@raishin/vanguard-frontier-agentic 1.1.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (715) hide show
  1. package/README.md +369 -322
  2. package/agents/AGENTS.md +263 -21
  3. package/agents/argocd/README.md +46 -0
  4. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/AGENT.md +55 -0
  5. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/claude-code.agent.md +35 -0
  6. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/codex.toml +29 -0
  7. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/copilot.agent.md +35 -0
  8. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/cursor.agent.md +35 -0
  9. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/gemini.agent.md +35 -0
  10. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/kiro-cli.agent.json +5 -0
  11. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/kiro-ide.agent.md +35 -0
  12. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/metadata.json +31 -0
  13. package/agents/argocd/argocd-gitops-review-agent/AGENT.md +55 -0
  14. package/agents/argocd/argocd-gitops-review-agent/harnesses/claude-code.agent.md +38 -0
  15. package/agents/argocd/argocd-gitops-review-agent/harnesses/codex.toml +32 -0
  16. package/agents/argocd/argocd-gitops-review-agent/harnesses/copilot.agent.md +38 -0
  17. package/agents/argocd/argocd-gitops-review-agent/harnesses/cursor.agent.md +38 -0
  18. package/agents/argocd/argocd-gitops-review-agent/harnesses/gemini.agent.md +38 -0
  19. package/agents/argocd/argocd-gitops-review-agent/harnesses/kiro-cli.agent.json +5 -0
  20. package/agents/argocd/argocd-gitops-review-agent/harnesses/kiro-ide.agent.md +38 -0
  21. package/agents/argocd/argocd-gitops-review-agent/metadata.json +30 -0
  22. package/agents/aws/aws-live-deployment-guarded-operator-agent/metadata.json +10 -1
  23. package/agents/aws/aws-live-ecs-rollout-guard-agent/metadata.json +10 -1
  24. package/agents/aws/aws-live-iac-change-guard-agent/metadata.json +10 -1
  25. package/agents/aws/aws-live-pipeline-approval-operator-agent/metadata.json +10 -1
  26. package/agents/aws/aws-live-serverless-release-guard-agent/metadata.json +10 -1
  27. package/agents/aws/aws-maestro-agent/AGENT.md +55 -0
  28. package/agents/aws/aws-maestro-agent/harnesses/claude-code.agent.md +38 -0
  29. package/agents/aws/aws-maestro-agent/harnesses/codex.toml +34 -0
  30. package/agents/aws/aws-maestro-agent/harnesses/copilot.agent.md +51 -0
  31. package/agents/aws/aws-maestro-agent/harnesses/cursor.agent.md +40 -0
  32. package/agents/aws/aws-maestro-agent/harnesses/gemini.agent.md +39 -0
  33. package/agents/aws/aws-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
  34. package/agents/aws/aws-maestro-agent/harnesses/kiro-ide.agent.md +38 -0
  35. package/agents/aws/aws-maestro-agent/metadata.json +37 -0
  36. package/agents/aws/aws-private-ca-issuer-review-agent/AGENT.md +53 -0
  37. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
  38. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/codex.toml +27 -0
  39. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/copilot.agent.md +36 -0
  40. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/cursor.agent.md +36 -0
  41. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/gemini.agent.md +36 -0
  42. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
  43. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
  44. package/agents/aws/aws-private-ca-issuer-review-agent/metadata.json +37 -0
  45. package/agents/azure/AGENTS.md +26 -0
  46. package/agents/azure/README.md +45 -0
  47. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/AGENT.md +53 -0
  48. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
  49. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/codex.toml +27 -0
  50. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/copilot.agent.md +36 -0
  51. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/cursor.agent.md +36 -0
  52. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/gemini.agent.md +36 -0
  53. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
  54. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
  55. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/metadata.json +36 -0
  56. package/agents/azure/azure-live-aks-rollout-guard-agent/AGENT.md +57 -0
  57. package/agents/azure/azure-live-aks-rollout-guard-agent/PERMISSIONS.md +56 -0
  58. package/agents/azure/azure-live-aks-rollout-guard-agent/PREFLIGHT.md +48 -0
  59. package/agents/azure/azure-live-aks-rollout-guard-agent/ROLLBACK.md +36 -0
  60. package/agents/azure/azure-live-aks-rollout-guard-agent/harnesses/claude-code.agent.md +40 -0
  61. package/agents/azure/azure-live-aks-rollout-guard-agent/harnesses/codex.toml +32 -0
  62. package/agents/azure/azure-live-aks-rollout-guard-agent/harnesses/copilot.agent.md +53 -0
  63. package/agents/azure/azure-live-aks-rollout-guard-agent/harnesses/cursor.agent.md +40 -0
  64. package/agents/azure/azure-live-aks-rollout-guard-agent/harnesses/gemini.agent.md +40 -0
  65. package/agents/azure/azure-live-aks-rollout-guard-agent/harnesses/kiro-cli.agent.json +1 -0
  66. package/agents/azure/azure-live-aks-rollout-guard-agent/harnesses/kiro-ide.agent.md +40 -0
  67. package/agents/azure/azure-live-aks-rollout-guard-agent/metadata.json +36 -0
  68. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/AGENT.md +57 -0
  69. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/PERMISSIONS.md +43 -0
  70. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/PREFLIGHT.md +50 -0
  71. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/ROLLBACK.md +46 -0
  72. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/harnesses/claude-code.agent.md +40 -0
  73. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/harnesses/codex.toml +32 -0
  74. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/harnesses/copilot.agent.md +53 -0
  75. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/harnesses/cursor.agent.md +40 -0
  76. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/harnesses/gemini.agent.md +40 -0
  77. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/harnesses/kiro-cli.agent.json +1 -0
  78. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/harnesses/kiro-ide.agent.md +40 -0
  79. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/metadata.json +35 -0
  80. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/AGENT.md +57 -0
  81. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/PERMISSIONS.md +88 -0
  82. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/PREFLIGHT.md +48 -0
  83. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/ROLLBACK.md +48 -0
  84. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/harnesses/claude-code.agent.md +40 -0
  85. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/harnesses/codex.toml +32 -0
  86. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/harnesses/copilot.agent.md +53 -0
  87. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/harnesses/cursor.agent.md +40 -0
  88. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/harnesses/gemini.agent.md +40 -0
  89. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/harnesses/kiro-cli.agent.json +1 -0
  90. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/harnesses/kiro-ide.agent.md +40 -0
  91. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/metadata.json +36 -0
  92. package/agents/azure/azure-live-cost-budget-action-guard-agent/AGENT.md +57 -0
  93. package/agents/azure/azure-live-cost-budget-action-guard-agent/PERMISSIONS.md +93 -0
  94. package/agents/azure/azure-live-cost-budget-action-guard-agent/PREFLIGHT.md +44 -0
  95. package/agents/azure/azure-live-cost-budget-action-guard-agent/ROLLBACK.md +49 -0
  96. package/agents/azure/azure-live-cost-budget-action-guard-agent/harnesses/claude-code.agent.md +40 -0
  97. package/agents/azure/azure-live-cost-budget-action-guard-agent/harnesses/codex.toml +32 -0
  98. package/agents/azure/azure-live-cost-budget-action-guard-agent/harnesses/copilot.agent.md +53 -0
  99. package/agents/azure/azure-live-cost-budget-action-guard-agent/harnesses/cursor.agent.md +40 -0
  100. package/agents/azure/azure-live-cost-budget-action-guard-agent/harnesses/gemini.agent.md +40 -0
  101. package/agents/azure/azure-live-cost-budget-action-guard-agent/harnesses/kiro-cli.agent.json +1 -0
  102. package/agents/azure/azure-live-cost-budget-action-guard-agent/harnesses/kiro-ide.agent.md +40 -0
  103. package/agents/azure/azure-live-cost-budget-action-guard-agent/metadata.json +36 -0
  104. package/agents/azure/azure-live-entra-role-assignment-guard-agent/AGENT.md +59 -0
  105. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/claude-code.agent.md +42 -0
  106. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/codex.toml +34 -0
  107. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/copilot.agent.md +55 -0
  108. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/cursor.agent.md +44 -0
  109. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/gemini.agent.md +43 -0
  110. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  111. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  112. package/agents/azure/azure-live-entra-role-assignment-guard-agent/metadata.json +37 -0
  113. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/AGENT.md +57 -0
  114. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/PERMISSIONS.md +68 -0
  115. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/PREFLIGHT.md +46 -0
  116. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/ROLLBACK.md +44 -0
  117. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/harnesses/claude-code.agent.md +40 -0
  118. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/harnesses/codex.toml +32 -0
  119. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/harnesses/copilot.agent.md +53 -0
  120. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/harnesses/cursor.agent.md +40 -0
  121. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/harnesses/gemini.agent.md +40 -0
  122. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/harnesses/kiro-cli.agent.json +1 -0
  123. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/harnesses/kiro-ide.agent.md +40 -0
  124. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/metadata.json +36 -0
  125. package/agents/azure/azure-live-pim-jit-activation-guard-agent/AGENT.md +57 -0
  126. package/agents/azure/azure-live-pim-jit-activation-guard-agent/PERMISSIONS.md +59 -0
  127. package/agents/azure/azure-live-pim-jit-activation-guard-agent/PREFLIGHT.md +41 -0
  128. package/agents/azure/azure-live-pim-jit-activation-guard-agent/ROLLBACK.md +48 -0
  129. package/agents/azure/azure-live-pim-jit-activation-guard-agent/harnesses/claude-code.agent.md +40 -0
  130. package/agents/azure/azure-live-pim-jit-activation-guard-agent/harnesses/codex.toml +32 -0
  131. package/agents/azure/azure-live-pim-jit-activation-guard-agent/harnesses/copilot.agent.md +53 -0
  132. package/agents/azure/azure-live-pim-jit-activation-guard-agent/harnesses/cursor.agent.md +40 -0
  133. package/agents/azure/azure-live-pim-jit-activation-guard-agent/harnesses/gemini.agent.md +40 -0
  134. package/agents/azure/azure-live-pim-jit-activation-guard-agent/harnesses/kiro-cli.agent.json +1 -0
  135. package/agents/azure/azure-live-pim-jit-activation-guard-agent/harnesses/kiro-ide.agent.md +40 -0
  136. package/agents/azure/azure-live-pim-jit-activation-guard-agent/metadata.json +36 -0
  137. package/agents/azure/azure-maestro-agent/AGENT.md +56 -0
  138. package/agents/azure/azure-maestro-agent/harnesses/claude-code.agent.md +39 -0
  139. package/agents/azure/azure-maestro-agent/harnesses/codex.toml +14 -0
  140. package/agents/azure/azure-maestro-agent/harnesses/copilot.agent.md +52 -0
  141. package/agents/azure/azure-maestro-agent/harnesses/cursor.agent.md +41 -0
  142. package/agents/azure/azure-maestro-agent/harnesses/gemini.agent.md +40 -0
  143. package/agents/azure/azure-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
  144. package/agents/azure/azure-maestro-agent/harnesses/kiro-ide.agent.md +39 -0
  145. package/agents/azure/azure-maestro-agent/metadata.json +38 -0
  146. package/agents/backstage/README.md +36 -0
  147. package/agents/backstage/backstage-scaffolder-template-review-agent/AGENT.md +54 -0
  148. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/claude-code.agent.md +37 -0
  149. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/codex.toml +31 -0
  150. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/copilot.agent.md +37 -0
