@raishin/vanguard-frontier-agentic 1.6.0 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +49 -11
- package/agents/AGENTS.md +83 -0
- package/agents/README.md +10 -0
- package/agents/contabo/README.md +174 -0
- package/agents/contabo/contabo-capacity-planner-agent/AGENT.md +49 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/codex.toml +33 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/copilot.agent.md +36 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/cursor.agent.md +36 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/gemini.agent.md +36 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/kiro-ide.agent.md +36 -0
- package/agents/contabo/contabo-capacity-planner-agent/metadata.json +27 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/AGENT.md +50 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/codex.toml +33 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/copilot.agent.md +37 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/cursor.agent.md +37 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/gemini.agent.md +37 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/metadata.json +27 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/AGENT.md +53 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/claude-code.agent.md +40 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/codex.toml +34 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/copilot.agent.md +40 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/cursor.agent.md +40 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/gemini.agent.md +40 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/kiro-ide.agent.md +40 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/metadata.json +26 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/AGENT.md +54 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/codex.toml +34 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/copilot.agent.md +38 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/cursor.agent.md +38 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/gemini.agent.md +38 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/metadata.json +26 -0
- package/agents/contabo/contabo-maestro-agent/AGENT.md +49 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/codex.toml +33 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/copilot.agent.md +37 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/cursor.agent.md +37 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/gemini.agent.md +37 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/contabo/contabo-maestro-agent/metadata.json +26 -0
- package/agents/contabo/contabo-security-hardening-agent/AGENT.md +49 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/codex.toml +34 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/copilot.agent.md +37 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/cursor.agent.md +37 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/gemini.agent.md +37 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/contabo/contabo-security-hardening-agent/metadata.json +26 -0
- package/agents/hetzner/README.md +156 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/AGENT.md +50 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/codex.toml +33 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/copilot.agent.md +38 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/cursor.agent.md +38 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/gemini.agent.md +38 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/metadata.json +27 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/AGENT.md +50 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/codex.toml +33 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/copilot.agent.md +38 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/cursor.agent.md +38 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/gemini.agent.md +38 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/metadata.json +27 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/AGENT.md +50 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/codex.toml +33 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/copilot.agent.md +38 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/cursor.agent.md +38 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/gemini.agent.md +38 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/metadata.json +27 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/AGENT.md +62 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/claude-code.agent.md +44 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/codex.toml +47 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/copilot.agent.md +44 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/cursor.agent.md +44 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/gemini.agent.md +44 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/kiro-ide.agent.md +44 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/metadata.json +27 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/AGENT.md +62 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/claude-code.agent.md +45 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/codex.toml +50 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/copilot.agent.md +45 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/cursor.agent.md +45 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/gemini.agent.md +45 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/kiro-ide.agent.md +45 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/metadata.json +27 -0
- package/agents/hetzner/hetzner-maestro-agent/AGENT.md +50 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/codex.toml +33 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/copilot.agent.md +38 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/cursor.agent.md +38 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/gemini.agent.md +38 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/hetzner/hetzner-maestro-agent/metadata.json +26 -0
- package/agents/ionos/README.md +136 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/AGENT.md +48 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/codex.toml +31 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/copilot.agent.md +36 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/cursor.agent.md +36 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/gemini.agent.md +36 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/kiro-ide.agent.md +36 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/metadata.json +25 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/AGENT.md +49 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/codex.toml +32 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/copilot.agent.md +37 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/cursor.agent.md +37 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/gemini.agent.md +37 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/metadata.json +25 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/AGENT.md +48 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/codex.toml +31 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/copilot.agent.md +36 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/cursor.agent.md +36 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/gemini.agent.md +36 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/kiro-ide.agent.md +36 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/metadata.json +25 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/AGENT.md +53 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/codex.toml +33 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/copilot.agent.md +37 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/cursor.agent.md +37 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/gemini.agent.md +37 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/metadata.json +25 -0
- package/agents/ionos/ionos-maestro-agent/AGENT.md +48 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/codex.toml +31 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/copilot.agent.md +36 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/cursor.agent.md +36 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/gemini.agent.md +36 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/kiro-ide.agent.md +36 -0
- package/agents/ionos/ionos-maestro-agent/metadata.json +24 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/AGENT.md +49 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/codex.toml +32 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/copilot.agent.md +37 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/cursor.agent.md +37 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/gemini.agent.md +37 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/metadata.json +25 -0
