natureco-cli 5.18.3 → 5.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/skills/airunway-aks-setup/SKILL.md +73 -0
- package/skills/algorithmic-art/SKILL.md +405 -0
- package/skills/appinsights-instrumentation/SKILL.md +76 -0
- package/skills/azure-ai/SKILL.md +71 -0
- package/skills/azure-aigateway/SKILL.md +129 -0
- package/skills/azure-cloud-migrate/SKILL.md +52 -0
- package/skills/azure-compliance/SKILL.md +108 -0
- package/skills/azure-compute/SKILL.md +46 -0
- package/skills/azure-cost/SKILL.md +45 -0
- package/skills/azure-deploy/SKILL.md +97 -0
- package/skills/azure-diagnostics/SKILL.md +151 -0
- package/skills/azure-enterprise-infra-planner/SKILL.md +54 -0
- package/skills/azure-hosted-copilot-sdk/SKILL.md +89 -0
- package/skills/azure-kubernetes/SKILL.md +153 -0
- package/skills/azure-kusto/SKILL.md +231 -0
- package/skills/azure-messaging/SKILL.md +57 -0
- package/skills/azure-prepare/SKILL.md +165 -0
- package/skills/azure-quotas/SKILL.md +276 -0
- package/skills/azure-rbac/SKILL.md +17 -0
- package/skills/azure-reliability/SKILL.md +387 -0
- package/skills/azure-resource-lookup/SKILL.md +108 -0
- package/skills/azure-resource-visualizer/SKILL.md +183 -0
- package/skills/azure-storage/SKILL.md +100 -0
- package/skills/azure-upgrade/SKILL.md +91 -0
- package/skills/azure-validate/SKILL.md +72 -0
- package/skills/brainstorming/SKILL.md +159 -0
- package/skills/brand-guidelines/SKILL.md +73 -0
- package/skills/brandkit/SKILL.md +798 -0
- package/skills/brutalist-skill/SKILL.md +92 -0
- package/skills/canvas-design/SKILL.md +130 -0
- package/skills/cavecrew/SKILL.md +82 -0
- package/skills/caveman-commit/SKILL.md +65 -0
- package/skills/caveman-help/SKILL.md +63 -0
- package/skills/caveman-review/SKILL.md +55 -0
- package/skills/caveman-stats/SKILL.md +10 -0
- package/skills/claude-api/SKILL.md +356 -0
- package/skills/composition-patterns/SKILL.md +89 -0
- package/skills/decision-mapping/SKILL.md +84 -0
- package/skills/deploy-to-vercel/SKILL.md +296 -0
- package/skills/design-an-interface/SKILL.md +94 -0
- package/skills/design-doc-mermaid/SKILL.md +498 -0
- package/skills/develop-userscripts/SKILL.md +84 -0
- package/skills/doc-coauthoring/SKILL.md +375 -0
- package/skills/documentation/SKILL.md +109 -0
- package/skills/docx/SKILL.md +590 -0
- package/skills/edit-article/SKILL.md +15 -0
- package/skills/entra-agent-id/SKILL.md +356 -0
- package/skills/entra-app-registration/SKILL.md +191 -0
- package/skills/faceless-explainer/SKILL.md +202 -0
- package/skills/fastify/SKILL.md +75 -0
- package/skills/general-video/SKILL.md +143 -0
- package/skills/git-guardrails-claude-code/SKILL.md +95 -0
- package/skills/github-actions-docs/SKILL.md +98 -0
- package/skills/gpt-tasteskill/SKILL.md +74 -0
- package/skills/grill-me/SKILL.md +7 -0
- package/skills/grilling/SKILL.md +10 -0
- package/skills/handoff/SKILL.md +16 -0
- package/skills/hyperframes/SKILL.md +152 -0
- package/skills/hyperframes-animation/SKILL.md +82 -0
- package/skills/hyperframes-cli/SKILL.md +109 -0
- package/skills/hyperframes-core/SKILL.md +78 -0
- package/skills/hyperframes-creative/SKILL.md +68 -0
- package/skills/hyperframes-media/SKILL.md +97 -0
- package/skills/image-to-code-skill/SKILL.md +1228 -0
- package/skills/imagegen-frontend-mobile/SKILL.md +1465 -0
- package/skills/imagegen-frontend-web/SKILL.md +987 -0
- package/skills/implement/SKILL.md +15 -0
- package/skills/init/SKILL.md +91 -0
- package/skills/internal-comms/SKILL.md +32 -0
- package/skills/lark-approval/SKILL.md +56 -0
- package/skills/lark-base/SKILL.md +157 -0
- package/skills/lark-doc/SKILL.md +81 -0
- package/skills/lark-shared/SKILL.md +168 -0
- package/skills/lark-workflow-meeting-summary/SKILL.md +122 -0
- package/skills/linting-neostandard-eslint9/SKILL.md +64 -0
- package/skills/loop-me/SKILL.md +32 -0
- package/skills/microsoft-foundry/SKILL.md +262 -0
- package/skills/migrate-to-shoehorn/SKILL.md +118 -0
- package/skills/minimalist-skill/SKILL.md +85 -0
- package/skills/motion-graphics/SKILL.md +170 -0
- package/skills/music-to-video/SKILL.md +197 -0
- package/skills/node/SKILL.md +94 -0
- package/skills/nodejs-core/SKILL.md +156 -0
- package/skills/oauth/SKILL.md +186 -0
- package/skills/obsidian-vault/SKILL.md +59 -0
- package/skills/octocat/SKILL.md +93 -0
- package/skills/openclaw-secure-linux-cloud/SKILL.md +157 -0
