@techwavedev/agi-agent-kit 1.1.7 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @techwavedev/agi-agent-kit might be problematic. Click here for more details.

Files changed (111) hide show
  1. package/CHANGELOG.md +82 -1
  2. package/README.md +190 -12
  3. package/bin/init.js +30 -2
  4. package/package.json +6 -3
  5. package/templates/base/AGENTS.md +54 -23
  6. package/templates/base/README.md +325 -0
  7. package/templates/base/directives/memory_integration.md +95 -0
  8. package/templates/base/execution/memory_manager.py +309 -0
  9. package/templates/base/execution/session_boot.py +218 -0
  10. package/templates/base/execution/session_init.py +320 -0
  11. package/templates/base/skill-creator/SKILL_skillcreator.md +23 -36
  12. package/templates/base/skill-creator/scripts/init_skill.py +18 -135
  13. package/templates/skills/ec/README.md +31 -0
  14. package/templates/skills/ec/aws/SKILL.md +1020 -0
  15. package/templates/skills/ec/aws/defaults.yaml +13 -0
  16. package/templates/skills/ec/aws/references/common_patterns.md +80 -0
  17. package/templates/skills/ec/aws/references/mcp_servers.md +98 -0
  18. package/templates/skills/ec/aws-terraform/SKILL.md +349 -0
  19. package/templates/skills/ec/aws-terraform/references/best_practices.md +394 -0
  20. package/templates/skills/ec/aws-terraform/references/checkov_reference.md +337 -0
  21. package/templates/skills/ec/aws-terraform/scripts/configure_mcp.py +150 -0
  22. package/templates/skills/ec/confluent-kafka/SKILL.md +655 -0
  23. package/templates/skills/ec/confluent-kafka/references/ansible_playbooks.md +792 -0
  24. package/templates/skills/ec/confluent-kafka/references/ec_deployment.md +579 -0
  25. package/templates/skills/ec/confluent-kafka/references/kraft_migration.md +490 -0
  26. package/templates/skills/ec/confluent-kafka/references/troubleshooting.md +778 -0
  27. package/templates/skills/ec/confluent-kafka/references/upgrade_7x_to_8x.md +488 -0
  28. package/templates/skills/ec/confluent-kafka/scripts/kafka_health_check.py +435 -0
  29. package/templates/skills/ec/confluent-kafka/scripts/upgrade_preflight.py +568 -0
  30. package/templates/skills/ec/confluent-kafka/scripts/validate_config.py +455 -0
  31. package/templates/skills/ec/consul/SKILL.md +427 -0
  32. package/templates/skills/ec/consul/references/acl_setup.md +168 -0
  33. package/templates/skills/ec/consul/references/ha_config.md +196 -0
  34. package/templates/skills/ec/consul/references/troubleshooting.md +267 -0
  35. package/templates/skills/ec/consul/references/upgrades.md +213 -0
  36. package/templates/skills/ec/consul/scripts/consul_health_report.py +530 -0
  37. package/templates/skills/ec/consul/scripts/consul_status.py +264 -0
  38. package/templates/skills/ec/consul/scripts/generate_values.py +170 -0
  39. package/templates/skills/ec/documentation/SKILL.md +351 -0
  40. package/templates/skills/ec/documentation/references/best_practices.md +201 -0
  41. package/templates/skills/ec/documentation/scripts/analyze_code.py +307 -0
  42. package/templates/skills/ec/documentation/scripts/detect_changes.py +460 -0
  43. package/templates/skills/ec/documentation/scripts/generate_changelog.py +312 -0
  44. package/templates/skills/ec/documentation/scripts/sync_docs.py +272 -0
  45. package/templates/skills/ec/documentation/scripts/update_skill_docs.py +366 -0
  46. package/templates/skills/ec/gitlab/SKILL.md +529 -0
  47. package/templates/skills/ec/gitlab/references/agent_installation.md +416 -0
  48. package/templates/skills/ec/gitlab/references/api_reference.md +508 -0
  49. package/templates/skills/ec/gitlab/references/gitops_flux.md +465 -0
  50. package/templates/skills/ec/gitlab/references/troubleshooting.md +518 -0
  51. package/templates/skills/ec/gitlab/scripts/generate_agent_values.py +329 -0
