@raishin/vanguard-frontier-agentic 1.6.0 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +49 -11
- package/agents/AGENTS.md +83 -0
- package/agents/README.md +10 -0
- package/agents/contabo/README.md +174 -0
- package/agents/contabo/contabo-capacity-planner-agent/AGENT.md +49 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/codex.toml +33 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/copilot.agent.md +36 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/cursor.agent.md +36 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/gemini.agent.md +36 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/contabo/contabo-capacity-planner-agent/harnesses/kiro-ide.agent.md +36 -0
- package/agents/contabo/contabo-capacity-planner-agent/metadata.json +27 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/AGENT.md +50 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/codex.toml +33 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/copilot.agent.md +37 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/cursor.agent.md +37 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/gemini.agent.md +37 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/contabo/contabo-cost-optimization-analyst-agent/metadata.json +27 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/AGENT.md +53 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/claude-code.agent.md +40 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/codex.toml +34 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/copilot.agent.md +40 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/cursor.agent.md +40 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/gemini.agent.md +40 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/harnesses/kiro-ide.agent.md +40 -0
- package/agents/contabo/contabo-live-instance-lifecycle-guard-agent/metadata.json +26 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/AGENT.md +54 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/codex.toml +34 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/copilot.agent.md +38 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/cursor.agent.md +38 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/gemini.agent.md +38 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/contabo/contabo-live-storage-operations-guard-agent/metadata.json +26 -0
- package/agents/contabo/contabo-maestro-agent/AGENT.md +49 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/codex.toml +33 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/copilot.agent.md +37 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/cursor.agent.md +37 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/gemini.agent.md +37 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/contabo/contabo-maestro-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/contabo/contabo-maestro-agent/metadata.json +26 -0
- package/agents/contabo/contabo-security-hardening-agent/AGENT.md +49 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/codex.toml +34 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/copilot.agent.md +37 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/cursor.agent.md +37 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/gemini.agent.md +37 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/contabo/contabo-security-hardening-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/contabo/contabo-security-hardening-agent/metadata.json +26 -0
- package/agents/hetzner/README.md +156 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/AGENT.md +50 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/codex.toml +33 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/copilot.agent.md +38 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/cursor.agent.md +38 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/gemini.agent.md +38 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/hetzner/hetzner-capacity-planner-agent/metadata.json +27 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/AGENT.md +50 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/codex.toml +33 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/copilot.agent.md +38 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/cursor.agent.md +38 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/gemini.agent.md +38 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/hetzner/hetzner-cost-optimization-analyst-agent/metadata.json +27 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/AGENT.md +50 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/codex.toml +33 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/copilot.agent.md +38 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/cursor.agent.md +38 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/gemini.agent.md +38 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/hetzner/hetzner-infrastructure-reviewer-agent/metadata.json +27 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/AGENT.md +62 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/claude-code.agent.md +44 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/codex.toml +47 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/copilot.agent.md +44 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/cursor.agent.md +44 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/gemini.agent.md +44 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/harnesses/kiro-ide.agent.md +44 -0
- package/agents/hetzner/hetzner-live-firewall-rule-guard-agent/metadata.json +27 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/AGENT.md +62 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/claude-code.agent.md +45 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/codex.toml +50 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/copilot.agent.md +45 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/cursor.agent.md +45 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/gemini.agent.md +45 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/harnesses/kiro-ide.agent.md +45 -0
- package/agents/hetzner/hetzner-live-server-lifecycle-guard-agent/metadata.json +27 -0
- package/agents/hetzner/hetzner-maestro-agent/AGENT.md +50 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/codex.toml +33 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/copilot.agent.md +38 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/cursor.agent.md +38 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/gemini.agent.md +38 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/hetzner/hetzner-maestro-agent/harnesses/kiro-ide.agent.md +38 -0
- package/agents/hetzner/hetzner-maestro-agent/metadata.json +26 -0
- package/agents/ionos/README.md +136 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/AGENT.md +48 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/codex.toml +31 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/copilot.agent.md +36 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/cursor.agent.md +36 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/gemini.agent.md +36 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/harnesses/kiro-ide.agent.md +36 -0
- package/agents/ionos/ionos-cost-optimization-analyst-agent/metadata.json +25 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/AGENT.md +49 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/codex.toml +32 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/copilot.agent.md +37 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/cursor.agent.md +37 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/gemini.agent.md +37 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/ionos/ionos-datacenter-designer-reviewer-agent/metadata.json +25 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/AGENT.md +48 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/codex.toml +31 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/copilot.agent.md +36 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/cursor.agent.md +36 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/gemini.agent.md +36 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/harnesses/kiro-ide.agent.md +36 -0
- package/agents/ionos/ionos-kubernetes-platform-operator-agent/metadata.json +25 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/AGENT.md +53 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/codex.toml +33 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/copilot.agent.md +37 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/cursor.agent.md +37 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/gemini.agent.md +37 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/ionos/ionos-live-database-lifecycle-guard-agent/metadata.json +25 -0
- package/agents/ionos/ionos-maestro-agent/AGENT.md +48 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/codex.toml +31 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/copilot.agent.md +36 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/cursor.agent.md +36 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/gemini.agent.md +36 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ionos/ionos-maestro-agent/harnesses/kiro-ide.agent.md +36 -0
- package/agents/ionos/ionos-maestro-agent/metadata.json +24 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/AGENT.md +49 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/codex.toml +32 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/copilot.agent.md +37 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/cursor.agent.md +37 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/gemini.agent.md +37 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/harnesses/kiro-ide.agent.md +37 -0
- package/agents/ionos/ionos-security-compliance-reviewer-agent/metadata.json +25 -0
