@raishin/vanguard-frontier-agentic 1.2.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +250 -110
- package/agents/AGENTS.md +263 -21
- package/agents/argocd/README.md +46 -0
- package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/AGENT.md +55 -0
- package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/codex.toml +29 -0
- package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/copilot.agent.md +35 -0
- package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/cursor.agent.md +35 -0
- package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/gemini.agent.md +35 -0
- package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/metadata.json +31 -0
- package/agents/argocd/argocd-gitops-review-agent/AGENT.md +55 -0
- package/agents/argocd/argocd-gitops-review-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/argocd/argocd-gitops-review-agent/harnesses/codex.toml +32 -0
- package/agents/argocd/argocd-gitops-review-agent/harnesses/copilot.agent.md +38 -0
- package/agents/argocd/argocd-gitops-review-agent/harnesses/cursor.agent.md +38 -0
- package/agents/argocd/argocd-gitops-review-agent/harnesses/gemini.agent.md +38 -0
- package/agents/argocd/argocd-gitops-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/argocd/argocd-gitops-review-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/argocd/argocd-gitops-review-agent/metadata.json +30 -0
- package/agents/aws/aws-live-deployment-guarded-operator-agent/metadata.json +10 -1
- package/agents/aws/aws-live-ecs-rollout-guard-agent/metadata.json +10 -1
- package/agents/aws/aws-live-iac-change-guard-agent/metadata.json +10 -1
- package/agents/aws/aws-live-pipeline-approval-operator-agent/metadata.json +10 -1
- package/agents/aws/aws-live-serverless-release-guard-agent/metadata.json +10 -1
- package/agents/aws/aws-private-ca-issuer-review-agent/AGENT.md +53 -0
- package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/codex.toml +27 -0
- package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/copilot.agent.md +36 -0
- package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/cursor.agent.md +36 -0
- package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/gemini.agent.md +36 -0
- package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
- package/agents/aws/aws-private-ca-issuer-review-agent/metadata.json +37 -0
- package/agents/azure/README.md +45 -0
- package/agents/azure/azure-keyvault-certificate-issuer-review-agent/AGENT.md +53 -0
- package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/codex.toml +27 -0
- package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/copilot.agent.md +36 -0
- package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/cursor.agent.md +36 -0
- package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/gemini.agent.md +36 -0
- package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
- package/agents/azure/azure-keyvault-certificate-issuer-review-agent/metadata.json +36 -0
- package/agents/azure/azure-live-aks-rollout-guard-agent/metadata.json +10 -1
- package/agents/azure/azure-live-app-service-slot-swap-guard-agent/metadata.json +10 -1
- package/agents/azure/azure-live-arm-deployment-stack-guard-agent/metadata.json +10 -1
- package/agents/azure/azure-live-cost-budget-action-guard-agent/metadata.json +10 -1
- package/agents/azure/azure-live-entra-role-assignment-guard-agent/AGENT.md +59 -0
- package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/claude-code.agent.md +42 -0
- package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/codex.toml +34 -0
- package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/copilot.agent.md +55 -0
- package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/cursor.agent.md +44 -0
- package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/gemini.agent.md +43 -0
- package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/kiro-ide.agent.md +42 -0
- package/agents/azure/azure-live-entra-role-assignment-guard-agent/metadata.json +37 -0
- package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/metadata.json +10 -1
- package/agents/azure/azure-live-pim-jit-activation-guard-agent/metadata.json +11 -2
- package/agents/backstage/README.md +36 -0
- package/agents/backstage/backstage-scaffolder-template-review-agent/AGENT.md +54 -0
- package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/codex.toml +31 -0
- package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/copilot.agent.md +37 -0
- package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/cursor.agent.md +37 -0
- package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/gemini.agent.md +37 -0
- package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/backstage/backstage-scaffolder-template-review-agent/metadata.json +30 -0
- package/agents/cert-manager/README.md +46 -0
- package/agents/cert-manager/cert-manager-issuer-trust-review-agent/AGENT.md +55 -0
- package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/codex.toml +29 -0
- package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/copilot.agent.md +35 -0
- package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/cursor.agent.md +35 -0
- package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/gemini.agent.md +35 -0
- package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/cert-manager/cert-manager-issuer-trust-review-agent/metadata.json +31 -0
- package/agents/cilium/README.md +46 -0
- package/agents/cilium/cilium-network-policy-review-agent/AGENT.md +55 -0
- package/agents/cilium/cilium-network-policy-review-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/cilium/cilium-network-policy-review-agent/harnesses/codex.toml +32 -0
- package/agents/cilium/cilium-network-policy-review-agent/harnesses/copilot.agent.md +38 -0
- package/agents/cilium/cilium-network-policy-review-agent/harnesses/cursor.agent.md +38 -0
- package/agents/cilium/cilium-network-policy-review-agent/harnesses/gemini.agent.md +38 -0
- package/agents/cilium/cilium-network-policy-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/cilium/cilium-network-policy-review-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/cilium/cilium-network-policy-review-agent/metadata.json +37 -0
- package/agents/falco/README.md +36 -0
- package/agents/falco/falco-runtime-threat-rules-review-agent/AGENT.md +49 -0
- package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/claude-code.agent.md +33 -0
- package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/codex.toml +31 -0
- package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/copilot.agent.md +33 -0
- package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/cursor.agent.md +33 -0
- package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/gemini.agent.md +33 -0
- package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/kiro-ide.agent.md +33 -0
- package/agents/falco/falco-runtime-threat-rules-review-agent/metadata.json +31 -0
- package/agents/finops/README.md +27 -0
- package/agents/finops/finops-cloud-price-advisor-agent/metadata.json +10 -1
- package/agents/fluxcd/README.md +39 -0
- package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/AGENT.md +55 -0
- package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/codex.toml +32 -0
- package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/copilot.agent.md +38 -0
- package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/cursor.agent.md +38 -0
- package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/gemini.agent.md +38 -0
- package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/metadata.json +31 -0
- package/agents/istio/README.md +46 -0
- package/agents/istio/istio-ambient-mesh-review-agent/AGENT.md +55 -0
- package/agents/istio/istio-ambient-mesh-review-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/istio/istio-ambient-mesh-review-agent/harnesses/codex.toml +32 -0
- package/agents/istio/istio-ambient-mesh-review-agent/harnesses/copilot.agent.md +38 -0
- package/agents/istio/istio-ambient-mesh-review-agent/harnesses/cursor.agent.md +38 -0
- package/agents/istio/istio-ambient-mesh-review-agent/harnesses/gemini.agent.md +38 -0