- package/agents/ovhcloud/README.md +113 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/AGENT.md +47 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/codex.toml +31 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/copilot.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/cursor.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/gemini.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/metadata.json +24 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/AGENT.md +47 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/codex.toml +31 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/copilot.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/cursor.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/gemini.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/metadata.json +24 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/AGENT.md +47 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/codex.toml +31 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/copilot.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/cursor.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/gemini.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/metadata.json +24 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/AGENT.md +52 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/claude-code.agent.md +40 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/codex.toml +38 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/copilot.agent.md +40 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/cursor.agent.md +40 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/gemini.agent.md +40 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/kiro-ide.agent.md +40 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/metadata.json +23 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/AGENT.md +47 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/codex.toml +31 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/copilot.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/cursor.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/gemini.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/metadata.json +24 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/AGENT.md +47 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/codex.toml +31 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/copilot.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/cursor.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/gemini.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/metadata.json +24 -0
- package/agents/scaleway/README.md +142 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/AGENT.md +47 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/codex.toml +32 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/copilot.agent.md +35 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/cursor.agent.md +35 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/gemini.agent.md +35 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/metadata.json +26 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/AGENT.md +47 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/codex.toml +32 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/copilot.agent.md +35 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/cursor.agent.md +35 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/gemini.agent.md +35 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/metadata.json +25 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/AGENT.md +47 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/codex.toml +32 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/copilot.agent.md +35 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/cursor.agent.md +35 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/gemini.agent.md +35 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/metadata.json +26 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/AGENT.md +58 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/claude-code.agent.md +46 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/codex.toml +40 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/copilot.agent.md +46 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/cursor.agent.md +46 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/gemini.agent.md +46 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/kiro-ide.agent.md +46 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/metadata.json +26 -0
- package/agents/scaleway/scaleway-maestro-agent/AGENT.md +47 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/codex.toml +31 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/copilot.agent.md +35 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/cursor.agent.md +35 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/gemini.agent.md +35 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/scaleway/scaleway-maestro-agent/metadata.json +24 -0
- package/agents/scaleway/scaleway-network-architect-agent/AGENT.md +47 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/codex.toml +32 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/copilot.agent.md +35 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/cursor.agent.md +35 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/gemini.agent.md +35 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/scaleway/scaleway-network-architect-agent/metadata.json +26 -0
- package/assets/logos/cloud/contabo/contabo-logo.png +0 -0
- package/assets/logos/cloud/contabo/contabo-logo.svg +21 -0
- package/assets/logos/cloud/hetzner/hetzner-logo.svg +1 -0
- package/assets/logos/cloud/ionos/ionos-logo.svg +1 -0
- package/assets/logos/cloud/ovhcloud/ovhcloud-logo.svg +27 -0
- package/assets/logos/cloud/scaleway/scaleway-logo.svg +1 -0
- package/catalog/agents.json +954 -160
- package/catalog/install-roles.json +54 -6
- package/catalog/skill-manifest.json +960 -0
- package/catalog/skills.json +950 -165
- package/package.json +7 -5
- package/schemas/agent.schema.json +5 -0
- package/scripts/export-marketplace-agents.mjs +1 -1
- package/skills/contabo/contabo-capacity-planner/SKILL.md +71 -0
- package/skills/contabo/contabo-capacity-planner/metadata.json +26 -0
- package/skills/contabo/contabo-capacity-planner/references/official-sources.md +16 -0
- package/skills/contabo/contabo-capacity-planner/references/safety-checklist.md +26 -0
- package/skills/contabo/contabo-capacity-planner/references/workflow-and-output.md +73 -0
- package/skills/contabo/contabo-cost-optimization-analyst/SKILL.md +56 -0
- package/skills/contabo/contabo-cost-optimization-analyst/metadata.json +26 -0
- package/skills/contabo/contabo-cost-optimization-analyst/references/official-sources.md +17 -0
- package/skills/contabo/contabo-cost-optimization-analyst/references/safety-checklist.md +25 -0
- package/skills/contabo/contabo-cost-optimization-analyst/references/workflow-and-output.md +63 -0
- package/skills/contabo/contabo-live-instance-lifecycle-guard/SKILL.md +91 -0
- package/skills/contabo/contabo-live-instance-lifecycle-guard/metadata.json +25 -0
- package/skills/contabo/contabo-live-instance-lifecycle-guard/references/official-sources.md +16 -0
- package/skills/contabo/contabo-live-instance-lifecycle-guard/references/safety-checklist.md +43 -0
- package/skills/contabo/contabo-live-instance-lifecycle-guard/references/workflow-and-output.md +63 -0
- package/skills/contabo/contabo-live-storage-operations-guard/SKILL.md +92 -0
- package/skills/contabo/contabo-live-storage-operations-guard/metadata.json +25 -0
- package/skills/contabo/contabo-live-storage-operations-guard/references/official-sources.md +16 -0
- package/skills/contabo/contabo-live-storage-operations-guard/references/safety-checklist.md +44 -0
- package/skills/contabo/contabo-live-storage-operations-guard/references/workflow-and-output.md +59 -0
- package/skills/contabo/contabo-maestro/SKILL.md +61 -0
- package/skills/contabo/contabo-maestro/metadata.json +25 -0
- package/skills/contabo/contabo-maestro/references/official-sources.md +17 -0
- package/skills/contabo/contabo-maestro/references/safety-checklist.md +24 -0
- package/skills/contabo/contabo-maestro/references/workflow-and-output.md +52 -0
- package/skills/contabo/contabo-security-hardening/SKILL.md +57 -0
- package/skills/contabo/contabo-security-hardening/metadata.json +25 -0
- package/skills/contabo/contabo-security-hardening/references/official-sources.md +16 -0
- package/skills/contabo/contabo-security-hardening/references/safety-checklist.md +27 -0
- package/skills/contabo/contabo-security-hardening/references/workflow-and-output.md +65 -0
- package/skills/hetzner/hetzner-capacity-planner/SKILL.md +56 -0
- package/skills/hetzner/hetzner-capacity-planner/metadata.json +26 -0
- package/skills/hetzner/hetzner-capacity-planner/references/official-sources.md +27 -0
- package/skills/hetzner/hetzner-capacity-planner/references/safety-checklist.md +28 -0
- package/skills/hetzner/hetzner-capacity-planner/references/workflow-and-output.md +73 -0
- package/skills/hetzner/hetzner-cost-optimization-analyst/SKILL.md +55 -0
- package/skills/hetzner/hetzner-cost-optimization-analyst/metadata.json +26 -0
- package/skills/hetzner/hetzner-cost-optimization-analyst/references/official-sources.md +26 -0
- package/skills/hetzner/hetzner-cost-optimization-analyst/references/safety-checklist.md +27 -0
- package/skills/hetzner/hetzner-cost-optimization-analyst/references/workflow-and-output.md +65 -0
- package/skills/hetzner/hetzner-infrastructure-reviewer/SKILL.md +56 -0
- package/skills/hetzner/hetzner-infrastructure-reviewer/metadata.json +26 -0
- package/skills/hetzner/hetzner-infrastructure-reviewer/references/official-sources.md +26 -0
- package/skills/hetzner/hetzner-infrastructure-reviewer/references/safety-checklist.md +27 -0
- package/skills/hetzner/hetzner-infrastructure-reviewer/references/workflow-and-output.md +67 -0
- package/skills/hetzner/hetzner-live-firewall-rule-guard/SKILL.md +63 -0
- package/skills/hetzner/hetzner-live-firewall-rule-guard/metadata.json +26 -0
- package/skills/hetzner/hetzner-live-firewall-rule-guard/references/official-sources.md +28 -0
- package/skills/hetzner/hetzner-live-firewall-rule-guard/references/safety-checklist.md +40 -0
- package/skills/hetzner/hetzner-live-firewall-rule-guard/references/workflow-and-output.md +80 -0
- package/skills/hetzner/hetzner-live-server-lifecycle-guard/SKILL.md +65 -0
- package/skills/hetzner/hetzner-live-server-lifecycle-guard/metadata.json +26 -0
