@raishin/vanguard-frontier-agentic 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (561) hide show
  1. package/README.md +250 -110
  2. package/agents/AGENTS.md +263 -21
  3. package/agents/argocd/README.md +46 -0
  4. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/AGENT.md +55 -0
  5. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/claude-code.agent.md +35 -0
  6. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/codex.toml +29 -0
  7. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/copilot.agent.md +35 -0
  8. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/cursor.agent.md +35 -0
  9. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/gemini.agent.md +35 -0
  10. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/kiro-cli.agent.json +5 -0
  11. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/harnesses/kiro-ide.agent.md +35 -0
  12. package/agents/argocd/argo-rollouts-progressive-delivery-review-agent/metadata.json +31 -0
  13. package/agents/argocd/argocd-gitops-review-agent/AGENT.md +55 -0
  14. package/agents/argocd/argocd-gitops-review-agent/harnesses/claude-code.agent.md +38 -0
  15. package/agents/argocd/argocd-gitops-review-agent/harnesses/codex.toml +32 -0
  16. package/agents/argocd/argocd-gitops-review-agent/harnesses/copilot.agent.md +38 -0
  17. package/agents/argocd/argocd-gitops-review-agent/harnesses/cursor.agent.md +38 -0
  18. package/agents/argocd/argocd-gitops-review-agent/harnesses/gemini.agent.md +38 -0
  19. package/agents/argocd/argocd-gitops-review-agent/harnesses/kiro-cli.agent.json +5 -0
  20. package/agents/argocd/argocd-gitops-review-agent/harnesses/kiro-ide.agent.md +38 -0
  21. package/agents/argocd/argocd-gitops-review-agent/metadata.json +30 -0
  22. package/agents/aws/aws-live-deployment-guarded-operator-agent/metadata.json +10 -1
  23. package/agents/aws/aws-live-ecs-rollout-guard-agent/metadata.json +10 -1
  24. package/agents/aws/aws-live-iac-change-guard-agent/metadata.json +10 -1
  25. package/agents/aws/aws-live-pipeline-approval-operator-agent/metadata.json +10 -1
  26. package/agents/aws/aws-live-serverless-release-guard-agent/metadata.json +10 -1
  27. package/agents/aws/aws-private-ca-issuer-review-agent/AGENT.md +53 -0
  28. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
  29. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/codex.toml +27 -0
  30. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/copilot.agent.md +36 -0
  31. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/cursor.agent.md +36 -0
  32. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/gemini.agent.md +36 -0
  33. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
  34. package/agents/aws/aws-private-ca-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
  35. package/agents/aws/aws-private-ca-issuer-review-agent/metadata.json +37 -0
  36. package/agents/azure/README.md +45 -0
  37. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/AGENT.md +53 -0
  38. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
  39. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/codex.toml +27 -0
  40. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/copilot.agent.md +36 -0
  41. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/cursor.agent.md +36 -0
  42. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/gemini.agent.md +36 -0
  43. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
  44. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
  45. package/agents/azure/azure-keyvault-certificate-issuer-review-agent/metadata.json +36 -0
  46. package/agents/azure/azure-live-aks-rollout-guard-agent/metadata.json +10 -1
  47. package/agents/azure/azure-live-app-service-slot-swap-guard-agent/metadata.json +10 -1
  48. package/agents/azure/azure-live-arm-deployment-stack-guard-agent/metadata.json +10 -1
  49. package/agents/azure/azure-live-cost-budget-action-guard-agent/metadata.json +10 -1
  50. package/agents/azure/azure-live-entra-role-assignment-guard-agent/AGENT.md +59 -0
  51. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/claude-code.agent.md +42 -0
  52. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/codex.toml +34 -0
  53. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/copilot.agent.md +55 -0
  54. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/cursor.agent.md +44 -0
  55. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/gemini.agent.md +43 -0
  56. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  57. package/agents/azure/azure-live-entra-role-assignment-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  58. package/agents/azure/azure-live-entra-role-assignment-guard-agent/metadata.json +37 -0
  59. package/agents/azure/azure-live-keyvault-rotation-purge-guard-agent/metadata.json +10 -1
  60. package/agents/azure/azure-live-pim-jit-activation-guard-agent/metadata.json +11 -2
  61. package/agents/backstage/README.md +36 -0
  62. package/agents/backstage/backstage-scaffolder-template-review-agent/AGENT.md +54 -0
  63. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/claude-code.agent.md +37 -0
  64. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/codex.toml +31 -0
  65. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/copilot.agent.md +37 -0
  66. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/cursor.agent.md +37 -0
  67. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/gemini.agent.md +37 -0
  68. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/kiro-cli.agent.json +5 -0
  69. package/agents/backstage/backstage-scaffolder-template-review-agent/harnesses/kiro-ide.agent.md +37 -0
  70. package/agents/backstage/backstage-scaffolder-template-review-agent/metadata.json +30 -0
  71. package/agents/cert-manager/README.md +46 -0
  72. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/AGENT.md +55 -0
  73. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/claude-code.agent.md +35 -0
  74. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/codex.toml +29 -0
  75. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/copilot.agent.md +35 -0
  76. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/cursor.agent.md +35 -0
  77. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/gemini.agent.md +35 -0
  78. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/kiro-cli.agent.json +5 -0
  79. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/harnesses/kiro-ide.agent.md +35 -0
  80. package/agents/cert-manager/cert-manager-issuer-trust-review-agent/metadata.json +31 -0
  81. package/agents/cilium/README.md +46 -0
  82. package/agents/cilium/cilium-network-policy-review-agent/AGENT.md +55 -0
  83. package/agents/cilium/cilium-network-policy-review-agent/harnesses/claude-code.agent.md +38 -0
  84. package/agents/cilium/cilium-network-policy-review-agent/harnesses/codex.toml +32 -0
  85. package/agents/cilium/cilium-network-policy-review-agent/harnesses/copilot.agent.md +38 -0
  86. package/agents/cilium/cilium-network-policy-review-agent/harnesses/cursor.agent.md +38 -0
  87. package/agents/cilium/cilium-network-policy-review-agent/harnesses/gemini.agent.md +38 -0
  88. package/agents/cilium/cilium-network-policy-review-agent/harnesses/kiro-cli.agent.json +5 -0
  89. package/agents/cilium/cilium-network-policy-review-agent/harnesses/kiro-ide.agent.md +38 -0
  90. package/agents/cilium/cilium-network-policy-review-agent/metadata.json +37 -0
  91. package/agents/falco/README.md +36 -0
  92. package/agents/falco/falco-runtime-threat-rules-review-agent/AGENT.md +49 -0
  93. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/claude-code.agent.md +33 -0
  94. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/codex.toml +31 -0
  95. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/copilot.agent.md +33 -0
  96. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/cursor.agent.md +33 -0
  97. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/gemini.agent.md +33 -0
  98. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/kiro-cli.agent.json +5 -0
  99. package/agents/falco/falco-runtime-threat-rules-review-agent/harnesses/kiro-ide.agent.md +33 -0
  100. package/agents/falco/falco-runtime-threat-rules-review-agent/metadata.json +31 -0
  101. package/agents/finops/README.md +27 -0
  102. package/agents/finops/finops-cloud-price-advisor-agent/metadata.json +10 -1
  103. package/agents/fluxcd/README.md +39 -0
  104. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/AGENT.md +55 -0
  105. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/claude-code.agent.md +38 -0
  106. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/codex.toml +32 -0
  107. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/copilot.agent.md +38 -0
  108. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/cursor.agent.md +38 -0
  109. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/gemini.agent.md +38 -0
  110. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/kiro-cli.agent.json +5 -0
  111. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/harnesses/kiro-ide.agent.md +38 -0
  112. package/agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent/metadata.json +31 -0
  113. package/agents/istio/README.md +46 -0
  114. package/agents/istio/istio-ambient-mesh-review-agent/AGENT.md +55 -0
  115. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/claude-code.agent.md +38 -0
  116. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/codex.toml +32 -0
  117. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/copilot.agent.md +38 -0
  118. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/cursor.agent.md +38 -0
  119. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/gemini.agent.md +38 -0
  120. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/kiro-cli.agent.json +5 -0
  121. package/agents/istio/istio-ambient-mesh-review-agent/harnesses/kiro-ide.agent.md +38 -0
  122. package/agents/istio/istio-ambient-mesh-review-agent/metadata.json +30 -0
  123. package/agents/kubernetes/README.md +143 -0
  124. package/agents/kubernetes/external-secrets-operator-review-agent/AGENT.md +49 -0
  125. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/claude-code.agent.md +33 -0
  126. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/codex.toml +31 -0
  127. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/copilot.agent.md +33 -0
  128. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/cursor.agent.md +33 -0
  129. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/gemini.agent.md +33 -0
  130. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/kiro-cli.agent.json +5 -0
  131. package/agents/kubernetes/external-secrets-operator-review-agent/harnesses/kiro-ide.agent.md +33 -0
  132. package/agents/kubernetes/external-secrets-operator-review-agent/metadata.json +31 -0
  133. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/AGENT.md +56 -0
  134. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/claude-code.agent.md +39 -0
  135. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/codex.toml +34 -0
  136. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/copilot.agent.md +39 -0
  137. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/cursor.agent.md +39 -0
  138. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/gemini.agent.md +39 -0
  139. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/kiro-cli.agent.json +5 -0
  140. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/harnesses/kiro-ide.agent.md +39 -0
  141. package/agents/kubernetes/kubecost-chargeback-allocation-review-agent/metadata.json +31 -0
  142. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/AGENT.md +59 -0
  143. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
  144. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/codex.toml +33 -0
  145. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/copilot.agent.md +42 -0
  146. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/cursor.agent.md +42 -0
  147. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/gemini.agent.md +42 -0
  148. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  149. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  150. package/agents/kubernetes/kubernetes-live-admission-policy-guard-agent/metadata.json +37 -0
  151. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/AGENT.md +59 -0
  152. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/claude-code.agent.md +42 -0
  153. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/codex.toml +33 -0
  154. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/copilot.agent.md +42 -0
  155. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/cursor.agent.md +42 -0
  156. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/gemini.agent.md +42 -0
  157. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  158. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  159. package/agents/kubernetes/kubernetes-live-argocd-sync-guard-agent/metadata.json +37 -0
  160. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/AGENT.md +59 -0
  161. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
