@rubix0270/arboris 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (451) hide show
  1. package/package.json +8 -19
  2. package/run.mjs +10 -0
  3. package/dist/cli.mjs +0 -382
  4. package/manifest.json +0 -323
  5. package/prisma/skills/accessibility/SKILL.md +0 -147
  6. package/prisma/skills/agent-architecture-audit/SKILL.md +0 -257
  7. package/prisma/skills/agent-eval/SKILL.md +0 -146
  8. package/prisma/skills/agent-harness-construction/SKILL.md +0 -74
  9. package/prisma/skills/agent-introspection-debugging/SKILL.md +0 -154
  10. package/prisma/skills/agent-payment-x402/SKILL.md +0 -225
  11. package/prisma/skills/agent-self-evaluation/SKILL.md +0 -182
  12. package/prisma/skills/agent-self-evaluation/examples/high-score-example.md +0 -87
  13. package/prisma/skills/agent-self-evaluation/examples/low-score-example.md +0 -86
  14. package/prisma/skills/agent-self-evaluation/references/evaluation-criteria.md +0 -71
  15. package/prisma/skills/agent-self-evaluation/references/hook-integration.md +0 -64
  16. package/prisma/skills/agent-self-evaluation/scripts/evaluate.py +0 -408
  17. package/prisma/skills/agent-self-evaluation/templates/evaluation-report.md +0 -86
  18. package/prisma/skills/agent-sort/SKILL.md +0 -216
  19. package/prisma/skills/agentic-engineering/SKILL.md +0 -64
  20. package/prisma/skills/agentic-os/SKILL.md +0 -388
  21. package/prisma/skills/ai-first-engineering/SKILL.md +0 -52
  22. package/prisma/skills/ai-regression-testing/SKILL.md +0 -386
  23. package/prisma/skills/android-clean-architecture/SKILL.md +0 -340
  24. package/prisma/skills/angular-developer/SKILL.md +0 -155
  25. package/prisma/skills/angular-developer/references/angular-animations.md +0 -160
  26. package/prisma/skills/angular-developer/references/angular-aria.md +0 -410
  27. package/prisma/skills/angular-developer/references/cli.md +0 -86
  28. package/prisma/skills/angular-developer/references/component-harnesses.md +0 -59
  29. package/prisma/skills/angular-developer/references/component-styling.md +0 -91
  30. package/prisma/skills/angular-developer/references/components.md +0 -117
  31. package/prisma/skills/angular-developer/references/creating-services.md +0 -97
  32. package/prisma/skills/angular-developer/references/data-resolvers.md +0 -69
  33. package/prisma/skills/angular-developer/references/define-routes.md +0 -67
  34. package/prisma/skills/angular-developer/references/defining-providers.md +0 -72
  35. package/prisma/skills/angular-developer/references/di-fundamentals.md +0 -120
  36. package/prisma/skills/angular-developer/references/e2e-testing.md +0 -56
  37. package/prisma/skills/angular-developer/references/effects.md +0 -83
  38. package/prisma/skills/angular-developer/references/hierarchical-injectors.md +0 -43
  39. package/prisma/skills/angular-developer/references/host-elements.md +0 -80
  40. package/prisma/skills/angular-developer/references/injection-context.md +0 -63
  41. package/prisma/skills/angular-developer/references/inputs.md +0 -101
  42. package/prisma/skills/angular-developer/references/linked-signal.md +0 -59
  43. package/prisma/skills/angular-developer/references/loading-strategies.md +0 -61
  44. package/prisma/skills/angular-developer/references/mcp.md +0 -108
  45. package/prisma/skills/angular-developer/references/navigate-to-routes.md +0 -69
  46. package/prisma/skills/angular-developer/references/outputs.md +0 -86
  47. package/prisma/skills/angular-developer/references/reactive-forms.md +0 -122
  48. package/prisma/skills/angular-developer/references/rendering-strategies.md +0 -44
  49. package/prisma/skills/angular-developer/references/resource.md +0 -77
  50. package/prisma/skills/angular-developer/references/route-animations.md +0 -56
  51. package/prisma/skills/angular-developer/references/route-guards.md +0 -52
  52. package/prisma/skills/angular-developer/references/router-lifecycle.md +0 -45
  53. package/prisma/skills/angular-developer/references/router-testing.md +0 -87
  54. package/prisma/skills/angular-developer/references/show-routes-with-outlets.md +0 -68
  55. package/prisma/skills/angular-developer/references/signal-forms.md +0 -795
  56. package/prisma/skills/angular-developer/references/signals-overview.md +0 -94
  57. package/prisma/skills/angular-developer/references/tailwind-css.md +0 -69
  58. package/prisma/skills/angular-developer/references/template-driven-forms.md +0 -114
  59. package/prisma/skills/angular-developer/references/testing-fundamentals.md +0 -65
  60. package/prisma/skills/api-connector-builder/SKILL.md +0 -121
  61. package/prisma/skills/api-design/SKILL.md +0 -524
  62. package/prisma/skills/architecture-decision-records/SKILL.md +0 -180
  63. package/prisma/skills/article-writing/SKILL.md +0 -80
  64. package/prisma/skills/automation-audit-ops/SKILL.md +0 -143
  65. package/prisma/skills/autonomous-agent-harness/SKILL.md +0 -274
  66. package/prisma/skills/autonomous-loops/SKILL.md +0 -611
  67. package/prisma/skills/backend-patterns/SKILL.md +0 -562
  68. package/prisma/skills/benchmark/SKILL.md +0 -94
  69. package/prisma/skills/benchmark-methodology/SKILL.md +0 -190
  70. package/prisma/skills/benchmark-optimization-loop/SKILL.md +0 -70
  71. package/prisma/skills/blender-motion-state-inspection/SKILL.md +0 -165
  72. package/prisma/skills/blueprint/SKILL.md +0 -106
  73. package/prisma/skills/brand-discovery/SKILL.md +0 -145
  74. package/prisma/skills/brand-discovery/references/10_purpose-why.md +0 -40
  75. package/prisma/skills/brand-discovery/references/20_positioning.md +0 -44
  76. package/prisma/skills/brand-discovery/references/30_audience-niche.md +0 -52
  77. package/prisma/skills/brand-discovery/references/40_personality-archetype.md +0 -57
  78. package/prisma/skills/brand-discovery/references/50_voice-tone.md +0 -59
  79. package/prisma/skills/brand-discovery/references/60_narrative-story.md +0 -50
  80. package/prisma/skills/brand-discovery/references/70_founder-tension.md +0 -49
  81. package/prisma/skills/brand-discovery/references/90_SYNTHESIS.md +0 -133
  82. package/prisma/skills/brand-voice/SKILL.md +0 -98
  83. package/prisma/skills/brand-voice/references/voice-profile-schema.md +0 -55
  84. package/prisma/skills/browser-qa/SKILL.md +0 -105
  85. package/prisma/skills/bun-runtime/SKILL.md +0 -85
  86. package/prisma/skills/canary-watch/SKILL.md +0 -108
  87. package/prisma/skills/carrier-relationship-management/SKILL.md +0 -212
  88. package/prisma/skills/cisco-ios-patterns/SKILL.md +0 -164
  89. package/prisma/skills/ck/SKILL.md +0 -148
  90. package/prisma/skills/ck/commands/forget.mjs +0 -44
  91. package/prisma/skills/ck/commands/info.mjs +0 -24
  92. package/prisma/skills/ck/commands/init.mjs +0 -143