  52. package/templates/skills/ec/gitlab/scripts/gitlab_agent_status.py +414 -0
  53. package/templates/skills/ec/jira/SKILL.md +484 -0
  54. package/templates/skills/ec/jira/references/jql_reference.md +148 -0
  55. package/templates/skills/ec/jira/scripts/add_comment.py +91 -0
  56. package/templates/skills/ec/jira/scripts/bulk_log_work.py +124 -0
  57. package/templates/skills/ec/jira/scripts/create_ticket.py +162 -0
  58. package/templates/skills/ec/jira/scripts/get_ticket.py +191 -0
  59. package/templates/skills/ec/jira/scripts/jira_client.py +383 -0
  60. package/templates/skills/ec/jira/scripts/log_work.py +154 -0
  61. package/templates/skills/ec/jira/scripts/search_tickets.py +104 -0
  62. package/templates/skills/ec/jira/scripts/update_comment.py +67 -0
  63. package/templates/skills/ec/jira/scripts/update_ticket.py +161 -0
  64. package/templates/skills/ec/karpenter/SKILL.md +301 -0
  65. package/templates/skills/ec/karpenter/references/ec2nodeclasses.md +421 -0
  66. package/templates/skills/ec/karpenter/references/migration.md +396 -0
  67. package/templates/skills/ec/karpenter/references/nodepools.md +400 -0
  68. package/templates/skills/ec/karpenter/references/troubleshooting.md +359 -0
  69. package/templates/skills/ec/karpenter/scripts/generate_ec2nodeclass.py +187 -0
  70. package/templates/skills/ec/karpenter/scripts/generate_nodepool.py +245 -0
  71. package/templates/skills/ec/karpenter/scripts/karpenter_status.py +359 -0
  72. package/templates/skills/ec/opensearch/SKILL.md +720 -0
  73. package/templates/skills/ec/opensearch/references/ml_neural_search.md +576 -0
  74. package/templates/skills/ec/opensearch/references/operator.md +532 -0
  75. package/templates/skills/ec/opensearch/references/query_dsl.md +532 -0
  76. package/templates/skills/ec/opensearch/scripts/configure_mcp.py +148 -0
  77. package/templates/skills/ec/victoriametrics/SKILL.md +598 -0
  78. package/templates/skills/ec/victoriametrics/references/kubernetes.md +531 -0
  79. package/templates/skills/ec/victoriametrics/references/prometheus_migration.md +333 -0
  80. package/templates/skills/ec/victoriametrics/references/troubleshooting.md +442 -0
  81. package/templates/skills/knowledge/SKILLS_CATALOG.md +274 -4
  82. package/templates/skills/knowledge/intelligent-routing/SKILL.md +237 -164
  83. package/templates/skills/knowledge/parallel-agents/SKILL.md +345 -73
  84. package/templates/skills/knowledge/plugin-discovery/SKILL.md +582 -0
  85. package/templates/skills/knowledge/plugin-discovery/scripts/platform_setup.py +1083 -0
  86. package/templates/skills/knowledge/design-md/README.md +0 -34
  87. package/templates/skills/knowledge/design-md/SKILL.md +0 -193
  88. package/templates/skills/knowledge/design-md/examples/DESIGN.md +0 -154
  89. package/templates/skills/knowledge/notebooklm-mcp/SKILL.md +0 -71
  90. package/templates/skills/knowledge/notebooklm-mcp/assets/example_asset.txt +0 -24
  91. package/templates/skills/knowledge/notebooklm-mcp/references/api_reference.md +0 -34
  92. package/templates/skills/knowledge/notebooklm-mcp/scripts/example.py +0 -19
  93. package/templates/skills/knowledge/react-components/README.md +0 -36
  94. package/templates/skills/knowledge/react-components/SKILL.md +0 -53
  95. package/templates/skills/knowledge/react-components/examples/gold-standard-card.tsx +0 -80
  96. package/templates/skills/knowledge/react-components/package-lock.json +0 -231
  97. package/templates/skills/knowledge/react-components/package.json +0 -16
  98. package/templates/skills/knowledge/react-components/resources/architecture-checklist.md +0 -15
  99. package/templates/skills/knowledge/react-components/resources/component-template.tsx +0 -37
  100. package/templates/skills/knowledge/react-components/resources/stitch-api-reference.md +0 -14