  162. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/codex.toml +33 -0
  163. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/copilot.agent.md +42 -0
  164. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/cursor.agent.md +42 -0
  165. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/gemini.agent.md +42 -0
  166. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  167. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  168. package/agents/kubernetes/kubernetes-live-mesh-policy-guard-agent/metadata.json +37 -0
  169. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/AGENT.md +59 -0
  170. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/claude-code.agent.md +42 -0
  171. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/codex.toml +33 -0
  172. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/copilot.agent.md +42 -0
  173. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/cursor.agent.md +42 -0
  174. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/gemini.agent.md +42 -0
  175. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  176. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  177. package/agents/kubernetes/kubernetes-live-network-policy-guard-agent/metadata.json +37 -0
  178. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/AGENT.md +59 -0
  179. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/claude-code.agent.md +42 -0
  180. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/codex.toml +34 -0
  181. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/copilot.agent.md +55 -0
  182. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/cursor.agent.md +44 -0
  183. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/gemini.agent.md +43 -0
  184. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  185. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  186. package/agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent/metadata.json +36 -0
  187. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/AGENT.md +62 -0
  188. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/claude-code.agent.md +43 -0
  189. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/codex.toml +35 -0
  190. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/copilot.agent.md +43 -0
  191. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/cursor.agent.md +43 -0
  192. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/gemini.agent.md +43 -0
  193. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  194. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/harnesses/kiro-ide.agent.md +43 -0
  195. package/agents/kubernetes/kubernetes-live-velero-restore-guard-agent/metadata.json +38 -0
  196. package/agents/kubernetes/kubernetes-maestro-agent/AGENT.md +55 -0
  197. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/claude-code.agent.md +38 -0
  198. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/codex.toml +34 -0
  199. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/copilot.agent.md +38 -0
  200. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/cursor.agent.md +38 -0
  201. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/gemini.agent.md +38 -0
  202. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/kiro-cli.agent.json +5 -0
  203. package/agents/kubernetes/kubernetes-maestro-agent/harnesses/kiro-ide.agent.md +38 -0
  204. package/agents/kubernetes/kubernetes-maestro-agent/metadata.json +40 -0
  205. package/agents/kubernetes/kubernetes-pod-spec-review-agent/AGENT.md +54 -0
  206. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/claude-code.agent.md +37 -0
  207. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/codex.toml +27 -0
  208. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/copilot.agent.md +37 -0
  209. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/cursor.agent.md +37 -0
  210. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/gemini.agent.md +37 -0
  211. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/kiro-cli.agent.json +5 -0
  212. package/agents/kubernetes/kubernetes-pod-spec-review-agent/harnesses/kiro-ide.agent.md +37 -0
  213. package/agents/kubernetes/kubernetes-pod-spec-review-agent/metadata.json +38 -0
  214. package/agents/kubernetes/kubernetes-psa-review-agent/AGENT.md +55 -0
  215. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/claude-code.agent.md +36 -0
  216. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/codex.toml +29 -0
  217. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/copilot.agent.md +36 -0
  218. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/cursor.agent.md +36 -0
  219. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/gemini.agent.md +36 -0
  220. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/kiro-cli.agent.json +5 -0
  221. package/agents/kubernetes/kubernetes-psa-review-agent/harnesses/kiro-ide.agent.md +36 -0
  222. package/agents/kubernetes/kubernetes-psa-review-agent/metadata.json +38 -0
  223. package/agents/kubernetes/kubernetes-rbac-review-agent/AGENT.md +55 -0
  224. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/claude-code.agent.md +38 -0
  225. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/codex.toml +32 -0
  226. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/copilot.agent.md +51 -0
  227. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/cursor.agent.md +40 -0
  228. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/gemini.agent.md +39 -0
  229. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/kiro-cli.agent.json +5 -0
  230. package/agents/kubernetes/kubernetes-rbac-review-agent/harnesses/kiro-ide.agent.md +38 -0
  231. package/agents/kubernetes/kubernetes-rbac-review-agent/metadata.json +36 -0
  232. package/agents/kubernetes/kubernetes-workload-identity-review-agent/AGENT.md +55 -0
  233. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/claude-code.agent.md +37 -0
  234. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/codex.toml +29 -0
  235. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/copilot.agent.md +37 -0
  236. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/cursor.agent.md +37 -0
  237. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/gemini.agent.md +37 -0
  238. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/kiro-cli.agent.json +5 -0
  239. package/agents/kubernetes/kubernetes-workload-identity-review-agent/harnesses/kiro-ide.agent.md +37 -0
  240. package/agents/kubernetes/kubernetes-workload-identity-review-agent/metadata.json +37 -0
  241. package/agents/kyverno/README.md +46 -0
  242. package/agents/kyverno/kyverno-policy-review-agent/AGENT.md +55 -0
  243. package/agents/kyverno/kyverno-policy-review-agent/harnesses/claude-code.agent.md +38 -0
  244. package/agents/kyverno/kyverno-policy-review-agent/harnesses/codex.toml +32 -0
  245. package/agents/kyverno/kyverno-policy-review-agent/harnesses/copilot.agent.md +38 -0
  246. package/agents/kyverno/kyverno-policy-review-agent/harnesses/cursor.agent.md +38 -0
  247. package/agents/kyverno/kyverno-policy-review-agent/harnesses/gemini.agent.md +38 -0
  248. package/agents/kyverno/kyverno-policy-review-agent/harnesses/kiro-cli.agent.json +5 -0
  249. package/agents/kyverno/kyverno-policy-review-agent/harnesses/kiro-ide.agent.md +38 -0
  250. package/agents/kyverno/kyverno-policy-review-agent/metadata.json +30 -0
  251. package/agents/oci/README.md +45 -0
  252. package/agents/oci/oci-certificates-issuer-review-agent/AGENT.md +53 -0
  253. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/claude-code.agent.md +36 -0
  254. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/codex.toml +27 -0
  255. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/copilot.agent.md +36 -0
  256. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/cursor.agent.md +36 -0
  257. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/gemini.agent.md +36 -0
  258. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/kiro-cli.agent.json +5 -0
  259. package/agents/oci/oci-certificates-issuer-review-agent/harnesses/kiro-ide.agent.md +36 -0
  260. package/agents/oci/oci-certificates-issuer-review-agent/metadata.json +36 -0
  261. package/agents/oci/oci-live-autonomous-db-lifecycle-guard-agent/metadata.json +11 -2
  262. package/agents/oci/oci-live-cost-budget-runaway-guard-agent/metadata.json +11 -2
  263. package/agents/oci/oci-live-iam-policy-compartment-guard-agent/metadata.json +10 -1
  264. package/agents/oci/oci-live-network-security-rule-guard-agent/AGENT.md +59 -0
  265. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/claude-code.agent.md +42 -0
  266. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/codex.toml +34 -0
  267. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/copilot.agent.md +55 -0
  268. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/cursor.agent.md +44 -0
  269. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/gemini.agent.md +43 -0
  270. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/kiro-cli.agent.json +5 -0
  271. package/agents/oci/oci-live-network-security-rule-guard-agent/harnesses/kiro-ide.agent.md +42 -0
  272. package/agents/oci/oci-live-network-security-rule-guard-agent/metadata.json +37 -0
  273. package/agents/oci/oci-live-oke-rollout-guard-agent/metadata.json +11 -2
  274. package/agents/oci/oci-live-resource-manager-stack-guard-agent/metadata.json +10 -1
  275. package/agents/oci/oci-live-vault-key-destruction-guard-agent/metadata.json +10 -1
  276. package/agents/opentelemetry/README.md +37 -0
  277. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/AGENT.md +55 -0
  278. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/claude-code.agent.md +38 -0
  279. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/codex.toml +32 -0
  280. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/copilot.agent.md +38 -0
  281. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/cursor.agent.md +38 -0
  282. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/gemini.agent.md +38 -0
  283. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/kiro-cli.agent.json +5 -0
  284. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/harnesses/kiro-ide.agent.md +38 -0
  285. package/agents/opentelemetry/opentelemetry-collector-config-review-agent/metadata.json +37 -0
  286. package/agents/prometheus/README.md +36 -0
  287. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/AGENT.md +48 -0
  288. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/claude-code.agent.md +32 -0
  289. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/codex.toml +31 -0
  290. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/copilot.agent.md +32 -0
  291. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/cursor.agent.md +32 -0
  292. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/gemini.agent.md +32 -0
  293. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/kiro-cli.agent.json +5 -0
  294. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/harnesses/kiro-ide.agent.md +32 -0
  295. package/agents/prometheus/prometheus-alerting-cardinality-review-agent/metadata.json +31 -0
  296. package/agents/sigstore/README.md +38 -0
  297. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/AGENT.md +55 -0
  298. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/claude-code.agent.md +35 -0
  299. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/codex.toml +29 -0
  300. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/copilot.agent.md +35 -0
  301. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/cursor.agent.md +35 -0
  302. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/gemini.agent.md +35 -0
  303. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/kiro-cli.agent.json +5 -0
  304. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/harnesses/kiro-ide.agent.md +35 -0
  305. package/agents/sigstore/sigstore-cosign-supply-chain-review-agent/metadata.json +31 -0
  306. package/agents/terraform/README.md +29 -0
  307. package/agents/terraform/terraform-reviewer/AGENT.md +2 -1
  308. package/agents/terraform/terraform-reviewer/harnesses/claude-code.agent.md +29 -0
  309. package/agents/terraform/terraform-reviewer/harnesses/codex.toml +29 -0
  310. package/agents/terraform/terraform-reviewer/harnesses/copilot.agent.md +42 -0
  311. package/agents/terraform/terraform-reviewer/harnesses/cursor.agent.md +31 -0
  312. package/agents/terraform/terraform-reviewer/harnesses/gemini.agent.md +30 -0
  313. package/agents/terraform/terraform-reviewer/harnesses/kiro-cli.agent.json +5 -0
  314. package/agents/terraform/terraform-reviewer/harnesses/kiro-ide.agent.md +29 -0
  315. package/agents/terraform/terraform-reviewer/metadata.json +10 -1
  316. package/agents/velero/README.md +41 -0
  317. package/assets/logos/vanguard-frontier-agentic-logo.png +0 -0
  318. package/catalog/agents.json +1452 -634
  319. package/catalog/install-roles.json +455 -0
  320. package/catalog/skill-manifest.json +1089 -335
  321. package/catalog/skills.json +1298 -528
  322. package/package.json +32 -3
  323. package/schemas/AGENTS.md +14 -0