- package/skills/hetzner/hetzner-live-server-lifecycle-guard/references/official-sources.md +29 -0
- package/skills/hetzner/hetzner-live-server-lifecycle-guard/references/safety-checklist.md +42 -0
- package/skills/hetzner/hetzner-live-server-lifecycle-guard/references/workflow-and-output.md +88 -0
- package/skills/hetzner/hetzner-maestro/SKILL.md +61 -0
- package/skills/hetzner/hetzner-maestro/metadata.json +25 -0
- package/skills/hetzner/hetzner-maestro/references/official-sources.md +19 -0
- package/skills/hetzner/hetzner-maestro/references/safety-checklist.md +25 -0
- package/skills/hetzner/hetzner-maestro/references/workflow-and-output.md +56 -0
- package/skills/ionos/ionos-cost-optimization-analyst/SKILL.md +57 -0
- package/skills/ionos/ionos-cost-optimization-analyst/metadata.json +27 -0
- package/skills/ionos/ionos-cost-optimization-analyst/references/official-sources.md +16 -0
- package/skills/ionos/ionos-cost-optimization-analyst/references/safety-checklist.md +25 -0
- package/skills/ionos/ionos-cost-optimization-analyst/references/workflow-and-output.md +65 -0
- package/skills/ionos/ionos-datacenter-designer-reviewer/SKILL.md +56 -0
- package/skills/ionos/ionos-datacenter-designer-reviewer/metadata.json +27 -0
- package/skills/ionos/ionos-datacenter-designer-reviewer/references/official-sources.md +16 -0
- package/skills/ionos/ionos-datacenter-designer-reviewer/references/safety-checklist.md +28 -0
- package/skills/ionos/ionos-datacenter-designer-reviewer/references/workflow-and-output.md +70 -0
- package/skills/ionos/ionos-kubernetes-platform-operator/SKILL.md +57 -0
- package/skills/ionos/ionos-kubernetes-platform-operator/metadata.json +27 -0
- package/skills/ionos/ionos-kubernetes-platform-operator/references/official-sources.md +16 -0
- package/skills/ionos/ionos-kubernetes-platform-operator/references/safety-checklist.md +27 -0
- package/skills/ionos/ionos-kubernetes-platform-operator/references/workflow-and-output.md +76 -0
- package/skills/ionos/ionos-live-database-lifecycle-guard/SKILL.md +66 -0
- package/skills/ionos/ionos-live-database-lifecycle-guard/metadata.json +27 -0
- package/skills/ionos/ionos-live-database-lifecycle-guard/references/official-sources.md +16 -0
- package/skills/ionos/ionos-live-database-lifecycle-guard/references/safety-checklist.md +37 -0
- package/skills/ionos/ionos-live-database-lifecycle-guard/references/workflow-and-output.md +58 -0
- package/skills/ionos/ionos-maestro/SKILL.md +54 -0
- package/skills/ionos/ionos-maestro/metadata.json +26 -0
- package/skills/ionos/ionos-maestro/references/official-sources.md +15 -0
- package/skills/ionos/ionos-maestro/references/safety-checklist.md +24 -0
- package/skills/ionos/ionos-maestro/references/workflow-and-output.md +57 -0
- package/skills/ionos/ionos-security-compliance-reviewer/SKILL.md +57 -0
- package/skills/ionos/ionos-security-compliance-reviewer/metadata.json +27 -0
- package/skills/ionos/ionos-security-compliance-reviewer/references/official-sources.md +16 -0
- package/skills/ionos/ionos-security-compliance-reviewer/references/safety-checklist.md +26 -0
- package/skills/ionos/ionos-security-compliance-reviewer/references/workflow-and-output.md +65 -0
- package/skills/ovhcloud/ovhcloud-cost-finops-analyst/SKILL.md +53 -0
- package/skills/ovhcloud/ovhcloud-cost-finops-analyst/metadata.json +26 -0
- package/skills/ovhcloud/ovhcloud-cost-finops-analyst/references/official-sources.md +15 -0
- package/skills/ovhcloud/ovhcloud-cost-finops-analyst/references/safety-checklist.md +26 -0
- package/skills/ovhcloud/ovhcloud-cost-finops-analyst/references/workflow-and-output.md +61 -0
- package/skills/ovhcloud/ovhcloud-iam-policy-review/SKILL.md +52 -0
- package/skills/ovhcloud/ovhcloud-iam-policy-review/metadata.json +26 -0
- package/skills/ovhcloud/ovhcloud-iam-policy-review/references/official-sources.md +15 -0
- package/skills/ovhcloud/ovhcloud-iam-policy-review/references/safety-checklist.md +25 -0
- package/skills/ovhcloud/ovhcloud-iam-policy-review/references/workflow-and-output.md +62 -0
- package/skills/ovhcloud/ovhcloud-kubernetes-platform-operator/SKILL.md +53 -0
- package/skills/ovhcloud/ovhcloud-kubernetes-platform-operator/metadata.json +26 -0
- package/skills/ovhcloud/ovhcloud-kubernetes-platform-operator/references/official-sources.md +15 -0
- package/skills/ovhcloud/ovhcloud-kubernetes-platform-operator/references/safety-checklist.md +26 -0
- package/skills/ovhcloud/ovhcloud-kubernetes-platform-operator/references/workflow-and-output.md +64 -0
- package/skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard/SKILL.md +55 -0
- package/skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard/metadata.json +25 -0
- package/skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard/references/official-sources.md +14 -0
- package/skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard/references/safety-checklist.md +33 -0
- package/skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard/references/workflow-and-output.md +69 -0
- package/skills/ovhcloud/ovhcloud-maestro/SKILL.md +50 -0
- package/skills/ovhcloud/ovhcloud-maestro/metadata.json +26 -0
- package/skills/ovhcloud/ovhcloud-maestro/references/official-sources.md +15 -0
- package/skills/ovhcloud/ovhcloud-maestro/references/safety-checklist.md +23 -0
- package/skills/ovhcloud/ovhcloud-maestro/references/workflow-and-output.md +50 -0
- package/skills/ovhcloud/ovhcloud-network-architect/SKILL.md +54 -0
- package/skills/ovhcloud/ovhcloud-network-architect/metadata.json +26 -0
- package/skills/ovhcloud/ovhcloud-network-architect/references/official-sources.md +15 -0
- package/skills/ovhcloud/ovhcloud-network-architect/references/safety-checklist.md +26 -0
- package/skills/ovhcloud/ovhcloud-network-architect/references/workflow-and-output.md +65 -0
- package/skills/scaleway/scaleway-cost-optimizer/SKILL.md +66 -0
- package/skills/scaleway/scaleway-cost-optimizer/metadata.json +27 -0
- package/skills/scaleway/scaleway-cost-optimizer/references/official-sources.md +16 -0
- package/skills/scaleway/scaleway-cost-optimizer/references/safety-checklist.md +24 -0
- package/skills/scaleway/scaleway-cost-optimizer/references/workflow-and-output.md +68 -0
- package/skills/scaleway/scaleway-iam-policy-review/SKILL.md +59 -0
- package/skills/scaleway/scaleway-iam-policy-review/metadata.json +27 -0
- package/skills/scaleway/scaleway-iam-policy-review/references/official-sources.md +15 -0
- package/skills/scaleway/scaleway-iam-policy-review/references/safety-checklist.md +25 -0
- package/skills/scaleway/scaleway-iam-policy-review/references/workflow-and-output.md +69 -0
- package/skills/scaleway/scaleway-kapsule-platform-operator/SKILL.md +63 -0
- package/skills/scaleway/scaleway-kapsule-platform-operator/metadata.json +27 -0
- package/skills/scaleway/scaleway-kapsule-platform-operator/references/official-sources.md +17 -0
- package/skills/scaleway/scaleway-kapsule-platform-operator/references/safety-checklist.md +25 -0
- package/skills/scaleway/scaleway-kapsule-platform-operator/references/workflow-and-output.md +69 -0
- package/skills/scaleway/scaleway-live-kapsule-rollout-guard/SKILL.md +91 -0
- package/skills/scaleway/scaleway-live-kapsule-rollout-guard/metadata.json +28 -0
- package/skills/scaleway/scaleway-live-kapsule-rollout-guard/references/official-sources.md +16 -0
- package/skills/scaleway/scaleway-live-kapsule-rollout-guard/references/safety-checklist.md +35 -0
- package/skills/scaleway/scaleway-live-kapsule-rollout-guard/references/workflow-and-output.md +44 -0
- package/skills/scaleway/scaleway-maestro/SKILL.md +58 -0
- package/skills/scaleway/scaleway-maestro/metadata.json +26 -0
- package/skills/scaleway/scaleway-maestro/references/official-sources.md +15 -0
- package/skills/scaleway/scaleway-maestro/references/safety-checklist.md +23 -0
- package/skills/scaleway/scaleway-maestro/references/workflow-and-output.md +59 -0
- package/skills/scaleway/scaleway-network-architect/SKILL.md +66 -0
- package/skills/scaleway/scaleway-network-architect/metadata.json +27 -0
- package/skills/scaleway/scaleway-network-architect/references/official-sources.md +17 -0
- package/skills/scaleway/scaleway-network-architect/references/safety-checklist.md +26 -0
- package/skills/scaleway/scaleway-network-architect/references/workflow-and-output.md +70 -0
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Official sources
|
|
2
|
+
|
|
3
|
+
Use this reference only when grounding IONOS Cloud security controls, compliance posture, or IAM behavior.
|
|
4
|
+
|
|
5
|
+
## IONOS Cloud security and compliance documentation
|
|
6
|
+
|
|
7
|
+
Use these as starting points, not as proof of the user's live IONOS security state:
|
|
8
|
+
|
|
9
|
+
- https://docs.ionos.com/cloud/security — security controls, compliance certifications, and GDPR documentation
|
|
10
|
+
- https://docs.ionos.com/cloud/identity-and-access-management — IAM role design, bearer token scope, and access control reference
|
|
11
|
+
- https://api.ionos.com/docs/ — API authentication patterns and authorization scope reference
|
|
12
|
+
- https://docs.ionos.com/cloud/ — platform-level compliance certifications and regional availability
|
|
13
|
+
|
|
14
|
+
## Grounding rule
|
|
15
|
+
|
|
16
|
+
Official IONOS documentation describes platform security capabilities and compliance certifications. It does not prove the user's current token scope, encryption configuration, firewall rules, audit log retention, or GDPR processing location alignment. Prefer live or user-provided sanitized evidence for current-state claims. When live tooling is unavailable, state this explicitly and label findings as `documentation-based` or `inference`.
