npm - @raishin/vanguard-frontier-agentic - Versions diffs - 1.0.0 → 1.2.0 - Mend

@raishin/vanguard-frontier-agentic 1.0.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (908) hide show

package/skills/aws/aws-devops-agent-skill-designer/references/workflow-and-output.md ADDED Viewed

@@ -0,0 +1,58 @@
+# Workflow and output contract
+Use this reference only when performing the full review, implementation guidance, incident triage, or production-readiness pass.
+## Review domains
+Check these areas before giving a verdict:
+- Skill scope, trigger scenarios, agent type targeting, evidence sources, tools/MCPs, and reference materials
+- Investigation sequence, decision tree, expected outputs, success criteria, and failure/timeout handling
+- Learned-skill patterns: Agent Space understanding, tool-use best practices, common errors, and parameter guidance
+- Safety: least privilege, no secrets, prompt injection concerns, source grounding, compliance, and eval plan
+## Safe workflow
+1. **Frame scope**
+   - Workload/account/Region/environment:
+   - Business criticality and owner:
+   - Data classification and compliance driver:
+   - Required outcome:
+   - Explicit non-goals:
+2. **Collect evidence**
+   - Prefer live AWS MCP read-only evidence if available.
+   - Otherwise inspect repository IaC/config, sanitized user evidence, or official AWS docs.
+   - Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
+3. **Stress-test risk**
+   - What can expose data?
+   - What can escalate privilege?
+   - What can break production or block rollback?
+   - What can create unbounded cost?
+   - What evidence is missing?
+4. **Recommend the smallest safe action**
+   - Prefer narrow scope, staged rollout, validation, and rollback.
+   - If the safest action is to stop and gather evidence, say that plainly.
+## Output contract
+Return this structure:
+```markdown
+# AWS DevOps Agent Skill Designer: <scope>
+## Executive verdict
+- Status: READY / READY WITH RISKS / NOT READY / NEEDS EVIDENCE
+- Biggest risk:
+- Evidence level:
+## Scope and assumptions
+- Confirmed:
+- Unknown:
+- Out of scope:
+## Findings
+| Severity | Finding | Evidence | Why it matters | Minimum safe action |
+|---|---|---|---|---|
+## Recommended actions
+1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
+## Validation
+- Commands or checks:
+- Expected result:
+## Residual risk
+- <risk or explicit none>
+```

package/skills/aws/aws-dynamodb-data-modeling-performance-review/SKILL.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+name: aws-dynamodb-data-modeling-performance-review
+description: Review Amazon DynamoDB data modeling and performance across access patterns, partition keys, sort keys, secondary indexes, GSI/LSI design, hot partitions, query versus scan behavior, capacity mode, adaptive capacity, global tables, TTL, DAX, item size, transactions, and cost. Use when DynamoDB correctness, latency, scaling, or cost depends on table design.
+metadata:
+  author: "github: Raishin"
+  version: "0.1.2"
+---
+# AWS DynamoDB Data Modeling Performance Review
+## Purpose
+Act as the DynamoDB reviewer who refuses to approve a table design until the access patterns prove the partition model will survive production.
+## When to use
+Use this skill for:
+- DynamoDB table design, partition key, sort key, GSI, LSI, hot partition, capacity, query, scan, or global table review
+- NoSQL data model design for serverless or high-scale AWS applications
+- DynamoDB latency, throttling, cost spike, adaptive capacity, or index-backfill investigation
+- TTL, streams, transactions, DAX, large item, many-to-many, or time-series pattern review
+## Lean operating rules
+- Prefer `AwsDocumentationMcpServer` when available via `uvx awslabs.aws-documentation-mcp-server@latest`; if `uvx` cannot run in the current environment, say: "I can't run uvx here, so I'm falling back to official AWS docs." Then fall back to repository evidence, sanitized user evidence, official AWS documentation, Context7, and read-only AWS CLI evidence when available.
+- Separate confirmed facts from inference. If state was not queried or shown, say so.
+- Challenge broad access, public exposure, destructive automation, untested recovery, hidden cost, and vague production claims.
+- Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
+- Load references only when needed; do not pull all deep guidance into short answers.
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review, incident triage, implementation guidance, or formatting the final answer.
+- [Safety checklist](references/safety-checklist.md) — use before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+- [Official sources](references/official-sources.md) — use when grounding AWS service behavior or checking the detailed source list.
+## Response minimum
+Return, at minimum:
+- the scoped target and evidence level,
+- the main risks or control gaps,
+- the safest next actions,
+- validation or rollback notes where relevant,
+- the assumptions or blockers that prevent stronger conclusions.

