agim-cli 1.2.144 → 1.2.148

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (611) hide show
  1. package/CHANGELOG.md +159 -0
  2. package/dist/cli-ui/setup-llm.d.ts.map +1 -1
  3. package/dist/cli-ui/setup-llm.js +3 -1
  4. package/dist/cli-ui/setup-llm.js.map +1 -1
  5. package/dist/core/circuit-breaker.d.ts +28 -0
  6. package/dist/core/circuit-breaker.d.ts.map +1 -1
  7. package/dist/core/circuit-breaker.js +45 -0
  8. package/dist/core/circuit-breaker.js.map +1 -1
  9. package/dist/core/intent.d.ts.map +1 -1
  10. package/dist/core/intent.js +3 -1
  11. package/dist/core/intent.js.map +1 -1
  12. package/dist/core/llm/agent-loop.d.ts +9 -1
  13. package/dist/core/llm/agent-loop.d.ts.map +1 -1
  14. package/dist/core/llm/agent-loop.js +80 -1
  15. package/dist/core/llm/agent-loop.js.map +1 -1
  16. package/dist/core/llm/anthropic-provider.d.ts.map +1 -1
  17. package/dist/core/llm/anthropic-provider.js +18 -4
  18. package/dist/core/llm/anthropic-provider.js.map +1 -1
  19. package/dist/core/llm/hallucination-detector.d.ts +33 -0
  20. package/dist/core/llm/hallucination-detector.d.ts.map +1 -0
  21. package/dist/core/llm/hallucination-detector.js +103 -0
  22. package/dist/core/llm/hallucination-detector.js.map +1 -0
  23. package/dist/core/llm/imhub-dispatcher.d.ts.map +1 -1
  24. package/dist/core/llm/imhub-dispatcher.js +7 -0
  25. package/dist/core/llm/imhub-dispatcher.js.map +1 -1
  26. package/dist/core/llm/provider-base.d.ts +9 -0
  27. package/dist/core/llm/provider-base.d.ts.map +1 -1
  28. package/dist/core/llm/provider-base.js.map +1 -1
  29. package/dist/core/memory-distill.d.ts.map +1 -1
  30. package/dist/core/memory-distill.js +18 -3
  31. package/dist/core/memory-distill.js.map +1 -1
  32. package/dist/core/memory.d.ts +14 -0
  33. package/dist/core/memory.d.ts.map +1 -1
  34. package/dist/core/memory.js +39 -0
  35. package/dist/core/memory.js.map +1 -1
  36. package/dist/core/message-sink.d.ts +6 -0
  37. package/dist/core/message-sink.d.ts.map +1 -1
  38. package/dist/core/message-sink.js +18 -3
  39. package/dist/core/message-sink.js.map +1 -1
  40. package/dist/core/outbox.d.ts +30 -2
  41. package/dist/core/outbox.d.ts.map +1 -1
  42. package/dist/core/outbox.js +102 -10
  43. package/dist/core/outbox.js.map +1 -1
  44. package/dist/core/reminders.d.ts.map +1 -1
  45. package/dist/core/reminders.js +11 -1
  46. package/dist/core/reminders.js.map +1 -1
  47. package/dist/core/router.d.ts.map +1 -1
  48. package/dist/core/router.js +16 -4
  49. package/dist/core/router.js.map +1 -1
  50. package/dist/core/schedule.d.ts +18 -0
  51. package/dist/core/schedule.d.ts.map +1 -1
  52. package/dist/core/schedule.js +80 -17
  53. package/dist/core/schedule.js.map +1 -1
  54. package/dist/core/sensitive-paths.d.ts.map +1 -1
  55. package/dist/core/sensitive-paths.js +53 -9
  56. package/dist/core/sensitive-paths.js.map +1 -1
  57. package/dist/core/skills/builtin/ECC_LICENSE +21 -0
  58. package/dist/core/skills/builtin/ECC_NOTICE.md +22 -0
  59. package/dist/core/skills/builtin/accessibility/SKILL.md +146 -0
  60. package/dist/core/skills/builtin/agent-eval/SKILL.md +145 -0
  61. package/dist/core/skills/builtin/agent-harness-construction/SKILL.md +73 -0
  62. package/dist/core/skills/builtin/agent-introspection-debugging/SKILL.md +153 -0
  63. package/dist/core/skills/builtin/agentic-engineering/SKILL.md +63 -0
  64. package/dist/core/skills/builtin/ai-first-engineering/SKILL.md +51 -0
  65. package/dist/core/skills/builtin/ai-regression-testing/SKILL.md +385 -0
  66. package/dist/core/skills/builtin/android-clean-architecture/SKILL.md +339 -0
  67. package/dist/core/skills/builtin/angular-developer/SKILL.md +154 -0
  68. package/dist/core/skills/builtin/angular-developer/references/angular-animations.md +160 -0
  69. package/dist/core/skills/builtin/angular-developer/references/angular-aria.md +410 -0
  70. package/dist/core/skills/builtin/angular-developer/references/cli.md +86 -0
  71. package/dist/core/skills/builtin/angular-developer/references/component-harnesses.md +59 -0
  72. package/dist/core/skills/builtin/angular-developer/references/component-styling.md +91 -0
  73. package/dist/core/skills/builtin/angular-developer/references/components.md +117 -0
  74. package/dist/core/skills/builtin/angular-developer/references/creating-services.md +97 -0
  75. package/dist/core/skills/builtin/angular-developer/references/data-resolvers.md +69 -0
  76. package/dist/core/skills/builtin/angular-developer/references/define-routes.md +67 -0
  77. package/dist/core/skills/builtin/angular-developer/references/defining-providers.md +72 -0
  78. package/dist/core/skills/builtin/angular-developer/references/di-fundamentals.md +120 -0
  79. package/dist/core/skills/builtin/angular-developer/references/e2e-testing.md +56 -0
  80. package/dist/core/skills/builtin/angular-developer/references/effects.md +83 -0
  81. package/dist/core/skills/builtin/angular-developer/references/hierarchical-injectors.md +43 -0
  82. package/dist/core/skills/builtin/angular-developer/references/host-elements.md +80 -0
  83. package/dist/core/skills/builtin/angular-developer/references/injection-context.md +63 -0
  84. package/dist/core/skills/builtin/angular-developer/references/inputs.md +101 -0
  85. package/dist/core/skills/builtin/angular-developer/references/linked-signal.md +59 -0
  86. package/dist/core/skills/builtin/angular-developer/references/loading-strategies.md +61 -0
  87. package/dist/core/skills/builtin/angular-developer/references/mcp.md +108 -0
  88. package/dist/core/skills/builtin/angular-developer/references/navigate-to-routes.md +69 -0
  89. package/dist/core/skills/builtin/angular-developer/references/outputs.md +86 -0
  90. package/dist/core/skills/builtin/angular-developer/references/reactive-forms.md +122 -0
  91. package/dist/core/skills/builtin/angular-developer/references/rendering-strategies.md +44 -0
  92. package/dist/core/skills/builtin/angular-developer/references/resource.md +77 -0
  93. package/dist/core/skills/builtin/angular-developer/references/route-animations.md +56 -0
  94. package/dist/core/skills/builtin/angular-developer/references/route-guards.md +52 -0
  95. package/dist/core/skills/builtin/angular-developer/references/router-lifecycle.md +45 -0
  96. package/dist/core/skills/builtin/angular-developer/references/router-testing.md +87 -0
  97. package/dist/core/skills/builtin/angular-developer/references/show-routes-with-outlets.md +68 -0
  98. package/dist/core/skills/builtin/angular-developer/references/signal-forms.md +795 -0
  99. package/dist/core/skills/builtin/angular-developer/references/signals-overview.md +94 -0
  100. package/dist/core/skills/builtin/angular-developer/references/tailwind-css.md +69 -0
  101. package/dist/core/skills/builtin/angular-developer/references/template-driven-forms.md +114 -0
  102. package/dist/core/skills/builtin/angular-developer/references/testing-fundamentals.md +65 -0
  103. package/dist/core/skills/builtin/api-connector-builder/SKILL.md +120 -0
  104. package/dist/core/skills/builtin/api-design/SKILL.md +523 -0
  105. package/dist/core/skills/builtin/architecture-decision-records/SKILL.md +179 -0
  106. package/dist/core/skills/builtin/article-writing/SKILL.md +79 -0
  107. package/dist/core/skills/builtin/automation-audit-ops/SKILL.md +142 -0
  108. package/dist/core/skills/builtin/autonomous-agent-harness/SKILL.md +273 -0
  109. package/dist/core/skills/builtin/autonomous-loops/SKILL.md +610 -0
  110. package/dist/core/skills/builtin/backend-patterns/SKILL.md +561 -0
  111. package/dist/core/skills/builtin/benchmark/SKILL.md +93 -0
  112. package/dist/core/skills/builtin/benchmark-optimization-loop/SKILL.md +69 -0
  113. package/dist/core/skills/builtin/blueprint/SKILL.md +105 -0
  114. package/dist/core/skills/builtin/browser-qa/SKILL.md +87 -0
  115. package/dist/core/skills/builtin/bun-runtime/SKILL.md +84 -0
  116. package/dist/core/skills/builtin/cisco-ios-patterns/SKILL.md +163 -0
  117. package/dist/core/skills/builtin/claude-devfleet/SKILL.md +111 -0
  118. package/dist/core/skills/builtin/click-path-audit/SKILL.md +244 -0
  119. package/dist/core/skills/builtin/clickhouse-io/SKILL.md +439 -0
  120. package/dist/core/skills/builtin/code-tour/SKILL.md +236 -0
  121. package/dist/core/skills/builtin/codebase-onboarding/SKILL.md +233 -0
  122. package/dist/core/skills/builtin/codehealth-mcp/SKILL.md +166 -0
  123. package/dist/core/skills/builtin/coding-standards/SKILL.md +550 -0
  124. package/dist/core/skills/builtin/compose-multiplatform-patterns/SKILL.md +299 -0
  125. package/dist/core/skills/builtin/config-gc/SKILL.md +119 -0
  126. package/dist/core/skills/builtin/content-hash-cache-pattern/SKILL.md +161 -0
  127. package/dist/core/skills/builtin/context-budget/SKILL.md +135 -0
  128. package/dist/core/skills/builtin/continuous-agent-loop/SKILL.md +45 -0
  129. package/dist/core/skills/builtin/continuous-learning/SKILL.md +131 -0
  130. package/dist/core/skills/builtin/continuous-learning/config.json +18 -0
  131. package/dist/core/skills/builtin/continuous-learning/evaluate-session.sh +69 -0