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# Safety checklist
|
|
2
|
+
|
|
3
|
+
Use this reference before recommending any configuration change, remediation, or posture hardening that touches a production IONOS Cloud environment.
|
|
4
|
+
|
|
5
|
+
## Non-negotiables
|
|
6
|
+
|
|
7
|
+
- Never request, echo, or transmit bearer tokens, API keys, database credentials, or customer account identifiers.
|
|
8
|
+
- Never recommend disabling encryption at rest or in transit for any production workload.
|
|
9
|
+
- GDPR data residency is a hard blocker — if the declared processing region and the active datacenter region do not match, flag this as CRITICAL before any other finding.
|
|
10
|
+
- Do not invent datacenter IDs, resource names, token scopes, or live configuration state.
|
|
11
|
+
- Require explicit evidence of API token scope before approving any IAM posture as compliant.
|
|
12
|
+
- Stay advisory — do not call IONOS Cloud API endpoints or apply configuration changes.
|
|
13
|
+
- Label all claims: `live evidence`, `user-provided sanitized evidence`, `documentation-based`, or `inference`.
|
|
14
|
+
|
|
15
|
+
## Stress checks
|
|
16
|
+
|
|
17
|
+
- What can expose data outside the declared GDPR region? (Cross-border endpoint mismatch, replication settings)
|
|
18
|
+
- What can allow unauthorized access to production resources? (Overly broad API token, missing LAN firewall rule)
|
|
19
|
+
- What can break audit trail continuity? (Logging disabled, short retention period)
|
|
20
|
+
- What can expose credentials or API tokens? (Plaintext config, unrestricted token scope)
|
|
21
|
+
- What compliance evidence is missing or assumed rather than verified?
|
|
22
|
+
- Is the regional endpoint correct for each IONOS service in scope? (`de-txl`, `de-fra`, `fr-par`, `es-vit`, `gb-lhr`, `gb-bhx`, `us-las`, `us-mci`, `us-ewr`)
|
|
23
|
+
|
|
24
|
+
## Evidence labels
|
|
25
|
+
|
|
26
|
+
Use `live evidence`, `user-provided sanitized evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live IONOS Cloud compliance posture — it describes expected service behavior only.
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
# Workflow and output contract
|
|
2
|
+
|
|
3
|
+
Use this reference only when performing a full IONOS Cloud security and GDPR compliance review.
|
|
4
|
+
|
|
5
|
+
## Review domains
|
|
6
|
+
|
|
7
|
+
Check these areas before giving a verdict:
|
|
8
|
+
|
|
9
|
+
- GDPR data residency: datacenter region matches declared data processing location; endpoint region is correct for all service calls
|
|
10
|
+
- Encryption posture: volumes encrypted at rest, TLS enforced in transit for all service endpoints
|
|
11
|
+
- Network isolation: private LAN segmentation, NIC firewall rules, no unintended public interfaces on sensitive workloads
|
|
12
|
+
- IAM hygiene: bearer token scope is least-privilege, token rotation cadence, no overly broad API token assignments
|
|
13
|
+
- Audit trail: logging enabled for control-plane and data-plane operations, retention meets compliance requirements
|
|
14
|
+
- Vulnerability posture: server OS update cadence, exposed port surface, known CVE exposure on managed services
|
|
15
|
+
|
|
16
|
+
## Safe workflow
|
|
17
|
+
|
|
18
|
+
1. **Frame scope**
|
|
19
|
+
- Datacenter region(s) and declared GDPR processing location:
|
|
20
|
+
- Workload type and data classification:
|
|
21
|
+
- Compliance driver (GDPR, ISO 27001, internal policy):
|
|
22
|
+
- Required outcome:
|
|
23
|
+
- Explicit non-goals:
|
|
24
|
+
2. **Collect evidence**
|
|
25
|
+
- Prefer live IONOS Cloud API or DCD export evidence if available.
|
|
26
|
+
- Otherwise inspect IaC (Terraform), user-provided sanitized configuration, or official IONOS docs.
|
|
27
|
+
- Label each finding as `live evidence`, `user-provided sanitized evidence`, `documentation-based`, or `inference`.
|
|
28
|
+
3. **Stress-test risk**
|
|
29
|
+
- What can expose data outside the declared GDPR region?
|
|
30
|
+
- What can allow unauthorized access to production resources?
|
|
31
|
+
- What can break audit trail continuity?
|
|
32
|
+
- What can expose credentials or API tokens?
|
|
33
|
+
- What compliance evidence is missing?
|
|
34
|
+
4. **Recommend the smallest safe action**
|
|
35
|
+
- Prefer additive hardening (add encryption, tighten scope) over disruptive remediation.
|
|
36
|
+
- If the safest action is to gather more evidence before recommending, say that plainly.
|
|
37
|
+
|
|
38
|
+
## Output contract
|
|
39
|
+
|
|
40
|
+
Return this structure:
|
|
41
|
+
|
|
42
|
+
```markdown
|
|
43
|
+
# IONOS Security and Compliance Review: <scope>
|
|
44
|
+
## Executive verdict
|
|
45
|
+
- Status: COMPLIANT / COMPLIANT WITH RISKS / NON-COMPLIANT / NEEDS EVIDENCE
|
|
46
|
+
- Biggest risk:
|
|
47
|
+
- Evidence level:
|
|
48
|
+
## Scope and assumptions
|
|
49
|
+
- Confirmed:
|
|
50
|
+
- Unknown:
|
|
51
|
+
- Out of scope:
|
|
52
|
+
## GDPR data residency
|
|
53
|
+
- Datacenter region:
|
|
54
|
+
- Endpoint region validated:
|
|
55
|
+
- Status: CONFIRMED / MISMATCH / UNKNOWN
|
|
56
|
+
## Findings
|
|
57
|
+
| Severity | Domain | Finding | Evidence | Why it matters | Minimum safe action |
|
|
58
|
+
|---|---|---|---|---|---|
|
|
59
|
+
## Recommended actions
|
|
60
|
+
1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
|
|
61
|
+
## Evidence gaps
|
|
62
|
+
- <gap or explicit none>
|
|
63
|
+
## Residual risk
|
|
64
|
+
- <risk or explicit none>
|
|
65
|
+
```
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ovhcloud-cost-finops-analyst
|
|
3
|
+
description: Analyze OVHcloud Public Cloud cost posture across projects and regions: identify idle instances and unattached volumes, review Savings Plans and commitment coverage, recommend rightsizing and tagging improvements, and surface forecast risks. Use when the user asks to reduce, explain, or govern OVHcloud spend without compromising observability, backups, or redundancy.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
5
|
+
metadata:
|
|
6
|
+
author: "github: Raishin"
|
|
7
|
+
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-10"
|
|
9
|
+
category: finops
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
# OVHcloud Cost FinOps Analyst
|
|
13
|
+
|
|
14
|
+
## Purpose
|
|
15
|
+
|
|
16
|
+
Act as the OVHcloud FinOps analyst: surface waste, validate commitment coverage, and recommend cost reductions that preserve reliability, observability, and security posture.
|
|
17
|
+
|
|
18
|
+
## When to use
|
|
19
|
+
|
|
20
|
+
Use this skill for:
|
|
21
|
+
|
|
22
|
+
- OVHcloud Public Cloud bill review, cost spike diagnosis, or spend forecast
|
|
23
|
+
- Idle instance, unattached volume, or unused snapshot identification
|
|
24
|
+
- Savings Plans coverage review and commitment gap analysis
|
|
25
|
+
- Rightsizing recommendations based on instance usage baselines
|
|
26
|
+
- Tagging governance and showback/chargeback design
|
|
27
|
+
- Cost optimization roadmap across projects and regions
|
|
28
|
+
|
|
29
|
+
## Lean operating rules
|
|
30
|
+
|
|
31
|
+
- Prefer OVHcloud billing and Public Cloud documentation; if MCP tooling is unavailable, fall back to https://help.ovhcloud.com/ and Context7.
