@raishin/vanguard-frontier-agentic 2.0.1 → 2.1.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@raishin/vanguard-frontier-agentic",
-  "version": "2.0.1",
+  "version": "2.1.0",
   "description": "Cloud and zero-trust agentic workflow marketplace for skills, agents, rules, MCP references, and compliance-aware architecture.",
   "license": "Apache-2.0",
   "repository": {
@@ -56,6 +56,9 @@
     "validate:multi-harness-marketplace": "python3 tests/validate-multi-harness-marketplace.py",
     "validate:codex-marketplace": "python3 tests/validate-codex-marketplace.py",
     "validate:finops-fixtures": "python3 tests/validate-finops-price-fixtures.py",
+    "validate:readme-counts": "node tests/validate-readme-counts.mjs",
+    "validate:qa-cluster": "node tests/eval-qa-cluster.mjs",
+    "readme-counts:write": "node scripts/generate-readme-counts.mjs",
     "test:marketplace-validators": "python3 tests/test-marketplace-validators.py",
     "maestro-routing:write": "python3 tests/_generate_maestro_routing_fixtures.py",
     "plugin-manifest:write": "node scripts/generate-plugin-manifest.mjs",
@@ -66,7 +69,7 @@
     "test:gemini-bundling": "python3 tests/test-gemini-skill-bundling.py",
     "test:cursor-kiro-notices": "node tests/export-cursor-kiro-skill-notice.test.mjs",
     "test:fuzz": "node tests/fuzz-properties.test.mjs",
-    "validate": "npm run validate:catalog && npm run validate:aws && npm run manifest:check && npm run validate:allowed-tools && npm run validate:skill-schema && npm run validate:agent-schema && npm run validate:links && npm run validate:asset-integrity && npm run validate:mcp-trust-matrix && npm run validate:no-lifecycle-scripts && npm run validate:promotion-gatekeeper && npm run validate:install-coverage && npm run validate:maestro-routing && npm run validate:plugin-manifest && npm run validate:kiro-powers && npm run validate:multi-harness-marketplace && npm run validate:codex-marketplace && npm run validate:finops-fixtures",
+    "validate": "npm run validate:catalog && npm run validate:aws && npm run manifest:check && npm run validate:allowed-tools && npm run validate:skill-schema && npm run validate:agent-schema && npm run validate:links && npm run validate:asset-integrity && npm run validate:mcp-trust-matrix && npm run validate:no-lifecycle-scripts && npm run validate:promotion-gatekeeper && npm run validate:install-coverage && npm run validate:maestro-routing && npm run validate:plugin-manifest && npm run validate:kiro-powers && npm run validate:multi-harness-marketplace && npm run validate:codex-marketplace && npm run validate:finops-fixtures && npm run validate:readme-counts && npm run validate:qa-cluster",
     "release:sbom": "command -v syft >/dev/null 2>&1 && syft scan dir:. -o spdx-json=sbom.spdx.json || echo 'syft not installed; SBOM is generated in CI by anchore/sbom-action'",
     "lint:md": "npx --yes markdownlint-cli2 \"**/*.md\" \"#node_modules\" \"#.git\" \"#.code-review-graph\" \"#CHANGELOG.md\"",
     "lint:spell": "codespell",

package/plugins/vanguard-frontier-agentic/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "vanguard-frontier-agentic",
-  "version": "2.0.1",
+  "version": "2.1.0",
   "description": "Curated marketplace for cloud and zero-trust AI workflows. 331 agents, 286 skills, and rules across AWS, Azure, OCI, GCP, Alibaba Cloud, Huawei Cloud, Kubernetes, and Terraform.",
   "author": {
     "name": "Raishin",