  101. package/templates/skills/knowledge/react-components/resources/style-guide.json +0 -27
  102. package/templates/skills/knowledge/react-components/scripts/fetch-stitch.sh +0 -30
  103. package/templates/skills/knowledge/react-components/scripts/validate.js +0 -68
  104. package/templates/skills/knowledge/self-update/SKILL.md +0 -60
  105. package/templates/skills/knowledge/self-update/scripts/update_kit.py +0 -103
  106. package/templates/skills/knowledge/stitch-loop/README.md +0 -54
  107. package/templates/skills/knowledge/stitch-loop/SKILL.md +0 -235
  108. package/templates/skills/knowledge/stitch-loop/examples/SITE.md +0 -73
  109. package/templates/skills/knowledge/stitch-loop/examples/next-prompt.md +0 -25
  110. package/templates/skills/knowledge/stitch-loop/resources/baton-schema.md +0 -61
  111. package/templates/skills/knowledge/stitch-loop/resources/site-template.md +0 -104
package/templates/skills/ec/aws/defaults.yaml ADDED
@@ -0,0 +1,13 @@
1
+ # AWS Skill User Defaults
2
+ # These values are used by the agent for all AWS operations unless overridden
3
+
4
+ # EC2 / Compute
5
+ ssh_key: tooling-key
6
+ iam_instance_profile: SSMInstanceProfile
7
+
8
+ # General
9
+ region: eu-west-1
10
+ account_id: "511383368449"
11
+
12
+ # Naming conventions
13
+ # name_prefix: "" # Optional prefix for resource names
package/templates/skills/ec/aws/references/common_patterns.md ADDED
@@ -0,0 +1,80 @@
1
+ # Common AWS Patterns
2
+
3
+ Shared patterns used across all AWS sub-skills.
4
+
5
+ ## Profile Management
6
+
7
+ All AWS commands should respect the active profile:
8
+
9
+ ```bash
10
+ # Check current identity
11
+ aws sts get-caller-identity
12
+
13
+ # With specific profile
14
+ aws sts get-caller-identity --profile myprofile
15
+ ```
16
+
17
+ ## Region Handling
18
+
19
+ Priority order for region:
20
+
21
+ 1. `--region` flag on command
22
+ 2. `AWS_REGION` environment variable
23
+ 3. `AWS_DEFAULT_REGION` environment variable
24
+ 4. Profile's configured region in `~/.aws/config`
25
+
26
+ ```bash
27
+ # Get current region
28
+ aws configure get region
29
+
30
+ # Set for session
31
+ export AWS_REGION=eu-west-1
32
+ ```
33
+
34
+ ## Error Handling
35
+
36
+ Common AWS errors and solutions:
37
+
38
+ | Error | Cause | Solution |
39
+ | ------------------------- | ------------------- | ------------------------------ |
40
+ | `ExpiredToken` | Credentials expired | Refresh SSO or regenerate keys |
41
+ | `AccessDenied` | Missing permissions | Check IAM policies |
42
+ | `InvalidClientTokenId` | Bad credentials | Verify access key ID |
43
+ | `SignatureDoesNotMatch` | Bad secret key | Regenerate credentials |
44
+ | `RegionDisabledException` | Region not enabled | Enable in account settings |
45
+
46
+ ## Pagination
47
+
48
+ For commands returning many results:
49
+
50
+ ```bash
51
+ # Use --max-items and --starting-token
52
+ aws s3api list-objects-v2 --bucket mybucket --max-items 100
53
+
54
+ # Or let AWS CLI handle pagination
55
+ aws s3api list-objects-v2 --bucket mybucket --no-paginate
56
+ ```
57
+
58
+ ## Output Formatting
59
+
60
+ ```bash
61
+ # JSON (default)
62
+ aws eks list-clusters --output json
63
+
64
+ # Table (human readable)
65
+ aws eks list-clusters --output table
66
+
67
+ # Text (scripting)
68
+ aws eks list-clusters --output text
69
+
70
+ # Query specific fields
71
+ aws eks describe-cluster --name mycluster --query 'cluster.status' --output text
72
+ ```
73
+
74
+ ## Tagging Convention
75
+
76
+ Consistent tagging across resources:
77
+
78
+ ```bash
79
+ --tags Key=Environment,Value=production Key=Project,Value=myapp Key=Owner,Value=team@example.com
80
+ ```
package/templates/skills/ec/aws/references/mcp_servers.md ADDED
@@ -0,0 +1,98 @@
1
+ # AWS MCP Servers Reference
2
+
3
+ Complete list of AWS MCP servers from [awslabs/mcp](https://awslabs.github.io/mcp/).