  93. package/prisma/skills/ck/commands/list.mjs +0 -40
  94. package/prisma/skills/ck/commands/migrate.mjs +0 -202
  95. package/prisma/skills/ck/commands/resume.mjs +0 -36
  96. package/prisma/skills/ck/commands/save.mjs +0 -210
  97. package/prisma/skills/ck/commands/shared.mjs +0 -387
  98. package/prisma/skills/ck/hooks/session-start.mjs +0 -224
  99. package/prisma/skills/claude-devfleet/SKILL.md +0 -112
  100. package/prisma/skills/click-path-audit/SKILL.md +0 -245
  101. package/prisma/skills/clickhouse-io/SKILL.md +0 -440
  102. package/prisma/skills/code-tour/SKILL.md +0 -254
  103. package/prisma/skills/codebase-onboarding/SKILL.md +0 -234
  104. package/prisma/skills/codehealth-mcp/SKILL.md +0 -167
  105. package/prisma/skills/coding-standards/SKILL.md +0 -551
  106. package/prisma/skills/competitive-platform-analysis/SKILL.md +0 -214
  107. package/prisma/skills/competitive-report-structure/SKILL.md +0 -162
  108. package/prisma/skills/compose-multiplatform-patterns/SKILL.md +0 -300
  109. package/prisma/skills/config-gc/SKILL.md +0 -120
  110. package/prisma/skills/configure-ecc/SKILL.md +0 -385
  111. package/prisma/skills/connections-optimizer/SKILL.md +0 -190
  112. package/prisma/skills/content-engine/SKILL.md +0 -132
  113. package/prisma/skills/content-hash-cache-pattern/SKILL.md +0 -162
  114. package/prisma/skills/context-budget/SKILL.md +0 -136
  115. package/prisma/skills/continuous-agent-loop/SKILL.md +0 -46
  116. package/prisma/skills/continuous-learning/SKILL.md +0 -132
  117. package/prisma/skills/continuous-learning/config.json +0 -18
  118. package/prisma/skills/continuous-learning/evaluate-session.sh +0 -69
  119. package/prisma/skills/continuous-learning-v2/SKILL.md +0 -361
  120. package/prisma/skills/continuous-learning-v2/agents/observer-loop.sh +0 -359
  121. package/prisma/skills/continuous-learning-v2/agents/observer.md +0 -189
  122. package/prisma/skills/continuous-learning-v2/agents/session-guardian.sh +0 -150
  123. package/prisma/skills/continuous-learning-v2/agents/start-observer.sh +0 -248
  124. package/prisma/skills/continuous-learning-v2/config.json +0 -8
  125. package/prisma/skills/continuous-learning-v2/hooks/observe.sh +0 -585
  126. package/prisma/skills/continuous-learning-v2/scripts/detect-project.sh +0 -322
  127. package/prisma/skills/continuous-learning-v2/scripts/instinct-cli.py +0 -1956
  128. package/prisma/skills/continuous-learning-v2/scripts/lib/homunculus-dir.sh +0 -31
  129. package/prisma/skills/continuous-learning-v2/scripts/migrate-homunculus.sh +0 -68
  130. package/prisma/skills/continuous-learning-v2/scripts/test_parse_instinct.py +0 -1421
  131. package/prisma/skills/cost-aware-llm-pipeline/SKILL.md +0 -184
  132. package/prisma/skills/cost-tracking/SKILL.md +0 -97
  133. package/prisma/skills/council/SKILL.md +0 -204
  134. package/prisma/skills/cpp-coding-standards/SKILL.md +0 -724
  135. package/prisma/skills/cpp-testing/SKILL.md +0 -325
  136. package/prisma/skills/crosspost/SKILL.md +0 -112
  137. package/prisma/skills/csharp-testing/SKILL.md +0 -322
  138. package/prisma/skills/customer-billing-ops/SKILL.md +0 -141
  139. package/prisma/skills/customs-trade-compliance/SKILL.md +0 -263
  140. package/prisma/skills/dart-flutter-patterns/SKILL.md +0 -564
  141. package/prisma/skills/dashboard-builder/SKILL.md +0 -109
  142. package/prisma/skills/data-scraper-agent/SKILL.md +0 -765
  143. package/prisma/skills/data-throughput-accelerator/SKILL.md +0 -73
  144. package/prisma/skills/database-migrations/SKILL.md +0 -430
  145. package/prisma/skills/deep-research/SKILL.md +0 -160
  146. package/prisma/skills/defi-amm-security/SKILL.md +0 -167
  147. package/prisma/skills/delivery-gate/SKILL.md +0 -126
  148. package/prisma/skills/delivery-gate/hooks/quality-gate.py +0 -220
  149. package/prisma/skills/deployment-patterns/SKILL.md +0 -428
  150. package/prisma/skills/design-system/SKILL.md +0 -83
  151. package/prisma/skills/django-celery/SKILL.md +0 -458
  152. package/prisma/skills/django-patterns/SKILL.md +0 -735
  153. package/prisma/skills/django-security/SKILL.md +0 -644
  154. package/prisma/skills/django-tdd/SKILL.md +0 -730
  155. package/prisma/skills/django-verification/SKILL.md +0 -470
  156. package/prisma/skills/dmux-workflows/SKILL.md +0 -192
  157. package/prisma/skills/docker-patterns/SKILL.md +0 -365
  158. package/prisma/skills/documentation-lookup/SKILL.md +0 -91
  159. package/prisma/skills/dotnet-patterns/SKILL.md +0 -322
  160. package/prisma/skills/dynamic-workflow-mode/SKILL.md +0 -124
  161. package/prisma/skills/e2e-testing/SKILL.md +0 -327
  162. package/prisma/skills/ecc-guide/SKILL.md +0 -190
  163. package/prisma/skills/ecc-recipes/SKILL.md +0 -149
  164. package/prisma/skills/ecc-tools-cost-audit/SKILL.md +0 -161
  165. package/prisma/skills/email-ops/SKILL.md +0 -122
  166. package/prisma/skills/energy-procurement/SKILL.md +0 -228
  167. package/prisma/skills/enterprise-agent-ops/SKILL.md +0 -51
  168. package/prisma/skills/error-handling/SKILL.md +0 -377
  169. package/prisma/skills/eval-harness/SKILL.md +0 -271
  170. package/prisma/skills/evm-token-decimals/SKILL.md +0 -131
  171. package/prisma/skills/exa-search/SKILL.md +0 -108
  172. package/prisma/skills/fal-ai-media/SKILL.md +0 -289
  173. package/prisma/skills/fastapi-patterns/SKILL.md +0 -514
  174. package/prisma/skills/finance-billing-ops/SKILL.md +0 -128
  175. package/prisma/skills/flox-environments/SKILL.md +0 -497
  176. package/prisma/skills/flutter-dart-code-review/SKILL.md +0 -436
  177. package/prisma/skills/foundation-models-on-device/SKILL.md +0 -243
  178. package/prisma/skills/frontend-a11y/SKILL.md +0 -446
  179. package/prisma/skills/frontend-design-direction/SKILL.md +0 -93
  180. package/prisma/skills/frontend-patterns/SKILL.md +0 -657
  181. package/prisma/skills/frontend-slides/SKILL.md +0 -185
  182. package/prisma/skills/frontend-slides/STYLE_PRESETS.md +0 -330
  183. package/prisma/skills/frontend-slides/animation-patterns.md +0 -122
  184. package/prisma/skills/frontend-slides/html-template.md +0 -419
  185. package/prisma/skills/frontend-slides/scripts/export-pdf.sh +0 -418
  186. package/prisma/skills/frontend-slides/scripts/extract-pptx.py +0 -96
  187. package/prisma/skills/frontend-slides/viewport-base.css +0 -153
  188. package/prisma/skills/fsharp-testing/SKILL.md +0 -281
  189. package/prisma/skills/gan-style-harness/SKILL.md +0 -279
  190. package/prisma/skills/gateguard/SKILL.md +0 -133
  191. package/prisma/skills/generating-python-installer/SKILL.md +0 -820
  192. package/prisma/skills/git-workflow/SKILL.md +0 -716
  193. package/prisma/skills/github-ops/SKILL.md +0 -145
