claudeinone-cli 1.0.1 → 1.0.3

package/kit/.claude/skills/devops-monitoring.md

@@ -0,0 +1,203 @@
+# Monitoring & Observability
+
+Application performance monitoring, metrics, and alerting.
+
+## Prometheus
+
+```yaml
+# prometheus.yml
+global:
+  scrape_interval: 15s
+
+scrape_configs:
+  - job_name: 'nodejs-app'
+    static_configs:
+      - targets: ['localhost:9090']
+
+  - job_name: 'database'
+    static_configs:
+      - targets: ['localhost:9187']
+```
+
+## Application Metrics
+
+```typescript
+import promClient from 'prom-client';
+import express from 'express';
+
+// Create metrics
+const httpRequestDuration = new promClient.Histogram({
+  name: 'http_request_duration_seconds',
+  help: 'Duration of HTTP requests in seconds',
+  labelNames: ['method', 'route', 'status_code']
+});
+
+const activeConnections = new promClient.Gauge({
+  name: 'active_connections',
+  help: 'Number of active connections'
+});
+
+// Middleware
+app.use((req, res, next) => {
+  const start = Date.now();
+
+  res.on('finish', () => {
+    const duration = (Date.now() - start) / 1000;
+    httpRequestDuration
+      .labels(req.method, req.route?.path, res.statusCode)
+      .observe(duration);
+  });
+
+  next();
+});
+
+// Metrics endpoint
+app.get('/metrics', async (req, res) => {
+  res.set('Content-Type', promClient.register.contentType);
+  res.end(await promClient.register.metrics());
+});
+```
+
+## Grafana Dashboards
+
+```json
+{
+  "dashboard": {
+    "title": "Application Metrics",
+    "panels": [
+      {
+        "title": "Request Rate",
+        "targets": [
+          {
+            "expr": "rate(http_request_duration_seconds_count[5m])"
+          }
+        ]
+      },
+      {
+        "title": "Error Rate",
+        "targets": [
+          {
+            "expr": "rate(http_request_duration_seconds_count{status_code=~\"5..\"}[5m])"
+          }
+        ]
+      },
+      {
+        "title": "Response Time",
+        "targets": [
+          {
+            "expr": "histogram_quantile(0.95, http_request_duration_seconds_bucket)"
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+
+## DataDog Integration
+
+```typescript
+import StatsD from 'node-dogstatsd';
+
+const dogstatsd = new StatsD.StatsD({
+  host: 'localhost',
+  port: 8125,
+  prefix: 'myapp.'
+});
+
+// Track metrics
+dogstatsd.gauge('user.active', 42);
+dogstatsd.increment('requests.total');
+dogstatsd.histogram('response.time', 0.234);
+
+// Tags
+dogstatsd.increment('api.calls', 1, {
+  tags: ['endpoint:/users', 'status:success']
+});
+```
+
+## Custom Alerts
+
+```yaml
+# alert.yml
+groups:
+  - name: application
+    rules:
+      - alert: HighErrorRate
+        expr: rate(errors_total[5m]) > 0.05
+        for: 5m
+        annotations:
+          summary: "High error rate detected"
+          description: "Error rate is {{ $value }}"
+
+      - alert: HighLatency
+        expr: histogram_quantile(0.95, response_time) > 1
+        for: 10m
+        annotations:
+          summary: "High latency detected"
+```
+
+## Logging with ELK
+
+```typescript
+import winston from 'winston';
+
+const logger = winston.createLogger({
+  level: 'info',
+  format: winston.format.json(),
+  transports: [
+    new winston.transports.Console(),
+    new winston.transports.File({
+      filename: 'error.log',
+      level: 'error'
+    }),
+    new winston.transports.File({ filename: 'combined.log' })
+  ]
+});
+
+logger.info('Server started', { port: 3000 });
+logger.error('Database connection failed', { code: 'ECONNREFUSED' });
+```
+
+## Health Checks
+
+```typescript
+app.get('/health', async (req, res) => {
+  const health = {
+    status: 'OK',
+    timestamp: new Date().toISOString(),
+    checks: {
+      database: await checkDatabase(),
+      redis: await checkRedis(),
+      uptime: process.uptime()
+    }
+  };
+
+  const statusCode = Object.values(health.checks).every(Boolean) ? 200 : 503;
+
+  res.status(statusCode).json(health);
+});
+
+async function checkDatabase() {
+  try {
+    await db.raw('SELECT 1');
+    return true;
+  } catch {
+    return false;
+  }
+}
+```
+
+## Best Practices
+
+✅ **Structured logging** - Use JSON format
+✅ **Meaningful metrics** - Track business metrics
+✅ **Alert thresholds** - Set based on SLOs
+✅ **Retention policies** - Balance cost and history
+✅ **Distributed tracing** - Track requests across services
+
+## Resources
+
+- [Prometheus Docs](https://prometheus.io/docs/)
+- [Grafana](https://grafana.com/)
+- [DataDog](https://www.datadoghq.com/)