  151. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/cursor.agent.md +37 -0
  152. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/gemini.agent.md +37 -0
  153. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/kiro-cli.agent.json +5 -0
  154. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/kiro-ide.agent.md +37 -0
  155. package/agents/backstage/backstage-scaffolder-template-review-agent/metadata.json +30 -0
  156. package/agents/cert-manager/README.md +46 -0
  157. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/AGENT.md +55 -0
  158. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/claude-code.agent.md +35 -0
  159. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/codex.toml +29 -0
  160. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/copilot.agent.md +35 -0
  161. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/cursor.agent.md +35 -0
  162. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/gemini.agent.md +35 -0
  163. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/kiro-cli.agent.json +5 -0
  164. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/kiro-ide.agent.md +35 -0
  165. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/metadata.json +31 -0
  166. package/agents/cilium/README.md +46 -0
  167. package/agents/cilium/cilium-network-policy-review-agent/AGENT.md +55 -0
  168. package/agents/cilium/cilium-network-policy-review-agent/harnesses/claude-code.agent.md +38 -0
  169. package/agents/cilium/cilium-network-policy-review-agent/harnesses/codex.toml +32 -0
  170. package/agents/cilium/cilium-network-policy-review-agent/harnesses/copilot.agent.md +38 -0
  171. package/agents/cilium/cilium-network-policy-review-agent/harnesses/cursor.agent.md +38 -0
  172. package/agents/cilium/cilium-network-policy-review-agent/harnesses/gemini.agent.md +38 -0
  173. package/agents/cilium/cilium-network-policy-review-agent/harnesses/kiro-cli.agent.json +5 -0
  174. package/agents/cilium/cilium-network-policy-review-agent/harnesses/kiro-ide.agent.md +38 -0
  175. package/agents/cilium/cilium-network-policy-review-agent/metadata.json +37 -0
  176. package/agents/falco/README.md +36 -0
  177. package/agents/falco/falco-runtime-threat-rules-review-agent/AGENT.md +49 -0
  178. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/claude-code.agent.md +33 -0
  179. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/codex.toml +31 -0
  180. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/copilot.agent.md +33 -0
  181. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/cursor.agent.md +33 -0
  182. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/gemini.agent.md +33 -0
  183. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/kiro-cli.agent.json +5 -0
  184. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/kiro-ide.agent.md +33 -0
  185. package/agents/falco/falco-runtime-threat-rules-review-agent/metadata.json +31 -0
  186. package/agents/finops/AGENTS.md +36 -0
  187. package/agents/finops/README.md +27 -0
  188. package/agents/finops/finops-cloud-price-advisor-agent/AGENT.md +58 -0
  189. package/agents/finops/finops-cloud-price-advisor-agent/PERMISSIONS.md +112 -0
  190. package/agents/finops/finops-cloud-price-advisor-agent/harnesses/claude-code.agent.md +40 -0
  191. package/agents/finops/finops-cloud-price-advisor-agent/harnesses/codex.toml +33 -0
  192. package/agents/finops/finops-cloud-price-advisor-agent/harnesses/copilot.agent.md +53 -0
  193. package/agents/finops/finops-cloud-price-advisor-agent/harnesses/cursor.agent.md +40 -0
  194. package/agents/finops/finops-cloud-price-advisor-agent/harnesses/gemini.agent.md +40 -0
  195. package/agents/finops/finops-cloud-price-advisor-agent/harnesses/kiro-cli.agent.json +1 -0
  196. package/agents/finops/finops-cloud-price-advisor-agent/harnesses/kiro-ide.agent.md +40 -0
  197. package/agents/finops/finops-cloud-price-advisor-agent/metadata.json +38 -0
  198. package/agents/fluxcd/README.md +39 -0
  199. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/AGENT.md +55 -0
  200. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/claude-code.agent.md +38 -0
  201. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/codex.toml +32 -0
  202. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/copilot.agent.md +38 -0
  203. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/cursor.agent.md +38 -0
  204. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/gemini.agent.md +38 -0
  205. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/kiro-cli.agent.json +5 -0
  206. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/kiro-ide.agent.md +38 -0
  207. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/metadata.json +31 -0
  208. package/agents/istio/README.md +46 -0
  209. package/agents/istio/istio-ambient-mesh-review-agent/AGENT.md +55 -0
  210. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/claude-code.agent.md +38 -0
  211. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/codex.toml +32 -0
  212. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/copilot.agent.md +38 -0
  213. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/cursor.agent.md +38 -0
  214. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/gemini.agent.md +38 -0
  215. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/kiro-cli.agent.json +5 -0
  216. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/kiro-ide.agent.md +38 -0
  217. package/agents/istio/istio-ambient-mesh-review-agent/metadata.json +30 -0
  218. package/agents/kubernetes/README.md +143 -0
  219. package/agents/kubernetes/external-secrets-operator-review-agent/AGENT.md +49 -0
  220. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/claude-code.agent.md +33 -0
  221. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/codex.toml +31 -0
  222. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/copilot.agent.md +33 -0
  223. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/cursor.agent.md +33 -0
  224. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/gemini.agent.md +33 -0
  225. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/kiro-cli.agent.json +5 -0
  226. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/kiro-ide.agent.md +33 -0
  227. package/agents/kubernetes/external-secrets-operator-review-agent/metadata.json +31 -0
  228. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/AGENT.md +56 -0
  229. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/claude-code.agent.md +39 -0
  230. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/codex.toml +34 -0
  231. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/copilot.agent.md +39 -0
  232. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/cursor.agent.md +39 -0
  233. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/gemini.agent.md +39 -0
  234. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/kiro-cli.agent.json +5 -0
  235. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/kiro-ide.agent.md +39 -0
  236. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/metadata.json +31 -0
  237. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/AGENT.md +59 -0
  238. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
  239. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/codex.toml +33 -0
  240. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/copilot.agent.md +42 -0
  241. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/cursor.agent.md +42 -0
  242. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/gemini.agent.md +42 -0
  243. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  244. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  245. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/metadata.json +36 -0
  246. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/AGENT.md +59 -0
  247. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/claude-code.agent.md +42 -0
  248. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/codex.toml +33 -0
  249. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/copilot.agent.md +42 -0
  250. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/cursor.agent.md +42 -0
  251. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/gemini.agent.md +42 -0
  252. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  253. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  254. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/metadata.json +36 -0
  255. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/AGENT.md +59 -0
  256. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
  257. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/codex.toml +33 -0
  258. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/copilot.agent.md +42 -0
  259. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/cursor.agent.md +42 -0
  260. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/gemini.agent.md +42 -0
  261. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  262. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  263. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/metadata.json +36 -0
  264. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/AGENT.md +59 -0
  265. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
  266. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/codex.toml +33 -0
  267. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/copilot.agent.md +42 -0
  268. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/cursor.agent.md +42 -0
  269. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/gemini.agent.md +42 -0
  270. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  271. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  272. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/metadata.json +36 -0
  273. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/AGENT.md +59 -0
  274. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/claude-code.agent.md +42 -0
  275. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/codex.toml +34 -0
  276. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/copilot.agent.md +55 -0
  277. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/cursor.agent.md +44 -0
  278. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/gemini.agent.md +43 -0
  279. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  280. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  281. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/metadata.json +36 -0
  282. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/AGENT.md +62 -0
  283. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/claude-code.agent.md +43 -0
  284. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/codex.toml +35 -0
  285. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/copilot.agent.md +43 -0
  286. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/cursor.agent.md +43 -0
  287. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/gemini.agent.md +43 -0
  288. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  289. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/kiro-ide.agent.md +43 -0
  290. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/metadata.json +37 -0
  291. package/agents/kubernetes/kubernetes-maestro-agent/AGENT.md +55 -0
  292. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/claude-code.agent.md +38 -0
  293. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/codex.toml +34 -0
  294. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/copilot.agent.md +38 -0
  295. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/cursor.agent.md +38 -0
  296. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/gemini.agent.md +38 -0
  297. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
  298. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/kiro-ide.agent.md +38 -0
  299. package/agents/kubernetes/kubernetes-maestro-agent/metadata.json +40 -0
  300. package/agents/kubernetes/kubernetes-pod-spec-review-agent/AGENT.md +54 -0
  301. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/claude-code.agent.md +37 -0
  302. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/codex.toml +27 -0
  303. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/copilot.agent.md +37 -0
  304. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/cursor.agent.md +37 -0
  305. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/gemini.agent.md +37 -0
  306. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/kiro-cli.agent.json +5 -0
  307. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/kiro-ide.agent.md +37 -0