  324. package/schemas/agent.frontmatter.schema.json +89 -0
  325. package/schemas/agent.schema.json +8 -0
  326. package/schemas/skill.frontmatter.schema.json +95 -0
  327. package/scripts/apply-skill-allowed-tools.py +142 -0
  328. package/scripts/backfill-skill-metadata.py +410 -0
  329. package/scripts/export-marketplace-agents.mjs +275 -9
  330. package/scripts/update-catalog-new-agents.py +88 -0
  331. package/skills/argocd/README.md +30 -0
  332. package/skills/argocd/argo-rollouts-progressive-delivery-review/SKILL.md +43 -0
  333. package/skills/argocd/argo-rollouts-progressive-delivery-review/metadata.json +22 -0
  334. package/skills/argocd/argo-rollouts-progressive-delivery-review/references/workflow-and-output.md +248 -0
  335. package/skills/argocd/argocd-gitops-review/SKILL.md +46 -0
  336. package/skills/argocd/argocd-gitops-review/metadata.json +30 -0
  337. package/skills/argocd/argocd-gitops-review/references/mcp-and-evidence.md +53 -0
  338. package/skills/argocd/argocd-gitops-review/references/official-sources.md +32 -0
  339. package/skills/argocd/argocd-gitops-review/references/workflow-and-output.md +120 -0
  340. package/skills/aws/README.md +3 -1
  341. package/skills/aws/aws-agentcore/SKILL.md +3 -0
  342. package/skills/aws/aws-api-edge-delivery-review/SKILL.md +3 -0
  343. package/skills/aws/aws-bedrock-agent-security-governor/SKILL.md +3 -0
  344. package/skills/aws/aws-change-impact-advisor/SKILL.md +3 -0
  345. package/skills/aws/aws-ci-cd-release-engineer/SKILL.md +3 -0
  346. package/skills/aws/aws-compliance-evidence-mapper/SKILL.md +3 -0
  347. package/skills/aws/aws-cost-anomaly-watch-coordinator/SKILL.md +3 -0
  348. package/skills/aws/aws-cost-optimization-governor/SKILL.md +3 -0
  349. package/skills/aws/aws-daily-operations-briefing-coordinator/SKILL.md +3 -0
  350. package/skills/aws/aws-data-protection-backup-steward/SKILL.md +3 -0
  351. package/skills/aws/aws-deployment-hotfix-operator/SKILL.md +3 -0
  352. package/skills/aws/aws-devops-agent-skill-designer/SKILL.md +3 -0
  353. package/skills/aws/aws-dynamodb-data-modeling-performance-review/SKILL.md +3 -0
  354. package/skills/aws/aws-ec2-compute-operations-steward/SKILL.md +3 -0
  355. package/skills/aws/aws-ecs-fargate-platform-operator/SKILL.md +3 -0
  356. package/skills/aws/aws-ecs-service-remediation-operator/SKILL.md +3 -0
  357. package/skills/aws/aws-eks-platform-operator/SKILL.md +3 -0
  358. package/skills/aws/aws-event-driven-architecture-review/SKILL.md +3 -0
  359. package/skills/aws/aws-generative-ai-developer/SKILL.md +3 -0
  360. package/skills/aws/aws-iac-change-safety-review/SKILL.md +3 -0
  361. package/skills/aws/aws-iac-patch-executor/SKILL.md +3 -0
  362. package/skills/aws/aws-iam-least-privilege-review/SKILL.md +3 -0
  363. package/skills/aws/aws-kms-secrets-lifecycle-steward/SKILL.md +3 -0
  364. package/skills/aws/aws-landing-zone-governor/SKILL.md +3 -0
  365. package/skills/aws/aws-live-deployment-guarded-operator/SKILL.md +3 -0
  366. package/skills/aws/aws-live-ecs-rollout-guard/SKILL.md +3 -0
  367. package/skills/aws/aws-live-iac-change-guard/SKILL.md +3 -0
  368. package/skills/aws/aws-live-pipeline-approval-operator/SKILL.md +3 -0
  369. package/skills/aws/aws-live-serverless-release-guard/SKILL.md +3 -0
  370. package/skills/aws/aws-maestro/SKILL.md +3 -0
  371. package/skills/aws/aws-maestro/references/workflow-and-output.md +2 -0
  372. package/skills/aws/aws-migration-cutover-architect/SKILL.md +3 -0
  373. package/skills/aws/aws-network-architect/SKILL.md +3 -0
  374. package/skills/aws/aws-non-destructive-task-automation-advisor/SKILL.md +3 -0
  375. package/skills/aws/aws-observability-incident-responder/SKILL.md +3 -0
  376. package/skills/aws/aws-pipeline-fix-operator/SKILL.md +3 -0
  377. package/skills/aws/aws-private-ca-issuer-review/SKILL.md +42 -0
  378. package/skills/aws/aws-private-ca-issuer-review/metadata.json +21 -0
  379. package/skills/aws/aws-private-ca-issuer-review/references/official-sources.md +22 -0
  380. package/skills/aws/aws-private-ca-issuer-review/references/safety-checklist.md +30 -0
  381. package/skills/aws/aws-private-ca-issuer-review/references/workflow-and-output.md +214 -0
  382. package/skills/aws/aws-rds-aurora-performance-investigator/SKILL.md +3 -0
  383. package/skills/aws/aws-resilience-bcdr-review/SKILL.md +3 -0
  384. package/skills/aws/aws-s3-data-perimeter-governor/SKILL.md +3 -0
  385. package/skills/aws/aws-security-posture-hardening/SKILL.md +3 -0
  386. package/skills/aws/aws-serverless-production-readiness/SKILL.md +3 -0
  387. package/skills/aws/aws-serverless-rollout-corrector/SKILL.md +3 -0
  388. package/skills/aws/aws-solution-architect/SKILL.md +3 -0
  389. package/skills/aws/aws-ticket-triage-escalation-coordinator/SKILL.md +3 -0
  390. package/skills/azure/README.md +3 -1
  391. package/skills/azure/azure-ai-foundry-ops-governor/SKILL.md +3 -0
  392. package/skills/azure/azure-aks-platform-operator/SKILL.md +3 -0
  393. package/skills/azure/azure-app-service-production-readiness/SKILL.md +3 -0
  394. package/skills/azure/azure-cosmosdb-application-developer/SKILL.md +3 -0
  395. package/skills/azure/azure-cosmosdb-performance-investigator/SKILL.md +3 -0
  396. package/skills/azure/azure-cosmosdb-platform-operator/SKILL.md +3 -0
  397. package/skills/azure/azure-cost-estimation-review/SKILL.md +3 -0
  398. package/skills/azure/azure-cost-optimization-governor/SKILL.md +3 -0
  399. package/skills/azure/azure-entra-id-specialist/SKILL.md +3 -0
  400. package/skills/azure/azure-governance-policy-guardrails/SKILL.md +3 -0
  401. package/skills/azure/azure-identity-governance-review/SKILL.md +3 -0
  402. package/skills/azure/azure-key-vault-secret-lifecycle-auditor/SKILL.md +3 -0
  403. package/skills/azure/azure-keyvault-certificate-issuer-review/SKILL.md +40 -0
  404. package/skills/azure/azure-keyvault-certificate-issuer-review/metadata.json +20 -0
  405. package/skills/azure/azure-keyvault-certificate-issuer-review/references/workflow-and-output.md +190 -0
  406. package/skills/azure/azure-landing-zone-architect/SKILL.md +3 -0
  407. package/skills/azure/azure-live-aks-rollout-guard/SKILL.md +3 -0
  408. package/skills/azure/azure-live-app-service-slot-swap-guard/SKILL.md +3 -0
  409. package/skills/azure/azure-live-arm-deployment-stack-guard/SKILL.md +3 -0
  410. package/skills/azure/azure-live-cost-budget-action-guard/SKILL.md +3 -0
  411. package/skills/azure/azure-live-entra-role-assignment-guard/SKILL.md +59 -0
  412. package/skills/azure/azure-live-entra-role-assignment-guard/metadata.json +28 -0
  413. package/skills/azure/azure-live-entra-role-assignment-guard/references/official-sources.md +21 -0
  414. package/skills/azure/azure-live-entra-role-assignment-guard/references/permission-model.md +70 -0
  415. package/skills/azure/azure-live-entra-role-assignment-guard/references/preflight-commands.md +69 -0
  416. package/skills/azure/azure-live-entra-role-assignment-guard/references/rollback-playbook.md +51 -0
  417. package/skills/azure/azure-live-keyvault-rotation-purge-guard/SKILL.md +3 -0
  418. package/skills/azure/azure-live-pim-jit-activation-guard/SKILL.md +3 -0
  419. package/skills/azure/azure-maestro/SKILL.md +3 -0
  420. package/skills/azure/azure-migrate-landing-zone-cutover/SKILL.md +3 -0
  421. package/skills/azure/azure-network-topology-review/SKILL.md +3 -0
  422. package/skills/azure/azure-observability-investigator/SKILL.md +3 -0
  423. package/skills/azure/azure-platform-automation-devops/SKILL.md +3 -0
  424. package/skills/azure/azure-private-endpoint-adoption-planner/SKILL.md +3 -0
  425. package/skills/azure/azure-rbac-review/SKILL.md +3 -0
  426. package/skills/azure/azure-resilience-bcdr-review/SKILL.md +3 -0
  427. package/skills/azure/azure-resource-health-incident-triage/SKILL.md +3 -0
  428. package/skills/azure/azure-role-selector/SKILL.md +3 -0
  429. package/skills/azure/azure-security-posture-hardening/SKILL.md +3 -0
  430. package/skills/azure/azure-subscription-resource-organization/SKILL.md +3 -0
  431. package/skills/backstage/backstage-scaffolder-template-review/SKILL.md +42 -0
  432. package/skills/backstage/backstage-scaffolder-template-review/metadata.json +21 -0
  433. package/skills/backstage/backstage-scaffolder-template-review/references/workflow-and-output.md +179 -0
  434. package/skills/cert-manager/cert-manager-issuer-trust-review/SKILL.md +43 -0
  435. package/skills/cert-manager/cert-manager-issuer-trust-review/metadata.json +22 -0
  436. package/skills/cert-manager/cert-manager-issuer-trust-review/references/workflow-and-output.md +222 -0
  437. package/skills/cilium/README.md +30 -0
  438. package/skills/cilium/cilium-network-policy-review/SKILL.md +46 -0
  439. package/skills/cilium/cilium-network-policy-review/metadata.json +30 -0
  440. package/skills/cilium/cilium-network-policy-review/references/mcp-and-evidence.md +52 -0
  441. package/skills/cilium/cilium-network-policy-review/references/official-sources.md +30 -0
  442. package/skills/cilium/cilium-network-policy-review/references/workflow-and-output.md +130 -0
  443. package/skills/falco/falco-runtime-threat-rules-review/SKILL.md +40 -0
  444. package/skills/falco/falco-runtime-threat-rules-review/metadata.json +22 -0
  445. package/skills/falco/falco-runtime-threat-rules-review/references/workflow-and-output.md +249 -0
  446. package/skills/finops/README.md +30 -0
  447. package/skills/finops/finops-cloud-price-advisor/SKILL.md +3 -0
  448. package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/SKILL.md +43 -0
  449. package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/metadata.json +22 -0
  450. package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/references/workflow-and-output.md +243 -0
  451. package/skills/istio/README.md +28 -0
  452. package/skills/istio/istio-ambient-mesh-review/SKILL.md +46 -0
  453. package/skills/istio/istio-ambient-mesh-review/metadata.json +30 -0
  454. package/skills/istio/istio-ambient-mesh-review/references/mcp-and-evidence.md +59 -0
  455. package/skills/istio/istio-ambient-mesh-review/references/official-sources.md +32 -0
  456. package/skills/istio/istio-ambient-mesh-review/references/workflow-and-output.md +128 -0
  457. package/skills/kubernetes/README.md +30 -0
  458. package/skills/kubernetes/external-secrets-operator-review/SKILL.md +40 -0
  459. package/skills/kubernetes/external-secrets-operator-review/metadata.json +22 -0
  460. package/skills/kubernetes/external-secrets-operator-review/references/workflow-and-output.md +280 -0
  461. package/skills/kubernetes/kubecost-chargeback-allocation-review/SKILL.md +43 -0
  462. package/skills/kubernetes/kubecost-chargeback-allocation-review/metadata.json +22 -0
  463. package/skills/kubernetes/kubecost-chargeback-allocation-review/references/workflow-and-output.md +215 -0
  464. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/SKILL.md +60 -0
  465. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/metadata.json +27 -0
  466. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/official-sources.md +18 -0
  467. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/permission-model.md +78 -0
  468. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/preflight-commands.md +81 -0
  469. package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/references/rollback-playbook.md +61 -0
  470. package/skills/kubernetes/kubernetes-maestro/SKILL.md +48 -0
  471. package/skills/kubernetes/kubernetes-maestro/metadata.json +24 -0
  472. package/skills/kubernetes/kubernetes-maestro/references/safety-checklist.md +78 -0
  473. package/skills/kubernetes/kubernetes-maestro/references/workflow-and-output.md +206 -0
  474. package/skills/kubernetes/kubernetes-pod-security-admission-review/SKILL.md +46 -0
  475. package/skills/kubernetes/kubernetes-pod-security-admission-review/metadata.json +28 -0
  476. package/skills/kubernetes/kubernetes-pod-security-admission-review/references/mcp-and-evidence.md +49 -0
  477. package/skills/kubernetes/kubernetes-pod-security-admission-review/references/official-sources.md +26 -0
  478. package/skills/kubernetes/kubernetes-pod-security-admission-review/references/workflow-and-output.md +129 -0
  479. package/skills/kubernetes/kubernetes-pod-spec-review/SKILL.md +41 -0
  480. package/skills/kubernetes/kubernetes-pod-spec-review/metadata.json +22 -0
  481. package/skills/kubernetes/kubernetes-pod-spec-review/references/workflow-and-output.md +229 -0
  482. package/skills/kubernetes/kubernetes-rbac-review/SKILL.md +41 -0
  483. package/skills/kubernetes/kubernetes-rbac-review/metadata.json +27 -0
  484. package/skills/kubernetes/kubernetes-rbac-review/references/mcp-and-evidence.md +34 -0
  485. package/skills/kubernetes/kubernetes-rbac-review/references/official-sources.md +22 -0
  486. package/skills/kubernetes/kubernetes-rbac-review/references/workflow-and-output.md +44 -0
  487. package/skills/kubernetes/kubernetes-workload-identity-review/SKILL.md +46 -0