  132. package/dist/core/skills/builtin/continuous-learning-v2/SKILL.md +360 -0
  133. package/dist/core/skills/builtin/continuous-learning-v2/agents/observer-loop.sh +335 -0
  134. package/dist/core/skills/builtin/continuous-learning-v2/agents/observer.md +198 -0
  135. package/dist/core/skills/builtin/continuous-learning-v2/agents/session-guardian.sh +150 -0
  136. package/dist/core/skills/builtin/continuous-learning-v2/agents/start-observer.sh +248 -0
  137. package/dist/core/skills/builtin/continuous-learning-v2/config.json +8 -0
  138. package/dist/core/skills/builtin/continuous-learning-v2/hooks/observe.sh +498 -0
  139. package/dist/core/skills/builtin/continuous-learning-v2/scripts/detect-project.sh +322 -0
  140. package/dist/core/skills/builtin/continuous-learning-v2/scripts/instinct-cli.py +1914 -0
  141. package/dist/core/skills/builtin/continuous-learning-v2/scripts/lib/homunculus-dir.sh +31 -0
  142. package/dist/core/skills/builtin/continuous-learning-v2/scripts/migrate-homunculus.sh +62 -0
  143. package/dist/core/skills/builtin/continuous-learning-v2/scripts/test_parse_instinct.py +1045 -0
  144. package/dist/core/skills/builtin/cost-aware-llm-pipeline/SKILL.md +183 -0
  145. package/dist/core/skills/builtin/cost-tracking/SKILL.md +147 -0
  146. package/dist/core/skills/builtin/council/SKILL.md +203 -0
  147. package/dist/core/skills/builtin/cpp-coding-standards/SKILL.md +723 -0
  148. package/dist/core/skills/builtin/cpp-testing/SKILL.md +324 -0
  149. package/dist/core/skills/builtin/crosspost/SKILL.md +111 -0
  150. package/dist/core/skills/builtin/csharp-testing/SKILL.md +321 -0
  151. package/dist/core/skills/builtin/customs-trade-compliance/SKILL.md +263 -0
  152. package/dist/core/skills/builtin/dart-flutter-patterns/SKILL.md +563 -0
  153. package/dist/core/skills/builtin/dashboard-builder/SKILL.md +108 -0
  154. package/dist/core/skills/builtin/data-scraper-agent/SKILL.md +764 -0
  155. package/dist/core/skills/builtin/data-throughput-accelerator/SKILL.md +72 -0
  156. package/dist/core/skills/builtin/database-migrations/SKILL.md +429 -0
  157. package/dist/core/skills/builtin/deep-research/SKILL.md +159 -0
  158. package/dist/core/skills/builtin/defi-amm-security/SKILL.md +166 -0
  159. package/dist/core/skills/builtin/deployment-patterns/SKILL.md +427 -0
  160. package/dist/core/skills/builtin/design-system/SKILL.md +82 -0
  161. package/dist/core/skills/builtin/django-celery/SKILL.md +457 -0
  162. package/dist/core/skills/builtin/django-patterns/SKILL.md +734 -0
  163. package/dist/core/skills/builtin/django-security/SKILL.md +593 -0
  164. package/dist/core/skills/builtin/django-tdd/SKILL.md +729 -0
  165. package/dist/core/skills/builtin/django-verification/SKILL.md +469 -0
  166. package/dist/core/skills/builtin/dmux-workflows/SKILL.md +191 -0
  167. package/dist/core/skills/builtin/docker-patterns/SKILL.md +364 -0
  168. package/dist/core/skills/builtin/documentation-lookup/SKILL.md +90 -0
  169. package/dist/core/skills/builtin/dotnet-patterns/SKILL.md +321 -0
  170. package/dist/core/skills/builtin/dynamic-workflow-mode/SKILL.md +123 -0
  171. package/dist/core/skills/builtin/e2e-testing/SKILL.md +326 -0
  172. package/dist/core/skills/builtin/email-ops/SKILL.md +121 -0
  173. package/dist/core/skills/builtin/energy-procurement/SKILL.md +228 -0
  174. package/dist/core/skills/builtin/enterprise-agent-ops/SKILL.md +50 -0
  175. package/dist/core/skills/builtin/error-handling/SKILL.md +376 -0
  176. package/dist/core/skills/builtin/eval-harness/SKILL.md +270 -0
  177. package/dist/core/skills/builtin/evm-token-decimals/SKILL.md +130 -0
  178. package/dist/core/skills/builtin/exa-search/SKILL.md +107 -0
  179. package/dist/core/skills/builtin/fal-ai-media/SKILL.md +288 -0
  180. package/dist/core/skills/builtin/fastapi-patterns/SKILL.md +513 -0
  181. package/dist/core/skills/builtin/finance-billing-ops/SKILL.md +127 -0
  182. package/dist/core/skills/builtin/flox-environments/SKILL.md +496 -0
  183. package/dist/core/skills/builtin/flutter-dart-code-review/SKILL.md +435 -0
  184. package/dist/core/skills/builtin/foundation-models-on-device/SKILL.md +243 -0
  185. package/dist/core/skills/builtin/frontend-a11y/SKILL.md +445 -0
  186. package/dist/core/skills/builtin/frontend-design-direction/SKILL.md +92 -0
  187. package/dist/core/skills/builtin/frontend-patterns/SKILL.md +656 -0
  188. package/dist/core/skills/builtin/frontend-slides/SKILL.md +184 -0
  189. package/dist/core/skills/builtin/frontend-slides/STYLE_PRESETS.md +330 -0
  190. package/dist/core/skills/builtin/frontend-slides/animation-patterns.md +122 -0
  191. package/dist/core/skills/builtin/frontend-slides/html-template.md +419 -0
  192. package/dist/core/skills/builtin/frontend-slides/scripts/export-pdf.sh +418 -0
  193. package/dist/core/skills/builtin/frontend-slides/scripts/extract-pptx.py +96 -0
  194. package/dist/core/skills/builtin/frontend-slides/viewport-base.css +153 -0
  195. package/dist/core/skills/builtin/fsharp-testing/SKILL.md +280 -0
  196. package/dist/core/skills/builtin/gan-style-harness/SKILL.md +278 -0
  197. package/dist/core/skills/builtin/gateguard/SKILL.md +132 -0
  198. package/dist/core/skills/builtin/git-workflow/SKILL.md +715 -0
  199. package/dist/core/skills/builtin/github-ops/SKILL.md +144 -0
  200. package/dist/core/skills/builtin/golang-patterns/SKILL.md +674 -0
  201. package/dist/core/skills/builtin/golang-testing/SKILL.md +720 -0
  202. package/dist/core/skills/builtin/healthcare-cdss-patterns/SKILL.md +245 -0
  203. package/dist/core/skills/builtin/healthcare-emr-patterns/SKILL.md +159 -0
  204. package/dist/core/skills/builtin/healthcare-eval-harness/SKILL.md +207 -0
  205. package/dist/core/skills/builtin/healthcare-phi-compliance/SKILL.md +145 -0
  206. package/dist/core/skills/builtin/hermes-imports/SKILL.md +88 -0
  207. package/dist/core/skills/builtin/hexagonal-architecture/SKILL.md +276 -0
  208. package/dist/core/skills/builtin/hipaa-compliance/SKILL.md +78 -0
  209. package/dist/core/skills/builtin/hookify-rules/SKILL.md +128 -0
  210. package/dist/core/skills/builtin/inherit-legacy-style/SKILL.md +156 -0
  211. package/dist/core/skills/builtin/intent-driven-development/SKILL.md +360 -0
  212. package/dist/core/skills/builtin/inventory-demand-planning/SKILL.md +247 -0
  213. package/dist/core/skills/builtin/ios-icon-gen/SKILL.md +157 -0
  214. package/dist/core/skills/builtin/ios-icon-gen/scripts/generate_icons.swift +258 -0
  215. package/dist/core/skills/builtin/ios-icon-gen/scripts/iconify_gen.sh +235 -0
  216. package/dist/core/skills/builtin/iterative-retrieval/SKILL.md +211 -0
  217. package/dist/core/skills/builtin/java-coding-standards/SKILL.md +383 -0
  218. package/dist/core/skills/builtin/jira-integration/SKILL.md +302 -0
  219. package/dist/core/skills/builtin/jpa-patterns/SKILL.md +151 -0
  220. package/dist/core/skills/builtin/knowledge-ops/SKILL.md +154 -0
  221. package/dist/core/skills/builtin/kotlin-coroutines-flows/SKILL.md +284 -0
  222. package/dist/core/skills/builtin/kotlin-exposed-patterns/SKILL.md +719 -0
  223. package/dist/core/skills/builtin/kotlin-ktor-patterns/SKILL.md +689 -0
  224. package/dist/core/skills/builtin/kotlin-patterns/SKILL.md +711 -0
  225. package/dist/core/skills/builtin/kotlin-testing/SKILL.md +824 -0
  226. package/dist/core/skills/builtin/kubernetes-patterns/SKILL.md +755 -0
  227. package/dist/core/skills/builtin/laravel-patterns/SKILL.md +415 -0
  228. package/dist/core/skills/builtin/laravel-plugin-discovery/SKILL.md +229 -0
  229. package/dist/core/skills/builtin/laravel-security/SKILL.md +947 -0
  230. package/dist/core/skills/builtin/laravel-tdd/SKILL.md +674 -0
  231. package/dist/core/skills/builtin/laravel-verification/SKILL.md +179 -0
  232. package/dist/core/skills/builtin/latency-critical-systems/SKILL.md +73 -0
  233. package/dist/core/skills/builtin/lead-intelligence/SKILL.md +321 -0
  234. package/dist/core/skills/builtin/lead-intelligence/agents/enrichment-agent.md +85 -0
  235. package/dist/core/skills/builtin/lead-intelligence/agents/mutual-mapper.md +75 -0
  236. package/dist/core/skills/builtin/lead-intelligence/agents/outreach-drafter.md +98 -0
  237. package/dist/core/skills/builtin/lead-intelligence/agents/signal-scorer.md +60 -0
  238. package/dist/core/skills/builtin/liquid-glass-design/SKILL.md +279 -0
  239. package/dist/core/skills/builtin/llm-trading-agent-security/SKILL.md +146 -0
  240. package/dist/core/skills/builtin/logistics-exception-management/SKILL.md +222 -0
  241. package/dist/core/skills/builtin/make-interfaces-feel-better/SKILL.md +151 -0
  242. package/dist/core/skills/builtin/market-research/SKILL.md +75 -0
  243. package/dist/core/skills/builtin/marketing-campaign/SKILL.md +113 -0
  244. package/dist/core/skills/builtin/mcp-server-patterns/SKILL.md +69 -0
  245. package/dist/core/skills/builtin/messages-ops/SKILL.md +104 -0
  246. package/dist/core/skills/builtin/mle-workflow/SKILL.md +346 -0
  247. package/dist/core/skills/builtin/motion-advanced/SKILL.md +596 -0
  248. package/dist/core/skills/builtin/motion-foundations/SKILL.md +299 -0
  249. package/dist/core/skills/builtin/motion-patterns/SKILL.md +434 -0