|
|
32
|
+
- Separate confirmed spend from estimated savings. Never present projected savings as guaranteed.
|
|
33
|
+
- Challenge idle-resource deletion, commitment cancellation, or rightsizing without confirmed backup state, usage baseline, and rollback path.
|
|
34
|
+
- Do not recommend cuts that remove backups, monitoring agents, log retention, or redundant components without explicit risk acceptance.
|
|
35
|
+
- Keep recommendations reversible; prefer snapshot-before-delete patterns.
|
|
36
|
+
|
|
37
|
+
## References
|
|
38
|
+
|
|
39
|
+
Load these only when needed:
|
|
40
|
+
|
|
41
|
+
- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full cost review or formatting the final answer.
|
|
42
|
+
- [Safety checklist](references/safety-checklist.md) — use before recommending resource deletion, commitment changes, or any cost action affecting reliability or compliance.
|
|
43
|
+
- [Official sources](references/official-sources.md) — use when grounding OVHcloud billing behavior or checking the source list.
|
|
44
|
+
|
|
45
|
+
## Response minimum
|
|
46
|
+
|
|
47
|
+
Return, at minimum:
|
|
48
|
+
|
|
49
|
+
- the scoped target and evidence level,
|
|
50
|
+
- confirmed waste or over-spend signals,
|
|
51
|
+
- safe cost-reduction recommendations with rollback notes,
|
|
52
|
+
- savings estimates labeled as projected (not guaranteed),
|
|
53
|
+
- blockers or assumptions that prevent stronger conclusions.
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "ovhcloud-cost-finops-analyst",
|
|
3
|
+
"name": "OVHcloud Cost FinOps Analyst",
|
|
4
|
+
"type": "skill",
|
|
5
|
+
"provider": "ovhcloud",
|
|
6
|
+
"harnesses": [
|
|
7
|
+
"codex",
|
|
8
|
+
"copilot",
|
|
9
|
+
"claude-code",
|
|
10
|
+
"cursor",
|
|
11
|
+
"gemini",
|
|
12
|
+
"kiro"
|
|
13
|
+
],
|
|
14
|
+
"summary": "Analyze OVHcloud Public Cloud cost posture, identify idle resources and commitment gaps, and recommend rightsizing and tagging improvements without compromising reliability or observability.",
|
|
15
|
+
"source_type": "original",
|
|
16
|
+
"official_docs": [
|
|
17
|
+
"https://help.ovhcloud.com/csm/en-public-cloud-billing?id=kb_article_view&sysparm_article=KB0050830",
|
|
18
|
+
"https://help.ovhcloud.com/csm/en-public-cloud-compute-savings-plan?id=kb_article_view&sysparm_article=KB0062980",
|
|
19
|
+
"https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/cloud_project"
|
|
20
|
+
],
|
|
21
|
+
"security_notes": "Cost optimizations must not remove backups, monitoring agents, log retention, or redundant components without explicit risk acceptance; idle resource deletion is irreversible without a prior snapshot.",
|
|
22
|
+
"last_verified": "2026-05-10",
|
|
23
|
+
"path": "skills/ovhcloud/ovhcloud-cost-finops-analyst",
|
|
24
|
+
"author": "github: Raishin",
|
|
25
|
+
"version": "0.1.0"
|
|
26
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# Official sources
|
|
2
|
+
|
|
3
|
+
Use this reference only when you need source grounding for OVHcloud billing and Public Cloud cost behavior or the detailed source list.
|
|
4
|
+
|
|
5
|
+
## OVHcloud documentation
|
|
6
|
+
|
|
7
|
+
Use these as starting points, not as proof of the user's live OVHcloud spend or resource state:
|
|
8
|
+
|
|
9
|
+
- https://help.ovhcloud.com/csm/en-public-cloud-billing?id=kb_article_view&sysparm_article=KB0050830
|
|
10
|
+
- https://help.ovhcloud.com/csm/en-public-cloud-compute-savings-plan?id=kb_article_view&sysparm_article=KB0062980
|
|
11
|
+
- https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/cloud_project
|
|
12
|
+
|
|
13
|
+
## Grounding rule
|
|
14
|
+
|
|
15
|
+
Official documentation explains OVHcloud billing mechanics, Savings Plan commitment rules, and Public Cloud resource pricing models. It does not prove the user's current spend, resource utilization, commitment coverage, or tagging state. Prefer live billing export or sanitized user-provided evidence for current-state claims. Never present pricing or savings figures derived only from documentation as exact quotes for the user's environment.
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# Safety checklist
|
|
2
|
+
|
|
3
|
+
Use this reference before recommending resource deletion, commitment changes, rightsizing, or any cost action that could affect reliability, observability, or compliance posture.
|
|
4
|
+
|
|
5
|
+
## Non-negotiables
|
|
6
|
+
|
|
7
|
+
- Never ask users to paste API tokens, application keys, billing credentials, or account passwords into chat.
|
|
8
|
+
- Prefer OVHcloud billing and Public Cloud documentation for service behavior. If no live tooling is available, use repository evidence or official documentation and label the evidence level.
|
|
9
|
+
- Do not invent project IDs, resource names, pricing rates, utilization baselines, or Savings Plan commitment details.
|
|
10
|
+
- Require explicit user approval before recommending instance deletion, volume deletion, snapshot cleanup, or commitment cancellation.
|
|
11
|
+
- Never recommend removing backups, monitoring agents, log retention pipelines, or redundant components without explicit risk acceptance from the user.
|
|
12
|
+
- Separate confirmed waste from estimated savings. Never present projected savings as guaranteed.
|
|
13
|
+
- Use Context7 or official OVHcloud documentation for current billing and pricing behavior when the answer depends on OVHcloud-specific service details.
|
|
14
|
+
|
|
15
|
+
## Stress checks
|
|
16
|
+
|
|
17
|
+
- What resource deletion could break backups, log retention, monitoring, or redundancy?
|
|
18
|
+
- What rightsizing could cause performance degradation, outage, or SLA breach?
|
|
19
|
+
- What commitment cancellation could incur penalty charges or coverage gaps?
|
|
20
|
+
- What tagging or chargeback change could misattribute spend and cause organizational confusion?
|
|
21
|
+
- What compliance or audit evidence is missing?
|
|
22
|
+
- What rollback or recovery path is unproven if the cost action has negative effects?
|
|
23
|
+
|
|
24
|
+
## Evidence labels
|
|
25
|
+
|
|
26
|
+
Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live OVHcloud project spend, resource state, or Savings Plan coverage.