package/kit/.claude/skills/devops-pulumi.md

@@ -0,0 +1,94 @@
+# Pulumi
+
+## Overview
+Define cloud infrastructure as TypeScript/Python/Go code instead of YAML. Pulumi uses real programming languages for IaC.
+
+## Setup
+
+```bash
+curl -fsSL https://get.pulumi.com | sh
+pulumi login
+mkdir infra && cd infra
+pulumi new aws-typescript
+```
+
+## S3 + CloudFront
+
+```typescript
+import * as aws from '@pulumi/aws';
+import * as pulumi from '@pulumi/pulumi';
+
+const bucket = new aws.s3.BucketV2('site-assets', {
+  tags: { Environment: pulumi.getStack() }
+});
+
+new aws.s3.BucketPublicAccessBlock('site-block', {
+  bucket: bucket.id,
+  blockPublicAcls: true,
+  blockPublicPolicy: true,
+});
+
+const distribution = new aws.cloudfront.Distribution('cdn', {
+  origins: [{
+    domainName: bucket.bucketRegionalDomainName,
+    originId: 'S3Origin',
+  }],
+  enabled: true,
+  defaultCacheBehavior: {
+    targetOriginId: 'S3Origin',
+    viewerProtocolPolicy: 'redirect-to-https',
+    allowedMethods: ['GET', 'HEAD'],
+    cachedMethods: ['GET', 'HEAD'],
+    forwardedValues: { queryString: false, cookies: { forward: 'none' } },
+  },
+  restrictions: { geoRestriction: { restrictionType: 'none' } },
+  viewerCertificate: { cloudfrontDefaultCertificate: true },
+});
+
+export const cdnUrl = distribution.domainName;
+```
+
+## ECS Fargate Service
+
+```typescript
+import * as awsx from '@pulumi/awsx';
+
+const repo = new awsx.ecr.Repository('app');
+const image = new awsx.ecr.Image('app-image', { repositoryUrl: repo.url, context: '../app' });
+
+const cluster = new aws.ecs.Cluster('cluster');
+const lb = new awsx.lb.ApplicationLoadBalancer('alb');
+
+const service = new awsx.ecs.FargateService('app', {
+  cluster: cluster.arn,
+  taskDefinitionArgs: {
+    container: {
+      name: 'app',
+      image: image.imageUri,
+      cpu: 256, memory: 512,
+      portMappings: [lb.defaultTargetGroup],
+    }
+  },
+  desiredCount: 2,
+});
+
+export const url = lb.loadBalancer.dnsName;
+```
+
+## Deploy
+
+```bash
+pulumi preview   # show changes
+pulumi up        # deploy
+pulumi destroy   # tear down
+```
+
+## Best Practices
+- Use `pulumi.Config` for environment-specific values
+- Store secrets with `config.requireSecret()` (encrypted in state)
+- Use stack references to share outputs between stacks
+- Create component resources for reusable infrastructure patterns
+
+## Resources
+- [Pulumi docs](https://www.pulumi.com/docs/)
+- [Pulumi AWS examples](https://www.pulumi.com/registry/packages/aws/)