  250. package/dist/core/skills/builtin/motion-ui/SKILL.md +575 -0
  251. package/dist/core/skills/builtin/mysql-patterns/SKILL.md +412 -0
  252. package/dist/core/skills/builtin/nanoclaw-repl/SKILL.md +33 -0
  253. package/dist/core/skills/builtin/nestjs-patterns/SKILL.md +230 -0
  254. package/dist/core/skills/builtin/netmiko-ssh-automation/SKILL.md +173 -0
  255. package/dist/core/skills/builtin/network-bgp-diagnostics/SKILL.md +167 -0
  256. package/dist/core/skills/builtin/network-config-validation/SKILL.md +210 -0
  257. package/dist/core/skills/builtin/network-interface-health/SKILL.md +152 -0
  258. package/dist/core/skills/builtin/nextjs-turbopack/SKILL.md +57 -0
  259. package/dist/core/skills/builtin/nodejs-keccak256/SKILL.md +102 -0
  260. package/dist/core/skills/builtin/nutrient-document-processing/SKILL.md +167 -0
  261. package/dist/core/skills/builtin/nuxt4-patterns/SKILL.md +100 -0
  262. package/dist/core/skills/builtin/openclaw-persona-forge/SKILL.md +288 -0
  263. package/dist/core/skills/builtin/openclaw-persona-forge/gacha.py +224 -0
  264. package/dist/core/skills/builtin/openclaw-persona-forge/gacha.sh +5 -0
  265. package/dist/core/skills/builtin/openclaw-persona-forge/references/avatar-style.md +124 -0
  266. package/dist/core/skills/builtin/openclaw-persona-forge/references/boundary-rules.md +53 -0
  267. package/dist/core/skills/builtin/openclaw-persona-forge/references/error-handling.md +53 -0
  268. package/dist/core/skills/builtin/openclaw-persona-forge/references/identity-tension.md +48 -0
  269. package/dist/core/skills/builtin/openclaw-persona-forge/references/naming-system.md +39 -0
  270. package/dist/core/skills/builtin/openclaw-persona-forge/references/output-template.md +166 -0
  271. package/dist/core/skills/builtin/opensource-pipeline/SKILL.md +255 -0
  272. package/dist/core/skills/builtin/orch-add-feature/SKILL.md +44 -0
  273. package/dist/core/skills/builtin/orch-build-mvp/SKILL.md +48 -0
  274. package/dist/core/skills/builtin/orch-change-feature/SKILL.md +42 -0
  275. package/dist/core/skills/builtin/orch-fix-defect/SKILL.md +42 -0
  276. package/dist/core/skills/builtin/orch-pipeline/SKILL.md +120 -0
  277. package/dist/core/skills/builtin/orch-refine-code/SKILL.md +43 -0
  278. package/dist/core/skills/builtin/parallel-execution-optimizer/SKILL.md +72 -0
  279. package/dist/core/skills/builtin/perl-patterns/SKILL.md +504 -0
  280. package/dist/core/skills/builtin/perl-security/SKILL.md +503 -0
  281. package/dist/core/skills/builtin/perl-testing/SKILL.md +475 -0
  282. package/dist/core/skills/builtin/plan-orchestrate/SKILL.md +262 -0
  283. package/dist/core/skills/builtin/plankton-code-quality/SKILL.md +236 -0
  284. package/dist/core/skills/builtin/postgres-patterns/SKILL.md +147 -0
  285. package/dist/core/skills/builtin/prediction-market-oracle-research/SKILL.md +63 -0
  286. package/dist/core/skills/builtin/prediction-market-risk-review/SKILL.md +60 -0
  287. package/dist/core/skills/builtin/prisma-patterns/SKILL.md +371 -0
  288. package/dist/core/skills/builtin/product-capability/SKILL.md +141 -0
  289. package/dist/core/skills/builtin/product-lens/SKILL.md +92 -0
  290. package/dist/core/skills/builtin/production-audit/SKILL.md +206 -0
  291. package/dist/core/skills/builtin/production-scheduling/SKILL.md +238 -0
  292. package/dist/core/skills/builtin/prompt-optimizer/SKILL.md +398 -0
  293. package/dist/core/skills/builtin/python-patterns/SKILL.md +750 -0
  294. package/dist/core/skills/builtin/python-testing/SKILL.md +816 -0
  295. package/dist/core/skills/builtin/pytorch-patterns/SKILL.md +396 -0
  296. package/dist/core/skills/builtin/quality-nonconformance/SKILL.md +260 -0
  297. package/dist/core/skills/builtin/quarkus-patterns/SKILL.md +722 -0
  298. package/dist/core/skills/builtin/quarkus-security/SKILL.md +467 -0
  299. package/dist/core/skills/builtin/quarkus-tdd/SKILL.md +811 -0
  300. package/dist/core/skills/builtin/quarkus-verification/SKILL.md +479 -0
  301. package/dist/core/skills/builtin/ralphinho-rfc-pipeline/SKILL.md +67 -0
  302. package/dist/core/skills/builtin/react-patterns/SKILL.md +341 -0
  303. package/dist/core/skills/builtin/react-performance/SKILL.md +574 -0
  304. package/dist/core/skills/builtin/react-testing/SKILL.md +423 -0
  305. package/dist/core/skills/builtin/recsys-pipeline-architect/SKILL.md +114 -0
  306. package/dist/core/skills/builtin/recursive-decision-ledger/SKILL.md +79 -0
  307. package/dist/core/skills/builtin/redis-patterns/SKILL.md +403 -0
  308. package/dist/core/skills/builtin/regex-vs-llm-structured-text/SKILL.md +220 -0
  309. package/dist/core/skills/builtin/repo-scan/SKILL.md +78 -0
  310. package/dist/core/skills/builtin/research-ops/SKILL.md +112 -0
  311. package/dist/core/skills/builtin/returns-reverse-logistics/SKILL.md +240 -0
  312. package/dist/core/skills/builtin/rules-distill/SKILL.md +264 -0
  313. package/dist/core/skills/builtin/rules-distill/scripts/scan-rules.sh +58 -0
  314. package/dist/core/skills/builtin/rules-distill/scripts/scan-skills.sh +129 -0
  315. package/dist/core/skills/builtin/rust-patterns/SKILL.md +499 -0
  316. package/dist/core/skills/builtin/rust-testing/SKILL.md +500 -0
  317. package/dist/core/skills/builtin/safety-guard/SKILL.md +75 -0
  318. package/dist/core/skills/builtin/santa-method/SKILL.md +306 -0
  319. package/dist/core/skills/builtin/scientific-db-pubmed-database/SKILL.md +175 -0
  320. package/dist/core/skills/builtin/scientific-db-uspto-database/SKILL.md +177 -0
  321. package/dist/core/skills/builtin/scientific-pkg-gget/SKILL.md +166 -0
  322. package/dist/core/skills/builtin/scientific-thinking-literature-review/SKILL.md +192 -0
  323. package/dist/core/skills/builtin/scientific-thinking-scholar-evaluation/SKILL.md +160 -0
  324. package/dist/core/skills/builtin/search-first/SKILL.md +182 -0
  325. package/dist/core/skills/builtin/security-bounty-hunter/SKILL.md +99 -0
  326. package/dist/core/skills/builtin/security-review/SKILL.md +503 -0
  327. package/dist/core/skills/builtin/security-review/cloud-infrastructure-security.md +361 -0
  328. package/dist/core/skills/builtin/security-scan/SKILL.md +165 -0
  329. package/dist/core/skills/builtin/seo/SKILL.md +154 -0
  330. package/dist/core/skills/builtin/skill-comply/SKILL.md +58 -0
  331. package/dist/core/skills/builtin/skill-comply/fixtures/compliant_trace.jsonl +5 -0
  332. package/dist/core/skills/builtin/skill-comply/fixtures/noncompliant_trace.jsonl +3 -0
  333. package/dist/core/skills/builtin/skill-comply/fixtures/tdd_spec.yaml +44 -0
  334. package/dist/core/skills/builtin/skill-comply/prompts/classifier.md +24 -0
  335. package/dist/core/skills/builtin/skill-comply/prompts/scenario_generator.md +62 -0
  336. package/dist/core/skills/builtin/skill-comply/prompts/spec_generator.md +42 -0
  337. package/dist/core/skills/builtin/skill-comply/pyproject.toml +15 -0
  338. package/dist/core/skills/builtin/skill-comply/scripts/__init__.py +0 -0
  339. package/dist/core/skills/builtin/skill-comply/scripts/classifier.py +85 -0
  340. package/dist/core/skills/builtin/skill-comply/scripts/grader.py +124 -0
  341. package/dist/core/skills/builtin/skill-comply/scripts/parser.py +107 -0
  342. package/dist/core/skills/builtin/skill-comply/scripts/report.py +170 -0
  343. package/dist/core/skills/builtin/skill-comply/scripts/run.py +127 -0
  344. package/dist/core/skills/builtin/skill-comply/scripts/runner.py +186 -0
  345. package/dist/core/skills/builtin/skill-comply/scripts/scenario_generator.py +70 -0
  346. package/dist/core/skills/builtin/skill-comply/scripts/spec_generator.py +72 -0
  347. package/dist/core/skills/builtin/skill-comply/scripts/utils.py +13 -0
  348. package/dist/core/skills/builtin/skill-comply/tests/test_grader.py +197 -0
  349. package/dist/core/skills/builtin/skill-comply/tests/test_parser.py +90 -0
  350. package/dist/core/skills/builtin/skill-comply/tests/test_runner.py +172 -0
  351. package/dist/core/skills/builtin/skill-scout/SKILL.md +140 -0
  352. package/dist/core/skills/builtin/skill-stocktake/SKILL.md +194 -0
  353. package/dist/core/skills/builtin/skill-stocktake/scripts/quick-diff.sh +87 -0
  354. package/dist/core/skills/builtin/skill-stocktake/scripts/save-results.sh +56 -0
  355. package/dist/core/skills/builtin/skill-stocktake/scripts/scan.sh +170 -0
  356. package/dist/core/skills/builtin/springboot-patterns/SKILL.md +314 -0
  357. package/dist/core/skills/builtin/springboot-security/SKILL.md +272 -0
  358. package/dist/core/skills/builtin/springboot-tdd/SKILL.md +158 -0
  359. package/dist/core/skills/builtin/springboot-verification/SKILL.md +231 -0
  360. package/dist/core/skills/builtin/strategic-compact/SKILL.md +135 -0
  361. package/dist/core/skills/builtin/swift-actor-persistence/SKILL.md +143 -0
  362. package/dist/core/skills/builtin/swift-concurrency-6-2/SKILL.md +216 -0
  363. package/dist/core/skills/builtin/swift-protocol-di-testing/SKILL.md +190 -0
  364. package/dist/core/skills/builtin/swiftui-patterns/SKILL.md +259 -0
  365. package/dist/core/skills/builtin/tdd-workflow/SKILL.md +463 -0