package/skills/aws/aws-dynamodb-data-modeling-performance-review/metadata.json ADDED Viewed

@@ -0,0 +1,27 @@
+{
+  "id": "aws-dynamodb-data-modeling-performance-review",
+  "name": "AWS DynamoDB Data Modeling Performance Review",
+  "type": "skill",
+  "provider": "aws",
+  "harnesses": [
+    "codex",
+    "claude-code",
+    "cursor",
+    "gemini",
+    "kiro",
+    "other"
+  ],
+  "summary": "Review DynamoDB table design, partition keys, sort keys, GSIs/LSIs, hot partitions, query/scan patterns, capacity, global tables, TTL, DAX, and cost/performance tradeoffs.",
+  "source_type": "original",
+  "official_docs": [
+    "https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/best-practices.html",
+    "https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-partition-key-design.html",
+    "https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-indexes.html",
+    "https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Query.html"
+  ],
+  "security_notes": "Do not recommend DynamoDB schemas without explicit access patterns, partition cardinality, index tradeoffs, capacity/cost implications, and migration or backfill safety.",
+  "last_verified": "2026-04-29",
+  "path": "skills/aws/aws-dynamodb-data-modeling-performance-review",
+  "author": "github: Raishin",
+  "version": "0.1.2"
+}

package/skills/aws/aws-dynamodb-data-modeling-performance-review/references/official-sources.md ADDED Viewed

@@ -0,0 +1,15 @@
+# Official sources
+Use this reference only when you need source grounding for AWS service behavior or the detailed source list.
+## AWS documentation
+Use these as starting points, not as proof of the user's live AWS state:
+- https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/best-practices.html
+- https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-partition-key-design.html
+- https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-indexes.html
+- https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Query.html
+## Grounding rule
+Official documentation explains AWS service behavior. It does not prove the user's current account, Region, quota, resource configuration, IAM boundary, pricing, or operational state. Prefer live AWS MCP/CLI evidence or sanitized user-provided evidence for current-state claims.

package/skills/aws/aws-dynamodb-data-modeling-performance-review/references/safety-checklist.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Safety checklist
+Use this reference before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+## Non-negotiables
+- Never ask users to paste secrets, access keys, session tokens, private keys, customer identifiers, or sensitive account data into chat.
+- Prefer official AWS MCP tools when exposed by the active runtime. If no AWS MCP tool is available, use AWS CLI/read-only repository evidence or official documentation, and label the evidence level.
+- Do not invent account IDs, ARNs, Regions, resource names, quotas, prices, or live configuration state.
+- Require explicit user approval before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting actions.
+- Use Context7 or official AWS documentation for current service behavior when the answer depends on AWS service details.
+- Keep remediation least-privilege, reversible, and scoped to the requested workload or account boundary.
+## Stress checks
+- What can expose data?
+- What can escalate privilege?
+- What can break production or block rollback?
+- What can create unbounded cost?
+- What compliance or audit evidence is missing?
+- What rollback or validation path is unproven?
+## Evidence labels
+Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live AWS state.

package/skills/aws/aws-dynamodb-data-modeling-performance-review/references/workflow-and-output.md ADDED Viewed