- package/agents/ovhcloud/README.md +113 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/AGENT.md +47 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/codex.toml +31 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/copilot.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/cursor.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/gemini.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-cost-finops-analyst-agent/metadata.json +24 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/AGENT.md +47 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/codex.toml +31 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/copilot.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/cursor.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/gemini.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-iam-policy-review-agent/metadata.json +24 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/AGENT.md +47 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/codex.toml +31 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/copilot.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/cursor.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/gemini.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-kubernetes-platform-operator-agent/metadata.json +24 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/AGENT.md +52 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/claude-code.agent.md +40 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/codex.toml +38 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/copilot.agent.md +40 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/cursor.agent.md +40 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/gemini.agent.md +40 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/harnesses/kiro-ide.agent.md +40 -0
- package/agents/ovhcloud/ovhcloud-live-kms-key-destruction-guard-agent/metadata.json +23 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/AGENT.md +47 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/codex.toml +31 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/copilot.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/cursor.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/gemini.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-maestro-agent/metadata.json +24 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/AGENT.md +47 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/codex.toml +31 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/copilot.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/cursor.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/gemini.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/ovhcloud/ovhcloud-network-architect-agent/metadata.json +24 -0
- package/agents/scaleway/README.md +142 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/AGENT.md +47 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/codex.toml +32 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/copilot.agent.md +35 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/cursor.agent.md +35 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/gemini.agent.md +35 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/scaleway/scaleway-cost-optimizer-agent/metadata.json +26 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/AGENT.md +47 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/codex.toml +32 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/copilot.agent.md +35 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/cursor.agent.md +35 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/gemini.agent.md +35 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/scaleway/scaleway-iam-policy-review-agent/metadata.json +25 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/AGENT.md +47 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/codex.toml +32 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/copilot.agent.md +35 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/cursor.agent.md +35 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/gemini.agent.md +35 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/scaleway/scaleway-kapsule-platform-operator-agent/metadata.json +26 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/AGENT.md +58 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/claude-code.agent.md +46 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/codex.toml +40 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/copilot.agent.md +46 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/cursor.agent.md +46 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/gemini.agent.md +46 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/kiro-ide.agent.md +46 -0
- package/agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/metadata.json +26 -0
- package/agents/scaleway/scaleway-maestro-agent/AGENT.md +47 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/codex.toml +31 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/copilot.agent.md +35 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/cursor.agent.md +35 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/gemini.agent.md +35 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/scaleway/scaleway-maestro-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/scaleway/scaleway-maestro-agent/metadata.json +24 -0
- package/agents/scaleway/scaleway-network-architect-agent/AGENT.md +47 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/claude-code.agent.md +35 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/codex.toml +32 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/copilot.agent.md +35 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/cursor.agent.md +35 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/gemini.agent.md +35 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/kiro-cli.agent.json +6 -0
- package/agents/scaleway/scaleway-network-architect-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/scaleway/scaleway-network-architect-agent/metadata.json +26 -0
- package/assets/logos/cloud/contabo/contabo-logo.png +0 -0
- package/assets/logos/cloud/contabo/contabo-logo.svg +21 -0
- package/assets/logos/cloud/hetzner/hetzner-logo.svg +1 -0
- package/assets/logos/cloud/ionos/ionos-logo.svg +1 -0
- package/assets/logos/cloud/ovhcloud/ovhcloud-logo.svg +27 -0
- package/assets/logos/cloud/scaleway/scaleway-logo.svg +1 -0
- package/catalog/agents.json +954 -160
- package/catalog/install-roles.json +54 -6
- package/catalog/skill-manifest.json +960 -0
- package/catalog/skills.json +950 -165
- package/package.json +7 -5
- package/schemas/agent.schema.json +5 -0
- package/scripts/export-marketplace-agents.mjs +1 -1
- package/skills/contabo/contabo-capacity-planner/SKILL.md +71 -0
- package/skills/contabo/contabo-capacity-planner/metadata.json +26 -0
- package/skills/contabo/contabo-capacity-planner/references/official-sources.md +16 -0
- package/skills/contabo/contabo-capacity-planner/references/safety-checklist.md +26 -0
- package/skills/contabo/contabo-capacity-planner/references/workflow-and-output.md +73 -0
- package/skills/contabo/contabo-cost-optimization-analyst/SKILL.md +56 -0
- package/skills/contabo/contabo-cost-optimization-analyst/metadata.json +26 -0
- package/skills/contabo/contabo-cost-optimization-analyst/references/official-sources.md +17 -0
- package/skills/contabo/contabo-cost-optimization-analyst/references/safety-checklist.md +25 -0
- package/skills/contabo/contabo-cost-optimization-analyst/references/workflow-and-output.md +63 -0
- package/skills/contabo/contabo-live-instance-lifecycle-guard/SKILL.md +91 -0
- package/skills/contabo/contabo-live-instance-lifecycle-guard/metadata.json +25 -0
- package/skills/contabo/contabo-live-instance-lifecycle-guard/references/official-sources.md +16 -0
- package/skills/contabo/contabo-live-instance-lifecycle-guard/references/safety-checklist.md +43 -0
- package/skills/contabo/contabo-live-instance-lifecycle-guard/references/workflow-and-output.md +63 -0
- package/skills/contabo/contabo-live-storage-operations-guard/SKILL.md +92 -0
- package/skills/contabo/contabo-live-storage-operations-guard/metadata.json +25 -0
- package/skills/contabo/contabo-live-storage-operations-guard/references/official-sources.md +16 -0
- package/skills/contabo/contabo-live-storage-operations-guard/references/safety-checklist.md +44 -0
- package/skills/contabo/contabo-live-storage-operations-guard/references/workflow-and-output.md +59 -0
- package/skills/contabo/contabo-maestro/SKILL.md +61 -0
- package/skills/contabo/contabo-maestro/metadata.json +25 -0
- package/skills/contabo/contabo-maestro/references/official-sources.md +17 -0
- package/skills/contabo/contabo-maestro/references/safety-checklist.md +24 -0
- package/skills/contabo/contabo-maestro/references/workflow-and-output.md +52 -0
- package/skills/contabo/contabo-security-hardening/SKILL.md +57 -0
- package/skills/contabo/contabo-security-hardening/metadata.json +25 -0
- package/skills/contabo/contabo-security-hardening/references/official-sources.md +16 -0
- package/skills/contabo/contabo-security-hardening/references/safety-checklist.md +27 -0
- package/skills/contabo/contabo-security-hardening/references/workflow-and-output.md +65 -0
- package/skills/hetzner/hetzner-capacity-planner/SKILL.md +56 -0
- package/skills/hetzner/hetzner-capacity-planner/metadata.json +26 -0
- package/skills/hetzner/hetzner-capacity-planner/references/official-sources.md +27 -0
- package/skills/hetzner/hetzner-capacity-planner/references/safety-checklist.md +28 -0
- package/skills/hetzner/hetzner-capacity-planner/references/workflow-and-output.md +73 -0
- package/skills/hetzner/hetzner-cost-optimization-analyst/SKILL.md +55 -0
- package/skills/hetzner/hetzner-cost-optimization-analyst/metadata.json +26 -0
- package/skills/hetzner/hetzner-cost-optimization-analyst/references/official-sources.md +26 -0
- package/skills/hetzner/hetzner-cost-optimization-analyst/references/safety-checklist.md +27 -0