  308. package/agents/kubernetes/kubernetes-pod-spec-review-agent/metadata.json +38 -0
  309. package/agents/kubernetes/kubernetes-psa-review-agent/AGENT.md +55 -0
  310. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/claude-code.agent.md +36 -0
  311. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/codex.toml +29 -0
  312. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/copilot.agent.md +36 -0
  313. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/cursor.agent.md +36 -0
  314. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/gemini.agent.md +36 -0
  315. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/kiro-cli.agent.json +5 -0
  316. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/kiro-ide.agent.md +36 -0
  317. package/agents/kubernetes/kubernetes-psa-review-agent/metadata.json +37 -0
  318. package/agents/kubernetes/kubernetes-rbac-review-agent/AGENT.md +55 -0
  319. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/claude-code.agent.md +38 -0
  320. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/codex.toml +32 -0
  321. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/copilot.agent.md +51 -0
  322. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/cursor.agent.md +40 -0
  323. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/gemini.agent.md +39 -0
  324. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/kiro-cli.agent.json +5 -0
  325. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/kiro-ide.agent.md +38 -0
  326. package/agents/kubernetes/kubernetes-rbac-review-agent/metadata.json +36 -0
  327. package/agents/kubernetes/kubernetes-workload-identity-review-agent/AGENT.md +55 -0
  328. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/claude-code.agent.md +37 -0
  329. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/codex.toml +29 -0
  330. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/copilot.agent.md +37 -0
  331. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/cursor.agent.md +37 -0
  332. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/gemini.agent.md +37 -0
  333. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/kiro-cli.agent.json +5 -0
  334. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/kiro-ide.agent.md +37 -0
  335. package/agents/kubernetes/kubernetes-workload-identity-review-agent/metadata.json +37 -0
  336. package/agents/kyverno/README.md +46 -0
  337. package/agents/kyverno/kyverno-policy-review-agent/AGENT.md +55 -0
  338. package/agents/kyverno/kyverno-policy-review-agent/harnesses/claude-code.agent.md +38 -0
  339. package/agents/kyverno/kyverno-policy-review-agent/harnesses/codex.toml +32 -0
  340. package/agents/kyverno/kyverno-policy-review-agent/harnesses/copilot.agent.md +38 -0
  341. package/agents/kyverno/kyverno-policy-review-agent/harnesses/cursor.agent.md +38 -0
  342. package/agents/kyverno/kyverno-policy-review-agent/harnesses/gemini.agent.md +38 -0
  343. package/agents/kyverno/kyverno-policy-review-agent/harnesses/kiro-cli.agent.json +5 -0
  344. package/agents/kyverno/kyverno-policy-review-agent/harnesses/kiro-ide.agent.md +38 -0
  345. package/agents/kyverno/kyverno-policy-review-agent/metadata.json +30 -0
  346. package/agents/oci/AGENTS.md +28 -0
  347. package/agents/oci/README.md +45 -0
  348. package/agents/oci/oci-certificates-issuer-review-agent/AGENT.md +53 -0
  349. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
  350. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/codex.toml +27 -0
  351. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/copilot.agent.md +36 -0
  352. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/cursor.agent.md +36 -0
  353. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/gemini.agent.md +36 -0
  354. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
  355. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
  356. package/agents/oci/oci-certificates-issuer-review-agent/metadata.json +36 -0
  357. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/AGENT.md +57 -0
  358. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/PERMISSIONS.md +56 -0
  359. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/PREFLIGHT.md +48 -0
  360. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/ROLLBACK.md +50 -0
  361. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/harnesses/claude-code.agent.md +40 -0
  362. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/harnesses/codex.toml +32 -0
  363. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/harnesses/copilot.agent.md +53 -0
  364. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/harnesses/cursor.agent.md +40 -0
  365. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/harnesses/gemini.agent.md +40 -0
  366. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/harnesses/kiro-cli.agent.json +1 -0
  367. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/harnesses/kiro-ide.agent.md +40 -0
  368. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/metadata.json +36 -0
  369. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/AGENT.md +57 -0
  370. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/PERMISSIONS.md +77 -0
  371. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/PREFLIGHT.md +54 -0
  372. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/ROLLBACK.md +53 -0
  373. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/harnesses/claude-code.agent.md +40 -0
  374. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/harnesses/codex.toml +32 -0
  375. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/harnesses/copilot.agent.md +53 -0
  376. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/harnesses/cursor.agent.md +40 -0
  377. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/harnesses/gemini.agent.md +40 -0
  378. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/harnesses/kiro-cli.agent.json +1 -0
  379. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/harnesses/kiro-ide.agent.md +40 -0
  380. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/metadata.json +36 -0
  381. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/AGENT.md +57 -0
  382. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/PERMISSIONS.md +87 -0
  383. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/PREFLIGHT.md +49 -0
  384. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/ROLLBACK.md +44 -0
  385. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/harnesses/claude-code.agent.md +40 -0
  386. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/harnesses/codex.toml +32 -0
  387. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/harnesses/copilot.agent.md +53 -0
  388. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/harnesses/cursor.agent.md +40 -0
  389. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/harnesses/gemini.agent.md +40 -0
  390. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/harnesses/kiro-cli.agent.json +1 -0
  391. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/harnesses/kiro-ide.agent.md +40 -0
  392. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/metadata.json +36 -0
  393. package/agents/oci/oci-live-network-security-rule-guard-agent/AGENT.md +59 -0
  394. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/claude-code.agent.md +42 -0
  395. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/codex.toml +34 -0
  396. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/copilot.agent.md +55 -0
  397. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/cursor.agent.md +44 -0
  398. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/gemini.agent.md +43 -0
  399. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  400. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  401. package/agents/oci/oci-live-network-security-rule-guard-agent/metadata.json +37 -0
  402. package/agents/oci/oci-live-oke-rollout-guard-agent/AGENT.md +57 -0
  403. package/agents/oci/oci-live-oke-rollout-guard-agent/PERMISSIONS.md +92 -0
  404. package/agents/oci/oci-live-oke-rollout-guard-agent/PREFLIGHT.md +49 -0
  405. package/agents/oci/oci-live-oke-rollout-guard-agent/ROLLBACK.md +47 -0
  406. package/agents/oci/oci-live-oke-rollout-guard-agent/harnesses/claude-code.agent.md +40 -0
  407. package/agents/oci/oci-live-oke-rollout-guard-agent/harnesses/codex.toml +32 -0
  408. package/agents/oci/oci-live-oke-rollout-guard-agent/harnesses/copilot.agent.md +53 -0
  409. package/agents/oci/oci-live-oke-rollout-guard-agent/harnesses/cursor.agent.md +40 -0
  410. package/agents/oci/oci-live-oke-rollout-guard-agent/harnesses/gemini.agent.md +40 -0
  411. package/agents/oci/oci-live-oke-rollout-guard-agent/harnesses/kiro-cli.agent.json +1 -0
  412. package/agents/oci/oci-live-oke-rollout-guard-agent/harnesses/kiro-ide.agent.md +40 -0
  413. package/agents/oci/oci-live-oke-rollout-guard-agent/metadata.json +36 -0
  414. package/agents/oci/oci-live-resource-manager-stack-guard-agent/AGENT.md +57 -0
  415. package/agents/oci/oci-live-resource-manager-stack-guard-agent/PERMISSIONS.md +80 -0
  416. package/agents/oci/oci-live-resource-manager-stack-guard-agent/PREFLIGHT.md +51 -0
  417. package/agents/oci/oci-live-resource-manager-stack-guard-agent/ROLLBACK.md +45 -0
  418. package/agents/oci/oci-live-resource-manager-stack-guard-agent/harnesses/claude-code.agent.md +40 -0
  419. package/agents/oci/oci-live-resource-manager-stack-guard-agent/harnesses/codex.toml +32 -0
  420. package/agents/oci/oci-live-resource-manager-stack-guard-agent/harnesses/copilot.agent.md +53 -0
  421. package/agents/oci/oci-live-resource-manager-stack-guard-agent/harnesses/cursor.agent.md +40 -0
  422. package/agents/oci/oci-live-resource-manager-stack-guard-agent/harnesses/gemini.agent.md +40 -0
  423. package/agents/oci/oci-live-resource-manager-stack-guard-agent/harnesses/kiro-cli.agent.json +1 -0
  424. package/agents/oci/oci-live-resource-manager-stack-guard-agent/harnesses/kiro-ide.agent.md +40 -0
  425. package/agents/oci/oci-live-resource-manager-stack-guard-agent/metadata.json +36 -0
  426. package/agents/oci/oci-live-vault-key-destruction-guard-agent/AGENT.md +57 -0
  427. package/agents/oci/oci-live-vault-key-destruction-guard-agent/PERMISSIONS.md +57 -0
  428. package/agents/oci/oci-live-vault-key-destruction-guard-agent/PREFLIGHT.md +53 -0
  429. package/agents/oci/oci-live-vault-key-destruction-guard-agent/ROLLBACK.md +49 -0
  430. package/agents/oci/oci-live-vault-key-destruction-guard-agent/harnesses/claude-code.agent.md +40 -0
  431. package/agents/oci/oci-live-vault-key-destruction-guard-agent/harnesses/codex.toml +32 -0
  432. package/agents/oci/oci-live-vault-key-destruction-guard-agent/harnesses/copilot.agent.md +53 -0
  433. package/agents/oci/oci-live-vault-key-destruction-guard-agent/harnesses/cursor.agent.md +40 -0
  434. package/agents/oci/oci-live-vault-key-destruction-guard-agent/harnesses/gemini.agent.md +40 -0
  435. package/agents/oci/oci-live-vault-key-destruction-guard-agent/harnesses/kiro-cli.agent.json +1 -0
  436. package/agents/oci/oci-live-vault-key-destruction-guard-agent/harnesses/kiro-ide.agent.md +40 -0
  437. package/agents/oci/oci-live-vault-key-destruction-guard-agent/metadata.json +36 -0
  438. package/agents/oci/oci-maestro-agent/AGENT.md +58 -0
  439. package/agents/oci/oci-maestro-agent/harnesses/claude-code.agent.md +41 -0
  440. package/agents/oci/oci-maestro-agent/harnesses/codex.toml +14 -0
  441. package/agents/oci/oci-maestro-agent/harnesses/copilot.agent.md +54 -0
  442. package/agents/oci/oci-maestro-agent/harnesses/cursor.agent.md +43 -0
  443. package/agents/oci/oci-maestro-agent/harnesses/gemini.agent.md +42 -0
  444. package/agents/oci/oci-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
  445. package/agents/oci/oci-maestro-agent/harnesses/kiro-ide.agent.md +41 -0
  446. package/agents/oci/oci-maestro-agent/metadata.json +37 -0
  447. package/agents/opentelemetry/README.md +37 -0
  448. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/AGENT.md +55 -0
  449. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/claude-code.agent.md +38 -0
  450. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/codex.toml +32 -0
  451. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/copilot.agent.md +38 -0
  452. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/cursor.agent.md +38 -0
  453. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/gemini.agent.md +38 -0
  454. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/kiro-cli.agent.json +5 -0
  455. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/kiro-ide.agent.md +38 -0