  366. package/dist/core/skills/builtin/team-agent-orchestration/SKILL.md +110 -0
  367. package/dist/core/skills/builtin/team-builder/SKILL.md +168 -0
  368. package/dist/core/skills/builtin/terminal-ops/SKILL.md +109 -0
  369. package/dist/core/skills/builtin/tinystruct-patterns/SKILL.md +203 -0
  370. package/dist/core/skills/builtin/tinystruct-patterns/references/architecture.md +90 -0
  371. package/dist/core/skills/builtin/tinystruct-patterns/references/data-handling.md +60 -0
  372. package/dist/core/skills/builtin/tinystruct-patterns/references/database.md +99 -0
  373. package/dist/core/skills/builtin/tinystruct-patterns/references/routing.md +64 -0
  374. package/dist/core/skills/builtin/tinystruct-patterns/references/system-usage.md +97 -0
  375. package/dist/core/skills/builtin/tinystruct-patterns/references/testing.md +72 -0
  376. package/dist/core/skills/builtin/token-budget-advisor/SKILL.md +133 -0
  377. package/dist/core/skills/builtin/ui-demo/SKILL.md +465 -0
  378. package/dist/core/skills/builtin/ui-to-vue/SKILL.md +134 -0
  379. package/dist/core/skills/builtin/uncloud/SKILL.md +343 -0
  380. package/dist/core/skills/builtin/unified-notifications-ops/SKILL.md +187 -0
  381. package/dist/core/skills/builtin/verification-loop/SKILL.md +126 -0
  382. package/dist/core/skills/builtin/video-editing/SKILL.md +310 -0
  383. package/dist/core/skills/builtin/videodb/SKILL.md +374 -0
  384. package/dist/core/skills/builtin/videodb/reference/api-reference.md +550 -0
  385. package/dist/core/skills/builtin/videodb/reference/capture-reference.md +407 -0
  386. package/dist/core/skills/builtin/videodb/reference/capture.md +101 -0
  387. package/dist/core/skills/builtin/videodb/reference/editor.md +443 -0
  388. package/dist/core/skills/builtin/videodb/reference/generative.md +331 -0
  389. package/dist/core/skills/builtin/videodb/reference/rtstream-reference.md +564 -0
  390. package/dist/core/skills/builtin/videodb/reference/rtstream.md +65 -0
  391. package/dist/core/skills/builtin/videodb/reference/search.md +230 -0
  392. package/dist/core/skills/builtin/videodb/reference/streaming.md +406 -0
  393. package/dist/core/skills/builtin/videodb/reference/use-cases.md +118 -0
  394. package/dist/core/skills/builtin/videodb/scripts/ws_listener.py +282 -0
  395. package/dist/core/skills/builtin/visa-doc-translate/README.md +86 -0
  396. package/dist/core/skills/builtin/visa-doc-translate/SKILL.md +117 -0
  397. package/dist/core/skills/builtin/vite-patterns/SKILL.md +449 -0
  398. package/dist/core/skills/builtin/windows-desktop-e2e/SKILL.md +887 -0
  399. package/dist/core/skills/builtin/x-api/SKILL.md +234 -0
  400. package/dist/core/skills/loader.js +11 -0
  401. package/dist/core/skills/loader.js.map +1 -1
  402. package/dist/core/types.d.ts +6 -0
  403. package/dist/core/types.d.ts.map +1 -1
  404. package/dist/plugins/agents/native/index.d.ts +47 -8
  405. package/dist/plugins/agents/native/index.d.ts.map +1 -1
  406. package/dist/plugins/agents/native/index.js +253 -102
  407. package/dist/plugins/agents/native/index.js.map +1 -1
  408. package/dist/plugins/agents/native/tool-registry.d.ts +33 -0
  409. package/dist/plugins/agents/native/tool-registry.d.ts.map +1 -0
  410. package/dist/plugins/agents/native/tool-registry.js +82 -0
  411. package/dist/plugins/agents/native/tool-registry.js.map +1 -0
  412. package/dist/plugins/messengers/dingtalk/dingtalk-client.d.ts.map +1 -1
  413. package/dist/plugins/messengers/dingtalk/dingtalk-client.js +11 -11
  414. package/dist/plugins/messengers/dingtalk/dingtalk-client.js.map +1 -1
  415. package/dist/plugins/messengers/feishu/feishu-adapter.d.ts.map +1 -1
  416. package/dist/plugins/messengers/feishu/feishu-adapter.js +9 -5
  417. package/dist/plugins/messengers/feishu/feishu-adapter.js.map +1 -1
  418. package/dist/plugins/messengers/wechat/ilink-adapter.d.ts.map +1 -1
  419. package/dist/plugins/messengers/wechat/ilink-adapter.js +11 -1
  420. package/dist/plugins/messengers/wechat/ilink-adapter.js.map +1 -1
  421. package/dist/web/public/assets/{a2a-DczMMkbl.js → a2a-Cll3P4QN.js} +2 -2
  422. package/dist/web/public/assets/{a2a-DczMMkbl.js.map → a2a-Cll3P4QN.js.map} +1 -1
  423. package/dist/web/public/assets/{activity-cbLHkzca.js → activity-B7T7YFlD.js} +2 -2
  424. package/dist/web/public/assets/{activity-cbLHkzca.js.map → activity-B7T7YFlD.js.map} +1 -1
  425. package/dist/web/public/assets/{admins-C-YsGMj7.js → admins-CN7P018S.js} +2 -2
  426. package/dist/web/public/assets/{admins-C-YsGMj7.js.map → admins-CN7P018S.js.map} +1 -1
  427. package/dist/web/public/assets/{agents-BWfov_1-.js → agents-Bqgq7GBF.js} +2 -2
  428. package/dist/web/public/assets/{agents-BWfov_1-.js.map → agents-Bqgq7GBF.js.map} +1 -1
  429. package/dist/web/public/assets/{approvals-HSssmXKS.js → approvals-C8IUJQ_A.js} +2 -2
  430. package/dist/web/public/assets/{approvals-HSssmXKS.js.map → approvals-C8IUJQ_A.js.map} +1 -1
  431. package/dist/web/public/assets/{arrow-down-BXvC8Al2.js → arrow-down-SLWKqtDc.js} +2 -2
  432. package/dist/web/public/assets/{arrow-down-BXvC8Al2.js.map → arrow-down-SLWKqtDc.js.map} +1 -1
  433. package/dist/web/public/assets/{arrow-up-63xELY5Q.js → arrow-up-BOADc9ce.js} +2 -2
  434. package/dist/web/public/assets/{arrow-up-63xELY5Q.js.map → arrow-up-BOADc9ce.js.map} +1 -1
  435. package/dist/web/public/assets/{asks-COLEFOvK.js → asks-C-j-DypC.js} +2 -2
  436. package/dist/web/public/assets/{asks-COLEFOvK.js.map → asks-C-j-DypC.js.map} +1 -1
  437. package/dist/web/public/assets/{audit-D4ZEiZub.js → audit-DQb-RuXh.js} +2 -2
  438. package/dist/web/public/assets/{audit-D4ZEiZub.js.map → audit-DQb-RuXh.js.map} +1 -1
  439. package/dist/web/public/assets/{bell-Cg2Bvv06.js → bell-CV88-ul6.js} +2 -2
  440. package/dist/web/public/assets/{bell-Cg2Bvv06.js.map → bell-CV88-ul6.js.map} +1 -1
  441. package/dist/web/public/assets/{bgjobs-CEjCzwtd.js → bgjobs-CDrK0d-W.js} +2 -2
  442. package/dist/web/public/assets/{bgjobs-CEjCzwtd.js.map → bgjobs-CDrK0d-W.js.map} +1 -1
  443. package/dist/web/public/assets/{brain-euvl6F6C.js → brain-B7HtSOQU.js} +2 -2
  444. package/dist/web/public/assets/{brain-euvl6F6C.js.map → brain-B7HtSOQU.js.map} +1 -1
  445. package/dist/web/public/assets/{briefcase-DPWLbCnA.js → briefcase-mdzuIa__.js} +2 -2
  446. package/dist/web/public/assets/{briefcase-DPWLbCnA.js.map → briefcase-mdzuIa__.js.map} +1 -1
  447. package/dist/web/public/assets/{browser-ponyfill-BUutOaRz.js → browser-ponyfill-DBWdeCTC.js} +2 -2
  448. package/dist/web/public/assets/{browser-ponyfill-BUutOaRz.js.map → browser-ponyfill-DBWdeCTC.js.map} +1 -1
  449. package/dist/web/public/assets/{chat-Dz9kfaxH.js → chat-CSjtY2rN.js} +3 -3
  450. package/dist/web/public/assets/{chat-Dz9kfaxH.js.map → chat-CSjtY2rN.js.map} +1 -1
  451. package/dist/web/public/assets/{chevron-left-BeIh5thq.js → chevron-left-uSfPn636.js} +2 -2
  452. package/dist/web/public/assets/{chevron-left-BeIh5thq.js.map → chevron-left-uSfPn636.js.map} +1 -1
  453. package/dist/web/public/assets/{chevron-right-uP_l9MMb.js → chevron-right-CtelqacW.js} +2 -2
  454. package/dist/web/public/assets/{chevron-right-uP_l9MMb.js.map → chevron-right-CtelqacW.js.map} +1 -1
  455. package/dist/web/public/assets/{circle-check-CewnjFgv.js → circle-check-8dbL-u7O.js} +2 -2
  456. package/dist/web/public/assets/{circle-check-CewnjFgv.js.map → circle-check-8dbL-u7O.js.map} +1 -1
  457. package/dist/web/public/assets/{circle-check-big-C2RTc48c.js → circle-check-big-D8-svk9a.js} +2 -2
  458. package/dist/web/public/assets/{circle-check-big-C2RTc48c.js.map → circle-check-big-D8-svk9a.js.map} +1 -1
  459. package/dist/web/public/assets/{circle-x-Ccg1HyV-.js → circle-x-rUxzIz5P.js} +2 -2
  460. package/dist/web/public/assets/{circle-x-Ccg1HyV-.js.map → circle-x-rUxzIz5P.js.map} +1 -1
  461. package/dist/web/public/assets/{clock-qxbYSynv.js → clock-CG5dlBGB.js} +2 -2
  462. package/dist/web/public/assets/{clock-qxbYSynv.js.map → clock-CG5dlBGB.js.map} +1 -1
  463. package/dist/web/public/assets/{confirm-dialog-DmJq4Td9.js → confirm-dialog-DlUsSur3.js} +2 -2
  464. package/dist/web/public/assets/{confirm-dialog-DmJq4Td9.js.map → confirm-dialog-DlUsSur3.js.map} +1 -1
  465. package/dist/web/public/assets/{copy-DxSHRdbc.js → copy-DnC76wFT.js} +2 -2
  466. package/dist/web/public/assets/{copy-DxSHRdbc.js.map → copy-DnC76wFT.js.map} +1 -1
  467. package/dist/web/public/assets/{data-table-S7rIjwdO.js → data-table-DswkWUfG.js} +2 -2
  468. package/dist/web/public/assets/{data-table-S7rIjwdO.js.map → data-table-DswkWUfG.js.map} +1 -1
  469. package/dist/web/public/assets/dialog-Ceo4YuXy.js +6 -0
  470. package/dist/web/public/assets/dialog-Ceo4YuXy.js.map +1 -0
  471. package/dist/web/public/assets/{download-OhsGtnO-.js → download-DF-46tS4.js} +2 -2
  472. package/dist/web/public/assets/{download-OhsGtnO-.js.map → download-DF-46tS4.js.map} +1 -1
  473. package/dist/web/public/assets/{email-C1-HxWLF.js → email-CZee26-_.js} +3 -3
  474. package/dist/web/public/assets/{email-C1-HxWLF.js.map → email-CZee26-_.js.map} +1 -1
  475. package/dist/web/public/assets/{empty-state-C-qjOHyu.js → empty-state-D9Hi0Atm.js} +2 -2