4
+
5
+ ## Core Servers
6
+
7
+ | Server | Package | Description |
8
+ | -------------- | -------------------------------------- | ------------------------- |
9
+ | AWS API | `awslabs.aws-api-mcp-server` | General AWS CLI commands |
10
+ | Documentation | `awslabs.aws-documentation-mcp-server` | AWS documentation access |
11
+ | CloudFormation | `awslabs.cfn-mcp-server` | CloudFormation management |
12
+ | CDK | `awslabs.cdk-mcp-server` | AWS CDK development |
13
+ | Terraform | `awslabs.terraform-mcp-server` | Terraform workflows |
14
+
15
+ ## Container & Kubernetes
16
+
17
+ | Server | Package | Description |
18
+ | ------ | -------------------------- | ----------------------------- |
19
+ | EKS | `awslabs.eks-mcp-server` | Kubernetes cluster management |
20
+ | ECS | `awslabs.ecs-mcp-server` | Container orchestration |
21
+ | Finch | `awslabs.finch-mcp-server` | Local container building |
22
+
23
+ ## Serverless
24
+
25
+ | Server | Package | Description |
26
+ | ----------- | ----------------------------------- | ------------------------ |
27
+ | Serverless | `awslabs.aws-serverless-mcp-server` | SAM CLI lifecycle |
28
+ | Lambda Tool | `awslabs.lambda-tool-mcp-server` | Execute Lambda functions |
29
+
30
+ ## Database
31
+
32
+ | Server | Package | Description |
33
+ | ----------------- | -------------------------------------- | --------------------- |
34
+ | DynamoDB | `awslabs.dynamodb-mcp-server` | DynamoDB operations |
35
+ | Aurora PostgreSQL | `awslabs.aurora-postgresql-mcp-server` | PostgreSQL on Aurora |
36
+ | Aurora MySQL | `awslabs.aurora-mysql-mcp-server` | MySQL on Aurora |
37
+ | DocumentDB | `awslabs.documentdb-mcp-server` | DocumentDB operations |
38
+ | Neptune | `awslabs.neptune-mcp-server` | Graph database |
39
+
40
+ ## AI & ML
41
+
42
+ | Server | Package | Description |
43
+ | ----------- | ----------------------------------------- | ------------------------ |
44
+ | Bedrock KB | `awslabs.bedrock-kb-retrieval-mcp-server` | Knowledge base retrieval |
45
+ | Kendra | `awslabs.amazon-kendra-index-mcp-server` | Enterprise search |
46
+ | Nova Canvas | `awslabs.amazon-nova-canvas-mcp-server` | Image generation |
47
+ | SageMaker | `awslabs.sagemaker-mcp-server` | ML workflows |
48
+
49
+ ## Recommended Configuration
50
+
51
+ For general AWS development:
52
+
53
+ ```json
54
+ {
55
+ "mcpServers": {
56
+ "aws-api": {
57
+ "command": "uvx",
58
+ "args": ["awslabs.aws-api-mcp-server@latest"],
59
+ "env": { "AWS_PROFILE": "default", "AWS_REGION": "eu-west-1" }
60
+ },
61
+ "cloudformation": {
62
+ "command": "uvx",
63
+ "args": ["awslabs.cfn-mcp-server@latest"],
64
+ "env": { "AWS_PROFILE": "default", "AWS_REGION": "eu-west-1" }
65
+ }
66
+ }
67
+ }
68
+ ```
69
+
70
+ For Kubernetes workloads, add:
71
+
72
+ ```json
73
+ {
74
+ "mcpServers": {
75
+ "eks": {
76
+ "command": "uvx",
77
+ "args": [
78
+ "awslabs.eks-mcp-server@latest",
79
+ "--allow-write",
80
+ "--allow-sensitive-data-access"
81
+ ],
82
+ "env": { "AWS_PROFILE": "default", "AWS_REGION": "eu-west-1" }
83
+ }
84
+ }
85
+ }
86
+ ```
87
+
88
+ ## Installation
89
+
90
+ All servers use `uvx` (recommended) or `pip`:
91
+
92
+ ```bash
93
+ # Install uvx
94
+ pip install uvx
95
+
96
+ # Run any server
97
+ uvx awslabs.<server-name>@latest
98
+ ```
package/templates/skills/ec/aws-terraform/SKILL.md ADDED
@@ -0,0 +1,349 @@
1
+ ---
2
+ name: aws-terraform
3
+ description: AWS infrastructure deployments using Terraform and Terragrunt. Use for any task involving: (1) Writing, validating, or deploying Terraform/HCL code for AWS, (2) Security scanning with Checkov, (3) AWS provider documentation lookup, (4) Terraform Registry module analysis, (5) Terragrunt multi-environment orchestration, (6) Infrastructure as Code best practices for AWS. Parent skill: aws.