- package/agents/istio/istio-ambient-mesh-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/istio/istio-ambient-mesh-review-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/istio/istio-ambient-mesh-review-agent/metadata.json +30 -0
- package/agents/kubernetes/README.md +143 -0
- package/agents/kubernetes/external-secrets-operator-review-agent/AGENT.md +49 -0
- package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/claude-code.agent.md +33 -0
- package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/codex.toml +31 -0
- package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/copilot.agent.md +33 -0
- package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/cursor.agent.md +33 -0
- package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/gemini.agent.md +33 -0
- package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/kiro-ide.agent.md +33 -0
- package/agents/kubernetes/external-secrets-operator-review-agent/metadata.json +31 -0
- package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/AGENT.md +56 -0
- package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/claude-code.agent.md +39 -0
- package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/codex.toml +34 -0
- package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/copilot.agent.md +39 -0
- package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/cursor.agent.md +39 -0
- package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/gemini.agent.md +39 -0
- package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/kiro-ide.agent.md +39 -0
- package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/metadata.json +31 -0
- package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/AGENT.md +59 -0
- package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/codex.toml +33 -0
- package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/copilot.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/cursor.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/gemini.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/metadata.json +37 -0
- package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/AGENT.md +59 -0
- package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/claude-code.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/codex.toml +33 -0
- package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/copilot.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/cursor.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/gemini.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/kiro-ide.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/metadata.json +37 -0
- package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/AGENT.md +59 -0
- package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/codex.toml +33 -0
- package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/copilot.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/cursor.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/gemini.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/metadata.json +37 -0
- package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/AGENT.md +59 -0
- package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/codex.toml +33 -0
- package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/copilot.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/cursor.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/gemini.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/metadata.json +37 -0
- package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/AGENT.md +59 -0
- package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/claude-code.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/codex.toml +34 -0
- package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/copilot.agent.md +55 -0
- package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/cursor.agent.md +44 -0
- package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/gemini.agent.md +43 -0
- package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/kiro-ide.agent.md +42 -0
- package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/metadata.json +36 -0
- package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/AGENT.md +62 -0
- package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/claude-code.agent.md +43 -0
- package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/codex.toml +35 -0
- package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/copilot.agent.md +43 -0
- package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/cursor.agent.md +43 -0
- package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/gemini.agent.md +43 -0
- package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/kiro-ide.agent.md +43 -0
- package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/metadata.json +38 -0
- package/agents/kubernetes/kubernetes-maestro-agent/AGENT.md +55 -0
- package/agents/kubernetes/kubernetes-maestro-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/kubernetes/kubernetes-maestro-agent/harnesses/codex.toml +34 -0
- package/agents/kubernetes/kubernetes-maestro-agent/harnesses/copilot.agent.md +38 -0
- package/agents/kubernetes/kubernetes-maestro-agent/harnesses/cursor.agent.md +38 -0
- package/agents/kubernetes/kubernetes-maestro-agent/harnesses/gemini.agent.md +38 -0
- package/agents/kubernetes/kubernetes-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kubernetes/kubernetes-maestro-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/kubernetes/kubernetes-maestro-agent/metadata.json +40 -0
- package/agents/kubernetes/kubernetes-pod-spec-review-agent/AGENT.md +54 -0
- package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/codex.toml +27 -0
- package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/copilot.agent.md +37 -0
- package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/cursor.agent.md +37 -0
- package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/gemini.agent.md +37 -0
- package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/kubernetes/kubernetes-pod-spec-review-agent/metadata.json +38 -0
- package/agents/kubernetes/kubernetes-psa-review-agent/AGENT.md +55 -0
- package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/codex.toml +29 -0
- package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/copilot.agent.md +36 -0
- package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/cursor.agent.md +36 -0
- package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/gemini.agent.md +36 -0
- package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/kiro-ide.agent.md +36 -0
- package/agents/kubernetes/kubernetes-psa-review-agent/metadata.json +38 -0
- package/agents/kubernetes/kubernetes-rbac-review-agent/AGENT.md +55 -0
- package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/codex.toml +32 -0
- package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/copilot.agent.md +51 -0
- package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/cursor.agent.md +40 -0
- package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/gemini.agent.md +39 -0
- package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/kubernetes/kubernetes-rbac-review-agent/metadata.json +36 -0
- package/agents/kubernetes/kubernetes-workload-identity-review-agent/AGENT.md +55 -0
- package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/codex.toml +29 -0
- package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/copilot.agent.md +37 -0
- package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/cursor.agent.md +37 -0
- package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/gemini.agent.md +37 -0
- package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/kubernetes/kubernetes-workload-identity-review-agent/metadata.json +37 -0
- package/agents/kyverno/README.md +46 -0
- package/agents/kyverno/kyverno-policy-review-agent/AGENT.md +55 -0
- package/agents/kyverno/kyverno-policy-review-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/kyverno/kyverno-policy-review-agent/harnesses/codex.toml +32 -0