package/scripts/generate-readme-counts.mjs

@@ -0,0 +1,162 @@
+#!/usr/bin/env node
+/**
+ * Generate catalog counts and inject them into README.md.
+ *
+ * Counts:
+ *   skills    = SKILL.md files under skills/ (recursive)
+ *   agents    = metadata.json files under agents/ (recursive)
+ *   providers = distinct `provider` values across agents metadata files
+ *   roles     = keys under `.roles` in catalog/install-roles.json
+ *   rules     = length of JSON array in catalog/rules.json
+ *   mcp       = length of JSON array in catalog/mcp-references.json
+ *
+ * Mode:
+ *   (default)  overwrite README.md in place
+ *   --check    compare expected vs actual, exit 1 if stale, 0 if current
+ *
+ * Run: npm run readme-counts:write
+ */
+
+import fs from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
+const readmePath = path.join(repoRoot, "README.md");
+const check = process.argv.includes("--check");
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+/** Recursively list all files under `dir`. Returns relative paths from `dir`. */
+function listFiles(dir) {
+  return fs.readdirSync(dir, { recursive: true }).map(String);
+}
+
+// ---------------------------------------------------------------------------
+// Compute counts
+// ---------------------------------------------------------------------------
+
+const skillFiles = listFiles(path.join(repoRoot, "skills"));
+const skillCount = skillFiles.filter((f) => f.endsWith("SKILL.md")).length;
+
+const agentFiles = listFiles(path.join(repoRoot, "agents"));
+const agentMetaFiles = agentFiles.filter((f) => f.endsWith("metadata.json"));
+const agentCount = agentMetaFiles.length;
+
+const allProviders = new Set();
+for (const f of agentMetaFiles) {
+  const fullPath = path.join(repoRoot, "agents", f);
+  const m = JSON.parse(fs.readFileSync(fullPath, "utf8"));
+  if (m.provider) allProviders.add(m.provider);
+}
+const providerCount = allProviders.size;
+
+const rolesData = JSON.parse(
+  fs.readFileSync(path.join(repoRoot, "catalog", "install-roles.json"), "utf8"),
+);
+const roleCount = Object.keys(rolesData.roles).length;
+
+const rulesData = JSON.parse(
+  fs.readFileSync(path.join(repoRoot, "catalog", "rules.json"), "utf8"),
+);
+const ruleCount = Array.isArray(rulesData) ? rulesData.length : 0;
+
+const mcpData = JSON.parse(
+  fs.readFileSync(path.join(repoRoot, "catalog", "mcp-references.json"), "utf8"),
+);
+const mcpCount = Array.isArray(mcpData) ? mcpData.length : 0;
+
+const counts = {
+  skills: skillCount,
+  agents: agentCount,
+  providers: providerCount,
+  roles: roleCount,
+  rules: ruleCount,
+  mcp: mcpCount,
+};
+
+// ---------------------------------------------------------------------------
+// Build the marker block
+// ---------------------------------------------------------------------------
+
+const markerBlock =
+  `<!-- readme-counts:start -->\n` +
+  `<!-- Generated by scripts/generate-readme-counts.mjs — do not edit by hand. Run: npm run readme-counts:write -->\n` +
+  `| Catalog | Count |\n` +
+  `| --- | --- |\n` +
+  `| Skills | ${skillCount} |\n` +
+  `| Agents | ${agentCount} |\n` +
+  `| Providers | ${providerCount} |\n` +
+  `| Install roles | ${roleCount} |\n` +
+  `| Rules | ${ruleCount} |\n` +
+  `| MCP references | ${mcpCount} |\n` +
+  `<!-- readme-counts:end -->`;
+
+// ---------------------------------------------------------------------------
+// Transform README content
+// ---------------------------------------------------------------------------
+
+function buildExpectedContent(original) {
+  let content = original;
+
+  // 1. Replace the marker block (markers preserved, inner content replaced)
+  const markerStartRe = /<!-- readme-counts:start -->[\s\S]*?<!-- readme-counts:end -->/;
+  if (markerStartRe.test(content)) {
+    content = content.replace(markerStartRe, markerBlock);
+  }
+
+  // 2. Replace inline count spans <!-- count:KEY -->OLDNUMBER<!-- /count -->
+  const inlineRe = /<!-- count:(skills|agents|providers|roles|rules|mcp) -->\d+<!-- \/count -->/g;
+  content = content.replace(inlineRe, (_, key) => {
+    return `<!-- count:${key} -->${counts[key]}<!-- /count -->`;
+  });
+
+  return content;
+}
+
+// ---------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------
+
+const original = fs.readFileSync(readmePath, "utf8");
+const expected = buildExpectedContent(original);
+
+if (check) {
+  if (original === expected) {
+    console.log("OK: README counts current");
+    process.exit(0);
+  }
+
+  // Print a basic diff-style report to stderr
+  const origLines = original.split("\n");
+  const expLines = expected.split("\n");
+  const maxLen = Math.max(origLines.length, expLines.length);
+  const diffLines = [];
+  for (let i = 0; i < maxLen; i++) {
+    const o = origLines[i];
+    const e = expLines[i];
+    if (o !== e) {
+      diffLines.push(`Line ${i + 1}:`);
+      if (o !== undefined) diffLines.push(`  - ${o}`);
+      if (e !== undefined) diffLines.push(`  + ${e}`);
+    }
+  }
+  process.stderr.write(
+    `ERROR: README.md counts are stale. Run: npm run readme-counts:write\n\n` +
+      diffLines.join("\n") +
+      "\n",
+  );
+  process.exit(1);
+} else {
+  if (original === expected) {
+    console.log("OK: README.md already up to date — no changes written.");
+  } else {
+    fs.writeFileSync(readmePath, expected, "utf8");
+    console.log(
+      `OK: README.md updated (skills=${skillCount}, agents=${agentCount}, ` +
+        `providers=${providerCount}, roles=${roleCount}, rules=${ruleCount}, mcp=${mcpCount})`,
+    );
+  }
+}