  488. package/skills/kubernetes/kubernetes-workload-identity-review/metadata.json +29 -0
  489. package/skills/kubernetes/kubernetes-workload-identity-review/references/mcp-and-evidence.md +57 -0
  490. package/skills/kubernetes/kubernetes-workload-identity-review/references/official-sources.md +47 -0
  491. package/skills/kubernetes/kubernetes-workload-identity-review/references/workflow-and-output.md +166 -0
  492. package/skills/kyverno/README.md +30 -0
  493. package/skills/kyverno/kyverno-policy-review/SKILL.md +46 -0
  494. package/skills/kyverno/kyverno-policy-review/metadata.json +30 -0
  495. package/skills/kyverno/kyverno-policy-review/references/mcp-and-evidence.md +49 -0
  496. package/skills/kyverno/kyverno-policy-review/references/official-sources.md +31 -0
  497. package/skills/kyverno/kyverno-policy-review/references/workflow-and-output.md +106 -0
  498. package/skills/oci/README.md +63 -0
  499. package/skills/oci/oci-autonomous-database-architect/SKILL.md +3 -0
  500. package/skills/oci/oci-certificates-issuer-review/SKILL.md +40 -0
  501. package/skills/oci/oci-certificates-issuer-review/metadata.json +20 -0
  502. package/skills/oci/oci-certificates-issuer-review/references/workflow-and-output.md +207 -0
  503. package/skills/oci/oci-cloud-guard-responder/SKILL.md +3 -0
  504. package/skills/oci/oci-compute-instance-agent-operator/SKILL.md +3 -0
  505. package/skills/oci/oci-compute-platform-operator/SKILL.md +3 -0
  506. package/skills/oci/oci-cost-finops-analyst/SKILL.md +3 -0
  507. package/skills/oci/oci-database-platform-dba/SKILL.md +3 -0
  508. package/skills/oci/oci-dbtools-sql-analyst/SKILL.md +3 -0
  509. package/skills/oci/oci-devops-container-platform-engineer/SKILL.md +3 -0
  510. package/skills/oci/oci-exadata-database-architect/SKILL.md +3 -0
  511. package/skills/oci/oci-exadata-platform-architect/SKILL.md +3 -0
  512. package/skills/oci/oci-fusion-apps-environment-operator/SKILL.md +3 -0
  513. package/skills/oci/oci-goldengate-replication-operator/SKILL.md +3 -0
  514. package/skills/oci/oci-identity-access-governor/SKILL.md +3 -0
  515. package/skills/oci/oci-iot-digital-twin-engineer/SKILL.md +3 -0
  516. package/skills/oci/oci-limits-capacity-planner/SKILL.md +3 -0
  517. package/skills/oci/oci-live-autonomous-db-lifecycle-guard/SKILL.md +3 -0
  518. package/skills/oci/oci-live-cost-budget-runaway-guard/SKILL.md +3 -0
  519. package/skills/oci/oci-live-iam-policy-compartment-guard/SKILL.md +3 -0
  520. package/skills/oci/oci-live-network-security-rule-guard/SKILL.md +60 -0
  521. package/skills/oci/oci-live-network-security-rule-guard/metadata.json +28 -0
  522. package/skills/oci/oci-live-network-security-rule-guard/references/official-sources.md +21 -0
  523. package/skills/oci/oci-live-network-security-rule-guard/references/permission-model.md +65 -0
  524. package/skills/oci/oci-live-network-security-rule-guard/references/preflight-commands.md +69 -0
  525. package/skills/oci/oci-live-network-security-rule-guard/references/rollback-playbook.md +79 -0
  526. package/skills/oci/oci-live-oke-rollout-guard/SKILL.md +3 -0
  527. package/skills/oci/oci-live-resource-manager-stack-guard/SKILL.md +3 -0
  528. package/skills/oci/oci-live-vault-key-destruction-guard/SKILL.md +3 -0
  529. package/skills/oci/oci-load-balancer-traffic-engineer/SKILL.md +3 -0
  530. package/skills/oci/oci-maestro/SKILL.md +3 -0
  531. package/skills/oci/oci-migration-cutover-architect/SKILL.md +3 -0
  532. package/skills/oci/oci-multi-cloud-architect/SKILL.md +3 -0
  533. package/skills/oci/oci-mysql-heatwave-ai-specialist/SKILL.md +3 -0
  534. package/skills/oci/oci-network-architect/SKILL.md +3 -0
  535. package/skills/oci/oci-observability-incident-responder/SKILL.md +3 -0
  536. package/skills/oci/oci-recovery-service-operator/SKILL.md +3 -0
  537. package/skills/oci/oci-registry-artifact-governor/SKILL.md +3 -0
  538. package/skills/oci/oci-resource-search-inventory-analyst/SKILL.md +3 -0
  539. package/skills/oci/oci-security-compliance-reviewer/SKILL.md +3 -0
  540. package/skills/oci/oci-solution-architect/SKILL.md +3 -0
  541. package/skills/oci/oci-storage-backup-steward/SKILL.md +3 -0
  542. package/skills/oci/oci-support-incident-coordinator/SKILL.md +3 -0
  543. package/skills/oci/oracle-oci-mcp-grounded-advisor/SKILL.md +3 -0
  544. package/skills/opentelemetry/README.md +31 -0
  545. package/skills/opentelemetry/opentelemetry-collector-config-review/SKILL.md +47 -0
  546. package/skills/opentelemetry/opentelemetry-collector-config-review/metadata.json +30 -0
  547. package/skills/opentelemetry/opentelemetry-collector-config-review/references/mcp-and-evidence.md +49 -0
  548. package/skills/opentelemetry/opentelemetry-collector-config-review/references/official-sources.md +31 -0
  549. package/skills/opentelemetry/opentelemetry-collector-config-review/references/workflow-and-output.md +155 -0
  550. package/skills/prometheus/prometheus-alerting-cardinality-review/SKILL.md +41 -0
  551. package/skills/prometheus/prometheus-alerting-cardinality-review/metadata.json +22 -0
  552. package/skills/prometheus/prometheus-alerting-cardinality-review/references/workflow-and-output.md +221 -0
  553. package/skills/sigstore/sigstore-cosign-supply-chain-review/SKILL.md +42 -0
  554. package/skills/sigstore/sigstore-cosign-supply-chain-review/metadata.json +22 -0
  555. package/skills/sigstore/sigstore-cosign-supply-chain-review/references/workflow-and-output.md +196 -0
  556. package/skills/terraform/README.md +29 -0
  557. package/skills/terraform/terraform-maestro/SKILL.md +3 -0
  558. package/skills/velero/velero-backup-restore-guard/SKILL.md +44 -0
  559. package/skills/velero/velero-backup-restore-guard/metadata.json +21 -0
  560. package/skills/velero/velero-backup-restore-guard/references/safety-checklist.md +40 -0
  561. package/skills/velero/velero-backup-restore-guard/references/workflow-and-output.md +202 -0
package/skills/oci/oci-live-network-security-rule-guard/references/preflight-commands.md ADDED
@@ -0,0 +1,69 @@
1
+ # Preflight Commands: OCI Live Network Security Rule Guard
2
+
3
+ Run all of these before adding, modifying, or removing any Security List or NSG rule.
4
+
5
+ ## 1. Confirm active OCI profile and tenancy
6
+
7
+ ```bash
8
+ oci iam region list --output table # confirms CLI auth works
9
+ oci iam tenancy get --tenancy-id $(oci iam user get --user-id $(oci iam user list --query 'data[0].id' --raw-output) --query 'data."compartment-id"' --raw-output) 2>/dev/null || echo "Use: oci iam user list --all"
10
+ ```
11
+
12
+ Simpler identity check:
13
+ ```bash
14
+ oci iam user list --all --query 'data[0].{name:name, description:description}' --output table
15
+ ```
16
+
17
+ ## 2. Capture current Security List rules (CRITICAL — save as rollback baseline)
18
+
19
+ ```bash
20
+ # Get current ingress and egress rules — save this output BEFORE any mutation
21
+ oci network security-list get \
22
+ --security-list-id <SECURITY_LIST_OCID> \
23
+ --query 'data.{"display-name":"display-name", "ingress-security-rules":"ingress-security-rules", "egress-security-rules":"egress-security-rules"}'
24
+ ```
25
+
26
+ ## 3. Capture current NSG rules (CRITICAL — save as rollback baseline)
27
+
28
+ ```bash
29
+ oci network nsg rules list \
30
+ --nsg-id <NSG_OCID> \
31
+ --all \
32
+ --query 'data[].{id:id, direction:direction, protocol:protocol, source:source, destination:destination, "source-type":"source-type", "tcp-options":"tcp-options", "udp-options":"udp-options", stateless:stateless}'
33
+ ```
34
+
35
+ ## 4. List Security Lists in a VCN to identify the target
36
+
37
+ ```bash
38
+ oci network security-list list \
39
+ --compartment-id <COMPARTMENT_OCID> \
40
+ --vcn-id <VCN_OCID> \
41
+ --query 'data[].{"display-name":"display-name", id:id, "lifecycle-state":"lifecycle-state"}'
42
+ ```
43
+
44
+ ## 5. Identify subnets attached to the Security List (blast radius)
45
+
46
+ ```bash
47
+ oci network subnet list \
48
+ --compartment-id <COMPARTMENT_OCID> \
49
+ --vcn-id <VCN_OCID> \
50
+ --query 'data[].{"display-name":"display-name", "cidr-block":"cidr-block", "security-list-ids":"security-list-ids", "prohibit-public-ip-on-vnic":"prohibit-public-ip-on-vnic"}'
51
+ ```
52
+
53
+ `prohibit-public-ip-on-vnic: true` = private subnet. Ingress from 0.0.0.0/0 on a private subnet still allows internal CIDR access — confirm VCN CIDR scope.
54
+
55
+ ## 6. Check if DB System or Autonomous DB is in the affected subnet
56
+
57
+ ```bash
58
+ # List DB systems in compartment
59
+ oci db system list \
60
+ --compartment-id <COMPARTMENT_OCID> \
61
+ --query 'data[].{"display-name":"display-name", "subnet-id":"subnet-id", "lifecycle-state":"lifecycle-state"}'
62
+
63
+ # List Autonomous DBs
64
+ oci db autonomous-database list \
65
+ --compartment-id <COMPARTMENT_OCID> \
66
+ --query 'data[].{"db-name":"db-name", "subnet-id":"subnet-id", "lifecycle-state":"lifecycle-state"}'
67
+ ```
68
+
69
+ If the affected subnet hosts a DB workload, classify the change as **critical** and require explicit DBA approval.
package/skills/oci/oci-live-network-security-rule-guard/references/rollback-playbook.md ADDED
@@ -0,0 +1,79 @@
1
+ # Rollback Playbook: OCI Live Network Security Rule Guard
2
+
3
+ OCI Security List and NSG rule changes take effect immediately with no native undo operation. The only rollback path is restoring the previous rule set from a captured baseline. **Capture current rules before every mutation — no exceptions.**
4
+
5
+ ## Pre-mutation capture (mandatory)
6
+
7
+ ```bash
8
+ # Security List — save to file before any change
9
+ oci network security-list get \
10
+ --security-list-id <SECURITY_LIST_OCID> \
11
+ --query 'data.{"ingress-security-rules":"ingress-security-rules","egress-security-rules":"egress-security-rules"}' \
12
+ > securitylist-backup-$(date +%Y%m%d-%H%M%S).json
13
+
14
+ # NSG — save to file before any change
15
+ oci network nsg rules list \
16
+ --nsg-id <NSG_OCID> --all \
17
+ > nsg-backup-$(date +%Y%m%d-%H%M%S).json
18
+ ```
19
+
20
+ ## Restore Security List rules from backup
21
+
22
+ Security List update is a **full replace** — the update command overwrites the entire rule set. Pass the exact previous rules from the backup file.
23
+
24
+ ```bash
25
+ # Restore ingress rules
26
+ INGRESS=$(cat securitylist-backup-<TIMESTAMP>.json | python3 -c "import json,sys; d=json.load(sys.stdin); print(json.dumps(d['ingress-security-rules']))")
27
+ oci network security-list update \
28
+ --security-list-id <SECURITY_LIST_OCID> \
29
+ --ingress-security-rules "$INGRESS" \
30
+ --force
31
+
32
+ # Restore egress rules (same file, egress key)
33
+ EGRESS=$(cat securitylist-backup-<TIMESTAMP>.json | python3 -c "import json,sys; d=json.load(sys.stdin); print(json.dumps(d['egress-security-rules']))")
34
+ oci network security-list update \
35
+ --security-list-id <SECURITY_LIST_OCID> \
36
+ --egress-security-rules "$EGRESS" \
37
+ --force
38
+ ```
39
+
40
+ ## Restore NSG rules from backup
41
+
42
+ NSG rule updates require rule IDs. To restore, remove new rules and re-add the old ones.
43
+
44
+ ```bash
45
+ # List current rule IDs to identify added rules
46
+ oci network nsg rules list --nsg-id <NSG_OCID> --all --query 'data[].id'
47
+
48
+ # Remove a specific rule that was incorrectly added
49
+ oci network nsg rules remove \
50
+ --nsg-id <NSG_OCID> \
51
+ --security-rule-ids '["<RULE_ID_TO_REMOVE>"]'
52
+ ```
53
+
54
+ ## Verify restoration
55
+
56
+ ```bash
57
+ # Confirm rules match the backup
58
+ oci network security-list get \
59
+ --security-list-id <SECURITY_LIST_OCID> \
60
+ --query 'data.{"ingress-security-rules":"ingress-security-rules","egress-security-rules":"egress-security-rules"}'
61
+ ```
62
+
63
+ ## Connectivity verification after rollback
64
+
65
+ ```bash
66
+ # Check if affected instance can still reach expected endpoints
67
+ # (Run from inside the VCN or use OCI Network Path Analyzer)
68
+ oci network path-analyzer-test create \
69
+ --compartment-id <COMPARTMENT_OCID> \
70
+ --protocol-parameters '{"type":"TCP","destinationPort":<PORT>}' \
71
+ --source-endpoint '{"type":"COMPUTE_INSTANCE","instanceId":"<INSTANCE_OCID>"}' \
72
+ --destination-endpoint '{"type":"IP_ADDRESS","address":"<DEST_IP>"}'
73
+ ```
74
+
75
+ ## What cannot be rolled back
76
+
77
+ - Traffic that flowed through an incorrectly open rule during the window cannot be recalled.
78
+ - Data exfiltrated or connections established during the exposure window must be investigated separately via VCN Flow Logs.
79
+ - Enable Flow Logs on affected subnets before and after any security rule change for forensic coverage.
package/skills/oci/oci-live-oke-rollout-guard/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-live-oke-rollout-guard
3
3
  description: Guard OKE deployment rollouts via DevOps Service approval stages with canary and blue-green evidence, rollout health verification, and kubectl rollout undo gates.
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: "github: Raishin"
6
7
  version: "0.1.0"
8
+ updated: "2026-05-05"
9
+ category: delivery
7
10
  ---
8
11
 
