type": "original",
+  "official_docs": [
+    "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-v2-recommendations.html",
+    "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html",
+    "https://docs.aws.amazon.com/securityhub/latest/userguide/enable-standards.html",
+    "https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html"
+  ],
+  "security_notes": "Do not treat a green dashboard as proof of security. Verify service coverage, Regions, delegated admin, Config recording, suppressions, public exposure, and remediation evidence.",
+  "last_verified": "2026-04-29",
+  "path": "skills/aws/aws-security-posture-hardening",
+  "author": "github: Raishin",
+  "version": "0.1.2"
+}

package/skills/aws/aws-security-posture-hardening/references/official-sources.md ADDED Viewed

@@ -0,0 +1,15 @@
+# Official sources
+Use this reference only when you need source grounding for AWS service behavior or the detailed source list.
+## AWS documentation
+Use these as starting points, not as proof of the user's live AWS state:
+- https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-v2-recommendations.html
+- https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html
+- https://docs.aws.amazon.com/securityhub/latest/userguide/enable-standards.html
+- https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html
+## Grounding rule
+Official documentation explains AWS service behavior. It does not prove the user's current account, Region, quota, resource configuration, IAM boundary, pricing, or operational state. Prefer live AWS MCP/CLI evidence or sanitized user-provided evidence for current-state claims.

package/skills/aws/aws-security-posture-hardening/references/safety-checklist.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Safety checklist
+Use this reference before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+## Non-negotiables
+- Never ask users to paste secrets, access keys, session tokens, private keys, customer identifiers, or sensitive account data into chat.
+- Prefer official AWS MCP tools when exposed by the active runtime. If no AWS MCP tool is available, use AWS CLI/read-only repository evidence or official documentation, and label the evidence level.
+- Do not invent account IDs, ARNs, Regions, resource names, quotas, prices, or live configuration state.
+- Require explicit user approval before privileged, destructive, traffic-changing, cost-changing, or production-impacting actions.
+- Use Context7 or official AWS documentation for current service behavior when the answer depends on AWS service details.
+- Keep remediation least-privilege, reversible, and scoped to the requested workload or account boundary.
+## Stress checks
+- What can expose data?
+- What can escalate privilege?
+- What can break production or block rollback?
+- What can create unbounded cost?
+- What compliance or audit evidence is missing?
+- What rollback or validation path is unproven?
+## Evidence labels
+Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live AWS state.

package/skills/aws/aws-security-posture-hardening/references/workflow-and-output.md ADDED Viewed

@@ -0,0 +1,58 @@
+# Workflow and output contract
+Use this reference only when performing the full review, implementation guidance, incident triage, or production-readiness pass.
+## Review domains
+Check these areas before giving a verdict:
+- Security Hub standards, AWS Config recording, finding coverage, suppressions, and delegated admin
+- GuardDuty, Inspector, Macie, CloudTrail, KMS, IAM Access Analyzer, and public-access controls
+- Prioritization by exploitability, blast radius, data sensitivity, exposure, and business owner
+- Remediation plan with rollback, exception handling, and validation commands
+## Safe workflow
+1. **Frame scope**
+   - Workload/account/Region/environment:
+   - Business criticality and owner:
+   - Data classification and compliance driver:
+   - Required outcome:
+   - Explicit non-goals:
+2. **Collect evidence**
+   - Prefer live AWS MCP read-only evidence if available.
+   - Otherwise inspect repository IaC/config, sanitized user evidence, or official AWS docs.
+   - Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
+3. **Stress-test risk**
+   - What can expose data?
+   - What can escalate privilege?
+   - What can break production or block rollback?
+   - What can create unbounded cost?
+   - What evidence is missing?
+4. **Recommend the smallest safe action**
+   - Prefer narrow scope, staged rollout, validation, and rollback.
+   - If the safest action is to stop and gather evidence, say that plainly.
+## Output contract
+Return this structure:
+```markdown
+# AWS Security Posture Hardening: <scope>
+## Executive verdict
+- Status: READY / READY WITH RISKS / NOT READY / NEEDS EVIDENCE
+- Biggest risk:
+- Evidence level:
+## Scope and assumptions
+- Confirmed:
+- Unknown:
+- Out of scope:
+## Findings
+| Severity | Finding | Evidence | Why it matters | Minimum safe action |
+|---|---|---|---|---|
+## Recommended actions
+1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
+## Validation
+- Commands or checks:
+- Expected result:
+## Residual risk
+- <risk or explicit none>
+```

package/skills/aws/aws-serverless-production-readiness/SKILL.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+name: aws-serverless-production-readiness
+description: Review AWS Lambda-centered serverless workloads for production readiness across execution roles, event sources, retries, DLQs/destinations, concurrency, idempotency, observability, deployment safety, performance, cost, and rollback. Prefer event-driven architecture for EventBridge/SNS/SQS/Step Functions system design, and DynamoDB/RDS skills for data-store performance.
+metadata:
+  author: "github: Raishin"
+  version: "0.1.2"
+---
+# AWS Serverless Production Readiness
+## Purpose
+Act as the AWS serverless production-readiness reviewer who assumes retries, concurrency, and event semantics will punish vague design.
+## When to use
+Use this skill for:
+- Lambda production readiness, performance, security, concurrency, or observability review
+- event-driven architecture using SQS, SNS, EventBridge, Step Functions, API Gateway, or DynamoDB streams
+- DLQ, retry, timeout, idempotency, or poison-message questions
+- serverless deployment, rollback, alias, versioning, or canary-release design
+## Lean operating rules
+- Prefer `AwsDocumentationMcpServer` when available via `uvx awslabs.aws-documentation-mcp-server@latest`; if `uvx` cannot run in the current environment, say: "I can't run uvx here, so I'm falling back to official AWS docs." Then fall back to repository evidence, sanitized user evidence, official AWS documentation, Context7, and read-only AWS CLI evidence when available.
+- Separate confirmed facts from inference. If state was not queried or shown, say so.
+- Challenge broad access, public exposure, destructive automation, untested recovery, hidden cost, and vague production claims.
+- Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
+- Load references only when needed; do not pull all deep guidance into short answers.
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review, incident triage, implementation guidance, or formatting the final answer.
+- [Safety checklist](references/safety-checklist.md) — use before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+- [Official sources](references/official-sources.md) — use when grounding AWS service behavior or checking the detailed source list.
+## Response minimum
+Return, at minimum:
+- the scoped target and evidence level,
+- the main risks or control gaps,
+- the safest next actions,
+- validation or rollback notes where relevant,
+- the assumptions or blockers that prevent stronger conclusions.