- package/skills/opensource-guide-coach/SKILL.md +218 -0
- package/skills/output-skill/SKILL.md +49 -0
- package/skills/pdf/SKILL.md +314 -0
- package/skills/pptx/SKILL.md +232 -0
- package/skills/pr-to-video/SKILL.md +235 -0
- package/skills/product-launch-video/SKILL.md +205 -0
- package/skills/python-appservice-deploy/SKILL.md +36 -0
- package/skills/qa/SKILL.md +130 -0
- package/skills/react-best-practices/SKILL.md +149 -0
- package/skills/react-native-skills/SKILL.md +121 -0
- package/skills/react-view-transitions/SKILL.md +320 -0
- package/skills/readme-i18n/SKILL.md +176 -0
- package/skills/redesign-skill/SKILL.md +178 -0
- package/skills/remotion/SKILL.md +364 -0
- package/skills/request-refactor-plan/SKILL.md +68 -0
- package/skills/resolving-merge-conflicts/SKILL.md +14 -0
- package/skills/running-claude-code-via-litellm-copilot/SKILL.md +263 -0
- package/skills/scaffold-exercises/SKILL.md +106 -0
- package/skills/secure-linux-web-hosting/SKILL.md +162 -0
- package/skills/setup-pre-commit/SKILL.md +91 -0
- package/skills/shadcn/SKILL.md +267 -0
- package/skills/simple/SKILL.md +52 -0
- package/skills/skill-creator/SKILL.md +485 -0
- package/skills/skill-optimizer/SKILL.md +47 -0
- package/skills/skills-cli/SKILL.md +281 -0
- package/skills/slack-gif-creator/SKILL.md +254 -0
- package/skills/snipgrapher/SKILL.md +58 -0
- package/skills/soft-skill/SKILL.md +98 -0
- package/skills/stitch-skill/SKILL.md +184 -0
- package/skills/supabase/SKILL.md +135 -0
- package/skills/supabase-postgres-best-practices/SKILL.md +64 -0
- package/skills/systematic-debugging/SKILL.md +296 -0
- package/skills/talking-head-recut/SKILL.md +1191 -0
- package/skills/taste-skill/SKILL.md +1206 -0
- package/skills/taste-skill-v1/SKILL.md +226 -0
- package/skills/tdd/SKILL.md +108 -0
- package/skills/teach/SKILL.md +140 -0
- package/skills/test-driven-development/SKILL.md +371 -0
- package/skills/theme-factory/SKILL.md +59 -0
- package/skills/to-prd/SKILL.md +75 -0
- package/skills/typescript-magician/SKILL.md +117 -0
- package/skills/tzst/SKILL.md +68 -0
- package/skills/ubiquitous-language/SKILL.md +93 -0
- package/skills/use-my-browser/SKILL.md +110 -0
- package/skills/using-superpowers/SKILL.md +121 -0
- package/skills/vercel-cli-with-tokens/SKILL.md +353 -0
- package/skills/vercel-optimize/SKILL.md +322 -0
- package/skills/viral-instagram-reels/SKILL.md +180 -0
- package/skills/viral-short-form/SKILL.md +147 -0
- package/skills/viral-short-form-ideas/SKILL.md +184 -0
- package/skills/viral-tiktok-content/SKILL.md +180 -0
- package/skills/web-artifacts-builder/SKILL.md +74 -0
- package/skills/web-design-guidelines/SKILL.md +39 -0
- package/skills/webapp-testing/SKILL.md +96 -0
- package/skills/website-to-video/SKILL.md +145 -0
- package/skills/writing-beats/SKILL.md +67 -0
- package/skills/writing-fragments/SKILL.md +79 -0
- package/skills/writing-great-skills/SKILL.md +82 -0
- package/skills/writing-guidelines/SKILL.md +39 -0
- package/skills/writing-plans/SKILL.md +174 -0
- package/skills/writing-shape/SKILL.md +79 -0
- package/skills/xdrop/SKILL.md +78 -0
- package/skills/xget/SKILL.md +87 -0
- package/skills/xlsx/SKILL.md +292 -0
- package/src/tools/skills_download.js +217 -0
- package/src/utils/tools.js +2 -2
|
@@ -0,0 +1,129 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: azure-aigateway
|
|
3
|
+
description: "Configure Azure API Management as an AI Gateway for AI models, MCP tools, and agents. WHEN: semantic caching, token limit, content safety, load balancing, AI model governance, MCP rate limiting, jailbreak detection, add Azure OpenAI backend, add AI Foundry model, test AI gateway, LLM policies, configure AI backend, token metrics, AI cost control, convert API to MCP, import OpenAPI to gateway."
|
|
4
|
+
license: MIT
|
|
5
|
+
metadata:
|
|
6
|
+
author: Microsoft
|
|
7
|
+
version: "3.1.1"
|
|
8
|
+
compatibility: Requires Azure CLI (az) for configuration and testing
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# Azure AI Gateway
|
|
12
|
+
|
|
13
|
+
Configure Azure API Management (APIM) as an AI Gateway for governing AI models, MCP tools, and agents.
|
|
14
|
+
|
|
15
|
+
> **To deploy APIM**, use the **azure-prepare** skill. See [APIM deployment guide](https://learn.microsoft.com/azure/api-management/get-started-create-service-instance).