package/skills/qa/ci-test-pipeline-review/SKILL.md

@@ -0,0 +1,45 @@
+---
+name: ci-test-pipeline-review
+description: Use this skill when reviewing how a CI pipeline runs tests — gating, sharding, parallelism, fail-fast behavior, artifact retention, and flaky-test quarantine wiring. Trigger when a user provides a CI workflow file (GitHub Actions, GitLab CI, CircleCI, Jenkins), asks why CI is slow or unreliable as a merge gate, or wants to know whether their test pipeline actually blocks bad merges. This skill reviews CI configuration statically; it does not trigger or run pipelines.
+allowed-tools: Read Grep Glob
+metadata:
+  author: "github: Raishin"
+  version: "0.1.0"
+  updated: "2026-05-17"
+  category: delivery
+  lifecycle: experimental
+---
+
+# CI Test Pipeline Review
+
+## Purpose
+This skill reviews how a CI pipeline runs tests — not the tests themselves, but the pipeline that decides whether they block a merge. A test suite only protects the main branch if the pipeline runs it, runs it on the merge gate, fails the build when it fails, and finishes fast enough that developers do not route around it. The review catches non-blocking test steps, soft-failure escape hatches, missing required-check enforcement, un-sharded slow suites, fail-fast that hides parallel failures, missing artifacts, and quarantine lanes wired so that quarantined tests silently never run again.
+
+## Lean operating rules
+- Treat a test step that cannot fail the build — `|| true`, `continue-on-error: true`, `set +e`, an exit code swallowed, a non-blocking/optional check — as CRITICAL: the suite exists but gates nothing, and every "green" merge is unverified.
+- Treat tests that run only post-merge (on `push` to main, nightly) and not on the pull-request merge gate as HIGH — regressions are caught after they are already on the main branch.
+- Treat the test job not being a required status check for branch protection as HIGH — the run is advisory and a merge can proceed red. (Flag as inference if branch-protection config is not provided.)
+- Treat `fail-fast: true` on a test matrix as MEDIUM — it cancels sibling shards on the first failure, hiding how many shards actually failed and forcing repeated partial runs.
+- Treat a large suite in a single un-sharded job as HIGH when wall-clock time blocks merges — recommend a shard matrix sized to the suite.
+- Treat the absence of test-result and failure-artifact upload (JUnit XML, traces, screenshots, logs) as HIGH — a CI-only failure is then undebuggable and engineers re-run blindly.
+- Treat caching of dependencies/build but not keyed correctly (stale cache, no lockfile in the key) as MEDIUM — stale caches cause non-reproducible passes and failures.
+- Treat a quarantine lane that excludes flaky tests from gating with no scheduled non-blocking run and no tracking as HIGH — quarantined tests then never run again and the coverage is silently lost.
+- Treat secrets exposed to test jobs triggered by `pull_request_target` or to fork PRs as CRITICAL security exposure — flag and stop.
+- Treat a missing concurrency/cancel-in-progress group on PR test runs as LOW — wasted runners, not a correctness issue.
+- Do not recommend disabling or making a flaky check non-blocking as the fix — recommend quarantine with a scheduled run and an owner.
+- Label every finding with evidence basis: CI config provided, branch-protection config provided, documentation-based, or inference.
+
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review or formatting the final answer.
+
+## Response minimum
+Return, at minimum:
+- Gating findings (non-blocking steps, soft-failure escape hatches, required-check enforcement)
+- Merge-gate timing findings (PR vs. post-merge, sharding, parallelism)
+- Fail-fast and matrix configuration findings
+- Artifact and observability findings (test results, failure artifacts)
+- Quarantine-lane wiring findings
+- Security findings (secret exposure to test jobs)
+- Severity-labelled finding list (critical / high / medium / low)
+- Safe next actions