- package/skills/hetzner/hetzner-cost-optimization-analyst/references/workflow-and-output.md +65 -0
- package/skills/hetzner/hetzner-infrastructure-reviewer/SKILL.md +56 -0
- package/skills/hetzner/hetzner-infrastructure-reviewer/metadata.json +26 -0
- package/skills/hetzner/hetzner-infrastructure-reviewer/references/official-sources.md +26 -0
- package/skills/hetzner/hetzner-infrastructure-reviewer/references/safety-checklist.md +27 -0
- package/skills/hetzner/hetzner-infrastructure-reviewer/references/workflow-and-output.md +67 -0
- package/skills/hetzner/hetzner-live-firewall-rule-guard/SKILL.md +63 -0
- package/skills/hetzner/hetzner-live-firewall-rule-guard/metadata.json +26 -0
- package/skills/hetzner/hetzner-live-firewall-rule-guard/references/official-sources.md +28 -0
- package/skills/hetzner/hetzner-live-firewall-rule-guard/references/safety-checklist.md +40 -0
- package/skills/hetzner/hetzner-live-firewall-rule-guard/references/workflow-and-output.md +80 -0
- package/skills/hetzner/hetzner-live-server-lifecycle-guard/SKILL.md +65 -0
- package/skills/hetzner/hetzner-live-server-lifecycle-guard/metadata.json +26 -0
- package/skills/hetzner/hetzner-live-server-lifecycle-guard/references/official-sources.md +29 -0
- package/skills/hetzner/hetzner-live-server-lifecycle-guard/references/safety-checklist.md +42 -0
- package/skills/hetzner/hetzner-live-server-lifecycle-guard/references/workflow-and-output.md +88 -0
- package/skills/hetzner/hetzner-maestro/SKILL.md +61 -0
- package/skills/hetzner/hetzner-maestro/metadata.json +25 -0
- package/skills/hetzner/hetzner-maestro/references/official-sources.md +19 -0
- package/skills/hetzner/hetzner-maestro/references/safety-checklist.md +25 -0
- package/skills/hetzner/hetzner-maestro/references/workflow-and-output.md +56 -0
- package/skills/ionos/ionos-cost-optimization-analyst/SKILL.md +57 -0
- package/skills/ionos/ionos-cost-optimization-analyst/metadata.json +27 -0
- package/skills/ionos/ionos-cost-optimization-analyst/references/official-sources.md +16 -0
- package/skills/ionos/ionos-cost-optimization-analyst/references/safety-checklist.md +25 -0
- package/skills/ionos/ionos-cost-optimization-analyst/references/workflow-and-output.md +65 -0
- package/skills/ionos/ionos-datacenter-designer-reviewer/SKILL.md +56 -0
- package/skills/ionos/ionos-datacenter-designer-reviewer/metadata.json +27 -0
- package/skills/ionos/ionos-datacenter-designer-reviewer/references/official-sources.md +16 -0
- package/skills/ionos/ionos-datacenter-designer-reviewer/references/safety-checklist.md +28 -0
- package/skills/ionos/ionos-datacenter-designer-reviewer/references/workflow-and-output.md +70 -0
- package/skills/ionos/ionos-kubernetes-platform-operator/SKILL.md +57 -0
- package/skills/ionos/ionos-kubernetes-platform-operator/metadata.json +27 -0
- package/skills/ionos/ionos-kubernetes-platform-operator/references/official-sources.md +16 -0
- package/skills/ionos/ionos-kubernetes-platform-operator/references/safety-checklist.md +27 -0
- package/skills/ionos/ionos-kubernetes-platform-operator/references/workflow-and-output.md +76 -0
- package/skills/ionos/ionos-live-database-lifecycle-guard/SKILL.md +66 -0
- package/skills/ionos/ionos-live-database-lifecycle-guard/metadata.json +27 -0
- package/skills/ionos/ionos-live-database-lifecycle-guard/references/official-sources.md +16 -0
- package/skills/ionos/ionos-live-database-lifecycle-guard/references/safety-checklist.md +37 -0
- package/skills/ionos/ionos-live-database-lifecycle-guard/references/workflow-and-output.md +58 -0
- package/skills/ionos/ionos-maestro/SKILL.md +54 -0
- package/skills/ionos/ionos-maestro/metadata.json +26 -0
- package/skills/ionos/ionos-maestro/references/official-sources.md +15 -0
- package/skills/ionos/ionos-maestro/references/safety-checklist.md +24 -0
- package/skills/ionos/ionos-maestro/references/workflow-and-output.md +57 -0
- package/skills/ionos/ionos-security-compliance-reviewer/SKILL.md +57 -0
- package/skills/ionos/ionos-security-compliance-reviewer/metadata.json +27 -0
- package/skills/ionos/ionos-security-compliance-reviewer/references/official-sources.md +16 -0
- package/skills/ionos/ionos-security-compliance-reviewer/references/safety-checklist.md +26 -0
- package/skills/ionos/ionos-security-compliance-reviewer/references/workflow-and-output.md +65 -0
- package/skills/ovhcloud/ovhcloud-cost-finops-analyst/SKILL.md +53 -0
- package/skills/ovhcloud/ovhcloud-cost-finops-analyst/metadata.json +26 -0
- package/skills/ovhcloud/ovhcloud-cost-finops-analyst/references/official-sources.md +15 -0
- package/skills/ovhcloud/ovhcloud-cost-finops-analyst/references/safety-checklist.md +26 -0
- package/skills/ovhcloud/ovhcloud-cost-finops-analyst/references/workflow-and-output.md +61 -0
- package/skills/ovhcloud/ovhcloud-iam-policy-review/SKILL.md +52 -0
- package/skills/ovhcloud/ovhcloud-iam-policy-review/metadata.json +26 -0
- package/skills/ovhcloud/ovhcloud-iam-policy-review/references/official-sources.md +15 -0
- package/skills/ovhcloud/ovhcloud-iam-policy-review/references/safety-checklist.md +25 -0
- package/skills/ovhcloud/ovhcloud-iam-policy-review/references/workflow-and-output.md +62 -0
- package/skills/ovhcloud/ovhcloud-kubernetes-platform-operator/SKILL.md +53 -0
- package/skills/ovhcloud/ovhcloud-kubernetes-platform-operator/metadata.json +26 -0
- package/skills/ovhcloud/ovhcloud-kubernetes-platform-operator/references/official-sources.md +15 -0
- package/skills/ovhcloud/ovhcloud-kubernetes-platform-operator/references/safety-checklist.md +26 -0
- package/skills/ovhcloud/ovhcloud-kubernetes-platform-operator/references/workflow-and-output.md +64 -0
- package/skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard/SKILL.md +55 -0
- package/skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard/metadata.json +25 -0
- package/skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard/references/official-sources.md +14 -0
- package/skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard/references/safety-checklist.md +33 -0
- package/skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard/references/workflow-and-output.md +69 -0
- package/skills/ovhcloud/ovhcloud-maestro/SKILL.md +50 -0
- package/skills/ovhcloud/ovhcloud-maestro/metadata.json +26 -0
- package/skills/ovhcloud/ovhcloud-maestro/references/official-sources.md +15 -0
- package/skills/ovhcloud/ovhcloud-maestro/references/safety-checklist.md +23 -0
- package/skills/ovhcloud/ovhcloud-maestro/references/workflow-and-output.md +50 -0
- package/skills/ovhcloud/ovhcloud-network-architect/SKILL.md +54 -0
- package/skills/ovhcloud/ovhcloud-network-architect/metadata.json +26 -0
- package/skills/ovhcloud/ovhcloud-network-architect/references/official-sources.md +15 -0
- package/skills/ovhcloud/ovhcloud-network-architect/references/safety-checklist.md +26 -0
- package/skills/ovhcloud/ovhcloud-network-architect/references/workflow-and-output.md +65 -0
- package/skills/scaleway/scaleway-cost-optimizer/SKILL.md +66 -0
- package/skills/scaleway/scaleway-cost-optimizer/metadata.json +27 -0
- package/skills/scaleway/scaleway-cost-optimizer/references/official-sources.md +16 -0
- package/skills/scaleway/scaleway-cost-optimizer/references/safety-checklist.md +24 -0
- package/skills/scaleway/scaleway-cost-optimizer/references/workflow-and-output.md +68 -0
- package/skills/scaleway/scaleway-iam-policy-review/SKILL.md +59 -0
- package/skills/scaleway/scaleway-iam-policy-review/metadata.json +27 -0
- package/skills/scaleway/scaleway-iam-policy-review/references/official-sources.md +15 -0
- package/skills/scaleway/scaleway-iam-policy-review/references/safety-checklist.md +25 -0
- package/skills/scaleway/scaleway-iam-policy-review/references/workflow-and-output.md +69 -0
- package/skills/scaleway/scaleway-kapsule-platform-operator/SKILL.md +63 -0
- package/skills/scaleway/scaleway-kapsule-platform-operator/metadata.json +27 -0
- package/skills/scaleway/scaleway-kapsule-platform-operator/references/official-sources.md +17 -0
- package/skills/scaleway/scaleway-kapsule-platform-operator/references/safety-checklist.md +25 -0
- package/skills/scaleway/scaleway-kapsule-platform-operator/references/workflow-and-output.md +69 -0
- package/skills/scaleway/scaleway-live-kapsule-rollout-guard/SKILL.md +91 -0
- package/skills/scaleway/scaleway-live-kapsule-rollout-guard/metadata.json +28 -0
- package/skills/scaleway/scaleway-live-kapsule-rollout-guard/references/official-sources.md +16 -0
- package/skills/scaleway/scaleway-live-kapsule-rollout-guard/references/safety-checklist.md +35 -0
- package/skills/scaleway/scaleway-live-kapsule-rollout-guard/references/workflow-and-output.md +44 -0
- package/skills/scaleway/scaleway-maestro/SKILL.md +58 -0
- package/skills/scaleway/scaleway-maestro/metadata.json +26 -0
- package/skills/scaleway/scaleway-maestro/references/official-sources.md +15 -0
- package/skills/scaleway/scaleway-maestro/references/safety-checklist.md +23 -0
- package/skills/scaleway/scaleway-maestro/references/workflow-and-output.md +59 -0
- package/skills/scaleway/scaleway-network-architect/SKILL.md +66 -0
- package/skills/scaleway/scaleway-network-architect/metadata.json +27 -0
- package/skills/scaleway/scaleway-network-architect/references/official-sources.md +17 -0
- package/skills/scaleway/scaleway-network-architect/references/safety-checklist.md +26 -0
- package/skills/scaleway/scaleway-network-architect/references/workflow-and-output.md +70 -0
package/skills/ovhcloud/ovhcloud-kubernetes-platform-operator/references/workflow-and-output.md
ADDED
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# Workflow and output contract
|
|
2
|
+
|
|
3
|
+
Use this reference only when performing a full cluster review, upgrade planning pass, node pool assessment, or security posture audit for OVHcloud Managed Kubernetes.