|
|
16
|
+
|
|
17
|
+
## When to Use This Skill
|
|
18
|
+
|
|
19
|
+
| Category | Triggers |
|
|
20
|
+
|----------|----------|
|
|
21
|
+
| **Model Governance** | "semantic caching", "token limits", "load balance AI", "track token usage" |
|
|
22
|
+
| **Tool Governance** | "rate limit MCP", "protect my tools", "configure my tool", "convert API to MCP" |
|
|
23
|
+
| **Agent Governance** | "content safety", "jailbreak detection", "filter harmful content" |
|
|
24
|
+
| **Configuration** | "add Azure OpenAI backend", "configure my model", "add AI Foundry model" |
|
|
25
|
+
| **Testing** | "test AI gateway", "call OpenAI through gateway" |
|
|
26
|
+
|
|
27
|
+
---
|
|
28
|
+
|
|
29
|
+
## Quick Reference
|
|
30
|
+
|
|
31
|
+
| Policy | Purpose | Details |
|
|
32
|
+
|--------|---------|---------|
|
|
33
|
+
| `azure-openai-token-limit` | Cost control | [Model Policies](references/policies.md#token-rate-limiting) |
|
|
34
|
+
| `azure-openai-semantic-cache-lookup/store` | 60-80% cost savings | [Model Policies](references/policies.md#semantic-caching) |
|
|
35
|
+
| `azure-openai-emit-token-metric` | Observability | [Model Policies](references/policies.md#token-metrics) |
|
|
36
|
+
| `llm-content-safety` | Safety & compliance | [Agent Policies](references/policies.md#content-safety) |
|
|
37
|
+
| `rate-limit-by-key` | MCP/tool protection | [Tool Policies](references/policies.md#request-rate-limiting) |
|
|
38
|
+
|
|
39
|
+
---
|
|
40
|
+
|
|
41
|
+
## Get Gateway Details
|
|
42
|
+
|
|
43
|
+
```bash
|
|
44
|
+
# Get gateway URL
|
|
45
|
+
az apim show --name <apim-name> --resource-group <rg> --query "gatewayUrl" -o tsv
|
|
46
|
+
|
|
47
|
+
# List backends (AI models)
|
|
48
|
+
az apim backend list --service-name <apim-name> --resource-group <rg> \
|
|
49
|
+
--query "[].{id:name, url:url}" -o table
|
|
50
|
+
|
|
51
|
+
# Get subscription key
|
|
52
|
+
az apim subscription keys list \
|
|
53
|
+
--service-name <apim-name> --resource-group <rg> --subscription-id <sub-id>
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
---
|
|
57
|
+
|
|
58
|
+
## Test AI Endpoint
|
|
59
|
+
|
|
60
|
+
```bash
|
|
61
|
+
GATEWAY_URL=$(az apim show --name <apim-name> --resource-group <rg> --query "gatewayUrl" -o tsv)
|
|
62
|
+
|
|
63
|
+
curl -X POST "${GATEWAY_URL}/openai/deployments/<deployment>/chat/completions?api-version=2024-02-01" \
|
|
64
|
+
-H "Content-Type: application/json" \
|
|
65
|
+
-H "Ocp-Apim-Subscription-Key: <key>" \
|
|
66
|
+
-d '{"messages": [{"role": "user", "content": "Hello"}], "max_tokens": 100}'
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
---
|
|
70
|
+
|
|
71
|
+
## Common Tasks
|
|
72
|
+
|
|
73
|
+
### Add AI Backend
|
|
74
|
+
|
|
75
|
+
See [references/patterns.md](references/patterns.md#pattern-1-add-ai-model-backend) for full steps.
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
# Discover AI resources
|
|
79
|
+
az cognitiveservices account list --query "[?kind=='OpenAI']" -o table
|
|
80
|
+
|
|
81
|
+
# Create backend
|
|
82
|
+
az apim backend create --service-name <apim> --resource-group <rg> \
|
|
83
|
+
--backend-id openai-backend --protocol http --url "https://<aoai>.openai.azure.com/openai"
|
|
84
|
+
|
|
85
|
+
# Grant access (managed identity)
|
|
86
|
+
az role assignment create --assignee <apim-principal-id> \
|
|
87
|
+
--role "Cognitive Services User" --scope <aoai-resource-id>
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
### Apply AI Governance Policy
|
|
91
|
+
|
|
92
|
+
Recommended policy order in `<inbound>`:
|
|
93
|
+
|
|
94
|
+
1. **Authentication** - Managed identity to backend
|
|
95
|
+
2. **Semantic Cache Lookup** - Check cache before calling AI
|
|
96
|
+
3. **Token Limits** - Cost control
|
|
97
|
+
4. **Content Safety** - Filter harmful content
|
|
98
|
+
5. **Backend Selection** - Load balancing
|
|
99
|
+
6. **Metrics** - Token usage tracking
|
|
100
|
+
|
|
101
|
+
See [references/policies.md](references/policies.md#combining-policies) for complete example.
|
|
102
|
+
|
|
103
|
+
---
|
|
104
|
+
|
|
105
|
+
## Troubleshooting
|
|
106
|
+
|
|
107
|
+
| Issue | Solution |
|
|
108
|
+
|-------|----------|
|
|
109
|
+
| Token limit 429 | Increase `tokens-per-minute` or add load balancing |
|
|
110
|
+
| No cache hits | Lower `score-threshold` to 0.7 |
|
|
111
|
+
| Content false positives | Increase category thresholds (5-6) |
|
|
112
|
+
| Backend auth 401 | Grant APIM "Cognitive Services User" role |
|
|
113
|
+
|
|
114
|
+
See [references/troubleshooting.md](references/troubleshooting.md) for details.
|
|
115
|
+
|
|
116
|
+
---
|
|
117
|
+
|
|
118
|
+
## References
|
|
119
|
+
|
|
120
|
+
- [**Detailed Policies**](references/policies.md) - Full policy examples
|
|
121
|
+
- [**Configuration Patterns**](references/patterns.md) - Step-by-step patterns
|
|
122
|
+
- [**Troubleshooting**](references/troubleshooting.md) - Common issues
|
|
123
|
+
- [AI-Gateway Samples](https://github.com/Azure-Samples/AI-Gateway)
|
|
124
|
+
- [GenAI Gateway Docs](https://learn.microsoft.com/azure/api-management/genai-gateway-capabilities)
|
|
125
|
+
|
|
126
|
+
## SDK Quick References
|
|
127
|
+
|
|
128
|
+
- **Content Safety**: [Python](references/sdk/azure-ai-contentsafety-py.md) | [TypeScript](references/sdk/azure-ai-contentsafety-ts.md)
|
|
129
|
+
- **API Management**: [Python](references/sdk/azure-mgmt-apimanagement-py.md) | [.NET](references/sdk/azure-mgmt-apimanagement-dotnet.md)
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: azure-cloud-migrate
|
|
3
|
+
description: "Assess and migrate cross-cloud workloads to Azure with reports and code conversion. Supports Lambda→Functions, Beanstalk/Heroku/App Engine→App Service, Fargate/Kubernetes/Cloud Run/Spring Boot→Container Apps. WHEN: migrate Lambda to Functions, AWS to Azure, migrate Beanstalk, migrate Heroku, migrate App Engine, Cloud Run migration, Fargate to ACA, ECS/Kubernetes/GKE/EKS to Container Apps, Spring Boot to Container Apps, cross-cloud migration."