package/skills/qa/ci-test-pipeline-review/metadata.json

@@ -0,0 +1,21 @@
+{
+  "id": "ci-test-pipeline-review",
+  "name": "CI Test Pipeline Review",
+  "type": "skill",
+  "provider": "generic",
+  "harnesses": ["codex", "claude-code", "cursor", "gemini", "kiro", "other"],
+  "summary": "Review how a CI pipeline runs tests — gating, sharding, parallelism, fail-fast, artifact retention, quarantine wiring, and secret exposure — to verify the test suite actually blocks bad merges. Static review only.",
+  "source_type": "original",
+  "official_docs": [
+    "https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs",
+    "https://docs.github.com/en/repositories/configuring-branches-and-merges/about-protected-branches",
+    "https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions",
+    "https://docs.gitlab.com/ee/ci/yaml/",
+    "https://playwright.dev/docs/test-sharding"
+  ],
+  "security_notes": "Static review only — reads CI workflow and branch-protection configuration, never triggers or runs pipelines. Flags secret exposure to test jobs on pull_request_target or fork PRs. Never request or accept CI secrets, deploy keys, or registry tokens; ask for sanitized workflow files.",
+  "last_verified": "2026-05-17",
+  "path": "skills/qa/ci-test-pipeline-review",
+  "author": "github: Raishin",
+  "version": "0.1.0"
+}

package/skills/qa/ci-test-pipeline-review/references/workflow-and-output.md

@@ -0,0 +1,124 @@
+# Workflow and Output Contract
+
+## Workflow
+
+### Step 1 — Collect inputs
+
+Ask the user to provide one or more of the following as sanitized files (no CI secrets, no deploy keys, no registry tokens — replace with placeholders):
+- The CI workflow file(s) that run tests (`.github/workflows/*.yml`, `.gitlab-ci.yml`, `.circleci/config.yml`, `Jenkinsfile`)
+- The branch-protection / merge-rule configuration, if available (which checks are required to merge)
+- Any reusable workflow or composite action the test job calls
+- Optional: a recent pipeline run summary showing job durations
+
+If branch-protection configuration is not provided, required-check findings are stated as `inference` — say so and ask for it.
+
+### Step 2 — Gating audit
+
+Confirm the test step can actually fail the build.
+
+```yaml
+# CRITICAL — test failures are swallowed; the job is always green
+- run: npm test || true
+
+# CRITICAL — step failure does not fail the job
+- run: npm test
+  continue-on-error: true
+```
+Scan for every escape hatch: `|| true`, `continue-on-error: true`, `set +e`, `; exit 0`, a test command piped so its exit code is lost (`npm test | tee log`), or a soft/optional/advisory check label. Any of these on the test step is CRITICAL — the suite runs, looks green, and verifies nothing.
+
+### Step 3 — Merge-gate placement audit
+
+Confirm tests run on the pull-request merge gate, not only after merge.
+
+- Tests triggered only on `push` to main, on a schedule, or in a nightly job → HIGH. Regressions are then detected after they are already on the protected branch.
+- Tests run on `pull_request` but the job is not in the repo's required status checks → HIGH (or `inference` if branch protection is not provided). The run is advisory; a red PR can still merge.
+- Recommended: the test job runs on `pull_request` and is a required status check; merges queue behind a green run.
+
+### Step 4 — Speed and sharding audit
+
+Review wall-clock time on the merge gate.
+
+- A large suite in a single job with no sharding, where the job duration is long enough that developers complain or route around it → HIGH. Recommend a shard matrix:
+```yaml
+strategy:
+  fail-fast: false
+  matrix:
+    shard: [1, 2, 3, 4]
+steps:
+  - run: npx playwright test --shard=${{ matrix.shard }}/4
+```
+- `workers`/parallelism pinned to 1 with no reason → MEDIUM.
+- Dependency or build cache missing, or keyed without the lockfile hash → MEDIUM: stale caches produce non-reproducible results.
+
+### Step 5 — Fail-fast and matrix audit
+
+- `fail-fast: true` (the default on GitHub Actions matrices) on a test shard matrix → MEDIUM. The first shard failure cancels the others, so a developer sees "1 shard failed" when 3 did, fixes one cause, re-runs, and discovers the next. Set `fail-fast: false` for test matrices so every shard reports.
+- No `concurrency` group with `cancel-in-progress` on PR runs → LOW: superseded commits keep burning runners.
+
+### Step 6 — Artifact and observability audit
+
+- No upload of test results (JUnit XML) and failure artifacts (traces, screenshots, videos, logs) → HIGH. A CI-only failure is then undebuggable; engineers re-run blindly hoping for green.
+- Artifacts uploaded only on success, or retention too short to investigate → MEDIUM.
+- Recommended: upload JUnit XML always, and traces/screenshots/logs `if: failure()`.
+
+### Step 7 — Quarantine-lane audit
+
+If a flaky-test quarantine mechanism exists in CI:
+- Quarantined tests excluded from the gate but with **no scheduled non-blocking run** → HIGH: the tests never execute again and the coverage is silently lost.
+- Quarantine with no tracking issue and no owner → HIGH (consistent with the flakiness-triage skill).
+- Recommended: quarantined tests run in a separate non-blocking job on every PR or on a schedule, their results visible, each with an owner and a fix deadline.
+
+### Step 8 — Security audit
+
+- Test jobs triggered by `pull_request_target` that check out and execute PR-author code with secrets in scope → CRITICAL. A fork PR can exfiltrate secrets. Flag and stop.
+- Secrets passed to test jobs that run on fork PRs → CRITICAL.
+- Long-lived credentials where OIDC / short-lived tokens would work → MEDIUM.
+
+### Step 9 — Produce the output
+
+Format findings using the Output section below.
+
+---
+
+## Output
+
+Return findings in this structure:
+
+```
+## Verdict
+<one sentence: pipeline gates merges / suite runs but gates nothing / mixed>
+
+## Evidence level
+<CI config + branch protection provided | CI config only | documentation-based | inference>
+
+## Findings
+
+### CRITICAL
+- [C1] <finding>: <description> — <remediation>
+
+### HIGH
+- [H1] <finding>: <description> — <remediation>
+
+### MEDIUM
+- [M1] <finding>: <description> — <remediation>
+
+### LOW
+- [L1] <finding>: <description> — <remediation>
+
+## Safe next actions
+1. <action>
+2. <action>
+
+## Open questions
+- <question requiring user clarification>
+```
+
+---
+
+## Security notes
+
+- Never request or accept CI secrets, deploy keys, or registry tokens. Ask for workflow files with placeholders.
+- This is a static review: do not trigger pipelines, dispatch workflows, or contact CI.
+- A test step with a soft-failure escape hatch (`|| true`, `continue-on-error`) is the highest-impact finding possible — the entire suite is decorative. Lead with it.
+- `pull_request_target` running PR-author code with secrets in scope is a real exfiltration path; treat it as CRITICAL and tell the user to stop merging through that pipeline until it is fixed.
+- Do not recommend making a flaky check non-blocking as the fix — that converts a known problem into an invisible one. Recommend quarantine with a scheduled run and an owner.