|
|
4
|
+
|
|
5
|
+
## Review domains
|
|
6
|
+
|
|
7
|
+
Check these areas before giving a verdict:
|
|
8
|
+
|
|
9
|
+
- Cluster version, available upgrade path, and API deprecation risks in the target version
|
|
10
|
+
- Node pool flavor selection, autoscaling bounds (min/max), and current utilization posture
|
|
11
|
+
- PodDisruptionBudgets (PDB): presence, minAvailable / maxUnavailable settings, and workload coverage
|
|
12
|
+
- Drain and reschedule readiness: taint, toleration, and node affinity configuration
|
|
13
|
+
- RBAC: ClusterRoleBindings and RoleBindings scope, service account privileges, and wildcard permission usage
|
|
14
|
+
- Network policies: default-deny posture, ingress/egress rules, and cross-namespace exposure
|
|
15
|
+
- Terraform IaC for `ovh_cloud_project_kube` and `ovh_cloud_project_kube_nodepool`: version pinning, node pool lifecycle policies
|
|
16
|
+
|
|
17
|
+
## Safe workflow
|
|
18
|
+
|
|
19
|
+
1. **Frame scope**
|
|
20
|
+
- Project ID, cluster name, and region:
|
|
21
|
+
- Current and target Kubernetes version:
|
|
22
|
+
- Business criticality and maintenance window:
|
|
23
|
+
- Required outcome (upgrade, scale, security review, node pool change):
|
|
24
|
+
- Explicit non-goals:
|
|
25
|
+
2. **Collect evidence**
|
|
26
|
+
- Prefer live OVHcloud MCK API or `kubectl` read-only evidence if available.
|
|
27
|
+
- Otherwise inspect repository `ovh_cloud_project_kube` resources, sanitized cluster config, or official OVHcloud docs.
|
|
28
|
+
- Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
|
|
29
|
+
3. **Stress-test risk**
|
|
30
|
+
- What workloads lack a PDB and would be disrupted by a node drain?
|
|
31
|
+
- What version upgrade carries API deprecations or breaking add-on compatibility?
|
|
32
|
+
- What RBAC binding grants cluster-wide write or escalation paths?
|
|
33
|
+
- What network policy gap exposes backend services across namespaces?
|
|
34
|
+
- What evidence is missing that prevents confident upgrade or operational sign-off?
|
|
35
|
+
4. **Recommend the smallest safe action**
|
|
36
|
+
- Prefer blue-green node pool rotation over in-place forced replacement.
|
|
37
|
+
- Prefer upgrade in a staging cluster before production.
|
|
38
|
+
- If PDBs are absent or drain verification is unconfirmed, stop and say so.
|
|
39
|
+
|
|
40
|
+
## Output contract
|
|
41
|
+
|
|
42
|
+
Return this structure:
|
|
43
|
+
|
|
44
|
+
```markdown
|
|
45
|
+
# OVHcloud Managed Kubernetes Review: <cluster name or scope>
|
|
46
|
+
## Executive verdict
|
|
47
|
+
- Status: READY / READY WITH RISKS / NOT READY / NEEDS EVIDENCE
|
|
48
|
+
- Biggest risk:
|
|
49
|
+
- Evidence level:
|
|
50
|
+
## Scope and assumptions
|
|
51
|
+
- Confirmed:
|
|
52
|
+
- Unknown:
|
|
53
|
+
- Out of scope:
|
|
54
|
+
## Findings
|
|
55
|
+
| Severity | Finding | Evidence | Why it matters | Minimum safe action |
|
|
56
|
+
|---|---|---|---|---|
|
|
57
|
+
## Recommended actions
|
|
58
|
+
1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
|
|
59
|
+
## PDB and drain readiness
|
|
60
|
+
- PDB coverage: <assessed or unknown>
|
|
61
|
+
- Drain verification: <confirmed / unconfirmed / not applicable>
|
|
62
|
+
## Residual risk
|
|
63
|
+
- <risk or explicit none>
|
|
64
|
+
```
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ovhcloud-live-kms-key-destruction-guard
|
|
3
|
+
description: Gate and audit OVHcloud KMS key version destruction requests by enforcing five mandatory checks: confirmed key ID and KMS service URN, named approving identity, usage audit confirming zero active references within the retention window, documented waiting period, and a rollback or data-recovery plan. Use when a user requests destruction or rotation of an OVHcloud KMS key version. Hard-stop if any gate is absent or ambiguous.
|
|
4
|
+
allowed-tools: Read Grep Glob Bash
|
|
5
|
+
metadata:
|
|
6
|
+
author: "github: Raishin"
|
|
7
|
+
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-10"
|
|
9
|
+
category: security
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
# OVHcloud Live KMS Key Destruction Guard
|
|
13
|
+
|
|
14
|
+
## Purpose
|
|
15
|
+
|
|
16
|
+
Act as the approval gate for OVHcloud KMS key version destruction. All five mandatory checks must pass before producing a destruction plan. KMS key destruction is irreversible; encrypted data is permanently unrecoverable if the key is destroyed while still in use.
|
|
17
|
+
|
|
18
|
+
## When to use
|
|
19
|
+
|
|
20
|
+
Use this skill when:
|
|
21
|
+
|
|
22
|
+
- A user requests destruction or scheduled deletion of an OVHcloud KMS key version
|
|
23
|
+
- A key rotation workflow requires decommissioning an old key version
|
|
24
|
+
- An audit or compliance review identifies a key that should be retired
|
|
25
|
+
|
|
26
|
+
## Lean operating rules
|
|
27
|
+
|
|
28
|
+
- Prefer OVHcloud KMS docs and Terraform provider docs; if MCP tooling is unavailable, fall back to https://help.ovhcloud.com/ and Context7.
|
|
29
|
+
- **HARD STOP** — refuse to produce a destruction plan if any of the five mandatory gates are absent or ambiguous:
|
|
30
|
+
1. Exact key ID and KMS service URN of the target key version.
|
|
31
|
+
2. Named, authenticated approving identity (not just a role or alias).
|
|
32
|
+
3. Usage audit result confirming zero active references within the retention window.
|
|
33
|
+
4. Documented waiting period (as required by OVHcloud KMS policy or organizational standard).
|
|
34
|
+
5. Documented rollback plan or confirmed data recovery path for any data encrypted under this key.
|
|
35
|
+
- Never accept vague intent ("just delete it") as a gate pass.
|
|
36
|
+
- Never ask for actual encryption key material, OAuth2 client secrets, or application keys.
|
|
37
|
+
- After all gates pass, output the destruction plan for human review — do not execute automatically.
|
|
38
|
+
|
|
39
|
+
## References
|
|
40
|
+
|
|
41
|
+
Load these only when needed:
|
|
42
|
+
|
|
43
|
+
- [Workflow and output contract](references/workflow-and-output.md) — use when processing a destruction request or formatting the gate verdict and destruction plan.
|
|
44
|
+
- [Safety checklist](references/safety-checklist.md) — use before every destruction request; contains hard-stops and mandatory posture for this live-guard skill.
|
|
45
|
+
- [Official sources](references/official-sources.md) — use when grounding OVHcloud KMS service behavior or checking the source list.
|
|
46
|
+
|
|
47
|
+
## Response minimum
|
|
48
|
+
|
|
49
|
+
Return, at minimum:
|
|
50
|
+
|
|
51
|
+
- the gate-by-gate verdict (pass/fail with evidence for each gate),
|
|
52
|
+
- the evidence level for each gate assertion,
|
|
53
|
+
- a hard-stop message if any gate fails,
|
|
54
|
+
- the full destruction plan only when all five gates pass,
|
|
55
|
+
- explicit rollback or recovery steps in the destruction plan.