package/kit/.claude/skills/devops-secrets.md

@@ -0,0 +1,166 @@
+# Secrets Management
+
+Secure storage and retrieval of API keys, credentials, and tokens.
+
+## Environment Variables
+
+```bash
+# .env.local
+DATABASE_URL=postgresql://user:pass@localhost/db
+API_KEY=sk-1234567890
+STRIPE_SECRET=sk_live_...
+
+# .env.production
+DATABASE_URL=${DB_PROD_URL}
+API_KEY=${API_KEY_PROD}
+```
+
+```typescript
+// next.config.ts - expose public vars
+const nextConfig = {
+  env: {
+    NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL
+  }
+};
+```
+
+## AWS Secrets Manager
+
+```typescript
+import { SecretsManagerClient, GetSecretValueCommand } from '@aws-sdk/client-secrets-manager';
+
+const client = new SecretsManagerClient({ region: 'us-east-1' });
+
+async function getSecret(secretName: string) {
+  try {
+    const command = new GetSecretValueCommand({ SecretId: secretName });
+    const response = await client.send(command);
+    
+    return response.SecretString ? JSON.parse(response.SecretString) : response.SecretBinary;
+  } catch (error) {
+    console.error('Error retrieving secret:', error);
+    throw error;
+  }
+}
+
+// Usage
+const dbCredentials = await getSecret('prod/database');
+```
+
+## HashiCorp Vault
+
+```typescript
+import * as Vault from 'node-vault';
+
+const vault = new Vault({
+  endpoint: 'http://localhost:8200',
+  token: process.env.VAULT_TOKEN
+});
+
+// Read secret
+const secret = await vault.read('secret/data/prod/database');
+console.log(secret.data.data.username);
+
+// Write secret
+await vault.write('secret/data/prod/api-key', {
+  data: {
+    key: 'sk-1234567890',
+    name: 'production-key'
+  }
+});
+
+// Create dynamic database credentials
+const creds = await vault.read('database/creds/my-role');
+console.log(creds.data.username, creds.data.password);
+```
+
+## Sealed Secrets (Kubernetes)
+
+```yaml
+# Install Sealed Secrets
+kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.18.0/controller.yaml
+
+# Seal a secret
+echo -n mypassword | kubectl create secret generic mysecret --dry-run=client --from-file=password=/dev/stdin -o yaml | kubeseal -f -
+
+# Apply sealed secret
+kubectl apply -f my-sealed-secret.yaml
+```
+
+```bash
+#!/bin/bash
+# Script to rotate secrets
+for secret in $(vault list secret/metadata/prod); do
+  echo "Rotating $secret"
+  vault write "secret/data/prod/$secret" @"./new-${secret}.json"
+done
+```
+
+## Node.js dotenv
+
+```typescript
+import dotenv from 'dotenv';
+import path from 'path';
+
+// Load based on NODE_ENV
+const envFile = `.env.${process.env.NODE_ENV || 'development'}`;
+dotenv.config({ path: path.resolve(process.cwd(), envFile) });
+
+// Access variables
+const dbUrl = process.env.DATABASE_URL;
+const apiKey = process.env.API_KEY;
+
+// Type-safe config
+interface Config {
+  database: {
+    url: string;
+  };
+  api: {
+    key: string;
+  };
+}
+
+const config: Config = {
+  database: {
+    url: process.env.DATABASE_URL!
+  },
+  api: {
+    key: process.env.API_KEY!
+  }
+};
+
+export default config;
+```
+
+## GitHub Secrets
+
+```yaml
+# .github/workflows/deploy.yml
+name: Deploy
+on: [push]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Deploy
+        env:
+          DATABASE_URL: ${{ secrets.DATABASE_URL }}
+          API_KEY: ${{ secrets.API_KEY }}
+        run: npm run deploy
+```
+
+## Best Practices
+
+✅ **Never commit secrets** - Use .gitignore
+✅ **Rotate regularly** - Change keys periodically
+✅ **Least privilege** - Grant minimal access
+✅ **Audit access** - Log who accessed what
+✅ **Separate by environment** - Dev, staging, prod keys
+
+## Resources
+
+- [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/)
+- [HashiCorp Vault](https://www.vaultproject.io/)
+- [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets)