9
12
  # OCI Live OKE Rollout Guard
package/skills/oci/oci-live-resource-manager-stack-guard/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-live-resource-manager-stack-guard
3
3
  description: Guard OCI Resource Manager stack plan, apply, and destroy jobs with drift detection, state-version rollback, stack auto-lock awareness, and approval gates.
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: "github: Raishin"
6
7
  version: "0.1.0"
8
+ updated: "2026-05-05"
9
+ category: delivery
7
10
  ---
8
11
 
9
12
  # OCI Live Resource Manager Stack Guard
package/skills/oci/oci-live-vault-key-destruction-guard/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-live-vault-key-destruction-guard
3
3
  description: Guard Vault master encryption key scheduled-deletion and HSM rotation with data-association audits, key-usage reference checks, deletion-window enforcement, and cancellation playbooks.
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: "github: Raishin"
6
7
  version: "0.1.0"
8
+ updated: "2026-05-05"
9
+ category: security
7
10
  ---
8
11
 
9
12
  # OCI Live Vault Key Destruction Guard
package/skills/oci/oci-load-balancer-traffic-engineer/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-load-balancer-traffic-engineer
3
3
  description: Design, review, and troubleshoot OCI Load Balancer and Network Load Balancer traffic paths, listeners, backend sets, certificates, health checks, logging, and failover. Use for L7/L4 traffic engineering and availability reviews.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: networking
7
10
  ---
8
11
 