  194. package/prisma/skills/golang-patterns/SKILL.md +0 -675
  195. package/prisma/skills/golang-testing/SKILL.md +0 -721
  196. package/prisma/skills/google-workspace-ops/SKILL.md +0 -96
  197. package/prisma/skills/growth-log/SKILL.md +0 -128
  198. package/prisma/skills/healthcare-cdss-patterns/SKILL.md +0 -246
  199. package/prisma/skills/healthcare-emr-patterns/SKILL.md +0 -160
  200. package/prisma/skills/healthcare-eval-harness/SKILL.md +0 -208
  201. package/prisma/skills/healthcare-phi-compliance/SKILL.md +0 -146
  202. package/prisma/skills/hermes-imports/SKILL.md +0 -89
  203. package/prisma/skills/hexagonal-architecture/SKILL.md +0 -277
  204. package/prisma/skills/hipaa-compliance/SKILL.md +0 -79
  205. package/prisma/skills/homelab-network-readiness/SKILL.md +0 -170
  206. package/prisma/skills/homelab-network-setup/SKILL.md +0 -130
  207. package/prisma/skills/homelab-pihole-dns/SKILL.md +0 -275
  208. package/prisma/skills/homelab-vlan-segmentation/SKILL.md +0 -312
  209. package/prisma/skills/homelab-wireguard-vpn/SKILL.md +0 -306
  210. package/prisma/skills/hookify-rules/SKILL.md +0 -128
  211. package/prisma/skills/inherit-legacy-style/SKILL.md +0 -157
  212. package/prisma/skills/intent-driven-development/SKILL.md +0 -360
  213. package/prisma/skills/inventory-demand-planning/SKILL.md +0 -247
  214. package/prisma/skills/investor-materials/SKILL.md +0 -97
  215. package/prisma/skills/investor-outreach/SKILL.md +0 -92
  216. package/prisma/skills/ios-icon-gen/SKILL.md +0 -158
  217. package/prisma/skills/ios-icon-gen/scripts/generate_icons.swift +0 -258
  218. package/prisma/skills/ios-icon-gen/scripts/iconify_gen.sh +0 -235
  219. package/prisma/skills/iterative-retrieval/SKILL.md +0 -212
  220. package/prisma/skills/ito-basket-compare/SKILL.md +0 -64
  221. package/prisma/skills/ito-data-atlas-agent/SKILL.md +0 -64
  222. package/prisma/skills/ito-market-intelligence/SKILL.md +0 -61
  223. package/prisma/skills/ito-trade-planner/SKILL.md +0 -68
  224. package/prisma/skills/java-coding-standards/SKILL.md +0 -384
  225. package/prisma/skills/jira-integration/SKILL.md +0 -303
  226. package/prisma/skills/jpa-patterns/SKILL.md +0 -152
  227. package/prisma/skills/knowledge-ops/SKILL.md +0 -155
  228. package/prisma/skills/kotlin-coroutines-flows/SKILL.md +0 -285
  229. package/prisma/skills/kotlin-exposed-patterns/SKILL.md +0 -720
  230. package/prisma/skills/kotlin-ktor-patterns/SKILL.md +0 -690
  231. package/prisma/skills/kotlin-patterns/SKILL.md +0 -712
  232. package/prisma/skills/kotlin-testing/SKILL.md +0 -825
  233. package/prisma/skills/kubernetes-patterns/SKILL.md +0 -756
  234. package/prisma/skills/laravel-patterns/SKILL.md +0 -416
  235. package/prisma/skills/laravel-plugin-discovery/SKILL.md +0 -230
  236. package/prisma/skills/laravel-security/SKILL.md +0 -948
  237. package/prisma/skills/laravel-tdd/SKILL.md +0 -675
  238. package/prisma/skills/laravel-verification/SKILL.md +0 -180
  239. package/prisma/skills/latency-critical-systems/SKILL.md +0 -74
  240. package/prisma/skills/lead-intelligence/SKILL.md +0 -322
  241. package/prisma/skills/lead-intelligence/agents/enrichment-agent.md +0 -85
  242. package/prisma/skills/lead-intelligence/agents/mutual-mapper.md +0 -75
  243. package/prisma/skills/lead-intelligence/agents/outreach-drafter.md +0 -98
  244. package/prisma/skills/lead-intelligence/agents/signal-scorer.md +0 -60
  245. package/prisma/skills/liquid-glass-design/SKILL.md +0 -279
  246. package/prisma/skills/llm-trading-agent-security/SKILL.md +0 -147
  247. package/prisma/skills/logistics-exception-management/SKILL.md +0 -222
  248. package/prisma/skills/loop-design-check/SKILL.md +0 -143
  249. package/prisma/skills/mailtrap-email-integration/SKILL.md +0 -77
  250. package/prisma/skills/make-interfaces-feel-better/SKILL.md +0 -152
  251. package/prisma/skills/manim-video/SKILL.md +0 -90
  252. package/prisma/skills/manim-video/assets/network_graph_scene.py +0 -52
  253. package/prisma/skills/market-research/SKILL.md +0 -76
  254. package/prisma/skills/marketing-campaign/SKILL.md +0 -114
  255. package/prisma/skills/mcp-server-patterns/SKILL.md +0 -70
  256. package/prisma/skills/messages-ops/SKILL.md +0 -105
  257. package/prisma/skills/ml-adoption-playbook/SKILL.md +0 -57
  258. package/prisma/skills/mle-workflow/SKILL.md +0 -347
  259. package/prisma/skills/motion-advanced/SKILL.md +0 -596
  260. package/prisma/skills/motion-foundations/SKILL.md +0 -299
  261. package/prisma/skills/motion-patterns/SKILL.md +0 -434
  262. package/prisma/skills/motion-ui/SKILL.md +0 -576
  263. package/prisma/skills/mysql-patterns/SKILL.md +0 -413
  264. package/prisma/skills/nanoclaw-repl/SKILL.md +0 -34
  265. package/prisma/skills/nestjs-patterns/SKILL.md +0 -231
  266. package/prisma/skills/netmiko-ssh-automation/SKILL.md +0 -174
  267. package/prisma/skills/network-bgp-diagnostics/SKILL.md +0 -168
  268. package/prisma/skills/network-config-validation/SKILL.md +0 -211
  269. package/prisma/skills/network-interface-health/SKILL.md +0 -153
  270. package/prisma/skills/nextjs-turbopack/SKILL.md +0 -58
  271. package/prisma/skills/nodejs-keccak256/SKILL.md +0 -103
  272. package/prisma/skills/nutrient-document-processing/SKILL.md +0 -168
  273. package/prisma/skills/nuxt4-patterns/SKILL.md +0 -101
  274. package/prisma/skills/openclaw-persona-forge/SKILL.md +0 -289
  275. package/prisma/skills/openclaw-persona-forge/gacha.py +0 -224
  276. package/prisma/skills/openclaw-persona-forge/gacha.sh +0 -5
  277. package/prisma/skills/openclaw-persona-forge/references/avatar-style.md +0 -124
  278. package/prisma/skills/openclaw-persona-forge/references/boundary-rules.md +0 -53
  279. package/prisma/skills/openclaw-persona-forge/references/error-handling.md +0 -53
  280. package/prisma/skills/openclaw-persona-forge/references/identity-tension.md +0 -48
  281. package/prisma/skills/openclaw-persona-forge/references/naming-system.md +0 -39
  282. package/prisma/skills/openclaw-persona-forge/references/output-template.md +0 -166
  283. package/prisma/skills/opensource-pipeline/SKILL.md +0 -256
  284. package/prisma/skills/orch-add-feature/SKILL.md +0 -45
  285. package/prisma/skills/orch-build-mvp/SKILL.md +0 -49
  286. package/prisma/skills/orch-change-feature/SKILL.md +0 -43
  287. package/prisma/skills/orch-fix-defect/SKILL.md +0 -43
  288. package/prisma/skills/orch-pipeline/SKILL.md +0 -121
  289. package/prisma/skills/orch-refine-code/SKILL.md +0 -44
  290. package/prisma/skills/parallel-execution-optimizer/SKILL.md +0 -73
  291. package/prisma/skills/perl-patterns/SKILL.md +0 -505
  292. package/prisma/skills/perl-security/SKILL.md +0 -504
  293. package/prisma/skills/perl-testing/SKILL.md +0 -476