- package/agents/kyverno/kyverno-policy-review-agent/harnesses/copilot.agent.md +38 -0
- package/agents/kyverno/kyverno-policy-review-agent/harnesses/cursor.agent.md +38 -0
- package/agents/kyverno/kyverno-policy-review-agent/harnesses/gemini.agent.md +38 -0
- package/agents/kyverno/kyverno-policy-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/kyverno/kyverno-policy-review-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/kyverno/kyverno-policy-review-agent/metadata.json +30 -0
- package/agents/oci/README.md +45 -0
- package/agents/oci/oci-certificates-issuer-review-agent/AGENT.md +53 -0
- package/agents/oci/oci-certificates-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/oci/oci-certificates-issuer-review-agent/harnesses/codex.toml +27 -0
- package/agents/oci/oci-certificates-issuer-review-agent/harnesses/copilot.agent.md +36 -0
- package/agents/oci/oci-certificates-issuer-review-agent/harnesses/cursor.agent.md +36 -0
- package/agents/oci/oci-certificates-issuer-review-agent/harnesses/gemini.agent.md +36 -0
- package/agents/oci/oci-certificates-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/oci/oci-certificates-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
- package/agents/oci/oci-certificates-issuer-review-agent/metadata.json +36 -0
- package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/metadata.json +11 -2
- package/agents/oci/oci-live-cost-budget-runaway-guard-agent/metadata.json +11 -2
- package/agents/oci/oci-live-iam-policy-compartment-guard-agent/metadata.json +10 -1
- package/agents/oci/oci-live-network-security-rule-guard-agent/AGENT.md +59 -0
- package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/claude-code.agent.md +42 -0
- package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/codex.toml +34 -0
- package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/copilot.agent.md +55 -0
- package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/cursor.agent.md +44 -0
- package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/gemini.agent.md +43 -0
- package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/kiro-ide.agent.md +42 -0
- package/agents/oci/oci-live-network-security-rule-guard-agent/metadata.json +37 -0
- package/agents/oci/oci-live-oke-rollout-guard-agent/metadata.json +11 -2
- package/agents/oci/oci-live-resource-manager-stack-guard-agent/metadata.json +10 -1
- package/agents/oci/oci-live-vault-key-destruction-guard-agent/metadata.json +10 -1
- package/agents/opentelemetry/README.md +37 -0
- package/agents/opentelemetry/opentelemetry-collector-config-review-agent/AGENT.md +55 -0
- package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/codex.toml +32 -0
- package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/copilot.agent.md +38 -0
- package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/cursor.agent.md +38 -0
- package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/gemini.agent.md +38 -0
- package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/opentelemetry/opentelemetry-collector-config-review-agent/metadata.json +37 -0
- package/agents/prometheus/README.md +36 -0
- package/agents/prometheus/prometheus-alerting-cardinality-review-agent/AGENT.md +48 -0
- package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/claude-code.agent.md +32 -0
- package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/codex.toml +31 -0
- package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/copilot.agent.md +32 -0
- package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/cursor.agent.md +32 -0
- package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/gemini.agent.md +32 -0
- package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/kiro-ide.agent.md +32 -0
- package/agents/prometheus/prometheus-alerting-cardinality-review-agent/metadata.json +31 -0
- package/agents/sigstore/README.md +38 -0
- package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/AGENT.md +55 -0
- package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/codex.toml +29 -0
- package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/copilot.agent.md +35 -0
- package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/cursor.agent.md +35 -0
- package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/gemini.agent.md +35 -0
- package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/kiro-cli.agent.json +5 -0
- package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/metadata.json +31 -0
- package/agents/terraform/README.md +29 -0
- package/agents/terraform/terraform-reviewer/AGENT.md +2 -1
- package/agents/terraform/terraform-reviewer/harnesses/claude-code.agent.md +29 -0
- package/agents/terraform/terraform-reviewer/harnesses/codex.toml +29 -0
- package/agents/terraform/terraform-reviewer/harnesses/copilot.agent.md +42 -0
- package/agents/terraform/terraform-reviewer/harnesses/cursor.agent.md +31 -0
- package/agents/terraform/terraform-reviewer/harnesses/gemini.agent.md +30 -0
- package/agents/terraform/terraform-reviewer/harnesses/kiro-cli.agent.json +5 -0
- package/agents/terraform/terraform-reviewer/harnesses/kiro-ide.agent.md +29 -0
- package/agents/terraform/terraform-reviewer/metadata.json +10 -1
- package/agents/velero/README.md +41 -0
- package/assets/logos/vanguard-frontier-agentic-logo.png +0 -0
- package/catalog/agents.json +1452 -634
- package/catalog/install-roles.json +455 -0
- package/catalog/skill-manifest.json +1089 -335
- package/catalog/skills.json +1298 -528
- package/package.json +32 -3
- package/schemas/AGENTS.md +14 -0
- package/schemas/agent.frontmatter.schema.json +89 -0
- package/schemas/agent.schema.json +8 -0
- package/schemas/skill.frontmatter.schema.json +95 -0
- package/scripts/apply-skill-allowed-tools.py +142 -0
- package/scripts/backfill-skill-metadata.py +410 -0
- package/scripts/export-marketplace-agents.mjs +275 -9
- package/scripts/update-catalog-new-agents.py +88 -0
- package/skills/argocd/README.md +30 -0
- package/skills/argocd/argo-rollouts-progressive-delivery-review/SKILL.md +43 -0
- package/skills/argocd/argo-rollouts-progressive-delivery-review/metadata.json +22 -0
- package/skills/argocd/argo-rollouts-progressive-delivery-review/references/workflow-and-output.md +248 -0
- package/skills/argocd/argocd-gitops-review/SKILL.md +46 -0
- package/skills/argocd/argocd-gitops-review/metadata.json +30 -0
- package/skills/argocd/argocd-gitops-review/references/mcp-and-evidence.md +53 -0
- package/skills/argocd/argocd-gitops-review/references/official-sources.md +32 -0
- package/skills/argocd/argocd-gitops-review/references/workflow-and-output.md +120 -0
- package/skills/aws/README.md +3 -1
- package/skills/aws/aws-agentcore/SKILL.md +3 -0
- package/skills/aws/aws-api-edge-delivery-review/SKILL.md +3 -0
- package/skills/aws/aws-bedrock-agent-security-governor/SKILL.md +3 -0
- package/skills/aws/aws-change-impact-advisor/SKILL.md +3 -0
- package/skills/aws/aws-ci-cd-release-engineer/SKILL.md +3 -0
- package/skills/aws/aws-compliance-evidence-mapper/SKILL.md +3 -0
- package/skills/aws/aws-cost-anomaly-watch-coordinator/SKILL.md +3 -0
- package/skills/aws/aws-cost-optimization-governor/SKILL.md +3 -0
- package/skills/aws/aws-daily-operations-briefing-coordinator/SKILL.md +3 -0
- package/skills/aws/aws-data-protection-backup-steward/SKILL.md +3 -0
- package/skills/aws/aws-deployment-hotfix-operator/SKILL.md +3 -0
- package/skills/aws/aws-devops-agent-skill-designer/SKILL.md +3 -0
- package/skills/aws/aws-dynamodb-data-modeling-performance-review/SKILL.md +3 -0
- package/skills/aws/aws-ec2-compute-operations-steward/SKILL.md +3 -0
- package/skills/aws/aws-ecs-fargate-platform-operator/SKILL.md +3 -0
- package/skills/aws/aws-ecs-service-remediation-operator/SKILL.md +3 -0
- package/skills/aws/aws-eks-platform-operator/SKILL.md +3 -0
- package/skills/aws/aws-event-driven-architecture-review/SKILL.md +3 -0
- package/skills/aws/aws-generative-ai-developer/SKILL.md +3 -0
- package/skills/aws/aws-iac-change-safety-review/SKILL.md +3 -0
- package/skills/aws/aws-iac-patch-executor/SKILL.md +3 -0
- package/skills/aws/aws-iam-least-privilege-review/SKILL.md +3 -0