|
|
4
|
+
license: MIT
|
|
5
|
+
metadata:
|
|
6
|
+
author: Microsoft
|
|
7
|
+
version: "1.2.1"
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Azure Cloud Migrate
|
|
11
|
+
|
|
12
|
+
> This skill handles **assessment and code migration** of existing cloud workloads to Azure.
|
|
13
|
+
|
|
14
|
+
## Rules
|
|
15
|
+
|
|
16
|
+
1. Follow phases sequentially — do not skip
|
|
17
|
+
2. Generate assessment before any code migration
|
|
18
|
+
3. Load the scenario reference and follow its rules
|
|
19
|
+
4. Use `mcp_azure_mcp_get_azure_bestpractices` and `mcp_azure_mcp_documentation` MCP tools
|
|
20
|
+
5. Use the latest supported runtime for the target service
|
|
21
|
+
6. Destructive actions require `ask_user` — [functions global-rules](references/services/functions/global-rules.md) | [app-service global-rules](references/services/app-service/global-rules.md)
|
|
22
|
+
7. **Report progress to user** — During long-running operations (deployments, image pushes), provide resource-level status updates so the user is never left waiting without feedback — see [workflow-details.md](references/workflow-details.md)
|
|
23
|
+
8. **Audit service discovery in app code** — Kubernetes DNS names (e.g., `http://order-service:3001`) do not resolve in Container Apps. During assessment, scan source code for hardcoded hostnames/ports in HTTP clients and flag them for env-var-driven URL injection
|
|
24
|
+
|
|
25
|
+
## Migration Scenarios
|
|
26
|
+
|
|
27
|
+
| Source | Target | Reference |
|
|
28
|
+
|--------|--------|-----------|
|
|
29
|
+
| AWS Lambda | Azure Functions | [lambda-to-functions.md](references/services/functions/lambda-to-functions.md) ([assessment](references/services/functions/assessment.md), [code-migration](references/services/functions/code-migration.md)) |
|
|
30
|
+
| AWS Elastic Beanstalk | Azure App Service | [beanstalk-to-app-service.md](references/services/app-service/beanstalk-to-app-service.md) |
|
|
31
|
+
| Heroku | Azure App Service | [heroku-to-app-service.md](references/services/app-service/heroku-to-app-service.md) |
|
|
32
|
+
| Google App Engine | Azure App Service | [app-engine-to-app-service.md](references/services/app-service/app-engine-to-app-service.md) |
|
|
33
|
+
| AWS Fargate (ECS) | Azure Container Apps | [fargate-to-container-apps.md](references/services/container-apps/fargate-to-container-apps.md) ([assessment](references/services/container-apps/fargate-assessment-guide.md), [deployment](references/services/container-apps/fargate-deployment-guide.md)) |
|
|
34
|
+
| Kubernetes (GKE/EKS/Self-hosted) | Azure Container Apps | [k8s-to-container-apps.md](references/services/container-apps/k8s-to-container-apps.md) |
|
|
35
|
+
| GCP Cloud Run | Azure Container Apps | [cloudrun-to-container-apps.md](references/services/container-apps/cloudrun-to-container-apps.md) |
|
|
36
|
+
| Spring Boot (Azure Spring Apps/VMs) | Azure Container Apps | [spring-apps-to-aca.md](references/services/container-apps/spring-apps-to-aca.md) |
|
|
37
|
+
|
|
38
|
+
> No matching scenario? Use `mcp_azure_mcp_documentation` and `mcp_azure_mcp_get_azure_bestpractices` tools.
|
|
39
|
+
|
|
40
|
+
## Output Directory
|
|
41
|
+
|
|
42
|
+
All output goes to `<workspace-root-basename>-azure/` at workspace root, where `<workspace-root-basename>` is the name of the top-level workspace directory itself (NOT a subdirectory within it). Never modify the source directory.
|
|
43
|
+
|
|
44
|
+
## Steps
|
|
45
|
+
|
|
46
|
+
1. **Create** `<workspace-root-basename>-azure/` at workspace root
|
|
47
|
+
2. **Assess** — Analyze source, map services, generate report using the scenario-specific assessment guide → [functions assessment](references/services/functions/assessment.md) | [app-service assessment](references/services/app-service/assessment.md)
|
|
48
|
+
3. **Migrate** — Convert code/config using the scenario-specific migration guide → [functions code-migration](references/services/functions/code-migration.md) | [app-service code-migration](references/services/app-service/code-migration.md)
|
|
49
|
+
4. **Ask User** — "Migration complete. Test locally or deploy to Azure?"
|
|
50
|
+
5. **Hand off** to azure-prepare for infrastructure, testing, and deployment
|
|
51
|
+
|
|
52
|
+
Track progress in `migration-status.md` — see [workflow-details.md](references/workflow-details.md).
|
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: azure-compliance
|
|
3
|
+
description: "Run Azure compliance and security audits with azqr plus Key Vault expiration checks. Covers best-practice assessment, resource review, policy/compliance validation, and security posture checks. WHEN: compliance scan, security audit, BEFORE running azqr (compliance cli tool), Azure best practices, Key Vault expiration check, expired certificates, expiring secrets, orphaned resources, compliance assessment."