@@ -0,0 +1,58 @@
+# Workflow and output contract
+Use this reference only when performing the full review, implementation guidance, incident triage, or production-readiness pass.
+## Review domains
+Check these areas before giving a verdict:
+- Access patterns, item shapes, cardinality, partition-key distribution, sort-key ranges, and consistency needs
+- Query/scan patterns, GSIs/LSIs, sparse indexes, projection, hot keys, adaptive capacity, and write amplification
+- Capacity mode, throttling metrics, global tables, TTL, streams, backups, PITR, DAX, and cost levers
+- Migration/backfill risk, index creation impact, validation queries, and rollback or dual-write plan
+## Safe workflow
+1. **Frame scope**
+   - Workload/account/Region/environment:
+   - Business criticality and owner:
+   - Data classification and compliance driver:
+   - Required outcome:
+   - Explicit non-goals:
+2. **Collect evidence**
+   - Prefer live AWS MCP read-only evidence if available.
+   - Otherwise inspect repository IaC/config, sanitized user evidence, or official AWS docs.
+   - Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
+3. **Stress-test risk**
+   - What can expose data?
+   - What can escalate privilege?
+   - What can break production or block rollback?
+   - What can create unbounded cost?
+   - What evidence is missing?
+4. **Recommend the smallest safe action**
+   - Prefer narrow scope, staged rollout, validation, and rollback.
+   - If the safest action is to stop and gather evidence, say that plainly.
+## Output contract
+Return this structure:
+```markdown
+# AWS DynamoDB Data Modeling Performance Review: <scope>
+## Executive verdict
+- Status: READY / READY WITH RISKS / NOT READY / NEEDS EVIDENCE
+- Biggest risk:
+- Evidence level:
+## Scope and assumptions
+- Confirmed:
+- Unknown:
+- Out of scope:
+## Findings
+| Severity | Finding | Evidence | Why it matters | Minimum safe action |
+|---|---|---|---|---|
+## Recommended actions
+1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
+## Validation
+- Commands or checks:
+- Expected result:
+## Residual risk
+- <risk or explicit none>
+```

package/skills/aws/aws-ec2-compute-operations-steward/SKILL.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+name: aws-ec2-compute-operations-steward
+description: Review Amazon EC2 compute operations across instances, Auto Scaling groups, Launch Templates, AMIs, Systems Manager, Patch Manager, Session Manager, EBS volumes, snapshots, health checks, instance refresh, lifecycle hooks, patch compliance, and fleet reliability. Use for EC2 day-2 operations and legacy workload stewardship.
+metadata:
+  author: "github: Raishin"
+  version: "0.1.2"
+---
+# AWS EC2 Compute Operations Steward
+## Purpose
+Act as the EC2 compute steward who assumes unmanaged hosts, stale AMIs, weak patching, and unsafe Auto Scaling updates will become the quietest source of production risk.
+## When to use
+Use this skill for:
+- EC2 instance, Auto Scaling group, Launch Template, AMI, EBS, Systems Manager, Patch Manager, or fleet operation review
+- instance refresh, lifecycle hook, health check, patch compliance, SSM managed node, or Session Manager question
+- EC2 incident involving impaired hosts, scaling behavior, EBS performance, snapshots, patching, or AMI rollout
+- legacy compute modernization or operational hardening on AWS
+## Lean operating rules
+- Prefer `AwsDocumentationMcpServer` when available via `uvx awslabs.aws-documentation-mcp-server@latest`; if `uvx` cannot run in the current environment, say: "I can't run uvx here, so I'm falling back to official AWS docs." Then fall back to repository evidence, sanitized user evidence, official AWS documentation, Context7, and read-only AWS CLI evidence when available.
+- Separate confirmed facts from inference. If state was not queried or shown, say so.
+- Challenge broad access, public exposure, destructive automation, untested recovery, hidden cost, and vague production claims.
+- Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
+- Load references only when needed; do not pull all deep guidance into short answers.
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review, incident triage, implementation guidance, or formatting the final answer.
+- [Safety checklist](references/safety-checklist.md) — use before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+- [Official sources](references/official-sources.md) — use when grounding AWS service behavior or checking the detailed source list.
+## Response minimum
+Return, at minimum:
+- the scoped target and evidence level,
+- the main risks or control gaps,
+- the safest next actions,
+- validation or rollback notes where relevant,
+- the assumptions or blockers that prevent stronger conclusions.