  294. package/prisma/skills/plan-orchestrate/SKILL.md +0 -263
  295. package/prisma/skills/plankton-code-quality/SKILL.md +0 -237
  296. package/prisma/skills/postgres-patterns/SKILL.md +0 -148
  297. package/prisma/skills/prediction-market-oracle-research/SKILL.md +0 -64
  298. package/prisma/skills/prediction-market-risk-review/SKILL.md +0 -61
  299. package/prisma/skills/prisma-patterns/SKILL.md +0 -401
  300. package/prisma/skills/product-capability/SKILL.md +0 -142
  301. package/prisma/skills/product-lens/SKILL.md +0 -93
  302. package/prisma/skills/production-audit/SKILL.md +0 -207
  303. package/prisma/skills/production-scheduling/SKILL.md +0 -238
  304. package/prisma/skills/project-flow-ops/SKILL.md +0 -112
  305. package/prisma/skills/prompt-optimizer/SKILL.md +0 -398
  306. package/prisma/skills/python-patterns/SKILL.md +0 -751
  307. package/prisma/skills/python-testing/SKILL.md +0 -817
  308. package/prisma/skills/pytorch-patterns/SKILL.md +0 -397
  309. package/prisma/skills/quality-nonconformance/SKILL.md +0 -260
  310. package/prisma/skills/quarkus-patterns/SKILL.md +0 -723
  311. package/prisma/skills/quarkus-security/SKILL.md +0 -468
  312. package/prisma/skills/quarkus-tdd/SKILL.md +0 -812
  313. package/prisma/skills/quarkus-verification/SKILL.md +0 -480
  314. package/prisma/skills/ralphinho-rfc-pipeline/SKILL.md +0 -68
  315. package/prisma/skills/react-native-patterns/SKILL.md +0 -326
  316. package/prisma/skills/react-patterns/SKILL.md +0 -342
  317. package/prisma/skills/react-performance/SKILL.md +0 -575
  318. package/prisma/skills/react-testing/SKILL.md +0 -424
  319. package/prisma/skills/recsys-pipeline-architect/SKILL.md +0 -115
  320. package/prisma/skills/recursive-decision-ledger/SKILL.md +0 -80
  321. package/prisma/skills/redis-patterns/SKILL.md +0 -404
  322. package/prisma/skills/regex-vs-llm-structured-text/SKILL.md +0 -221
  323. package/prisma/skills/remotion-video-creation/SKILL.md +0 -43
  324. package/prisma/skills/remotion-video-creation/rules/3d.md +0 -86
  325. package/prisma/skills/remotion-video-creation/rules/animations.md +0 -29
  326. package/prisma/skills/remotion-video-creation/rules/assets/charts-bar-chart.tsx +0 -173
  327. package/prisma/skills/remotion-video-creation/rules/assets/text-animations-typewriter.tsx +0 -100
  328. package/prisma/skills/remotion-video-creation/rules/assets/text-animations-word-highlight.tsx +0 -108
  329. package/prisma/skills/remotion-video-creation/rules/assets.md +0 -78
  330. package/prisma/skills/remotion-video-creation/rules/audio.md +0 -172
  331. package/prisma/skills/remotion-video-creation/rules/calculate-metadata.md +0 -104
  332. package/prisma/skills/remotion-video-creation/rules/can-decode.md +0 -75
  333. package/prisma/skills/remotion-video-creation/rules/charts.md +0 -58
  334. package/prisma/skills/remotion-video-creation/rules/compositions.md +0 -146
  335. package/prisma/skills/remotion-video-creation/rules/display-captions.md +0 -126
  336. package/prisma/skills/remotion-video-creation/rules/extract-frames.md +0 -229
  337. package/prisma/skills/remotion-video-creation/rules/fonts.md +0 -152
  338. package/prisma/skills/remotion-video-creation/rules/get-audio-duration.md +0 -58
  339. package/prisma/skills/remotion-video-creation/rules/get-video-dimensions.md +0 -68
  340. package/prisma/skills/remotion-video-creation/rules/get-video-duration.md +0 -58
  341. package/prisma/skills/remotion-video-creation/rules/gifs.md +0 -138
  342. package/prisma/skills/remotion-video-creation/rules/images.md +0 -130
  343. package/prisma/skills/remotion-video-creation/rules/import-srt-captions.md +0 -67
  344. package/prisma/skills/remotion-video-creation/rules/lottie.md +0 -67
  345. package/prisma/skills/remotion-video-creation/rules/measuring-dom-nodes.md +0 -34
  346. package/prisma/skills/remotion-video-creation/rules/measuring-text.md +0 -143
  347. package/prisma/skills/remotion-video-creation/rules/sequencing.md +0 -106
  348. package/prisma/skills/remotion-video-creation/rules/tailwind.md +0 -11
  349. package/prisma/skills/remotion-video-creation/rules/text-animations.md +0 -20
  350. package/prisma/skills/remotion-video-creation/rules/timing.md +0 -179
  351. package/prisma/skills/remotion-video-creation/rules/transcribe-captions.md +0 -19
  352. package/prisma/skills/remotion-video-creation/rules/transitions.md +0 -122
  353. package/prisma/skills/remotion-video-creation/rules/trimming.md +0 -52
  354. package/prisma/skills/remotion-video-creation/rules/videos.md +0 -171
  355. package/prisma/skills/repo-scan/SKILL.md +0 -79
  356. package/prisma/skills/research-ops/SKILL.md +0 -113
  357. package/prisma/skills/returns-reverse-logistics/SKILL.md +0 -240
  358. package/prisma/skills/rules-distill/SKILL.md +0 -265
  359. package/prisma/skills/rules-distill/scripts/scan-rules.sh +0 -58
  360. package/prisma/skills/rules-distill/scripts/scan-skills.sh +0 -129
  361. package/prisma/skills/rust-patterns/SKILL.md +0 -500
  362. package/prisma/skills/rust-testing/SKILL.md +0 -501
  363. package/prisma/skills/safety-guard/SKILL.md +0 -76
  364. package/prisma/skills/santa-method/SKILL.md +0 -307
  365. package/prisma/skills/scientific-db-pubmed-database/SKILL.md +0 -176
  366. package/prisma/skills/scientific-db-uspto-database/SKILL.md +0 -178
  367. package/prisma/skills/scientific-pkg-gget/SKILL.md +0 -167
  368. package/prisma/skills/scientific-thinking-literature-review/SKILL.md +0 -193
  369. package/prisma/skills/scientific-thinking-scholar-evaluation/SKILL.md +0 -161
  370. package/prisma/skills/search-first/SKILL.md +0 -183
  371. package/prisma/skills/security-bounty-hunter/SKILL.md +0 -100
  372. package/prisma/skills/security-review/SKILL.md +0 -504
  373. package/prisma/skills/security-review/cloud-infrastructure-security.md +0 -361
  374. package/prisma/skills/security-scan/SKILL.md +0 -166
  375. package/prisma/skills/seo/SKILL.md +0 -155
  376. package/prisma/skills/skill-comply/SKILL.md +0 -59
  377. package/prisma/skills/skill-comply/fixtures/compliant_trace.jsonl +0 -5
  378. package/prisma/skills/skill-comply/fixtures/noncompliant_trace.jsonl +0 -3
  379. package/prisma/skills/skill-comply/fixtures/tdd_spec.yaml +0 -44
  380. package/prisma/skills/skill-comply/prompts/classifier.md +0 -24
  381. package/prisma/skills/skill-comply/prompts/scenario_generator.md +0 -62
  382. package/prisma/skills/skill-comply/prompts/spec_generator.md +0 -42
  383. package/prisma/skills/skill-comply/pyproject.toml +0 -15
  384. package/prisma/skills/skill-comply/scripts/__init__.py +0 -0
  385. package/prisma/skills/skill-comply/scripts/classifier.py +0 -85