|
|
4
|
+
license: MIT
|
|
5
|
+
metadata:
|
|
6
|
+
author: Microsoft
|
|
7
|
+
version: "1.1.1"
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Azure Compliance & Security Auditing
|
|
11
|
+
|
|
12
|
+
## Quick Reference
|
|
13
|
+
|
|
14
|
+
| Property | Details |
|
|
15
|
+
|---|---|
|
|
16
|
+
| Best for | Compliance scans, security audits, Key Vault expiration checks |
|
|
17
|
+
| Primary capabilities | Comprehensive Resources Assessment, Key Vault Expiration Monitoring |
|
|
18
|
+
| MCP tools | azqr, subscription and resource group listing, Key Vault item inspection |
|
|
19
|
+
|
|
20
|
+
## When to Use This Skill
|
|
21
|
+
|
|
22
|
+
- Run azqr or Azure Quick Review for compliance assessment
|
|
23
|
+
- Validate Azure resource configuration against best practices
|
|
24
|
+
- Identify orphaned or misconfigured resources
|
|
25
|
+
- Audit Key Vault keys, secrets, and certificates for expiration
|
|
26
|
+
|
|
27
|
+
## Skill Activation Triggers
|
|
28
|
+
|
|
29
|
+
Activate this skill when user wants to:
|
|
30
|
+
- Check Azure compliance or best practices
|
|
31
|
+
- Assess Azure resources for configuration issues
|
|
32
|
+
- Run azqr or Azure Quick Review
|
|
33
|
+
- Identify orphaned or misconfigured resources
|
|
34
|
+
- Review Azure security posture
|
|
35
|
+
- "Show me expired certificates/keys/secrets in my Key Vault"
|
|
36
|
+
- "Check what's expiring in the next 30 days"
|
|
37
|
+
- "Audit my Key Vault for compliance"
|
|
38
|
+
- "Find secrets without expiration dates"
|
|
39
|
+
- "Check certificate expiration dates"
|
|
40
|
+
|
|
41
|
+
## Prerequisites
|
|
42
|
+
|
|
43
|
+
- Authentication: user is logged in to Azure via `az login`
|
|
44
|
+
- Permissions to read resource configuration and Key Vault metadata
|
|
45
|
+
|
|
46
|
+
## Assessments
|
|
47
|
+
|
|
48
|
+
| Assessment | Reference |
|
|
49
|
+
|------------|-----------|
|
|
50
|
+
| Comprehensive Compliance (azqr) | [references/azure-quick-review.md](references/azure-quick-review.md) |
|
|
51
|
+
| Key Vault Expiration | [references/azure-keyvault-expiration-audit.md](references/azure-keyvault-expiration-audit.md) |
|
|
52
|
+
| Resource Graph Queries | [references/azure-resource-graph.md](references/azure-resource-graph.md) |
|
|
53
|
+
|
|
54
|
+
## MCP Tools
|
|
55
|
+
|
|
56
|
+
| Tool | Purpose |
|
|
57
|
+
|------|---------|
|
|
58
|
+
| `mcp_azure_mcp_extension_azqr` | Run azqr compliance scans |
|
|
59
|
+
| `mcp_azure_mcp_subscription_list` | List available subscriptions |
|
|
60
|
+
| `mcp_azure_mcp_group_list` | List resource groups |
|
|
61
|
+
| `keyvault_key_list` | List all keys in vault |
|
|
62
|
+
| `keyvault_key_get` | Get key details including expiration |
|
|
63
|
+
| `keyvault_secret_list` | List all secrets in vault |
|
|
64
|
+
| `keyvault_secret_get` | Get secret details including expiration |
|
|
65
|
+
| `keyvault_certificate_list` | List all certificates in vault |
|
|
66
|
+
| `keyvault_certificate_get` | Get certificate details including expiration |
|
|
67
|
+
|
|
68
|
+
## Assessment Workflow
|
|
69
|
+
|
|
70
|
+
1. Select scope (subscription or resource group) for Comprehensive Resources Assessment.
|
|
71
|
+
2. Run azqr and capture output artifacts.
|
|
72
|
+
3. Analyze Scan Results and summarize findings and recommendations.
|
|
73
|
+
4. Review Key Vault Expiration Monitoring output for keys, secrets, and certificates.
|
|
74
|
+
5. Classify issues and propose remediation or fix steps for each finding.
|
|
75
|
+
|
|
76
|
+
### Priority Classification
|
|
77
|
+
|
|
78
|
+
| Priority | Guidance |
|
|
79
|
+
|---|---|
|
|
80
|
+
| Critical | Immediate remediation required for high-impact exposure |
|
|
81
|
+
| High | Resolve within days to reduce risk |
|
|
82
|
+
| Medium | Plan a resolution in the next sprint |
|
|
83
|
+
| Low | Track and fix during regular maintenance |
|
|
84
|
+
|
|
85
|
+
## Error Handling
|
|
86
|
+
|
|
87
|
+
| Error | Message | Remediation |
|
|
88
|
+
|---|---|---|
|
|
89
|
+
| Authentication required | "Please login" | Run `az login` and retry |
|
|
90
|
+
| Access denied | "Forbidden" | Confirm permissions and fix role assignments |
|
|
91
|
+
| Missing resource | "Not found" | Verify subscription and resource group selection |
|
|
92
|
+
|
|
93
|
+
## Best Practices
|
|
94
|
+
|
|
95
|
+
- Run compliance scans on a regular schedule (weekly or monthly)
|
|
96
|
+
- Track findings over time and verify remediation effectiveness
|
|
97
|
+
- Separate compliance reporting from remediation execution
|
|
98
|
+
- Keep Key Vault expiration policies documented and enforced
|
|
99
|
+
|
|
100
|
+
## SDK Quick References
|
|
101
|
+
|
|
102
|
+
For programmatic Key Vault access, see the condensed SDK guides:
|
|
103
|
+
|
|
104
|
+
- **Key Vault (Python)**: [Secrets/Keys/Certs](references/sdk/azure-keyvault-py.md)
|
|
105
|
+
- **Secrets**: [TypeScript](references/sdk/azure-keyvault-secrets-ts.md) | [Rust](references/sdk/azure-keyvault-secrets-rust.md) | [Java](references/sdk/azure-security-keyvault-secrets-java.md)
|
|
106
|
+
- **Keys**: [.NET](references/sdk/azure-security-keyvault-keys-dotnet.md) | [Java](references/sdk/azure-security-keyvault-keys-java.md) | [TypeScript](references/sdk/azure-keyvault-keys-ts.md) | [Rust](references/sdk/azure-keyvault-keys-rust.md)
|
|
107
|
+
- **Certificates**: [Rust](references/sdk/azure-keyvault-certificates-rust.md)
|
|
108
|
+
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: azure-compute
|
|
3
|
+
description: "Azure VM/VMSS router. WHEN: create / provision / deploy / spin-up VM, recommend VM size, compare VM pricing, VMSS, scale set, autoscale, burstable, lightweight server, website, backend, GPU, machine learning, HPC simulation, dev/test, workload, family, load balancer, Flexible orchestration, Uniform orchestration, cost estimate, can't connect / RDP / SSH, refused, black screen, reset password, reach VM, port 3389, NSG, security, Linux, troubleshoot, troubleshooting, connectivity, capacity reservation (CRG), reserve, guarantee capacity, pre-provision, CRG association, CRG disassociation, machine enrollment (EMM), Essential Machine Management, monitor. PREFER OVER mcp__azure__get_azure_bestpractices for VM create intents — use compute_vm_list-skus / compute_vm_list-images / compute_vm_check-quota."
