@raishin/vanguard-frontier-agentic 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (561) hide show
  1. package/README.md +250 -110
  2. package/agents/AGENTS.md +263 -21
  3. package/agents/argocd/README.md +46 -0
  4. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/AGENT.md +55 -0
  5. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/claude-code.agent.md +35 -0
  6. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/codex.toml +29 -0
  7. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/copilot.agent.md +35 -0
  8. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/cursor.agent.md +35 -0
  9. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/gemini.agent.md +35 -0
  10. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/kiro-cli.agent.json +5 -0
  11. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/kiro-ide.agent.md +35 -0
  12. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/metadata.json +31 -0
  13. package/agents/argocd/argocd-gitops-review-agent/AGENT.md +55 -0
  14. package/agents/argocd/argocd-gitops-review-agent/harnesses/claude-code.agent.md +38 -0
  15. package/agents/argocd/argocd-gitops-review-agent/harnesses/codex.toml +32 -0
  16. package/agents/argocd/argocd-gitops-review-agent/harnesses/copilot.agent.md +38 -0
  17. package/agents/argocd/argocd-gitops-review-agent/harnesses/cursor.agent.md +38 -0
  18. package/agents/argocd/argocd-gitops-review-agent/harnesses/gemini.agent.md +38 -0
  19. package/agents/argocd/argocd-gitops-review-agent/harnesses/kiro-cli.agent.json +5 -0
  20. package/agents/argocd/argocd-gitops-review-agent/harnesses/kiro-ide.agent.md +38 -0
  21. package/agents/argocd/argocd-gitops-review-agent/metadata.json +30 -0
  22. package/agents/aws/aws-live-deployment-guarded-operator-agent/metadata.json +10 -1
  23. package/agents/aws/aws-live-ecs-rollout-guard-agent/metadata.json +10 -1
  24. package/agents/aws/aws-live-iac-change-guard-agent/metadata.json +10 -1
  25. package/agents/aws/aws-live-pipeline-approval-operator-agent/metadata.json +10 -1
  26. package/agents/aws/aws-live-serverless-release-guard-agent/metadata.json +10 -1
  27. package/agents/aws/aws-private-ca-issuer-review-agent/AGENT.md +53 -0
  28. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
  29. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/codex.toml +27 -0
  30. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/copilot.agent.md +36 -0
  31. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/cursor.agent.md +36 -0
  32. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/gemini.agent.md +36 -0
  33. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
  34. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
  35. package/agents/aws/aws-private-ca-issuer-review-agent/metadata.json +37 -0
  36. package/agents/azure/README.md +45 -0
  37. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/AGENT.md +53 -0
  38. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
  39. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/codex.toml +27 -0
  40. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/copilot.agent.md +36 -0
  41. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/cursor.agent.md +36 -0
  42. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/gemini.agent.md +36 -0
  43. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
  44. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
  45. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/metadata.json +36 -0
  46. package/agents/azure/azure-live-aks-rollout-guard-agent/metadata.json +10 -1
  47. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/metadata.json +10 -1
  48. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/metadata.json +10 -1
  49. package/agents/azure/azure-live-cost-budget-action-guard-agent/metadata.json +10 -1
  50. package/agents/azure/azure-live-entra-role-assignment-guard-agent/AGENT.md +59 -0
  51. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/claude-code.agent.md +42 -0
  52. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/codex.toml +34 -0
  53. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/copilot.agent.md +55 -0
  54. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/cursor.agent.md +44 -0
  55. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/gemini.agent.md +43 -0
  56. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  57. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  58. package/agents/azure/azure-live-entra-role-assignment-guard-agent/metadata.json +37 -0
  59. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/metadata.json +10 -1
  60. package/agents/azure/azure-live-pim-jit-activation-guard-agent/metadata.json +11 -2
  61. package/agents/backstage/README.md +36 -0
  62. package/agents/backstage/backstage-scaffolder-template-review-agent/AGENT.md +54 -0
  63. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/claude-code.agent.md +37 -0
  64. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/codex.toml +31 -0
  65. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/copilot.agent.md +37 -0
  66. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/cursor.agent.md +37 -0
  67. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/gemini.agent.md +37 -0
  68. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/kiro-cli.agent.json +5 -0
  69. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/kiro-ide.agent.md +37 -0
  70. package/agents/backstage/backstage-scaffolder-template-review-agent/metadata.json +30 -0
  71. package/agents/cert-manager/README.md +46 -0
  72. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/AGENT.md +55 -0
  73. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/claude-code.agent.md +35 -0
  74. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/codex.toml +29 -0
  75. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/copilot.agent.md +35 -0
  76. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/cursor.agent.md +35 -0
  77. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/gemini.agent.md +35 -0
  78. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/kiro-cli.agent.json +5 -0
  79. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/kiro-ide.agent.md +35 -0
  80. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/metadata.json +31 -0
  81. package/agents/cilium/README.md +46 -0
  82. package/agents/cilium/cilium-network-policy-review-agent/AGENT.md +55 -0
  83. package/agents/cilium/cilium-network-policy-review-agent/harnesses/claude-code.agent.md +38 -0
  84. package/agents/cilium/cilium-network-policy-review-agent/harnesses/codex.toml +32 -0
  85. package/agents/cilium/cilium-network-policy-review-agent/harnesses/copilot.agent.md +38 -0
  86. package/agents/cilium/cilium-network-policy-review-agent/harnesses/cursor.agent.md +38 -0
  87. package/agents/cilium/cilium-network-policy-review-agent/harnesses/gemini.agent.md +38 -0
  88. package/agents/cilium/cilium-network-policy-review-agent/harnesses/kiro-cli.agent.json +5 -0
  89. package/agents/cilium/cilium-network-policy-review-agent/harnesses/kiro-ide.agent.md +38 -0
  90. package/agents/cilium/cilium-network-policy-review-agent/metadata.json +37 -0
  91. package/agents/falco/README.md +36 -0
  92. package/agents/falco/falco-runtime-threat-rules-review-agent/AGENT.md +49 -0
  93. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/claude-code.agent.md +33 -0
  94. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/codex.toml +31 -0
  95. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/copilot.agent.md +33 -0
  96. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/cursor.agent.md +33 -0
  97. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/gemini.agent.md +33 -0
  98. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/kiro-cli.agent.json +5 -0
  99. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/kiro-ide.agent.md +33 -0
  100. package/agents/falco/falco-runtime-threat-rules-review-agent/metadata.json +31 -0
  101. package/agents/finops/README.md +27 -0
  102. package/agents/finops/finops-cloud-price-advisor-agent/metadata.json +10 -1
  103. package/agents/fluxcd/README.md +39 -0
  104. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/AGENT.md +55 -0
  105. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/claude-code.agent.md +38 -0
  106. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/codex.toml +32 -0
  107. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/copilot.agent.md +38 -0
  108. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/cursor.agent.md +38 -0
  109. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/gemini.agent.md +38 -0
  110. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/kiro-cli.agent.json +5 -0
  111. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/kiro-ide.agent.md +38 -0
  112. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/metadata.json +31 -0
  113. package/agents/istio/README.md +46 -0
  114. package/agents/istio/istio-ambient-mesh-review-agent/AGENT.md +55 -0
  115. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/claude-code.agent.md +38 -0
  116. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/codex.toml +32 -0
  117. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/copilot.agent.md +38 -0
  118. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/cursor.agent.md +38 -0
  119. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/gemini.agent.md +38 -0
  120. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/kiro-cli.agent.json +5 -0
  121. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/kiro-ide.agent.md +38 -0
  122. package/agents/istio/istio-ambient-mesh-review-agent/metadata.json +30 -0
  123. package/agents/kubernetes/README.md +143 -0
  124. package/agents/kubernetes/external-secrets-operator-review-agent/AGENT.md +49 -0
  125. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/claude-code.agent.md +33 -0
  126. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/codex.toml +31 -0
  127. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/copilot.agent.md +33 -0
