@raishin/vanguard-frontier-agentic 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (561) hide show
  1. package/README.md +250 -110
  2. package/agents/AGENTS.md +263 -21
  3. package/agents/argocd/README.md +46 -0
  4. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/AGENT.md +55 -0
  5. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/claude-code.agent.md +35 -0
  6. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/codex.toml +29 -0
  7. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/copilot.agent.md +35 -0
  8. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/cursor.agent.md +35 -0
  9. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/gemini.agent.md +35 -0
  10. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/kiro-cli.agent.json +5 -0
  11. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/kiro-ide.agent.md +35 -0
  12. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/metadata.json +31 -0
  13. package/agents/argocd/argocd-gitops-review-agent/AGENT.md +55 -0
  14. package/agents/argocd/argocd-gitops-review-agent/harnesses/claude-code.agent.md +38 -0
  15. package/agents/argocd/argocd-gitops-review-agent/harnesses/codex.toml +32 -0
  16. package/agents/argocd/argocd-gitops-review-agent/harnesses/copilot.agent.md +38 -0
  17. package/agents/argocd/argocd-gitops-review-agent/harnesses/cursor.agent.md +38 -0
  18. package/agents/argocd/argocd-gitops-review-agent/harnesses/gemini.agent.md +38 -0
  19. package/agents/argocd/argocd-gitops-review-agent/harnesses/kiro-cli.agent.json +5 -0
  20. package/agents/argocd/argocd-gitops-review-agent/harnesses/kiro-ide.agent.md +38 -0
  21. package/agents/argocd/argocd-gitops-review-agent/metadata.json +30 -0
  22. package/agents/aws/aws-live-deployment-guarded-operator-agent/metadata.json +10 -1
  23. package/agents/aws/aws-live-ecs-rollout-guard-agent/metadata.json +10 -1
  24. package/agents/aws/aws-live-iac-change-guard-agent/metadata.json +10 -1
  25. package/agents/aws/aws-live-pipeline-approval-operator-agent/metadata.json +10 -1
  26. package/agents/aws/aws-live-serverless-release-guard-agent/metadata.json +10 -1
  27. package/agents/aws/aws-private-ca-issuer-review-agent/AGENT.md +53 -0
  28. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
  29. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/codex.toml +27 -0
  30. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/copilot.agent.md +36 -0
  31. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/cursor.agent.md +36 -0
  32. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/gemini.agent.md +36 -0
  33. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
  34. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
  35. package/agents/aws/aws-private-ca-issuer-review-agent/metadata.json +37 -0
  36. package/agents/azure/README.md +45 -0
  37. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/AGENT.md +53 -0
  38. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
  39. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/codex.toml +27 -0
  40. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/copilot.agent.md +36 -0
  41. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/cursor.agent.md +36 -0
  42. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/gemini.agent.md +36 -0
  43. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
  44. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
  45. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/metadata.json +36 -0
  46. package/agents/azure/azure-live-aks-rollout-guard-agent/metadata.json +10 -1
  47. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/metadata.json +10 -1
  48. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/metadata.json +10 -1
  49. package/agents/azure/azure-live-cost-budget-action-guard-agent/metadata.json +10 -1
  50. package/agents/azure/azure-live-entra-role-assignment-guard-agent/AGENT.md +59 -0
  51. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/claude-code.agent.md +42 -0
  52. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/codex.toml +34 -0
  53. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/copilot.agent.md +55 -0
  54. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/cursor.agent.md +44 -0
  55. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/gemini.agent.md +43 -0
  56. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  57. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  58. package/agents/azure/azure-live-entra-role-assignment-guard-agent/metadata.json +37 -0
  59. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/metadata.json +10 -1
  60. package/agents/azure/azure-live-pim-jit-activation-guard-agent/metadata.json +11 -2
  61. package/agents/backstage/README.md +36 -0
  62. package/agents/backstage/backstage-scaffolder-template-review-agent/AGENT.md +54 -0
  63. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/claude-code.agent.md +37 -0
  64. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/codex.toml +31 -0
  65. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/copilot.agent.md +37 -0
  66. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/cursor.agent.md +37 -0
  67. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/gemini.agent.md +37 -0
  68. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/kiro-cli.agent.json +5 -0
  69. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/kiro-ide.agent.md +37 -0
  70. package/agents/backstage/backstage-scaffolder-template-review-agent/metadata.json +30 -0
  71. package/agents/cert-manager/README.md +46 -0
  72. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/AGENT.md +55 -0
  73. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/claude-code.agent.md +35 -0
  74. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/codex.toml +29 -0
  75. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/copilot.agent.md +35 -0
  76. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/cursor.agent.md +35 -0
  77. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/gemini.agent.md +35 -0
  78. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/kiro-cli.agent.json +5 -0
  79. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/kiro-ide.agent.md +35 -0
  80. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/metadata.json +31 -0
  81. package/agents/cilium/README.md +46 -0
  82. package/agents/cilium/cilium-network-policy-review-agent/AGENT.md +55 -0
  83. package/agents/cilium/cilium-network-policy-review-agent/harnesses/claude-code.agent.md +38 -0
  84. package/agents/cilium/cilium-network-policy-review-agent/harnesses/codex.toml +32 -0
  85. package/agents/cilium/cilium-network-policy-review-agent/harnesses/copilot.agent.md +38 -0
  86. package/agents/cilium/cilium-network-policy-review-agent/harnesses/cursor.agent.md +38 -0
  87. package/agents/cilium/cilium-network-policy-review-agent/harnesses/gemini.agent.md +38 -0
  88. package/agents/cilium/cilium-network-policy-review-agent/harnesses/kiro-cli.agent.json +5 -0
  89. package/agents/cilium/cilium-network-policy-review-agent/harnesses/kiro-ide.agent.md +38 -0
  90. package/agents/cilium/cilium-network-policy-review-agent/metadata.json +37 -0
  91. package/agents/falco/README.md +36 -0
  92. package/agents/falco/falco-runtime-threat-rules-review-agent/AGENT.md +49 -0
  93. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/claude-code.agent.md +33 -0
  94. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/codex.toml +31 -0
  95. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/copilot.agent.md +33 -0
  96. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/cursor.agent.md +33 -0
  97. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/gemini.agent.md +33 -0
  98. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/kiro-cli.agent.json +5 -0
  99. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/kiro-ide.agent.md +33 -0
  100. package/agents/falco/falco-runtime-threat-rules-review-agent/metadata.json +31 -0
  101. package/agents/finops/README.md +27 -0
  102. package/agents/finops/finops-cloud-price-advisor-agent/metadata.json +10 -1
  103. package/agents/fluxcd/README.md +39 -0
  104. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/AGENT.md +55 -0
  105. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/claude-code.agent.md +38 -0
  106. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/codex.toml +32 -0
  107. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/copilot.agent.md +38 -0
  108. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/cursor.agent.md +38 -0
  109. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/gemini.agent.md +38 -0
  110. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/kiro-cli.agent.json +5 -0
  111. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/kiro-ide.agent.md +38 -0
  112. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/metadata.json +31 -0
  113. package/agents/istio/README.md +46 -0
  114. package/agents/istio/istio-ambient-mesh-review-agent/AGENT.md +55 -0
  115. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/claude-code.agent.md +38 -0
  116. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/codex.toml +32 -0
  117. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/copilot.agent.md +38 -0
  118. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/cursor.agent.md +38 -0
  119. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/gemini.agent.md +38 -0
  120. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/kiro-cli.agent.json +5 -0
  121. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/kiro-ide.agent.md +38 -0
  122. package/agents/istio/istio-ambient-mesh-review-agent/metadata.json +30 -0
  123. package/agents/kubernetes/README.md +143 -0
  124. package/agents/kubernetes/external-secrets-operator-review-agent/AGENT.md +49 -0
  125. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/claude-code.agent.md +33 -0
  126. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/codex.toml +31 -0
  127. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/copilot.agent.md +33 -0
  128. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/cursor.agent.md +33 -0
  129. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/gemini.agent.md +33 -0
  130. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/kiro-cli.agent.json +5 -0
  131. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/kiro-ide.agent.md +33 -0