  386. package/prisma/skills/skill-comply/scripts/grader.py +0 -124
  387. package/prisma/skills/skill-comply/scripts/parser.py +0 -107
  388. package/prisma/skills/skill-comply/scripts/report.py +0 -170
  389. package/prisma/skills/skill-comply/scripts/run.py +0 -127
  390. package/prisma/skills/skill-comply/scripts/runner.py +0 -194
  391. package/prisma/skills/skill-comply/scripts/scenario_generator.py +0 -70
  392. package/prisma/skills/skill-comply/scripts/spec_generator.py +0 -72
  393. package/prisma/skills/skill-comply/scripts/utils.py +0 -13
  394. package/prisma/skills/skill-comply/tests/test_grader.py +0 -197
  395. package/prisma/skills/skill-comply/tests/test_parser.py +0 -90
  396. package/prisma/skills/skill-comply/tests/test_runner.py +0 -172
  397. package/prisma/skills/skill-scout/SKILL.md +0 -141
  398. package/prisma/skills/skill-stocktake/SKILL.md +0 -195
  399. package/prisma/skills/skill-stocktake/scripts/quick-diff.sh +0 -87
  400. package/prisma/skills/skill-stocktake/scripts/save-results.sh +0 -56
  401. package/prisma/skills/skill-stocktake/scripts/scan.sh +0 -170
  402. package/prisma/skills/social-graph-ranker/SKILL.md +0 -155
  403. package/prisma/skills/social-publisher/SKILL.md +0 -130
  404. package/prisma/skills/springboot-patterns/SKILL.md +0 -315
  405. package/prisma/skills/springboot-security/SKILL.md +0 -273
  406. package/prisma/skills/springboot-tdd/SKILL.md +0 -159
  407. package/prisma/skills/springboot-verification/SKILL.md +0 -232
  408. package/prisma/skills/strategic-compact/SKILL.md +0 -136
  409. package/prisma/skills/swift-actor-persistence/SKILL.md +0 -144
  410. package/prisma/skills/swift-concurrency-6-2/SKILL.md +0 -216
  411. package/prisma/skills/swift-protocol-di-testing/SKILL.md +0 -191
  412. package/prisma/skills/swiftui-patterns/SKILL.md +0 -259
  413. package/prisma/skills/taste/SKILL.md +0 -264
  414. package/prisma/skills/taste/references/genre-taxonomy.md +0 -87
  415. package/prisma/skills/tdd-workflow/SKILL.md +0 -583
  416. package/prisma/skills/team-agent-orchestration/SKILL.md +0 -111
  417. package/prisma/skills/team-builder/SKILL.md +0 -169
  418. package/prisma/skills/terminal-ops/SKILL.md +0 -110
  419. package/prisma/skills/tinystruct-patterns/SKILL.md +0 -279
  420. package/prisma/skills/tinystruct-patterns/references/architecture.md +0 -90
  421. package/prisma/skills/tinystruct-patterns/references/data-handling.md +0 -60
  422. package/prisma/skills/tinystruct-patterns/references/database.md +0 -99
  423. package/prisma/skills/tinystruct-patterns/references/routing.md +0 -64
  424. package/prisma/skills/tinystruct-patterns/references/system-usage.md +0 -97
  425. package/prisma/skills/tinystruct-patterns/references/testing.md +0 -72
  426. package/prisma/skills/token-budget-advisor/SKILL.md +0 -134
  427. package/prisma/skills/ui-demo/SKILL.md +0 -466
  428. package/prisma/skills/ui-to-vue/SKILL.md +0 -135
  429. package/prisma/skills/uncloud/SKILL.md +0 -344
  430. package/prisma/skills/unified-notifications-ops/SKILL.md +0 -188
  431. package/prisma/skills/verification-loop/SKILL.md +0 -127
  432. package/prisma/skills/video-editing/SKILL.md +0 -311
  433. package/prisma/skills/videodb/SKILL.md +0 -375
  434. package/prisma/skills/videodb/reference/api-reference.md +0 -550
  435. package/prisma/skills/videodb/reference/capture-reference.md +0 -407
  436. package/prisma/skills/videodb/reference/capture.md +0 -101
  437. package/prisma/skills/videodb/reference/editor.md +0 -443
  438. package/prisma/skills/videodb/reference/generative.md +0 -331
  439. package/prisma/skills/videodb/reference/rtstream-reference.md +0 -564
  440. package/prisma/skills/videodb/reference/rtstream.md +0 -65
  441. package/prisma/skills/videodb/reference/search.md +0 -230
  442. package/prisma/skills/videodb/reference/streaming.md +0 -406
  443. package/prisma/skills/videodb/reference/use-cases.md +0 -118
  444. package/prisma/skills/videodb/scripts/ws_listener.py +0 -282
  445. package/prisma/skills/visa-doc-translate/README.md +0 -86
  446. package/prisma/skills/visa-doc-translate/SKILL.md +0 -117
  447. package/prisma/skills/vite-patterns/SKILL.md +0 -450
  448. package/prisma/skills/vue-patterns/SKILL.md +0 -471
  449. package/prisma/skills/windows-desktop-e2e/SKILL.md +0 -888
  450. package/prisma/skills/workspace-surface-audit/SKILL.md +0 -126
  451. package/prisma/skills/x-api/SKILL.md +0 -235
@@ -1,756 +0,0 @@
1
- ---
2
- name: kubernetes-patterns
3
- description: Kubernetes workload patterns, resource management, RBAC, probes, autoscaling, ConfigMap/Secret handling, and kubectl debugging for production-grade deployments.
4
- metadata:
5
- origin: ECC
6
- ---
7
-
8
- # Kubernetes Patterns
9
-
10
- Production-grade Kubernetes patterns for deploying, managing, and debugging workloads reliably.
11
-
12
- ## When to Activate
13
-
14
- - Writing Kubernetes manifests (Deployments, Services, Ingress, Jobs)
15
- - Configuring resource requests/limits, liveness/readiness probes
16
- - Setting up RBAC, namespaces, or ServiceAccounts
17
- - Managing configuration and secrets in K8s
18
- - Debugging CrashLoopBackOff, OOMKilled, pending pods, or image pull errors
19
- - Configuring HPA (Horizontal Pod Autoscaler) or PodDisruptionBudgets
20
- - Reviewing K8s YAML for security or correctness
21
-
22
- ## When to Use
23
-
24
- > Same as **When to Activate** above. This alias satisfies repo skill-format conventions. Use this skill any time you are writing, reviewing, or debugging Kubernetes YAML and workloads.
25
-
26
- ## How It Works
27
-
28
- This skill provides **copy-pasteable, production-grade YAML patterns** and **kubectl debugging commands** organized by task:
29
-
30
- 1. **Deployment template** — A fully configured production `Deployment` with security context, rolling update strategy, all three probe types, resource limits, and environment injection from ConfigMap/Secret.
31
- 2. **Probes** — Decision table for startup vs liveness vs readiness, with correct `failureThreshold × periodSeconds` math.
32
- 3. **Services & Ingress** — ClusterIP, LoadBalancer, and TLS Ingress patterns with cert-manager annotations.
33
- 4. **ConfigMaps & Secrets** — `envFrom`, file-mount, and external secrets guidance.
34
- 5. **Resource management** — Requests vs limits rules of thumb by workload type (web API, JVM, worker, sidecar).
35
- 6. **RBAC** — Least-privilege ServiceAccount → Role → RoleBinding chain.
36
- 7. **HPA & PDB** — Autoscaling and node-drain safety configurations.
37
- 8. **Jobs & CronJobs** — One-off and scheduled workload patterns with correct `restartPolicy`.
38
- 9. **kubectl cheatsheet** — Logs, exec, rollback, port-forward, dry-run, and common error diagnosis commands.