  128. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/cursor.agent.md +33 -0
  129. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/gemini.agent.md +33 -0
  130. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/kiro-cli.agent.json +5 -0
  131. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/kiro-ide.agent.md +33 -0
  132. package/agents/kubernetes/external-secrets-operator-review-agent/metadata.json +31 -0
  133. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/AGENT.md +56 -0
  134. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/claude-code.agent.md +39 -0
  135. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/codex.toml +34 -0
  136. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/copilot.agent.md +39 -0
  137. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/cursor.agent.md +39 -0
  138. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/gemini.agent.md +39 -0
  139. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/kiro-cli.agent.json +5 -0
  140. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/kiro-ide.agent.md +39 -0
  141. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/metadata.json +31 -0
  142. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/AGENT.md +59 -0
  143. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
  144. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/codex.toml +33 -0
  145. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/copilot.agent.md +42 -0
  146. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/cursor.agent.md +42 -0
  147. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/gemini.agent.md +42 -0
  148. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  149. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  150. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/metadata.json +37 -0
  151. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/AGENT.md +59 -0
  152. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/claude-code.agent.md +42 -0
  153. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/codex.toml +33 -0
  154. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/copilot.agent.md +42 -0
  155. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/cursor.agent.md +42 -0
  156. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/gemini.agent.md +42 -0
  157. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  158. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  159. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/metadata.json +37 -0
  160. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/AGENT.md +59 -0
  161. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
  162. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/codex.toml +33 -0
  163. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/copilot.agent.md +42 -0
  164. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/cursor.agent.md +42 -0
  165. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/gemini.agent.md +42 -0
  166. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  167. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  168. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/metadata.json +37 -0
  169. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/AGENT.md +59 -0
  170. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
  171. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/codex.toml +33 -0
  172. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/copilot.agent.md +42 -0
  173. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/cursor.agent.md +42 -0
  174. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/gemini.agent.md +42 -0
  175. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  176. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  177. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/metadata.json +37 -0
  178. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/AGENT.md +59 -0
  179. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/claude-code.agent.md +42 -0
  180. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/codex.toml +34 -0
  181. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/copilot.agent.md +55 -0
  182. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/cursor.agent.md +44 -0
  183. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/gemini.agent.md +43 -0
  184. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  185. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  186. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/metadata.json +36 -0
  187. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/AGENT.md +62 -0
  188. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/claude-code.agent.md +43 -0
  189. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/codex.toml +35 -0
  190. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/copilot.agent.md +43 -0
  191. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/cursor.agent.md +43 -0
  192. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/gemini.agent.md +43 -0
  193. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  194. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/kiro-ide.agent.md +43 -0
  195. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/metadata.json +38 -0
  196. package/agents/kubernetes/kubernetes-maestro-agent/AGENT.md +55 -0
  197. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/claude-code.agent.md +38 -0
  198. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/codex.toml +34 -0
  199. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/copilot.agent.md +38 -0
  200. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/cursor.agent.md +38 -0
  201. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/gemini.agent.md +38 -0
  202. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
  203. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/kiro-ide.agent.md +38 -0
  204. package/agents/kubernetes/kubernetes-maestro-agent/metadata.json +40 -0
  205. package/agents/kubernetes/kubernetes-pod-spec-review-agent/AGENT.md +54 -0
  206. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/claude-code.agent.md +37 -0
  207. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/codex.toml +27 -0
  208. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/copilot.agent.md +37 -0
  209. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/cursor.agent.md +37 -0
  210. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/gemini.agent.md +37 -0
  211. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/kiro-cli.agent.json +5 -0
  212. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/kiro-ide.agent.md +37 -0
  213. package/agents/kubernetes/kubernetes-pod-spec-review-agent/metadata.json +38 -0
  214. package/agents/kubernetes/kubernetes-psa-review-agent/AGENT.md +55 -0
  215. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/claude-code.agent.md +36 -0
  216. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/codex.toml +29 -0
  217. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/copilot.agent.md +36 -0
  218. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/cursor.agent.md +36 -0
  219. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/gemini.agent.md +36 -0
  220. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/kiro-cli.agent.json +5 -0
  221. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/kiro-ide.agent.md +36 -0
  222. package/agents/kubernetes/kubernetes-psa-review-agent/metadata.json +38 -0
  223. package/agents/kubernetes/kubernetes-rbac-review-agent/AGENT.md +55 -0
  224. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/claude-code.agent.md +38 -0
  225. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/codex.toml +32 -0
  226. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/copilot.agent.md +51 -0
  227. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/cursor.agent.md +40 -0
  228. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/gemini.agent.md +39 -0
  229. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/kiro-cli.agent.json +5 -0
  230. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/kiro-ide.agent.md +38 -0
  231. package/agents/kubernetes/kubernetes-rbac-review-agent/metadata.json +36 -0
  232. package/agents/kubernetes/kubernetes-workload-identity-review-agent/AGENT.md +55 -0
  233. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/claude-code.agent.md +37 -0
  234. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/codex.toml +29 -0
  235. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/copilot.agent.md +37 -0
  236. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/cursor.agent.md +37 -0
  237. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/gemini.agent.md +37 -0
  238. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/kiro-cli.agent.json +5 -0
  239. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/kiro-ide.agent.md +37 -0
  240. package/agents/kubernetes/kubernetes-workload-identity-review-agent/metadata.json +37 -0
  241. package/agents/kyverno/README.md +46 -0
  242. package/agents/kyverno/kyverno-policy-review-agent/AGENT.md +55 -0
  243. package/agents/kyverno/kyverno-policy-review-agent/harnesses/claude-code.agent.md +38 -0
  244. package/agents/kyverno/kyverno-policy-review-agent/harnesses/codex.toml +32 -0
  245. package/agents/kyverno/kyverno-policy-review-agent/harnesses/copilot.agent.md +38 -0
  246. package/agents/kyverno/kyverno-policy-review-agent/harnesses/cursor.agent.md +38 -0
  247. package/agents/kyverno/kyverno-policy-review-agent/harnesses/gemini.agent.md +38 -0
  248. package/agents/kyverno/kyverno-policy-review-agent/harnesses/kiro-cli.agent.json +5 -0
  249. package/agents/kyverno/kyverno-policy-review-agent/harnesses/kiro-ide.agent.md +38 -0
  250. package/agents/kyverno/kyverno-policy-review-agent/metadata.json +30 -0
  251. package/agents/oci/README.md +45 -0
  252. package/agents/oci/oci-certificates-issuer-review-agent/AGENT.md +53 -0
  253. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
  254. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/codex.toml +27 -0