  132. package/agents/kubernetes/external-secrets-operator-review-agent/metadata.json +31 -0
  133. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/AGENT.md +56 -0
  134. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/claude-code.agent.md +39 -0
  135. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/codex.toml +34 -0
  136. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/copilot.agent.md +39 -0
  137. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/cursor.agent.md +39 -0
  138. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/gemini.agent.md +39 -0
  139. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/kiro-cli.agent.json +5 -0
  140. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/kiro-ide.agent.md +39 -0
  141. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/metadata.json +31 -0
  142. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/AGENT.md +59 -0
  143. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
  144. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/codex.toml +33 -0
  145. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/copilot.agent.md +42 -0
  146. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/cursor.agent.md +42 -0
  147. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/gemini.agent.md +42 -0
  148. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  149. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  150. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/metadata.json +37 -0
  151. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/AGENT.md +59 -0
  152. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/claude-code.agent.md +42 -0
  153. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/codex.toml +33 -0
  154. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/copilot.agent.md +42 -0
  155. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/cursor.agent.md +42 -0
  156. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/gemini.agent.md +42 -0
  157. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  158. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  159. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/metadata.json +37 -0
  160. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/AGENT.md +59 -0
  161. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
  162. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/codex.toml +33 -0
  163. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/copilot.agent.md +42 -0
  164. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/cursor.agent.md +42 -0
  165. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/gemini.agent.md +42 -0
  166. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  167. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  168. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/metadata.json +37 -0
  169. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/AGENT.md +59 -0
  170. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
  171. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/codex.toml +33 -0
  172. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/copilot.agent.md +42 -0
  173. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/cursor.agent.md +42 -0
  174. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/gemini.agent.md +42 -0
  175. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  176. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  177. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/metadata.json +37 -0
  178. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/AGENT.md +59 -0
  179. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/claude-code.agent.md +42 -0
  180. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/codex.toml +34 -0
  181. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/copilot.agent.md +55 -0
  182. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/cursor.agent.md +44 -0
  183. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/gemini.agent.md +43 -0
  184. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  185. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  186. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/metadata.json +36 -0
  187. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/AGENT.md +62 -0
  188. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/claude-code.agent.md +43 -0
  189. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/codex.toml +35 -0
  190. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/copilot.agent.md +43 -0
  191. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/cursor.agent.md +43 -0
  192. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/gemini.agent.md +43 -0
  193. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  194. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/kiro-ide.agent.md +43 -0
  195. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/metadata.json +38 -0
  196. package/agents/kubernetes/kubernetes-maestro-agent/AGENT.md +55 -0
  197. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/claude-code.agent.md +38 -0
  198. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/codex.toml +34 -0
  199. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/copilot.agent.md +38 -0
  200. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/cursor.agent.md +38 -0
  201. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/gemini.agent.md +38 -0
  202. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
  203. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/kiro-ide.agent.md +38 -0
  204. package/agents/kubernetes/kubernetes-maestro-agent/metadata.json +40 -0
  205. package/agents/kubernetes/kubernetes-pod-spec-review-agent/AGENT.md +54 -0
  206. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/claude-code.agent.md +37 -0
  207. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/codex.toml +27 -0
  208. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/copilot.agent.md +37 -0
  209. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/cursor.agent.md +37 -0
  210. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/gemini.agent.md +37 -0
  211. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/kiro-cli.agent.json +5 -0
  212. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/kiro-ide.agent.md +37 -0
  213. package/agents/kubernetes/kubernetes-pod-spec-review-agent/metadata.json +38 -0
  214. package/agents/kubernetes/kubernetes-psa-review-agent/AGENT.md +55 -0
  215. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/claude-code.agent.md +36 -0
  216. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/codex.toml +29 -0
  217. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/copilot.agent.md +36 -0
  218. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/cursor.agent.md +36 -0
  219. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/gemini.agent.md +36 -0
  220. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/kiro-cli.agent.json +5 -0
  221. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/kiro-ide.agent.md +36 -0
  222. package/agents/kubernetes/kubernetes-psa-review-agent/metadata.json +38 -0
  223. package/agents/kubernetes/kubernetes-rbac-review-agent/AGENT.md +55 -0
  224. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/claude-code.agent.md +38 -0
  225. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/codex.toml +32 -0
  226. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/copilot.agent.md +51 -0
  227. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/cursor.agent.md +40 -0
  228. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/gemini.agent.md +39 -0
  229. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/kiro-cli.agent.json +5 -0
  230. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/kiro-ide.agent.md +38 -0
  231. package/agents/kubernetes/kubernetes-rbac-review-agent/metadata.json +36 -0
  232. package/agents/kubernetes/kubernetes-workload-identity-review-agent/AGENT.md +55 -0
  233. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/claude-code.agent.md +37 -0
  234. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/codex.toml +29 -0
  235. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/copilot.agent.md +37 -0
  236. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/cursor.agent.md +37 -0
  237. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/gemini.agent.md +37 -0
  238. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/kiro-cli.agent.json +5 -0
  239. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/kiro-ide.agent.md +37 -0
  240. package/agents/kubernetes/kubernetes-workload-identity-review-agent/metadata.json +37 -0
  241. package/agents/kyverno/README.md +46 -0
  242. package/agents/kyverno/kyverno-policy-review-agent/AGENT.md +55 -0
  243. package/agents/kyverno/kyverno-policy-review-agent/harnesses/claude-code.agent.md +38 -0
  244. package/agents/kyverno/kyverno-policy-review-agent/harnesses/codex.toml +32 -0
  245. package/agents/kyverno/kyverno-policy-review-agent/harnesses/copilot.agent.md +38 -0
  246. package/agents/kyverno/kyverno-policy-review-agent/harnesses/cursor.agent.md +38 -0
  247. package/agents/kyverno/kyverno-policy-review-agent/harnesses/gemini.agent.md +38 -0
  248. package/agents/kyverno/kyverno-policy-review-agent/harnesses/kiro-cli.agent.json +5 -0
  249. package/agents/kyverno/kyverno-policy-review-agent/harnesses/kiro-ide.agent.md +38 -0
  250. package/agents/kyverno/kyverno-policy-review-agent/metadata.json +30 -0
  251. package/agents/oci/README.md +45 -0
  252. package/agents/oci/oci-certificates-issuer-review-agent/AGENT.md +53 -0
  253. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
  254. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/codex.toml +27 -0
  255. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/copilot.agent.md +36 -0
  256. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/cursor.agent.md +36 -0
  257. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/gemini.agent.md +36 -0
  258. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
  259. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
  260. package/agents/oci/oci-certificates-issuer-review-agent/metadata.json +36 -0
  261. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/metadata.json +11 -2
  262. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/metadata.json +11 -2
  263. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/metadata.json +10 -1