- package/skills/aws/aws-kms-secrets-lifecycle-steward/SKILL.md +3 -0
- package/skills/aws/aws-landing-zone-governor/SKILL.md +3 -0
- package/skills/aws/aws-live-deployment-guarded-operator/SKILL.md +3 -0
- package/skills/aws/aws-live-ecs-rollout-guard/SKILL.md +3 -0
- package/skills/aws/aws-live-iac-change-guard/SKILL.md +3 -0
- package/skills/aws/aws-live-pipeline-approval-operator/SKILL.md +3 -0
- package/skills/aws/aws-live-serverless-release-guard/SKILL.md +3 -0
- package/skills/aws/aws-maestro/SKILL.md +3 -0
- package/skills/aws/aws-maestro/references/workflow-and-output.md +2 -0
- package/skills/aws/aws-migration-cutover-architect/SKILL.md +3 -0
- package/skills/aws/aws-network-architect/SKILL.md +3 -0
- package/skills/aws/aws-non-destructive-task-automation-advisor/SKILL.md +3 -0
- package/skills/aws/aws-observability-incident-responder/SKILL.md +3 -0
- package/skills/aws/aws-pipeline-fix-operator/SKILL.md +3 -0
- package/skills/aws/aws-private-ca-issuer-review/SKILL.md +42 -0
- package/skills/aws/aws-private-ca-issuer-review/metadata.json +21 -0
- package/skills/aws/aws-private-ca-issuer-review/references/official-sources.md +22 -0
- package/skills/aws/aws-private-ca-issuer-review/references/safety-checklist.md +30 -0
- package/skills/aws/aws-private-ca-issuer-review/references/workflow-and-output.md +214 -0
- package/skills/aws/aws-rds-aurora-performance-investigator/SKILL.md +3 -0
- package/skills/aws/aws-resilience-bcdr-review/SKILL.md +3 -0
- package/skills/aws/aws-s3-data-perimeter-governor/SKILL.md +3 -0
- package/skills/aws/aws-security-posture-hardening/SKILL.md +3 -0
- package/skills/aws/aws-serverless-production-readiness/SKILL.md +3 -0
- package/skills/aws/aws-serverless-rollout-corrector/SKILL.md +3 -0
- package/skills/aws/aws-solution-architect/SKILL.md +3 -0
- package/skills/aws/aws-ticket-triage-escalation-coordinator/SKILL.md +3 -0
- package/skills/azure/README.md +3 -1
- package/skills/azure/azure-ai-foundry-ops-governor/SKILL.md +3 -0
- package/skills/azure/azure-aks-platform-operator/SKILL.md +3 -0
- package/skills/azure/azure-app-service-production-readiness/SKILL.md +3 -0
- package/skills/azure/azure-cosmosdb-application-developer/SKILL.md +3 -0
- package/skills/azure/azure-cosmosdb-performance-investigator/SKILL.md +3 -0
- package/skills/azure/azure-cosmosdb-platform-operator/SKILL.md +3 -0
- package/skills/azure/azure-cost-estimation-review/SKILL.md +3 -0
- package/skills/azure/azure-cost-optimization-governor/SKILL.md +3 -0
- package/skills/azure/azure-entra-id-specialist/SKILL.md +3 -0
- package/skills/azure/azure-governance-policy-guardrails/SKILL.md +3 -0
- package/skills/azure/azure-identity-governance-review/SKILL.md +3 -0
- package/skills/azure/azure-key-vault-secret-lifecycle-auditor/SKILL.md +3 -0
- package/skills/azure/azure-keyvault-certificate-issuer-review/SKILL.md +40 -0
- package/skills/azure/azure-keyvault-certificate-issuer-review/metadata.json +20 -0
- package/skills/azure/azure-keyvault-certificate-issuer-review/references/workflow-and-output.md +190 -0
- package/skills/azure/azure-landing-zone-architect/SKILL.md +3 -0
- package/skills/azure/azure-live-aks-rollout-guard/SKILL.md +3 -0
- package/skills/azure/azure-live-app-service-slot-swap-guard/SKILL.md +3 -0
- package/skills/azure/azure-live-arm-deployment-stack-guard/SKILL.md +3 -0
- package/skills/azure/azure-live-cost-budget-action-guard/SKILL.md +3 -0
- package/skills/azure/azure-live-entra-role-assignment-guard/SKILL.md +59 -0
- package/skills/azure/azure-live-entra-role-assignment-guard/metadata.json +28 -0
- package/skills/azure/azure-live-entra-role-assignment-guard/references/official-sources.md +21 -0
- package/skills/azure/azure-live-entra-role-assignment-guard/references/permission-model.md +70 -0
- package/skills/azure/azure-live-entra-role-assignment-guard/references/preflight-commands.md +69 -0
- package/skills/azure/azure-live-entra-role-assignment-guard/references/rollback-playbook.md +51 -0
- package/skills/azure/azure-live-keyvault-rotation-purge-guard/SKILL.md +3 -0
- package/skills/azure/azure-live-pim-jit-activation-guard/SKILL.md +3 -0
- package/skills/azure/azure-maestro/SKILL.md +3 -0
- package/skills/azure/azure-migrate-landing-zone-cutover/SKILL.md +3 -0
- package/skills/azure/azure-network-topology-review/SKILL.md +3 -0
- package/skills/azure/azure-observability-investigator/SKILL.md +3 -0
- package/skills/azure/azure-platform-automation-devops/SKILL.md +3 -0
- package/skills/azure/azure-private-endpoint-adoption-planner/SKILL.md +3 -0
- package/skills/azure/azure-rbac-review/SKILL.md +3 -0
- package/skills/azure/azure-resilience-bcdr-review/SKILL.md +3 -0
- package/skills/azure/azure-resource-health-incident-triage/SKILL.md +3 -0
- package/skills/azure/azure-role-selector/SKILL.md +3 -0
- package/skills/azure/azure-security-posture-hardening/SKILL.md +3 -0
- package/skills/azure/azure-subscription-resource-organization/SKILL.md +3 -0
- package/skills/backstage/backstage-scaffolder-template-review/SKILL.md +42 -0
- package/skills/backstage/backstage-scaffolder-template-review/metadata.json +21 -0
- package/skills/backstage/backstage-scaffolder-template-review/references/workflow-and-output.md +179 -0
- package/skills/cert-manager/cert-manager-issuer-trust-review/SKILL.md +43 -0
- package/skills/cert-manager/cert-manager-issuer-trust-review/metadata.json +22 -0
- package/skills/cert-manager/cert-manager-issuer-trust-review/references/workflow-and-output.md +222 -0
- package/skills/cilium/README.md +30 -0
- package/skills/cilium/cilium-network-policy-review/SKILL.md +46 -0
- package/skills/cilium/cilium-network-policy-review/metadata.json +30 -0
- package/skills/cilium/cilium-network-policy-review/references/mcp-and-evidence.md +52 -0
- package/skills/cilium/cilium-network-policy-review/references/official-sources.md +30 -0
- package/skills/cilium/cilium-network-policy-review/references/workflow-and-output.md +130 -0
- package/skills/falco/falco-runtime-threat-rules-review/SKILL.md +40 -0
- package/skills/falco/falco-runtime-threat-rules-review/metadata.json +22 -0
- package/skills/falco/falco-runtime-threat-rules-review/references/workflow-and-output.md +249 -0
- package/skills/finops/README.md +30 -0
- package/skills/finops/finops-cloud-price-advisor/SKILL.md +3 -0
- package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/SKILL.md +43 -0
- package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/metadata.json +22 -0
- package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/references/workflow-and-output.md +243 -0
- package/skills/istio/README.md +28 -0
- package/skills/istio/istio-ambient-mesh-review/SKILL.md +46 -0
- package/skills/istio/istio-ambient-mesh-review/metadata.json +30 -0
- package/skills/istio/istio-ambient-mesh-review/references/mcp-and-evidence.md +59 -0
- package/skills/istio/istio-ambient-mesh-review/references/official-sources.md +32 -0
- package/skills/istio/istio-ambient-mesh-review/references/workflow-and-output.md +128 -0
- package/skills/kubernetes/README.md +30 -0
- package/skills/kubernetes/external-secrets-operator-review/SKILL.md +40 -0
- package/skills/kubernetes/external-secrets-operator-review/metadata.json +22 -0
- package/skills/kubernetes/external-secrets-operator-review/references/workflow-and-output.md +280 -0
- package/skills/kubernetes/kubecost-chargeback-allocation-review/SKILL.md +43 -0
- package/skills/kubernetes/kubecost-chargeback-allocation-review/metadata.json +22 -0
- package/skills/kubernetes/kubecost-chargeback-allocation-review/references/workflow-and-output.md +215 -0
- package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/SKILL.md +60 -0
- package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/metadata.json +27 -0
- package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/official-sources.md +18 -0
- package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/permission-model.md +78 -0
- package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/preflight-commands.md +81 -0
- package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/rollback-playbook.md +61 -0