package/skills/qa/helm-chart-quality-review/SKILL.md

@@ -0,0 +1,61 @@
+---
+name: helm-chart-quality-review
+description: Use this skill when a user provides a Helm chart or asks to review Helm chart quality, security, or testability — including Chart.yaml, values.yaml, templates/, tests/, or chart-testing CI configuration.
+allowed-tools: Read Grep Glob
+metadata:
+  author: "github: Raishin"
+  version: "0.1.0"
+  updated: "2026-05-17"
+  category: delivery
+  lifecycle: experimental
+---
+
+# Helm Chart Quality Review
+
+## Purpose
+This skill reviews Helm chart source for quality, security, and testability defects. It reads chart files statically — Chart.yaml, values.yaml, values.schema.json, templates/, tests/, and CI configuration — without installing the chart or contacting a Kubernetes cluster. The review surfaces defects that allow bad workloads to be deployed silently: insecure container security contexts, missing resource governance, absent health probes, RBAC over-permission, hardcoded or default credentials, and missing helm test coverage.
+
+## Lean operating rules
+- Treat `privileged: true`, `capabilities.add: [ALL]` or any combination that grants root-equivalent privileges as CRITICAL — stop and flag before continuing.
+- Treat `hostNetwork: true`, `hostPID: true`, or `hostIPC: true` as CRITICAL — these give a container visibility into the node's network stack, process table, or IPC namespace.
+- Treat secrets rendered inline in a ConfigMap (not a Secret resource) as CRITICAL — plain-text secrets are visible to any workload that can read ConfigMaps in the namespace.
+- Treat a `ClusterRoleBinding` to the `default` service account as CRITICAL — any workload in the namespace inherits cluster-scoped access.
+- Treat `capabilities.add: [SYS_ADMIN]` or `[NET_ADMIN]` as CRITICAL — these grant near-root kernel capabilities.
+- Treat hardcoded `:latest` image tags without override capability as HIGH — breaks reproducibility and makes rollback unreliable.
+- Treat `securityContext.runAsRoot: true` or the absence of `runAsNonRoot` on pod or container spec as HIGH — workloads should not run as UID 0.
+- Treat `allowPrivilegeEscalation` not explicitly set to `false` as HIGH — a child process can gain more privileges than the parent.
+- Treat cluster-scoped RBAC roles where namespace-scoped would suffice as HIGH — blast radius of a compromise is the entire cluster.
+- Treat `serviceAccount.automountServiceAccountToken` not set to `false` when the workload does not call the Kubernetes API as HIGH — the token is mounted unnecessarily and exploitable.
+- Treat missing `resources.requests` and `resources.limits` on every container as HIGH — without limits, a misbehaving pod can trigger node over-subscription and OOM kills on neighbours.
+- Treat missing `livenessProbe` or `readinessProbe` as HIGH — rolling updates proceed blind; a pod stuck in a failed state can be sent live traffic.
+- Treat sensitive default credential values (`admin`, `password`, empty string) in values.yaml as CRITICAL — users forget to override defaults and ship them to production.
+- Treat the absence of `values.schema.json` when required values carry no type or pattern constraint as MEDIUM — `helm install` accepts arbitrary input with no validation.
+- Treat missing `readOnlyRootFilesystem: true` as MEDIUM — a container with a writable root filesystem can modify its own binaries or drop exploit payloads.
+- Treat missing `startupProbe` for slow-starting containers as MEDIUM — liveness checks kill containers that need more startup time, causing crash loops.
+- Treat no `PodDisruptionBudget` for stateful or singleton workloads as MEDIUM — node drains can take the workload to zero replicas.
+- Treat no `HorizontalPodAutoscaler` where the workload is expected to scale as LOW.
+- Treat probe timeouts or failure thresholds at defaults with no tuning rationale as LOW.
+- Treat no `NOTES.txt` as LOW — users have no post-install guidance.
+- Treat a chart version that is not semver-compliant as LOW.
+- Treat `tests/` that contain only pod-existence checks and no service reachability or functional assertion as LOW — existence proves the pod started, not that the service works.
+- Treat no `tests/` directory at all as MEDIUM — helm test integration is absent.
+- Treat no CI integration for chart-testing (`ct lint-and-install` or equivalent) as MEDIUM — the chart is not regression-tested on install.
+- Label every finding with its evidence basis: `chart source provided`, `values only`, `documentation-based`, or `inference`.
+- Do not request kubeconfig, cluster credentials, cloud provider credentials, or live values files containing secrets. Ask for sanitized versions with placeholder values.
+- Static review only — never install a chart, never contact a Kubernetes cluster, never run `helm upgrade` or `kubectl apply`.
+
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review or formatting the final answer.
+
+## Response minimum
+Return, at minimum:
+- Linting and template correctness findings
+- Values hygiene findings (sensitive defaults, schema validation, `:latest` tags)
+- Template security findings (securityContext, capabilities, host namespaces, secrets in ConfigMap)
+- Resource governance findings (requests/limits, PDB, HPA)
+- Health and observability findings (liveness, readiness, startup probes)
+- Testability findings (helm test, chart-testing CI)
+- RBAC and service account findings
+- Severity-labelled finding list (CRITICAL / HIGH / MEDIUM / LOW)
+- Safe next actions