|
|
4
|
+
license: MIT
|
|
5
|
+
metadata:
|
|
6
|
+
author: Microsoft
|
|
7
|
+
version: "2.4.3"
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Azure Compute Skill
|
|
11
|
+
|
|
12
|
+
Routes Azure VM and Virtual Machine Scale Set (VMSS) requests to the right workflow.
|
|
13
|
+
|
|
14
|
+
## When to Use This Skill
|
|
15
|
+
|
|
16
|
+
- User wants to **recommend, compare, or price** a VM or VMSS
|
|
17
|
+
- User wants to **create, provision, or deploy** a VM or VMSS
|
|
18
|
+
- User **can't connect** to a VM (RDP / SSH / port refused / black screen / password reset)
|
|
19
|
+
- User asks about **Capacity Reservation Groups** (CRG) — reserve, guarantee capacity, pre-provision
|
|
20
|
+
- User asks about **Essential Machine Management** (EMM) — machine enrollment, monitor
|
|
21
|
+
|
|
22
|
+
**Disambiguate with `azure-prepare`:** if the user wants to deploy an **application** (Docker service, web app, API, serverless workload), route to `azure-prepare`. `vm-creator` is for **bare VM/VMSS infrastructure** only.
|
|
23
|
+
|
|
24
|
+
## Routing
|
|
25
|
+
|
|
26
|
+
```
|
|
27
|
+
Azure compute intent?
|
|
28
|
+
├── Recommend / compare / price a VM or VMSS → VM Recommender
|
|
29
|
+
├── Create / provision / deploy a VM or VMSS → VM Creator
|
|
30
|
+
├── Can't connect / RDP / SSH / port refused → VM Troubleshooter
|
|
31
|
+
├── Reserve / guarantee capacity (CRG) → Capacity Reservation
|
|
32
|
+
├── Machine enrollment / Essential Machine Management → Essential Machine Management
|
|
33
|
+
└── Unclear → Ask which of the above
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
**Routing rule:** read the matched workflow file before any reference file. The workflow owns the step-by-step guidance; references are looked up on demand.
|
|
37
|
+
|
|
38
|
+
## Workflows
|
|
39
|
+
|
|
40
|
+
| Workflow | File | Use when |
|
|
41
|
+
|---|---|---|
|
|
42
|
+
| **VM Recommender** | [vm-recommender.md](workflows/vm-recommender/vm-recommender.md) | User asks which VM/VMSS to choose, wants pricing, or wants to compare options |
|
|
43
|
+
| **VM Creator** | [vm-creator.md](workflows/vm-creator/vm-creator.md) | User wants to provision a bare VM or VMSS (not an app deployment) |
|
|
44
|
+
| **VM Troubleshooter** | [vm-troubleshooter.md](workflows/vm-troubleshooter/vm-troubleshooter.md) | User can't connect, RDP/SSH refused, black screen, needs password reset |
|
|
45
|
+
| **Capacity Reservation** | [capacity-reservation.md](workflows/capacity-reservation/capacity-reservation.md) | User needs to reserve / guarantee VM capacity (CRG create / associate / disassociate) |
|
|
46
|
+
| **Essential Machine Management** | [essential-machine-management.md](workflows/essential-machine-management/essential-machine-management.md) | User asks about EMM / machine enrollment / monitor |
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: azure-cost
|
|
3
|
+
description: "Azure cost management: query costs, forecast spending, optimize to reduce waste. WHEN: \"Azure costs\", \"Azure bill\", \"cost breakdown\", \"how much am I spending\", \"forecast spending\", \"optimize costs\", \"reduce spending\", \"orphaned resources\", \"rightsize VMs\", \"cost spike\", \"reduce storage costs\", \"AKS cost\". DO NOT USE FOR: deploying resources, provisioning, diagnostics, or security audits."
|
|
4
|
+
license: MIT
|
|
5
|
+
metadata:
|
|
6
|
+
author: Microsoft
|
|
7
|
+
version: "1.2.2"
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Azure Cost Management Skill
|
|
11
|
+
|
|
12
|
+
Query historical costs, forecast future spending, optimize to reduce waste.
|
|
13
|
+
|
|
14
|
+
## Routing
|
|
15
|
+
|
|
16
|
+
| User Intent | Workflow |
|
|
17
|
+
|-------------|----------|
|
|
18
|
+
| Understand current costs | [Cost Query](cost-query/workflow.md) |
|
|
19
|
+
| Reduce costs / find waste | [Cost Optimization](cost-optimization/workflow.md) |
|
|
20
|
+
| Project future costs | [Cost Forecast](cost-forecast/workflow.md) |
|
|
21
|
+
|
|
22
|
+
## Quick Reference
|
|
23
|
+
|
|
24
|
+
| Property | Value |
|
|
25
|
+
|----------|-------|
|
|
26
|
+
| **Query API** | `POST {scope}/providers/Microsoft.CostManagement/query?api-version=2023-11-01` |
|
|
27
|
+
| **Forecast API** | `POST {scope}/providers/Microsoft.CostManagement/forecast?api-version=2023-11-01` |
|
|
28
|
+
| **Required Role** | Cost Management Reader + Monitoring Reader + Reader (on target scope) |
|
|
29
|
+
|
|
30
|
+
## Scope Patterns
|
|
31
|
+
|
|
32
|
+
- Subscription: `/subscriptions/<id>`
|
|
33
|
+
- Resource Group: `/subscriptions/<id>/resourceGroups/<name>`
|
|
34
|
+
- Management Group: `/providers/Microsoft.Management/managementGroups/<id>`
|
|
35
|
+
- Billing Account: `/providers/Microsoft.Billing/billingAccounts/<id>`
|
|
36
|
+
|
|
37
|
+
## Service-Specific Optimization
|
|
38
|
+
|
|
39
|
+
- [Redis](cost-optimization/services/redis/azure-cache-for-redis.md)
|
|
40
|
+
- [Storage](cost-optimization/services/storage/azure-storage.md)
|
|
41
|
+
|
|
42
|
+
## References
|
|
43
|
+
|
|
44
|
+
- [MCP Tools, Best Practices, Safety](references/tools-and-best-practices.md)
|
|
45
|
+
- [SDK: Redis .NET](cost-optimization/sdk/azure-resource-manager-redis-dotnet.md)
|
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: azure-deploy
|
|
3
|
+
description: "Execute Azure deployments for ALREADY-PREPARED applications that have existing .azure/deployment-plan.md and infrastructure files. DO NOT use this skill when the user asks to CREATE a new application — use azure-prepare instead. This skill runs azd up, azd deploy, terraform apply, and az deployment commands with built-in error recovery. Requires .azure/deployment-plan.md from azure-prepare and validated status from azure-validate. WHEN: \"run azd up\", \"run azd deploy\", \"execute deployment\", \"push to production\", \"push to cloud\", \"go live\", \"ship it\", \"bicep deploy\", \"terraform apply\", \"publish to Azure\", \"launch on Azure\". DO NOT USE WHEN: \"create and deploy\", \"build and deploy\", \"create a new app\", \"set up infrastructure\", \"create and deploy to Azure using Terraform\" — use azure-prepare for these."