9
12
  # OCI Load Balancer Traffic Engineer
package/skills/oci/oci-maestro/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-maestro
3
3
  description: OCI Maestro routing skill. Classify the user's OCI task, select the narrowest specialist agent or the right team of specialists from the catalog, and dispatch them — single specialist for focused tasks, parallel team for multi-domain tasks. Never auto-dispatch live-guard agents.
4
+ allowed-tools: Agent Skill Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: ai
7
10
  ---
8
11
 
9
12
  # OCI Maestro Routing Skill
package/skills/oci/oci-migration-cutover-architect/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-migration-cutover-architect
3
3
  description: Plan OCI migrations and cutovers with Cloud Migrations, dependency discovery, waves, rollback, DNS, data sync, validation, and support readiness. Use for migration assessment, move groups, cutover runbooks, and go/no-go reviews.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: delivery
7
10
  ---
8
11
 
9
12
  # OCI Migration Cutover Architect
package/skills/oci/oci-multi-cloud-architect/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-multi-cloud-architect
3
3
  description: Design and review OCI multi-cloud architectures connecting Oracle Cloud Infrastructure with AWS, Azure, Google Cloud, on-premises, or SaaS through VPN, FastConnect, Direct Connect, ExpressRoute, Cloud Interconnect, identity federation, DNS, routing, security, observability, and operating-model controls.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: platform
7
10
  ---
8
11
 
9
12
  # OCI Multi-Cloud Architect
package/skills/oci/oci-mysql-heatwave-ai-specialist/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-mysql-heatwave-ai-specialist
3
3
  description: OCI Operate and review MySQL HeatWave, MySQL AI, vector/RAG workflows, connection configs, object storage ingestion, and SQL safety. Use for MySQL AI questions, HeatWave ML, vector store loading, and MySQL operational reviews.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: ai
7
10
  ---
8
11
 
9
12
  # OCI MySQL HeatWave AI Specialist
package/skills/oci/oci-network-architect/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-network-architect
3
3
  description: Design, review, and troubleshoot OCI networking with safe compartment/region scoping, least-privilege network access, VCN/subnet/routing/security-list/NSG analysis, and evidence-based MCP or CLI discovery.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: networking
7
10
  ---
8
11
 
9
12
  # OCI Network Architect
package/skills/oci/oci-observability-incident-responder/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-observability-incident-responder
3
3
  description: Operate as a ruthless OCI observability and incident responder for Monitoring alarms, Logging, Events, Notifications, service health, metrics, runbooks, and IAM-scoped incident response. Use when work touches OCI alarms, telemetry, alert triage, incident evidence, or response permissions.
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: observability
7
10
  ---
8
11
 
9
12
  # OCI Observability Incident Responder
package/skills/oci/oci-recovery-service-operator/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-recovery-service-operator
3
3
  description: Operate OCI Recovery Service protected databases, protection policies, recovery service subnets, backup health, redo status, and recovery metrics. Use for database recovery posture, protected database health, and restore readiness.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: resilience
7
10
  ---
8
11
 
9
12
  # OCI Recovery Service Operator
package/skills/oci/oci-registry-artifact-governor/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-registry-artifact-governor
3
3
  description: Govern OCI Registry repositories, container images, artifact access, retention, promotion, and deployment safety. Use for OCIR repository reviews, image lifecycle, DevOps/OKE integration, and least-privilege push/pull access.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: delivery
7
10
  ---
8
11
 
9
12
  # OCI Registry Artifact Governor
package/skills/oci/oci-resource-search-inventory-analyst/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-resource-search-inventory-analyst
3
3
  description: Build OCI resource inventories and dependency maps using Resource Search, compartments, tags, and cross-service discovery. Use for tenancy inventory, ownership gaps, orphan detection, migration scoping, and architecture evidence collection.
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: platform
7
10
  ---
8
11
 
9
12
  # OCI Resource Search Inventory Analyst
package/skills/oci/oci-security-compliance-reviewer/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-security-compliance-reviewer
3
3
  description: "Review Oracle Cloud Infrastructure security, IAM, network, logging, encryption, and compliance posture. Use when asked to audit OCI policies, compartments, tenancy security, Cloud Guard findings, buckets, vaults, security lists, NSGs, or least-privilege access; prepare compliance evidence; or challenge risky OCI admin assumptions before changes."
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: compliance
7
10
  ---
8
11
 