  456. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/metadata.json +37 -0
  457. package/agents/prometheus/README.md +36 -0
  458. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/AGENT.md +48 -0
  459. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/claude-code.agent.md +32 -0
  460. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/codex.toml +31 -0
  461. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/copilot.agent.md +32 -0
  462. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/cursor.agent.md +32 -0
  463. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/gemini.agent.md +32 -0
  464. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/kiro-cli.agent.json +5 -0
  465. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/kiro-ide.agent.md +32 -0
  466. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/metadata.json +31 -0
  467. package/agents/sigstore/README.md +38 -0
  468. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/AGENT.md +55 -0
  469. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/claude-code.agent.md +35 -0
  470. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/codex.toml +29 -0
  471. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/copilot.agent.md +35 -0
  472. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/cursor.agent.md +35 -0
  473. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/gemini.agent.md +35 -0
  474. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/kiro-cli.agent.json +5 -0
  475. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/kiro-ide.agent.md +35 -0
  476. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/metadata.json +31 -0
  477. package/agents/terraform/README.md +29 -0
  478. package/agents/terraform/terraform-maestro-agent/AGENT.md +58 -0
  479. package/agents/terraform/terraform-maestro-agent/harnesses/claude-code.agent.md +41 -0
  480. package/agents/terraform/terraform-maestro-agent/harnesses/codex.toml +14 -0
  481. package/agents/terraform/terraform-maestro-agent/harnesses/copilot.agent.md +54 -0
  482. package/agents/terraform/terraform-maestro-agent/harnesses/cursor.agent.md +43 -0
  483. package/agents/terraform/terraform-maestro-agent/harnesses/gemini.agent.md +42 -0
  484. package/agents/terraform/terraform-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
  485. package/agents/terraform/terraform-maestro-agent/harnesses/kiro-ide.agent.md +41 -0
  486. package/agents/terraform/terraform-maestro-agent/metadata.json +38 -0
  487. package/agents/terraform/terraform-reviewer/harnesses/claude-code.agent.md +29 -0
  488. package/agents/terraform/terraform-reviewer/harnesses/codex.toml +29 -0
  489. package/agents/terraform/terraform-reviewer/harnesses/copilot.agent.md +42 -0
  490. package/agents/terraform/terraform-reviewer/harnesses/cursor.agent.md +31 -0
  491. package/agents/terraform/terraform-reviewer/harnesses/gemini.agent.md +30 -0
  492. package/agents/terraform/terraform-reviewer/harnesses/kiro-cli.agent.json +5 -0
  493. package/agents/terraform/terraform-reviewer/harnesses/kiro-ide.agent.md +29 -0
  494. package/agents/terraform/terraform-reviewer/metadata.json +10 -1
  495. package/agents/velero/README.md +41 -0
  496. package/assets/logos/vanguard-frontier-agentic-logo.png +0 -0
  497. package/catalog/agents.json +1347 -27
  498. package/catalog/install-roles.json +455 -0
  499. package/catalog/skill-manifest.json +1358 -62
  500. package/catalog/skills.json +1231 -25
  501. package/package.json +11 -1
  502. package/scripts/export-marketplace-agents.mjs +129 -10
  503. package/scripts/gen_azure_live_guards.py +1424 -0
  504. package/scripts/gen_oci_live_guards.py +1510 -0
  505. package/scripts/update-catalog-new-agents.py +88 -0
  506. package/skills/argocd/README.md +30 -0
  507. package/skills/argocd/argo-rollouts-progressive-delivery-review/SKILL.md +40 -0
  508. package/skills/argocd/argo-rollouts-progressive-delivery-review/metadata.json +22 -0
  509. package/skills/argocd/argo-rollouts-progressive-delivery-review/references/workflow-and-output.md +248 -0
  510. package/skills/argocd/argocd-gitops-review/SKILL.md +43 -0
  511. package/skills/argocd/argocd-gitops-review/metadata.json +30 -0
  512. package/skills/argocd/argocd-gitops-review/references/mcp-and-evidence.md +53 -0
  513. package/skills/argocd/argocd-gitops-review/references/official-sources.md +32 -0
  514. package/skills/argocd/argocd-gitops-review/references/workflow-and-output.md +120 -0
  515. package/skills/aws/README.md +3 -1
  516. package/skills/aws/aws-maestro/SKILL.md +47 -0
  517. package/skills/aws/aws-maestro/metadata.json +28 -0
  518. package/skills/aws/aws-maestro/references/official-sources.md +24 -0
  519. package/skills/aws/aws-maestro/references/safety-checklist.md +42 -0
  520. package/skills/aws/aws-maestro/references/workflow-and-output.md +129 -0
  521. package/skills/aws/aws-private-ca-issuer-review/SKILL.md +39 -0
  522. package/skills/aws/aws-private-ca-issuer-review/metadata.json +21 -0
  523. package/skills/aws/aws-private-ca-issuer-review/references/official-sources.md +22 -0
  524. package/skills/aws/aws-private-ca-issuer-review/references/safety-checklist.md +30 -0
  525. package/skills/aws/aws-private-ca-issuer-review/references/workflow-and-output.md +214 -0
  526. package/skills/azure/README.md +3 -1
  527. package/skills/azure/azure-keyvault-certificate-issuer-review/SKILL.md +37 -0
  528. package/skills/azure/azure-keyvault-certificate-issuer-review/metadata.json +20 -0
  529. package/skills/azure/azure-keyvault-certificate-issuer-review/references/workflow-and-output.md +190 -0
  530. package/skills/azure/azure-live-aks-rollout-guard/SKILL.md +49 -0
  531. package/skills/azure/azure-live-aks-rollout-guard/metadata.json +27 -0
  532. package/skills/azure/azure-live-aks-rollout-guard/references/official-sources.md +19 -0
  533. package/skills/azure/azure-live-aks-rollout-guard/references/permission-model.md +54 -0
  534. package/skills/azure/azure-live-aks-rollout-guard/references/preflight-commands.md +55 -0
  535. package/skills/azure/azure-live-aks-rollout-guard/references/rollback-playbook.md +38 -0
  536. package/skills/azure/azure-live-app-service-slot-swap-guard/SKILL.md +49 -0
  537. package/skills/azure/azure-live-app-service-slot-swap-guard/metadata.json +26 -0
  538. package/skills/azure/azure-live-app-service-slot-swap-guard/references/official-sources.md +12 -0
  539. package/skills/azure/azure-live-app-service-slot-swap-guard/references/permission-model.md +40 -0
  540. package/skills/azure/azure-live-app-service-slot-swap-guard/references/preflight-commands.md +46 -0
  541. package/skills/azure/azure-live-app-service-slot-swap-guard/references/rollback-playbook.md +46 -0
  542. package/skills/azure/azure-live-arm-deployment-stack-guard/SKILL.md +49 -0
  543. package/skills/azure/azure-live-arm-deployment-stack-guard/metadata.json +27 -0
  544. package/skills/azure/azure-live-arm-deployment-stack-guard/references/official-sources.md +17 -0
  545. package/skills/azure/azure-live-arm-deployment-stack-guard/references/permission-model.md +68 -0
  546. package/skills/azure/azure-live-arm-deployment-stack-guard/references/preflight-commands.md +55 -0
  547. package/skills/azure/azure-live-arm-deployment-stack-guard/references/rollback-playbook.md +53 -0
  548. package/skills/azure/azure-live-cost-budget-action-guard/SKILL.md +49 -0
  549. package/skills/azure/azure-live-cost-budget-action-guard/metadata.json +27 -0
  550. package/skills/azure/azure-live-cost-budget-action-guard/references/official-sources.md +17 -0
  551. package/skills/azure/azure-live-cost-budget-action-guard/references/permission-model.md +66 -0
  552. package/skills/azure/azure-live-cost-budget-action-guard/references/preflight-commands.md +48 -0
  553. package/skills/azure/azure-live-cost-budget-action-guard/references/rollback-playbook.md +40 -0
  554. package/skills/azure/azure-live-entra-role-assignment-guard/SKILL.md +56 -0
  555. package/skills/azure/azure-live-entra-role-assignment-guard/metadata.json +28 -0
  556. package/skills/azure/azure-live-entra-role-assignment-guard/references/official-sources.md +21 -0
  557. package/skills/azure/azure-live-entra-role-assignment-guard/references/permission-model.md +70 -0
  558. package/skills/azure/azure-live-entra-role-assignment-guard/references/preflight-commands.md +69 -0
  559. package/skills/azure/azure-live-entra-role-assignment-guard/references/rollback-playbook.md +51 -0
  560. package/skills/azure/azure-live-keyvault-rotation-purge-guard/SKILL.md +49 -0
  561. package/skills/azure/azure-live-keyvault-rotation-purge-guard/metadata.json +27 -0
  562. package/skills/azure/azure-live-keyvault-rotation-purge-guard/references/official-sources.md +13 -0
  563. package/skills/azure/azure-live-keyvault-rotation-purge-guard/references/permission-model.md +64 -0
  564. package/skills/azure/azure-live-keyvault-rotation-purge-guard/references/preflight-commands.md +48 -0
  565. package/skills/azure/azure-live-keyvault-rotation-purge-guard/references/rollback-playbook.md +44 -0
  566. package/skills/azure/azure-live-pim-jit-activation-guard/SKILL.md +49 -0
  567. package/skills/azure/azure-live-pim-jit-activation-guard/metadata.json +27 -0
  568. package/skills/azure/azure-live-pim-jit-activation-guard/references/official-sources.md +13 -0
  569. package/skills/azure/azure-live-pim-jit-activation-guard/references/permission-model.md +56 -0
  570. package/skills/azure/azure-live-pim-jit-activation-guard/references/preflight-commands.md +46 -0
  571. package/skills/azure/azure-live-pim-jit-activation-guard/references/rollback-playbook.md +45 -0
  572. package/skills/azure/azure-maestro/SKILL.md +140 -0
  573. package/skills/azure/azure-maestro/metadata.json +28 -0
  574. package/skills/backstage/backstage-scaffolder-template-review/SKILL.md +39 -0
  575. package/skills/backstage/backstage-scaffolder-template-review/metadata.json +21 -0
  576. package/skills/backstage/backstage-scaffolder-template-review/references/workflow-and-output.md +179 -0
  577. package/skills/cert-manager/cert-manager-issuer-trust-review/SKILL.md +40 -0
  578. package/skills/cert-manager/cert-manager-issuer-trust-review/metadata.json +22 -0
  579. package/skills/cert-manager/cert-manager-issuer-trust-review/references/workflow-and-output.md +222 -0
  580. package/skills/cilium/README.md +30 -0
  581. package/skills/cilium/cilium-network-policy-review/SKILL.md +43 -0
  582. package/skills/cilium/cilium-network-policy-review/metadata.json +30 -0
  583. package/skills/cilium/cilium-network-policy-review/references/mcp-and-evidence.md +52 -0
  584. package/skills/cilium/cilium-network-policy-review/references/official-sources.md +30 -0
  585. package/skills/cilium/cilium-network-policy-review/references/workflow-and-output.md +130 -0
  586. package/skills/falco/falco-runtime-threat-rules-review/SKILL.md +37 -0
  587. package/skills/falco/falco-runtime-threat-rules-review/metadata.json +22 -0
  588. package/skills/falco/falco-runtime-threat-rules-review/references/workflow-and-output.md +249 -0
  589. package/skills/finops/README.md +30 -0
  590. package/skills/finops/finops-cloud-price-advisor/SKILL.md +60 -0
  591. package/skills/finops/finops-cloud-price-advisor/metadata.json +26 -0
  592. package/skills/finops/finops-cloud-price-advisor/references/currency-handling.md +100 -0
  593. package/skills/finops/finops-cloud-price-advisor/references/estimation-workflow.md +145 -0
  594. package/skills/finops/finops-cloud-price-advisor/references/official-sources.md +64 -0
  595. package/skills/finops/finops-cloud-price-advisor/references/pricing-apis.md +271 -0
  596. package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/SKILL.md +40 -0
  597. package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/metadata.json +22 -0
  598. package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/references/workflow-and-output.md +243 -0
  599. package/skills/istio/README.md +28 -0
  600. package/skills/istio/istio-ambient-mesh-review/SKILL.md +43 -0
  601. package/skills/istio/istio-ambient-mesh-review/metadata.json +30 -0
  602. package/skills/istio/istio-ambient-mesh-review/references/mcp-and-evidence.md +59 -0
  603. package/skills/istio/istio-ambient-mesh-review/references/official-sources.md +32 -0
  604. package/skills/istio/istio-ambient-mesh-review/references/workflow-and-output.md +128 -0
  605. package/skills/kubernetes/README.md +30 -0