|
|
4
|
+
license: MIT
|
|
5
|
+
metadata:
|
|
6
|
+
author: Microsoft
|
|
7
|
+
version: "1.1.2"
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Azure Deploy
|
|
11
|
+
|
|
12
|
+
> **AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE**
|
|
13
|
+
>
|
|
14
|
+
> **PREREQUISITE**: The **azure-validate** skill **MUST** be invoked and completed with status `Validated` BEFORE executing this skill.
|
|
15
|
+
|
|
16
|
+
> **⛔ STOP — PREREQUISITE CHECK REQUIRED**
|
|
17
|
+
> Before proceeding, verify BOTH prerequisites are met:
|
|
18
|
+
>
|
|
19
|
+
> 1. **azure-prepare** was invoked and completed → `.azure/deployment-plan.md` exists
|
|
20
|
+
> 2. **azure-validate** was invoked and passed → plan status = `Validated`
|
|
21
|
+
>
|
|
22
|
+
> If EITHER is missing, **STOP IMMEDIATELY**:
|
|
23
|
+
> - No plan? → Invoke **azure-prepare** skill first
|
|
24
|
+
> - Status not `Validated`? → Invoke **azure-validate** skill first
|
|
25
|
+
>
|
|
26
|
+
> **⛔ DO NOT MANUALLY UPDATE THE PLAN STATUS**
|
|
27
|
+
>
|
|
28
|
+
> You are **FORBIDDEN** from changing the plan status to `Validated` yourself. Only the **azure-validate** skill is authorized to set this status after running actual validation checks. If you update the status without running validation, deployments will fail.
|
|
29
|
+
>
|
|
30
|
+
> **DO NOT ASSUME** the app is ready. **DO NOT SKIP** validation to save time. Skipping steps causes deployment failures. The complete workflow ensures success:
|
|
31
|
+
>
|
|
32
|
+
> `azure-prepare` → `azure-validate` → `azure-deploy`
|
|
33
|
+
|
|
34
|
+
## Triggers
|
|
35
|
+
|
|
36
|
+
Activate this skill when user wants to:
|
|
37
|
+
- Execute deployment of an already-prepared application (azure.yaml and infra/ exist)
|
|
38
|
+
- Push updates to an existing Azure deployment
|
|
39
|
+
- Run `azd up`, `azd deploy`, or `az deployment` on a prepared project
|
|
40
|
+
- Ship already-built code to production
|
|
41
|
+
- Deploy an application that already includes API Management (APIM) gateway infrastructure
|
|
42
|
+
|
|
43
|
+
> **Scope**: This skill executes deployments. It does not create applications, generate infrastructure code, or scaffold projects. For those tasks, use **azure-prepare**.
|
|
44
|
+
|
|
45
|
+
> **APIM / AI Gateway**: Use this skill to deploy applications whose APIM/AI gateway infrastructure was already created during **azure-prepare**. For creating or changing APIM resources, see [APIM deployment guide](https://learn.microsoft.com/azure/api-management/get-started-create-service-instance). For AI governance policies, invoke **azure-aigateway** skill.
|
|
46
|
+
|
|
47
|
+
## Rules
|
|
48
|
+
|
|
49
|
+
1. Run after azure-prepare and azure-validate
|
|
50
|
+
2. `.azure/deployment-plan.md` must exist with status `Validated`
|
|
51
|
+
3. **Pre-deploy checklist required** — [Pre-Deploy Checklist](references/pre-deploy-checklist.md)
|
|
52
|
+
4. ⛔ **Destructive actions require `ask_user`** — [global-rules](references/global-rules.md)
|
|
53
|
+
5. **Scope: deployment execution only** — This skill owns execution of `azd up`, `azd deploy`, `terraform apply`, and `az deployment` commands. These commands are run through this skill's error recovery and verification pipeline.