  255. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/copilot.agent.md +36 -0
  256. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/cursor.agent.md +36 -0
  257. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/gemini.agent.md +36 -0
  258. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
  259. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
  260. package/agents/oci/oci-certificates-issuer-review-agent/metadata.json +36 -0
  261. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/metadata.json +11 -2
  262. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/metadata.json +11 -2
  263. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/metadata.json +10 -1
  264. package/agents/oci/oci-live-network-security-rule-guard-agent/AGENT.md +59 -0
  265. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/claude-code.agent.md +42 -0
  266. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/codex.toml +34 -0
  267. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/copilot.agent.md +55 -0
  268. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/cursor.agent.md +44 -0
  269. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/gemini.agent.md +43 -0
  270. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  271. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  272. package/agents/oci/oci-live-network-security-rule-guard-agent/metadata.json +37 -0
  273. package/agents/oci/oci-live-oke-rollout-guard-agent/metadata.json +11 -2
  274. package/agents/oci/oci-live-resource-manager-stack-guard-agent/metadata.json +10 -1
  275. package/agents/oci/oci-live-vault-key-destruction-guard-agent/metadata.json +10 -1
  276. package/agents/opentelemetry/README.md +37 -0
  277. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/AGENT.md +55 -0
  278. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/claude-code.agent.md +38 -0
  279. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/codex.toml +32 -0
  280. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/copilot.agent.md +38 -0
  281. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/cursor.agent.md +38 -0
  282. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/gemini.agent.md +38 -0
  283. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/kiro-cli.agent.json +5 -0
  284. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/kiro-ide.agent.md +38 -0
  285. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/metadata.json +37 -0
  286. package/agents/prometheus/README.md +36 -0
  287. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/AGENT.md +48 -0
  288. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/claude-code.agent.md +32 -0
  289. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/codex.toml +31 -0
  290. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/copilot.agent.md +32 -0
  291. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/cursor.agent.md +32 -0
  292. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/gemini.agent.md +32 -0
  293. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/kiro-cli.agent.json +5 -0
  294. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/kiro-ide.agent.md +32 -0
  295. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/metadata.json +31 -0
  296. package/agents/sigstore/README.md +38 -0
  297. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/AGENT.md +55 -0
  298. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/claude-code.agent.md +35 -0
  299. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/codex.toml +29 -0
  300. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/copilot.agent.md +35 -0
  301. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/cursor.agent.md +35 -0
  302. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/gemini.agent.md +35 -0
  303. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/kiro-cli.agent.json +5 -0
  304. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/kiro-ide.agent.md +35 -0
  305. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/metadata.json +31 -0
  306. package/agents/terraform/README.md +29 -0
  307. package/agents/terraform/terraform-reviewer/AGENT.md +2 -1
  308. package/agents/terraform/terraform-reviewer/harnesses/claude-code.agent.md +29 -0
  309. package/agents/terraform/terraform-reviewer/harnesses/codex.toml +29 -0
  310. package/agents/terraform/terraform-reviewer/harnesses/copilot.agent.md +42 -0
  311. package/agents/terraform/terraform-reviewer/harnesses/cursor.agent.md +31 -0
  312. package/agents/terraform/terraform-reviewer/harnesses/gemini.agent.md +30 -0
  313. package/agents/terraform/terraform-reviewer/harnesses/kiro-cli.agent.json +5 -0
  314. package/agents/terraform/terraform-reviewer/harnesses/kiro-ide.agent.md +29 -0
  315. package/agents/terraform/terraform-reviewer/metadata.json +10 -1
  316. package/agents/velero/README.md +41 -0
  317. package/assets/logos/vanguard-frontier-agentic-logo.png +0 -0
  318. package/catalog/agents.json +1452 -634
  319. package/catalog/install-roles.json +455 -0
  320. package/catalog/skill-manifest.json +1089 -335
  321. package/catalog/skills.json +1298 -528
  322. package/package.json +32 -3
  323. package/schemas/AGENTS.md +14 -0
  324. package/schemas/agent.frontmatter.schema.json +89 -0
  325. package/schemas/agent.schema.json +8 -0
  326. package/schemas/skill.frontmatter.schema.json +95 -0
  327. package/scripts/apply-skill-allowed-tools.py +142 -0
  328. package/scripts/backfill-skill-metadata.py +410 -0
  329. package/scripts/export-marketplace-agents.mjs +275 -9
  330. package/scripts/update-catalog-new-agents.py +88 -0
  331. package/skills/argocd/README.md +30 -0
  332. package/skills/argocd/argo-rollouts-progressive-delivery-review/SKILL.md +43 -0
  333. package/skills/argocd/argo-rollouts-progressive-delivery-review/metadata.json +22 -0
  334. package/skills/argocd/argo-rollouts-progressive-delivery-review/references/workflow-and-output.md +248 -0
  335. package/skills/argocd/argocd-gitops-review/SKILL.md +46 -0
  336. package/skills/argocd/argocd-gitops-review/metadata.json +30 -0
  337. package/skills/argocd/argocd-gitops-review/references/mcp-and-evidence.md +53 -0
  338. package/skills/argocd/argocd-gitops-review/references/official-sources.md +32 -0
  339. package/skills/argocd/argocd-gitops-review/references/workflow-and-output.md +120 -0
  340. package/skills/aws/README.md +3 -1
  341. package/skills/aws/aws-agentcore/SKILL.md +3 -0
  342. package/skills/aws/aws-api-edge-delivery-review/SKILL.md +3 -0
  343. package/skills/aws/aws-bedrock-agent-security-governor/SKILL.md +3 -0
  344. package/skills/aws/aws-change-impact-advisor/SKILL.md +3 -0
  345. package/skills/aws/aws-ci-cd-release-engineer/SKILL.md +3 -0
  346. package/skills/aws/aws-compliance-evidence-mapper/SKILL.md +3 -0
  347. package/skills/aws/aws-cost-anomaly-watch-coordinator/SKILL.md +3 -0
  348. package/skills/aws/aws-cost-optimization-governor/SKILL.md +3 -0
  349. package/skills/aws/aws-daily-operations-briefing-coordinator/SKILL.md +3 -0
  350. package/skills/aws/aws-data-protection-backup-steward/SKILL.md +3 -0
  351. package/skills/aws/aws-deployment-hotfix-operator/SKILL.md +3 -0
  352. package/skills/aws/aws-devops-agent-skill-designer/SKILL.md +3 -0
  353. package/skills/aws/aws-dynamodb-data-modeling-performance-review/SKILL.md +3 -0
  354. package/skills/aws/aws-ec2-compute-operations-steward/SKILL.md +3 -0
  355. package/skills/aws/aws-ecs-fargate-platform-operator/SKILL.md +3 -0
  356. package/skills/aws/aws-ecs-service-remediation-operator/SKILL.md +3 -0
  357. package/skills/aws/aws-eks-platform-operator/SKILL.md +3 -0
  358. package/skills/aws/aws-event-driven-architecture-review/SKILL.md +3 -0
  359. package/skills/aws/aws-generative-ai-developer/SKILL.md +3 -0
  360. package/skills/aws/aws-iac-change-safety-review/SKILL.md +3 -0
  361. package/skills/aws/aws-iac-patch-executor/SKILL.md +3 -0
  362. package/skills/aws/aws-iam-least-privilege-review/SKILL.md +3 -0
  363. package/skills/aws/aws-kms-secrets-lifecycle-steward/SKILL.md +3 -0
  364. package/skills/aws/aws-landing-zone-governor/SKILL.md +3 -0
  365. package/skills/aws/aws-live-deployment-guarded-operator/SKILL.md +3 -0
  366. package/skills/aws/aws-live-ecs-rollout-guard/SKILL.md +3 -0
  367. package/skills/aws/aws-live-iac-change-guard/SKILL.md +3 -0
  368. package/skills/aws/aws-live-pipeline-approval-operator/SKILL.md +3 -0
  369. package/skills/aws/aws-live-serverless-release-guard/SKILL.md +3 -0
  370. package/skills/aws/aws-maestro/SKILL.md +3 -0
  371. package/skills/aws/aws-maestro/references/workflow-and-output.md +2 -0
  372. package/skills/aws/aws-migration-cutover-architect/SKILL.md +3 -0
  373. package/skills/aws/aws-network-architect/SKILL.md +3 -0
  374. package/skills/aws/aws-non-destructive-task-automation-advisor/SKILL.md +3 -0
  375. package/skills/aws/aws-observability-incident-responder/SKILL.md +3 -0
  376. package/skills/aws/aws-pipeline-fix-operator/SKILL.md +3 -0
  377. package/skills/aws/aws-private-ca-issuer-review/SKILL.md +42 -0
  378. package/skills/aws/aws-private-ca-issuer-review/metadata.json +21 -0
  379. package/skills/aws/aws-private-ca-issuer-review/references/official-sources.md +22 -0
  380. package/skills/aws/aws-private-ca-issuer-review/references/safety-checklist.md +30 -0
  381. package/skills/aws/aws-private-ca-issuer-review/references/workflow-and-output.md +214 -0
  382. package/skills/aws/aws-rds-aurora-performance-investigator/SKILL.md +3 -0
  383. package/skills/aws/aws-resilience-bcdr-review/SKILL.md +3 -0
  384. package/skills/aws/aws-s3-data-perimeter-governor/SKILL.md +3 -0
  385. package/skills/aws/aws-security-posture-hardening/SKILL.md +3 -0
  386. package/skills/aws/aws-serverless-production-readiness/SKILL.md +3 -0
  387. package/skills/aws/aws-serverless-rollout-corrector/SKILL.md +3 -0
  388. package/skills/aws/aws-solution-architect/SKILL.md +3 -0
  389. package/skills/aws/aws-ticket-triage-escalation-coordinator/SKILL.md +3 -0
  390. package/skills/azure/README.md +3 -1
  391. package/skills/azure/azure-ai-foundry-ops-governor/SKILL.md +3 -0