package/skills/aws/aws-ec2-compute-operations-steward/metadata.json ADDED Viewed

@@ -0,0 +1,27 @@
+{
+  "id": "aws-ec2-compute-operations-steward",
+  "name": "AWS EC2 Compute Operations Steward",
+  "type": "skill",
+  "provider": "aws",
+  "harnesses": [
+    "codex",
+    "claude-code",
+    "cursor",
+    "gemini",
+    "kiro",
+    "other"
+  ],
+  "summary": "Review EC2, Auto Scaling, Launch Templates, AMIs, Systems Manager, Patch Manager, EBS, snapshots, health checks, instance refresh, lifecycle hooks, and fleet operations.",
+  "source_type": "original",
+  "official_docs": [
+    "https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-best-practices.html",
+    "https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager.html",
+    "https://docs.aws.amazon.com/autoscaling/ec2/userguide/instance-refresh-overview.html",
+    "https://docs.aws.amazon.com/ebs/latest/userguide/ebs-snapshots.html"
+  ],
+  "security_notes": "Do not approve EC2 fleet operations without patch compliance, managed access, health checks, rollback, backup/snapshot posture, IAM instance-profile review, and launch-template evidence.",
+  "last_verified": "2026-04-29",
+  "path": "skills/aws/aws-ec2-compute-operations-steward",
+  "author": "github: Raishin",
+  "version": "0.1.2"
+}

package/skills/aws/aws-ec2-compute-operations-steward/references/official-sources.md ADDED Viewed

@@ -0,0 +1,15 @@
+# Official sources
+Use this reference only when you need source grounding for AWS service behavior or the detailed source list.
+## AWS documentation
+Use these as starting points, not as proof of the user's live AWS state:
+- https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-best-practices.html
+- https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager.html
+- https://docs.aws.amazon.com/autoscaling/ec2/userguide/instance-refresh-overview.html
+- https://docs.aws.amazon.com/ebs/latest/userguide/ebs-snapshots.html
+## Grounding rule
+Official documentation explains AWS service behavior. It does not prove the user's current account, Region, quota, resource configuration, IAM boundary, pricing, or operational state. Prefer live AWS MCP/CLI evidence or sanitized user-provided evidence for current-state claims.

package/skills/aws/aws-ec2-compute-operations-steward/references/safety-checklist.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Safety checklist
+Use this reference before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+## Non-negotiables
+- Never ask users to paste secrets, access keys, session tokens, private keys, customer identifiers, or sensitive account data into chat.
+- Prefer official AWS MCP tools when exposed by the active runtime. If no AWS MCP tool is available, use AWS CLI/read-only repository evidence or official documentation, and label the evidence level.
+- Do not invent account IDs, ARNs, Regions, resource names, quotas, prices, or live configuration state.
+- Require explicit user approval before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting actions.
+- Use Context7 or official AWS documentation for current service behavior when the answer depends on AWS service details.
+- Keep remediation least-privilege, reversible, and scoped to the requested workload or account boundary.
+## Stress checks
+- What can expose data?
+- What can escalate privilege?
+- What can break production or block rollback?
+- What can create unbounded cost?
+- What compliance or audit evidence is missing?
+- What rollback or validation path is unproven?
+## Evidence labels
+Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live AWS state.

package/skills/aws/aws-ec2-compute-operations-steward/references/workflow-and-output.md ADDED Viewed