39
- 10. **Anti-patterns & checklist** — What NOT to do, and a security/reliability/observability checklist.
40
-
41
- ## Examples
42
-
43
- See the sections below for complete, runnable examples. Quick references:
44
-
45
- | Task | Jump to |
46
- |------|---------|
47
- | Full production Deployment YAML | [Core Workload Patterns](#core-workload-patterns) |
48
- | Probe configuration | [Probes](#probes--liveness-readiness-startup) |
49
- | RBAC least-privilege setup | [RBAC](#rbac--roles-and-serviceaccounts) |
50
- | Debug a CrashLoopBackOff | [kubectl Debugging Cheatsheet](#kubectl-debugging-cheatsheet) |
51
- | Autoscaling | [HPA](#horizontal-pod-autoscaler-hpa) |
52
-
53
- ---
54
-
55
- ## Core Workload Patterns
56
-
57
- ### Deployment — Production Template
58
-
59
- ```yaml
60
- apiVersion: apps/v1
61
- kind: Deployment
62
- metadata:
63
- name: my-app
64
- namespace: my-namespace
65
- labels:
66
- app: my-app
67
- version: "1.0.0"
68
- spec:
69
- replicas: 3
70
- selector:
71
- matchLabels:
72
- app: my-app
73
- strategy:
74
- type: RollingUpdate
75
- rollingUpdate:
76
- maxSurge: 1 # Allow 1 extra pod during update
77
- maxUnavailable: 0 # Never reduce below desired count
78
- template:
79
- metadata:
80
- labels:
81
- app: my-app
82
- version: "1.0.0"
83
- spec:
84
- # Security context at pod level
85
- securityContext:
86
- runAsNonRoot: true
87
- runAsUser: 1001
88
- fsGroup: 1001
89
-
90
- # Graceful shutdown
91
- terminationGracePeriodSeconds: 30
92
-
93
- containers:
94
- - name: my-app
95
- image: ghcr.io/org/my-app:1.0.0 # Never use :latest
96
- imagePullPolicy: IfNotPresent
97
-
98
- ports:
99
- - containerPort: 8080
100
- protocol: TCP
101
-
102
- # Resource requests AND limits are both required
103
- resources:
104
- requests:
105
- cpu: "100m"
106
- memory: "128Mi"
107
- limits:
108
- cpu: "500m"
109
- memory: "256Mi"
110
-
111
- # Container security context
112
- securityContext:
113
- allowPrivilegeEscalation: false
114
- readOnlyRootFilesystem: true
115
- capabilities:
116
- drop:
117
- - ALL
118
-
119
- # Probes (see Probes section below)
120
- startupProbe:
121
- httpGet:
122
- path: /health
123
- port: 8080
124
- failureThreshold: 30
125
- periodSeconds: 5
126
- livenessProbe:
127
- httpGet:
128
- path: /health
129
- port: 8080
130
- initialDelaySeconds: 0
131
- periodSeconds: 30
132
- failureThreshold: 3
133
- readinessProbe:
134
- httpGet:
135
- path: /ready
136
- port: 8080
137
- initialDelaySeconds: 5
138
- periodSeconds: 10
139
- failureThreshold: 2
140
-
141
- # Environment from ConfigMap and Secret
142
- envFrom:
143
- - configMapRef:
144
- name: my-app-config
145
- env:
146
- - name: DB_PASSWORD
147
- valueFrom:
148
- secretKeyRef:
149
- name: my-app-secrets
150
- key: db-password
151
-
152
- # Writable tmp directory when readOnlyRootFilesystem: true
153
- volumeMounts:
154
- - name: tmp
155
- mountPath: /tmp
156
-
157
- volumes:
158
- - name: tmp
159
- emptyDir: {}
160
- ```
161
-
162
- ---
163
-
164
- ## Probes — Liveness, Readiness, Startup
165
-
166
- Understanding when to use each probe is critical:
167
-
168
- | Probe | Failure Action | Use For |
169
- |-------|---------------|---------|
170
- | `startupProbe` | Kills container if slow to start | Slow-starting apps (JVM, Python) |
171
- | `livenessProbe` | Restarts container | Deadlock / hung process detection |
172
- | `readinessProbe` | Removes from Service endpoints | Temporary unavailability (DB reconnect) |
173
-
174
- ```yaml
175
- # Correct pattern: startupProbe covers slow startup,
176
- # then liveness/readiness take over
177
- startupProbe:
178
- httpGet:
179
- path: /health
180
- port: 8080
181
- failureThreshold: 30 # 30 * 5s = 150s max startup time
182
- periodSeconds: 5
183
-
184
- livenessProbe:
185
- httpGet:
186
- path: /health
187
- port: 8080
188
- periodSeconds: 30
189
- failureThreshold: 3 # 3 * 30s = 90s before restart
190
-
191
- readinessProbe:
192
- httpGet:
193
- path: /ready # Separate endpoint: checks DB, cache, etc.
194
- port: 8080
195
- periodSeconds: 10
196
- failureThreshold: 2
197
- ```
198
-
199
- ```yaml
200
- # WRONG: initialDelaySeconds without startupProbe
201
- # If the app takes 60s to start, set a startupProbe instead
202
- livenessProbe:
203
- httpGet:
204
- path: /health
205
- port: 8080
206
- initialDelaySeconds: 60 # BAD: Arbitrary wait, race condition
207
- ```
208
-
209
- ---
210
-
211
- ## Services and Ingress
212
-
213
- ### Service Types
214
-
215
- ```yaml
216
- # ClusterIP (default) — internal-only
217
- apiVersion: v1
218
- kind: Service
219
- metadata:
220
- name: my-app
221
- namespace: my-namespace
222
- spec:
223
- selector:
224
- app: my-app
225
- ports:
226
- - port: 80
227
- targetPort: 8080
228
- protocol: TCP
229
- type: ClusterIP
230
- ```
231
-
232
- ```yaml
233
- # LoadBalancer — external traffic (cloud providers)
234
- spec:
235
- type: LoadBalancer
236
- ports:
237
- - port: 443
238
- targetPort: 8080
239
- ```
240
-
241
- ### Ingress with TLS
242
-
243
- ```yaml
244
- apiVersion: networking.k8s.io/v1
245
- kind: Ingress
246
- metadata:
247
- name: my-app
248
- namespace: my-namespace
249
- annotations:
250
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
251
- cert-manager.io/cluster-issuer: "letsencrypt-prod"
252
- spec:
253
- ingressClassName: nginx
254
- tls:
255
- - hosts:
256
- - myapp.example.com
257
- secretName: my-app-tls
258
- rules:
259
- - host: myapp.example.com
260
- http:
261
- paths:
262
- - path: /
263
- pathType: Prefix
264
- backend:
265
- service:
266
- name: my-app
267
- port:
268
- number: 80
269
- ```
270
-
271
- ---
272
-
273
- ## ConfigMaps and Secrets
274
-
275
- ### ConfigMap — Non-sensitive configuration
276
-
277
- ```yaml
278
- apiVersion: v1
279
- kind: ConfigMap
280
- metadata:
281
- name: my-app-config
282
- namespace: my-namespace
283
- data:
284
- LOG_LEVEL: "info"
285
- APP_ENV: "production"
286
- MAX_CONNECTIONS: "100"
287
- # Mount as a file for complex config
288
- app.yaml: |
289
- server:
290
- port: 8080
291
- timeout: 30s
292
- ```
293
-
294
- ```yaml
295
- # Mount ConfigMap as a file
296
- volumes:
297
- - name: config
298
- configMap:
299
- name: my-app-config
300
- items:
301
- - key: app.yaml
302
- path: app.yaml
303
- volumeMounts:
304
- - name: config
305
- mountPath: /etc/app
306
- readOnly: true
307
- ```
308
-
309
- ### Secrets — Sensitive data
310
-
311
- ```bash
312
- # Create secret from literal (CLI, then store in Vault/SOPS)
313
- kubectl create secret generic my-app-secrets \
314
- --from-literal=db-password='s3cr3t' \
315
- --namespace=my-namespace \
316
- --dry-run=client -o yaml | kubectl apply -f -
317
- ```
318
-
319
- ```yaml
320
- apiVersion: v1
321
- kind: Secret
322
- metadata:
323
- name: my-app-secrets
324
- namespace: my-namespace
325
- type: Opaque
326
- # Values are base64-encoded (NOT encrypted — use Sealed Secrets or ESO for real encryption)
327
- data:
328
- db-password: czNjcjN0 # base64 of 's3cr3t'
329
- ```
330
-
331
- > **Important:** Raw Kubernetes Secrets are only base64-encoded, not encrypted at rest unless your cluster has encryption configured. Use [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) or [External Secrets Operator](https://external-secrets.io) for production.