  476. package/dist/web/public/assets/{empty-state-C-qjOHyu.js.map → empty-state-D9Hi0Atm.js.map} +1 -1
  477. package/dist/web/public/assets/{external-link-DRVp9-lb.js → external-link-D64iZa9P.js} +2 -2
  478. package/dist/web/public/assets/{external-link-DRVp9-lb.js.map → external-link-D64iZa9P.js.map} +1 -1
  479. package/dist/web/public/assets/{eye-CFhg5BTa.js → eye-sY6WZb7D.js} +2 -2
  480. package/dist/web/public/assets/{eye-CFhg5BTa.js.map → eye-sY6WZb7D.js.map} +1 -1
  481. package/dist/web/public/assets/{facts-CGaLWhzi.js → facts-B7bGGwvi.js} +2 -2
  482. package/dist/web/public/assets/{facts-CGaLWhzi.js.map → facts-B7bGGwvi.js.map} +1 -1
  483. package/dist/web/public/assets/{goals-C-dJANmn.js → goals-BfQbsvZv.js} +2 -2
  484. package/dist/web/public/assets/{goals-C-dJANmn.js.map → goals-BfQbsvZv.js.map} +1 -1
  485. package/dist/web/public/assets/{health-CWcti5h3.js → health-Ba_mY0Ts.js} +2 -2
  486. package/dist/web/public/assets/{health-CWcti5h3.js.map → health-Ba_mY0Ts.js.map} +1 -1
  487. package/dist/web/public/assets/{heart-pulse-DmGhKR2W.js → heart-pulse-BjikOVwU.js} +2 -2
  488. package/dist/web/public/assets/{heart-pulse-DmGhKR2W.js.map → heart-pulse-BjikOVwU.js.map} +1 -1
  489. package/dist/web/public/assets/{heartbeat-kLoGBNCo.js → heartbeat-BM8LlPes.js} +2 -2
  490. package/dist/web/public/assets/{heartbeat-kLoGBNCo.js.map → heartbeat-BM8LlPes.js.map} +1 -1
  491. package/dist/web/public/assets/{hot-BITDoax1.js → hot-BtuLL6n8.js} +2 -2
  492. package/dist/web/public/assets/{hot-BITDoax1.js.map → hot-BtuLL6n8.js.map} +1 -1
  493. package/dist/web/public/assets/index-DEWFfW_Z.js +199 -0
  494. package/dist/web/public/assets/index-DEWFfW_Z.js.map +1 -0
  495. package/dist/web/public/assets/{installed-Co9WrtQ7.js → installed-Xr8p31ij.js} +2 -2
  496. package/dist/web/public/assets/{installed-Co9WrtQ7.js.map → installed-Xr8p31ij.js.map} +1 -1
  497. package/dist/web/public/assets/{jobs-hdHhBEvi.js → jobs-Ddy81Udm.js} +2 -2
  498. package/dist/web/public/assets/{jobs-hdHhBEvi.js.map → jobs-Ddy81Udm.js.map} +1 -1
  499. package/dist/web/public/assets/{layout-CQtbOBag.js → layout-BL74fT-L.js} +2 -2
  500. package/dist/web/public/assets/{layout-CQtbOBag.js.map → layout-BL74fT-L.js.map} +1 -1
  501. package/dist/web/public/assets/{layout-bDMXIKIR.js → layout-Bn2qUxcK.js} +2 -2
  502. package/dist/web/public/assets/{layout-bDMXIKIR.js.map → layout-Bn2qUxcK.js.map} +1 -1
  503. package/dist/web/public/assets/{layout-BMXC1Uh1.js → layout-Bp4SAA8_.js} +2 -2
  504. package/dist/web/public/assets/{layout-BMXC1Uh1.js.map → layout-Bp4SAA8_.js.map} +1 -1
  505. package/dist/web/public/assets/{layout-CysVsySh.js → layout-CZ9pGnW8.js} +2 -2
  506. package/dist/web/public/assets/{layout-CysVsySh.js.map → layout-CZ9pGnW8.js.map} +1 -1
  507. package/dist/web/public/assets/{layout-CyBGneZ9.js → layout-pasFRkKV.js} +2 -2
  508. package/dist/web/public/assets/{layout-CyBGneZ9.js.map → layout-pasFRkKV.js.map} +1 -1
  509. package/dist/web/public/assets/llm-yp7b5xxL.js +7 -0
  510. package/dist/web/public/assets/llm-yp7b5xxL.js.map +1 -0
  511. package/dist/web/public/assets/{loader-circle-9VUMGitw.js → loader-circle-Bbw4pEyE.js} +2 -2
  512. package/dist/web/public/assets/{loader-circle-9VUMGitw.js.map → loader-circle-Bbw4pEyE.js.map} +1 -1
  513. package/dist/web/public/assets/{map-pin-BXYvvHry.js → map-pin-DIXHUQgM.js} +2 -2
  514. package/dist/web/public/assets/{map-pin-BXYvvHry.js.map → map-pin-DIXHUQgM.js.map} +1 -1
  515. package/dist/web/public/assets/{mcp-BgLdlwSn.js → mcp-DyaljIM_.js} +2 -2
  516. package/dist/web/public/assets/{mcp-BgLdlwSn.js.map → mcp-DyaljIM_.js.map} +1 -1
  517. package/dist/web/public/assets/memos-Dkoc157i.js +12 -0
  518. package/dist/web/public/assets/memos-Dkoc157i.js.map +1 -0
  519. package/dist/web/public/assets/{messengers-7Phqea62.js → messengers-CcyGDeUI.js} +2 -2
  520. package/dist/web/public/assets/{messengers-7Phqea62.js.map → messengers-CcyGDeUI.js.map} +1 -1
  521. package/dist/web/public/assets/{mobile-CV5b6D2W.js → mobile-DqzIv4Xb.js} +2 -2
  522. package/dist/web/public/assets/{mobile-CV5b6D2W.js.map → mobile-DqzIv4Xb.js.map} +1 -1
  523. package/dist/web/public/assets/{native-agent-QvIa6LjE.js → native-agent-BQ7WaRGK.js} +2 -2
  524. package/dist/web/public/assets/{native-agent-QvIa6LjE.js.map → native-agent-BQ7WaRGK.js.map} +1 -1
  525. package/dist/web/public/assets/{network-BXhEjGhE.js → network-B_yUFAqC.js} +2 -2
  526. package/dist/web/public/assets/{network-BXhEjGhE.js.map → network-B_yUFAqC.js.map} +1 -1
  527. package/dist/web/public/assets/{outbox-DHQL7TQb.js → outbox-l8aVOZqO.js} +2 -2
  528. package/dist/web/public/assets/{outbox-DHQL7TQb.js.map → outbox-l8aVOZqO.js.map} +1 -1
  529. package/dist/web/public/assets/{pagination-VKuPb1Ot.js → pagination-BAKRGKa9.js} +2 -2
  530. package/dist/web/public/assets/{pagination-VKuPb1Ot.js.map → pagination-BAKRGKa9.js.map} +1 -1
  531. package/dist/web/public/assets/{persona-CWug2GLR.js → persona-D3VL9Rg1.js} +2 -2
  532. package/dist/web/public/assets/{persona-CWug2GLR.js.map → persona-D3VL9Rg1.js.map} +1 -1
  533. package/dist/web/public/assets/{plans-CZoEs5SY.js → plans-BBB5e9my.js} +2 -2
  534. package/dist/web/public/assets/{plans-CZoEs5SY.js.map → plans-BBB5e9my.js.map} +1 -1
  535. package/dist/web/public/assets/{play-CfSn5Vdl.js → play-7-Wd369f.js} +2 -2
  536. package/dist/web/public/assets/{play-CfSn5Vdl.js.map → play-7-Wd369f.js.map} +1 -1
  537. package/dist/web/public/assets/{plus-Z8l4CiqJ.js → plus-B0sfZy-j.js} +2 -2
  538. package/dist/web/public/assets/{plus-Z8l4CiqJ.js.map → plus-B0sfZy-j.js.map} +1 -1
  539. package/dist/web/public/assets/{policy-CutDSEPW.js → policy-BM1WRXH0.js} +2 -2
  540. package/dist/web/public/assets/{policy-CutDSEPW.js.map → policy-BM1WRXH0.js.map} +1 -1
  541. package/dist/web/public/assets/{qr-code-DgU5aiM6.js → qr-code-DcKs5fi3.js} +2 -2
  542. package/dist/web/public/assets/{qr-code-DgU5aiM6.js.map → qr-code-DcKs5fi3.js.map} +1 -1
  543. package/dist/web/public/assets/{react-Cb2sDjhD.js → react-DlP5eolq.js} +2 -2
  544. package/dist/web/public/assets/{react-Cb2sDjhD.js.map → react-DlP5eolq.js.map} +1 -1
  545. package/dist/web/public/assets/{refresh-ccw-D2CWiyU_.js → refresh-ccw-uNKeBeRl.js} +2 -2
  546. package/dist/web/public/assets/{refresh-ccw-D2CWiyU_.js.map → refresh-ccw-uNKeBeRl.js.map} +1 -1
  547. package/dist/web/public/assets/{reminders-Cb6Izedg.js → reminders-DHM8K0_O.js} +2 -2
  548. package/dist/web/public/assets/{reminders-Cb6Izedg.js.map → reminders-DHM8K0_O.js.map} +1 -1
  549. package/dist/web/public/assets/{save-DB0BDYTs.js → save-qwJa5_SA.js} +2 -2
  550. package/dist/web/public/assets/{save-DB0BDYTs.js.map → save-qwJa5_SA.js.map} +1 -1
  551. package/dist/web/public/assets/{schedules-8mSjE14D.js → schedules-Bcd0wbT4.js} +2 -2
  552. package/dist/web/public/assets/{schedules-8mSjE14D.js.map → schedules-Bcd0wbT4.js.map} +1 -1
  553. package/dist/web/public/assets/{search-Con69NhG.js → search-BUlzNWrj.js} +2 -2
  554. package/dist/web/public/assets/{search-Con69NhG.js.map → search-BUlzNWrj.js.map} +1 -1
  555. package/dist/web/public/assets/{search-B4fHilZ0.js → search-i1tP2maJ.js} +2 -2
  556. package/dist/web/public/assets/{search-B4fHilZ0.js.map → search-i1tP2maJ.js.map} +1 -1
  557. package/dist/web/public/assets/{security-BTe3zUg8.js → security-DgJyTT4g.js} +2 -2
  558. package/dist/web/public/assets/{security-BTe3zUg8.js.map → security-DgJyTT4g.js.map} +1 -1
  559. package/dist/web/public/assets/{service-C7SqcwfL.js → service-A0Hzear0.js} +2 -2
  560. package/dist/web/public/assets/{service-C7SqcwfL.js.map → service-A0Hzear0.js.map} +1 -1
  561. package/dist/web/public/assets/{shield-alert-CKFVsGgI.js → shield-alert-DrnN6fz_.js} +2 -2
  562. package/dist/web/public/assets/{shield-alert-CKFVsGgI.js.map → shield-alert-DrnN6fz_.js.map} +1 -1
  563. package/dist/web/public/assets/{status-badge-BSkpyN4D.js → status-badge-Ryzf96Pl.js} +2 -2
  564. package/dist/web/public/assets/{status-badge-BSkpyN4D.js.map → status-badge-Ryzf96Pl.js.map} +1 -1
  565. package/dist/web/public/assets/{subtasks-Bel-I1Sk.js → subtasks-Bzh3o3EF.js} +2 -2
  566. package/dist/web/public/assets/{subtasks-Bel-I1Sk.js.map → subtasks-Bzh3o3EF.js.map} +1 -1
  567. package/dist/web/public/assets/{table-CPn1MRcy.js → table-BbAOSyc8.js} +2 -2
  568. package/dist/web/public/assets/{table-CPn1MRcy.js.map → table-BbAOSyc8.js.map} +1 -1
  569. package/dist/web/public/assets/{topn-Ba3RjcK1.js → topn-DkhYw-Gp.js} +2 -2
  570. package/dist/web/public/assets/{topn-Ba3RjcK1.js.map → topn-DkhYw-Gp.js.map} +1 -1
  571. package/dist/web/public/assets/{trash-2-Dfov8aHD.js → trash-2-CA0cLpnU.js} +2 -2
  572. package/dist/web/public/assets/{trash-2-Dfov8aHD.js.map → trash-2-CA0cLpnU.js.map} +1 -1
  573. package/dist/web/public/assets/{use-background-tasks-BQrEeUwY.js → use-background-tasks-B64YjlA8.js} +2 -2
  574. package/dist/web/public/assets/{use-background-tasks-BQrEeUwY.js.map → use-background-tasks-B64YjlA8.js.map} +1 -1
  575. package/dist/web/public/assets/{use-event-stream-DgGpGKop.js → use-event-stream-I1lMFEfh.js} +2 -2
  576. package/dist/web/public/assets/{use-event-stream-DgGpGKop.js.map → use-event-stream-I1lMFEfh.js.map} +1 -1