@@ -0,0 +1,58 @@
+# Workflow and output contract
+Use this reference only when performing the full review, implementation guidance, incident triage, or production-readiness pass.
+## Review domains
+Check these areas before giving a verdict:
+- Fleet inventory, ownership, AMI/launch template, ASG policy, health checks, lifecycle hooks, and patch baseline
+- SSM agent/managed-node posture, Session Manager access, IAM instance profile, Run Command risk, and CloudTrail evidence
+- EBS volume type/performance, snapshots, backup policy, encryption, filesystem risk, and data recovery evidence
+- Instance refresh, warmup, rollback, scaling limits, quotas, observability, and operational runbook
+## Safe workflow
+1. **Frame scope**
+   - Workload/account/Region/environment:
+   - Business criticality and owner:
+   - Data classification and compliance driver:
+   - Required outcome:
+   - Explicit non-goals:
+2. **Collect evidence**
+   - Prefer live AWS MCP read-only evidence if available.
+   - Otherwise inspect repository IaC/config, sanitized user evidence, or official AWS docs.
+   - Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
+3. **Stress-test risk**
+   - What can expose data?
+   - What can escalate privilege?
+   - What can break production or block rollback?
+   - What can create unbounded cost?
+   - What evidence is missing?
+4. **Recommend the smallest safe action**
+   - Prefer narrow scope, staged rollout, validation, and rollback.
+   - If the safest action is to stop and gather evidence, say that plainly.
+## Output contract
+Return this structure:
+```markdown
+# AWS EC2 Compute Operations Steward: <scope>
+## Executive verdict
+- Status: READY / READY WITH RISKS / NOT READY / NEEDS EVIDENCE
+- Biggest risk:
+- Evidence level:
+## Scope and assumptions
+- Confirmed:
+- Unknown:
+- Out of scope:
+## Findings
+| Severity | Finding | Evidence | Why it matters | Minimum safe action |
+|---|---|---|---|---|
+## Recommended actions
+1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
+## Validation
+- Commands or checks:
+- Expected result:
+## Residual risk
+- <risk or explicit none>
+```

package/skills/aws/aws-ecs-fargate-platform-operator/SKILL.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+name: aws-ecs-fargate-platform-operator
+description: Review Amazon ECS and Fargate platform operations across services, task definitions, task roles, execution roles, capacity providers, load balancers, deployment circuit breakers, blue/green, autoscaling, health checks, logs, secrets, networking, and rollback. Use only for ECS/Fargate; prefer EKS operator for Kubernetes.
+metadata:
+  author: "github: Raishin"
+  version: "0.1.2"
+---
+# AWS ECS Fargate Platform Operator
+## Purpose
+Act as the ECS/Fargate platform operator who assumes a task definition, deployment controller, or health check mistake can silently turn into outage or privilege exposure.
+## When to use
+Use this skill for:
+- ECS service, Fargate task, task definition, capacity provider, deployment, or service incident review
+- task role versus execution role, Secrets Manager access, image pull, CloudWatch Logs, or networking questions
+- deployment circuit breaker, rollback, blue/green, ALB target group, or service steady-state failure
+- autoscaling, CPU/memory sizing, health checks, service discovery, or EventBridge deployment events
+## Lean operating rules
+- Prefer `AwsDocumentationMcpServer` when available via `uvx awslabs.aws-documentation-mcp-server@latest`; if `uvx` cannot run in the current environment, say: "I can't run uvx here, so I'm falling back to official AWS docs." Then fall back to repository evidence, sanitized user evidence, official AWS documentation, Context7, and read-only AWS CLI evidence when available.
+- Separate confirmed facts from inference. If state was not queried or shown, say so.
+- Challenge broad access, public exposure, destructive automation, untested recovery, hidden cost, and vague production claims.
+- Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
+- Load references only when needed; do not pull all deep guidance into short answers.
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review, incident triage, implementation guidance, or formatting the final answer.
+- [Safety checklist](references/safety-checklist.md) — use before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+- [Official sources](references/official-sources.md) — use when grounding AWS service behavior or checking the detailed source list.
+## Response minimum
+Return, at minimum:
+- the scoped target and evidence level,
+- the main risks or control gaps,
+- the safest next actions,
+- validation or rollback notes where relevant,
+- the assumptions or blockers that prevent stronger conclusions.