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "ovhcloud-live-kms-key-destruction-guard",
|
|
3
|
+
"name": "OVHcloud Live KMS Key Destruction Guard",
|
|
4
|
+
"type": "skill",
|
|
5
|
+
"provider": "ovhcloud",
|
|
6
|
+
"harnesses": [
|
|
7
|
+
"codex",
|
|
8
|
+
"copilot",
|
|
9
|
+
"claude-code",
|
|
10
|
+
"cursor",
|
|
11
|
+
"gemini",
|
|
12
|
+
"kiro"
|
|
13
|
+
],
|
|
14
|
+
"summary": "Gate and audit OVHcloud KMS key version destruction by enforcing five mandatory checks: key ID confirmation, named approver, usage audit, waiting period, and rollback plan before any destructive key operation.",
|
|
15
|
+
"source_type": "original",
|
|
16
|
+
"official_docs": [
|
|
17
|
+
"https://help.ovhcloud.com/csm/en-kms?id=kb_article_view&sysparm_article=KB0063234",
|
|
18
|
+
"https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/okms_service_key"
|
|
19
|
+
],
|
|
20
|
+
"security_notes": "OVHcloud KMS key destruction is irreversible; data encrypted with a destroyed key version is permanently unrecoverable. Hard-stop if target key, approver identity, or rollback plan is ambiguous.",
|
|
21
|
+
"last_verified": "2026-05-10",
|
|
22
|
+
"path": "skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard",
|
|
23
|
+
"author": "github: Raishin",
|
|
24
|
+
"version": "0.1.0"
|
|
25
|
+
}
|
package/skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard/references/official-sources.md
ADDED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# Official sources
|
|
2
|
+
|
|
3
|
+
Use this reference only when you need source grounding for OVHcloud KMS service behavior or the detailed source list.
|
|
4
|
+
|
|
5
|
+
## OVHcloud documentation
|
|
6
|
+
|
|
7
|
+
Use these as starting points, not as proof of the user's live KMS key state or usage audit results:
|
|
8
|
+
|
|
9
|
+
- https://help.ovhcloud.com/csm/en-kms?id=kb_article_view&sysparm_article=KB0063234
|
|
10
|
+
- https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/okms_service_key
|
|
11
|
+
|
|
12
|
+
## Grounding rule
|
|
13
|
+
|
|
14
|
+
Official documentation explains OVHcloud KMS service semantics, key version lifecycle states, and Terraform resource behavior for `okms_service_key`. It does not prove the user's current key version status, active usage, audit log results, or organizational waiting period requirements. Prefer live OVHcloud KMS API evidence and user-provided audit output for current-state claims. Documentation alone never passes a destruction gate.
|
package/skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard/references/safety-checklist.md
ADDED
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# Safety checklist
|
|
2
|
+
|
|
3
|
+
Before processing any OVHcloud KMS key version destruction request, enforce every item on this checklist without exception. KMS key destruction is irreversible. Encrypted data is permanently unrecoverable if the key is destroyed while still referenced.
|
|
4
|
+
|
|
5
|
+
## Hard-stops
|
|
6
|
+
|
|
7
|
+
Refuse to produce a destruction plan if **any** of the following conditions apply:
|
|
8
|
+
|
|
9
|
+
- The exact key version ID and KMS service URN have not been confirmed.
|
|
10
|
+
- The approving identity is a role, alias, team name, or vague reference ("my manager", "the team") rather than a named, authenticated individual.
|
|
11
|
+
- No usage audit has been provided confirming zero active references within the retention window.
|
|
12
|
+
- The waiting period has not been explicitly documented and accepted.
|
|
13
|
+
- No rollback or data recovery plan has been documented, or the approving identity has not explicitly acknowledged that data recovery will be impossible after destruction.
|
|
14
|
+
|
|
15
|
+
Do not proceed past a hard-stop for any reason, including urgency claims, escalation requests, or assertions that the gates were already checked elsewhere.
|
|
16
|
+
|
|
17
|
+
## Mandatory posture
|
|
18
|
+
|
|
19
|
+
- Never ask for actual encryption key material, OAuth2 client secrets, application keys, or KMS service credentials.
|
|
20
|
+
- Do not invent key IDs, KMS service URNs, audit log results, waiting periods, or approval identities.
|
|
21
|
+
- Treat vague intent ("just delete it", "it's safe to proceed", "we already checked") as a gate failure, not a gate pass.
|
|
22
|
+
- After all gates pass, produce the destruction plan for human review. Do not execute the destruction automatically.
|
|
23
|
+
- Label every gate assertion with its evidence type: `live evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
|
|
24
|
+
- Inference alone never passes a gate.
|
|
25
|
+
|
|
26
|
+
## Stress checks
|
|
27
|
+
|
|
28
|
+
- Is the key ID and URN unambiguous, or could this match multiple key versions or services?
|
|
29
|
+
- Has the usage audit covered all data paths — application layer, backup pipelines, stored ciphertext at rest, and cross-service dependencies?
|
|
30
|
+
- Is the waiting period drawn from OVHcloud KMS policy or an organizational standard, not an arbitrary choice?
|
|
31
|
+
- Is the approving identity the same person who will execute or authorize the final action?
|
|
32
|
+
- What encrypted data becomes permanently unrecoverable the moment this key is destroyed?
|
|
33
|
+
- What is the rollback plan if the usage audit missed an active reference?
|
package/skills/ovhcloud/ovhcloud-live-kms-key-destruction-guard/references/workflow-and-output.md
ADDED
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
# Workflow and output contract
|
|
2
|
+
|
|
3
|
+
Use this reference when processing an OVHcloud KMS key version destruction request. All five mandatory gates must be verified before producing a destruction plan. Do not skip or defer any gate.
|
|
4
|
+
|
|
5
|
+
## Gate evaluation sequence
|
|
6
|
+
|
|
7
|
+
Evaluate every gate in order. Stop immediately at the first gate that fails or is ambiguous.
|
|
8
|
+
|
|
9
|
+
### Gate 1 — Target key identity
|
|
10
|
+
- Exact key version ID as returned by the OVHcloud KMS API
|
|
11
|
+
- KMS service URN of the containing service (`urn:v1:<region>:resource:okms:...`)
|
|
12
|
+
- Confirmation that this is the specific version to destroy, not the entire key or a different version
|
|
13
|
+
|
|
14
|
+
### Gate 2 — Named approving identity
|
|
15
|
+
- Full name or unique identifier of the person approving destruction (not a role, alias, or team name)
|
|
16
|
+
- Confirmation that the approver has authority over this key and has been informed of the irreversible nature of the action
|
|
17
|
+
- No vague intent ("just delete it", "my team said so") qualifies as a gate pass
|
|
18
|
+
|
|
19
|
+
### Gate 3 — Usage audit
|
|
20
|
+
- Evidence that the key version has zero active references within the retention window
|
|
21
|
+
- This means: no service, application, or stored ciphertext is currently depending on this key version for decryption
|
|
22
|
+
- Acceptable evidence: audit log output, application-layer confirmation, or encryption inventory check
|
|
23
|
+
|
|
24
|
+
### Gate 4 — Waiting period
|
|
25
|
+
- Documented waiting period as required by OVHcloud KMS policy or the organization's key retirement standard
|
|
26
|
+
- The waiting period must be explicitly stated and accepted, not assumed
|
|
27
|
+
|
|
28
|
+
### Gate 5 — Rollback or data recovery plan
|
|
29
|
+
- Documented plan for any data that was encrypted under this key version
|
|
30
|
+
- If data recovery is impossible after destruction, that must be explicitly acknowledged by the approving identity
|
|
31
|
+
|
|
32
|
+
## Safe workflow
|
|
33
|
+
|
|
34
|
+
1. **Announce gate evaluation** — state that all five gates will be checked before a destruction plan is produced.
|
|
35
|
+
2. **Collect gate evidence** — request each gate's evidence explicitly if it was not provided in the initial request.
|
|
36
|
+
3. **Evaluate each gate** — label each gate as PASS, FAIL, or AMBIGUOUS with the evidence cited.
|
|
37
|
+
4. **Hard-stop on any failure** — if any gate fails or is ambiguous, refuse the destruction plan and state exactly which gate failed and what evidence is required to clear it.
|
|
38
|
+
5. **Produce the destruction plan only when all five gates pass** — present the plan for human review; do not execute automatically.