  577. package/dist/web/public/assets/{use-llm-admin-DYekqogG.js → use-llm-admin-DY2axI4D.js} +2 -2
  578. package/dist/web/public/assets/{use-llm-admin-DYekqogG.js.map → use-llm-admin-DY2axI4D.js.map} +1 -1
  579. package/dist/web/public/assets/{use-memory-DbJ4pP2Z.js → use-memory-BYEjVWbU.js} +2 -2
  580. package/dist/web/public/assets/{use-memory-DbJ4pP2Z.js.map → use-memory-BYEjVWbU.js.map} +1 -1
  581. package/dist/web/public/assets/{use-observability-C2M6WZ9W.js → use-observability-Coj02yDo.js} +2 -2
  582. package/dist/web/public/assets/{use-observability-C2M6WZ9W.js.map → use-observability-Coj02yDo.js.map} +1 -1
  583. package/dist/web/public/assets/{use-settings-DMdaoWsB.js → use-settings-i1MhlkyC.js} +2 -2
  584. package/dist/web/public/assets/{use-settings-DMdaoWsB.js.map → use-settings-i1MhlkyC.js.map} +1 -1
  585. package/dist/web/public/assets/{use-workspace-BHG7h3jQ.js → use-workspace-DgEM35PY.js} +2 -2
  586. package/dist/web/public/assets/{use-workspace-BHG7h3jQ.js.map → use-workspace-DgEM35PY.js.map} +1 -1
  587. package/dist/web/public/assets/{useQuery-PdiC7-sY.js → useQuery-CY2iazjN.js} +2 -2
  588. package/dist/web/public/assets/{useQuery-PdiC7-sY.js.map → useQuery-CY2iazjN.js.map} +1 -1
  589. package/dist/web/public/assets/{vector-DnZM3OXU.js → vector-Ic76u2hY.js} +2 -2
  590. package/dist/web/public/assets/{vector-DnZM3OXU.js.map → vector-Ic76u2hY.js.map} +1 -1
  591. package/dist/web/public/assets/{viewer-Dz6k0YKp.js → viewer-BXbUN1Rl.js} +2 -2
  592. package/dist/web/public/assets/{viewer-Dz6k0YKp.js.map → viewer-BXbUN1Rl.js.map} +1 -1
  593. package/dist/web/public/assets/{workspace-BnXrWS3j.js → workspace-CUg0JPn6.js} +3 -3
  594. package/dist/web/public/assets/{workspace-BnXrWS3j.js.map → workspace-CUg0JPn6.js.map} +1 -1
  595. package/dist/web/public/assets/{workspaces-CSS_UBEi.js → workspaces-C-wb5FQj.js} +2 -2
  596. package/dist/web/public/assets/{workspaces-CSS_UBEi.js.map → workspaces-C-wb5FQj.js.map} +1 -1
  597. package/dist/web/public/assets/{x-DG-JKVw_.js → x-D1iSuoqg.js} +2 -2
  598. package/dist/web/public/assets/{x-DG-JKVw_.js.map → x-D1iSuoqg.js.map} +1 -1
  599. package/dist/web/public/index.html +2 -2
  600. package/dist/web/server.d.ts.map +1 -1
  601. package/dist/web/server.js +6 -0
  602. package/dist/web/server.js.map +1 -1
  603. package/package.json +1 -1
  604. package/dist/web/public/assets/dialog-bAIDaO-6.js +0 -6
  605. package/dist/web/public/assets/dialog-bAIDaO-6.js.map +0 -1
  606. package/dist/web/public/assets/index-O0BQoyzo.js +0 -199
  607. package/dist/web/public/assets/index-O0BQoyzo.js.map +0 -1
  608. package/dist/web/public/assets/llm-CPIRNQU2.js +0 -7
  609. package/dist/web/public/assets/llm-CPIRNQU2.js.map +0 -1
  610. package/dist/web/public/assets/memos-CfneX9DH.js +0 -12
  611. package/dist/web/public/assets/memos-CfneX9DH.js.map +0 -1
@@ -0,0 +1,755 @@
1
+ ---
2
+ name: kubernetes-patterns
3
+ description: [ECC] Kubernetes workload patterns, resource management, RBAC, probes, autoscaling, ConfigMap/Secret handling, and kubectl debugging for production-grade deployments.
4
+ origin: ECC
5
+ ---
6
+
7
+ # Kubernetes Patterns
8
+
9
+ Production-grade Kubernetes patterns for deploying, managing, and debugging workloads reliably.
10
+
11
+ ## When to Activate
12
+
13
+ - Writing Kubernetes manifests (Deployments, Services, Ingress, Jobs)
14
+ - Configuring resource requests/limits, liveness/readiness probes
15
+ - Setting up RBAC, namespaces, or ServiceAccounts
16
+ - Managing configuration and secrets in K8s
17
+ - Debugging CrashLoopBackOff, OOMKilled, pending pods, or image pull errors
18
+ - Configuring HPA (Horizontal Pod Autoscaler) or PodDisruptionBudgets
19
+ - Reviewing K8s YAML for security or correctness
20
+
21
+ ## When to Use
22
+
23
+ > Same as **When to Activate** above. This alias satisfies repo skill-format conventions. Use this skill any time you are writing, reviewing, or debugging Kubernetes YAML and workloads.
24
+
25
+ ## How It Works
26
+
27
+ This skill provides **copy-pasteable, production-grade YAML patterns** and **kubectl debugging commands** organized by task:
28
+
29
+ 1. **Deployment template** — A fully configured production `Deployment` with security context, rolling update strategy, all three probe types, resource limits, and environment injection from ConfigMap/Secret.
30
+ 2. **Probes** — Decision table for startup vs liveness vs readiness, with correct `failureThreshold × periodSeconds` math.
31
+ 3. **Services & Ingress** — ClusterIP, LoadBalancer, and TLS Ingress patterns with cert-manager annotations.
32
+ 4. **ConfigMaps & Secrets** — `envFrom`, file-mount, and external secrets guidance.
33
+ 5. **Resource management** — Requests vs limits rules of thumb by workload type (web API, JVM, worker, sidecar).
34
+ 6. **RBAC** — Least-privilege ServiceAccount → Role → RoleBinding chain.
35
+ 7. **HPA & PDB** — Autoscaling and node-drain safety configurations.
36
+ 8. **Jobs & CronJobs** — One-off and scheduled workload patterns with correct `restartPolicy`.
37
+ 9. **kubectl cheatsheet** — Logs, exec, rollback, port-forward, dry-run, and common error diagnosis commands.
38
+ 10. **Anti-patterns & checklist** — What NOT to do, and a security/reliability/observability checklist.
39
+
40
+ ## Examples
41
+
42
+ See the sections below for complete, runnable examples. Quick references:
43
+
44
+ | Task | Jump to |
45
+ |------|---------|
46
+ | Full production Deployment YAML | [Core Workload Patterns](#core-workload-patterns) |
47
+ | Probe configuration | [Probes](#probes--liveness-readiness-startup) |
48
+ | RBAC least-privilege setup | [RBAC](#rbac--roles-and-serviceaccounts) |
49
+ | Debug a CrashLoopBackOff | [kubectl Debugging Cheatsheet](#kubectl-debugging-cheatsheet) |
50
+ | Autoscaling | [HPA](#horizontal-pod-autoscaler-hpa) |
51
+
52
+ ---
53
+
54
+ ## Core Workload Patterns
55
+
56
+ ### Deployment — Production Template
57
+
58
+ ```yaml
59
+ apiVersion: apps/v1
60
+ kind: Deployment
61
+ metadata:
62
+ name: my-app
63
+ namespace: my-namespace
64
+ labels:
65
+ app: my-app
66
+ version: "1.0.0"
67
+ spec:
68
+ replicas: 3
69
+ selector:
70
+ matchLabels:
71
+ app: my-app
72
+ strategy:
73
+ type: RollingUpdate
74
+ rollingUpdate:
75
+ maxSurge: 1 # Allow 1 extra pod during update
76
+ maxUnavailable: 0 # Never reduce below desired count
77
+ template:
78
+ metadata:
79
+ labels:
80
+ app: my-app
81
+ version: "1.0.0"
82
+ spec:
83
+ # Security context at pod level
84
+ securityContext:
85
+ runAsNonRoot: true
86
+ runAsUser: 1001
87
+ fsGroup: 1001
88
+
89
+ # Graceful shutdown
90
+ terminationGracePeriodSeconds: 30
91
+
92
+ containers:
93
+ - name: my-app
94
+ image: ghcr.io/org/my-app:1.0.0 # Never use :latest
95
+ imagePullPolicy: IfNotPresent
96
+
97
+ ports:
98
+ - containerPort: 8080
99
+ protocol: TCP
100
+
101
+ # Resource requests AND limits are both required
102
+ resources:
103
+ requests:
104
+ cpu: "100m"
105
+ memory: "128Mi"
106
+ limits:
107
+ cpu: "500m"
108
+ memory: "256Mi"
109
+
110
+ # Container security context
111
+ securityContext:
112
+ allowPrivilegeEscalation: false
113
+ readOnlyRootFilesystem: true
114
+ capabilities:
115
+ drop:
116
+ - ALL
117
+
118
+ # Probes (see Probes section below)
119
+ startupProbe:
120
+ httpGet:
121
+ path: /health
122
+ port: 8080
123
+ failureThreshold: 30
124
+ periodSeconds: 5
125
+ livenessProbe:
126
+ httpGet:
127
+ path: /health
128
+ port: 8080
129
+ initialDelaySeconds: 0
130
+ periodSeconds: 30
131
+ failureThreshold: 3
132
+ readinessProbe:
133
+ httpGet:
134
+ path: /ready
135
+ port: 8080
136
+ initialDelaySeconds: 5
137
+ periodSeconds: 10
138
+ failureThreshold: 2
139
+
140
+ # Environment from ConfigMap and Secret
141
+ envFrom:
142
+ - configMapRef:
143
+ name: my-app-config
144
+ env:
145
+ - name: DB_PASSWORD
146
+ valueFrom:
147
+ secretKeyRef:
148
+ name: my-app-secrets
149
+ key: db-password
150
+
151
+ # Writable tmp directory when readOnlyRootFilesystem: true
152
+ volumeMounts:
153
+ - name: tmp
154
+ mountPath: /tmp
155
+
156
+ volumes:
157
+ - name: tmp
158
+ emptyDir: {}
159
+ ```
160
+
161
+ ---
162
+
163
+ ## Probes — Liveness, Readiness, Startup
164
+
165
+ Understanding when to use each probe is critical:
166
+
167
+ | Probe | Failure Action | Use For |
168
+ |-------|---------------|---------|
169
+ | `startupProbe` | Kills container if slow to start | Slow-starting apps (JVM, Python) |
170
+ | `livenessProbe` | Restarts container | Deadlock / hung process detection |
171
+ | `readinessProbe` | Removes from Service endpoints | Temporary unavailability (DB reconnect) |
172
+
173
+ ```yaml
174
+ # Correct pattern: startupProbe covers slow startup,
175
+ # then liveness/readiness take over
176
+ startupProbe:
177
+ httpGet:
178
+ path: /health
179
+ port: 8080
180
+ failureThreshold: 30 # 30 * 5s = 150s max startup time
181
+ periodSeconds: 5
182
+
183
+ livenessProbe:
184
+ httpGet:
185
+ path: /health
186
+ port: 8080
187
+ periodSeconds: 30
188
+ failureThreshold: 3 # 3 * 30s = 90s before restart
189
+
190
+ readinessProbe:
191
+ httpGet:
192
+ path: /ready # Separate endpoint: checks DB, cache, etc.