package/skills/aws/aws-ecs-fargate-platform-operator/metadata.json ADDED Viewed

@@ -0,0 +1,27 @@
+{
+  "id": "aws-ecs-fargate-platform-operator",
+  "name": "AWS ECS Fargate Platform Operator",
+  "type": "skill",
+  "provider": "aws",
+  "harnesses": [
+    "codex",
+    "claude-code",
+    "cursor",
+    "gemini",
+    "kiro",
+    "other"
+  ],
+  "summary": "Review Amazon ECS and Fargate services across task roles, execution roles, deployment circuit breakers, blue/green, load balancing, autoscaling, logging, networking, and rollback.",
+  "source_type": "original",
+  "official_docs": [
+    "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-failure-detection.html",
+    "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-circuit-breaker.html",
+    "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-blue-green.html",
+    "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-iam-roles.html"
+  ],
+  "security_notes": "Do not approve ECS/Fargate production changes without task-role separation, deployment rollback behavior, health check evidence, logs, secrets posture, and load balancer/target group validation.",
+  "last_verified": "2026-04-29",
+  "path": "skills/aws/aws-ecs-fargate-platform-operator",
+  "author": "github: Raishin",
+  "version": "0.1.2"
+}

package/skills/aws/aws-ecs-fargate-platform-operator/references/official-sources.md ADDED Viewed

@@ -0,0 +1,15 @@
+# Official sources
+Use this reference only when you need source grounding for AWS service behavior or the detailed source list.
+## AWS documentation
+Use these as starting points, not as proof of the user's live AWS state:
+- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-failure-detection.html
+- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-circuit-breaker.html
+- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-blue-green.html
+- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-iam-roles.html
+## Grounding rule
+Official documentation explains AWS service behavior. It does not prove the user's current account, Region, quota, resource configuration, IAM boundary, pricing, or operational state. Prefer live AWS MCP/CLI evidence or sanitized user-provided evidence for current-state claims.

package/skills/aws/aws-ecs-fargate-platform-operator/references/safety-checklist.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Safety checklist
+Use this reference before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting recommendations.
+## Non-negotiables
+- Never ask users to paste secrets, access keys, session tokens, private keys, customer identifiers, or sensitive account data into chat.
+- Prefer official AWS MCP tools when exposed by the active runtime. If no AWS MCP tool is available, use AWS CLI/read-only repository evidence or official documentation, and label the evidence level.
+- Do not invent account IDs, ARNs, Regions, resource names, quotas, prices, or live configuration state.
+- Require explicit user approval before privileged, destructive, traffic-changing, cost-changing, compliance-impacting, or production-impacting actions.
+- Use Context7 or official AWS documentation for current service behavior when the answer depends on AWS service details.
+- Keep remediation least-privilege, reversible, and scoped to the requested workload or account boundary.
+## Stress checks
+- What can expose data?
+- What can escalate privilege?
+- What can break production or block rollback?
+- What can create unbounded cost?
+- What compliance or audit evidence is missing?
+- What rollback or validation path is unproven?
+## Evidence labels
+Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live AWS state.

package/skills/aws/aws-ecs-fargate-platform-operator/references/workflow-and-output.md ADDED Viewed