- package/skills/kubernetes/kubernetes-maestro/SKILL.md +48 -0
- package/skills/kubernetes/kubernetes-maestro/metadata.json +24 -0
- package/skills/kubernetes/kubernetes-maestro/references/safety-checklist.md +78 -0
- package/skills/kubernetes/kubernetes-maestro/references/workflow-and-output.md +206 -0
- package/skills/kubernetes/kubernetes-pod-security-admission-review/SKILL.md +46 -0
- package/skills/kubernetes/kubernetes-pod-security-admission-review/metadata.json +28 -0
- package/skills/kubernetes/kubernetes-pod-security-admission-review/references/mcp-and-evidence.md +49 -0
- package/skills/kubernetes/kubernetes-pod-security-admission-review/references/official-sources.md +26 -0
- package/skills/kubernetes/kubernetes-pod-security-admission-review/references/workflow-and-output.md +129 -0
- package/skills/kubernetes/kubernetes-pod-spec-review/SKILL.md +41 -0
- package/skills/kubernetes/kubernetes-pod-spec-review/metadata.json +22 -0
- package/skills/kubernetes/kubernetes-pod-spec-review/references/workflow-and-output.md +229 -0
- package/skills/kubernetes/kubernetes-rbac-review/SKILL.md +41 -0
- package/skills/kubernetes/kubernetes-rbac-review/metadata.json +27 -0
- package/skills/kubernetes/kubernetes-rbac-review/references/mcp-and-evidence.md +34 -0
- package/skills/kubernetes/kubernetes-rbac-review/references/official-sources.md +22 -0
- package/skills/kubernetes/kubernetes-rbac-review/references/workflow-and-output.md +44 -0
- package/skills/kubernetes/kubernetes-workload-identity-review/SKILL.md +46 -0
- package/skills/kubernetes/kubernetes-workload-identity-review/metadata.json +29 -0
- package/skills/kubernetes/kubernetes-workload-identity-review/references/mcp-and-evidence.md +57 -0
- package/skills/kubernetes/kubernetes-workload-identity-review/references/official-sources.md +47 -0
- package/skills/kubernetes/kubernetes-workload-identity-review/references/workflow-and-output.md +166 -0
- package/skills/kyverno/README.md +30 -0
- package/skills/kyverno/kyverno-policy-review/SKILL.md +46 -0
- package/skills/kyverno/kyverno-policy-review/metadata.json +30 -0
- package/skills/kyverno/kyverno-policy-review/references/mcp-and-evidence.md +49 -0
- package/skills/kyverno/kyverno-policy-review/references/official-sources.md +31 -0
- package/skills/kyverno/kyverno-policy-review/references/workflow-and-output.md +106 -0
- package/skills/oci/README.md +63 -0
- package/skills/oci/oci-autonomous-database-architect/SKILL.md +3 -0
- package/skills/oci/oci-certificates-issuer-review/SKILL.md +40 -0
- package/skills/oci/oci-certificates-issuer-review/metadata.json +20 -0
- package/skills/oci/oci-certificates-issuer-review/references/workflow-and-output.md +207 -0
- package/skills/oci/oci-cloud-guard-responder/SKILL.md +3 -0
- package/skills/oci/oci-compute-instance-agent-operator/SKILL.md +3 -0
- package/skills/oci/oci-compute-platform-operator/SKILL.md +3 -0
- package/skills/oci/oci-cost-finops-analyst/SKILL.md +3 -0
- package/skills/oci/oci-database-platform-dba/SKILL.md +3 -0
- package/skills/oci/oci-dbtools-sql-analyst/SKILL.md +3 -0
- package/skills/oci/oci-devops-container-platform-engineer/SKILL.md +3 -0
- package/skills/oci/oci-exadata-database-architect/SKILL.md +3 -0
- package/skills/oci/oci-exadata-platform-architect/SKILL.md +3 -0
- package/skills/oci/oci-fusion-apps-environment-operator/SKILL.md +3 -0
- package/skills/oci/oci-goldengate-replication-operator/SKILL.md +3 -0
- package/skills/oci/oci-identity-access-governor/SKILL.md +3 -0
- package/skills/oci/oci-iot-digital-twin-engineer/SKILL.md +3 -0
- package/skills/oci/oci-limits-capacity-planner/SKILL.md +3 -0
- package/skills/oci/oci-live-autonomous-db-lifecycle-guard/SKILL.md +3 -0
- package/skills/oci/oci-live-cost-budget-runaway-guard/SKILL.md +3 -0
- package/skills/oci/oci-live-iam-policy-compartment-guard/SKILL.md +3 -0
- package/skills/oci/oci-live-network-security-rule-guard/SKILL.md +60 -0
- package/skills/oci/oci-live-network-security-rule-guard/metadata.json +28 -0
- package/skills/oci/oci-live-network-security-rule-guard/references/official-sources.md +21 -0
- package/skills/oci/oci-live-network-security-rule-guard/references/permission-model.md +65 -0
- package/skills/oci/oci-live-network-security-rule-guard/references/preflight-commands.md +69 -0
- package/skills/oci/oci-live-network-security-rule-guard/references/rollback-playbook.md +79 -0
- package/skills/oci/oci-live-oke-rollout-guard/SKILL.md +3 -0
- package/skills/oci/oci-live-resource-manager-stack-guard/SKILL.md +3 -0
- package/skills/oci/oci-live-vault-key-destruction-guard/SKILL.md +3 -0
- package/skills/oci/oci-load-balancer-traffic-engineer/SKILL.md +3 -0
- package/skills/oci/oci-maestro/SKILL.md +3 -0
- package/skills/oci/oci-migration-cutover-architect/SKILL.md +3 -0
- package/skills/oci/oci-multi-cloud-architect/SKILL.md +3 -0
- package/skills/oci/oci-mysql-heatwave-ai-specialist/SKILL.md +3 -0
- package/skills/oci/oci-network-architect/SKILL.md +3 -0
- package/skills/oci/oci-observability-incident-responder/SKILL.md +3 -0
- package/skills/oci/oci-recovery-service-operator/SKILL.md +3 -0
- package/skills/oci/oci-registry-artifact-governor/SKILL.md +3 -0
- package/skills/oci/oci-resource-search-inventory-analyst/SKILL.md +3 -0
- package/skills/oci/oci-security-compliance-reviewer/SKILL.md +3 -0
- package/skills/oci/oci-solution-architect/SKILL.md +3 -0
- package/skills/oci/oci-storage-backup-steward/SKILL.md +3 -0
- package/skills/oci/oci-support-incident-coordinator/SKILL.md +3 -0
- package/skills/oci/oracle-oci-mcp-grounded-advisor/SKILL.md +3 -0
- package/skills/opentelemetry/README.md +31 -0
- package/skills/opentelemetry/opentelemetry-collector-config-review/SKILL.md +47 -0
- package/skills/opentelemetry/opentelemetry-collector-config-review/metadata.json +30 -0
- package/skills/opentelemetry/opentelemetry-collector-config-review/references/mcp-and-evidence.md +49 -0
- package/skills/opentelemetry/opentelemetry-collector-config-review/references/official-sources.md +31 -0
- package/skills/opentelemetry/opentelemetry-collector-config-review/references/workflow-and-output.md +155 -0
- package/skills/prometheus/prometheus-alerting-cardinality-review/SKILL.md +41 -0
- package/skills/prometheus/prometheus-alerting-cardinality-review/metadata.json +22 -0
- package/skills/prometheus/prometheus-alerting-cardinality-review/references/workflow-and-output.md +221 -0
- package/skills/sigstore/sigstore-cosign-supply-chain-review/SKILL.md +42 -0
- package/skills/sigstore/sigstore-cosign-supply-chain-review/metadata.json +22 -0
- package/skills/sigstore/sigstore-cosign-supply-chain-review/references/workflow-and-output.md +196 -0
- package/skills/terraform/README.md +29 -0
- package/skills/terraform/terraform-maestro/SKILL.md +3 -0
- package/skills/velero/velero-backup-restore-guard/SKILL.md +44 -0
- package/skills/velero/velero-backup-restore-guard/metadata.json +21 -0
- package/skills/velero/velero-backup-restore-guard/references/safety-checklist.md +40 -0
- package/skills/velero/velero-backup-restore-guard/references/workflow-and-output.md +202 -0
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-cost-optimization-governor
|
|
3
3
|
description: Review AWS cost optimization and FinOps posture across Cost Explorer, Budgets, Cost Optimization Hub, Compute Optimizer, Savings Plans, Reserved Instances, tagging, showback, idle resources, rightsizing, storage, data transfer, and forecast risk. Use when the user asks to reduce or explain AWS cost.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: finops
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Cost Optimization Governor
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-daily-operations-briefing-coordinator
|
|
3
3
|
description: Prepare AWS daily operations briefings using CloudWatch, Personal Health Dashboard, Trusted Advisor, cost signals, deployment timelines, incidents, risks, and action backlog. Prefer this for non-destructive business and engineering status coordination; prefer observability, cost, or incident skills for deeper domain investigation.