|
|
39
|
+
|
|
40
|
+
## Output contract
|
|
41
|
+
|
|
42
|
+
Return this structure:
|
|
43
|
+
|
|
44
|
+
```markdown
|
|
45
|
+
# OVHcloud KMS Key Destruction Gate Review: <key ID or label>
|
|
46
|
+
## Gate verdict
|
|
47
|
+
| Gate | Status | Evidence |
|
|
48
|
+
|---|---|---|
|
|
49
|
+
| 1. Key ID and KMS service URN | PASS / FAIL / AMBIGUOUS | <evidence cited> |
|
|
50
|
+
| 2. Named approving identity | PASS / FAIL / AMBIGUOUS | <evidence cited> |
|
|
51
|
+
| 3. Usage audit (zero active references) | PASS / FAIL / AMBIGUOUS | <evidence cited> |
|
|
52
|
+
| 4. Waiting period documented | PASS / FAIL / AMBIGUOUS | <evidence cited> |
|
|
53
|
+
| 5. Rollback or data recovery plan | PASS / FAIL / AMBIGUOUS | <evidence cited> |
|
|
54
|
+
## Overall result
|
|
55
|
+
- PROCEED / HARD STOP
|
|
56
|
+
## Hard-stop reason (if applicable)
|
|
57
|
+
- Gate(s) failed: <list>
|
|
58
|
+
- Required to proceed: <what evidence or action is needed>
|
|
59
|
+
## Destruction plan (only when all gates pass)
|
|
60
|
+
- Target key version ID:
|
|
61
|
+
- KMS service URN:
|
|
62
|
+
- Approving identity:
|
|
63
|
+
- Waiting period:
|
|
64
|
+
- Data recovery posture:
|
|
65
|
+
- Destruction command or Terraform action (for review, not auto-execution):
|
|
66
|
+
- Post-destruction verification steps:
|
|
67
|
+
## Residual risk
|
|
68
|
+
- <explicit acknowledgment that destruction is irreversible, or explicit none>
|
|
69
|
+
```
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ovhcloud-maestro
|
|
3
|
+
description: Classify incoming OVHcloud requests by domain and route to the narrowest qualified specialist agent. Use when the user's task spans or is unclear across IAM, FinOps, Kubernetes, networking, or live-guard KMS domains. Does not answer specialist questions directly; produces a routing verdict with evidence and hands off with a clear scope statement.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
5
|
+
metadata:
|
|
6
|
+
author: "github: Raishin"
|
|
7
|
+
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-10"
|
|
9
|
+
category: platform
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
# OVHcloud Maestro
|
|
13
|
+
|
|
14
|
+
## Purpose
|
|
15
|
+
|
|
16
|
+
Act as the OVHcloud task router: classify the request, identify the narrowest qualified specialist, and hand off with a clear scope statement. Do not resolve specialist questions at this layer.
|
|
17
|
+
|
|
18
|
+
## When to use
|
|
19
|
+
|
|
20
|
+
Use this skill when:
|
|
21
|
+
|
|
22
|
+
- The user's OVHcloud request spans multiple domains (IAM + cost, networking + Kubernetes)
|
|
23
|
+
- The domain of the task is unclear or under-specified
|
|
24
|
+
- You need to dispatch to `ovhcloud-iam-policy-review`, `ovhcloud-cost-finops-analyst`, `ovhcloud-kubernetes-platform-operator`, `ovhcloud-network-architect`, or `ovhcloud-live-kms-key-destruction-guard`
|
|
25
|
+
|
|
26
|
+
## Lean operating rules
|
|
27
|
+
|
|
28
|
+
- Prefer OVHcloud API console or Terraform provider docs for classification signals; if MCP tooling is unavailable, fall back to https://help.ovhcloud.com/ and Context7.
|
|
29
|
+
- Separate confirmed domain classification from inference. If domain cannot be determined from context alone, ask one clarifying question.
|
|
30
|
+
- Challenge vague scope before routing; a mis-routed task wastes specialist context.
|
|
31
|
+
- Never attempt live OVHcloud API mutations from the routing layer.
|
|
32
|
+
- Keep routing output minimal: domain verdict, target specialist, and classification signals.
|
|
33
|
+
|
|
34
|
+
## References
|
|
35
|
+
|
|
36
|
+
Load these only when needed:
|
|
37
|
+
|
|
38
|
+
- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full routing workflow or formatting the routing verdict.
|
|
39
|
+
- [Safety checklist](references/safety-checklist.md) — use before dispatching to a live-guard or privileged specialist.
|
|
40
|
+
- [Official sources](references/official-sources.md) — use when grounding OVHcloud service classification or checking the source list.
|
|
41
|
+
|
|
42
|
+
## Response minimum
|
|
43
|
+
|
|
44
|
+
Return, at minimum:
|
|
45
|
+
|
|
46
|
+
- the domain verdict and confidence level,
|
|
47
|
+
- the recommended specialist agent,
|
|
48
|
+
- the classification signals used,
|
|
49
|
+
- any blockers that prevent confident routing,
|
|
50
|
+
- one clarifying question if domain is ambiguous.
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "ovhcloud-maestro",
|
|
3
|
+
"name": "OVHcloud Maestro",
|
|
4
|
+
"type": "skill",
|
|
5
|
+
"provider": "ovhcloud",
|
|
6
|
+
"harnesses": [
|
|
7
|
+
"codex",
|
|
8
|
+
"copilot",
|
|
9
|
+
"claude-code",
|
|
10
|
+
"cursor",
|
|
11
|
+
"gemini",
|
|
12
|
+
"kiro"
|
|
13
|
+
],
|
|
14
|
+
"summary": "Classify incoming OVHcloud tasks by domain and route to the narrowest qualified specialist agent for IAM, FinOps, Kubernetes, networking, or KMS operations.",
|
|
15
|
+
"source_type": "original",
|
|
16
|
+
"official_docs": [
|
|
17
|
+
"https://help.ovhcloud.com/csm/en-documentation?id=kb_home",
|
|
18
|
+
"https://api.ovh.com/console/",
|
|
19
|
+
"https://registry.terraform.io/providers/ovh/ovh/latest/docs"
|
|
20
|
+
],
|
|
21
|
+
"security_notes": "Routing layer must stay read-only; never attempt live OVHcloud API mutations from the classification layer — hand off to approval-gated specialists.",
|
|
22
|
+
"last_verified": "2026-05-10",
|
|
23
|
+
"path": "skills/ovhcloud/ovhcloud-maestro",
|
|
24
|
+
"author": "github: Raishin",
|
|
25
|
+
"version": "0.1.0"
|
|
26
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# Official sources
|
|
2
|
+
|
|
3
|
+
Use this reference only when you need source grounding for OVHcloud service classification or the detailed source list.
|
|
4
|
+
|
|
5
|
+
## OVHcloud documentation
|
|
6
|
+
|
|
7
|
+
Use these as classification anchors, not as proof of the user's live OVHcloud state:
|
|
8
|
+
|
|
9
|
+
- https://help.ovhcloud.com/csm/en-account-iam-policies?id=kb_article_view&sysparm_article=KB0055594
|
|
10
|
+
- https://registry.terraform.io/providers/ovh/ovh/latest/docs
|
|
11
|
+
- https://api.ovh.com/console/
|
|
12
|
+
|
|
13
|
+
## Grounding rule
|
|
14
|
+
|
|
15
|
+
Official documentation describes OVHcloud service behavior and resource types. It does not prove the user's current account structure, project configuration, deployed resources, or operational state. Prefer user-provided evidence or repository IaC for current-state claims. Use documentation only to confirm service semantics, resource naming, and domain classification signals.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# Safety checklist
|
|
2
|
+
|
|
3
|
+
Use this reference before any routing decision that may dispatch to a live-guard or privileged specialist.
|
|
4
|
+
|
|
5
|
+
## Non-negotiables
|
|
6
|
+
|
|
7
|
+
- Never attempt live OVHcloud API calls, Terraform mutations, or credential operations from the routing layer.
|
|
8
|
+
- Never ask users to paste API tokens, application keys, OAuth2 client secrets, or account passwords into chat.
|
|
9
|
+
- Do not invent account IDs, project IDs, region codes, resource URNs, or service names.
|
|
10
|
+
- Treat an ambiguous domain as a blocker — ask one clarifying question rather than routing to the wrong specialist.
|
|
11
|
+
- If the request contains signals for the live-guard KMS skill, confirm explicitly before routing. Key destruction is irreversible.
|
|
12
|
+
- Keep routing output minimal; do not speculate about specialist-layer findings before routing.
|
|
13
|
+
|
|
14
|
+
## Stress checks
|
|
15
|
+
|
|
16
|
+
- Is the domain actually clear, or is the classification an inference?
|
|
17
|
+
- Does the request contain any live-guard signals (key destruction, irreversible deletion, production mutation)?
|
|
18
|
+
- Is there enough scope information to give the specialist a useful handoff, or does the user need to provide more context first?
|
|
19
|
+
- Could routing to the wrong specialist expose privileged evidence or trigger an inappropriate action?
|
|
20
|
+
|
|
21
|
+
## Evidence labels
|
|
22
|
+
|
|
23
|
+
Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference` when describing classification signals. Inference alone never justifies routing to a live-guard specialist.