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# Workflow and output contract
|
|
2
|
+
|
|
3
|
+
Use this reference only when performing the full cost review, spend forecast, optimization roadmap, or Savings Plan coverage analysis.
|
|
4
|
+
|
|
5
|
+
## Review domains
|
|
6
|
+
|
|
7
|
+
Check these areas before giving a verdict:
|
|
8
|
+
|
|
9
|
+
- Public Cloud project scope, region breakdown, and active service inventory
|
|
10
|
+
- Idle or unattached resources: stopped instances still billed, unattached volumes, unused floating IPs, orphaned snapshots
|
|
11
|
+
- Savings Plans coverage: commitment level, term, matching instance types, coverage gaps vs. on-demand spend
|
|
12
|
+
- Instance rightsizing signals: CPU and memory utilization baselines, instance flavor choices vs. workload requirements
|
|
13
|
+
- Tagging hygiene: untagged resources blocking showback, chargeback attribution, or cost allocation
|
|
14
|
+
- Backup, monitoring, and redundancy components that must not be cut without explicit risk acceptance
|
|
15
|
+
|
|
16
|
+
## Safe workflow
|
|
17
|
+
|
|
18
|
+
1. **Frame scope**
|
|
19
|
+
- Project ID(s) and region(s) in scope:
|
|
20
|
+
- Current monthly spend baseline or billing period:
|
|
21
|
+
- Business criticality and reliability requirements:
|
|
22
|
+
- Required outcome (reduce spend / explain spike / forecast / tagging governance):
|
|
23
|
+
- Explicit non-goals (e.g., do not touch production databases):
|
|
24
|
+
2. **Collect evidence**
|
|
25
|
+
- Prefer OVHcloud billing export, Public Cloud usage APIs, or Terraform state evidence if available.
|
|
26
|
+
- Otherwise inspect repository `ovh_cloud_project` or related resources, sanitized billing screenshots, or official OVHcloud docs.
|
|
27
|
+
- Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
|
|
28
|
+
3. **Stress-test risk**
|
|
29
|
+
- What resource deletion could break backups, log retention, monitoring, or redundancy?
|
|
30
|
+
- What rightsizing recommendation could cause performance degradation or SLA breach?
|
|
31
|
+
- What commitment cancellation could incur penalty charges?
|
|
32
|
+
- What evidence is missing that prevents confident savings estimates?
|
|
33
|
+
4. **Recommend the smallest safe action**
|
|
34
|
+
- Prefer snapshot-before-delete, staged rightsizing, and validated commitment coverage before recommending cuts.
|
|
35
|
+
- Separate confirmed waste from estimated potential savings; never present projected savings as guaranteed.
|
|
36
|
+
|
|
37
|
+
## Output contract
|
|
38
|
+
|
|
39
|
+
Return this structure:
|
|
40
|
+
|
|
41
|
+
```markdown
|
|
42
|
+
# OVHcloud Cost FinOps Review: <project or scope>
|
|
43
|
+
## Executive verdict
|
|
44
|
+
- Status: OPTIMIZED / IMPROVEMENT AVAILABLE / RISKS PRESENT / NEEDS EVIDENCE
|
|
45
|
+
- Biggest waste signal:
|
|
46
|
+
- Evidence level:
|
|
47
|
+
## Scope and assumptions
|
|
48
|
+
- Confirmed:
|
|
49
|
+
- Unknown:
|
|
50
|
+
- Out of scope:
|
|
51
|
+
## Findings
|
|
52
|
+
| Severity | Finding | Evidence | Estimated monthly saving | Minimum safe action |
|
|
53
|
+
|---|---|---|---|---|
|
|
54
|
+
## Recommended actions
|
|
55
|
+
1. <action> — owner: <owner>, prerequisite: <check>, rollback: <rollback>
|
|
56
|
+
## Savings summary
|
|
57
|
+
- Confirmed waste: <amount or unknown>
|
|
58
|
+
- Projected savings (not guaranteed): <range>
|
|
59
|
+
## Residual risk
|
|
60
|
+
- <risk or explicit none>
|
|
61
|
+
```
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ovhcloud-iam-policy-review
|
|
3
|
+
description: Review OVHcloud IAM policies for overly permissive allow rules, missing deny blocks, unscoped URNs, absent condition blocks (IP CIDR, resource tag, expiration), and identity-group hygiene. Use when the user needs to audit access control, review `ovh_iam_policy` Terraform resources, assess OAuth2 service account scopes, or validate conditional access configuration against the principle of least privilege.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
5
|
+
metadata:
|
|
6
|
+
author: "github: Raishin"
|
|
7
|
+
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-10"
|
|
9
|
+
category: security
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
# OVHcloud IAM Policy Review
|
|
13
|
+
|
|
14
|
+
## Purpose
|
|
15
|
+
|
|
16
|
+
Audit OVHcloud IAM policies for over-permissive access, missing conditional controls, and identity-group hygiene gaps. Produce an evidence-backed verdict with least-privilege recommendations.
|
|
17
|
+
|
|
18
|
+
## When to use
|
|
19
|
+
|
|
20
|
+
Use this skill for:
|
|
21
|
+
|
|
22
|
+
- Auditing `ovh_iam_policy` Terraform resources for scope and condition gaps
|
|
23
|
+
- Reviewing OAuth2 service account permissions against the principle of least privilege
|
|
24
|
+
- Assessing identity groups for membership sprawl or excessive aggregated permissions
|
|
25
|
+
- Evaluating conditional access blocks: IP CIDR restrictions, resource tag conditions, expiration dates
|
|
26
|
+
- Pre-deployment review of new IAM policies or policy changes
|
|
27
|
+
|
|
28
|
+
## Lean operating rules
|
|
29
|
+
|
|
30
|
+
- Prefer OVHcloud IAM docs and Terraform provider docs; if MCP tooling is unavailable, fall back to https://help.ovhcloud.com/ and Context7.
|
|
31
|
+
- Separate confirmed policy state from inference. If the policy was not shown, say so.
|
|
32
|
+
- Challenge policies with wildcarded URNs (`urn:v1:eu:resource:*`), missing condition blocks, or allow rules that supersede deny rules unexpectedly.
|
|
33
|
+
- Recommend least-privilege: scope to narrowest URN prefix, add IP condition, set expiration where supported.
|
|
34
|
+
- Keep recommendations reversible and explicit about blast radius.
|
|
35
|
+
|
|
36
|
+
## References
|
|
37
|
+
|
|
38
|
+
Load these only when needed:
|
|
39
|
+
|
|
40
|
+
- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full IAM audit or formatting the final answer.
|
|
41
|
+
- [Safety checklist](references/safety-checklist.md) — use before privileged, access-granting, or production-impacting recommendations.
|
|
42
|
+
- [Official sources](references/official-sources.md) — use when grounding OVHcloud IAM service behavior or checking the source list.
|
|
43
|
+
|
|
44
|
+
## Response minimum
|
|
45
|
+
|
|
46
|
+
Return, at minimum:
|
|
47
|
+
|
|
48
|
+
- the policy verdict and evidence level,
|
|
49
|
+
- specific URN scope and condition gaps found,
|
|
50
|
+
- the blast radius of the current policy,
|
|
51
|
+
- safe remediation recommendations with rollback notes,
|
|
52
|
+
- blockers or unknowns that prevent stronger conclusions.