  392. package/skills/azure/azure-aks-platform-operator/SKILL.md +3 -0
  393. package/skills/azure/azure-app-service-production-readiness/SKILL.md +3 -0
  394. package/skills/azure/azure-cosmosdb-application-developer/SKILL.md +3 -0
  395. package/skills/azure/azure-cosmosdb-performance-investigator/SKILL.md +3 -0
  396. package/skills/azure/azure-cosmosdb-platform-operator/SKILL.md +3 -0
  397. package/skills/azure/azure-cost-estimation-review/SKILL.md +3 -0
  398. package/skills/azure/azure-cost-optimization-governor/SKILL.md +3 -0
  399. package/skills/azure/azure-entra-id-specialist/SKILL.md +3 -0
  400. package/skills/azure/azure-governance-policy-guardrails/SKILL.md +3 -0
  401. package/skills/azure/azure-identity-governance-review/SKILL.md +3 -0
  402. package/skills/azure/azure-key-vault-secret-lifecycle-auditor/SKILL.md +3 -0
  403. package/skills/azure/azure-keyvault-certificate-issuer-review/SKILL.md +40 -0
  404. package/skills/azure/azure-keyvault-certificate-issuer-review/metadata.json +20 -0
  405. package/skills/azure/azure-keyvault-certificate-issuer-review/references/workflow-and-output.md +190 -0
  406. package/skills/azure/azure-landing-zone-architect/SKILL.md +3 -0
  407. package/skills/azure/azure-live-aks-rollout-guard/SKILL.md +3 -0
  408. package/skills/azure/azure-live-app-service-slot-swap-guard/SKILL.md +3 -0
  409. package/skills/azure/azure-live-arm-deployment-stack-guard/SKILL.md +3 -0
  410. package/skills/azure/azure-live-cost-budget-action-guard/SKILL.md +3 -0
  411. package/skills/azure/azure-live-entra-role-assignment-guard/SKILL.md +59 -0
  412. package/skills/azure/azure-live-entra-role-assignment-guard/metadata.json +28 -0
  413. package/skills/azure/azure-live-entra-role-assignment-guard/references/official-sources.md +21 -0
  414. package/skills/azure/azure-live-entra-role-assignment-guard/references/permission-model.md +70 -0
  415. package/skills/azure/azure-live-entra-role-assignment-guard/references/preflight-commands.md +69 -0
  416. package/skills/azure/azure-live-entra-role-assignment-guard/references/rollback-playbook.md +51 -0
  417. package/skills/azure/azure-live-keyvault-rotation-purge-guard/SKILL.md +3 -0
  418. package/skills/azure/azure-live-pim-jit-activation-guard/SKILL.md +3 -0
  419. package/skills/azure/azure-maestro/SKILL.md +3 -0
  420. package/skills/azure/azure-migrate-landing-zone-cutover/SKILL.md +3 -0
  421. package/skills/azure/azure-network-topology-review/SKILL.md +3 -0
  422. package/skills/azure/azure-observability-investigator/SKILL.md +3 -0
  423. package/skills/azure/azure-platform-automation-devops/SKILL.md +3 -0
  424. package/skills/azure/azure-private-endpoint-adoption-planner/SKILL.md +3 -0
  425. package/skills/azure/azure-rbac-review/SKILL.md +3 -0
  426. package/skills/azure/azure-resilience-bcdr-review/SKILL.md +3 -0
  427. package/skills/azure/azure-resource-health-incident-triage/SKILL.md +3 -0
  428. package/skills/azure/azure-role-selector/SKILL.md +3 -0
  429. package/skills/azure/azure-security-posture-hardening/SKILL.md +3 -0
  430. package/skills/azure/azure-subscription-resource-organization/SKILL.md +3 -0
  431. package/skills/backstage/backstage-scaffolder-template-review/SKILL.md +42 -0
  432. package/skills/backstage/backstage-scaffolder-template-review/metadata.json +21 -0
  433. package/skills/backstage/backstage-scaffolder-template-review/references/workflow-and-output.md +179 -0
  434. package/skills/cert-manager/cert-manager-issuer-trust-review/SKILL.md +43 -0
  435. package/skills/cert-manager/cert-manager-issuer-trust-review/metadata.json +22 -0
  436. package/skills/cert-manager/cert-manager-issuer-trust-review/references/workflow-and-output.md +222 -0
  437. package/skills/cilium/README.md +30 -0
  438. package/skills/cilium/cilium-network-policy-review/SKILL.md +46 -0
  439. package/skills/cilium/cilium-network-policy-review/metadata.json +30 -0
  440. package/skills/cilium/cilium-network-policy-review/references/mcp-and-evidence.md +52 -0
  441. package/skills/cilium/cilium-network-policy-review/references/official-sources.md +30 -0
  442. package/skills/cilium/cilium-network-policy-review/references/workflow-and-output.md +130 -0
  443. package/skills/falco/falco-runtime-threat-rules-review/SKILL.md +40 -0
  444. package/skills/falco/falco-runtime-threat-rules-review/metadata.json +22 -0
  445. package/skills/falco/falco-runtime-threat-rules-review/references/workflow-and-output.md +249 -0
  446. package/skills/finops/README.md +30 -0
  447. package/skills/finops/finops-cloud-price-advisor/SKILL.md +3 -0
  448. package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/SKILL.md +43 -0
  449. package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/metadata.json +22 -0
  450. package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/references/workflow-and-output.md +243 -0
  451. package/skills/istio/README.md +28 -0
  452. package/skills/istio/istio-ambient-mesh-review/SKILL.md +46 -0
  453. package/skills/istio/istio-ambient-mesh-review/metadata.json +30 -0
  454. package/skills/istio/istio-ambient-mesh-review/references/mcp-and-evidence.md +59 -0
  455. package/skills/istio/istio-ambient-mesh-review/references/official-sources.md +32 -0
  456. package/skills/istio/istio-ambient-mesh-review/references/workflow-and-output.md +128 -0
  457. package/skills/kubernetes/README.md +30 -0
  458. package/skills/kubernetes/external-secrets-operator-review/SKILL.md +40 -0
  459. package/skills/kubernetes/external-secrets-operator-review/metadata.json +22 -0
  460. package/skills/kubernetes/external-secrets-operator-review/references/workflow-and-output.md +280 -0
  461. package/skills/kubernetes/kubecost-chargeback-allocation-review/SKILL.md +43 -0
  462. package/skills/kubernetes/kubecost-chargeback-allocation-review/metadata.json +22 -0
  463. package/skills/kubernetes/kubecost-chargeback-allocation-review/references/workflow-and-output.md +215 -0
  464. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/SKILL.md +60 -0
  465. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/metadata.json +27 -0
  466. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/official-sources.md +18 -0
  467. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/permission-model.md +78 -0
  468. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/preflight-commands.md +81 -0
  469. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/rollback-playbook.md +61 -0
  470. package/skills/kubernetes/kubernetes-maestro/SKILL.md +48 -0
  471. package/skills/kubernetes/kubernetes-maestro/metadata.json +24 -0
  472. package/skills/kubernetes/kubernetes-maestro/references/safety-checklist.md +78 -0
  473. package/skills/kubernetes/kubernetes-maestro/references/workflow-and-output.md +206 -0
  474. package/skills/kubernetes/kubernetes-pod-security-admission-review/SKILL.md +46 -0
  475. package/skills/kubernetes/kubernetes-pod-security-admission-review/metadata.json +28 -0
  476. package/skills/kubernetes/kubernetes-pod-security-admission-review/references/mcp-and-evidence.md +49 -0
  477. package/skills/kubernetes/kubernetes-pod-security-admission-review/references/official-sources.md +26 -0
  478. package/skills/kubernetes/kubernetes-pod-security-admission-review/references/workflow-and-output.md +129 -0
  479. package/skills/kubernetes/kubernetes-pod-spec-review/SKILL.md +41 -0
  480. package/skills/kubernetes/kubernetes-pod-spec-review/metadata.json +22 -0
  481. package/skills/kubernetes/kubernetes-pod-spec-review/references/workflow-and-output.md +229 -0
  482. package/skills/kubernetes/kubernetes-rbac-review/SKILL.md +41 -0
  483. package/skills/kubernetes/kubernetes-rbac-review/metadata.json +27 -0
  484. package/skills/kubernetes/kubernetes-rbac-review/references/mcp-and-evidence.md +34 -0
  485. package/skills/kubernetes/kubernetes-rbac-review/references/official-sources.md +22 -0
  486. package/skills/kubernetes/kubernetes-rbac-review/references/workflow-and-output.md +44 -0
  487. package/skills/kubernetes/kubernetes-workload-identity-review/SKILL.md +46 -0
  488. package/skills/kubernetes/kubernetes-workload-identity-review/metadata.json +29 -0
  489. package/skills/kubernetes/kubernetes-workload-identity-review/references/mcp-and-evidence.md +57 -0
  490. package/skills/kubernetes/kubernetes-workload-identity-review/references/official-sources.md +47 -0
  491. package/skills/kubernetes/kubernetes-workload-identity-review/references/workflow-and-output.md +166 -0
  492. package/skills/kyverno/README.md +30 -0
  493. package/skills/kyverno/kyverno-policy-review/SKILL.md +46 -0
  494. package/skills/kyverno/kyverno-policy-review/metadata.json +30 -0
  495. package/skills/kyverno/kyverno-policy-review/references/mcp-and-evidence.md +49 -0
  496. package/skills/kyverno/kyverno-policy-review/references/official-sources.md +31 -0
  497. package/skills/kyverno/kyverno-policy-review/references/workflow-and-output.md +106 -0
  498. package/skills/oci/README.md +63 -0
  499. package/skills/oci/oci-autonomous-database-architect/SKILL.md +3 -0
  500. package/skills/oci/oci-certificates-issuer-review/SKILL.md +40 -0
  501. package/skills/oci/oci-certificates-issuer-review/metadata.json +20 -0
  502. package/skills/oci/oci-certificates-issuer-review/references/workflow-and-output.md +207 -0
  503. package/skills/oci/oci-cloud-guard-responder/SKILL.md +3 -0
  504. package/skills/oci/oci-compute-instance-agent-operator/SKILL.md +3 -0
  505. package/skills/oci/oci-compute-platform-operator/SKILL.md +3 -0
  506. package/skills/oci/oci-cost-finops-analyst/SKILL.md +3 -0
  507. package/skills/oci/oci-database-platform-dba/SKILL.md +3 -0
  508. package/skills/oci/oci-dbtools-sql-analyst/SKILL.md +3 -0
  509. package/skills/oci/oci-devops-container-platform-engineer/SKILL.md +3 -0
  510. package/skills/oci/oci-exadata-database-architect/SKILL.md +3 -0
  511. package/skills/oci/oci-exadata-platform-architect/SKILL.md +3 -0
  512. package/skills/oci/oci-fusion-apps-environment-operator/SKILL.md +3 -0