package/kit/.claude/skills/devops-terraform.md

@@ -0,0 +1,226 @@
+# Terraform Infrastructure-as-Code
+
+Declarative infrastructure provisioning across cloud providers.
+
+## Setup
+
+```bash
+brew install terraform
+terraform version
+```
+
+## AWS Example
+
+```hcl
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-east-1"
+}
+
+# VPC
+resource "aws_vpc" "main" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+
+  tags = {
+    Name = "main-vpc"
+  }
+}
+
+# Subnet
+resource "aws_subnet" "main" {
+  vpc_id            = aws_vpc.main.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+
+  tags = {
+    Name = "main-subnet"
+  }
+}
+
+# Security Group
+resource "aws_security_group" "app" {
+  vpc_id = aws_vpc.main.id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+# EC2 Instance
+resource "aws_instance" "app" {
+  ami                    = "ami-0c55b159cbfafe1f0"
+  instance_type          = "t3.micro"
+  subnet_id              = aws_subnet.main.id
+  vpc_security_group_ids = [aws_security_group.app.id]
+
+  tags = {
+    Name = "app-server"
+  }
+}
+
+# RDS Database
+resource "aws_db_instance" "postgres" {
+  identifier     = "my-postgres-db"
+  engine         = "postgres"
+  engine_version = "14.7"
+  instance_class = "db.t3.micro"
+
+  db_name  = "myapp"
+  username = "admin"
+  password = var.db_password
+
+  allocated_storage = 20
+  skip_final_snapshot = true
+
+  vpc_security_group_ids = [aws_security_group.app.id]
+}
+
+# Outputs
+output "instance_public_ip" {
+  value = aws_instance.app.public_ip
+}
+
+output "database_endpoint" {
+  value = aws_db_instance.postgres.endpoint
+}
+```
+
+## Variables
+
+```hcl
+# variables.tf
+variable "region" {
+  description = "AWS region"
+  type        = string
+  default     = "us-east-1"
+}
+
+variable "environment" {
+  description = "Environment name"
+  type        = string
+  validation {
+    condition     = contains(["dev", "staging", "prod"], var.environment)
+    error_message = "Environment must be dev, staging, or prod."
+  }
+}
+
+variable "db_password" {
+  description = "Database password"
+  type        = string
+  sensitive   = true
+}
+
+variable "instance_count" {
+  description = "Number of instances"
+  type        = number
+  default     = 1
+}
+
+variable "tags" {
+  description = "Common tags"
+  type        = map(string)
+  default = {
+    Terraform   = "true"
+    Environment = "production"
+  }
+}
+```
+
+## Modules
+
+```hcl
+# main.tf
+module "networking" {
+  source = "./modules/networking"
+
+  vpc_cidr       = "10.0.0.0/16"
+  subnet_cidrs   = ["10.0.1.0/24", "10.0.2.0/24"]
+  environment    = var.environment
+}
+
+module "database" {
+  source = "./modules/database"
+
+  engine              = "postgres"
+  instance_class      = "db.t3.micro"
+  allocated_storage   = 20
+  db_name             = "myapp"
+  db_password         = var.db_password
+  security_group_id   = module.networking.security_group_id
+}
+```
+
+## State Management
+
+```bash
+# Initialize Terraform
+terraform init
+
+# Plan changes
+terraform plan -var-file="prod.tfvars"
+
+# Apply changes
+terraform apply -var-file="prod.tfvars" -auto-approve
+
+# Destroy resources
+terraform destroy -var-file="prod.tfvars"
+
+# View state
+terraform state show aws_instance.app
+terraform state list
+```
+
+## Remote State
+
+```hcl
+# backend.tf
+terraform {
+  backend "s3" {
+    bucket         = "my-terraform-state"
+    key            = "prod/terraform.tfstate"
+    region         = "us-east-1"
+    encrypt        = true
+    dynamodb_table = "terraform-locks"
+  }
+}
+```
+
+## Best Practices
+
+✅ **Use modules** - Organize code logically
+✅ **Version state** - Store in remote backends
+✅ **Use variables** - Separate config from code
+✅ **Plan before apply** - Review changes
+✅ **Lock state** - Prevent concurrent modifications
+
+## Resources
+
+- [Terraform Documentation](https://www.terraform.io/docs)
+- [AWS Provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs)
+- [Registry](https://registry.terraform.io/)