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
# Workflow and output contract
|
|
2
|
+
|
|
3
|
+
Use this reference only when performing domain classification, routing arbitration, or scope disambiguation for OVHcloud requests.
|
|
4
|
+
|
|
5
|
+
## Classification domains
|
|
6
|
+
|
|
7
|
+
Check these signals before assigning a domain verdict:
|
|
8
|
+
|
|
9
|
+
- **IAM** — policy URNs, `ovh_iam_policy` resources, OAuth2 credentials, identity groups, conditional access blocks
|
|
10
|
+
- **FinOps** — billing spikes, idle instances, unattached volumes, Savings Plans coverage gaps, tagging hygiene
|
|
11
|
+
- **Kubernetes** — MCK cluster lifecycle, node pool operations, version upgrades, RBAC, network policies
|
|
12
|
+
- **Networking** — vRack membership, VLAN segmentation, private network attachment, security groups, DNS zones
|
|
13
|
+
- **Live KMS guard** — key version destruction, key rotation decommission, scheduled deletion of `okms_service_key`
|
|
14
|
+
|
|
15
|
+
## Safe routing workflow
|
|
16
|
+
|
|
17
|
+
1. **Frame the request**
|
|
18
|
+
- Requested operation and surface area:
|
|
19
|
+
- Account / project ID (if stated):
|
|
20
|
+
- Environment (production / staging / unknown):
|
|
21
|
+
- Explicit non-goals:
|
|
22
|
+
2. **Collect classification signals**
|
|
23
|
+
- Prefer OVHcloud API console or Terraform provider resource names as domain anchors.
|
|
24
|
+
- Otherwise inspect repository IaC, user-provided config, or official OVHcloud docs.
|
|
25
|
+
- Label each signal as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
|
|
26
|
+
3. **Resolve domain overlap**
|
|
27
|
+
- If the request spans two domains, name both and route to the primary domain specialist with a note for the secondary.
|
|
28
|
+
- If domain cannot be determined from context alone, ask exactly one clarifying question. Do not ask compound questions.
|
|
29
|
+
4. **Emit routing verdict**
|
|
30
|
+
- Keep the verdict minimal: domain, specialist, signals, blockers, and one follow-up question if ambiguous.
|
|
31
|
+
- Never attempt live OVHcloud API mutations from the routing layer.
|
|
32
|
+
|
|
33
|
+
## Output contract
|
|
34
|
+
|
|
35
|
+
Return this structure:
|
|
36
|
+
|
|
37
|
+
```markdown
|
|
38
|
+
# OVHcloud Routing Verdict: <brief task label>
|
|
39
|
+
## Domain verdict
|
|
40
|
+
- Primary domain: <IAM | FinOps | Kubernetes | Networking | Live KMS guard>
|
|
41
|
+
- Confidence: HIGH / MEDIUM / LOW
|
|
42
|
+
- Classification signals:
|
|
43
|
+
## Recommended specialist
|
|
44
|
+
- Skill: <ovhcloud-iam-policy-review | ovhcloud-cost-finops-analyst | ovhcloud-kubernetes-platform-operator | ovhcloud-network-architect | ovhcloud-live-kms-key-destruction-guard>
|
|
45
|
+
- Scope handed off: <concise scope statement>
|
|
46
|
+
## Blockers
|
|
47
|
+
- <list or explicit none>
|
|
48
|
+
## Clarifying question (if confidence is LOW)
|
|
49
|
+
- <single question or omit this section>
|
|
50
|
+
```
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ovhcloud-network-architect
|
|
3
|
+
description: Design and review OVHcloud network topology including vRack private network segmentation, VLAN configuration, Public Cloud private network attachment, dedicated server connectivity, load balancer placement, DNS zone design, security group rules, and blast-radius scoping for topology changes. Use when the user needs vRack design guidance, network isolation review, or Terraform IaC review for `ovh_vrack` and related resources.
|
|
4
|
+
allowed-tools: Read Grep Glob
|
|
5
|
+
metadata:
|
|
6
|
+
author: "github: Raishin"
|
|
7
|
+
version: "0.1.0"
|
|
8
|
+
updated: "2026-05-10"
|
|
9
|
+
category: networking
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
# OVHcloud Network Architect
|
|
13
|
+
|
|
14
|
+
## Purpose
|
|
15
|
+
|
|
16
|
+
Design and review OVHcloud network topology with a security-first, least-exposure posture: vRack segmentation, VLAN isolation, private connectivity, and blast-radius scoping before any topology change.
|
|
17
|
+
|
|
18
|
+
## When to use
|
|
19
|
+
|
|
20
|
+
Use this skill for:
|
|
21
|
+
|
|
22
|
+
- vRack design: member inventory, VLAN assignment, and isolation between Public Cloud and dedicated infrastructure
|
|
23
|
+
- Private network attachment for Public Cloud projects and Kubernetes clusters
|
|
24
|
+
- Load balancer placement and upstream routing design
|
|
25
|
+
- DNS zone design and record management via `ovh_domain_zone` resources
|
|
26
|
+
- Security group rule review for Public Cloud instances
|
|
27
|
+
- Pre-change blast-radius assessment for vRack topology modifications
|
|
28
|
+
- Terraform IaC review for `ovh_vrack`, `ovh_cloud_project_network_private`, and related resources
|
|
29
|
+
|
|
30
|
+
## Lean operating rules
|
|
31
|
+
|
|
32
|
+
- Prefer OVHcloud networking docs and Terraform provider docs; if MCP tooling is unavailable, fall back to https://help.ovhcloud.com/ and Context7.
|
|
33
|
+
- Separate confirmed topology from inference. If the current vRack member list was not shown, say so.
|
|
34
|
+
- Challenge topology changes that lack blast-radius review, current member inventory, VLAN conflict check, and rollback plan.
|
|
35
|
+
- Recommend network isolation by default: least-exposure security groups, dedicated VLAN per tier, private-only backend communication.
|
|
36
|
+
- Never recommend topology changes without a rollback path confirmed in the change plan.
|
|
37
|
+
|
|
38
|
+
## References
|
|
39
|
+
|
|
40
|
+
Load these only when needed:
|
|
41
|
+
|
|
42
|
+
- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full topology review or formatting the final answer.
|
|
43
|
+
- [Safety checklist](references/safety-checklist.md) — use before vRack topology changes, VLAN modifications, private network deletions, or security group updates.
|
|
44
|
+
- [Official sources](references/official-sources.md) — use when grounding OVHcloud networking service behavior or checking the source list.
|
|
45
|
+
|
|
46
|
+
## Response minimum
|
|
47
|
+
|
|
48
|
+
Return, at minimum:
|
|
49
|
+
|
|
50
|
+
- the topology verdict and evidence level,
|
|
51
|
+
- confirmed isolation gaps or blast-radius risks,
|
|
52
|
+
- safe topology recommendations with rollback notes,
|
|
53
|
+
- VLAN conflict or member inventory gaps,
|
|
54
|
+
- blockers or unknowns that prevent stronger conclusions.