  513. package/skills/oci/oci-goldengate-replication-operator/SKILL.md +3 -0
  514. package/skills/oci/oci-identity-access-governor/SKILL.md +3 -0
  515. package/skills/oci/oci-iot-digital-twin-engineer/SKILL.md +3 -0
  516. package/skills/oci/oci-limits-capacity-planner/SKILL.md +3 -0
  517. package/skills/oci/oci-live-autonomous-db-lifecycle-guard/SKILL.md +3 -0
  518. package/skills/oci/oci-live-cost-budget-runaway-guard/SKILL.md +3 -0
  519. package/skills/oci/oci-live-iam-policy-compartment-guard/SKILL.md +3 -0
  520. package/skills/oci/oci-live-network-security-rule-guard/SKILL.md +60 -0
  521. package/skills/oci/oci-live-network-security-rule-guard/metadata.json +28 -0
  522. package/skills/oci/oci-live-network-security-rule-guard/references/official-sources.md +21 -0
  523. package/skills/oci/oci-live-network-security-rule-guard/references/permission-model.md +65 -0
  524. package/skills/oci/oci-live-network-security-rule-guard/references/preflight-commands.md +69 -0
  525. package/skills/oci/oci-live-network-security-rule-guard/references/rollback-playbook.md +79 -0
  526. package/skills/oci/oci-live-oke-rollout-guard/SKILL.md +3 -0
  527. package/skills/oci/oci-live-resource-manager-stack-guard/SKILL.md +3 -0
  528. package/skills/oci/oci-live-vault-key-destruction-guard/SKILL.md +3 -0
  529. package/skills/oci/oci-load-balancer-traffic-engineer/SKILL.md +3 -0
  530. package/skills/oci/oci-maestro/SKILL.md +3 -0
  531. package/skills/oci/oci-migration-cutover-architect/SKILL.md +3 -0
  532. package/skills/oci/oci-multi-cloud-architect/SKILL.md +3 -0
  533. package/skills/oci/oci-mysql-heatwave-ai-specialist/SKILL.md +3 -0
  534. package/skills/oci/oci-network-architect/SKILL.md +3 -0
  535. package/skills/oci/oci-observability-incident-responder/SKILL.md +3 -0
  536. package/skills/oci/oci-recovery-service-operator/SKILL.md +3 -0
  537. package/skills/oci/oci-registry-artifact-governor/SKILL.md +3 -0
  538. package/skills/oci/oci-resource-search-inventory-analyst/SKILL.md +3 -0
  539. package/skills/oci/oci-security-compliance-reviewer/SKILL.md +3 -0
  540. package/skills/oci/oci-solution-architect/SKILL.md +3 -0
  541. package/skills/oci/oci-storage-backup-steward/SKILL.md +3 -0
  542. package/skills/oci/oci-support-incident-coordinator/SKILL.md +3 -0
  543. package/skills/oci/oracle-oci-mcp-grounded-advisor/SKILL.md +3 -0
  544. package/skills/opentelemetry/README.md +31 -0
  545. package/skills/opentelemetry/opentelemetry-collector-config-review/SKILL.md +47 -0
  546. package/skills/opentelemetry/opentelemetry-collector-config-review/metadata.json +30 -0
  547. package/skills/opentelemetry/opentelemetry-collector-config-review/references/mcp-and-evidence.md +49 -0
  548. package/skills/opentelemetry/opentelemetry-collector-config-review/references/official-sources.md +31 -0
  549. package/skills/opentelemetry/opentelemetry-collector-config-review/references/workflow-and-output.md +155 -0
  550. package/skills/prometheus/prometheus-alerting-cardinality-review/SKILL.md +41 -0
  551. package/skills/prometheus/prometheus-alerting-cardinality-review/metadata.json +22 -0
  552. package/skills/prometheus/prometheus-alerting-cardinality-review/references/workflow-and-output.md +221 -0
  553. package/skills/sigstore/sigstore-cosign-supply-chain-review/SKILL.md +42 -0
  554. package/skills/sigstore/sigstore-cosign-supply-chain-review/metadata.json +22 -0
  555. package/skills/sigstore/sigstore-cosign-supply-chain-review/references/workflow-and-output.md +196 -0
  556. package/skills/terraform/README.md +29 -0
  557. package/skills/terraform/terraform-maestro/SKILL.md +3 -0
  558. package/skills/velero/velero-backup-restore-guard/SKILL.md +44 -0
  559. package/skills/velero/velero-backup-restore-guard/metadata.json +21 -0
  560. package/skills/velero/velero-backup-restore-guard/references/safety-checklist.md +40 -0
  561. package/skills/velero/velero-backup-restore-guard/references/workflow-and-output.md +202 -0
package/README.md CHANGED
@@ -1,16 +1,34 @@
1
1
  # Vanguard Frontier Agentic
2
2
 
3
3
  <div align="center">
4
+
5
+ <!-- 🖼️ PROJECT LOGO — created and ready to display -->
6
+ <img src="assets/logos/vanguard-frontier-agentic-logo.png" alt="Vanguard Frontier Agentic" width="220" />
7
+
4
8
  <p><strong>A curated marketplace for cloud and zero-trust AI workflows.</strong></p>
5
9
 
10
+ <p>
11
+ <a href="https://www.npmjs.com/package/@raishin/vanguard-frontier-agentic"><img alt="npm version" src="https://img.shields.io/npm/v/@raishin/vanguard-frontier-agentic.svg?logo=npm" /></a>
12
+ <a href="LICENSE"><img alt="License: Apache-2.0" src="https://img.shields.io/badge/license-Apache--2.0-blue.svg" /></a>
13
+ <a href="https://github.com/Raishin/vanguard-frontier-agentic/actions/workflows/codeql.yml"><img alt="CodeQL" src="https://github.com/Raishin/vanguard-frontier-agentic/actions/workflows/codeql.yml/badge.svg?branch=master" /></a>
14
+ <a href="https://github.com/Raishin/vanguard-frontier-agentic/actions/workflows/install-paths-smoke.yml"><img alt="Install Paths Smoke" src="https://github.com/Raishin/vanguard-frontier-agentic/actions/workflows/install-paths-smoke.yml/badge.svg?branch=master" /></a>
15
+ <a href="https://scorecard.dev/viewer/?uri=github.com/Raishin/vanguard-frontier-agentic"><img alt="OpenSSF Scorecard" src="https://api.securityscorecards.dev/projects/github.com/Raishin/vanguard-frontier-agentic/badge" /></a>
16
+ <a href="https://github.com/Raishin/vanguard-frontier-agentic/actions/workflows/docs-quality.yml"><img alt="Docs Quality" src="https://github.com/Raishin/vanguard-frontier-agentic/actions/workflows/docs-quality.yml/badge.svg?branch=master" /></a>
17
+ <a href="https://docs.npmjs.com/generating-provenance-statements"><img alt="npm provenance" src="https://img.shields.io/badge/npm-provenance-26a566.svg?logo=npm" /></a>
18
+ <a href="CONTRIBUTING.md"><img alt="PRs welcome" src="https://img.shields.io/badge/PRs-welcome-brightgreen.svg" /></a>
19
+ </p>
20
+
6
21
  <p>
7
22
  <a href="#get-started">Get Started</a> &nbsp;·&nbsp;
23
+ <a href="#install-reference">Install Reference</a> &nbsp;·&nbsp;
8
24
  <a href="#skills">Skills</a> &nbsp;·&nbsp;
9
25
  <a href="#agents">Agents</a> &nbsp;·&nbsp;
10
- <a href="#cli-commands">Commands</a> &nbsp;·&nbsp;
11
26
  <a href="https://github.com/Raishin/vanguard-frontier-agentic/issues">Issues</a> &nbsp;·&nbsp;
12
27
  <a href="#faq">FAQ</a> &nbsp;·&nbsp;
13
- <a href="#feedback">Feedback</a>
28
+ <a href="#feedback">Feedback</a> &nbsp;·&nbsp;
29
+ <a href="CONTRIBUTING.md">Contributing</a> &nbsp;·&nbsp;
30
+ <a href="SECURITY.md">Security</a> &nbsp;·&nbsp;
31
+ <a href="CODE_OF_CONDUCT.md">Code of Conduct</a>
14
32
  </p>
15
33
  </div>
16
34
 
@@ -35,89 +53,82 @@ Kubernetes, Terraform, cloud security, and compliance-heavy architecture.
35
53
  [Kiro](https://kiro.dev/) &nbsp;·&nbsp;
36
54
  *and any other coding agent.*
37
55
 
38
- > 📦 **npm status (verified 2026-04-30):** `@raishin/vanguard-frontier-agentic`
39
- > is **not yet published** on the public npm registry. Install from GitHub today — see [Get Started](#get-started).
56
+ > 📦 **Available on npm:** `@raishin/vanguard-frontier-agentic` is published on the public npm registry.
40
57
 
41
58
  ---
42
59
 
43
- ## Get Started
44
-
45
- **Prerequisites:** [Node.js](https://nodejs.org/) 18+ (for the exporter CLI).
60
+ ## 🚀 Get Started
46
61
 
47
- ### 1. Install from GitHub
62
+ **Prerequisite:** [Node.js](https://nodejs.org/) 18+
48
63
 
49
64
  ```bash
50
- npm install github:Raishin/vanguard-frontier-agentic
51
- ```
65
+ # 1️⃣ Install the package
66
+ npm install @raishin/vanguard-frontier-agentic@latest
52
67
 
53
- ### 2. Open your coding agent
68
+ # 2️⃣ Export agents for your job role into your repo
69
+ npx vfa-export-agents --platform claude-code --role cloud-security-engineer --repo .
54
70
 
55
- Launch [Claude Code](https://docs.anthropic.com/en/docs/claude-code), [Gemini CLI](https://github.com/google-gemini/gemini-cli), [Codex](https://github.com/openai/codex), or any coding agent you prefer.
56
-
57
- ### 3. Export agents into your repository
58
-
59
- List available agent IDs:
60
-
61
- ```bash
62
- npx vfa-export-agents --list
71
+ # 3️⃣ Open your coding agent and reference the exported agent
72
+ # "Use kubernetes-rbac-review-agent to audit this RBAC change."
63
73
  ```
64
74
 
65
- Export an agent to your preferred platform:
66
-
67
- ```bash
68
- # Claude Code
69
- npx vfa-export-agents --platform claude-code --agents azure-live-aks-rollout-guard-agent --repo /path/to/your-repo
75
+ **🗺️ Not sure which role or agent you need?** Jump to the [Install Reference](#install-reference) for the full map.
70
76
 
71
- # GitHub Copilot
72
- npx vfa-export-agents --platform copilot --agents azure-live-aks-rollout-guard-agent --repo /path/to/your-repo
77
+ ### Install paths
73
78
 
74
- # Kiro (writes both IDE + CLI adapters)
75
- npx vfa-export-agents --platform kiro --agents azure-live-aks-rollout-guard-agent --repo /path/to/your-repo
79
+ There are three supported install paths — npm package, `vfa-export-agents` CLI, and the third-party `skills` CLI — each with different versioning, trust, and scope characteristics. See [`docs/integrations/skills-cli.md`](docs/integrations/skills-cli.md) for the full trust matrix, verified flag syntax, pinning guidance, and pre-install inspection steps.
76
80
 
77
- # Export everything for a platform
78
- npx vfa-export-agents --platform codex --all --repo /path/to/your-repo
79
- ```
80
-
81
- ### 4. Use the skill or agent
82
-
83
- Inside your coding agent session, reference the skill directly or let the exported agent guide you:
84
-
85
- ```text
86
- Use the azure-live-aks-rollout-guard skill to audit my deployment rollout before I proceed.
81
+ ```bash
82
+ npm install @raishin/vanguard-frontier-agentic@latest
87
83
  ```
88
84
 
89
85
  ---
90
86
 
91
- ## Skills
87
+ ## 🧠 Skills
92
88
 
93
- **107 skills** across AWS, Azure, OCI, security, Kubernetes, Terraform, and more.
89
+ **138 skills** across AWS, Azure, OCI, Kubernetes, CNCF ecosystem, Terraform, and more.