9
12
  # OCI Security Compliance Reviewer
package/skills/oci/oci-solution-architect/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-solution-architect
3
3
  description: Design, review, and stress-test Oracle Cloud Infrastructure solution architectures across identity, compartments, networking, compute, database, storage, observability, security, reliability, cost, and operations. Use when asked for OCI landing zones, target architectures, architecture review boards, migration designs, production readiness, or tradeoff decisions.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: platform
7
10
  ---
8
11
 
9
12
  # OCI Solution Architect
package/skills/oci/oci-storage-backup-steward/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-storage-backup-steward
3
3
  description: Operate as a ruthless OCI storage and backup steward for Object Storage, Block Volume, File Storage, backup policies, retention, replication, lifecycle rules, restore readiness, and IAM-scoped storage operations. Use when work touches OCI storage inventory, backup posture, recovery planning, or storage permissions.
4
+ allowed-tools: Read Grep Glob
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: resilience
7
10
  ---
8
11
 
9
12
  # OCI Storage Backup Steward
package/skills/oci/oci-support-incident-coordinator/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oci-support-incident-coordinator
3
3
  description: Coordinate OCI support incidents with evidence quality, severity discipline, resource scope, timelines, and escalation readiness. Use for support tickets, incident evidence packs, Oracle SR preparation, and post-incident follow-up.
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: observability
7
10
  ---
8
11
 
9
12
  # OCI Support Incident Coordinator
package/skills/oci/oracle-oci-mcp-grounded-advisor/SKILL.md CHANGED
@@ -1,9 +1,12 @@
1
1
  ---
2
2
  name: oracle-oci-mcp-grounded-advisor
3
3
  description: Use this skill when the user asks about Oracle MCP servers, SQLcl MCP, OCI MCP, Oracle Database agent access, OCI automation, or cloud/database advice that must be grounded in official Oracle sources.
4
+ allowed-tools: Read Grep Glob WebFetch
4
5
  metadata:
5
6
  author: github: Raishin
6
7
  version: 0.1.0
8
+ updated: "2026-05-05"
9
+ category: ai
7
10
  ---
8
11
 