193
+ port: 8080
194
+ periodSeconds: 10
195
+ failureThreshold: 2
196
+ ```
197
+
198
+ ```yaml
199
+ # WRONG: initialDelaySeconds without startupProbe
200
+ # If the app takes 60s to start, set a startupProbe instead
201
+ livenessProbe:
202
+ httpGet:
203
+ path: /health
204
+ port: 8080
205
+ initialDelaySeconds: 60 # BAD: Arbitrary wait, race condition
206
+ ```
207
+
208
+ ---
209
+
210
+ ## Services and Ingress
211
+
212
+ ### Service Types
213
+
214
+ ```yaml
215
+ # ClusterIP (default) — internal-only
216
+ apiVersion: v1
217
+ kind: Service
218
+ metadata:
219
+ name: my-app
220
+ namespace: my-namespace
221
+ spec:
222
+ selector:
223
+ app: my-app
224
+ ports:
225
+ - port: 80
226
+ targetPort: 8080
227
+ protocol: TCP
228
+ type: ClusterIP
229
+ ```
230
+
231
+ ```yaml
232
+ # LoadBalancer — external traffic (cloud providers)
233
+ spec:
234
+ type: LoadBalancer
235
+ ports:
236
+ - port: 443
237
+ targetPort: 8080
238
+ ```
239
+
240
+ ### Ingress with TLS
241
+
242
+ ```yaml
243
+ apiVersion: networking.k8s.io/v1
244
+ kind: Ingress
245
+ metadata:
246
+ name: my-app
247
+ namespace: my-namespace
248
+ annotations:
249
+ nginx.ingress.kubernetes.io/ssl-redirect: "true"
250
+ cert-manager.io/cluster-issuer: "letsencrypt-prod"
251
+ spec:
252
+ ingressClassName: nginx
253
+ tls:
254
+ - hosts:
255
+ - myapp.example.com
256
+ secretName: my-app-tls
257
+ rules:
258
+ - host: myapp.example.com
259
+ http:
260
+ paths:
261
+ - path: /
262
+ pathType: Prefix
263
+ backend:
264
+ service:
265
+ name: my-app
266
+ port:
267
+ number: 80
268
+ ```
269
+
270
+ ---
271
+
272
+ ## ConfigMaps and Secrets
273
+
274
+ ### ConfigMap — Non-sensitive configuration
275
+
276
+ ```yaml
277
+ apiVersion: v1
278
+ kind: ConfigMap
279
+ metadata:
280
+ name: my-app-config
281
+ namespace: my-namespace
282
+ data:
283
+ LOG_LEVEL: "info"
284
+ APP_ENV: "production"
285
+ MAX_CONNECTIONS: "100"
286
+ # Mount as a file for complex config
287
+ app.yaml: |
288
+ server:
289
+ port: 8080
290
+ timeout: 30s
291
+ ```
292
+
293
+ ```yaml
294
+ # Mount ConfigMap as a file
295
+ volumes:
296
+ - name: config
297
+ configMap:
298
+ name: my-app-config
299
+ items:
300
+ - key: app.yaml
301
+ path: app.yaml
302
+ volumeMounts:
303
+ - name: config
304
+ mountPath: /etc/app
305
+ readOnly: true
306
+ ```
307
+
308
+ ### Secrets — Sensitive data
309
+
310
+ ```bash
311
+ # Create secret from literal (CLI, then store in Vault/SOPS)
312
+ kubectl create secret generic my-app-secrets \
313
+ --from-literal=db-password='s3cr3t' \
314
+ --namespace=my-namespace \
315
+ --dry-run=client -o yaml | kubectl apply -f -
316
+ ```
317
+
318
+ ```yaml
319
+ apiVersion: v1
320
+ kind: Secret
321
+ metadata:
322
+ name: my-app-secrets
323
+ namespace: my-namespace
324
+ type: Opaque
325
+ # Values are base64-encoded (NOT encrypted — use Sealed Secrets or ESO for real encryption)
326
+ data:
327
+ db-password: czNjcjN0 # base64 of 's3cr3t'
328
+ ```
329
+
330
+ > **Important:** Raw Kubernetes Secrets are only base64-encoded, not encrypted at rest unless your cluster has encryption configured. Use [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) or [External Secrets Operator](https://external-secrets.io) for production.
331
+
332
+ ---
333
+
334
+ ## Resource Requests and Limits
335
+
336
+ ```yaml
337
+ resources:
338
+ requests: # Scheduler uses this to place the pod
339
+ cpu: "100m" # 100 millicores = 0.1 CPU
340
+ memory: "128Mi"
341
+ limits: # Container is killed/throttled above this
342
+ cpu: "500m"
343
+ memory: "256Mi"
344
+ ```
345
+
346
+ **Rules of thumb:**
347
+
348
+ | Workload Type | CPU Request | Memory Request | Notes |
349
+ |---------------|-------------|----------------|-------|
350
+ | Web API | 100–250m | 128–256Mi | Set limits 2-4x requests |
351
+ | Worker/consumer | 250–500m | 256–512Mi | Memory limit = request for predictability |
352
+ | JVM app | 500m–1 | 512Mi–2Gi | Allow headroom above `-Xmx` for JVM overhead |
353
+ | Sidecar | 10–50m | 32–64Mi | Keep minimal |
354
+
355
+ ```yaml
356
+ # WRONG: No requests or limits — unpredictable scheduling, OOM evictions
357
+ containers:
358
+ - name: app
359
+ image: myapp:latest
360
+ # Missing resources: {} — this is dangerous in production
361
+
362
+ # WRONG: Limits without requests — requests default to limits, over-reserves capacity
363
+ resources:
364
+ limits:
365
+ cpu: "2"
366
+ memory: "1Gi"
367
+ # requests missing — will default to limits values
368
+ ```
369
+
370
+ ---
371
+
372
+ ## RBAC — Roles and ServiceAccounts
373
+
374
+ ### Principle of Least Privilege
375
+
376
+ **Two patterns depending on whether the app calls the Kubernetes API:**
377
+
378
+ #### Pattern A — App does NOT need the Kubernetes API (most apps)
379
+
380
+ Disable token automounting on the ServiceAccount. The Role/RoleBinding are not needed.
381
+
382
+ ```yaml
383
+ # ServiceAccount with token disabled — safest default
384
+ apiVersion: v1
385
+ kind: ServiceAccount
386
+ metadata:
387
+ name: my-app-sa
388
+ namespace: my-namespace
389
+ automountServiceAccountToken: false # No K8s API token injected into pods
390
+ ```
391
+
392
+ ```yaml
393
+ # Reference in Deployment — no token, no API access
394
+ spec:
395
+ template:
396
+ spec:
397
+ serviceAccountName: my-app-sa
398
+ automountServiceAccountToken: false # Belt-and-suspenders: also set at pod level
399
+ ```
400
+
401
+ #### Pattern B — App DOES need the Kubernetes API (operators, controllers, config watchers)
402
+
403
+ Enable the token and grant only the permissions actually required.
404
+
405
+ ```yaml
406
+ # 1. ServiceAccount — enable token for this SA
407
+ apiVersion: v1
408
+ kind: ServiceAccount
409
+ metadata:
410
+ name: my-app-sa
411
+ namespace: my-namespace
412
+ automountServiceAccountToken: true # Token required: app calls K8s API
413
+ ```
414
+
415
+ ```yaml
416
+ # 2. Role — grant only what the app needs (namespace-scoped)
417
+ apiVersion: rbac.authorization.k8s.io/v1
418
+ kind: Role
419
+ metadata:
420
+ name: my-app-role
421
+ namespace: my-namespace
422
+ rules:
423
+ - apiGroups: [""]
424
+ resources: ["configmaps"]
425
+ verbs: ["get", "list", "watch"] # Read-only, specific resource
426
+ - apiGroups: [""]
427
+ resources: ["secrets"]
428
+ resourceNames: ["my-app-secrets"] # Restrict to specific secret by name
429
+ verbs: ["get"]
430
+ ```
431
+
432
+ ```yaml
433
+ # 3. Bind Role to ServiceAccount
434
+ apiVersion: rbac.authorization.k8s.io/v1
435
+ kind: RoleBinding
436
+ metadata:
437
+ name: my-app-rolebinding
438
+ namespace: my-namespace
439
+ subjects:
440
+ - kind: ServiceAccount
441
+ name: my-app-sa
442
+ namespace: my-namespace
443
+ roleRef:
444
+ kind: Role
445
+ apiGroup: rbac.authorization.k8s.io
446
+ name: my-app-role
447
+ ```
448
+
449
+ ```yaml
450
+ # 4. Reference SA in Deployment
451
+ spec:
452
+ template:
453
+ spec:
454
+ serviceAccountName: my-app-sa
455
+ # automountServiceAccountToken defaults to true from SA — token is injected
456
+ ```
457
+
458
+ ---
459
+
460
+ ## Horizontal Pod Autoscaler (HPA)
461
+
462
+ ```yaml
463
+ apiVersion: autoscaling/v2
464
+ kind: HorizontalPodAutoscaler
465
+ metadata:
466
+ name: my-app-hpa
467
+ namespace: my-namespace
468
+ spec:
469
+ scaleTargetRef:
470
+ apiVersion: apps/v1
471
+ kind: Deployment
472
+ name: my-app
473
+ minReplicas: 2 # Always at least 2 for HA
474
+ maxReplicas: 10
475
+ metrics:
476
+ - type: Resource
477
+ resource:
478
+ name: cpu
479
+ target:
480
+ type: Utilization
481
+ averageUtilization: 70 # Scale up when avg CPU > 70%
482
+ - type: Resource
483
+ resource:
484
+ name: memory
485
+ target:
486
+ type: Utilization
487
+ averageUtilization: 80
488
+ ```
489
+
490
+ > HPA requires `resources.requests` to be set on all containers — it calculates utilization as `current / request`.