  606. package/skills/kubernetes/external-secrets-operator-review/SKILL.md +37 -0
  607. package/skills/kubernetes/external-secrets-operator-review/metadata.json +22 -0
  608. package/skills/kubernetes/external-secrets-operator-review/references/workflow-and-output.md +280 -0
  609. package/skills/kubernetes/kubecost-chargeback-allocation-review/SKILL.md +40 -0
  610. package/skills/kubernetes/kubecost-chargeback-allocation-review/metadata.json +22 -0
  611. package/skills/kubernetes/kubecost-chargeback-allocation-review/references/workflow-and-output.md +215 -0
  612. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/SKILL.md +57 -0
  613. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/metadata.json +27 -0
  614. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/official-sources.md +18 -0
  615. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/permission-model.md +78 -0
  616. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/preflight-commands.md +81 -0
  617. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/rollback-playbook.md +61 -0
  618. package/skills/kubernetes/kubernetes-maestro/SKILL.md +45 -0
  619. package/skills/kubernetes/kubernetes-maestro/metadata.json +24 -0
  620. package/skills/kubernetes/kubernetes-maestro/references/safety-checklist.md +78 -0
  621. package/skills/kubernetes/kubernetes-maestro/references/workflow-and-output.md +206 -0
  622. package/skills/kubernetes/kubernetes-pod-security-admission-review/SKILL.md +43 -0
  623. package/skills/kubernetes/kubernetes-pod-security-admission-review/metadata.json +28 -0
  624. package/skills/kubernetes/kubernetes-pod-security-admission-review/references/mcp-and-evidence.md +49 -0
  625. package/skills/kubernetes/kubernetes-pod-security-admission-review/references/official-sources.md +26 -0
  626. package/skills/kubernetes/kubernetes-pod-security-admission-review/references/workflow-and-output.md +129 -0
  627. package/skills/kubernetes/kubernetes-pod-spec-review/SKILL.md +38 -0
  628. package/skills/kubernetes/kubernetes-pod-spec-review/metadata.json +22 -0
  629. package/skills/kubernetes/kubernetes-pod-spec-review/references/workflow-and-output.md +229 -0
  630. package/skills/kubernetes/kubernetes-rbac-review/SKILL.md +38 -0
  631. package/skills/kubernetes/kubernetes-rbac-review/metadata.json +27 -0
  632. package/skills/kubernetes/kubernetes-rbac-review/references/mcp-and-evidence.md +34 -0
  633. package/skills/kubernetes/kubernetes-rbac-review/references/official-sources.md +22 -0
  634. package/skills/kubernetes/kubernetes-rbac-review/references/workflow-and-output.md +44 -0
  635. package/skills/kubernetes/kubernetes-workload-identity-review/SKILL.md +43 -0
  636. package/skills/kubernetes/kubernetes-workload-identity-review/metadata.json +29 -0
  637. package/skills/kubernetes/kubernetes-workload-identity-review/references/mcp-and-evidence.md +57 -0
  638. package/skills/kubernetes/kubernetes-workload-identity-review/references/official-sources.md +47 -0
  639. package/skills/kubernetes/kubernetes-workload-identity-review/references/workflow-and-output.md +166 -0
  640. package/skills/kyverno/README.md +30 -0
  641. package/skills/kyverno/kyverno-policy-review/SKILL.md +43 -0
  642. package/skills/kyverno/kyverno-policy-review/metadata.json +30 -0
  643. package/skills/kyverno/kyverno-policy-review/references/mcp-and-evidence.md +49 -0
  644. package/skills/kyverno/kyverno-policy-review/references/official-sources.md +31 -0
  645. package/skills/kyverno/kyverno-policy-review/references/workflow-and-output.md +106 -0
  646. package/skills/oci/README.md +63 -0
  647. package/skills/oci/oci-certificates-issuer-review/SKILL.md +37 -0
  648. package/skills/oci/oci-certificates-issuer-review/metadata.json +20 -0
  649. package/skills/oci/oci-certificates-issuer-review/references/workflow-and-output.md +207 -0
  650. package/skills/oci/oci-live-autonomous-db-lifecycle-guard/SKILL.md +49 -0
  651. package/skills/oci/oci-live-autonomous-db-lifecycle-guard/metadata.json +27 -0
  652. package/skills/oci/oci-live-autonomous-db-lifecycle-guard/references/official-sources.md +13 -0
  653. package/skills/oci/oci-live-autonomous-db-lifecycle-guard/references/permission-model.md +49 -0
  654. package/skills/oci/oci-live-autonomous-db-lifecycle-guard/references/preflight-commands.md +58 -0
  655. package/skills/oci/oci-live-autonomous-db-lifecycle-guard/references/rollback-playbook.md +44 -0
  656. package/skills/oci/oci-live-cost-budget-runaway-guard/SKILL.md +49 -0
  657. package/skills/oci/oci-live-cost-budget-runaway-guard/metadata.json +27 -0
  658. package/skills/oci/oci-live-cost-budget-runaway-guard/references/official-sources.md +17 -0
  659. package/skills/oci/oci-live-cost-budget-runaway-guard/references/permission-model.md +59 -0
  660. package/skills/oci/oci-live-cost-budget-runaway-guard/references/preflight-commands.md +42 -0
  661. package/skills/oci/oci-live-cost-budget-runaway-guard/references/rollback-playbook.md +44 -0
  662. package/skills/oci/oci-live-iam-policy-compartment-guard/SKILL.md +49 -0
  663. package/skills/oci/oci-live-iam-policy-compartment-guard/metadata.json +27 -0
  664. package/skills/oci/oci-live-iam-policy-compartment-guard/references/official-sources.md +13 -0
  665. package/skills/oci/oci-live-iam-policy-compartment-guard/references/permission-model.md +71 -0
  666. package/skills/oci/oci-live-iam-policy-compartment-guard/references/preflight-commands.md +49 -0
  667. package/skills/oci/oci-live-iam-policy-compartment-guard/references/rollback-playbook.md +62 -0
  668. package/skills/oci/oci-live-network-security-rule-guard/SKILL.md +57 -0
  669. package/skills/oci/oci-live-network-security-rule-guard/metadata.json +28 -0
  670. package/skills/oci/oci-live-network-security-rule-guard/references/official-sources.md +21 -0
  671. package/skills/oci/oci-live-network-security-rule-guard/references/permission-model.md +65 -0
  672. package/skills/oci/oci-live-network-security-rule-guard/references/preflight-commands.md +69 -0
  673. package/skills/oci/oci-live-network-security-rule-guard/references/rollback-playbook.md +79 -0
  674. package/skills/oci/oci-live-oke-rollout-guard/SKILL.md +49 -0
  675. package/skills/oci/oci-live-oke-rollout-guard/metadata.json +27 -0
  676. package/skills/oci/oci-live-oke-rollout-guard/references/official-sources.md +18 -0
  677. package/skills/oci/oci-live-oke-rollout-guard/references/permission-model.md +80 -0
  678. package/skills/oci/oci-live-oke-rollout-guard/references/preflight-commands.md +55 -0
  679. package/skills/oci/oci-live-oke-rollout-guard/references/rollback-playbook.md +45 -0
  680. package/skills/oci/oci-live-resource-manager-stack-guard/SKILL.md +49 -0
  681. package/skills/oci/oci-live-resource-manager-stack-guard/metadata.json +27 -0
  682. package/skills/oci/oci-live-resource-manager-stack-guard/references/official-sources.md +12 -0
  683. package/skills/oci/oci-live-resource-manager-stack-guard/references/permission-model.md +70 -0
  684. package/skills/oci/oci-live-resource-manager-stack-guard/references/preflight-commands.md +57 -0
  685. package/skills/oci/oci-live-resource-manager-stack-guard/references/rollback-playbook.md +51 -0
  686. package/skills/oci/oci-live-vault-key-destruction-guard/SKILL.md +49 -0
  687. package/skills/oci/oci-live-vault-key-destruction-guard/metadata.json +27 -0
  688. package/skills/oci/oci-live-vault-key-destruction-guard/references/official-sources.md +13 -0
  689. package/skills/oci/oci-live-vault-key-destruction-guard/references/permission-model.md +55 -0
  690. package/skills/oci/oci-live-vault-key-destruction-guard/references/preflight-commands.md +62 -0
  691. package/skills/oci/oci-live-vault-key-destruction-guard/references/rollback-playbook.md +55 -0
  692. package/skills/oci/oci-maestro/SKILL.md +163 -0
  693. package/skills/oci/oci-maestro/metadata.json +27 -0
  694. package/skills/opentelemetry/README.md +31 -0
  695. package/skills/opentelemetry/opentelemetry-collector-config-review/SKILL.md +44 -0
  696. package/skills/opentelemetry/opentelemetry-collector-config-review/metadata.json +30 -0
  697. package/skills/opentelemetry/opentelemetry-collector-config-review/references/mcp-and-evidence.md +49 -0
  698. package/skills/opentelemetry/opentelemetry-collector-config-review/references/official-sources.md +31 -0
  699. package/skills/opentelemetry/opentelemetry-collector-config-review/references/workflow-and-output.md +155 -0
  700. package/skills/prometheus/prometheus-alerting-cardinality-review/SKILL.md +38 -0
  701. package/skills/prometheus/prometheus-alerting-cardinality-review/metadata.json +22 -0
  702. package/skills/prometheus/prometheus-alerting-cardinality-review/references/workflow-and-output.md +221 -0
  703. package/skills/sigstore/sigstore-cosign-supply-chain-review/SKILL.md +39 -0
  704. package/skills/sigstore/sigstore-cosign-supply-chain-review/metadata.json +22 -0
  705. package/skills/sigstore/sigstore-cosign-supply-chain-review/references/workflow-and-output.md +196 -0
  706. package/skills/terraform/README.md +29 -0
  707. package/skills/terraform/terraform-maestro/SKILL.md +123 -0
  708. package/skills/terraform/terraform-maestro/metadata.json +30 -0
  709. package/skills/terraform/terraform-maestro/references/official-sources.md +59 -0
  710. package/skills/terraform/terraform-maestro/references/safety-checklist.md +53 -0
  711. package/skills/terraform/terraform-maestro/references/workflow-and-output.md +108 -0
  712. package/skills/velero/velero-backup-restore-guard/SKILL.md +41 -0
  713. package/skills/velero/velero-backup-restore-guard/metadata.json +21 -0
  714. package/skills/velero/velero-backup-restore-guard/references/safety-checklist.md +40 -0
  715. package/skills/velero/velero-backup-restore-guard/references/workflow-and-output.md +202 -0
package/scripts/update-catalog-new-agents.py ADDED
@@ -0,0 +1,88 @@
1
+ #!/usr/bin/env python3
2
+ """Add all new agent and skill metadata.json entries to catalog JSON files."""
3
+
4
+ from __future__ import annotations
5
+
6
+ import json
7
+ from pathlib import Path
8
+
9
+ ROOT = Path(__file__).resolve().parents[1]
10
+
11
+ CATALOG_AGENTS = ROOT / "catalog" / "agents.json"
12
+ CATALOG_SKILLS = ROOT / "catalog" / "skills.json"
13
+
14
+ CATALOG_FIELDS_AGENT = {
15
+ "id", "name", "type", "provider", "summary", "path",
16
+ "harnesses", "last_verified", "official_docs", "security_notes",
17
+ "source_type", "version",
18
+ }
19
+ CATALOG_FIELDS_SKILL = CATALOG_FIELDS_AGENT | {"author"}
20
+
21
+
22
+ def metadata_to_catalog_entry(m: dict, kind: str) -> dict:
23
+ entry: dict = {}
24
+ for key in ("id", "name", "type", "provider", "harnesses", "summary",
25
+ "source_type", "official_docs", "security_notes",
26
+ "last_verified", "path", "version"):
27
+ if key in m:
28
+ entry[key] = m[key]
29
+ # Normalise path — strip trailing slash
30
+ if "path" in entry and isinstance(entry["path"], str):
31
+ entry["path"] = entry["path"].rstrip("/")
32
+ if kind == "skill" and "author" in m:
33
+ entry["author"] = m["author"]
34
+ return entry
35
+
36
+
37
+ def main() -> None:
38
+ agents_catalog: list[dict] = json.loads(CATALOG_AGENTS.read_text(encoding="utf-8"))
39
+ skills_catalog: list[dict] = json.loads(CATALOG_SKILLS.read_text(encoding="utf-8"))
40
+
41
+ existing_agent_ids = {e["id"] for e in agents_catalog}
42
+ existing_skill_ids = {e["id"] for e in skills_catalog}
43
+
44
+ new_agents: list[dict] = []
45
+ for meta_path in sorted(ROOT.glob("agents/**/metadata.json")):
46
+ m = json.loads(meta_path.read_text(encoding="utf-8"))
47
+ if m.get("type") != "agent":
48
+ continue
49
+ if m["id"] not in existing_agent_ids:
50
+ entry = metadata_to_catalog_entry(m, "agent")
51
+ new_agents.append(entry)
52
+ print(f" + agent: {entry['id']}")
53
+
54
+ new_skills: list[dict] = []
55
+ for meta_path in sorted(ROOT.glob("skills/**/metadata.json")):
56
+ m = json.loads(meta_path.read_text(encoding="utf-8"))
57
+ if m.get("type") != "skill":
58
+ continue
59
+ if m["id"] not in existing_skill_ids:
60
+ entry = metadata_to_catalog_entry(m, "skill")
61
+ new_skills.append(entry)
62
+ print(f" + skill: {entry['id']}")
63
+
64
+ if new_agents:
65
+ agents_catalog.extend(new_agents)
66
+ agents_catalog.sort(key=lambda x: x["id"])
67
+ CATALOG_AGENTS.write_text(
68
+ json.dumps(agents_catalog, indent=2, ensure_ascii=False) + "\n",
69
+ encoding="utf-8",
70
+ )
71
+ print(f"\nWrote {len(agents_catalog)} agents to {CATALOG_AGENTS.relative_to(ROOT)}")
72
+ else:
73
+ print("No new agents to add.")