9
12
  # Oracle and OCI MCP Grounded Advisor
package/skills/opentelemetry/README.md ADDED
@@ -0,0 +1,31 @@
1
+ # 🔭 OpenTelemetry Skills
2
+
3
+ <p align="center">
4
+ <!-- 🖼️ Add an OpenTelemetry logo to assets/logos/cnative/opentelemetry/ and update this path -->
5
+ <span style="font-size:3.5em">🔭</span>
6
+ </p>
7
+
8
+ This folder contains OpenTelemetry-focused skills curated for this marketplace.
9
+
10
+ ## Local marketplace portfolio
11
+
12
+ This folder contains **1** local OpenTelemetry skill:
13
+
14
+ - `opentelemetry-collector-config-review`
15
+
16
+ ## Portfolio posture
17
+
18
+ OpenTelemetry skills for evidence-backed observability pipeline review covering the four `OpenTelemetryCollector` deployment modes (`deployment`, `statefulset`, `daemonset`, `sidecar`), the `Instrumentation` CR for auto-instrumentation across Java/Node/Python/.NET/Go, the Target Allocator for distributed Prometheus scraping, and exporter/processor/receiver pipeline correctness.
19
+
20
+ These skills are intentionally conservative:
21
+
22
+ - prefer `kubectl get opentelemetrycollectors,instrumentations -A -o yaml` for live collector state grounding before any review
23
+ - treat **collector pipeline with no exporter** as a critical finding — telemetry is silently dropped at collector boundary
24
+ - treat **removal of `memory_limiter` processor** as a critical finding — collector OOMs and loses spans/metrics
25
+ - challenge tail sampling rule changes — past spans are not re-evaluated, sampling drift is permanent for already-collected windows
26
+ - challenge `Instrumentation` CR removal from a running namespace — auto-instrumented pods stop emitting telemetry on next restart
27
+ - challenge collector `service.pipelines` lacking the `k8sattributes` processor — telemetry loses Kubernetes context (namespace, pod, deployment)
28
+ - challenge TLS `insecure: true` on production exporters — telemetry data flows in plaintext, often containing PII
29
+ - use official OpenTelemetry documentation (opentelemetry.io, opentelemetry-operator) for Collector/Instrumentation CRD syntax, processor pipelines, and Target Allocator semantics
30
+
31
+ Run `npm run validate` after changing cataloged OpenTelemetry skills.
package/skills/opentelemetry/opentelemetry-collector-config-review/SKILL.md ADDED
@@ -0,0 +1,47 @@
1
+ ---
2
+ name: opentelemetry-collector-config-review
3
+ description: Use this skill for OpenTelemetry Operator review covering OpenTelemetryCollector deployment modes (Deployment, StatefulSet, DaemonSet, Sidecar), Instrumentation CR auto-instrumentation across Java/Node/Python/.NET/Go, Target Allocator for distributed Prometheus scraping, and pipeline correctness across receivers, processors, and exporters. Trigger when the user asks whether a collector configuration will lose telemetry, whether the right deployment mode is used, whether memory_limiter and batch are present, whether tail_sampling is safe to change, or whether auto-instrumentation will cover a workload after restart.
4
+ allowed-tools: Read Grep Glob
5
+ metadata:
6
+ author: "github: Raishin"
7
+ version: "0.1.0"
8
+ updated: "2026-05-05"
9
+ category: observability
10
+ ---
11
+
12
+ # OpenTelemetry Collector Config Review
13
+
14
+ ## Purpose
15
+
16
+ Review OpenTelemetry Operator-managed `OpenTelemetryCollector` and `Instrumentation` resources against pipeline correctness, deployment-mode appropriateness, memory safety, sampling integrity, exporter security, and Kubernetes-attribute enrichment. Telemetry pipelines fail silently — a misconfigured exporter drops every span; a missing `memory_limiter` OOMs the collector; a deleted `Instrumentation` resource stops auto-instrumentation on next pod restart.
17
+
18
+ ## Lean operating rules
19
+
20
+ - Prefer live cluster evidence (`kubectl get opentelemetrycollectors,instrumentations -A -o yaml` plus collector logs and metrics) when the active client exposes it; otherwise fall back to official OpenTelemetry documentation (opentelemetry.io, opentelemetry-operator) and sanitized YAML.
21
+ - Separate confirmed facts from inference. If collector pipeline state, exporter health, or `Instrumentation` propagation was not queried, say so.
22
+ - Treat **a pipeline with no exporter** (or with only `debug` exporter in production) as a critical finding — telemetry is dropped at the collector.
23
+ - Treat **removal of the `memory_limiter` processor** as a critical finding — collector OOMs and loses spans/metrics on burst traffic.
24
+ - Treat **removal of the `k8sattributes` processor** as a high finding — telemetry loses `k8s.namespace.name`, `k8s.pod.name`, `k8s.deployment.name`, and SLO dashboards lose context.
25
+ - Challenge tail sampling rule changes — past spans are not re-evaluated; sampling drift is permanent for already-collected windows.
26
+ - Challenge `Instrumentation` CR removal in a running namespace — auto-instrumented pods stop emitting telemetry after their next restart.
27
+ - Challenge collector exporters with `tls.insecure: true` in production — telemetry data flows in plaintext, often containing PII/PHI.
28
+ - Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.
29
+
30
+ ## References
31
+
32
+ Load these only when needed:
33
+
34
+ - [Evidence path and tooling](references/mcp-and-evidence.md) — use when choosing live evidence, confirming Operator version and Collector pipeline state, or switching to documentation mode.
35
+ - [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review, applying stress checks per deployment mode, or formatting the final answer.
36
+ - [Official sources](references/official-sources.md) — use when you need the detailed OpenTelemetry documentation list, processor pipeline references, and grounded insights.
37
+
38
+ ## Response minimum
39
+
40
+ Return, at minimum:
41
+
42
+ - the scoped target (`OpenTelemetryCollector` of which mode, `Instrumentation` CR, or pipeline element) and evidence level,
43
+ - the deployment-mode appropriateness (Deployment / StatefulSet / DaemonSet / Sidecar) for the use case,
44
+ - the pipeline correctness (receivers, processors, exporters all present and ordered safely),
45
+ - the failure mode if exporter is unreachable or downstream is full (queue, drop, retry semantics),
46
+ - the safest next actions and rollback plan,
47
+ - the assumptions or blockers that prevent stronger conclusions.
package/skills/opentelemetry/opentelemetry-collector-config-review/metadata.json ADDED
@@ -0,0 +1,30 @@
1
+ {
2
+ "id": "opentelemetry-collector-config-review",
3
+ "name": "OpenTelemetry Collector Config Review",
4
+ "type": "skill",
5
+ "provider": "opentelemetry",
6
+ "harnesses": [
7
+ "codex",
8
+ "claude-code",
9
+ "cursor",
10
+ "gemini",
11
+ "kiro",
12
+ "other"
13
+ ],
14
+ "summary": "Review OpenTelemetry Operator OpenTelemetryCollector and Instrumentation resources for deployment-mode appropriateness, pipeline correctness, memory_limiter and k8sattributes presence, exporter security, and sampling integrity.",
15
+ "source_type": "original",
16
+ "official_docs": [
17
+ "https://opentelemetry.io/docs/",
18
+ "https://opentelemetry.io/docs/collector/",
19
+ "https://opentelemetry.io/docs/collector/configuration/",
20
+ "https://opentelemetry.io/docs/kubernetes/operator/",
21
+ "https://opentelemetry.io/docs/kubernetes/operator/automatic/",
22
+ "https://opentelemetry.io/docs/kubernetes/operator/target-allocator/",
23
+ "https://github.com/open-telemetry/opentelemetry-operator"
24
+ ],
25
+ "security_notes": "Pipeline with no exporter silently drops telemetry. Missing memory_limiter causes collector OOM under burst. Missing k8sattributes drops Kubernetes context. Tail sampling changes are not retroactive. Removing Instrumentation CR stops auto-instrumentation on next pod restart.",
26
+ "last_verified": "2026-05-01",
27
+ "path": "skills/opentelemetry/opentelemetry-collector-config-review",
28
+ "author": "github: Raishin",
29
+ "version": "0.1.0"
30
+ }
package/skills/opentelemetry/opentelemetry-collector-config-review/references/mcp-and-evidence.md ADDED
@@ -0,0 +1,49 @@
1
+ # Evidence Path and Tooling
2
+
3
+ ## Evidence path
4
+
5
+ 1. Prefer live cluster evidence when a Kubernetes MCP server, `kubectl`, and access to the OpenTelemetry Operator namespace are available.
6
+ 2. Fall back to official OpenTelemetry documentation (opentelemetry.io, opentelemetry-operator GitHub) when live inspection is unavailable.
7
+ 3. Ask only for sanitized `OpenTelemetryCollector` / `Instrumentation` YAML, collector logs, and target backend reachability evidence when current-state proof matters.
8
+ 4. Label conclusions as `live evidence`, `documentation-based`, `sanitized user evidence`, or `inference`.
9
+
10
+ ## Useful live-evidence commands
11
+
12
+ ```shell
13
+ # All Collectors and Instrumentation CRs across the cluster
14
+ kubectl get opentelemetrycollectors,instrumentations -A -o yaml
15
+
16
+ # Detailed Collector status — replicas, mode, generated config map
17
+ kubectl -n <ns> get opentelemetrycollector <name> -o yaml
18
+ kubectl -n <ns> get configmap <collector-name>-collector -o yaml
19
+
20
+ # Operator state
21
+ kubectl -n opentelemetry-operator-system get deploy,svc,validatingwebhookconfiguration
22
+
23
+ # Collector pod logs — confirm pipeline is processing data
24
+ kubectl -n <ns> logs deploy/<collector-name>-collector --tail=200 -f
25
+
26
+ # Collector internal metrics (Prometheus on :8888 by default)
27
+ kubectl -n <ns> port-forward svc/<collector-name>-collector 8888:8888
28
+ curl http://localhost:8888/metrics | grep otelcol_
29
+
30
+ # Auto-instrumentation propagation — which pods received the init container?
31
+ kubectl get pods -A -o jsonpath='{range .items[?(@.metadata.annotations.instrumentation\.opentelemetry\.io/inject-java=="true")]}{.metadata.namespace}/{.metadata.name}{"\n"}{end}'
32
+
33
+ # Verify exporter reachability from within the collector pod
34
+ kubectl -n <ns> exec -it deploy/<collector-name>-collector -- nc -zv <exporter-host> <exporter-port>
35
+ ```
36
+
37
+ ## Operator and Collector state to confirm before review
38
+
39
+ - Operator version (`kubectl -n opentelemetry-operator-system get deploy opentelemetry-operator-controller-manager -o jsonpath='{.spec.template.spec.containers[*].image}'`) — `OpenTelemetryCollector` API has evolved; `v1beta1` is the current stable.
40
+ - Collector image and version — different versions support different receivers/processors/exporters. The contrib distribution has a much wider set than the core distribution.
41
+ - Whether Target Allocator is deployed — required for `mode: statefulset` Prometheus scraping at scale.
42
+ - Whether `Instrumentation` CRs exist and which language images are pinned (Java, Node, Python, .NET, Go) — version drift between auto-instrumentation images and application runtimes is a common silent failure mode.
43
+ - Backend reachability — the actual telemetry destination (vendor SaaS, Tempo, Jaeger, Prometheus remote write, Loki) must accept the collector's data; check from inside the pod.
44
+
45
+ ## Sanitization rules
46
+
47
+ - Never request kubeconfig contents, vendor API keys, OTLP bearer tokens, or backend authentication secrets.
48
+ - Replace identifiable backend hostnames, vendor URLs, and tenant IDs with placeholders unless the user provides them.
49
+ - Do not print the collector's `Authorization` header values; reference them by configuration key only.
package/skills/opentelemetry/opentelemetry-collector-config-review/references/official-sources.md ADDED
@@ -0,0 +1,31 @@
1
+ # Official Sources
2
+
3
+ Load these only when needed:
4
+
5
+ - [OpenTelemetry documentation home](https://opentelemetry.io/docs/) — use as the entry point for any OTEL question.
6
+ - [Collector overview](https://opentelemetry.io/docs/collector/) — use for collector architecture, distributions (core vs contrib), and component model.
7
+ - [Collector configuration](https://opentelemetry.io/docs/collector/configuration/) — use for receivers, processors, exporters, extensions, and `service.pipelines` syntax.
8
+ - [Operator overview](https://opentelemetry.io/docs/kubernetes/operator/) — use for `OpenTelemetryCollector` CRD, deployment modes, and Operator behavior.
9
+ - [Operator automatic instrumentation](https://opentelemetry.io/docs/kubernetes/operator/automatic/) — use for `Instrumentation` CR, language-specific init containers, annotation-based pod injection.
10
+ - [Target Allocator](https://opentelemetry.io/docs/kubernetes/operator/target-allocator/) — use for sharding Prometheus scrape jobs across collector replicas.
11
+ - [opentelemetry-operator GitHub](https://github.com/open-telemetry/opentelemetry-operator) — use for CRD source, examples, and recent feature notes.
12
+ - [opentelemetry-collector-contrib processors](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor) — use for `k8sattributes`, `resourcedetection`, `tail_sampling`, `transform`, `filter`, `routing` processor configs.
13
+ - [opentelemetry-collector-contrib receivers](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver) — use for `kubeletstats`, `k8s_cluster`, `prometheus`, `filelog` receiver configs.
14
+ - [opentelemetry-collector-contrib exporters](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter) — use for vendor exporters and queue/retry semantics.
15
+ - [Sampling guide](https://opentelemetry.io/docs/concepts/sampling/) — use when designing tail sampling vs probabilistic sampling vs head sampling.
16
+ - [Semantic conventions for Kubernetes](https://opentelemetry.io/docs/specs/semconv/resource/k8s/) — use for the canonical `k8s.*` attribute names that `k8sattributes` populates.
17
+ - [Collector internal observability](https://opentelemetry.io/docs/collector/internal-telemetry/) — use for `otelcol_*` self-metrics that diagnose collector health.
18
+
19
+ ## Grounded insights worth carrying into the skill
20
+
21
+ - The OpenTelemetry Operator manages `OpenTelemetryCollector` and `Instrumentation` CRs and supports four deployment modes: `deployment`, `statefulset`, `daemonset`, and `sidecar`. Each is appropriate for a different use case and the wrong mode silently produces incomplete or duplicate data.
22
+ - A pipeline with **no exporter** is valid YAML and silently drops every span/metric/log. The collector emits an internal warning at startup but otherwise behaves as if data is being processed.
23
+ - `memory_limiter` is the only protection against OOM under burst load. Without it, the collector consumes memory until the kernel kills the pod and loses everything in flight. It is recommended as the **first processor** in every pipeline.
24
+ - `batch` is recommended **last before exporters** because batching drops in-flight individual signals into batched export calls. Without it, every span is a separate export, which destroys throughput at any meaningful volume.
25
+ - `k8sattributes` enriches signals with Kubernetes object names. Without it, traces and metrics cannot be grouped by namespace/pod/deployment, breaking SLO dashboards and alerting. It requires RBAC: `pods/get,list,watch`, `namespaces/get,list,watch`, `replicasets/get,list,watch`.
26
+ - `tail_sampling` is the most common production sampling mode because it samples on complete trace properties (root span attributes, total duration). The critical caveat: **changes are not retroactive** — already-collected windows do not re-sample, so a sampling change creates a discontinuity in observed trace counts.
27
+ - `Instrumentation` CR removal is invisible to running pods; the next pod restart silently starts without auto-instrumentation. Many silent SLO regressions trace back to an `Instrumentation` CR being removed during a "cleanup".
28
+ - The Target Allocator is required for any `mode: statefulset` Prometheus collector serving more than a handful of scrape targets. Without it, every replica scrapes every target and the data is duplicated.
29
+ - Auto-instrumentation images are pinned per language (Java, Node.js, Python, .NET, Go). When the application's runtime version moves ahead of the instrumentation image, instrumentation can fail to load silently. Treat the auto-instrumentation image versions as a cataloged dependency.
30
+ - The collector exposes its own metrics on `:8888/metrics`. The most useful Prometheus series for diagnosing pipeline health: `otelcol_exporter_send_failed_spans`, `otelcol_processor_dropped_spans`, `otelcol_receiver_refused_spans`, `otelcol_processor_batch_send_size`. Any non-zero value on the failure counters is a finding.
31
+ - The `debug` exporter (formerly `logging` exporter) prints to the collector's stdout and is meant for development. It is a frequent silent failure mode in production when someone replaced a real exporter with `debug` for debugging and forgot to restore it.