94
90
 
95
- | Domain | Count | What they cover |
96
- |--------|------:|----------------|
97
- | AWS | 42 | IAM, EKS, ECS, Lambda, RDS, S3, Cost, DevOps, Bedrock, Security, Live Guards |
98
- | Azure | 30 | AKS, App Service, ARM/Bicep, Key Vault, PIM, Cost, Entra ID, CosmosDB, Live Guards |
99
- | OCI | 35 | ADB, OKE, IAM, Vault, Resource Manager, Cost, Networking, Live Guards |
100
- | FinOps | 1 | Cross-cloud live price advisor (AWS + Azure + OCI pricing APIs) |
91
+ | Domain | Count | What they cover |
92
+ | ------------------ | ----: | ------------------------------------------------------------------------------------------------- |
93
+ | 🟧 AWS | 43 | IAM, EKS, ECS, Lambda, RDS, S3, Cost, DevOps, Bedrock, Security, Live Guards |
94
+ | 🟦 Azure | 32 | AKS, App Service, ARM/Bicep, Key Vault, PIM, Cost, Entra ID, CosmosDB, Live Guards |
95
+ | 🟥 OCI | 37 | ADB, OKE, IAM, Vault, Resource Manager, Cost, Networking, Live Guards |
96
+ | ☸️ Kubernetes | 5 | RBAC review, workload identity, PSA, live RBAC/admission/mesh/network/ArgoCD guards, maestro |
97
+ | 🛡️ Kyverno | 1 | ClusterPolicy/Policy, PolicyException, failureAction, background scan |
98
+ | 🔄 Argo CD | 1 | AppProject blast-radius, sync impersonation, RollingSync, sync-window |
99
+ | 🕸️ Istio | 1 | Ambient mesh, ztunnel L4 vs waypoint L7, PeerAuthentication, mTLS posture |
100
+ | 🐝 Cilium | 1 | CiliumNetworkPolicy, ClusterMesh trust, 169.254.169.254 egress, WireGuard encryption |
101
+ | 📡 OpenTelemetry | 1 | Collector pipeline, memory_limiter, receiver exposure, exporter cardinality, credential handling |
102
+ | 🟩 Terraform | 1 | IaC review and plan safety |
101
103
 
102
- ### Live Guard skills (high-risk cloud mutations)
104
+ ### 🛡️ Live Guard skills stop before you break prod
103
105
 
104
- Six live-guard skills per cloud enforce approval gates and rollback posture for irreversible operations:
106
+ Live-guard skills enforce approval gates and rollback posture for irreversible operations:
105
107
 
106
- **Azure (6):**
108
+ **🟦 Azure (7):**
107
109
  - `azure-live-aks-rollout-guard` — PDB audit, rollout pause/undo, post-rollout health
108
110
  - `azure-live-arm-deployment-stack-guard` — what-if evidence, denySettings, PIM-gated delete
109
111
  - `azure-live-app-service-slot-swap-guard` — sticky-setting audit, traffic shifting, swap-back path
110
112
  - `azure-live-keyvault-rotation-purge-guard` — rotation policy, soft-delete/purge-protection, PIM gate
111
113
  - `azure-live-pim-jit-activation-guard` — eligible assignment audit, MFA gate, JIT revocation
112
114
  - `azure-live-cost-budget-action-guard` — budget mutation, GPU SKU policy, quota read-only
115
+ - `azure-live-entra-role-assignment-guard` — permanent role assignment scope/principal audit, PIM-preference enforcement, Guest principal blocking
113
116
 
114
- **OCI (6):**
117
+ **🟥 OCI (7):**
115
118
  - `oci-live-autonomous-db-lifecycle-guard` — ADB scale/stop/clone/terminate with tag enforcement
116
119
  - `oci-live-oke-rollout-guard` — DevOps pipeline approval, PDB audit, rollout pause/undo
117
120
  - `oci-live-resource-manager-stack-guard` — plan-before-apply, drift detection, job-lock enforcement
118
121
  - `oci-live-vault-key-destruction-guard` — rotation vs. destruction separation, 7–30 day deletion window
119
122
  - `oci-live-iam-policy-compartment-guard` — MFA break-glass, dual-approval for tenancy-root changes
120
123
  - `oci-live-cost-budget-runaway-guard` — 3-tier budget management, GPU shape gate, ONS alert routing
124
+ - `oci-live-network-security-rule-guard` — Security List/NSG rule capture, 0.0.0.0/0 detection, DB-subnet criticality, Path Analyzer gate
125
+
126
+ **☸️ Kubernetes (5):**
127
+ - `kubernetes-live-rbac-mutation-guard` — escalate/bind/impersonate verb detection, wildcard blocking, pre-mutation state capture, rollback via YAML backup
128
+ - `kubernetes-live-admission-policy-guard` — Kyverno/VAP mutation blast-radius, failureAction enforcement, PolicyException scope validation
129
+ - `kubernetes-live-mesh-policy-guard` — Istio AuthorizationPolicy/PeerAuthentication traffic impact, PERMISSIVE→STRICT migration gating
130
+ - `kubernetes-live-network-policy-guard` — CiliumNetworkPolicy/NetworkPolicy connectivity impact, metadata service egress blocking
131
+ - `kubernetes-live-argocd-sync-guard` — AppProject blast-radius, sync impersonation identity review, sync-window change gating
121
132
 
122
133
  ### Sample skills
123
134
 
@@ -130,31 +141,42 @@ Rule of thumb: if the asset teaches **how to do a repeatable task**, it is a ski
130
141
 
131
142
  ---
132
143
 
133
- ## Agents
144
+ ## 🤖 Agents
134
145
 
135
- **107 agents** matching the skill catalog — each agent ships 7 harness adapters and a hardened permission model.
146
+ **141 agents** matching the skill catalog — each agent ships 7 harness adapters and a hardened permission model.
136
147
 
137
- | Provider | Count | Specialisations |
138
- |----------|------:|----------------|
139
- | AWS | 42 | advisory, execution, live-guard operators |
140
- | Azure | 30 | advisory, live-guard operators |
141
- | OCI | 33 | advisory, live-guard operators |
142
- | Multi-cloud | 1 | FinOps Cloud Price Advisor |
143
- | Terraform | 1 | IaC review |
148
+ | Provider | Count | Specialisations |
149
+ | ------------------ | ----: | ----------------------------------------------------------------------------------- |
150
+ | 🟧 AWS | 43 | advisory, execution, live-guard operators |
151
+ | 🟦 Azure | 32 | advisory, live-guard operators |
152
+ | 🟥 OCI | 35 | advisory, live-guard operators |
153
+ | ☸️ Kubernetes | 9 | RBAC review, workload identity, PSA, 4 live-guard operators, maestro router |
154
+ | 🛡️ Kyverno | 1 | Admission policy review |
155
+ | 🔄 Argo CD | 1 | GitOps review |
156
+ | 🕸️ Istio | 1 | Ambient mesh review |
157
+ | 🐝 Cilium | 1 | Network policy review |
158
+ | 📡 OpenTelemetry | 1 | Collector config review |
159
+ | 💰 Multi-cloud | 1 | FinOps Cloud Price Advisor |
160
+ | 🟩 Terraform | 2 | IaC review, maestro |
144
161
 
145
162
  Every agent ships:
146
- - `AGENT.md` — harness-neutral contract with guarded response shape
147
- - `PERMISSIONS.md` — provider-native least-privilege RBAC / OCI IAM policies
148
- - `metadata.json`schema-validated catalog entry
149
- - 7 harness adapters — claude-code, codex, copilot, cursor, gemini, kiro-ide, kiro-cli
163
+ - 📄 `AGENT.md` — harness-neutral contract with guarded response shape
164
+ - 🗂️ `metadata.json` — schema-validated catalog entry
165
+ - 🔌 7 harness adapters claude-code, codex, copilot, cursor, gemini, kiro-ide, kiro-cli
150
166
 
151
167
  ```text
152
168
  agents/
153
- ├── aws/ (42 agents)
154
- ├── azure/ (30 agents)
155
- ├── finops/ (1 agent — cross-cloud price advisor)
156
- ├── oci/ (33 agents)
157
- └── terraform/ (1 agent)
169
+ ├── aws/ (43 agents)
170
+ ├── azure/ (32 agents)
171
+ ├── argocd/ (1 agent — GitOps review)
172
+ ├── cilium/ (1 agent — network policy review)
173
+ ├── finops/ (1 agent — cross-cloud price advisor)
174
+ ├── istio/ (1 agent — ambient mesh review)
175
+ ├── kubernetes/ (13 agents — RBAC, workload identity, PSA, pod-spec, ESO, Kubecost, live-guards, maestro)
176
+ ├── kyverno/ (1 agent — admission policy review)
177
+ ├── oci/ (35 agents)
178
+ ├── opentelemetry/ (1 agent — collector config review)
179
+ └── terraform/ (2 agents)
158
180
  ```
159
181
 
160
182
  Example:
@@ -165,32 +187,148 @@ Use an agent when you need a **role with judgment**, not just a checklist.
165
187
 
166
188
  ---
167
189
 
168
- ## CLI Commands
190
+ ## 📦 Install Reference
169
191
 
170
- The `vfa-export-agents` CLI ships with this package.
192
+ Everything you can install, and exactly how to install it. One section, no hunting.
171
193
 
172
- | Command | What it does |
173
- |---------|-------------|
174
- | `vfa-export-agents --list` | List all available agent IDs |
175
- | `vfa-export-agents --platform <p> --agents <id> --repo <path>` | Export one agent to a platform |
176
- | `vfa-export-agents --platform <p> --all --repo <path>` | Export all agents for a platform |
177
- | `vfa-export-agents --platform <p> --all --repo <path> --force` | Overwrite existing exported files |
194
+ ### 🧭 How to pick what to install
178
195
 
179
- <details>
180
- <summary>Supported platforms and destination paths</summary>
196
+ ```
197
+ 🙋 I know my job function → use --role
198
+ 🎯 I know the specific agent I want → use --agents
199
+ ☁️ I work on one cloud provider only → add --provider to either of the above
200
+ 💥 I want everything for a platform → use --all
201
+ 🔍 I don't know what exists yet → use --list or --list-roles first
202
+ ```
181
203
 
182
- | Platform flag | Destination in consumer repo |
183
- |---------------|------------------------------|
184
- | `codex` | `.codex/agents/` |
185
- | `claude-code` | `.claude/agents/` |
186
- | `copilot` | `.github/agents/` |
187
- | `cursor` | `.cursor/agents/` |
188
- | `gemini` | `.gemini/agents/` |
189
- | `kiro` | `.kiro/agents/` |
204
+ ---
190
205
 
191
- </details>
206
+ ### 🏷️ Argument reference
192
207
 
193
- **Important:** the exporter installs custom agent files only — not repo-level guidance layers (`AGENTS.md`, `CLAUDE.md`, `.github/copilot-instructions.md`, etc.). See [`docs/normalized-platform-matrix.md`](docs/normalized-platform-matrix.md) for the distinction.