package/skills/qa/helm-chart-quality-review/metadata.json

@@ -0,0 +1,23 @@
+{
+  "id": "helm-chart-quality-review",
+  "name": "Helm Chart Quality Review",
+  "type": "skill",
+  "provider": "generic",
+  "harnesses": ["codex", "claude-code", "cursor", "gemini", "kiro", "other"],
+  "summary": "Review a Helm chart for quality, security, and testability defects — linting gaps, insecure securityContext, missing resource limits, absent health probes, RBAC over-permission, hardcoded secrets, and missing helm test coverage — statically, without installing or contacting a cluster.",
+  "source_type": "original",
+  "official_docs": [
+    "https://helm.sh/docs/chart_best_practices/",
+    "https://helm.sh/docs/helm/helm_lint/",
+    "https://helm.sh/docs/helm/helm_template/",
+    "https://helm.sh/docs/topics/chart_tests/",
+    "https://github.com/helm/chart-testing",
+    "https://kubernetes.io/docs/concepts/security/pod-security-standards/",
+    "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
+  ],
+  "security_notes": "Static review only — reads chart source files (Chart.yaml, values.yaml, templates/, tests/), never installs a chart, never connects to a Kubernetes cluster, never requests kubeconfig, cluster credentials, or cloud provider credentials. Do not accept values files containing live credentials, connection strings, or tenant IDs; ask for sanitized versions with placeholder values.",
+  "last_verified": "2026-05-17",
+  "path": "skills/qa/helm-chart-quality-review",
+  "author": "github: Raishin",
+  "version": "0.1.0"
+}