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "ovhcloud-iam-policy-review",
|
|
3
|
+
"name": "OVHcloud IAM Policy Review",
|
|
4
|
+
"type": "skill",
|
|
5
|
+
"provider": "ovhcloud",
|
|
6
|
+
"harnesses": [
|
|
7
|
+
"codex",
|
|
8
|
+
"copilot",
|
|
9
|
+
"claude-code",
|
|
10
|
+
"cursor",
|
|
11
|
+
"gemini",
|
|
12
|
+
"kiro"
|
|
13
|
+
],
|
|
14
|
+
"summary": "Review OVHcloud IAM policies for overly permissive allow rules, missing deny blocks, unscoped URNs, absent condition blocks (IP CIDR, resource tag, expiration), and identity-group hygiene.",
|
|
15
|
+
"source_type": "original",
|
|
16
|
+
"official_docs": [
|
|
17
|
+
"https://help.ovhcloud.com/csm/en-account-iam-policies?id=kb_article_view&sysparm_article=KB0055594",
|
|
18
|
+
"https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/iam_policy",
|
|
19
|
+
"https://api.ovh.com/console/#/me/api/credential"
|
|
20
|
+
],
|
|
21
|
+
"security_notes": "OVHcloud IAM conditions (IP CIDR, resource tags, expiration) can silently allow broad access if omitted; always audit allow/deny rule order and URN scope before approving policy changes.",
|
|
22
|
+
"last_verified": "2026-05-10",
|
|
23
|
+
"path": "skills/ovhcloud/ovhcloud-iam-policy-review",
|
|
24
|
+
"author": "github: Raishin",
|
|
25
|
+
"version": "0.1.0"
|
|
26
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# Official sources
|
|
2
|
+
|
|
3
|
+
Use this reference only when you need source grounding for OVHcloud IAM service behavior or the detailed source list.
|
|
4
|
+
|
|
5
|
+
## OVHcloud documentation
|
|
6
|
+
|
|
7
|
+
Use these as starting points, not as proof of the user's live OVHcloud IAM state:
|
|
8
|
+
|
|
9
|
+
- https://help.ovhcloud.com/csm/en-account-iam-policies?id=kb_article_view&sysparm_article=KB0055594
|
|
10
|
+
- https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/iam_policy
|
|
11
|
+
- https://api.ovh.com/console/#/me/api/credential
|
|
12
|
+
|
|
13
|
+
## Grounding rule
|
|
14
|
+
|
|
15
|
+
Official documentation explains OVHcloud IAM service behavior and URN schema. It does not prove the user's current account policies, identity group membership, OAuth2 credential scopes, or live access state. Prefer live OVHcloud API evidence or sanitized user-provided policy JSON for current-state claims.
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Safety checklist
|
|
2
|
+
|
|
3
|
+
Use this reference before privileged, destructive, access-granting, compliance-impacting, or production-impacting recommendations.
|
|
4
|
+
|
|
5
|
+
## Non-negotiables
|
|
6
|
+
|
|
7
|
+
- Never ask users to paste API tokens, application keys, OAuth2 client secrets, session tokens, or account passwords into chat.
|
|
8
|
+
- Prefer OVHcloud IAM docs and Terraform provider docs as the source of truth for policy behavior. If no live tooling is available, use repository evidence or official documentation and label the evidence level.
|
|
9
|
+
- Do not invent account IDs, NIC handles, URN paths, identity group names, or live policy state.
|
|
10
|
+
- Require explicit user approval before recommending policy changes, group membership changes, or OAuth2 scope reductions that affect production workloads.
|
|
11
|
+
- Use Context7 or official OVHcloud documentation for current IAM service behavior when the answer depends on OVHcloud-specific semantics.
|
|
12
|
+
- Keep remediation least-privilege, reversible, and scoped to the requested account boundary.
|
|
13
|
+
|
|
14
|
+
## Stress checks
|
|
15
|
+
|
|
16
|
+
- What URN scope can expose unintended resources or actions?
|
|
17
|
+
- What action list can escalate privilege or perform irreversible operations?
|
|
18
|
+
- What missing condition block allows access from untrusted origins?
|
|
19
|
+
- What identity group aggregation creates unexpected cross-service blast radius?
|
|
20
|
+
- What compliance or audit evidence is missing?
|
|
21
|
+
- What rollback or validation path is unproven?
|
|
22
|
+
|
|
23
|
+
## Evidence labels
|
|
24
|
+
|
|
25
|
+
Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live OVHcloud IAM state.
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
# Workflow and output contract
|
|
2
|
+
|
|
3
|
+
Use this reference only when performing the full IAM policy audit, pre-deployment review, or least-privilege remediation pass.
|
|
4
|
+
|
|
5
|
+
## Review domains
|
|
6
|
+
|
|
7
|
+
Check these areas before giving a verdict:
|
|
8
|
+
|
|
9
|
+
- Policy type, principal identity or group, resource URN scope, action set, and intended operations
|
|
10
|
+
- Wildcarded URNs (`urn:v1:eu:resource:*`), over-broad action lists, allow rules that may supersede deny rules unexpectedly
|
|
11
|
+
- Missing condition blocks: IP CIDR restrictions, resource tag conditions, expiration dates
|
|
12
|
+
- OAuth2 service account scope vs. minimum required permissions
|
|
13
|
+
- Identity group membership sprawl and aggregated permission blast radius
|
|
14
|
+
- Reversibility of policy changes and rollback path
|
|
15
|
+
|
|
16
|
+
## Safe workflow
|
|
17
|
+
|
|
18
|
+
1. **Frame scope**
|
|
19
|
+
- Account / NIC handle and environment:
|
|
20
|
+
- Policy name(s) and principal type (user, group, service account):
|
|
21
|
+
- Business purpose and data classification:
|
|
22
|
+
- Required outcome:
|
|
23
|
+
- Explicit non-goals:
|
|
24
|
+
2. **Collect evidence**
|
|
25
|
+
- Prefer live OVHcloud API or Terraform state evidence if available.
|
|
26
|
+
- Otherwise inspect repository `ovh_iam_policy` resources, sanitized user-provided config, or official OVHcloud docs.
|
|
27
|
+
- Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
|
|
28
|
+
3. **Stress-test risk**
|
|
29
|
+
- What URN scope can expose unintended resources?
|
|
30
|
+
- What action set can escalate privilege or perform destructive operations?
|
|
31
|
+
- What missing condition allows access from untrusted networks or identities?
|
|
32
|
+
- What identity group membership creates over-aggregated permissions?
|
|
33
|
+
- What evidence is missing that prevents a confident verdict?
|
|
34
|
+
4. **Recommend the smallest safe action**
|
|
35
|
+
- Prefer narrowest URN prefix, explicit condition blocks, and staged rollout.
|
|
36
|
+
- If the safest action is to stop and gather the actual policy JSON, say that plainly.
|
|
37
|
+
|
|
38
|
+
## Output contract
|
|
39
|
+
|
|
40
|
+
Return this structure:
|
|
41
|
+
|
|
42
|
+
```markdown
|
|
43
|
+
# OVHcloud IAM Policy Review: <policy name or scope>
|
|
44
|
+
## Executive verdict
|
|
45
|
+
- Status: READY / READY WITH RISKS / NOT READY / NEEDS EVIDENCE
|
|
46
|
+
- Biggest risk:
|
|
47
|
+
- Evidence level:
|
|
48
|
+
## Scope and assumptions
|
|
49
|
+
- Confirmed:
|
|
50
|
+
- Unknown:
|
|
51
|
+
- Out of scope:
|
|
52
|
+
## Findings
|
|
53
|
+
| Severity | Finding | Evidence | Why it matters | Minimum safe action |
|
|
54
|
+
|---|---|---|---|---|
|
|
55
|
+
## Recommended actions
|
|
56
|
+
1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
|
|
57
|
+
## Validation
|
|
58
|
+
- Checks or API calls:
|
|
59
|
+
- Expected result:
|
|
60
|
+
## Residual risk
|
|
61
|
+
- <risk or explicit none>
|
|
62
|
+
```
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ovhcloud-kubernetes-platform-operator
|
|
3
|
+
description: Review and advise on OVHcloud Managed Kubernetes (MCK) cluster lifecycle, node pool sizing, autoscaling configuration, version upgrade planning, workload placement via taints and tolerations, network policies, RBAC hardening, and cluster security posture. Use when the user needs MCK operational guidance, Terraform IaC review for `ovh_cloud_project_kube` resources, or upgrade risk assessment.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
5
|
+
metadata:
|
|
6
|
+
author: "github: Raishin"
|
|
7
|
+
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-10"
|
|
9
|
+
category: platform
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
# OVHcloud Kubernetes Platform Operator
|
|
13
|
+
|
|
14
|
+
## Purpose
|
|
15
|
+
|
|
16
|
+
Provide advisory guidance on OVHcloud Managed Kubernetes lifecycle, node pool operations, workload placement, and cluster security — without performing live mutations.