491
+
492
+ ---
493
+
494
+ ## PodDisruptionBudget (PDB)
495
+
496
+ Prevent too many pods going down during node drains or rolling updates:
497
+
498
+ ```yaml
499
+ apiVersion: policy/v1
500
+ kind: PodDisruptionBudget
501
+ metadata:
502
+ name: my-app-pdb
503
+ namespace: my-namespace
504
+ spec:
505
+ minAvailable: 2 # OR use maxUnavailable: 1
506
+ selector:
507
+ matchLabels:
508
+ app: my-app
509
+ ```
510
+
511
+ ---
512
+
513
+ ## Namespaces and Multi-Tenancy
514
+
515
+ ```bash
516
+ # Create namespace with resource quotas
517
+ kubectl create namespace my-namespace
518
+
519
+ # Apply ResourceQuota to limit namespace consumption
520
+ kubectl apply -f - <<EOF
521
+ apiVersion: v1
522
+ kind: ResourceQuota
523
+ metadata:
524
+ name: my-namespace-quota
525
+ namespace: my-namespace
526
+ spec:
527
+ hard:
528
+ requests.cpu: "4"
529
+ requests.memory: 4Gi
530
+ limits.cpu: "8"
531
+ limits.memory: 8Gi
532
+ pods: "20"
533
+ EOF
534
+ ```
535
+
536
+ ---
537
+
538
+ ## Jobs and CronJobs
539
+
540
+ ```yaml
541
+ # One-off Job (DB migration, data processing)
542
+ apiVersion: batch/v1
543
+ kind: Job
544
+ metadata:
545
+ name: db-migrate
546
+ namespace: my-namespace
547
+ spec:
548
+ backoffLimit: 3 # Retry up to 3 times on failure
549
+ ttlSecondsAfterFinished: 3600 # Auto-delete after 1h
550
+ template:
551
+ spec:
552
+ restartPolicy: OnFailure # Never for Jobs (not Always)
553
+ containers:
554
+ - name: migrate
555
+ image: ghcr.io/org/my-app:1.0.0
556
+ command: ["python", "manage.py", "migrate"]
557
+ resources:
558
+ requests:
559
+ cpu: "100m"
560
+ memory: "256Mi"
561
+ ```
562
+
563
+ ```yaml
564
+ # CronJob
565
+ apiVersion: batch/v1
566
+ kind: CronJob
567
+ metadata:
568
+ name: cleanup-job
569
+ namespace: my-namespace
570
+ spec:
571
+ schedule: "0 2 * * *" # 2am daily
572
+ concurrencyPolicy: Forbid # Don't run if previous still running
573
+ successfulJobsHistoryLimit: 3
574
+ failedJobsHistoryLimit: 1
575
+ jobTemplate:
576
+ spec:
577
+ template:
578
+ spec:
579
+ restartPolicy: OnFailure
580
+ containers:
581
+ - name: cleanup
582
+ image: ghcr.io/org/cleanup:1.0.0
583
+ resources:
584
+ requests:
585
+ cpu: "50m"
586
+ memory: "64Mi"
587
+ ```
588
+
589
+ ---
590
+
591
+ ## kubectl Debugging Cheatsheet
592
+
593
+ ```bash
594
+ # --- Pod status and logs ---
595
+ kubectl get pods -n my-namespace
596
+ kubectl get pods -n my-namespace -o wide # Show node assignment
597
+ kubectl describe pod <pod-name> -n my-namespace # Events and state details
598
+ kubectl logs <pod-name> -n my-namespace # Current logs
599
+ kubectl logs <pod-name> -n my-namespace --previous # Logs from crashed container
600
+ kubectl logs <pod-name> -n my-namespace -c <container> # Multi-container pod
601
+
602
+ # --- Execute into a running container ---
603
+ kubectl exec -it <pod-name> -n my-namespace -- sh
604
+ kubectl exec -it <pod-name> -n my-namespace -- bash
605
+
606
+ # --- Check resource usage ---
607
+ kubectl top pods -n my-namespace
608
+ kubectl top nodes
609
+
610
+ # --- Deployment operations ---
611
+ kubectl rollout status deployment/my-app -n my-namespace
612
+ kubectl rollout history deployment/my-app -n my-namespace
613
+ kubectl rollout undo deployment/my-app -n my-namespace # Rollback
614
+ kubectl rollout undo deployment/my-app --to-revision=2 -n my-namespace
615
+
616
+ # --- Scale manually ---
617
+ kubectl scale deployment my-app --replicas=5 -n my-namespace
618
+
619
+ # --- Inspect events (cluster-wide issues) ---
620
+ kubectl get events -n my-namespace --sort-by='.lastTimestamp'
621
+
622
+ # --- Port-forward for local debugging ---
623
+ kubectl port-forward pod/<pod-name> 8080:8080 -n my-namespace
624
+ kubectl port-forward svc/my-app 8080:80 -n my-namespace
625
+
626
+ # --- Dry-run to validate YAML ---
627
+ kubectl apply -f deployment.yaml --dry-run=client
628
+ kubectl apply -f deployment.yaml --dry-run=server # Validates against live cluster
629
+ ```
630
+
631
+ ### Diagnosing Common Errors
632
+
633
+ ```bash
634
+ # CrashLoopBackOff: container keeps crashing
635
+ kubectl logs <pod-name> --previous -n my-namespace # Check crash logs
636
+ kubectl describe pod <pod-name> -n my-namespace # Check exit code & OOMKilled
637
+
638
+ # ImagePullBackOff: can't pull image
639
+ kubectl describe pod <pod-name> -n my-namespace # Check Events section
640
+ # Causes: wrong image tag, missing imagePullSecret, private registry
641
+
642
+ # Pending pod: not scheduled
643
+ kubectl describe pod <pod-name> -n my-namespace
644
+ # Causes: insufficient resources, no matching node selector, taint/toleration mismatch
645
+
646
+ # OOMKilled: out of memory
647
+ # Increase memory limits, check for memory leaks
648
+ kubectl describe pod <pod-name> -n my-namespace | grep -A5 "Last State"
649
+ ```
650
+
651
+ ---
652
+
653
+ ## Anti-Patterns
654
+
655
+ ```yaml
656
+ # BAD: Using :latest tag — non-deterministic deployments
657
+ image: myapp:latest
658
+
659
+ # GOOD: Pin to a specific immutable tag (SHA or semver)
660
+ image: ghcr.io/org/myapp:1.4.2
661
+ # or
662
+ image: ghcr.io/org/myapp@sha256:abc123...
663
+
664
+ # ---
665
+
666
+ # BAD: Running as root
667
+ securityContext: {} # Defaults to root
668
+
669
+ # GOOD: Non-root with explicit UID
670
+ securityContext:
671
+ runAsNonRoot: true
672
+ runAsUser: 1001
673
+
674
+ # ---
675
+
676
+ # BAD: No resource limits — one pod can starve the entire node
677
+ containers:
678
+ - name: app
679
+ image: myapp:1.0.0
680
+ # No resources defined
681
+
682
+ # GOOD: Always set requests and limits
683
+ resources:
684
+ requests:
685
+ cpu: "100m"
686
+ memory: "128Mi"
687
+ limits:
688
+ cpu: "500m"
689
+ memory: "256Mi"
690
+
691
+ # ---
692
+
693
+ # BAD: Storing plaintext secrets in ConfigMaps
694
+ apiVersion: v1
695
+ kind: ConfigMap
696
+ data:
697
+ DB_PASSWORD: "mysecretpassword" # NEVER — use Secret or external secrets manager
698
+
699
+ # ---
700
+
701
+ # BAD: ClusterAdmin for application service accounts
702
+ apiVersion: rbac.authorization.k8s.io/v1
703
+ kind: ClusterRoleBinding
704
+ roleRef:
705
+ kind: ClusterRole
706
+ name: cluster-admin # Grants god-mode to your app
707
+
708
+ # ---
709
+
710
+ # BAD: minAvailable: 0 in PDB — defeats the purpose
711
+ spec:
712
+ minAvailable: 0
713
+
714
+ # ---
715
+
716
+ # BAD: restartPolicy: Always in a Job (causes infinite restart loop)
717
+ spec:
718
+ restartPolicy: Always # Use OnFailure or Never for Jobs
719
+ ```
720
+
721
+ ---
722
+
723
+ ## Best Practices Checklist
724
+
725
+ ### Security
726
+ - [ ] Container runs as non-root (`runAsNonRoot: true`, `runAsUser` set)
727
+ - [ ] `readOnlyRootFilesystem: true` with `emptyDir` for writable paths
728
+ - [ ] `allowPrivilegeEscalation: false`
729
+ - [ ] All capabilities dropped (`capabilities.drop: [ALL]`)
730
+ - [ ] Dedicated ServiceAccount per app, not `default`
731
+ - [ ] `automountServiceAccountToken: false` unless needed
732
+ - [ ] RBAC follows least privilege (use `Role`, not `ClusterRole` unless needed)
733
+ - [ ] Secrets managed via Sealed Secrets or External Secrets Operator
734
+
735
+ ### Reliability
736
+ - [ ] All 3 probe types configured (startup + liveness + readiness)
737
+ - [ ] Resource requests AND limits set on every container
738
+ - [ ] `minReplicas: 2+` for any production workload
739
+ - [ ] PodDisruptionBudget defined for stateful or critical services
740
+ - [ ] `RollingUpdate` strategy with `maxUnavailable: 0`
741
+ - [ ] HPA configured for variable-load services
742
+
743
+ ### Observability
744
+ - [ ] App exposes `/health` (liveness) and `/ready` (readiness) endpoints
745
+ - [ ] Structured JSON logging (no PII in logs)
746
+ - [ ] Resource labels: `app`, `version`, `environment`
747
+
748
+ ---
749
+
750
+ ## Related Skills
751
+
752
+ - `docker-patterns` — Multi-stage Dockerfiles and image security
753
+ - `deployment-patterns` — CI/CD pipelines, rollback strategy, health check endpoints
754
+ - `security-review` — Broader security hardening context
755
+ - `git-workflow` — GitOps integration with K8s (ArgoCD / Flux patterns)