4
+ ---
5
+
6
+ # AWS Terraform Skill
7
+
8
+ Deploy and manage AWS infrastructure using Terraform and Terragrunt with security-first best practices.
9
+
10
+ > **Parent Skill:** `aws` - Inherits defaults from [`../aws/defaults.yaml`](../aws/defaults.yaml)
11
+
12
+ ## Quick Reference
13
+
14
+ | Operation | Command |
15
+ | ------------- | ---------------------------- |
16
+ | Initialize | `terraform init` |
17
+ | Validate | `terraform validate` |
18
+ | Plan | `terraform plan -out=tfplan` |
19
+ | Apply | `terraform apply tfplan` |
20
+ | Destroy | `terraform destroy` |
21
+ | Security Scan | `checkov -d .` |
22
+
23
+ ## MCP Server Configuration
24
+
25
+ ```json
26
+ {
27
+ "awslabs.terraform-mcp-server": {
28
+ "command": "uvx",
29
+ "args": ["awslabs.terraform-mcp-server@latest"],
30
+ "env": {
31
+ "FASTMCP_LOG_LEVEL": "ERROR",
32
+ "AWS_PROFILE": "default",
33
+ "AWS_REGION": "eu-west-1"
34
+ }
35
+ }
36
+ }
37
+ ```
38
+
39
+ Run `scripts/configure_mcp.py` to auto-configure.
40
+
41
+ ---
42
+
43
+ ## MCP Tools
44
+
45
+ | Tool | Purpose |
46
+ | ---------------------------- | --------------------------------------------------------- |
47
+ | `SearchAWSProviderDocs` | Search AWS/AWSCC provider resource documentation |
48
+ | `SearchAWSCCProviderDocs` | Search AWSCC-specific documentation |
49
+ | `GetAWSIAGenAIModuleDetails` | Get AI/ML module details (Bedrock, OpenSearch, SageMaker) |
50
+ | `AnalyzeTerraformModule` | Analyze Terraform Registry modules |
51
+ | `RunCheckovScan` | Security and compliance scanning |
52
+ | `TerraformInit` | Initialize working directory |
53
+ | `TerraformValidate` | Validate configuration syntax |
54
+ | `TerraformPlan` | Generate execution plan |
55
+ | `TerraformApply` | Apply infrastructure changes |
56
+ | `TerraformDestroy` | Destroy managed infrastructure |
57
+ | `TerragruntInit` | Initialize Terragrunt |
58
+ | `TerragruntPlan` | Plan with Terragrunt |
59
+ | `TerragruntApply` | Apply with Terragrunt |
60
+ | `TerragruntRunAll` | Execute across all configurations |
61
+
62
+ ## MCP Resources
63
+
64
+ | Resource URI | Content |
65
+ | ---------------------------------------------- | ------------------------------------- |
66
+ | `terraform://workflow_guide` | Security-focused development workflow |
67
+ | `terraform://aws_best_practices` | AWS-specific Terraform guidance |
68
+ | `terraform://aws_provider_resources_listing` | AWS provider resource list |
69
+ | `terraform://awscc_provider_resources_listing` | AWSCC provider resource list |
70
+
71
+ ---
72
+
73
+ ## Security-First Workflow
74
+
75
+ Follow this structured process for all Terraform development:
76
+
77
+ ### 1. Initialize & Configure
78
+
79
+ ```bash
80
+ # Set AWS credentials
81
+ export AWS_PROFILE=default
82
+ export AWS_REGION=eu-west-1
83
+
84
+ # Initialize Terraform
85
+ terraform init
86
+ ```
87
+
88
+ ### 2. Write Infrastructure Code
89
+
90
+ - **Prefer AWSCC provider** for consistent API behavior and better security defaults
91
+ - Follow AWS Well-Architected Framework principles
92
+ - Use modules from Terraform Registry when available
93
+
94
+ ### 3. Validate & Scan
95
+
96
+ ```bash
97
+ # Syntax validation
98
+ terraform validate
99
+
100
+ # Security scan with Checkov
101
+ checkov -d . --framework terraform
102
+ ```
103
+
104
+ ### 4. Plan & Review
105
+
106
+ ```bash
107
+ terraform plan -out=tfplan
108
+ ```
109
+
110
+ Review the plan output carefully before applying.