package/skills/qa/helm-chart-quality-review/references/workflow-and-output.md

@@ -0,0 +1,174 @@
+# Workflow and Output Contract
+
+## Workflow
+
+### Step 1 — Collect inputs
+
+Ask the user to provide one or more of the following as sanitized files (no live credentials, no kubeconfig, no cluster tokens — replace secrets with placeholders):
+- `Chart.yaml` — name, version, appVersion, dependencies
+- `values.yaml` — default values and their inline documentation
+- `values.schema.json` — JSON Schema validation for values (if present)
+- `templates/` — all template manifests (Deployment, StatefulSet, DaemonSet, Service, ConfigMap, Secret, RBAC resources, ServiceAccount, HPA, PDB, etc.)
+- `tests/` — helm test hook manifests
+- CI configuration (`ct.yaml`, `.github/workflows/*.yml`, `.gitlab-ci.yml`, or equivalent) if available
+
+If `values.schema.json` is absent, note it and flag as MEDIUM. If `tests/` is absent, note it and flag as MEDIUM. If CI configuration is not provided, state findings about chart-testing CI as `inference`.
+
+---
+
+### Step 2 — Linting and template correctness audit
+
+Check for structural and syntactic correctness.
+
+- Missing required `Chart.yaml` fields (`apiVersion`, `name`, `version`) → flag as blocking; the chart fails `helm lint`.
+- Chart `version` not semver-compliant (e.g. `1.0` instead of `1.0.0`) → LOW.
+- Undefined template variables that would cause `helm template` to fail → HIGH.
+- `helm template` renders manifests with empty required fields (image tag empty, pod name empty) → HIGH.
+- No `NOTES.txt` providing post-install next steps → LOW.
+
+---
+
+### Step 3 — Values hygiene audit
+
+Check for default value problems and schema coverage.
+
+- Hardcoded image tags set to `:latest` with no override mechanism → HIGH (breaks reproducibility and rollback).
+- Image digests hardcoded without a user-overridable `image.tag` or `image.digest` field → HIGH.
+- Sensitive default values: empty password (`password: ""`), literal `admin` or `password` as a default credential → CRITICAL. Users deploy defaults to production without noticing.
+- Required values with no `values.schema.json` type or pattern constraint → MEDIUM; `helm install` accepts arbitrary input with no validation.
+- Deeply nested values with no inline comment documentation → LOW; operators cannot understand what to tune without reading templates.
+
+---
+
+### Step 4 — Template security audit
+
+Check container and pod security configuration.
+
+```yaml
+# CRITICAL — container runs as root
+securityContext:
+  runAsUser: 0
+
+# CRITICAL — privileged mode grants near-root kernel access
+securityContext:
+  privileged: true
+
+# CRITICAL — grants all Linux capabilities
+securityContext:
+  capabilities:
+    add: ["ALL"]
+
+# CRITICAL — host namespace sharing
+spec:
+  hostNetwork: true
+  hostPID: true
+  hostIPC: true
+```
+
+- `runAsRoot: true` or `runAsNonRoot` absent from both pod-level and container-level securityContext → HIGH.
+- `allowPrivilegeEscalation` not set to `false` → HIGH; a child process can acquire more privileges than its parent.
+- `capabilities.add: [SYS_ADMIN]` or `[NET_ADMIN]` → CRITICAL.
+- `capabilities.add: [ALL]` → CRITICAL.
+- `privileged: true` → CRITICAL.
+- `hostNetwork: true`, `hostPID: true`, or `hostIPC: true` → CRITICAL for each.
+- `readOnlyRootFilesystem` absent or set to `false` → MEDIUM; the container filesystem is writable, enabling in-place modification of binaries.
+- Secrets (passwords, tokens, keys) rendered as plain-text data in a ConfigMap instead of a Secret resource → CRITICAL; any workload that can read ConfigMaps in the namespace can read the value.
+
+---
+
+### Step 5 — Resource governance audit
+
+Check resource requests, limits, and workload scaling policy.
+
+- `resources.requests` or `resources.limits` absent from any container spec → HIGH; without limits, a misbehaving pod triggers node over-subscription and may cause OOM kills on neighbouring workloads.
+- No `PodDisruptionBudget` for a StatefulSet or singleton Deployment → MEDIUM; node drains can take the workload to zero replicas.