332
-
333
- ---
334
-
335
- ## Resource Requests and Limits
336
-
337
- ```yaml
338
- resources:
339
- requests: # Scheduler uses this to place the pod
340
- cpu: "100m" # 100 millicores = 0.1 CPU
341
- memory: "128Mi"
342
- limits: # Container is killed/throttled above this
343
- cpu: "500m"
344
- memory: "256Mi"
345
- ```
346
-
347
- **Rules of thumb:**
348
-
349
- | Workload Type | CPU Request | Memory Request | Notes |
350
- |---------------|-------------|----------------|-------|
351
- | Web API | 100–250m | 128–256Mi | Set limits 2-4x requests |
352
- | Worker/consumer | 250–500m | 256–512Mi | Memory limit = request for predictability |
353
- | JVM app | 500m–1 | 512Mi–2Gi | Allow headroom above `-Xmx` for JVM overhead |
354
- | Sidecar | 10–50m | 32–64Mi | Keep minimal |
355
-
356
- ```yaml
357
- # WRONG: No requests or limits — unpredictable scheduling, OOM evictions
358
- containers:
359
- - name: app
360
- image: myapp:latest
361
- # Missing resources: {} — this is dangerous in production
362
-
363
- # WRONG: Limits without requests — requests default to limits, over-reserves capacity
364
- resources:
365
- limits:
366
- cpu: "2"
367
- memory: "1Gi"
368
- # requests missing — will default to limits values
369
- ```
370
-
371
- ---
372
-
373
- ## RBAC — Roles and ServiceAccounts
374
-
375
- ### Principle of Least Privilege
376
-
377
- **Two patterns depending on whether the app calls the Kubernetes API:**
378
-
379
- #### Pattern A — App does NOT need the Kubernetes API (most apps)
380
-
381
- Disable token automounting on the ServiceAccount. The Role/RoleBinding are not needed.
382
-
383
- ```yaml
384
- # ServiceAccount with token disabled — safest default
385
- apiVersion: v1
386
- kind: ServiceAccount
387
- metadata:
388
- name: my-app-sa
389
- namespace: my-namespace
390
- automountServiceAccountToken: false # No K8s API token injected into pods
391
- ```
392
-
393
- ```yaml
394
- # Reference in Deployment — no token, no API access
395
- spec:
396
- template:
397
- spec:
398
- serviceAccountName: my-app-sa
399
- automountServiceAccountToken: false # Belt-and-suspenders: also set at pod level
400
- ```
401
-
402
- #### Pattern B — App DOES need the Kubernetes API (operators, controllers, config watchers)
403
-
404
- Enable the token and grant only the permissions actually required.
405
-
406
- ```yaml
407
- # 1. ServiceAccount — enable token for this SA
408
- apiVersion: v1
409
- kind: ServiceAccount
410
- metadata:
411
- name: my-app-sa
412
- namespace: my-namespace
413
- automountServiceAccountToken: true # Token required: app calls K8s API
414
- ```
415
-
416
- ```yaml
417
- # 2. Role — grant only what the app needs (namespace-scoped)
418
- apiVersion: rbac.authorization.k8s.io/v1
419
- kind: Role
420
- metadata:
421
- name: my-app-role
422
- namespace: my-namespace
423
- rules:
424
- - apiGroups: [""]
425
- resources: ["configmaps"]
426
- verbs: ["get", "list", "watch"] # Read-only, specific resource
427
- - apiGroups: [""]
428
- resources: ["secrets"]
429
- resourceNames: ["my-app-secrets"] # Restrict to specific secret by name
430
- verbs: ["get"]
431
- ```
432
-
433
- ```yaml
434
- # 3. Bind Role to ServiceAccount
435
- apiVersion: rbac.authorization.k8s.io/v1
436
- kind: RoleBinding
437
- metadata:
438
- name: my-app-rolebinding
439
- namespace: my-namespace
440
- subjects:
441
- - kind: ServiceAccount
442
- name: my-app-sa
443
- namespace: my-namespace
444
- roleRef:
445
- kind: Role
446
- apiGroup: rbac.authorization.k8s.io
447
- name: my-app-role
448
- ```
449
-
450
- ```yaml
451
- # 4. Reference SA in Deployment
452
- spec:
453
- template:
454
- spec:
455
- serviceAccountName: my-app-sa
456
- # automountServiceAccountToken defaults to true from SA — token is injected
457
- ```
458
-
459
- ---
460
-
461
- ## Horizontal Pod Autoscaler (HPA)
462
-
463
- ```yaml
464
- apiVersion: autoscaling/v2
465
- kind: HorizontalPodAutoscaler
466
- metadata:
467
- name: my-app-hpa
468
- namespace: my-namespace
469
- spec:
470
- scaleTargetRef:
471
- apiVersion: apps/v1
472
- kind: Deployment
473
- name: my-app
474
- minReplicas: 2 # Always at least 2 for HA
475
- maxReplicas: 10
476
- metrics:
477
- - type: Resource
478
- resource:
479
- name: cpu
480
- target:
481
- type: Utilization
482
- averageUtilization: 70 # Scale up when avg CPU > 70%
483
- - type: Resource
484
- resource:
485
- name: memory
486
- target:
487
- type: Utilization
488
- averageUtilization: 80
489
- ```
490
-
491
- > HPA requires `resources.requests` to be set on all containers — it calculates utilization as `current / request`.