111
+
112
+ ### 5. Apply
113
+
114
+ ```bash
115
+ terraform apply tfplan
116
+ ```
117
+
118
+ ---
119
+
120
+ ## User Defaults
121
+
122
+ Inherited from parent `aws` skill:
123
+
124
+ | Setting | Value | Source |
125
+ | -------------------- | -------------------- | ---------------------- |
126
+ | Region | `eu-west-1` | `../aws/defaults.yaml` |
127
+ | Account ID | `511383368449` | `../aws/defaults.yaml` |
128
+ | SSH Key | `tooling-key` | `../aws/defaults.yaml` |
129
+ | IAM Instance Profile | `SSMInstanceProfile` | `../aws/defaults.yaml` |
130
+
131
+ ---
132
+
133
+ ## Common Patterns
134
+
135
+ ### Basic EC2 Instance
136
+
137
+ ```hcl
138
+ resource "aws_instance" "main" {
139
+ ami = data.aws_ami.amazon_linux.id
140
+ instance_type = "t3.micro"
141
+ key_name = "tooling-key"
142
+ iam_instance_profile = "SSMInstanceProfile"
143
+ vpc_security_group_ids = [aws_security_group.main.id]
144
+ subnet_id = var.subnet_id
145
+
146
+ tags = {
147
+ Name = "example-instance"
148
+ Environment = var.environment
149
+ ManagedBy = "terraform"
150
+ }
151
+ }
152
+ ```
153
+
154
+ ### S3 Bucket with Security
155
+
156
+ ```hcl
157
+ resource "aws_s3_bucket" "main" {
158
+ bucket = "my-secure-bucket-${data.aws_caller_identity.current.account_id}"
159
+
160
+ tags = {
161
+ Environment = var.environment
162
+ ManagedBy = "terraform"
163
+ }
164
+ }
165
+
166
+ resource "aws_s3_bucket_versioning" "main" {
167
+ bucket = aws_s3_bucket.main.id
168
+ versioning_configuration {
169
+ status = "Enabled"
170
+ }
171
+ }
172
+
173
+ resource "aws_s3_bucket_server_side_encryption_configuration" "main" {
174
+ bucket = aws_s3_bucket.main.id
175
+ rule {
176
+ apply_server_side_encryption_by_default {
177
+ sse_algorithm = "AES256"
178
+ }
179
+ }
180
+ }
181
+
182
+ resource "aws_s3_bucket_public_access_block" "main" {
183
+ bucket = aws_s3_bucket.main.id
184
+ block_public_acls = true
185
+ block_public_policy = true
186
+ ignore_public_acls = true
187
+ restrict_public_buckets = true
188
+ }
189
+ ```
190
+
191
+ ### VPC with Public/Private Subnets
192
+
193
+ ```hcl
194
+ module "vpc" {
195
+ source = "terraform-aws-modules/vpc/aws"
196
+ version = "~> 5.0"
197
+
198
+ name = "main-vpc"
199
+ cidr = "10.0.0.0/16"
200
+
201
+ azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
202
+ private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
203
+ public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
204
+
205
+ enable_nat_gateway = true
206
+ single_nat_gateway = true
207
+
208
+ tags = {
209
+ Environment = var.environment
210
+ ManagedBy = "terraform"
211
+ }
212
+ }
213
+ ```
214
+
215
+ ---
216
+
217
+ ## Checkov Integration
218
+
219
+ ### Run Full Scan
220
+
221
+ ```bash
222
+ checkov -d . --framework terraform
223
+ ```
224
+
225
+ ### Skip Specific Checks
226
+
227
+ ```hcl
228
+ #checkov:skip=CKV_AWS_18:Access logging intentionally disabled for dev
229
+ resource "aws_s3_bucket" "dev" {
230
+ # ...