+- No `HorizontalPodAutoscaler` where the workload is expected to handle variable load → LOW.
+
+---
+
+### Step 6 — Health and observability audit
+
+Check probe configuration.
+
+- `livenessProbe` absent from any container → HIGH; the kubelet cannot detect a hung container, and a failed pod can receive live traffic indefinitely.
+- `readinessProbe` absent → HIGH; rolling updates proceed without confirming the new pod is ready to serve traffic.
+- `startupProbe` absent for containers with slow or variable startup times → MEDIUM; the liveness probe fires before the container is ready, causing crash loops.
+- Probe `timeoutSeconds`, `failureThreshold`, or `periodSeconds` at Kubernetes defaults with no documented rationale → LOW; defaults may be too aggressive or too lenient for the workload.
+
+---
+
+### Step 7 — Testability audit
+
+Check helm test coverage and chart-testing CI integration.
+
+- No `tests/` directory → MEDIUM; helm test integration is absent. The chart has no post-install verification that can be run by `helm test`.
+- `tests/` present but test manifests only assert pod existence (`kubectl get pod`) and do not verify service reachability or a functional endpoint → LOW; existence confirms the pod started, not that the service responds correctly.
+- No CI integration for chart-testing — no `ct lint-and-install`, no `helm lint` + `helm template` step in CI configuration → MEDIUM; the chart is not regression-tested on install across a range of values.
+
+---
+
+### Step 8 — RBAC and service account audit
+
+Check role scope and service account token exposure.
+
+```yaml
+# CRITICAL — ClusterRoleBinding to default SA gives cluster-wide access
+# to every workload in the namespace
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: my-app
+roleRef:
+  kind: ClusterRole
+  name: admin
+```
+
+- `ClusterRoleBinding` to the `default` service account → CRITICAL.
+- `ClusterRole` used where a `Role` scoped to a single namespace would suffice → HIGH; blast radius of a compromised workload is the entire cluster.
+- `serviceAccount.automountServiceAccountToken` not set to `false` when the workload makes no Kubernetes API calls → HIGH; the service account token is mounted into the pod and exploitable by any process that can read the filesystem.
+
+---
+
+## Output
+
+Return findings in this structure:
+
+```
+## Verdict
+<one sentence: chart passes review with no critical issues / chart has critical defects that must be fixed before deployment / chart has high-severity defects requiring attention>
+
+## Evidence level
+<chart source provided | values only | partial (no templates) | inference>
+
+## Findings
+
+### CRITICAL
+- [C1] <finding title>: <description> — <remediation>
+
+### HIGH
+- [H1] <finding title>: <description> — <remediation>
+
+### MEDIUM
+- [M1] <finding title>: <description> — <remediation>
+
+### LOW
+- [L1] <finding title>: <description> — <remediation>
+
+## Safe next actions
+1. <action>
+2. <action>
+
+## Open questions
+- <question requiring user clarification>
+```
+
+---
+
+## Security notes
+
+- Never request kubeconfig, cluster credentials, cloud provider tokens, or live values files containing secrets. Ask for sanitized versions with placeholder values.
+- Static review only — never install a chart, never run `helm upgrade` or `kubectl apply`, never contact a Kubernetes cluster.
+- A container running as root, with `privileged: true`, or with `hostNetwork: true` is the highest-impact template security finding. Lead with it.
+- A `ClusterRoleBinding` to the `default` service account grants cluster-wide access to every workload in the namespace. Treat it as CRITICAL and flag immediately.
+- Secrets in ConfigMap instead of a Secret resource are exposed to all workloads in the namespace that have read access to ConfigMaps. Flag as CRITICAL.
+- Do not recommend workarounds that maintain the defect (e.g. "add a comment explaining why privileged is needed" is not remediation for `privileged: true`).