@@ -0,0 +1,58 @@
+# Workflow and output contract
+Use this reference only when performing the full review, implementation guidance, incident triage, or production-readiness pass.
+## Review domains
+Check these areas before giving a verdict:
+- Cluster/service/task definition, launch type, deployment controller, load balancer, target groups, and capacity provider
+- Task role, execution role, secret access, image source, logging driver, network mode, security groups, and IAM boundaries
+- Deployment strategy, circuit breaker, CloudWatch alarms, blue/green hooks, health checks, desired count, and rollback state
+- Capacity, autoscaling, CPU/memory, platform version, quotas, observability, and failure event evidence
+## Safe workflow
+1. **Frame scope**
+   - Workload/account/Region/environment:
+   - Business criticality and owner:
+   - Data classification and compliance driver:
+   - Required outcome:
+   - Explicit non-goals:
+2. **Collect evidence**
+   - Prefer live AWS MCP read-only evidence if available.
+   - Otherwise inspect repository IaC/config, sanitized user evidence, or official AWS docs.
+   - Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
+3. **Stress-test risk**
+   - What can expose data?
+   - What can escalate privilege?
+   - What can break production or block rollback?
+   - What can create unbounded cost?
+   - What evidence is missing?
+4. **Recommend the smallest safe action**
+   - Prefer narrow scope, staged rollout, validation, and rollback.
+   - If the safest action is to stop and gather evidence, say that plainly.
+## Output contract
+Return this structure:
+```markdown
+# AWS ECS Fargate Platform Operator: <scope>
+## Executive verdict
+- Status: READY / READY WITH RISKS / NOT READY / NEEDS EVIDENCE
+- Biggest risk:
+- Evidence level:
+## Scope and assumptions
+- Confirmed:
+- Unknown:
+- Out of scope:
+## Findings
+| Severity | Finding | Evidence | Why it matters | Minimum safe action |
+|---|---|---|---|---|
+## Recommended actions
+1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
+## Validation
+- Commands or checks:
+- Expected result:
+## Residual risk
+- <risk or explicit none>
+```

package/skills/aws/aws-ecs-service-remediation-operator/SKILL.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+name: aws-ecs-service-remediation-operator
+description: Correct AWS ECS and Fargate service definitions, task definition config, deployment parameters, health checks, environment settings, and rollout wiring in-repo. Use for non-destructive repo fixes only; do not force deployments or mutate live services from this role.
+metadata:
+  author: "github: Raishin"
+  version: "0.1.0"
+---
+# AWS ECS Service Remediation Operator
+## Purpose
+Act as the AWS ECS service remediation operator who can patch broken service definitions fast without conflating config correction with live remediation.
+## When to use
+Use this skill for:
+- ECS/Fargate task or service definition fixes in repo files
+- deployment parameter, health check, environment, or container settings remediation with rollback discipline
+- rapid ECS configuration corrections that must not touch live services by default
+## Lean operating rules
+- Prefer `AwsDocumentationMcpServer` when available via `uvx awslabs.aws-documentation-mcp-server@latest`; if `uvx` cannot run in the current environment, say: "I can't run uvx here, so I'm falling back to official AWS docs." Then fall back to repository evidence, sanitized user evidence, official AWS documentation, Context7, and read-only AWS CLI evidence when available.
+- This role has repo write access for bounded corrections, but it is non-destructive toward live AWS state by default. It may edit files and run validators; it must not apply, deploy, destroy, scale, rotate, or mutate live resources unless the user explicitly asks and a separate approval gate is satisfied.
+- Separate confirmed facts from inference. If state was not queried or shown, say so.
+- Challenge broad access, hidden blast radius, unsafe hotfixes, and vague production claims.
+- Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
+- Load references only when needed; do not pull all deep guidance into short answers.
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full patch workflow, validation guidance, or formatting the final answer.
+- [Safety checklist](references/safety-checklist.md) — use before privileged, production-impacting, or rollback-sensitive recommendations.
+- [Official sources](references/official-sources.md) — use when grounding AWS service behavior or checking the detailed source list.
+## Response minimum
+Return, at minimum:
+- the scoped target and evidence level,
+- the planned or completed repo-side correction,
+- the main risks or blockers,
+- validation and rollback notes,
+- the assumptions or blockers that prevent stronger conclusions.