74
+
75
+ if new_skills:
76
+ skills_catalog.extend(new_skills)
77
+ skills_catalog.sort(key=lambda x: x["id"])
78
+ CATALOG_SKILLS.write_text(
79
+ json.dumps(skills_catalog, indent=2, ensure_ascii=False) + "\n",
80
+ encoding="utf-8",
81
+ )
82
+ print(f"Wrote {len(skills_catalog)} skills to {CATALOG_SKILLS.relative_to(ROOT)}")
83
+ else:
84
+ print("No new skills to add.")
85
+
86
+
87
+ if __name__ == "__main__":
88
+ main()
package/skills/argocd/README.md ADDED
@@ -0,0 +1,30 @@
1
+ # 🚢 Argo CD Skills
2
+
3
+ <p align="center">
4
+ <!-- 🖼️ Add an Argo CD logo to assets/logos/cnative/argocd/ and update this path -->
5
+ <span style="font-size:3.5em">🚢</span>
6
+ </p>
7
+
8
+ This folder contains Argo CD-focused skills curated for this marketplace.
9
+
10
+ ## Local marketplace portfolio
11
+
12
+ This folder contains **1** local Argo CD skill:
13
+
14
+ - `argocd-gitops-review`
15
+
16
+ ## Portfolio posture
17
+
18
+ Argo CD skills for evidence-backed GitOps delivery review across `Application`, `AppProject`, `ApplicationSet`, sync windows, RBAC, sync impersonation, and multi-cluster (Argo CD Agent) topologies.
19
+
20
+ These skills are intentionally conservative:
21
+
22
+ - prefer `kubectl get applications,appprojects,applicationsets -n argocd -o yaml` and `argocd-cm` configmap state for live grounding before any review
23
+ - treat `application.sync.impersonation.enabled: false` in production as a critical finding — the controller's cluster-admin ServiceAccount is the sync identity
24
+ - treat `AppProject` with `sourceRepos: ['*']` and `destinations: ['*']` as a wide-blast-radius finding requiring explicit justification
25
+ - challenge `automated.prune: true` + `automated.selfHeal: true` on production Applications — Git divergence becomes irreversible deletion
26
+ - challenge `ApplicationSet` generators that include unbounded clusters or label selectors — one mis-labeled cluster joins the rollout
27
+ - prefer `destinationServiceAccounts` (per-Application impersonation) over the controller's default cluster-admin
28
+ - use official Argo CD documentation (argo-cd.readthedocs.io) for sync semantics, RBAC syntax, ApplicationSet strategies, and Argo CD Agent hub-and-spoke topology
29
+
30
+ Run `npm run validate` after changing cataloged Argo CD skills.
package/skills/argocd/argo-rollouts-progressive-delivery-review/SKILL.md ADDED
@@ -0,0 +1,40 @@
1
+ ---
2
+ name: argo-rollouts-progressive-delivery-review
3
+ description: Use this skill when reviewing Argo Rollouts progressive delivery configuration. Trigger when the user asks about canary or blue-green Rollout strategy correctness, AnalysisTemplate success/failure conditions, traffic weighting provider alignment, canaryService isolation, PDB deadlock risk with Rollout maxSurge settings, automated rollback posture, or manual vs automated promotion configuration.
4
+ metadata:
5
+ author: "github: Raishin"
6
+ version: "0.1.0"
7
+ ---
8
+
9
+ # Argo Rollouts Progressive Delivery Review
10
+
11
+ ## Purpose
12
+
13
+ Review Argo Rollouts canary and blue-green strategy configuration, AnalysisTemplate success and failure condition correctness, traffic management provider alignment, canaryService vs stableService isolation, PDB compatibility with Rollout surge settings, and automated rollback posture. Argo Rollouts' safety depends entirely on AnalysisTemplate conditions that actually fail — an always-true successCondition means automated rollback never fires, regardless of actual error rates.
14
+
15
+ ## Lean operating rules
16
+
17
+ - Prefer live evidence (`kubectl get rollout -A -o yaml`, `kubectl get analysistemplate -A -o yaml`, `kubectl argo rollouts status <name>`) when the active client exposes it; otherwise fall back to official Argo Rollouts documentation and sanitized YAML from the user.
18
+ - Separate confirmed facts from inference. If AnalysisTemplate metric query results, traffic provider actual behavior, or PDB state was not directly queried, say so.
19
+ - Treat an AnalysisTemplate with a successCondition that always evaluates to true (e.g., `result >= 0`, `true`) as a critical finding — automated rollback can never fire.
20
+ - Treat a Rollout with no separate `canaryService` from `stableService` as a high finding — canary traffic isolation is broken.
21
+ - Treat a production Rollout using `pause: {}` (manual promotion) with no AnalysisTemplate as a high finding — there is no automated quality gate.
22
+ - Treat a traffic provider in `spec.strategy.canary.trafficRouting` that does not match the actual ingress controller installed in the cluster as a high finding — weight changes are silently ignored.
23
+ - Treat `failureLimit: 100` or higher on an error-rate metric as a medium finding — the analysis tolerates far too many errors before marking Degraded.
24
+ - Keep the answer scoped, evidence-labeled, and explicit about what was not queried.
25
+
26
+ ## References
27
+
28
+ Load these only when needed:
29
+ - [Workflow and output contract](references/workflow-and-output.md)
30
+
31
+ ## Response minimum
32
+
33
+ Return, at minimum:
34
+ - the scoped target (Rollout name, AnalysisTemplate name, or traffic provider config) and evidence level,
35
+ - the deployment strategy (canary with steps vs canary without steps, blue-green) and whether steps include AnalysisRun gates,
36
+ - AnalysisTemplate successCondition and failureCondition correctness,
37
+ - canaryService vs stableService isolation posture,
38
+ - traffic provider alignment with the actual cluster ingress,
39
+ - PDB compatibility with Rollout maxSurge/maxUnavailable,
40
+ - the safest next actions and any assumptions or blockers.
package/skills/argocd/argo-rollouts-progressive-delivery-review/metadata.json ADDED
@@ -0,0 +1,22 @@
1
+ {
2
+ "id": "argo-rollouts-progressive-delivery-review",
3
+ "name": "Argo Rollouts Progressive Delivery Review",
4
+ "type": "skill",
5
+ "provider": "argocd",
6
+ "harnesses": ["codex", "claude-code", "cursor", "gemini", "kiro", "other"],
7
+ "summary": "Review Argo Rollouts canary and blue-green strategy configuration, AnalysisTemplate success/failure conditions, traffic management provider alignment, canaryService isolation, PDB deadlock risk, and automated rollback posture for progressive delivery safety.",
8
+ "source_type": "original",
9
+ "official_docs": [
10
+ "https://argoproj.github.io/argo-rollouts/",
11
+ "https://argoproj.github.io/argo-rollouts/features/canary/",
12
+ "https://argoproj.github.io/argo-rollouts/features/analysis/",
13
+ "https://argoproj.github.io/argo-rollouts/features/traffic-management/",
14
+ "https://argoproj.github.io/argo-rollouts/features/bluegreen/",
15
+ "https://argoproj.github.io/argo-rollouts/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_promote/"
16
+ ],
17
+ "security_notes": "AnalysisTemplates with always-true success conditions defeat automated rollback entirely. A canary that never fails analysis will silently promote a broken release to 100% production traffic.",
18
+ "last_verified": "2026-05-02",
19
+ "path": "skills/argocd/argo-rollouts-progressive-delivery-review",
20
+ "author": "github: Raishin",
21
+ "version": "0.1.0"
22
+ }
package/skills/argocd/argo-rollouts-progressive-delivery-review/references/workflow-and-output.md ADDED
@@ -0,0 +1,248 @@
1
+ # Workflow and Output Contract
2
+
3
+ ## Workflow
4
+
5
+ ### Step 1 — Identify scope and collect raw evidence
6
+
7
+ 1. Confirm the review target: a specific Rollout resource, an AnalysisTemplate, a traffic provider configuration, or a PDB compatibility question.
8
+ 2. List all Rollouts and their strategies:
9
+ ```bash
10
+ kubectl get rollout -A -o yaml
11
+ ```
12
+ For each Rollout, note the strategy type (`canary` or `blueGreen`) and whether `spec.strategy.canary.steps` is non-empty.
13
+ 3. List all AnalysisTemplates:
14
+ ```bash
15
+ kubectl get analysistemplate -A -o yaml
16
+ kubectl get clusteranalysistemplate -o yaml 2>/dev/null
17
+ ```
18
+ 4. Check current Rollout status and any active AnalysisRuns:
19
+ ```bash
20
+ kubectl argo rollouts status <rollout-name> -n <namespace>
21
+ kubectl get analysisrun -A -o yaml
22
+ ```
23
+
24
+ ### Step 2 — Audit Rollout strategy and steps
25
+
26
+ A Rollout without steps behaves like a standard Deployment — no progressive traffic shifting occurs.
27
+
28
+ 1. Check whether `spec.strategy.canary.steps` is non-empty and includes analysis gates:
29
+ ```yaml
30
+ # CORRECT: canary with weight steps and analysis gate
31
+ strategy:
32
+ canary:
33
+ canaryService: my-app-canary
34
+ stableService: my-app-stable
35
+ trafficRouting:
36
+ nginx:
37
+ stableIngress: my-app-ingress
38
+ steps:
39
+ - setWeight: 10
40
+ - pause: {duration: 5m}
41
+ - analysis:
42
+ templates:
43
+ - templateName: error-rate-check
44
+ - setWeight: 50
45
+ - pause: {duration: 10m}
46
+ - analysis:
47
+ templates:
48
+ - templateName: error-rate-check
49
+
50
+ # RISKY: no steps — immediately shifts all traffic
51
+ strategy:
52
+ canary:
53
+ maxSurge: "100%"
54
+ maxUnavailable: 0
55
+ ```
56
+ 2. Flag as **HIGH** if `maxSurge: 100%` is set with no steps — 100% of replicas are replaced before any analysis runs.
57
+ 3. For blue-green Rollouts, check whether `autoPromotionEnabled` is set:
58
+ ```yaml
59
+ # Requires manual promotion
60
+ strategy:
61
+ blueGreen:
62
+ activeService: my-app-active
63
+ previewService: my-app-preview
64
+ autoPromotionEnabled: false
65
+ ```
66
+ `autoPromotionEnabled: true` in production without a `prePromotionAnalysis` is a high finding.
67
+
68
+ ### Step 3 — Audit AnalysisTemplate success and failure conditions
69
+
70
+ This is the most critical control — conditions that always evaluate true defeat automated rollback entirely.
71
+
72
+ 1. For each AnalysisTemplate metric, inspect:
73
+ - `spec.metrics[].successCondition` — when is the metric considered passing?
74
+ - `spec.metrics[].failureCondition` — when should it fail?
75
+ - `spec.metrics[].failureLimit` — how many failures are tolerated?
76
+ - `spec.metrics[].provider` — Prometheus, Datadog, web, job, etc.
77
+ 2. Example of a correctly configured error-rate AnalysisTemplate:
78
+ ```yaml
79
+ apiVersion: argoproj.io/v1alpha1
80
+ kind: AnalysisTemplate
81
+ metadata:
82
+ name: error-rate-check
83
+ spec:
84
+ metrics:
85
+ - name: error-rate
86
+ interval: 2m
87
+ count: 5
88
+ failureLimit: 0
89
+ provider:
90
+ prometheus:
91
+ address: http://prometheus.monitoring.svc.cluster.local:9090
92
+ query: |
93
+ sum(rate(http_requests_total{status=~"5..",deployment="{{args.deployment-name}}"}[2m]))
94
+ /
95
+ sum(rate(http_requests_total{deployment="{{args.deployment-name}}"}[2m]))
96
+ successCondition: result[0] < 0.01
97
+ failureCondition: result[0] >= 0.05
98
+ ```
99
+ 3. Flag as **CRITICAL** if `successCondition` evaluates true for all possible metric values:
100
+ - `result >= 0` (always true for any non-negative counter)
101
+ - `true` (literal boolean true)
102
+ - `result != "error"` (only fails on error, never on bad metric values)
103
+ 4. Flag as **HIGH** if `failureCondition` is absent — the metric can only succeed, never explicitly fail.