|
|
17
|
+
|
|
18
|
+
## When to use
|
|
19
|
+
|
|
20
|
+
Use this skill for:
|
|
21
|
+
|
|
22
|
+
- MCK cluster version upgrade planning and compatibility review
|
|
23
|
+
- Node pool sizing, autoscaling bounds, and flavor selection guidance
|
|
24
|
+
- Workload placement via taints, tolerations, and node affinity rules
|
|
25
|
+
- Network policy and RBAC hardening review
|
|
26
|
+
- Terraform IaC review for `ovh_cloud_project_kube` and `ovh_cloud_project_kube_nodepool` resources
|
|
27
|
+
- Pre-deletion drain and PodDisruptionBudget validation review
|
|
28
|
+
|
|
29
|
+
## Lean operating rules
|
|
30
|
+
|
|
31
|
+
- Prefer OVHcloud Kubernetes docs and Terraform provider docs; if MCP tooling is unavailable, fall back to https://help.ovhcloud.com/ and Context7.
|
|
32
|
+
- Separate confirmed cluster state from inference. If the cluster configuration was not shown, say so.
|
|
33
|
+
- Challenge node pool deletions or upgrades without confirmed PodDisruptionBudgets, drain verification, and workload rescheduling readiness.
|
|
34
|
+
- Require explicit approval signal before recommending cluster deletion or scale-to-zero on production workloads.
|
|
35
|
+
- Keep recommendations reversible; prefer blue-green node pool rotation over in-place forced replacement.
|
|
36
|
+
|
|
37
|
+
## References
|
|
38
|
+
|
|
39
|
+
Load these only when needed:
|
|
40
|
+
|
|
41
|
+
- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full cluster review or formatting the final answer.
|
|
42
|
+
- [Safety checklist](references/safety-checklist.md) — use before cluster upgrades, node pool deletions, scale-to-zero operations, or RBAC changes.
|
|
43
|
+
- [Official sources](references/official-sources.md) — use when grounding OVHcloud Managed Kubernetes service behavior or checking the source list.
|
|
44
|
+
|
|
45
|
+
## Response minimum
|
|
46
|
+
|
|
47
|
+
Return, at minimum:
|
|
48
|
+
|
|
49
|
+
- the cluster posture verdict and evidence level,
|
|
50
|
+
- confirmed upgrade or operational risks,
|
|
51
|
+
- safe next actions with rollback notes,
|
|
52
|
+
- PDB and drain readiness assessment where relevant,
|
|
53
|
+
- blockers or unknowns that prevent stronger conclusions.
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "ovhcloud-kubernetes-platform-operator",
|
|
3
|
+
"name": "OVHcloud Kubernetes Platform Operator",
|
|
4
|
+
"type": "skill",
|
|
5
|
+
"provider": "ovhcloud",
|
|
6
|
+
"harnesses": [
|
|
7
|
+
"codex",
|
|
8
|
+
"copilot",
|
|
9
|
+
"claude-code",
|
|
10
|
+
"cursor",
|
|
11
|
+
"gemini",
|
|
12
|
+
"kiro"
|
|
13
|
+
],
|
|
14
|
+
"summary": "Review and advise on OVHcloud Managed Kubernetes lifecycle, node pool operations, upgrade planning, workload placement, RBAC, and cluster security posture.",
|
|
15
|
+
"source_type": "original",
|
|
16
|
+
"official_docs": [
|
|
17
|
+
"https://help.ovhcloud.com/csm/en-public-cloud-kubernetes?id=kb_article_view&sysparm_article=KB0049613",
|
|
18
|
+
"https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/cloud_project_kube",
|
|
19
|
+
"https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/cloud_project_kube_nodepool"
|
|
20
|
+
],
|
|
21
|
+
"security_notes": "MCK node pool upgrades are disruptive if PodDisruptionBudgets are absent; never recommend force-deleting nodes without draining and confirming workload rescheduling.",
|
|
22
|
+
"last_verified": "2026-05-10",
|
|
23
|
+
"path": "skills/ovhcloud/ovhcloud-kubernetes-platform-operator",
|
|
24
|
+
"author": "github: Raishin",
|
|
25
|
+
"version": "0.1.0"
|
|
26
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# Official sources
|
|
2
|
+
|
|
3
|
+
Use this reference only when you need source grounding for OVHcloud Managed Kubernetes service behavior or the detailed source list.
|
|
4
|
+
|
|
5
|
+
## OVHcloud documentation
|
|
6
|
+
|
|
7
|
+
Use these as starting points, not as proof of the user's live cluster state:
|
|
8
|
+
|
|
9
|
+
- https://help.ovhcloud.com/csm/en-public-cloud-kubernetes?id=kb_article_view&sysparm_article=KB0049613
|
|
10
|
+
- https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/cloud_project_kube
|
|
11
|
+
- https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/cloud_project_kube_nodepool
|
|
12
|
+
|
|
13
|
+
## Grounding rule
|
|
14
|
+
|
|
15
|
+
Official documentation explains OVHcloud Managed Kubernetes version support windows, node pool lifecycle policies, and MCK-specific behavior. It does not prove the user's current cluster version, node pool configuration, PodDisruptionBudget coverage, RBAC state, or network policy posture. Prefer live MCK API evidence or sanitized user-provided cluster config for current-state claims.
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# Safety checklist
|
|
2
|
+
|
|
3
|
+
Use this reference before recommending cluster upgrades, node pool deletions, scale-to-zero operations, RBAC changes, or any action that could disrupt running workloads.
|
|
4
|
+
|
|
5
|
+
## Non-negotiables
|
|
6
|
+
|
|
7
|
+
- Never ask users to paste kubeconfig files, service account tokens, API tokens, or cluster certificates into chat.
|
|
8
|
+
- Prefer OVHcloud Managed Kubernetes docs and Terraform provider docs for service behavior. If no live tooling is available, use repository evidence or official documentation and label the evidence level.
|
|
9
|
+
- Do not invent cluster names, node pool IDs, Kubernetes versions, autoscaling limits, or live workload state.
|
|
10
|
+
- Require explicit user approval before recommending cluster deletion, node pool deletion, forced drain, or scale-to-zero on production workloads.
|
|
11
|
+
- Do not recommend a node pool upgrade or replacement without confirmed PodDisruptionBudgets and drain readiness for all affected workloads.
|
|
12
|
+
- Keep recommendations reversible; prefer blue-green node pool rotation over in-place forced replacement.
|
|
13
|
+
- Use Context7 or official OVHcloud documentation for current Kubernetes version support windows and MCK-specific behavior.
|
|
14
|
+
|
|
15
|
+
## Stress checks
|
|
16
|
+
|
|
17
|
+
- What workloads lack a PDB and would be disrupted by a node drain or pool replacement?
|
|
18
|
+
- What Kubernetes version upgrade introduces API deprecations or breaking add-on changes?
|
|
19
|
+
- What RBAC binding creates cluster-wide write access or privilege escalation paths?
|
|
20
|
+
- What network policy gap leaves backend services exposed across namespaces?
|
|
21
|
+
- What autoscaling configuration could trigger uncontrolled cost growth?
|
|
22
|
+
- What rollback path is available if the upgrade fails mid-process?
|
|
23
|
+
|
|
24
|
+
## Evidence labels
|
|
25
|
+
|
|
26
|
+
Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live cluster state, workload PDB coverage, or RBAC configuration.
|