  264. package/agents/oci/oci-live-network-security-rule-guard-agent/AGENT.md +59 -0
  265. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/claude-code.agent.md +42 -0
  266. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/codex.toml +34 -0
  267. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/copilot.agent.md +55 -0
  268. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/cursor.agent.md +44 -0
  269. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/gemini.agent.md +43 -0
  270. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  271. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  272. package/agents/oci/oci-live-network-security-rule-guard-agent/metadata.json +37 -0
  273. package/agents/oci/oci-live-oke-rollout-guard-agent/metadata.json +11 -2
  274. package/agents/oci/oci-live-resource-manager-stack-guard-agent/metadata.json +10 -1
  275. package/agents/oci/oci-live-vault-key-destruction-guard-agent/metadata.json +10 -1
  276. package/agents/opentelemetry/README.md +37 -0
  277. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/AGENT.md +55 -0
  278. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/claude-code.agent.md +38 -0
  279. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/codex.toml +32 -0
  280. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/copilot.agent.md +38 -0
  281. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/cursor.agent.md +38 -0
  282. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/gemini.agent.md +38 -0
  283. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/kiro-cli.agent.json +5 -0
  284. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/kiro-ide.agent.md +38 -0
  285. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/metadata.json +37 -0
  286. package/agents/prometheus/README.md +36 -0
  287. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/AGENT.md +48 -0
  288. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/claude-code.agent.md +32 -0
  289. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/codex.toml +31 -0
  290. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/copilot.agent.md +32 -0
  291. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/cursor.agent.md +32 -0
  292. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/gemini.agent.md +32 -0
  293. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/kiro-cli.agent.json +5 -0
  294. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/kiro-ide.agent.md +32 -0
  295. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/metadata.json +31 -0
  296. package/agents/sigstore/README.md +38 -0
  297. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/AGENT.md +55 -0
  298. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/claude-code.agent.md +35 -0
  299. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/codex.toml +29 -0
  300. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/copilot.agent.md +35 -0
  301. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/cursor.agent.md +35 -0
  302. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/gemini.agent.md +35 -0
  303. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/kiro-cli.agent.json +5 -0
  304. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/kiro-ide.agent.md +35 -0
  305. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/metadata.json +31 -0
  306. package/agents/terraform/README.md +29 -0
  307. package/agents/terraform/terraform-reviewer/AGENT.md +2 -1
  308. package/agents/terraform/terraform-reviewer/harnesses/claude-code.agent.md +29 -0
  309. package/agents/terraform/terraform-reviewer/harnesses/codex.toml +29 -0
  310. package/agents/terraform/terraform-reviewer/harnesses/copilot.agent.md +42 -0
  311. package/agents/terraform/terraform-reviewer/harnesses/cursor.agent.md +31 -0
  312. package/agents/terraform/terraform-reviewer/harnesses/gemini.agent.md +30 -0
  313. package/agents/terraform/terraform-reviewer/harnesses/kiro-cli.agent.json +5 -0
  314. package/agents/terraform/terraform-reviewer/harnesses/kiro-ide.agent.md +29 -0
  315. package/agents/terraform/terraform-reviewer/metadata.json +10 -1
  316. package/agents/velero/README.md +41 -0
  317. package/assets/logos/vanguard-frontier-agentic-logo.png +0 -0
  318. package/catalog/agents.json +1452 -634
  319. package/catalog/install-roles.json +455 -0
  320. package/catalog/skill-manifest.json +1089 -335
  321. package/catalog/skills.json +1298 -528
  322. package/package.json +32 -3
  323. package/schemas/AGENTS.md +14 -0
  324. package/schemas/agent.frontmatter.schema.json +89 -0
  325. package/schemas/agent.schema.json +8 -0
  326. package/schemas/skill.frontmatter.schema.json +95 -0
  327. package/scripts/apply-skill-allowed-tools.py +142 -0
  328. package/scripts/backfill-skill-metadata.py +410 -0
  329. package/scripts/export-marketplace-agents.mjs +275 -9
  330. package/scripts/update-catalog-new-agents.py +88 -0
  331. package/skills/argocd/README.md +30 -0
  332. package/skills/argocd/argo-rollouts-progressive-delivery-review/SKILL.md +43 -0
  333. package/skills/argocd/argo-rollouts-progressive-delivery-review/metadata.json +22 -0
  334. package/skills/argocd/argo-rollouts-progressive-delivery-review/references/workflow-and-output.md +248 -0
  335. package/skills/argocd/argocd-gitops-review/SKILL.md +46 -0
  336. package/skills/argocd/argocd-gitops-review/metadata.json +30 -0
  337. package/skills/argocd/argocd-gitops-review/references/mcp-and-evidence.md +53 -0
  338. package/skills/argocd/argocd-gitops-review/references/official-sources.md +32 -0
  339. package/skills/argocd/argocd-gitops-review/references/workflow-and-output.md +120 -0
  340. package/skills/aws/README.md +3 -1
  341. package/skills/aws/aws-agentcore/SKILL.md +3 -0
  342. package/skills/aws/aws-api-edge-delivery-review/SKILL.md +3 -0
  343. package/skills/aws/aws-bedrock-agent-security-governor/SKILL.md +3 -0
  344. package/skills/aws/aws-change-impact-advisor/SKILL.md +3 -0
  345. package/skills/aws/aws-ci-cd-release-engineer/SKILL.md +3 -0
  346. package/skills/aws/aws-compliance-evidence-mapper/SKILL.md +3 -0
  347. package/skills/aws/aws-cost-anomaly-watch-coordinator/SKILL.md +3 -0
  348. package/skills/aws/aws-cost-optimization-governor/SKILL.md +3 -0
  349. package/skills/aws/aws-daily-operations-briefing-coordinator/SKILL.md +3 -0
  350. package/skills/aws/aws-data-protection-backup-steward/SKILL.md +3 -0
  351. package/skills/aws/aws-deployment-hotfix-operator/SKILL.md +3 -0
  352. package/skills/aws/aws-devops-agent-skill-designer/SKILL.md +3 -0
  353. package/skills/aws/aws-dynamodb-data-modeling-performance-review/SKILL.md +3 -0
  354. package/skills/aws/aws-ec2-compute-operations-steward/SKILL.md +3 -0
  355. package/skills/aws/aws-ecs-fargate-platform-operator/SKILL.md +3 -0
  356. package/skills/aws/aws-ecs-service-remediation-operator/SKILL.md +3 -0
  357. package/skills/aws/aws-eks-platform-operator/SKILL.md +3 -0
  358. package/skills/aws/aws-event-driven-architecture-review/SKILL.md +3 -0
  359. package/skills/aws/aws-generative-ai-developer/SKILL.md +3 -0
  360. package/skills/aws/aws-iac-change-safety-review/SKILL.md +3 -0
  361. package/skills/aws/aws-iac-patch-executor/SKILL.md +3 -0
  362. package/skills/aws/aws-iam-least-privilege-review/SKILL.md +3 -0
  363. package/skills/aws/aws-kms-secrets-lifecycle-steward/SKILL.md +3 -0
  364. package/skills/aws/aws-landing-zone-governor/SKILL.md +3 -0
  365. package/skills/aws/aws-live-deployment-guarded-operator/SKILL.md +3 -0
  366. package/skills/aws/aws-live-ecs-rollout-guard/SKILL.md +3 -0
  367. package/skills/aws/aws-live-iac-change-guard/SKILL.md +3 -0
  368. package/skills/aws/aws-live-pipeline-approval-operator/SKILL.md +3 -0
  369. package/skills/aws/aws-live-serverless-release-guard/SKILL.md +3 -0
  370. package/skills/aws/aws-maestro/SKILL.md +3 -0
  371. package/skills/aws/aws-maestro/references/workflow-and-output.md +2 -0
  372. package/skills/aws/aws-migration-cutover-architect/SKILL.md +3 -0
  373. package/skills/aws/aws-network-architect/SKILL.md +3 -0
  374. package/skills/aws/aws-non-destructive-task-automation-advisor/SKILL.md +3 -0
  375. package/skills/aws/aws-observability-incident-responder/SKILL.md +3 -0
  376. package/skills/aws/aws-pipeline-fix-operator/SKILL.md +3 -0
  377. package/skills/aws/aws-private-ca-issuer-review/SKILL.md +42 -0
  378. package/skills/aws/aws-private-ca-issuer-review/metadata.json +21 -0
  379. package/skills/aws/aws-private-ca-issuer-review/references/official-sources.md +22 -0
  380. package/skills/aws/aws-private-ca-issuer-review/references/safety-checklist.md +30 -0
  381. package/skills/aws/aws-private-ca-issuer-review/references/workflow-and-output.md +214 -0
  382. package/skills/aws/aws-rds-aurora-performance-investigator/SKILL.md +3 -0
  383. package/skills/aws/aws-resilience-bcdr-review/SKILL.md +3 -0
  384. package/skills/aws/aws-s3-data-perimeter-governor/SKILL.md +3 -0
  385. package/skills/aws/aws-security-posture-hardening/SKILL.md +3 -0
  386. package/skills/aws/aws-serverless-production-readiness/SKILL.md +3 -0
  387. package/skills/aws/aws-serverless-rollout-corrector/SKILL.md +3 -0
  388. package/skills/aws/aws-solution-architect/SKILL.md +3 -0
  389. package/skills/aws/aws-ticket-triage-escalation-coordinator/SKILL.md +3 -0
  390. package/skills/azure/README.md +3 -1
  391. package/skills/azure/azure-ai-foundry-ops-governor/SKILL.md +3 -0
  392. package/skills/azure/azure-aks-platform-operator/SKILL.md +3 -0
  393. package/skills/azure/azure-app-service-production-readiness/SKILL.md +3 -0
  394. package/skills/azure/azure-cosmosdb-application-developer/SKILL.md +3 -0
  395. package/skills/azure/azure-cosmosdb-performance-investigator/SKILL.md +3 -0
  396. package/skills/azure/azure-cosmosdb-platform-operator/SKILL.md +3 -0
  397. package/skills/azure/azure-cost-estimation-review/SKILL.md +3 -0
  398. package/skills/azure/azure-cost-optimization-governor/SKILL.md +3 -0
  399. package/skills/azure/azure-entra-id-specialist/SKILL.md +3 -0
  400. package/skills/azure/azure-governance-policy-guardrails/SKILL.md +3 -0
  401. package/skills/azure/azure-identity-governance-review/SKILL.md +3 -0
  402. package/skills/azure/azure-key-vault-secret-lifecycle-auditor/SKILL.md +3 -0
  403. package/skills/azure/azure-keyvault-certificate-issuer-review/SKILL.md +40 -0
  404. package/skills/azure/azure-keyvault-certificate-issuer-review/metadata.json +20 -0