492
-
493
- ---
494
-
495
- ## PodDisruptionBudget (PDB)
496
-
497
- Prevent too many pods going down during node drains or rolling updates:
498
-
499
- ```yaml
500
- apiVersion: policy/v1
501
- kind: PodDisruptionBudget
502
- metadata:
503
- name: my-app-pdb
504
- namespace: my-namespace
505
- spec:
506
- minAvailable: 2 # OR use maxUnavailable: 1
507
- selector:
508
- matchLabels:
509
- app: my-app
510
- ```
511
-
512
- ---
513
-
514
- ## Namespaces and Multi-Tenancy
515
-
516
- ```bash
517
- # Create namespace with resource quotas
518
- kubectl create namespace my-namespace
519
-
520
- # Apply ResourceQuota to limit namespace consumption
521
- kubectl apply -f - <<EOF
522
- apiVersion: v1
523
- kind: ResourceQuota
524
- metadata:
525
- name: my-namespace-quota
526
- namespace: my-namespace
527
- spec:
528
- hard:
529
- requests.cpu: "4"
530
- requests.memory: 4Gi
531
- limits.cpu: "8"
532
- limits.memory: 8Gi
533
- pods: "20"
534
- EOF
535
- ```
536
-
537
- ---
538
-
539
- ## Jobs and CronJobs
540
-
541
- ```yaml
542
- # One-off Job (DB migration, data processing)
543
- apiVersion: batch/v1
544
- kind: Job
545
- metadata:
546
- name: db-migrate
547
- namespace: my-namespace
548
- spec:
549
- backoffLimit: 3 # Retry up to 3 times on failure
550
- ttlSecondsAfterFinished: 3600 # Auto-delete after 1h
551
- template:
552
- spec:
553
- restartPolicy: OnFailure # Never for Jobs (not Always)
554
- containers:
555
- - name: migrate
556
- image: ghcr.io/org/my-app:1.0.0
557
- command: ["python", "manage.py", "migrate"]
558
- resources:
559
- requests:
560
- cpu: "100m"
561
- memory: "256Mi"
562
- ```
563
-
564
- ```yaml
565
- # CronJob
566
- apiVersion: batch/v1
567
- kind: CronJob
568
- metadata:
569
- name: cleanup-job
570
- namespace: my-namespace
571
- spec:
572
- schedule: "0 2 * * *" # 2am daily
573
- concurrencyPolicy: Forbid # Don't run if previous still running
574
- successfulJobsHistoryLimit: 3
575
- failedJobsHistoryLimit: 1
576
- jobTemplate:
577
- spec:
578
- template:
579
- spec:
580
- restartPolicy: OnFailure
581
- containers:
582
- - name: cleanup
583
- image: ghcr.io/org/cleanup:1.0.0
584
- resources:
585
- requests:
586
- cpu: "50m"
587
- memory: "64Mi"
588
- ```
589
-
590
- ---
591
-
592
- ## kubectl Debugging Cheatsheet
593
-
594
- ```bash
595
- # --- Pod status and logs ---
596
- kubectl get pods -n my-namespace
597
- kubectl get pods -n my-namespace -o wide # Show node assignment
598
- kubectl describe pod <pod-name> -n my-namespace # Events and state details
599
- kubectl logs <pod-name> -n my-namespace # Current logs
600
- kubectl logs <pod-name> -n my-namespace --previous # Logs from crashed container
601
- kubectl logs <pod-name> -n my-namespace -c <container> # Multi-container pod
602
-
603
- # --- Execute into a running container ---
604
- kubectl exec -it <pod-name> -n my-namespace -- sh
605
- kubectl exec -it <pod-name> -n my-namespace -- bash
606
-
607
- # --- Check resource usage ---
608
- kubectl top pods -n my-namespace
609
- kubectl top nodes
610
-
611
- # --- Deployment operations ---
612
- kubectl rollout status deployment/my-app -n my-namespace
613
- kubectl rollout history deployment/my-app -n my-namespace
614
- kubectl rollout undo deployment/my-app -n my-namespace # Rollback
615
- kubectl rollout undo deployment/my-app --to-revision=2 -n my-namespace
616
-
617
- # --- Scale manually ---
618
- kubectl scale deployment my-app --replicas=5 -n my-namespace
619
-
620
- # --- Inspect events (cluster-wide issues) ---
621
- kubectl get events -n my-namespace --sort-by='.lastTimestamp'
622
-
623
- # --- Port-forward for local debugging ---
624
- kubectl port-forward pod/<pod-name> 8080:8080 -n my-namespace
625
- kubectl port-forward svc/my-app 8080:80 -n my-namespace
626
-
627
- # --- Dry-run to validate YAML ---
628
- kubectl apply -f deployment.yaml --dry-run=client
629
- kubectl apply -f deployment.yaml --dry-run=server # Validates against live cluster
630
- ```
631
-
632
- ### Diagnosing Common Errors
633
-
634
- ```bash
635
- # CrashLoopBackOff: container keeps crashing
636
- kubectl logs <pod-name> --previous -n my-namespace # Check crash logs
637
- kubectl describe pod <pod-name> -n my-namespace # Check exit code & OOMKilled
638
-
639
- # ImagePullBackOff: can't pull image
640
- kubectl describe pod <pod-name> -n my-namespace # Check Events section
641
- # Causes: wrong image tag, missing imagePullSecret, private registry
642
-
643
- # Pending pod: not scheduled
644
- kubectl describe pod <pod-name> -n my-namespace
645
- # Causes: insufficient resources, no matching node selector, taint/toleration mismatch
646
-
647
- # OOMKilled: out of memory
648
- # Increase memory limits, check for memory leaks
649
- kubectl describe pod <pod-name> -n my-namespace | grep -A5 "Last State"
650
- ```
651
-
652
- ---
653
-
654
- ## Anti-Patterns
655
-
656
- ```yaml
657
- # BAD: Using :latest tag — non-deterministic deployments
658
- image: myapp:latest
659
-
660
- # GOOD: Pin to a specific immutable tag (SHA or semver)
661
- image: ghcr.io/org/myapp:1.4.2
662
- # or
663
- image: ghcr.io/org/myapp@sha256:abc123...
664
-
665
- # ---
666
-
667
- # BAD: Running as root
668
- securityContext: {} # Defaults to root
669
-
670
- # GOOD: Non-root with explicit UID
671
- securityContext:
672
- runAsNonRoot: true
673
- runAsUser: 1001
674
-
675
- # ---
676
-
677
- # BAD: No resource limits — one pod can starve the entire node
678
- containers:
679
- - name: app
680
- image: myapp:1.0.0
681
- # No resources defined
682
-
683
- # GOOD: Always set requests and limits
684
- resources:
685
- requests:
686
- cpu: "100m"
687
- memory: "128Mi"
688
- limits:
689
- cpu: "500m"
690
- memory: "256Mi"
691
-
692
- # ---
693
-
694
- # BAD: Storing plaintext secrets in ConfigMaps
695
- apiVersion: v1
696
- kind: ConfigMap
697
- data:
698
- DB_PASSWORD: "mysecretpassword" # NEVER — use Secret or external secrets manager
699
-
700
- # ---
701
-
702
- # BAD: ClusterAdmin for application service accounts
703
- apiVersion: rbac.authorization.k8s.io/v1
704
- kind: ClusterRoleBinding
705
- roleRef:
706
- kind: ClusterRole
707
- name: cluster-admin # Grants god-mode to your app
708
-
709
- # ---
710
-
711
- # BAD: minAvailable: 0 in PDB — defeats the purpose
712
- spec:
713
- minAvailable: 0
714
-
715
- # ---
716
-
717
- # BAD: restartPolicy: Always in a Job (causes infinite restart loop)
718
- spec:
719
- restartPolicy: Always # Use OnFailure or Never for Jobs
720
- ```
721
-
722
- ---
723
-
724
- ## Best Practices Checklist
725
-
726
- ### Security
727
- - [ ] Container runs as non-root (`runAsNonRoot: true`, `runAsUser` set)
728
- - [ ] `readOnlyRootFilesystem: true` with `emptyDir` for writable paths
729
- - [ ] `allowPrivilegeEscalation: false`
730
- - [ ] All capabilities dropped (`capabilities.drop: [ALL]`)
731
- - [ ] Dedicated ServiceAccount per app, not `default`
732
- - [ ] `automountServiceAccountToken: false` unless needed
733
- - [ ] RBAC follows least privilege (use `Role`, not `ClusterRole` unless needed)
734
- - [ ] Secrets managed via Sealed Secrets or External Secrets Operator
735
-
736
- ### Reliability
737
- - [ ] All 3 probe types configured (startup + liveness + readiness)
738
- - [ ] Resource requests AND limits set on every container
739
- - [ ] `minReplicas: 2+` for any production workload
740
- - [ ] PodDisruptionBudget defined for stateful or critical services
741
- - [ ] `RollingUpdate` strategy with `maxUnavailable: 0`
742
- - [ ] HPA configured for variable-load services
743
-
744
- ### Observability
745
- - [ ] App exposes `/health` (liveness) and `/ready` (readiness) endpoints
746
- - [ ] Structured JSON logging (no PII in logs)
747
- - [ ] Resource labels: `app`, `version`, `environment`
748
-
749
- ---
750
-
751
- ## Related Skills
752
-
753
- - `docker-patterns` — Multi-stage Dockerfiles and image security
754
- - `deployment-patterns` — CI/CD pipelines, rollback strategy, health check endpoints
755
- - `security-review` — Broader security hardening context
756
- - `git-workflow` — GitOps integration with K8s (ArgoCD / Flux patterns)