|
|
4
|
+
allowed-tools: Read Grep Glob WebFetch
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: observability
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Daily Operations Briefing Coordinator
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-data-protection-backup-steward
|
|
3
3
|
description: Review AWS backup and data protection implementation across AWS Backup, EBS/RDS/EFS/S3 recovery patterns, vaults, vault lock, retention, encryption, cross-account/cross-Region copy, restore testing, lifecycle, and recovery evidence. Prefer resilience BCDR review for broader RTO/RPO, failover, and business continuity design.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: resilience
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Data Protection Backup Steward
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-deployment-hotfix-operator
|
|
3
3
|
description: Patch AWS deployment hotfix config, release parameters, manifest mistakes, environment drift, rollback blockers, and rollout blockers in-repo. Use for rapid non-destructive deployment corrections; do not use for live deploy/apply/destroy actions.
|
|
4
|
+
allowed-tools: Read Edit Write MultiEdit Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: delivery
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Deployment Hotfix Operator
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-devops-agent-skill-designer
|
|
3
3
|
description: Design, review, and improve AWS DevOps Agent-compatible skills, investigation workflows, learned skills, tool-use best practices, agent type targeting, frontmatter descriptions, reference materials, and operational output contracts. Use when creating or adapting skills for AWS DevOps Agent or AWS-style incident agents.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: delivery
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS DevOps Agent Skill Designer
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-dynamodb-data-modeling-performance-review
|
|
3
3
|
description: Review Amazon DynamoDB data modeling and performance across access patterns, partition keys, sort keys, secondary indexes, GSI/LSI design, hot partitions, query versus scan behavior, capacity mode, adaptive capacity, global tables, TTL, DAX, item size, transactions, and cost. Use when DynamoDB correctness, latency, scaling, or cost depends on table design.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: data
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS DynamoDB Data Modeling Performance Review
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-ec2-compute-operations-steward
|
|
3
3
|
description: Review Amazon EC2 compute operations across instances, Auto Scaling groups, Launch Templates, AMIs, Systems Manager, Patch Manager, Session Manager, EBS volumes, snapshots, health checks, instance refresh, lifecycle hooks, patch compliance, and fleet reliability. Use for EC2 day-2 operations and legacy workload stewardship.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: platform
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS EC2 Compute Operations Steward
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-ecs-fargate-platform-operator
|
|
3
3
|
description: Review Amazon ECS and Fargate platform operations across services, task definitions, task roles, execution roles, capacity providers, load balancers, deployment circuit breakers, blue/green, autoscaling, health checks, logs, secrets, networking, and rollback. Use only for ECS/Fargate; prefer EKS operator for Kubernetes.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: platform
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS ECS Fargate Platform Operator
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-ecs-service-remediation-operator
|
|
3
3
|
description: Correct AWS ECS and Fargate service definitions, task definition config, deployment parameters, health checks, environment settings, and rollout wiring in-repo. Use for non-destructive repo fixes only; do not force deployments or mutate live services from this role.
|
|
4
|
+
allowed-tools: Read Edit Write MultiEdit Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: platform
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS ECS Service Remediation Operator
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-eks-platform-operator
|
|
3
3
|
description: Review Amazon EKS Kubernetes platform operations across cluster access, IRSA, IAM roles for service accounts, pod identity, node groups, Karpenter, autoscaling, CNI/network policy, upgrades, reliability, observability, and cost. Use only for EKS/Kubernetes; prefer ECS/Fargate operator for ECS services.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: platform
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS EKS Platform Operator
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-event-driven-architecture-review
|
|
3
3
|
description: Review AWS event-driven system design across EventBridge, event buses, Pipes, SQS, SNS, Step Functions, event schemas, filtering, cross-account routing, retries, DLQs, replay, idempotency, monitoring, and event-loop risk. Prefer serverless production readiness for Lambda runtime/deployment readiness.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: platform
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Event Driven Architecture Review
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-generative-ai-developer
|
|
3
3
|
description: Build Amazon Bedrock and serverless generative AI applications using Lambda, API Gateway, Step Functions, EventBridge, S3, DynamoDB, SQS, Guardrails, and IAM. Prefer this for serverless GenAI app design and implementation; prefer aws-agentcore for AgentCore runtime, aws-bedrock-agent-security-governor for deep Bedrock security, and aws-serverless-production-readiness for final operational hardening.
|
|
4
|
+
allowed-tools: Read Edit Write MultiEdit Grep Glob Bash
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: ai
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Generative AI Developer
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-iac-change-safety-review
|
|
3
3
|
description: Review AWS infrastructure-as-code changes across CDK, CloudFormation, SAM, Terraform, Serverless Framework, generated templates, plans, stack updates, change sets, and drift. Use when the user asks whether an AWS IaC deployment is safe, what a change set will do, why a resource replacement will happen, or how to validate before production.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: delivery
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS IaC Change Safety Review
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-iac-patch-executor
|
|
3
3
|
description: Edit AWS IaC files including CloudFormation, SAM, CDK config, and Terraform to patch defects, prepare change set review, or unblock rollout work. Prefer this for bounded repo changes only; do not use for apply, deploy, or destructive infrastructure execution.
|
|
4
|
+
allowed-tools: Read Edit Write MultiEdit Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: delivery
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS IaC Patch Executor
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-iam-least-privilege-review
|
|
3
3
|
description: Review AWS IAM identity policies, trust policies, resource policies, permission boundaries, SCPs, session policies, role design, pass-role, federation, and Access Analyzer findings for least-privilege risk. Prefer KMS/secrets steward for key/secret lifecycle design and S3 perimeter governor for S3 exposure/data-perimeter posture unless the request is primarily policy surgery.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: security
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS IAM Least Privilege Review
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-kms-secrets-lifecycle-steward
|
|
3
3
|
description: Review AWS KMS and Secrets Manager lifecycle posture across key policies, grants, rotation, multi-Region keys, imported key material, aliases, secret rotation, replication, caching, endpoint conditions, recovery, and break-glass access. Prefer this for cryptography/secret lifecycle; prefer IAM skill for general permissions review.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: security
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS KMS Secrets Lifecycle Steward
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-landing-zone-governor
|
|
3
3
|
description: Review and design AWS landing zones, AWS Control Tower environments, Organizations structures, OUs, account vending patterns, guardrails, central logging, security/audit accounts, and multi-account governance. Use when the user asks how to structure AWS accounts or govern a cloud estate.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: compliance
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Landing Zone Governor
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-live-deployment-guarded-operator
|
|
3
3
|
description: Operate guarded live AWS deployment changes with explicit account, region, profile, approval, dry-run, rollback, and verification gates. Use only when the target environment is confirmed and a live deployment action is intentionally requested.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: delivery
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Live Deployment Guarded Operator
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-live-ecs-rollout-guard
|
|
3
3
|
description: Guard live Amazon ECS and Fargate rollout actions with ecs service, task definition, deployment circuit breaker, alarms, rollback, health check, and approval gates. Use only for intentional live ECS rollout actions against confirmed targets.
|
|
4
|
+
allowed-tools: Read Grep Glob WebFetch
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: delivery
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Live ECS Rollout Guard
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-live-iac-change-guard
|
|
3
3
|
description: Guard live CloudFormation, SAM, CDK, and Terraform-backed AWS infrastructure changes with change set, drift, stack policy, rollback trigger, approval, and execute gates. Use only for intentional live IaC execution with confirmed targets.
|
|
4
|
+
allowed-tools: Read Grep Glob WebFetch
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: delivery
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Live IaC Change Guard
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-live-pipeline-approval-operator
|
|
3
3
|
description: Handle live CodePipeline approval and gated resume decisions with pipeline, stage, approver, SNS, approval, blast radius, and rollback checks. Use only when a real pipeline execution is paused or about to be approved.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: delivery
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Live Pipeline Approval Operator
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-live-serverless-release-guard
|
|
3
3
|
description: Guard live Lambda and serverless release actions with lambda alias, codedeploy, canary, linear, alarms, rollback, and approval gates. Use only for intentional live serverless rollout actions against confirmed targets.