  405. package/skills/azure/azure-keyvault-certificate-issuer-review/references/workflow-and-output.md +190 -0
  406. package/skills/azure/azure-landing-zone-architect/SKILL.md +3 -0
  407. package/skills/azure/azure-live-aks-rollout-guard/SKILL.md +3 -0
  408. package/skills/azure/azure-live-app-service-slot-swap-guard/SKILL.md +3 -0
  409. package/skills/azure/azure-live-arm-deployment-stack-guard/SKILL.md +3 -0
  410. package/skills/azure/azure-live-cost-budget-action-guard/SKILL.md +3 -0
  411. package/skills/azure/azure-live-entra-role-assignment-guard/SKILL.md +59 -0
  412. package/skills/azure/azure-live-entra-role-assignment-guard/metadata.json +28 -0
  413. package/skills/azure/azure-live-entra-role-assignment-guard/references/official-sources.md +21 -0
  414. package/skills/azure/azure-live-entra-role-assignment-guard/references/permission-model.md +70 -0
  415. package/skills/azure/azure-live-entra-role-assignment-guard/references/preflight-commands.md +69 -0
  416. package/skills/azure/azure-live-entra-role-assignment-guard/references/rollback-playbook.md +51 -0
  417. package/skills/azure/azure-live-keyvault-rotation-purge-guard/SKILL.md +3 -0
  418. package/skills/azure/azure-live-pim-jit-activation-guard/SKILL.md +3 -0
  419. package/skills/azure/azure-maestro/SKILL.md +3 -0
  420. package/skills/azure/azure-migrate-landing-zone-cutover/SKILL.md +3 -0
  421. package/skills/azure/azure-network-topology-review/SKILL.md +3 -0
  422. package/skills/azure/azure-observability-investigator/SKILL.md +3 -0
  423. package/skills/azure/azure-platform-automation-devops/SKILL.md +3 -0
  424. package/skills/azure/azure-private-endpoint-adoption-planner/SKILL.md +3 -0
  425. package/skills/azure/azure-rbac-review/SKILL.md +3 -0
  426. package/skills/azure/azure-resilience-bcdr-review/SKILL.md +3 -0
  427. package/skills/azure/azure-resource-health-incident-triage/SKILL.md +3 -0
  428. package/skills/azure/azure-role-selector/SKILL.md +3 -0
  429. package/skills/azure/azure-security-posture-hardening/SKILL.md +3 -0
  430. package/skills/azure/azure-subscription-resource-organization/SKILL.md +3 -0
  431. package/skills/backstage/backstage-scaffolder-template-review/SKILL.md +42 -0
  432. package/skills/backstage/backstage-scaffolder-template-review/metadata.json +21 -0
  433. package/skills/backstage/backstage-scaffolder-template-review/references/workflow-and-output.md +179 -0
  434. package/skills/cert-manager/cert-manager-issuer-trust-review/SKILL.md +43 -0
  435. package/skills/cert-manager/cert-manager-issuer-trust-review/metadata.json +22 -0
  436. package/skills/cert-manager/cert-manager-issuer-trust-review/references/workflow-and-output.md +222 -0
  437. package/skills/cilium/README.md +30 -0
  438. package/skills/cilium/cilium-network-policy-review/SKILL.md +46 -0
  439. package/skills/cilium/cilium-network-policy-review/metadata.json +30 -0
  440. package/skills/cilium/cilium-network-policy-review/references/mcp-and-evidence.md +52 -0
  441. package/skills/cilium/cilium-network-policy-review/references/official-sources.md +30 -0
  442. package/skills/cilium/cilium-network-policy-review/references/workflow-and-output.md +130 -0
  443. package/skills/falco/falco-runtime-threat-rules-review/SKILL.md +40 -0
  444. package/skills/falco/falco-runtime-threat-rules-review/metadata.json +22 -0
  445. package/skills/falco/falco-runtime-threat-rules-review/references/workflow-and-output.md +249 -0
  446. package/skills/finops/README.md +30 -0
  447. package/skills/finops/finops-cloud-price-advisor/SKILL.md +3 -0
  448. package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/SKILL.md +43 -0
  449. package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/metadata.json +22 -0
  450. package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/references/workflow-and-output.md +243 -0
  451. package/skills/istio/README.md +28 -0
  452. package/skills/istio/istio-ambient-mesh-review/SKILL.md +46 -0
  453. package/skills/istio/istio-ambient-mesh-review/metadata.json +30 -0
  454. package/skills/istio/istio-ambient-mesh-review/references/mcp-and-evidence.md +59 -0
  455. package/skills/istio/istio-ambient-mesh-review/references/official-sources.md +32 -0
  456. package/skills/istio/istio-ambient-mesh-review/references/workflow-and-output.md +128 -0
  457. package/skills/kubernetes/README.md +30 -0
  458. package/skills/kubernetes/external-secrets-operator-review/SKILL.md +40 -0
  459. package/skills/kubernetes/external-secrets-operator-review/metadata.json +22 -0
  460. package/skills/kubernetes/external-secrets-operator-review/references/workflow-and-output.md +280 -0
  461. package/skills/kubernetes/kubecost-chargeback-allocation-review/SKILL.md +43 -0
  462. package/skills/kubernetes/kubecost-chargeback-allocation-review/metadata.json +22 -0
  463. package/skills/kubernetes/kubecost-chargeback-allocation-review/references/workflow-and-output.md +215 -0
  464. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/SKILL.md +60 -0
  465. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/metadata.json +27 -0
  466. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/official-sources.md +18 -0
  467. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/permission-model.md +78 -0
  468. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/preflight-commands.md +81 -0
  469. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/rollback-playbook.md +61 -0
  470. package/skills/kubernetes/kubernetes-maestro/SKILL.md +48 -0
  471. package/skills/kubernetes/kubernetes-maestro/metadata.json +24 -0
  472. package/skills/kubernetes/kubernetes-maestro/references/safety-checklist.md +78 -0
  473. package/skills/kubernetes/kubernetes-maestro/references/workflow-and-output.md +206 -0
  474. package/skills/kubernetes/kubernetes-pod-security-admission-review/SKILL.md +46 -0
  475. package/skills/kubernetes/kubernetes-pod-security-admission-review/metadata.json +28 -0
  476. package/skills/kubernetes/kubernetes-pod-security-admission-review/references/mcp-and-evidence.md +49 -0
  477. package/skills/kubernetes/kubernetes-pod-security-admission-review/references/official-sources.md +26 -0
  478. package/skills/kubernetes/kubernetes-pod-security-admission-review/references/workflow-and-output.md +129 -0
  479. package/skills/kubernetes/kubernetes-pod-spec-review/SKILL.md +41 -0
  480. package/skills/kubernetes/kubernetes-pod-spec-review/metadata.json +22 -0
  481. package/skills/kubernetes/kubernetes-pod-spec-review/references/workflow-and-output.md +229 -0
  482. package/skills/kubernetes/kubernetes-rbac-review/SKILL.md +41 -0
  483. package/skills/kubernetes/kubernetes-rbac-review/metadata.json +27 -0
  484. package/skills/kubernetes/kubernetes-rbac-review/references/mcp-and-evidence.md +34 -0
  485. package/skills/kubernetes/kubernetes-rbac-review/references/official-sources.md +22 -0
  486. package/skills/kubernetes/kubernetes-rbac-review/references/workflow-and-output.md +44 -0
  487. package/skills/kubernetes/kubernetes-workload-identity-review/SKILL.md +46 -0
  488. package/skills/kubernetes/kubernetes-workload-identity-review/metadata.json +29 -0
  489. package/skills/kubernetes/kubernetes-workload-identity-review/references/mcp-and-evidence.md +57 -0
  490. package/skills/kubernetes/kubernetes-workload-identity-review/references/official-sources.md +47 -0
  491. package/skills/kubernetes/kubernetes-workload-identity-review/references/workflow-and-output.md +166 -0
  492. package/skills/kyverno/README.md +30 -0
  493. package/skills/kyverno/kyverno-policy-review/SKILL.md +46 -0
  494. package/skills/kyverno/kyverno-policy-review/metadata.json +30 -0
  495. package/skills/kyverno/kyverno-policy-review/references/mcp-and-evidence.md +49 -0
  496. package/skills/kyverno/kyverno-policy-review/references/official-sources.md +31 -0
  497. package/skills/kyverno/kyverno-policy-review/references/workflow-and-output.md +106 -0
  498. package/skills/oci/README.md +63 -0
  499. package/skills/oci/oci-autonomous-database-architect/SKILL.md +3 -0
  500. package/skills/oci/oci-certificates-issuer-review/SKILL.md +40 -0
  501. package/skills/oci/oci-certificates-issuer-review/metadata.json +20 -0
  502. package/skills/oci/oci-certificates-issuer-review/references/workflow-and-output.md +207 -0
  503. package/skills/oci/oci-cloud-guard-responder/SKILL.md +3 -0
  504. package/skills/oci/oci-compute-instance-agent-operator/SKILL.md +3 -0
  505. package/skills/oci/oci-compute-platform-operator/SKILL.md +3 -0
  506. package/skills/oci/oci-cost-finops-analyst/SKILL.md +3 -0
  507. package/skills/oci/oci-database-platform-dba/SKILL.md +3 -0
  508. package/skills/oci/oci-dbtools-sql-analyst/SKILL.md +3 -0
  509. package/skills/oci/oci-devops-container-platform-engineer/SKILL.md +3 -0
  510. package/skills/oci/oci-exadata-database-architect/SKILL.md +3 -0
  511. package/skills/oci/oci-exadata-platform-architect/SKILL.md +3 -0
  512. package/skills/oci/oci-fusion-apps-environment-operator/SKILL.md +3 -0
  513. package/skills/oci/oci-goldengate-replication-operator/SKILL.md +3 -0
  514. package/skills/oci/oci-identity-access-governor/SKILL.md +3 -0
  515. package/skills/oci/oci-iot-digital-twin-engineer/SKILL.md +3 -0
  516. package/skills/oci/oci-limits-capacity-planner/SKILL.md +3 -0
  517. package/skills/oci/oci-live-autonomous-db-lifecycle-guard/SKILL.md +3 -0
  518. package/skills/oci/oci-live-cost-budget-runaway-guard/SKILL.md +3 -0
  519. package/skills/oci/oci-live-iam-policy-compartment-guard/SKILL.md +3 -0
  520. package/skills/oci/oci-live-network-security-rule-guard/SKILL.md +60 -0
  521. package/skills/oci/oci-live-network-security-rule-guard/metadata.json +28 -0
  522. package/skills/oci/oci-live-network-security-rule-guard/references/official-sources.md +21 -0
  523. package/skills/oci/oci-live-network-security-rule-guard/references/permission-model.md +65 -0
  524. package/skills/oci/oci-live-network-security-rule-guard/references/preflight-commands.md +69 -0
  525. package/skills/oci/oci-live-network-security-rule-guard/references/rollback-playbook.md +79 -0
  526. package/skills/oci/oci-live-oke-rollout-guard/SKILL.md +3 -0
  527. package/skills/oci/oci-live-resource-manager-stack-guard/SKILL.md +3 -0
  528. package/skills/oci/oci-live-vault-key-destruction-guard/SKILL.md +3 -0