104
+ 5. Flag as **MEDIUM** if `failureLimit` is set to 100 or greater on an error-rate metric — 100 failures will be tolerated before marking Degraded.
105
+ 6. Flag as **HIGH** if the Prometheus query template references `{{args.deployment-name}}` but no `args` are passed in the Rollout's analysis step — the query evaluates against all deployments, returning misleading results.
106
+
107
+ ### Step 4 — Audit canaryService and stableService isolation
108
+
109
+ Without separate Services, canary pods receive the same traffic distribution as stable — canary traffic isolation does not exist.
110
+
111
+ 1. Check whether both `canaryService` and `stableService` are specified:
112
+ ```bash
113
+ kubectl get rollout <name> -o jsonpath='{.spec.strategy.canary.canaryService},{.spec.strategy.canary.stableService}'
114
+ ```
115
+ 2. Verify the Services exist and have the correct selector labels:
116
+ ```bash
117
+ kubectl get svc <canaryService> <stableService> -o yaml | grep -A 5 "selector"
118
+ ```
119
+ Argo Rollouts manages the `rollouts-pod-template-hash` selector on these Services automatically — verify neither has a hardcoded hash that bypasses Rollouts management.
120
+ 3. Flag as **HIGH** if `canaryService` is absent — all traffic hits the stable Service regardless of setWeight steps.
121
+
122
+ ### Step 5 — Audit traffic provider alignment
123
+
124
+ A misconfigured traffic provider silently ignores all weight changes.
125
+
126
+ 1. Check the traffic routing provider specified in the Rollout:
127
+ ```bash
128
+ kubectl get rollout <name> -o jsonpath='{.spec.strategy.canary.trafficRouting}'
129
+ ```
130
+ 2. Verify the specified provider is actually installed:
131
+ ```bash
132
+ # For Istio
133
+ kubectl get virtualservice -A | head -5
134
+ kubectl get destinationrule -A | head -5
135
+
136
+ # For Nginx
137
+ kubectl get ingressclass | grep nginx
138
+
139
+ # For AWS ALB
140
+ kubectl get ingressclass | grep alb
141
+
142
+ # For Traefik
143
+ kubectl get traefikservice -A 2>/dev/null | head -5
144
+ ```
145
+ 3. Common mismatches:
146
+ - Rollout specifies `trafficRouting.nginx` but the cluster uses AWS ALB Ingress Controller.
147
+ - Rollout specifies `trafficRouting.istio` but Istio is not installed or not managing the service's namespace.
148
+ 4. Flag as **HIGH** if the provider specified does not match installed ingress — weight steps are silently no-ops and all traffic remains on stable.
149
+
150
+ ### Step 6 — Audit PDB compatibility with Rollout surge settings
151
+
152
+ A PDB that prevents pod eviction can deadlock a canary rollout that requires replacing existing pods.
153
+
154
+ 1. Check PDBs in the same namespace as the Rollout:
155
+ ```bash
156
+ kubectl get pdb -n <namespace> -o yaml
157
+ ```
158
+ 2. Check Rollout maxUnavailable and maxSurge:
159
+ ```bash
160
+ kubectl get rollout <name> -o jsonpath='{.spec.strategy.canary.maxUnavailable},{.spec.strategy.canary.maxSurge}'
161
+ ```
162
+ 3. Identify deadlock conditions:
163
+ - `maxUnavailable: 0` in the Rollout means old pods cannot be removed until new pods are Ready.
164
+ - A PDB with `minAvailable: 100%` (or `maxUnavailable: 0`) means no pod can be evicted.
165
+ - Combined: new pods can never start because the cluster has no capacity, and old pods cannot be removed due to PDB — **deadlock**.
166
+ 4. Example of a safe PDB configuration alongside a canary Rollout:
167
+ ```yaml
168
+ # PDB: allow 1 unavailable pod during updates
169
+ apiVersion: policy/v1
170
+ kind: PodDisruptionBudget
171
+ metadata:
172
+ name: my-app-pdb
173
+ spec:
174
+ maxUnavailable: 1
175
+ selector:
176
+ matchLabels:
177
+ app: my-app
178
+
179
+ # Rollout: maxSurge allows creating new pods above desired count
180
+ strategy:
181
+ canary:
182
+ maxSurge: "25%"
183
+ maxUnavailable: 0
184
+ ```
185
+ 5. Flag as **HIGH** if `maxUnavailable: 0` in the Rollout and `maxUnavailable: 0` (or `minAvailable: 100%`) in a PDB matching the same pods.
186
+
187
+ ### Step 7 — Audit rollback posture and history
188
+
189
+ 1. Verify `revisionHistoryLimit` is set to retain enough history for a safe rollback:
190
+ ```bash
191
+ kubectl get rollout <name> -o jsonpath='{.spec.revisionHistoryLimit}'
192
+ ```
193
+ The default is 10. A limit of 1 means only one previous revision is retained — if the rollback target was already overwritten, rollback fails.
194
+ 2. Check `abortScaleDownDelaySeconds` for the canary:
195
+ ```bash
196
+ kubectl get rollout <name> -o jsonpath='{.spec.strategy.canary.abortScaleDownDelaySeconds}'
197
+ ```
198
+ Default is 30 seconds. Setting this to 0 means canary pods are immediately deleted on abort — useful for fast rollback but removes the ability to inspect the canary pods post-abort.
199
+ 3. To manually trigger a rollback:
200
+ ```bash
201
+ kubectl argo rollouts abort <rollout-name> -n <namespace>
202
+ kubectl argo rollouts undo <rollout-name> -n <namespace>
203
+ ```
204
+ 4. Verify automated abort is wired to the AnalysisRun:
205
+ ```bash
206
+ kubectl get analysisrun -A -o yaml | grep -A 5 "phase"
207
+ ```
208
+ An AnalysisRun in `Failed` phase should trigger the Rollout to transition to `Degraded` and initiate rollback automatically.
209
+
210
+ ### Step 8 — Verify Argo Rollouts controller health
211
+
212
+ A degraded or missing Argo Rollouts controller means all Rollout objects are frozen — no progression, no rollback, no weight changes.
213
+
214
+ 1. Check controller health:
215
+ ```bash
216
+ kubectl get pods -n argo-rollouts
217
+ kubectl describe deployment argo-rollouts -n argo-rollouts
218
+ ```
219
+ 2. Check for recent controller errors:
220
+ ```bash
221
+ kubectl logs -n argo-rollouts -l app.kubernetes.io/name=argo-rollouts --tail=50 | grep -i error
222
+ ```
223
+ 3. Flag as **HIGH** if the argo-rollouts controller has unavailable replicas and any Rollout is mid-canary — the canary will not progress or roll back automatically until the controller recovers.
224
+
225
+ ## Output
226
+
227
+ Return:
228
+
229
+ - **target**: Rollout name, namespace, and strategy type, with evidence source,
230
+ - **evidence level**: `live evidence` / `documentation-based` / `sanitized user evidence` / `inference`,
231
+ - **strategy correctness**: steps present/absent, analysis gates present/absent, blue-green autoPromotion setting,
232
+ - **AnalysisTemplate audit**: successCondition and failureCondition correctness, failureLimit values, Prometheus query argument wiring,
233
+ - **service isolation**: canaryService and stableService presence, selector management,
234
+ - **traffic provider alignment**: specified provider vs installed ingress controller,
235
+ - **PDB compatibility**: deadlock risk with Rollout maxSurge/maxUnavailable settings,
236
+ - **rollback posture**: revisionHistoryLimit, abortScaleDownDelaySeconds, automated abort wiring,
237
+ - **controller health**: argo-rollouts controller pod state,
238
+ - **risk findings** (with severity: critical / high / medium / low),
239
+ - **safest next actions** with sample YAML,
240
+ - **assumptions and missing facts**.
241
+
242
+ ## Security notes
243
+
244
+ - Never recommend bypassing AnalysisTemplate gates to force a canary promotion — fix the underlying metric or analysis query instead.
245
+ - Never recommend setting `successCondition: true` or equivalent always-passing conditions to unblock a stuck rollout.
246
+ - A Rollout with `autoPromotionEnabled: true` and no `prePromotionAnalysis` in production is equivalent to a standard Deployment — progressive delivery provides no safety gate.
247
+ - Always verify the AnalysisTemplate Prometheus query actually targets the canary deployment specifically, not the entire service or namespace — a query that averages stable and canary traffic can mask canary errors.
248
+ - Do not recommend increasing `failureLimit` as a fix for a legitimate analysis failure — investigate the root cause first.
package/skills/argocd/argocd-gitops-review/SKILL.md ADDED
@@ -0,0 +1,43 @@
1
+ ---
2
+ name: argocd-gitops-review
3
+ description: Use this skill for Argo CD GitOps review across Application, AppProject, ApplicationSet, sync windows, RBAC, sync impersonation, and Argo CD Agent multi-cluster topologies. Trigger when the user asks whether an Argo CD configuration is safe for production, whether automated sync should be enabled, whether prune+selfHeal is appropriate, whether AppProject scope is too wide, or how to enforce least-privilege sync identity.
4
+ metadata:
5
+ author: "github: Raishin"
6
+ version: "0.1.0"
7
+ ---
8
+
9
+ # Argo CD GitOps Review
10
+
11
+ ## Purpose
12
+
13
+ Review Argo CD `Application`, `AppProject`, `ApplicationSet`, sync windows, RBAC, and the central `argocd-cm` / `argocd-rbac-cm` configuration against blast radius, drift handling, and least-privilege sync identity. Argo CD's controller defaults to cluster-admin permissions on every destination cluster — the security posture lives in `AppProject` boundaries, sync impersonation, and explicit RBAC, not in the controller defaults.
14
+
15
+ ## Lean operating rules
16
+
17
+ - Prefer live cluster evidence (`kubectl get applications,appprojects,applicationsets -n argocd -o yaml` plus the `argocd-cm` and `argocd-rbac-cm` ConfigMaps) when the active client exposes it; otherwise fall back to official Argo CD documentation and sanitized YAML from the user.
18
+ - Separate confirmed facts from inference. If sync history, current health, or RBAC binding state was not queried, say so.
19
+ - Treat `application.sync.impersonation.enabled: false` (default) in production as a critical finding — every sync runs as the controller's cluster-admin ServiceAccount.
20
+ - Treat `AppProject` with `sourceRepos: ['*']` and `destinations: ['*']` as a wide-blast-radius finding — any commit in any repo can deploy anywhere.
21
+ - Treat `automated.prune: true` + `automated.selfHeal: true` on production Applications as critical without an explicit allowlist of authorized Git refs and a tested rollback runbook — Git divergence becomes irreversible deletion.
22
+ - Challenge `ApplicationSet` generators that include unbounded clusters (`clusters: {}`) or label selectors with no exclusion — one mis-labeled cluster joins the rollout.
23
+ - Challenge `syncOptions: ['Replace=true']` and `syncOptions: ['ServerSideApply=false']` on stateful resources — Replace deletes-then-creates, breaking PVC bindings.