208
+ | Argument | Values | Required | Description |
209
+ | -------------- | ----------------------------------------------------- | --------------------------------------- | ---------------------------------------------------- |
210
+ | `--platform` | see table below | ✅ yes (except `--list`, `--list-roles`) | Target AI harness |
211
+ | `--role` | see role table below | pick one ↓ | Install all agents for a job role |
212
+ | `--agents` | comma-separated agent IDs | pick one ↓ | Install specific agents by ID |
213
+ | `--all` | — | pick one ↓ | Install every agent for the platform |
214
+ | `--provider` | `aws` `azure` `oci` `kubernetes` `terraform` `finops` `kyverno` `argocd` `istio` `cilium` `opentelemetry` | ➕ optional | Narrow `--role` results to one provider |
215
+ | `--repo` | path | ➕ optional | Target repo root (defaults to current directory) |
216
+ | `--force` | — | ➕ optional | Overwrite files that already exist |
217
+ | `--list` | — | 🔍 standalone | Print all agent IDs, providers, and names; then exit |
218
+ | `--list-roles` | — | 🔍 standalone | Print role IDs with agent counts; then exit |
219
+
220
+ ---
221
+
222
+ ### 🖥️ Platform reference
223
+
224
+ Each platform writes agent files to a different folder in your repo.
225
+
226
+ | `--platform` value | AI harness | Installs into |
227
+ | ------------------ | -------------------------------- | ----------------- |
228
+ | `claude-code` | 🤖 Claude Code (Anthropic) | `.claude/agents/` |
229
+ | `codex` | ⚡ Codex CLI (OpenAI) | `.codex/agents/` |
230
+ | `copilot` | 🐙 GitHub Copilot / VS Code | `.github/agents/` |
231
+ | `cursor` | 🖱️ Cursor | `.cursor/agents/` |
232
+ | `gemini` | ♊ Gemini CLI (Google) | `.gemini/agents/` |
233
+ | `kiro` | 🔮 Kiro — both IDE + CLI adapters | `.kiro/agents/` |
234
+ | `kiro-ide` | 🔮 Kiro IDE only | `.kiro/agents/` |
235
+ | `kiro-cli` | 🔮 Kiro CLI only | `.kiro/agents/` |
236
+
237
+ > ℹ️ The exporter installs agent files only. It does not write repo-level guidance files (`CLAUDE.md`, `AGENTS.md`, `.github/copilot-instructions.md`, etc.). See [`docs/normalized-platform-matrix.md`](docs/normalized-platform-matrix.md).
238
+
239
+ ---
240
+
241
+ ### 👤 Role reference
242
+
243
+ A role installs the curated set of agents a practitioner in that job function needs, across all cloud providers. Roles overlap intentionally — one agent may appear in multiple roles.
244
+
245
+ | `--role` value | 👤 Who it is for | 🔢 Agents | ☁️ What it covers |
246
+ | -------------------------------------------- | ------------------------------------------------------------------------ | -------: | ----------------------------------------------------------------------------------------------------------------------------------------- |
247
+ | `cloud-security-engineer` | 🔐 Security engineers, compliance teams, IAM owners | 26 | IAM/RBAC review, secrets lifecycle, identity governance, live guards for access and key mutations — AWS · Azure · OCI · Kubernetes |
248
+ | `cloud-platform-engineer` | 🏗️ Infrastructure/SRE, IaC owners, Kubernetes platform teams | 25 | IaC safety review, container platform operators, networking, landing zones, live deployment guards — AWS · Azure · OCI · Terraform |
249
+ | `cloud-dba` | 🗄️ Database administrators, data platform engineers | 13 | RDS/Aurora, DynamoDB, CosmosDB, OCI Autonomous/Exadata/MySQL HeatWave, replication, live DB lifecycle guards |
250
+ | `cloud-finops-analyst` | 💰 FinOps leads, cost governance teams | 9 | Cost optimization governors, anomaly watch, budget runaway guards, capacity planning — AWS · Azure · OCI |
251
+ | `cloud-solutions-architect` | 🏛️ Cloud architects, migration leads, AI/generative engineers | 20 | Solution architecture, migration cutover, resilience/BCDR, event-driven design, multi-cloud, AI/generative — AWS · Azure · OCI |
252
+ | `cloud-devops-engineer` | 🚀 CI/CD engineers, release managers, SRE ops | 25 | CI/CD, pipeline approval gates, live rollout guards, deployment hotfix operators, serverless readiness, observability — AWS · Azure · OCI |
253
+ | `kubernetes-admission-security-engineer` | 🛡️ Platform security, policy engineers, admission control owners | 6 | Kyverno policy review, K8s workload identity, PSA profiles, live admission-policy guard, live RBAC guard |
254
+ | `kubernetes-network-engineer` | 🐝 Network engineers, platform SREs, zero-trust mesh owners | 5 | Cilium/NetworkPolicy review, Istio ambient mesh review, live network-policy and mesh-policy guards |
255
+ | `kubernetes-application-platform-engineer` | 🔄 Platform engineers, GitOps owners, ArgoCD operators | 3 | Argo CD GitOps review, live ArgoCD sync guard, kubernetes-maestro router |
256
+ | `kubernetes-runtime-security-engineer` | 🔍 Runtime security, observability, and threat detection engineers | 6 | Falco threat rules, Sigstore supply chain, K8s workload identity, RBAC review, pod-spec review, live RBAC guard |
257
+ | `kubernetes-pki-engineer` | 🔐 PKI/cert lifecycle engineers, secrets management owners | 6 | cert-manager Issuer/ClusterIssuer, CertificateRequestPolicy gap, ESO scope, AWS Private CA, Azure KV cert, OCI Certificates |
258
+ | `kubernetes-observability-engineer` | 📊 SRE observability engineers, FinOps cost analysts | 4 | Prometheus alerting/cardinality, OTEL Collector pipeline, Kubecost chargeback/allocation, maestro router |
259
+ | `kubernetes-supply-chain-security-engineer` | 🔏 Supply chain security engineers, DevSecOps practitioners | 7 | Sigstore/Cosign, Falco runtime rules, Kyverno admission policy, PSA hardening, pod-spec review, live admission guard |
260
+ | `kubernetes-developer-platform-engineer` | 🎭 IDP/platform engineers, GitOps owners, developer experience leads | 6 | Backstage Scaffolder templates, Argo CD, Argo Rollouts progressive delivery, FluxCD Kustomization/HelmRelease, maestro router |
261
+ | `kubernetes-disaster-recovery-engineer` | 💾 SRE disaster recovery engineers, backup and restore owners | 2 | Velero live-guarded restore operations with pre-restore checklist, maestro router |
262
+
263
+ ```bash
264
+ # 🔍 See exactly which roles exist and how many agents each has
265
+ npx vfa-export-agents --list-roles
266
+
267
+ # 📦 Install a cloud role
268
+ npx vfa-export-agents --platform claude-code --role cloud-security-engineer --repo .
269
+
270
+ # ☁️ Install a cloud role but only for one provider
271
+ npx vfa-export-agents --platform claude-code --role cloud-security-engineer --provider azure --repo .
272
+
273
+ # ☸️ Install a Kubernetes specialist role
274
+ npx vfa-export-agents --platform claude-code --role kubernetes-admission-security-engineer --repo .
275
+ npx vfa-export-agents --platform claude-code --role kubernetes-network-engineer --repo .
276
+ ```
277
+
278
+ ---
279
+
280
+ ### ☁️ Provider reference
281
+
282
+ Use `--provider` with `--role` to narrow the install to one cloud.
283
+
284
+ | `--provider` value | Domain | 🔢 Agents in catalog |
285
+ | ------------------- | ---------------------------------------- | ------------------: |
286
+ | `aws` | 🟧 Amazon Web Services | 44 |
287
+ | `azure` | 🟦 Microsoft Azure | 33 |
288
+ | `oci` | 🟥 Oracle Cloud Infrastructure | 36 |
289
+ | `kubernetes` | ☸️ Kubernetes (cross-cloud) | 13 |
290
+ | `kyverno` | 🛡️ Kyverno (admission policy) | 1 |
291
+ | `argocd` | 🔄 Argo CD + Argo Rollouts (GitOps) | 2 |
292
+ | `istio` | 🕸️ Istio (service mesh) | 1 |
293
+ | `cilium` | 🐝 Cilium (network policy) | 1 |
294
+ | `opentelemetry` | 📡 OpenTelemetry (observability) | 1 |
295
+ | `terraform` | 🟩 Terraform (cross-cloud) | 2 |
296
+ | `multi-cloud` | 💰 FinOps / multi-cloud | 1 |
297
+ | `prometheus` | 📊 Prometheus (alerting + cardinality) | 1 |
298
+ | `falco` | 🦅 Falco (runtime threat detection) | 1 |
299
+ | `sigstore` | 🔏 Sigstore / Cosign (supply chain) | 1 |
300
+ | `cert-manager` | 🔐 cert-manager (PKI / cert lifecycle) | 1 |
301
+ | `fluxcd` | 🔄 FluxCD (GitOps) | 1 |
302
+ | `backstage` | 🎭 Backstage (IDP / developer platform) | 1 |
303
+ | `velero` | 💾 Velero (backup + restore) | 0 |
304
+
305
+ ```bash
306
+ # 🟥 Install every OCI agent for a cloud-platform-engineer (OCI-only team)
307
+ npx vfa-export-agents --platform codex --role cloud-platform-engineer --provider oci --repo .