  529. package/skills/oci/oci-load-balancer-traffic-engineer/SKILL.md +3 -0
  530. package/skills/oci/oci-maestro/SKILL.md +3 -0
  531. package/skills/oci/oci-migration-cutover-architect/SKILL.md +3 -0
  532. package/skills/oci/oci-multi-cloud-architect/SKILL.md +3 -0
  533. package/skills/oci/oci-mysql-heatwave-ai-specialist/SKILL.md +3 -0
  534. package/skills/oci/oci-network-architect/SKILL.md +3 -0
  535. package/skills/oci/oci-observability-incident-responder/SKILL.md +3 -0
  536. package/skills/oci/oci-recovery-service-operator/SKILL.md +3 -0
  537. package/skills/oci/oci-registry-artifact-governor/SKILL.md +3 -0
  538. package/skills/oci/oci-resource-search-inventory-analyst/SKILL.md +3 -0
  539. package/skills/oci/oci-security-compliance-reviewer/SKILL.md +3 -0
  540. package/skills/oci/oci-solution-architect/SKILL.md +3 -0
  541. package/skills/oci/oci-storage-backup-steward/SKILL.md +3 -0
  542. package/skills/oci/oci-support-incident-coordinator/SKILL.md +3 -0
  543. package/skills/oci/oracle-oci-mcp-grounded-advisor/SKILL.md +3 -0
  544. package/skills/opentelemetry/README.md +31 -0
  545. package/skills/opentelemetry/opentelemetry-collector-config-review/SKILL.md +47 -0
  546. package/skills/opentelemetry/opentelemetry-collector-config-review/metadata.json +30 -0
  547. package/skills/opentelemetry/opentelemetry-collector-config-review/references/mcp-and-evidence.md +49 -0
  548. package/skills/opentelemetry/opentelemetry-collector-config-review/references/official-sources.md +31 -0
  549. package/skills/opentelemetry/opentelemetry-collector-config-review/references/workflow-and-output.md +155 -0
  550. package/skills/prometheus/prometheus-alerting-cardinality-review/SKILL.md +41 -0
  551. package/skills/prometheus/prometheus-alerting-cardinality-review/metadata.json +22 -0
  552. package/skills/prometheus/prometheus-alerting-cardinality-review/references/workflow-and-output.md +221 -0
  553. package/skills/sigstore/sigstore-cosign-supply-chain-review/SKILL.md +42 -0
  554. package/skills/sigstore/sigstore-cosign-supply-chain-review/metadata.json +22 -0
  555. package/skills/sigstore/sigstore-cosign-supply-chain-review/references/workflow-and-output.md +196 -0
  556. package/skills/terraform/README.md +29 -0
  557. package/skills/terraform/terraform-maestro/SKILL.md +3 -0
  558. package/skills/velero/velero-backup-restore-guard/SKILL.md +44 -0
  559. package/skills/velero/velero-backup-restore-guard/metadata.json +21 -0
  560. package/skills/velero/velero-backup-restore-guard/references/safety-checklist.md +40 -0
  561. package/skills/velero/velero-backup-restore-guard/references/workflow-and-output.md +202 -0
package/skills/oci/oci-certificates-issuer-review/references/workflow-and-output.md ADDED
@@ -0,0 +1,207 @@
1
+ # Workflow and Output Contract
2
+
3
+ ## Review Workflow
4
+
5
+ ### Step 1 — Identify the CA and issuer configuration
6
+
7
+ Retrieve the OCI cert-manager issuer resource:
8
+
9
+ ```bash
10
+ kubectl get issuer -A -o yaml | grep -A20 "oci\|oracle"
11
+ kubectl get clusterissuer -o yaml | grep -A20 "oci\|oracle"
12
+ ```
13
+
14
+ Extract the CA OCID from the issuer spec. Then inspect the CA in OCI:
15
+
16
+ ```bash
17
+ oci certs-mgmt certificate-authority get \
18
+ --certificate-authority-id <ca-ocid>
19
+ ```
20
+
21
+ Key fields to check:
22
+ - `type` — must be `SUBORDINATE` (not `ROOT`)
23
+ - `lifecycleState` — must be `ACTIVE`
24
+ - `issuerCertificateAuthorityId` — should reference a ROOT CA that is itself INACTIVE or not used for direct issuance
25
+
26
+ ### Step 2 — Validate CA type (root vs subordinate)
27
+
28
+ ```bash
29
+ oci certs-mgmt certificate-authority get \
30
+ --certificate-authority-id <ca-ocid> \
31
+ --query data.config-type \
32
+ --raw-output
33
+ ```
34
+
35
+ Expected values:
36
+ - `SUBORDINATE_CA_ISSUED_BY_INTERNAL_CA` — correct for cert-manager usage
37
+ - `ROOT_CA_GENERATED_INTERNALLY` — CRITICAL finding; root directly exposed to cert-manager
38
+
39
+ Also check the issuer CA's status:
40
+ ```bash
41
+ oci certs-mgmt certificate-authority get \
42
+ --certificate-authority-id <ca-ocid> \
43
+ --query data.lifecycle-state \
44
+ --raw-output
45
+ ```
46
+
47
+ ### Step 3 — Review issuance rules
48
+
49
+ List issuance rules configured on the CA:
50
+
51
+ ```bash
52
+ oci certs-mgmt certificate-authority get \
53
+ --certificate-authority-id <ca-ocid> \
54
+ --query "data.certificate-authority-rules"
55
+ ```
56
+
57
+ Check for:
58
+
59
+ ```json
60
+ {
61
+ "ruleType": "CERTIFICATE_AUTHORITY_MAX_VALIDITY_RULE",
62
+ "certificateMaxValidityDuration": "P90D"
63
+ }
64
+ ```
65
+
66
+ And key algorithm restriction:
67
+
68
+ ```json
69
+ {
70
+ "ruleType": "CERTIFICATE_AUTHORITY_ISSUANCE_EXPIRY_RULE",
71
+ "leafCertificateMaxValidityDuration": "P90D",
72
+ "certificateAuthorityMaxValidityDuration": "P3650D"
73
+ }
74
+ ```
75
+
76
+ **Flags:**
77
+ - No issuance rules configured (no validity cap) — MEDIUM (cert-manager can issue 10-year workload certs)
78
+ - Max validity > 365d for leaf certificates — MEDIUM
79
+ - No key algorithm restriction — MEDIUM (RSA-1024 issuance possible)
80
+
81
+ ### Step 4 — Identify authentication method
82
+
83
+ Check the cert-manager configuration for OCI auth method:
84
+
85
+ ```bash
86
+ # Check if OKE Workload Identity is configured
87
+ kubectl get serviceaccount cert-manager -n cert-manager \
88
+ -o jsonpath='{.metadata.annotations}'
89
+ ```
90
+
91
+ For OKE Workload Identity, the ServiceAccount should have OCI annotations:
92
+
93
+ ```yaml
94
+ annotations:
95
+ oci.oraclecloud.com/role-binding: "<dynamic-group-name>"
96
+ ```
97
+
98
+ For Instance Principal auth, check if the cert-manager pod uses the instance metadata endpoint:
99
+
100
+ ```bash
101
+ # Check the cert-manager deployment for OCI config
102
+ kubectl get deployment cert-manager -n cert-manager -o yaml | grep -i "oci\|instance\|workload"
103
+ ```
104
+
105
+ **Auth method comparison:**
106
+
107
+ | Method | Scope | Risk |
108
+ |--------|-------|------|
109
+ | OKE Workload Identity | ServiceAccount-bound (pod-level) | Correct — minimum scope |
110
+ | Instance Principal | Node-level (all pods on node) | HIGH — any pod can issue certs |
111
+ | User auth (API key) | User credentials in secret | HIGH — credential rotation required |
112
+
113
+ ### Step 5 — Review IAM policy
114
+
115
+ Retrieve the IAM policy for cert-manager:
116
+
117
+ ```bash
118
+ oci iam policy list --compartment-id <compartment-id> --all \
119
+ --query "data[?contains(statements[0], 'certificate-authority')]"
120
+ ```
121
+
122
+ Minimum required policy statement:
123
+
124
+ ```
125
+ Allow dynamic-group CertManagerDynamicGroup to use certificate-authorities
126
+ in compartment <compartment-name>
127
+ where request.permission='CREATE_CERTIFICATE_REQUEST'
128
+ ```
129
+
130
+ **Flag as HIGH if the policy includes any of:**
131
+ - `manage certificate-authorities` (grants delete, update, disable, schedule-deletion)
132
+ - `manage certificates` without compartment scoping (affects all certs)
133
+ - Wildcard resources or compartment `tenancy` instead of scoped compartment
134
+
135
+ Additional permissions needed for cert-manager to retrieve issued certs:
136
+
137
+ ```
138
+ Allow dynamic-group CertManagerDynamicGroup to read certificates
139
+ in compartment <compartment-name>
140
+ ```
141
+
142
+ ### Step 6 — Check OCSP reachability
143
+
144
+ The OCI OCSP endpoint is `ocsp.pki.oraclecloud.com`. Verify reachability from OKE worker nodes:
145
+
146
+ ```bash
147
+ # From within an OKE node or debug pod
148
+ curl -sv https://ocsp.pki.oraclecloud.com/
149
+ ```
150
+
151
+ For OKE clusters with no internet gateway or restrictive security group rules:
152
+
153
+ ```bash
154
+ # Check security list / NSG rules for outbound HTTPS to OCI OCSP
155
+ oci network security-list list --vcn-id <vcn-id> \
156
+ --query "data[].egress-security-rules[]"
157
+ ```
158
+
159
+ OCI OCSP endpoints use HTTPS (443). Ensure the OKE worker node security group allows outbound TCP/443 to OCI service endpoints. Using a Service Gateway with the `OCI Services in Oracle Services Network` service covers OCI PKI endpoints.
160
+
161
+ **Flags:**
162
+ - No Service Gateway configured and no internet gateway (OCI OCSP unreachable) — MEDIUM
163
+ - Security group blocks TCP/443 outbound to OCI service network — MEDIUM
164
+
165
+ ### Step 7 — Review certificate version count
166
+
167
+ ```bash
168
+ oci certs-mgmt certificate list-certificate-versions \
169
+ --certificate-id <cert-ocid> \
170
+ --all \
171
+ --query "length(data)"
172
+ ```
173
+
174
+ Each cert rotation by cert-manager creates a new version. Old versions should be cleaned up to avoid high version counts.
175
+
176
+ **Flags:**
177
+ - Certificate version count > 10 — LOW (storage cost and management overhead)
178
+ - No automated cleanup of old versions configured — LOW
179
+
180
+ ---
181
+
182
+ ## Output Format
183
+
184
+ ### Finding: `<short title>`
185
+
186
+ | Field | Value |
187
+ |-------|-------|
188
+ | Severity | CRITICAL / HIGH / MEDIUM / LOW |
189
+ | Resource | CA OCID, IAM policy name, or cert name |
190
+ | Evidence | documentation-based / live evidence / inference |
191
+ | Description | What is wrong and its impact on PKI trust |
192
+ | Remediation | OCI CLI command, IAM policy statement, or configuration change |
193
+
194
+ ---
195
+
196
+ ### Overall OCI PKI Trust Posture
197
+
198
+ | Category | Status |
199
+ |----------|--------|
200
+ | CA hierarchy (subordinate only) | PASS / FAIL |
201
+ | Issuance rules (validity caps) | PASS / FAIL |
202
+ | Authentication method (Workload Identity) | PASS / FAIL |
203
+ | IAM policy scope (minimum permissions) | PASS / FAIL |
204
+ | OCSP reachability | PASS / FAIL |
205
+ | Certificate version lifecycle | PASS / FAIL |
206
+
207
+ **Verdict:** TRUSTED / UNTRUSTED / CONDITIONAL (list conditions)
package/skills/oci/oci-cloud-guard-responder/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-cloud-guard-responder
3
3
  description: Triage and govern OCI Cloud Guard problems, targets, responder recipes, detector findings, and security remediation safely. Use for Cloud Guard reviews, problem prioritization, remediation planning, and compliance evidence when official Oracle MCP tools or documentation fallback are needed.
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: security
7
10
  ---
8
11
 