24
+ - Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
25
+
26
+ ## References
27
+
28
+ Load these only when needed:
29
+
30
+ - [Evidence path and tooling](references/mcp-and-evidence.md) — use when choosing live cluster evidence, confirming Argo CD install state and version, or switching to documentation mode.
31
+ - [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review, applying stress checks on Application / AppProject / ApplicationSet, or formatting the final answer.
32
+ - [Official sources](references/official-sources.md) — use when you need the detailed Argo CD documentation list, RBAC syntax, and grounded insights from the project.
33
+
34
+ ## Response minimum
35
+
36
+ Return, at minimum:
37
+
38
+ - the scoped target (`Application`, `AppProject`, `ApplicationSet`, or `argocd-rbac-cm` policy) and evidence level,
39
+ - the sync identity (controller default cluster-admin, impersonated ServiceAccount, or `destinationServiceAccount`),
40
+ - the blast radius assessment (`sourceRepos`, `destinations`, `clusterResourceWhitelist`, `namespaceResourceBlacklist`),
41
+ - the drift handling posture (`automated`, `prune`, `selfHeal`, `syncWindows`),
42
+ - the safest next actions and rollback plan,
43
+ - the assumptions or blockers that prevent stronger conclusions.
package/skills/argocd/argocd-gitops-review/metadata.json ADDED
@@ -0,0 +1,30 @@
1
+ {
2
+ "id": "argocd-gitops-review",
3
+ "name": "Argo CD GitOps Review",
4
+ "type": "skill",
5
+ "provider": "argocd",
6
+ "harnesses": [
7
+ "codex",
8
+ "claude-code",
9
+ "cursor",
10
+ "gemini",
11
+ "kiro",
12
+ "other"
13
+ ],
14
+ "summary": "Review Argo CD Application, AppProject, ApplicationSet, sync windows, RBAC, sync impersonation, and Argo CD Agent multi-cluster topologies for blast radius, drift handling, and least-privilege sync identity.",
15
+ "source_type": "original",
16
+ "official_docs": [
17
+ "https://argo-cd.readthedocs.io/en/stable/",
18
+ "https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/",
19
+ "https://argo-cd.readthedocs.io/en/stable/user-guide/auto_sync/",
20
+ "https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/",
21
+ "https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/",
22
+ "https://argo-cd.readthedocs.io/en/stable/proposals/decouple-application-sync-user-using-impersonation/",
23
+ "https://argo-cd.readthedocs.io/en/stable/operator-manual/argocd-cm-yaml/"
24
+ ],
25
+ "security_notes": "Sync impersonation is disabled by default — controller runs as cluster-admin on every destination. AppProject sourceRepos and destinations wildcards remove blast-radius bounds. Automated prune+selfHeal on Git divergence is irreversible. ApplicationSet unbounded cluster generators auto-onboard misconfigured clusters.",
26
+ "last_verified": "2026-05-01",
27
+ "path": "skills/argocd/argocd-gitops-review",
28
+ "author": "github: Raishin",
29
+ "version": "0.1.0"
30
+ }
package/skills/argocd/argocd-gitops-review/references/mcp-and-evidence.md ADDED
@@ -0,0 +1,53 @@
1
+ # Evidence Path and Tooling
2
+
3
+ ## Evidence path
4
+
5
+ 1. Prefer live cluster evidence when a Kubernetes MCP server, `kubectl`, or the `argocd` CLI is available against the Argo CD control-plane cluster.
6
+ 2. Fall back to official Argo CD documentation (argo-cd.readthedocs.io) and the upstream argo-cd GitHub repository when live inspection is unavailable.
7
+ 3. Ask only for sanitized `Application` / `AppProject` / `ApplicationSet` YAML, the redacted `argocd-cm` and `argocd-rbac-cm` ConfigMaps, and `argocd app history` output when current-state proof matters.
8
+ 4. Label conclusions as `live evidence`, `documentation-based`, `sanitized user evidence`, or `inference`.
9
+
10
+ ## Useful live-evidence commands
11
+
12
+ ```shell
13
+ # All Applications, AppProjects, and ApplicationSets in the argocd namespace
14
+ kubectl -n argocd get applications,appprojects,applicationsets -o yaml
15
+
16
+ # Detailed Application status (sync, health, lastSyncRevision)
17
+ kubectl -n argocd get application <app-name> -o yaml
18
+ argocd app get <app-name>
19
+ argocd app history <app-name>
20
+
21
+ # Argo CD configuration (the global config knobs)
22
+ kubectl -n argocd get configmap argocd-cm -o yaml
23
+ kubectl -n argocd get configmap argocd-rbac-cm -o yaml
24
+ kubectl -n argocd get configmap argocd-cmd-params-cm -o yaml
25
+
26
+ # RBAC effective policy
27
+ argocd account list
28
+ argocd account get-user-info <user>
29
+
30
+ # Cluster registrations (every destination cluster has its own Secret)
31
+ kubectl -n argocd get secrets -l argocd.argoproj.io/secret-type=cluster -o yaml
32
+
33
+ # Sync windows on an AppProject
34
+ kubectl -n argocd get appproject <project> -o jsonpath='{.spec.syncWindows}'
35
+
36
+ # Argo CD Agent (hub-and-spoke deployments)
37
+ kubectl -n argocd get agents -o yaml
38
+ ```
39
+
40
+ ## Argo CD install state to confirm before review
41
+
42
+ - Argo CD version (`kubectl -n argocd get deploy argocd-server -o jsonpath='{.spec.template.spec.containers[0].image}'`) — sync impersonation, RBAC granular actions, and ApplicationSet RollingSync arrived in different versions.
43
+ - `application.sync.impersonation.enabled` in `argocd-cm` — `false` (default) means every sync runs as the controller's ServiceAccount on every destination.
44
+ - `application.sync.requireOverridePrivilegeForRevisionSync` in `argocd-cm` — `true` requires explicit override permission for ad-hoc revision syncs.
45
+ - `webhook.maxPayloadSizeMB` in `argocd-cm` — large Helm value files may exceed the default.
46
+ - Whether Argo CD Agent (argocd-agent) is in use for hub-and-spoke multi-cluster — different security model.
47
+ - Whether Argo CD Autopilot manages Argo CD itself via GitOps — change review must include the Autopilot repo.
48
+
49
+ ## Sanitization rules
50
+
51
+ - Never request kubeconfig contents, cluster Secret contents, repository SSH keys, or webhook signing secrets in chat.
52
+ - Replace identifiable cluster URLs and namespaces with placeholders unless the user provides them and confirms it is safe to use them.
53
+ - Do not print Git repository tokens, OCI registry tokens, or Helm OCI credentials.
package/skills/argocd/argocd-gitops-review/references/official-sources.md ADDED
@@ -0,0 +1,32 @@
1
+ # Official Sources
2
+
3
+ Load these only when needed:
4
+
5
+ - [Argo CD documentation home](https://argo-cd.readthedocs.io/en/stable/) — use as the entry point for any Argo CD authoring, install, or operator-side question.
6
+ - [Declarative setup](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/) — use for `Application`, `AppProject`, cluster Secret, repository Secret, and ConfigMap structure.
7
+ - [argocd-cm reference](https://argo-cd.readthedocs.io/en/stable/operator-manual/argocd-cm-yaml/) — use for global controller knobs including `application.sync.impersonation.enabled`, `application.sync.requireOverridePrivilegeForRevisionSync`, and `webhook.maxPayloadSizeMB`.
8
+ - [Auto-sync](https://argo-cd.readthedocs.io/en/stable/user-guide/auto_sync/) — use for `automated`, `prune`, `selfHeal` semantics and operational guidance.
9
+ - [Sync Options](https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/) — use for `Replace`, `Force`, `ServerSideApply`, `PruneLast`, `CreateNamespace`, `Validate=false`, `RespectIgnoreDifferences`.
10
+ - [Sync Windows](https://argo-cd.readthedocs.io/en/stable/user-guide/sync_windows/) — use for deploy-freeze enforcement at the AppProject level.
11
+ - [ApplicationSet Generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators/) — use for `list`, `cluster`, `git`, `matrix`, `merge`, `pullRequest`, `scmProvider` generator semantics.
12
+ - [ApplicationSet Progressive Syncs (RollingSync)](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/) — use for staged ApplicationSet rollouts.
13
+ - [Argo CD RBAC](https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/) — use for `policy.csv` syntax, default role, group bindings, and granular action permissions.
14
+ - [Sync impersonation proposal](https://argo-cd.readthedocs.io/en/stable/proposals/decouple-application-sync-user-using-impersonation/) — use for the AppProject `destinationServiceAccounts` field and the least-privilege sync identity model.
15
+ - [Argo CD upgrading guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/) — use when version-specific RBAC actions or API fields matter.
16
+ - [Argo CD User Management](https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/) — use for SSO via OIDC / SAML / Dex and group claims.
17
+ - [Argo CD Webhook](https://argo-cd.readthedocs.io/en/stable/operator-manual/webhook/) — use for repository webhook setup and signature verification.
18
+ - [Argo CD Agent](https://github.com/argoproj-labs/argocd-agent) — use for hub-and-spoke multi-cluster topologies replacing direct cluster registrations.
19
+ - [Argo CD Autopilot](https://github.com/argoproj-labs/argocd-autopilot) — use when Argo CD itself is managed via GitOps.
20
+
21
+ ## Grounded insights worth carrying into the skill
22
+
23
+ - The Argo CD controller defaults to running as cluster-admin on every destination cluster. The `application.sync.impersonation.enabled` flag in `argocd-cm` is the switch that activates per-Application ServiceAccount impersonation via `destinationServiceAccounts` on the AppProject.
24
+ - `AppProject` boundaries are the only enforced isolation between teams sharing one Argo CD instance. Wildcards in `sourceRepos`, `destinations`, `clusterResourceWhitelist`, or empty `namespaceResourceBlacklist` collapse the boundary.
25
+ - `automated.selfHeal: true` combined with `automated.prune: true` means a Git revert (or Git outage that exposes a stale ref) deletes prod resources. There is no built-in confirmation step.
26
+ - ApplicationSet's `cluster` generator with an empty selector auto-onboards every newly registered cluster. This is the most-cited blast-radius mode in Argo CD post-incident reviews.
27
+ - ApplicationSet RollingSync intentionally forces auto-sync **disabled** on generated Applications (the controller logs warnings if any have auto-sync enabled). RollingSync drives sync via OutOfSync detection, not auto-sync.
28
+ - The `Replace=true` sync option is destructive on `StatefulSet`, `Service`, `PersistentVolumeClaim`, and any resource with finalizers. Argo CD's default three-way merge (or server-side apply on newer versions) is safer.
29
+ - Argo CD RBAC granular actions (e.g., `action/apps/Deployment/restart`, `action/argoproj.io/Rollout/abort`) shipped in v2.8+. Older policies that don't list these still work but won't grant the action — operators may discover gaps after upgrade.
30
+ - The `requireOverridePrivilegeForRevisionSync: true` flag in `argocd-cm` requires explicit `override` permission to sync to a non-tracked revision (e.g., a branch instead of HEAD of the configured target). This blocks easy ad-hoc syncs that bypass Git review.
31
+ - Argo CD Autopilot's bootstrap repo manages Argo CD itself — changes to that repo can disable RBAC, weaken AppProject scopes, or rotate the admin password. Treat the Autopilot repo as a tier-0 control surface.
32
+ - The Argo CD Agent (argocd-agent) introduces a hub-and-spoke topology where the central Argo CD installation does not hold cluster credentials for spoke clusters; agents connect outbound. Different threat model from the classic direct-cluster registration.