308
+
309
+ # 🟦 Install every Azure agent for a cloud-devops-engineer
310
+ npx vfa-export-agents --platform copilot --role cloud-devops-engineer --provider azure --repo .
311
+ ```
312
+
313
+ ---
314
+
315
+ ### 🎯 Common install scenarios
316
+
317
+ | 🙋 I want to… | Command |
318
+ | ----------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- |
319
+ | 🔍 See what agents exist | `npx vfa-export-agents --list` |
320
+ | 🔍 See what roles exist | `npx vfa-export-agents --list-roles` |
321
+ | 👤 Install for my job role (Claude Code) | `npx vfa-export-agents --platform claude-code --role <role> --repo .` |
322
+ | ☁️ Install for my job role, one cloud only | `npx vfa-export-agents --platform claude-code --role <role> --provider aws --repo .` |
323
+ | ☸️ Install K8s admission security role | `npx vfa-export-agents --platform claude-code --role kubernetes-admission-security-engineer --repo .` |
324
+ | 🐝 Install K8s network engineering role | `npx vfa-export-agents --platform claude-code --role kubernetes-network-engineer --repo .` |
325
+ | 🧭 Install the Kubernetes maestro router only | `npx vfa-export-agents --platform claude-code --agents kubernetes-maestro-agent --repo .` |
326
+ | 🎯 Install one specific agent | `npx vfa-export-agents --platform claude-code --agents kubernetes-rbac-review-agent --repo .` |
327
+ | 🎯 Install two specific agents | `npx vfa-export-agents --platform claude-code --agents agent-id-1,agent-id-2 --repo .` |
328
+ | 💥 Install everything for Codex | `npx vfa-export-agents --platform codex --all --repo .` |
329
+ | 🔄 Re-install and overwrite existing files | `npx vfa-export-agents --platform claude-code --role <role> --repo . --force` |
330
+ | 📂 Install into a different repo path | `npx vfa-export-agents --platform gemini --role <role> --repo /path/to/other-repo` |
331
+ | 🏭 Enforce via CI/CD pipeline | See [`docs/ci-cd-enforcement-pattern.md`](docs/ci-cd-enforcement-pattern.md) |
194
332
 
195
333
  ---
196
334
 
@@ -294,8 +432,10 @@ QSAs, legal counsel, or official standards.
294
432
  It is a **control-aware engineering toolbox**. The assets should help teams
295
433
  design and collect evidence for common security expectations across frameworks.
296
434
 
297
- | Framework / standard | What it pushes us to remember | Repo design implication |
298
- | --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------- |
435
+ Every live-guard and review agent produces a **structured verdict response** (`verdict`, `evidence_level`, `blockers`, `safe_next_actions`, `open_questions`) that maps directly to SOC 2 CC6.1, PCI DSS Req 7, NIS2 Article 21, NIST CSF PR.AC-4, and ISO 27001 A.9.1.1 — no post-processing required. See [`docs/evidence-output-spec.md`](docs/evidence-output-spec.md) for the full control mapping and evidence retention guidance.
436
+
437
+ | Framework / standard | What it pushes us to remember | Repo design implication |
438
+ | -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------- |
299
439
  | 🔵 **SOC 2 Type 2** | Controls must operate over a period of time, especially around security, availability, confidentiality, processing integrity, and privacy trust service criteria. | Workflows should leave evidence trails, not just one-time fixes. |
300
440
  | 💳 **PCI DSS** | Cardholder data environments need scoped controls, secure configuration, access control, monitoring, vulnerability management, and testing. | Workflows should reduce scope, avoid broad access, and flag payment-data risk. |
301
441
  | 🇪🇺 **NIS2** | EU cybersecurity rules emphasize governance, risk management, incident reporting, supply-chain security, and management accountability. | Workflows should make ownership, reporting, and supplier/cloud dependencies explicit. |
@@ -312,8 +452,8 @@ probably mean **NIS2** or they are mixing two different things.
312
452
 
313
453
  Use these principles when creating or reviewing assets:
314
454
 
315
- | Principle | What good looks like |
316
- | --------------------------- | ------------------------------------------------------------------------------------- |
455
+ | Principle | What good looks like |
456
+ | -------------------------- | ------------------------------------------------------------------------------------- |
317
457
  | 👤 Identity-first | Humans, workloads, agents, and CI/CD jobs have explicit identities. |
318
458
  | 🔐 Least privilege | Permissions are narrow, justified, and reviewable. |
319
459
  | 🧱 Segmented blast radius | Network, account, project, subscription, tenancy, and data boundaries are deliberate. |
@@ -327,17 +467,17 @@ Use these principles when creating or reviewing assets:
327
467
 
328
468
  ## 🧭 Quick map
329
469
 
330
- | Folder | What lives here | Easy memory hook |
331
- | -------------------------- | ------------------------------------------------ | -------------------------------------- |
332
- | [`skills/`](skills/) | Reusable workflows grouped by provider or domain | 🧠 "How do I do this task?" |
333
- | [`agents/`](agents/) | Expert roles grouped by provider or domain | 🤖 "Who should review this?" |
334
- | [`rules/`](rules/) | Harness-specific instructions | 📏 "What behavior is always expected?" |
335
- | [`mcp/`](mcp/) | MCP server references and trust notes | 🔌 "What can this connect to?" |
336
- | [`catalog/`](catalog/) | JSON indexes for marketplace discovery | 🗂️ "What assets exist?" |
337
- | [`schemas/`](schemas/) | Metadata validation contracts | ✅ "What fields are required?" |
338
- | [`templates/`](templates/) | Starter templates for new assets | 🧱 "How do I add one?" |
339
- | [`docs/`](docs/) | Quality rules, taxonomy, and marketplace notes | 📚 "How should this repo work?" |
340
- | [`assets/`](assets/) | Logos and visual assets | 🎨 "What images can docs use?" |
470
+ | Folder | What lives here | Easy memory hook |
471
+ | -------------------------- | ----------------------------------------------------------------------------- | ------------------------------------- |
472
+ | [`skills/`](skills/) | Reusable workflows grouped by provider or domain | 🧠 "How do I do this task?" |
473
+ | [`agents/`](agents/) | Expert roles grouped by provider or domain | 🤖 "Who should review this?" |
474
+ | [`rules/`](rules/) | Harness-specific instructions | 📏 "What behavior is always expected?" |
475
+ | [`mcp/`](mcp/) | MCP server references and trust notes | 🔌 "What can this connect to?" |
476
+ | [`catalog/`](catalog/) | JSON indexes for marketplace discovery | 🗂️ "What assets exist?" |
477
+ | [`schemas/`](schemas/) | Metadata validation contracts | ✅ "What fields are required?" |
478
+ | [`templates/`](templates/) | Starter templates for new assets | 🧱 "How do I add one?" |
479
+ | [`docs/`](docs/) | Quality rules, taxonomy, compliance evidence spec, CI/CD enforcement patterns | 📚 "How should this repo work?" |
480
+ | [`assets/`](assets/) | Logos and visual assets | 🎨 "What images can docs use?" |
341
481
 
342
482
  ---
343
483
 
@@ -447,11 +587,11 @@ harder to trust.
447
587
 
448
588
  Use SemVer: `MAJOR.MINOR.PATCH`.
449
589
 
450
- | Version bump | Use when | Example |
451
- | ------------ | -------- | ------- |
452
- | 🩹 `PATCH` | Typos, metadata corrections, manifest refresh | `0.1.0` → `0.1.1` |
453
- | ✨ `MINOR` | New skills, agents, provider folders, optional metadata | `0.1.0` → `0.2.0` |
454
- | 💥 `MAJOR` | Removed/renamed IDs, moved paths, breaking schema changes | `1.4.2` → `2.0.0` |
590
+ | Version bump | Use when | Example |
591
+ | ------------ | --------------------------------------------------------- | ----------------- |
592
+ | 🩹 `PATCH` | Typos, metadata corrections, manifest refresh | `0.1.0` → `0.1.1` |
593
+ | ✨ `MINOR` | New skills, agents, provider folders, optional metadata | `0.1.0` → `0.2.0` |
594
+ | 💥 `MAJOR` | Removed/renamed IDs, moved paths, breaking schema changes | `1.4.2` → `2.0.0` |
455
595
 
456
596
  Read the full policy in [`docs/release-versioning.md`](docs/release-versioning.md).
457
597
 
@@ -531,8 +671,8 @@ See:
531
671
  ---
532
672
 
533
673
  ```text
534
- Skills = workflows 🧠 107 across AWS · Azure · OCI · FinOps
535
- Agents = expert roles 🤖 107 with 7 harness adapters each
674
+ Skills = workflows 🧠 138 across AWS · Azure · OCI · Kubernetes · CNCF · Terraform
675
+ Agents = expert roles 🤖 141 with 7 harness adapters each
536
676
  Rules = always-on 📏 harness-specific operating guidance
537
677
  MCP = real connections 🔌 AWS · Azure · Oracle official servers
538
678
  Catalog = searchable index 🗂️ machine-readable, hash-verified