9
12
  # OCI Cloud Guard Responder
package/skills/oci/oci-compute-instance-agent-operator/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-compute-instance-agent-operator
3
3
  description: Operate OCI Compute Instance Agent commands and executions safely for diagnostics, automation, and remediation. Use when issuing, tracking, or reviewing instance-agent commands across compute fleets.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: platform
7
10
  ---
8
11
 
9
12
  # OCI Compute Instance Agent Operator
package/skills/oci/oci-compute-platform-operator/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-compute-platform-operator
3
3
  description: Operate OCI Compute instances and platform capacity safely with compartment/region confirmation, instance lifecycle guardrails, least-privilege IAM checks, MCP/CLI discovery, and rollback-aware change plans.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: platform
7
10
  ---
8
11
 
9
12
  # OCI Compute Platform Operator
package/skills/oci/oci-cost-finops-analyst/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-cost-finops-analyst
3
3
  description: "Analyze Oracle Cloud Infrastructure cost, usage, budgets, tagging, rightsizing, commitment coverage, and FinOps governance. Use when asked to explain OCI spend, investigate cost spikes, build savings plans, review underused resources, design chargeback/showback, or challenge cost-optimization assumptions without breaking reliability."
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: finops
7
10
  ---
8
11
 
9
12
  # OCI Cost FinOps Analyst
package/skills/oci/oci-database-platform-dba/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-database-platform-dba
3
3
  description: Operate as a ruthless OCI database platform DBA for DB systems, Autonomous Database, Exadata, backups, patching, performance triage, capacity, and IAM-scoped database operations. Use when work touches OCI Database service posture, discovery, troubleshooting, change review, or least-privilege access.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: data
7
10
  ---
8
11
 