|
|
4
|
+
allowed-tools: Read Grep Glob WebFetch
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: delivery
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Live Serverless Release Guard
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-maestro
|
|
3
3
|
description: Route AWS tasks to the narrowest specialist or team of specialists from the 42-agent catalog. Use when you do not already know the specialist. Not for direct AWS answers; Maestro classifies, dispatches, and synthesizes only. Dispatches single agent for focused tasks, parallel team (max 4) for multi-domain tasks. Never auto-dispatches live-guard agents — requires explicit human confirmation with blast-radius and rollback before routing to any live deployment or production-change specialist.
|
|
4
|
+
allowed-tools: Agent Skill Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: ai
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Maestro — Routing Skill
|
|
@@ -10,6 +10,7 @@ Use this reference when classifying a task or selecting the right specialist(s).
|
|
|
10
10
|
| `compute` | EC2, ECS, Fargate, EKS, Lambda, serverless, container, pod, fleet, autoscaling, AMI, launch template, capacity reservation, spot, deployment rollout, hotfix |
|
|
11
11
|
| `data` | RDS, Aurora, DynamoDB, S3, database, query performance, data modeling, index, backup, data perimeter, bucket policy, data protection, restore |
|
|
12
12
|
| `security-iam` | IAM, policy, role, permission, SCP, KMS, key rotation, secrets, Secrets Manager, posture, GuardDuty, SecurityHub, compliance, evidence, Bedrock security |
|
|
13
|
+
| `pki` | ACM PCA, AWS Private CA, aws-privateca-issuer, AWSPCAIssuer, AWSPCAClusterIssuer, certificate template ARN, CRL distribution, CRL S3, IRSA cert-manager, cross-account PCA, RAM-shared CA, SubordinateCACertificate, private certificate authority |
|
|
13
14
|
| `cost` | cost, spend, billing, anomaly, savings plan, reserved instance, rightsizing, waste, budget |
|
|
14
15
|
| `devops-cicd` | pipeline, CI/CD, CodePipeline, CodeBuild, GitHub Actions, IaC, CloudFormation, Terraform, CDK, patch, release engineer, deploy, rollback |
|
|
15
16
|
| `operations` | observability, CloudWatch, X-Ray, incident, alert, runbook, triage, ticket, escalation, change impact, briefing, daily ops, non-destructive automation |
|
|
@@ -61,6 +62,7 @@ Use this reference when classifying a task or selecting the right specialist(s).
|
|
|
61
62
|
| `aws-kms-secrets-lifecycle-steward-agent` | security-iam | Managing KMS key lifecycle, rotation policies, or Secrets Manager secret health |
|
|
62
63
|
| `aws-security-posture-hardening-agent` | security-iam | Hardening AWS account posture: GuardDuty, SecurityHub, Config rules, and remediation |
|
|
63
64
|
| `aws-compliance-evidence-mapper-agent` | security-iam | Mapping AWS controls to compliance frameworks (SOC 2, PCI, HIPAA, NIST) and gathering evidence |
|
|
65
|
+
| `aws-private-ca-issuer-review-agent` | pki | Reviewing AWS ACM Private CA issuer config for cert-manager: CA hierarchy, template ARN scope, IRSA permissions, CRL reachability, and cross-account RAM-shared CA |
|
|
64
66
|
|
|
65
67
|
### Cost
|
|
66
68
|
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-migration-cutover-architect
|
|
3
3
|
description: Plan, review, and de-risk AWS migrations and cutovers across discovery, dependency mapping, wave planning, AWS Application Migration Service, Migration Hub, test launches, acceptance tests, downtime windows, rollback, DNS, data consistency, and post-cutover validation. Use for migration planning and cutover readiness.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: delivery
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Migration Cutover Architect
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-network-architect
|
|
3
3
|
description: Design, review, and troubleshoot AWS network, hybrid, and multi-cloud connectivity across VPCs, Transit Gateway, Direct Connect, VPN, Cloud WAN, Route 53 Resolver, private DNS, CIDRs, route tables, endpoints, segmentation, ingress, egress, inspection, and failover. Prefer this for connectivity and routing; prefer API/edge, S3, or security skills for those specialized surfaces.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: networking
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Network Architect
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-non-destructive-task-automation-advisor
|
|
3
3
|
description: Design AWS non-destructive task automation using EventBridge, Step Functions, Lambda, Systems Manager Automation, SNS, SQS, approvals, notifications, reporting, and evidence gathering. Use only for read-only or coordination-safe automation; do not use for destructive remediation or mutation-heavy runbooks.
|
|
4
|
+
allowed-tools: Read Grep Glob WebFetch
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: delivery
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Non-Destructive Task Automation Advisor
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-observability-incident-responder
|
|
3
3
|
description: Investigate broad AWS incidents and observability gaps using CloudWatch metrics, logs, alarms, traces, EventBridge events, service health, runbooks, timelines, blast radius, root-cause discipline, and post-incident actions. Prefer RDS/Aurora investigator for database-specific performance incidents.
|
|
4
|
+
allowed-tools: Read Grep Glob WebFetch
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.2"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: observability
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Observability Incident Responder
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: aws-pipeline-fix-operator
|
|
3
3
|
description: Repair AWS pipeline configuration, buildspecs, workflow files, deployment steps, artifact wiring, release guardrails, and CodeDeploy integration in-repo. Use for non-destructive CI/CD corrections; do not trigger live pipeline runs or mutate cloud state.
|
|
4
|
+
allowed-tools: Read Edit Write MultiEdit Grep Glob
|
|
4
5
|
metadata:
|
|
5
6
|
author: "github: Raishin"
|
|
6
7
|
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: delivery
|
|
7
10
|
---
|
|
8
11
|
|
|
9
12
|
# AWS Pipeline Fix Operator
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: aws-private-ca-issuer-review
|
|
3
|
+
description: Use this skill when reviewing AWS ACM Private CA (Private Certificate Authority) issuer configurations for cert-manager. Trigger on any request to audit AWSPCAIssuer, AWSPCAClusterIssuer, IRSA policy for cert-manager, certificate template ARNs, CRL configuration, or cross-account PCA usage.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
5
|
+
metadata:
|
|
6
|
+
author: "github: Raishin"
|
|
7
|
+
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-05"
|
|
9
|
+
category: security
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
# AWS Private CA Issuer Review
|
|
13
|
+
|
|
14
|
+
## Purpose
|
|
15
|
+
|
|
16
|
+
Review AWS ACM Private Certificate Authority configurations used by the cert-manager `aws-privateca-issuer` plugin. Identify CA hierarchy misconfigurations, overly permissive certificate templates, excessive IRSA permissions, unsafe validity periods, CRL reachability gaps, and cross-account PCA setup risks.
|
|
17
|
+
|
|
18
|
+
## Lean operating rules
|
|
19
|
+
|
|
20
|
+
- Flag any `AWSPCAIssuer` referencing a ROOT CA ARN directly as CRITICAL — only a SUBORDINATE CA should be active for cert-manager issuance.
|
|
21
|
+
- Check `spec.template.arn`: flag any SubordinateCACertificate template as CRITICAL (allows cert-manager to mint sub-CAs). Correct template is `EndEntityCertificate/V1`.