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "ovhcloud-network-architect",
|
|
3
|
+
"name": "OVHcloud Network Architect",
|
|
4
|
+
"type": "skill",
|
|
5
|
+
"provider": "ovhcloud",
|
|
6
|
+
"harnesses": [
|
|
7
|
+
"codex",
|
|
8
|
+
"copilot",
|
|
9
|
+
"claude-code",
|
|
10
|
+
"cursor",
|
|
11
|
+
"gemini",
|
|
12
|
+
"kiro"
|
|
13
|
+
],
|
|
14
|
+
"summary": "Design and review OVHcloud vRack topology, network isolation, private connectivity, load balancer placement, DNS, and security groups with blast-radius scoping for topology changes.",
|
|
15
|
+
"source_type": "original",
|
|
16
|
+
"official_docs": [
|
|
17
|
+
"https://help.ovhcloud.com/csm/en-vrack?id=kb_article_view&sysparm_article=KB0044799",
|
|
18
|
+
"https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/vrack",
|
|
19
|
+
"https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/cloud_project_network_private"
|
|
20
|
+
],
|
|
21
|
+
"security_notes": "vRack topology changes can expose bare-metal and Public Cloud resources to unintended lateral movement; always audit current vRack members and routing rules before recommending topology modifications.",
|
|
22
|
+
"last_verified": "2026-05-10",
|
|
23
|
+
"path": "skills/ovhcloud/ovhcloud-network-architect",
|
|
24
|
+
"author": "github: Raishin",
|
|
25
|
+
"version": "0.1.0"
|
|
26
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# Official sources
|
|
2
|
+
|
|
3
|
+
Use this reference only when you need source grounding for OVHcloud networking service behavior or the detailed source list.
|
|
4
|
+
|
|
5
|
+
## OVHcloud documentation
|
|
6
|
+
|
|
7
|
+
Use these as starting points, not as proof of the user's live vRack topology or network state:
|
|
8
|
+
|
|
9
|
+
- https://help.ovhcloud.com/csm/en-vrack?id=kb_article_view&sysparm_article=KB0044799
|
|
10
|
+
- https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/vrack
|
|
11
|
+
- https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/cloud_project_network_private
|
|
12
|
+
|
|
13
|
+
## Grounding rule
|
|
14
|
+
|
|
15
|
+
Official documentation explains OVHcloud vRack service semantics, VLAN configuration, private network attachment behavior, and Terraform resource capabilities. It does not prove the user's current vRack member inventory, VLAN assignments, security group rules, subnet configuration, or routing state. Prefer live OVHcloud API evidence or sanitized user-provided topology diagrams and Terraform state for current-state claims.
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# Safety checklist
|
|
2
|
+
|
|
3
|
+
Use this reference before recommending vRack topology changes, VLAN additions or removals, private network modifications, security group updates, or any action that could affect network isolation or connectivity.
|
|
4
|
+
|
|
5
|
+
## Non-negotiables
|
|
6
|
+
|
|
7
|
+
- Never ask users to paste API tokens, application keys, SSH private keys, or account passwords into chat.
|
|
8
|
+
- Prefer OVHcloud networking docs and Terraform provider docs for service behavior. If no live tooling is available, use repository evidence or official documentation and label the evidence level.
|
|
9
|
+
- Do not invent vRack IDs, VLAN IDs, subnet CIDRs, security group rule IDs, or live topology state.
|
|
10
|
+
- Require explicit user approval before recommending vRack member detachment, VLAN removal, private subnet deletion, or security group rule changes that affect production traffic paths.
|
|
11
|
+
- Never recommend a topology change without a confirmed rollback plan and blast-radius assessment.
|
|
12
|
+
- If the current vRack member inventory has not been confirmed, stop and require it before proceeding with topology change recommendations.
|
|
13
|
+
- Use Context7 or official OVHcloud documentation for current vRack service behavior, VLAN limits, and MCK private network attachment semantics.
|
|
14
|
+
|
|
15
|
+
## Stress checks
|
|
16
|
+
|
|
17
|
+
- What topology change could isolate a production member and cause a service outage?
|
|
18
|
+
- What VLAN ID conflict could cause cross-tenant or cross-tier traffic leakage?
|
|
19
|
+
- What security group rule change leaves backend services reachable from the public internet or wrong tier?
|
|
20
|
+
- What private network modification could break Kubernetes cluster networking or inter-node communication?
|
|
21
|
+
- What DNS change could cause resolution failures, delegation breaks, or split-horizon inconsistencies?
|
|
22
|
+
- What rollback or recovery path is available if the topology change has unintended effects?
|
|
23
|
+
|
|
24
|
+
## Evidence labels
|
|
25
|
+
|
|
26
|
+
Use `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`. Documentation alone never proves the user's live vRack membership, VLAN assignments, security group rules, or routing state.
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
# Workflow and output contract
|
|
2
|
+
|
|
3
|
+
Use this reference only when performing a full vRack topology review, network isolation audit, private network design, or blast-radius assessment for OVHcloud networking.
|
|
4
|
+
|
|
5
|
+
## Review domains
|
|
6
|
+
|
|
7
|
+
Check these areas before giving a verdict:
|
|
8
|
+
|
|
9
|
+
- vRack member inventory: Public Cloud projects, dedicated servers, and other services attached to the vRack
|
|
10
|
+
- VLAN assignment and segmentation: VLAN IDs per tier, conflict risk with other members, and isolation between Public Cloud and dedicated infrastructure
|
|
11
|
+
- Private network attachment: `ovh_cloud_project_network_private` subnets, DHCP configuration, and routing between VLANs
|
|
12
|
+
- Security group rules: ingress and egress rules for Public Cloud instances, default-allow vs. least-exposure posture
|
|
13
|
+
- Load balancer placement and upstream routing path to backends
|
|
14
|
+
- DNS zone design: `ovh_domain_zone` record management, delegation, and split-horizon considerations
|
|
15
|
+
- Blast radius of proposed topology changes: what services lose connectivity if a vRack member or VLAN is removed
|
|
16
|
+
- Terraform IaC for `ovh_vrack`, `ovh_cloud_project_network_private`, and related resources
|
|
17
|
+
|
|
18
|
+
## Safe workflow
|
|
19
|
+
|
|
20
|
+
1. **Frame scope**
|
|
21
|
+
- vRack ID, attached member list (if known), and environment:
|
|
22
|
+
- Business criticality and traffic paths in scope:
|
|
23
|
+
- Change type (design, review, topology modification, VLAN add/remove):
|
|
24
|
+
- Required outcome:
|
|
25
|
+
- Explicit non-goals (e.g., do not modify dedicated server connectivity):
|
|
26
|
+
2. **Collect evidence**
|
|
27
|
+
- Prefer live OVHcloud API or Terraform state evidence if available.
|
|
28
|
+
- Otherwise inspect repository `ovh_vrack` and `ovh_cloud_project_network_private` resources, sanitized user-provided topology diagrams, or official OVHcloud docs.
|
|
29
|
+
- Label each finding as `live evidence`, `repo evidence`, `user-provided evidence`, `documentation-based`, or `inference`.
|
|
30
|
+
3. **Stress-test risk**
|
|
31
|
+
- What topology change could isolate a production member or break a critical traffic path?
|
|
32
|
+
- What VLAN conflict could cause cross-tenant or cross-tier leakage?
|
|
33
|
+
- What security group gap leaves backend services reachable from the wrong tier or the public internet?
|
|
34
|
+
- What DNS change could cause resolution failures or split-horizon inconsistencies?
|
|
35
|
+
- What evidence is missing that prevents a confident blast-radius assessment?
|
|
36
|
+
4. **Recommend the smallest safe action**
|
|
37
|
+
- Prefer additive changes (add VLAN, add private subnet) before removals.
|
|
38
|
+
- Require a rollback plan before recommending any vRack member detachment or VLAN removal.
|
|
39
|
+
- If the current vRack member inventory was not confirmed, stop and say so.
|
|
40
|
+
|
|
41
|
+
## Output contract
|
|
42
|
+
|
|
43
|
+
Return this structure:
|
|
44
|
+
|
|
45
|
+
```markdown
|
|
46
|
+
# OVHcloud Network Architecture Review: <vRack or scope>
|
|
47
|
+
## Executive verdict
|
|
48
|
+
- Status: READY / READY WITH RISKS / NOT READY / NEEDS EVIDENCE
|
|
49
|
+
- Biggest risk:
|
|
50
|
+
- Evidence level:
|
|
51
|
+
## Scope and assumptions
|
|
52
|
+
- Confirmed:
|
|
53
|
+
- Unknown:
|
|
54
|
+
- Out of scope:
|
|
55
|
+
## Findings
|
|
56
|
+
| Severity | Finding | Evidence | Why it matters | Minimum safe action |
|
|
57
|
+
|---|---|---|---|---|
|
|
58
|
+
## Recommended actions
|
|
59
|
+
1. <action> — owner: <owner>, validation: <check>, rollback: <rollback>
|
|
60
|
+
## Blast-radius assessment
|
|
61
|
+
- Members at risk: <list or none>
|
|
62
|
+
- VLAN conflict check: <confirmed / unconfirmed / not applicable>
|
|
63
|
+
## Residual risk
|
|
64
|
+
- <risk or explicit none>
|
|
65
|
+
```
|