9
12
  # OCI Database Platform DBA
package/skills/oci/oci-dbtools-sql-analyst/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-dbtools-sql-analyst
3
3
  description: Use OCI Database Tools and database documentation safely for SQL inspection, report definitions, table metadata, and controlled query execution. Use for DBTools connections, read-only SQL analysis, and schema/report exploration.
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: data
7
10
  ---
8
11
 
9
12
  # OCI Database Tools SQL Analyst
package/skills/oci/oci-devops-container-platform-engineer/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-devops-container-platform-engineer
3
3
  description: "Engineer and review Oracle Cloud Infrastructure DevOps, OKE, OCIR, build/deploy pipelines, Kubernetes platform, and container runtime workflows. Use when asked to inspect OCI Container Engine clusters, DevOps projects, OCIR repositories, CI/CD IAM, deployment safety, cluster operations, image promotion, or container platform reliability."
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: platform
7
10
  ---
8
11
 
9
12
  # OCI DevOps Container Platform Engineer
package/skills/oci/oci-exadata-database-architect/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-exadata-database-architect
3
3
  description: Design, review, migrate, and operate Oracle Exadata Database Service across OCI Dedicated Infrastructure, Exascale Infrastructure, Cloud@Customer, and Oracle Database multicloud destinations including Azure, Google Cloud, and AWS, with official-doc grounding.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: data
7
10
  ---
8
11
 
9
12
  # OCI Exadata Database Architect
package/skills/oci/oci-exadata-platform-architect/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-exadata-platform-architect
3
3
  description: OCI Design and operate Exadata Database Service across OCI Dedicated Infrastructure, Exadata Cloud@Customer, Oracle Database@Azure, Oracle Database@Google Cloud, and Oracle Database@AWS. Use for Exadata architecture, VM clusters, cloud Exadata infrastructure, Exascale, RAC, Data Guard, backup, migration, compatibility, capacity, network, and multicloud destination reviews.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: platform
7
10
  ---
8
11
 
9
12
  # OCI Exadata Platform Architect
package/skills/oci/oci-fusion-apps-environment-operator/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-fusion-apps-environment-operator
3
3
  description: OCI Review Fusion Apps as a Service environment families, environments, lifecycle status, availability, and operational readiness. Use for Fusion environment inventory, status checks, change planning, and support evidence.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: platform
7
10
  ---
8
11
 
9
12
  # OCI Fusion Apps Environment Operator
package/skills/oci/oci-goldengate-replication-operator/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-goldengate-replication-operator
3
3
  description: OCI Operate and review Oracle GoldenGate domains, connections, extracts, replicats, checkpoint tables, trails, distribution paths, and replication health. Use for replication setup, lag triage, data movement, and cutover safety.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: data
7
10
  ---
8
11
 
9
12
  # OCI GoldenGate Replication Operator
package/skills/oci/oci-identity-access-governor/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-identity-access-governor
3
3
  description: Govern OCI Identity and Access Management with least-privilege policy review, compartment scoping, group/dynamic-group analysis, and safe access-change workflows. Use for OCI IAM policy design, access audits, privilege reduction, identity troubleshooting, or destructive-access risk review.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: compliance
7
10
  ---
8
11
 
9
12
  # OCI Identity Access Governor
package/skills/oci/oci-iot-digital-twin-engineer/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-iot-digital-twin-engineer
3
3
  description: Design and operate OCI IoT digital twin adapters, models, instances, relationships, and domain context. Use for digital twin topology, lifecycle, integration, and safe model/relationship changes.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: ai
7
10
  ---
8
11
 
9
12
  # OCI IoT Digital Twin Engineer
package/skills/oci/oci-limits-capacity-planner/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-limits-capacity-planner
3
3
  description: Review OCI service limits, quotas, capacity availability, regional subscriptions, and growth risk. Use before deployments, migrations, DR expansion, shape changes, OKE scaling, database scaling, or quota increase requests.
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: platform
7
10
  ---
8
11
 
9
12
  # OCI Limits Capacity Planner
package/skills/oci/oci-live-autonomous-db-lifecycle-guard/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-live-autonomous-db-lifecycle-guard
3
3
  description: Guard Autonomous Database lifecycle changes — scale, start, stop, clone, terminate — with protection-tag enforcement, backup verification, and connection-string impact analysis before any mutation.
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: "github: Raishin"
6
7
  version: "0.1.0"
8
+ updated: "2026-05-05"
9
+ category: data
7
10
  ---
8
11
 
9
12
  # OCI Live Autonomous DB Lifecycle Guard
package/skills/oci/oci-live-cost-budget-runaway-guard/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-live-cost-budget-runaway-guard
3
3
  description: Gate OCI budget mutations and GPU/HPC shape provisioning against compartment spend limits, with inventory searches, quota audits, and emergency spend-stop playbooks.
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: "github: Raishin"
6
7
  version: "0.1.0"
8
+ updated: "2026-05-05"
9
+ category: finops
7
10
  ---
8
11
 
9
12
  # OCI Live Cost Budget Runaway Guard
package/skills/oci/oci-live-iam-policy-compartment-guard/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-live-iam-policy-compartment-guard
3
3
  description: Guard OCI IAM policy writes and dynamic group changes with verb-hierarchy audit, compartment scope enforcement, anti-pattern detection (any-user/any-group), and rollback via statement restore.
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: "github: Raishin"
6
7
  version: "0.1.0"
8
+ updated: "2026-05-05"
9
+ category: security
7
10
  ---
8
11
 