|
|
22
|
+
- Review IRSA role policy: required actions are `acm-pca:IssueCertificate`, `acm-pca:GetCertificate`, `acm-pca:DescribeCertificateAuthority`. Flag `acm-pca:DeleteCertificateAuthority` or `acm-pca:CreateCertificateAuthority` as HIGH.
|
|
23
|
+
- Review `spec.duration` in Certificate resources; flag durations > 365d for workload certs as MEDIUM; best practice is <= 90d.
|
|
24
|
+
- Check CRL S3 bucket reachability from within the VPC; flag unreachable CRL distribution points as HIGH (revocation disabled).
|
|
25
|
+
- For cross-account PCA (RAM-shared CA): verify minimum issuance-only permissions in the security account.
|
|
26
|
+
- Label all claims as live evidence, documentation-based, or inference.
|
|
27
|
+
|
|
28
|
+
## References
|
|
29
|
+
|
|
30
|
+
Load these only when needed:
|
|
31
|
+
|
|
32
|
+
- [Workflow and output contract](references/workflow-and-output.md)
|
|
33
|
+
- [Safety checklist](references/safety-checklist.md)
|
|
34
|
+
- [Official sources](references/official-sources.md)
|
|
35
|
+
|
|
36
|
+
## Response minimum
|
|
37
|
+
|
|
38
|
+
- Severity-labeled findings list (CRITICAL / HIGH / MEDIUM / LOW)
|
|
39
|
+
- Evidence source for each finding
|
|
40
|
+
- Specific resource name or field path
|
|
41
|
+
- Recommended remediation with example policy or YAML snippet
|
|
42
|
+
- Overall PKI trust posture verdict
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "aws-private-ca-issuer-review",
|
|
3
|
+
"name": "AWS Private CA Issuer Review",
|
|
4
|
+
"type": "skill",
|
|
5
|
+
"provider": "aws",
|
|
6
|
+
"harnesses": ["codex", "claude-code", "cursor", "gemini", "kiro", "other"],
|
|
7
|
+
"summary": "Review AWS ACM Private Certificate Authority issuer configurations for cert-manager, covering CA hierarchy safety, certificate template ARN scope, IRSA permissions minimization, validity period alignment, CRL reachability, and cross-account PCA usage patterns.",
|
|
8
|
+
"source_type": "original",
|
|
9
|
+
"official_docs": [
|
|
10
|
+
"https://docs.aws.amazon.com/privateca/latest/userguide/PcaWelcome.html",
|
|
11
|
+
"https://github.com/cert-manager/aws-privateca-issuer",
|
|
12
|
+
"https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html",
|
|
13
|
+
"https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html",
|
|
14
|
+
"https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html"
|
|
15
|
+
],
|
|
16
|
+
"security_notes": "Using a Root CA ARN in AWSPCAIssuer exposes the root of trust directly to cert-manager. A SubordinateCACertificate template allows cert-manager to issue intermediate CAs, enabling an attacker with cert-manager IRSA access to create a shadow CA trusted by the entire corporate PKI. IRSA role must exclude acm-pca:DeleteCertificateAuthority and acm-pca:CreateCertificateAuthority.",
|
|
17
|
+
"last_verified": "2026-05-02",
|
|
18
|
+
"path": "skills/aws/aws-private-ca-issuer-review",
|
|
19
|
+
"author": "github: Raishin",
|
|
20
|
+
"version": "0.1.0"
|
|
21
|
+
}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# Official sources
|
|
2
|
+
|
|
3
|
+
Use this reference only when you need source grounding for AWS Private CA behavior or the detailed source list.
|
|
4
|
+
|
|
5
|
+
## AWS documentation
|
|
6
|
+
|
|
7
|
+
Use these as starting points, not as proof of the user's live AWS state:
|
|
8
|
+
- https://docs.aws.amazon.com/privateca/latest/userguide/
|
|
9
|
+
- https://docs.aws.amazon.com/privateca/latest/userguide/CT-CreateCertificate.html
|
|
10
|
+
- https://docs.aws.amazon.com/privateca/latest/userguide/PcaIssueCert.html
|
|
11
|
+
- https://docs.aws.amazon.com/privateca/latest/userguide/CT-IssueCertificate.html
|
|
12
|
+
- https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html
|
|
13
|
+
- https://github.com/cert-manager/aws-privateca-issuer
|
|
14
|
+
|
|
15
|
+
## cert-manager AWS PCA issuer plugin
|
|
16
|
+
|
|
17
|
+
- https://cert-manager.io/docs/configuration/issuers/
|
|
18
|
+
- https://github.com/cert-manager/aws-privateca-issuer/blob/main/pkg/api/v1beta1/types.go
|
|
19
|
+
|
|
20
|
+
## Grounding rule
|
|
21
|
+
|
|
22
|
+
Official documentation explains AWS service behavior. It does not prove the user's current PCA hierarchy, IRSA trust policy, CRL reachability, RAM share scope, or live cert-manager configuration. Prefer live AWS MCP/CLI evidence or sanitized user-provided YAML for current-state claims.
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# Safety checklist
|
|
2
|
+
|
|
3
|
+
Use this reference before any recommendations on cert-manager PKI configuration, IRSA policy changes, CA hierarchy decisions, or CRL distribution point design.
|
|
4
|
+
|
|
5
|
+
## Non-negotiables
|
|
6
|
+
|
|
7
|
+
- Never ask users to paste secrets, access keys, private keys, CA passwords, or PKCS#12 bundles into chat.
|
|
8
|
+
- Prefer official AWS MCP tools or sanitized `kubectl get` / `aws acm-pca` CLI output for current-state evidence. Label the evidence level.
|
|
9
|
+
- Do not invent CA ARNs, certificate template ARNs, IRSA role ARNs, or RAM resource share IDs.
|
|
10
|
+
- Require explicit platform-team sign-off before any change that modifies a CA hierarchy, revokes a CA, or deletes a PCA CRL S3 bucket.
|
|
11
|
+
- Keep IRSA permissions scoped to the minimum: `acm-pca:IssueCertificate`, `acm-pca:GetCertificate`, `acm-pca:DescribeCertificateAuthority`.
|
|
12
|
+
|
|
13
|
+
## PKI attack vector: required awareness
|
|
14
|
+
|
|
15
|
+
cert-manager with an `AWSPCAClusterIssuer` that has `acm-pca:IssueCertificate` via IRSA can issue certificates for any DNS name trusted by your internal PKI. A compromised cert-manager pod is equivalent to a compromised subordinate CA. Always review:
|
|
16
|
+
- Which namespaces can request from this ClusterIssuer (CertificateRequestPolicy coverage)
|
|
17
|
+
- Whether the CA certificate template allows sub-CA issuance (SubordinateCACertificate templates are CRITICAL)
|
|
18
|
+
- Whether the certificate SAN validation enforces DNS name scope
|
|
19
|
+
|
|
20
|
+
## Stress checks
|
|
21
|
+
|
|
22
|
+
- Which workloads trust this CA chain — blast radius of CA compromise?
|
|
23
|
+
- Can cert-manager request certificates for arbitrary SANs without CertificateRequestPolicy guard?
|
|
24
|
+
- Is the CA ROOT or SUBORDINATE? (ROOT issuance is CRITICAL)
|
|
25
|
+
- Is the CRL S3 bucket reachable from all pods that verify TLS using this CA?
|
|
26
|
+
- Is cross-account RAM share scoped to specific organizational units?
|
|
27
|
+
|
|
28
|
+
## Evidence labels
|
|
29
|
+
|
|
30
|
+
Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live AWS state.
|