231
+ }
232
+ ```
233
+
234
+ ### Common Checkov Rules
235
+
236
+ | Rule | Description |
237
+ | ------------ | ----------------------------- |
238
+ | `CKV_AWS_18` | S3 bucket access logging |
239
+ | `CKV_AWS_19` | S3 bucket encryption |
240
+ | `CKV_AWS_20` | S3 bucket public access block |
241
+ | `CKV_AWS_21` | S3 bucket versioning |
242
+ | `CKV_AWS_79` | EC2 IMDSv2 required |
243
+ | `CKV_AWS_88` | EC2 public IP |
244
+
245
+ ---
246
+
247
+ ## Project Structure
248
+
249
+ ```
250
+ infrastructure/
251
+ ├── environments/
252
+ │ ├── dev/
253
+ │ │ ├── main.tf
254
+ │ │ ├── variables.tf
255
+ │ │ ├── outputs.tf
256
+ │ │ └── terraform.tfvars
257
+ │ ├── staging/
258
+ │ └── prod/
259
+ ├── modules/
260
+ │ ├── vpc/
261
+ │ ├── ec2/
262
+ │ └── rds/
263
+ ├── terragrunt.hcl # Root Terragrunt config
264
+ └── README.md
265
+ ```
266
+
267
+ ---
268
+
269
+ ## Terragrunt Multi-Environment
270
+
271
+ ### Root terragrunt.hcl
272
+
273
+ ```hcl
274
+ remote_state {
275
+ backend = "s3"
276
+ config = {
277
+ bucket = "terraform-state-${get_aws_account_id()}"
278
+ key = "${path_relative_to_include()}/terraform.tfstate"
279
+ region = "eu-west-1"
280
+ encrypt = true
281
+ dynamodb_table = "terraform-locks"
282
+ }
283
+ }
284
+
285
+ generate "provider" {
286
+ path = "provider.tf"
287
+ if_exists = "overwrite_terragrunt"
288
+ contents = <<EOF
289
+ provider "aws" {
290
+ region = "eu-west-1"
291
+ default_tags {
292
+ tags = {
293
+ ManagedBy = "terragrunt"
294
+ Environment = "${basename(get_terragrunt_dir())}"
295
+ }
296
+ }
297
+ }
298
+ EOF
299
+ }
300
+ ```
301
+
302
+ ### Environment-Specific Config
303
+
304
+ ```hcl
305
+ # environments/dev/terragrunt.hcl
306
+ include "root" {
307
+ path = find_in_parent_folders()
308
+ }
309
+
310
+ terraform {
311
+ source = "../../modules//vpc"
312
+ }
313
+
314
+ inputs = {
315
+ environment = "dev"
316
+ cidr_block = "10.0.0.0/16"
317
+ }
318
+ ```
319
+
320
+ ---
321
+
322
+ ## Prerequisites
323
+
324
+ Ensure these tools are installed:
325
+
326
+ ```bash
327
+ # Terraform
328
+ brew install terraform
329
+
330
+ # Terragrunt (optional)
331
+ brew install terragrunt
332
+
333
+ # Checkov
334
+ pip install checkov
335
+
336
+ # uv (for MCP server)
337
+ curl -LsSf https://astral.sh/uv/install.sh | sh
338
+ ```
339
+
340
+ ---
341
+
342
+ ## References
343
+
344
+ - [AWS Terraform MCP Server](https://awslabs.github.io/mcp/servers/terraform-mcp-server)
345
+ - [Terraform AWS Provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs)
346
+ - [Terraform AWSCC Provider](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs)
347
+ - [Checkov Documentation](https://www.checkov.io/1.Welcome/Quick%20Start.html)
348
+ - [AWS Well-Architected Framework](https://aws.amazon.com/architecture/well-architected/)
349
+ - See `references/` for detailed guides