9
12
  # OCI Live IAM Policy Compartment Guard
package/skills/oci/oci-live-network-security-rule-guard/SKILL.md ADDED
@@ -0,0 +1,60 @@
1
+ ---
2
+ name: oci-live-network-security-rule-guard
3
+ description: Guard live OCI Security List and Network Security Group (NSG) rule changes with current-state capture, open-internet and sensitive-port detection, stateful/stateless assessment, and explicit approval before ingress or egress rule mutation. Use only when an intentional network rule change targets a confirmed VCN component.
4
+ allowed-tools: Read Grep Glob WebFetch
5
+ metadata:
6
+ author: "github: Raishin"
7
+ version: "0.1.0"
8
+ updated: "2026-05-05"
9
+ category: security
10
+ ---
11
+
12
+ # OCI Live Network Security Rule Guard
13
+
14
+ ## Purpose
15
+
16
+ Act as the guarded live OCI operator for oci-live-network-security-rule-guard work. Security List and NSG rule changes take effect immediately with no native rollback. A wrong ingress rule exposes databases or compute to the internet instantly; a wrong egress rule can black-hole traffic for entire subnets. Treat every rule mutation as irreversible until the previous state is explicitly captured and restoration is confirmed possible.
17
+
18
+ ## When to use
19
+
20
+ Use this skill when:
21
+
22
+ - an ingress or egress rule must be added, modified, or removed from an OCI Security List or NSG in a live VCN
23
+ - a network access audit finds over-broad CIDR blocks (`0.0.0.0/0`) or sensitive-port exposures that must be tightened
24
+ - a workload migration requires opening or closing ports and the blast radius must be confirmed before write
25
+
26
+ ## Lean operating rules
27
+
28
+ - Prefer OCI CLI (`oci`) official documentation when available; fall back to Oracle Cloud docs and sanitized user evidence.
29
+ - Do not execute any Security List or NSG rule mutation until tenancy, compartment, VCN OCID, target Security List or NSG OCID, and exact rule change are all explicit.
30
+ - Capture the complete current rule set (`oci network security-list get` or `oci network nsg rules list`) as rollback evidence before any write.
31
+ - Flag the following as high-severity and require explicit justification before proceeding:
32
+ - Any ingress rule with source `0.0.0.0/0` (open to internet)
33
+ - Any egress rule with destination `0.0.0.0/0` and protocol `all` without restriction
34
+ - Rules permitting port 22 (SSH), 3389 (RDP), 1521/1522 (Oracle DB), 3306 (MySQL), 5432 (PostgreSQL) from `0.0.0.0/0`
35
+ - Stateless rules on subnets hosting databases or internal APIs (no connection tracking = asymmetric traffic risk)
36
+ - Changes to Security Lists attached to database subnets (Autonomous DB, Exadata, DB System)
37
+ - If the request skips current-state capture, CIDR scope confirmation, or subnet-criticality assessment, push back.
38
+ - Never print API signing keys, auth tokens, tenancy OCIDs, or instance credentials. Summarize sanitized evidence only.
39
+ - Load references only when needed.
40
+
41
+ ## References
42
+
43
+ Load these only when needed:
44
+
45
+ - [Preflight commands](references/preflight-commands.md) — OCI CLI commands to inspect current rules and capture rollback state before any mutation.
46
+ - [Rollback playbook](references/rollback-playbook.md) — how to restore a previous Security List or NSG rule set after a bad change.
47
+ - [Permission model](references/permission-model.md) — least-privilege IAM policy for network rule mutation and read-only audit.
48
+ - [Official sources](references/official-sources.md) — authoritative OCI documentation links.
49
+
50
+ ## Response minimum
51
+
52
+ Return, at minimum:
53
+
54
+ - confirmed tenancy, compartment, VCN, and target Security List or NSG OCID
55
+ - current rule set capture (rollback baseline)
56
+ - risk classification of the proposed rule (open-internet / sensitive-port / safe)
57
+ - stateful vs stateless assessment and subnet criticality
58
+ - approval status with explicit business justification
59
+ - rollback command to restore prior rule state
60
+ - post-change connectivity verification steps or refusal reason
package/skills/oci/oci-live-network-security-rule-guard/metadata.json ADDED
@@ -0,0 +1,28 @@
1
+ {
2
+ "id": "oci-live-network-security-rule-guard",
3
+ "name": "OCI Live Network Security Rule Guard",
4
+ "type": "skill",
5
+ "provider": "oci",
6
+ "harnesses": [
7
+ "codex",
8
+ "claude-code",
9
+ "cursor",
10
+ "gemini",
11
+ "kiro",
12
+ "other"
13
+ ],
14
+ "summary": "Guard live OCI Security List and NSG rule changes with current-state capture, open-internet and sensitive-port detection, stateful/stateless assessment, and explicit approval before ingress or egress mutation.",
15
+ "source_type": "original",
16
+ "official_docs": [
17
+ "https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm",
18
+ "https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/networksecuritygroups.htm",
19
+ "https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/manage-nsg-security-rules.htm",
20
+ "https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/update-securitylist.htm",
21
+ "https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/path_analyzer.htm"
22
+ ],
23
+ "security_notes": "oci network security-list update is a full replace — always capture the complete current rule set before writing. Never approve 0.0.0.0/0 ingress rules on database subnets. Prefer NSGs over Security Lists for production database VNICs to minimize blast radius. Enable VCN Flow Logs before any rule change for forensic coverage.",
24
+ "last_verified": "2026-05-01",
25
+ "path": "skills/oci/oci-live-network-security-rule-guard",
26
+ "author": "github: Raishin",
27
+ "version": "0.1.0"
28
+ }
package/skills/oci/oci-live-network-security-rule-guard/references/official-sources.md ADDED
@@ -0,0 +1,21 @@
1
+ # Official Sources
2
+
3
+ Load these only when needed:
4
+
5
+ - [Security Lists](https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm) — use for Security List model, ingress/egress rule structure, stateful vs stateless semantics, and maximum rule limits.
6
+ - [Network Security Groups](https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/networksecuritygroups.htm) — use for NSG model, VNIC-level vs subnet-level application, and NSG vs Security List trade-offs.
7
+ - [Managing NSG Security Rules](https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/manage-nsg-security-rules.htm) — use for `oci network nsg rules add`, `update`, `remove`, and `list` CLI syntax.
8
+ - [Updating a Security List](https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/update-securitylist.htm) — use for `oci network security-list update` full-replace semantics and required parameters.
9
+ - [Network Path Analyzer](https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/path_analyzer.htm) — use for simulating end-to-end network paths through Security Lists, NSGs, route tables, and gateways before approving a rule change.
10
+ - [VCN Flow Logs](https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/vcn-flow-logs.htm) — use when enabling forensic coverage for a subnet before or after a security rule change.
11
+ - [OCI IAM Policy Reference — Network](https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/networkpolicyreference.htm) — use for least-privilege IAM policy statements covering `security-lists`, `network-security-groups`, and `virtual-network-family`.
12
+
13
+ ## Grounded insights worth carrying into the skill
14
+
15
+ - `oci network security-list update` performs a **full replace** of the entire ingress or egress rule set — partial updates are not possible. Always pass the complete desired rule list including rules you want to keep.
16
+ - OCI Security Lists are **stateful by default** (`stateless: false`). Return traffic is automatically allowed. Stateless rules require explicit return rules and are a common source of asymmetric traffic failures.
17
+ - NSG rule IDs are required for deletion (`oci network nsg rules remove`). Capture rule IDs from `oci network nsg rules list` before any mutation.
18
+ - A Security List is attached to a subnet, not a VNIC. One change affects every instance in that subnet simultaneously — blast radius scales with subnet size.
19
+ - NSGs are attached to individual VNICs, giving finer-grained control but requiring per-VNIC management. Prefer NSGs for production database servers over Security Lists for reduced blast radius.
20
+ - VCN Flow Logs must be explicitly enabled per subnet — they are not on by default. Without them, there is no record of traffic through an accidentally opened rule.
21
+ - The `0.0.0.0/0` ingress source in OCI context still includes traffic from peered VCNs, DRG-attached networks, and FastConnect circuits if routing allows — it is never safe to assume it means "internet only."
package/skills/oci/oci-live-network-security-rule-guard/references/permission-model.md ADDED
@@ -0,0 +1,65 @@
1
+ # Permission Model: OCI Live Network Security Rule Guard
2
+
3
+ ## Least-privilege IAM policy for network rule read (preflight only)
4
+
5
+ ```
6
+ Allow group NetworkAuditors to read virtual-network-family in compartment <compartment>
7
+ Allow group NetworkAuditors to read vcns in compartment <compartment>
8
+ Allow group NetworkAuditors to read security-lists in compartment <compartment>
9
+ Allow group NetworkAuditors to read network-security-groups in compartment <compartment>
10
+ Allow group NetworkAuditors to read subnets in compartment <compartment>
11
+ Allow group NetworkAuditors to read db-systems in compartment <compartment>
12
+ Allow group NetworkAuditors to read autonomous-databases in compartment <compartment>
13
+ ```
14
+
15
+ Read-only audit: use `inspect` or `read` verbs only. Never `manage` for auditors.
16
+
17
+ ## Least-privilege IAM policy for network rule mutation (guarded operator only)
18
+
19
+ ```
20
+ Allow group NetworkOperators to manage security-lists in compartment <compartment>
21
+ Allow group NetworkOperators to manage network-security-groups in compartment <compartment>
22
+ Allow group NetworkOperators to read vcns in compartment <compartment>
23
+ Allow group NetworkOperators to read subnets in compartment <compartment>
24
+ ```
25
+
26
+ Do **not** grant `manage virtual-network-family` — that is broader than needed and includes VCN, route tables, internet gateways, and peering.
27
+
28
+ ## Risk classification by rule type
29
+
30
+ | Rule | Risk | Reason |
31
+ |---|---|---|
32
+ | Ingress `0.0.0.0/0` any protocol | Critical | Open internet access to entire subnet |
33
+ | Ingress `0.0.0.0/0` port 22 | Critical | SSH from internet — never acceptable in production |
34
+ | Ingress `0.0.0.0/0` port 3389 | Critical | RDP from internet — never acceptable in production |
35
+ | Ingress `0.0.0.0/0` port 1521/1522 | Critical | Oracle DB from internet — data exfiltration path |
36
+ | Ingress `0.0.0.0/0` port 3306/5432 | Critical | MySQL/PostgreSQL from internet |
37
+ | Ingress from VCN CIDR, specific port | Low | Internal only — verify VCN CIDR is not transit-routed |
38
+ | Egress `0.0.0.0/0` all | Medium | Standard but verify no data-loss risk for DB subnets |
39
+ | Stateless rule on DB subnet | High | No connection tracking — asymmetric TCP risk |
40
+
41
+ ## Stateful vs stateless
42
+
43
+ - **Stateful** (default, `stateless: false`): OCI tracks connection state and automatically allows return traffic. Use for all production workloads.
44
+ - **Stateless** (`stateless: true`): Higher performance, but return traffic requires an explicit rule in the opposite direction. A missing return rule silently drops responses. Only use when performance benchmarked at scale.
45
+
46
+ ## Subnet criticality classification
47
+
48
+ | Subnet pattern | Classification |
49
+ |---|---|
50
+ | Hosts Autonomous DB, DB System, Exadata | Database — highest protection |
51
+ | Hosts compute instances with public IP | Public compute — ingress rules must be minimal |
52
+ | Private subnet (`prohibit-public-ip: true`) | Internal — `0.0.0.0/0` still covers all VCN-routed traffic |
53
+ | Bastion subnet | Bastion — SSH/RDP ingress from known CIDRs only |
54
+
55
+ ## OCI Network Path Analyzer — preferred verification tool
56
+
57
+ Before approving a connectivity change, use Path Analyzer to simulate the traffic path:
58
+ ```bash
59
+ oci network path-analyzer-test create \
60
+ --compartment-id <COMPARTMENT_OCID> \
61
+ --protocol-parameters '{"type":"TCP","destinationPort":<PORT>}' \
62
+ --source-endpoint '{"type":"COMPUTE_INSTANCE","instanceId":"<INSTANCE_OCID>"}' \
63
+ --destination-endpoint '{"type":"IP_ADDRESS","address":"<DEST_IP>"}'
64
+ ```
65
+ Path Analyzer respects Security Lists, NSGs, route tables, and service gateways — use it as the final approval gate for any rule change.