|
|
54
|
+
|
|
55
|
+
---
|
|
56
|
+
|
|
57
|
+
## Steps
|
|
58
|
+
|
|
59
|
+
| # | Action | Reference |
|
|
60
|
+
|---|--------|-----------|
|
|
61
|
+
| 1 | **Check Plan** — Read `.azure/deployment-plan.md`, verify status = `Validated` AND **Validation Proof** section is populated | `.azure/deployment-plan.md` |
|
|
62
|
+
| 2 | **Pre-Deploy Checklist** — MUST complete ALL steps | [Pre-Deploy Checklist](references/pre-deploy-checklist.md) |
|
|
63
|
+
| 3 | **Load Recipe** — Based on `recipe.type` in `.azure/deployment-plan.md` | [recipes/README.md](references/recipes/README.md) |
|
|
64
|
+
| 4 | **RBAC Health Check** — For Container Apps + ACR with managed identity: run `azd provision --no-prompt`, then verify `AcrPull` role has propagated before proceeding (see checklist) | [Pre-Deploy Checklist — Container Apps RBAC](references/pre-deploy-checklist.md#container-apps--acr--pre-deploy-rbac-health-check) |
|
|
65
|
+
| 5 | **Execute Deploy** — Follow recipe steps | Recipe README |
|
|
66
|
+
| 6 | **Post-Deploy** — Configure SQL managed identity and apply EF migrations if applicable | [Post-Deployment](references/recipes/azd/post-deployment.md) |
|
|
67
|
+
| 7 | **Handle Errors** — See recipe's `errors.md` | — |
|
|
68
|
+
| 8 | **Verify Success** — Confirm deployment completed and endpoints are accessible | [Verification](references/recipes/azd/verify.md) |
|
|
69
|
+
| 9 | **Live Role Verification** — Query Azure to confirm provisioned RBAC roles are correct and sufficient | [live-role-verification.md](references/live-role-verification.md) |
|
|
70
|
+
| 10 | **Report Results** — Present deployed endpoint URLs to the user as fully-qualified `https://` links | [Verification](references/recipes/azd/verify.md) |
|
|
71
|
+
|
|
72
|
+
> **⛔ URL FORMAT RULE**
|
|
73
|
+
>
|
|
74
|
+
> When presenting endpoint URLs to the user, you **MUST** always use fully-qualified URLs with the `https://` scheme (e.g. `https://myapp.azurewebsites.net`, not `myapp.azurewebsites.net`). Many Azure CLI commands return bare hostnames without a scheme — always prepend `https://` before presenting them.
|
|
75
|
+
|
|
76
|
+
> **⛔ VALIDATION PROOF CHECK**
|
|
77
|
+
>
|
|
78
|
+
> When checking the plan, verify the **Validation Proof** section (Section 7) contains actual validation results with commands run and timestamps. If this section is empty, validation was bypassed — invoke **azure-validate** skill first.
|
|
79
|
+
|
|
80
|
+
## SDK Quick References
|
|
81
|
+
|
|
82
|
+
- **Azure Developer CLI**: [azd](references/sdk/azd-deployment.md)
|
|
83
|
+
- **Azure Identity**: [Python](references/sdk/azure-identity-py.md) | [.NET](references/sdk/azure-identity-dotnet.md) | [TypeScript](references/sdk/azure-identity-ts.md) | [Java](references/sdk/azure-identity-java.md)
|
|
84
|
+
|
|
85
|
+
## MCP Tools
|
|
86
|
+
|
|
87
|
+
| Tool | Purpose |
|
|
88
|
+
|------|---------|
|
|
89
|
+
| `mcp_azure_mcp_subscription_list` | List available subscriptions |
|
|
90
|
+
| `mcp_azure_mcp_group_list` | List resource groups in subscription |
|
|
91
|
+
| `mcp_azure_mcp_azd` | Execute AZD commands |
|
|
92
|
+
| `azure__role` | List role assignments for live RBAC verification (step 9) |
|
|
93
|
+
|
|
94
|
+
## References
|
|
95
|
+
|
|
96
|
+
- [Troubleshooting](references/troubleshooting.md) - Common issues and solutions
|
|
97
|
+
- [Post-Deployment Steps](references/recipes/azd/post-deployment.md) - SQL + EF Core setup
|
|
@@ -0,0 +1,151 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: azure-diagnostics
|
|
3
|
+
description: "Debug Azure production issues on Azure using AppLens, Azure Monitor, resource health, and safe triage. WHEN: debug production issues, troubleshoot app service, app service high CPU, app service deployment failure, troubleshoot container apps, troubleshoot functions, troubleshoot AKS, kubectl cannot connect, kube-system/CoreDNS failures, pod pending, crashloop, node not ready, upgrade failures, analyze logs, KQL, insights, image pull failures, cold start issues, health probe failures, resource health, root cause of errors, troubleshoot event hubs, troubleshoot service bus, messaging SDK error, AMQP connection failure, message lock lost, service bus dead letter."
|
|
4
|
+
license: MIT
|
|
5
|
+
metadata:
|
|
6
|
+
author: Microsoft
|
|
7
|
+
version: "1.1.6"
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Azure Diagnostics
|
|
11
|
+
|
|
12
|
+
> **AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE**
|
|
13
|
+
>
|
|
14
|
+
> This document is the **official source** for debugging and troubleshooting Azure production issues. Follow these instructions to diagnose and resolve common Azure service problems systematically.
|
|
15
|
+
|
|
16
|
+
## Triggers
|
|
17
|
+
|
|
18
|
+
Activate this skill when user wants to:
|
|
19
|
+
- Debug or troubleshoot production issues
|
|
20
|
+
- Diagnose errors in Azure services
|
|
21
|
+
- Analyze application logs or metrics
|
|
22
|
+
- Fix image pull, cold start, or health probe issues
|
|
23
|
+
- Investigate why Azure resources are failing
|
|
24
|
+
- Find root cause of application errors
|
|
25
|
+
- Troubleshoot App Service issues (high CPU, deployment failures, crashes, slow responses, TLS/custom domains)
|
|
26
|
+
- Respond to prompts like "troubleshoot app service", "app service high CPU", or "app service deployment failure"
|
|
27
|
+
- Troubleshoot Azure Function Apps (invocation failures, timeouts, binding errors)
|
|
28
|
+
- Find the App Insights or Log Analytics workspace linked to a Function App
|
|
29
|
+
- Troubleshoot AKS clusters, nodes, pods, ingress, or Kubernetes networking issues
|
|
30
|
+
- Troubleshoot Azure Messaging SDK issues (Event Hubs, Service Bus connection failures, AMQP errors, message lock issues)
|
|
31
|
+
|
|
32
|
+
## Rules
|
|
33
|
+
|
|
34
|
+
1. Start with systematic diagnosis flow
|
|
35
|
+
2. Use AppLens (MCP) for AI-powered diagnostics when available
|
|
36
|
+
3. Check resource health before deep-diving into logs
|
|
37
|
+
4. Select appropriate troubleshooting guide based on service type
|
|
38
|
+
5. Document findings and attempted remediation steps
|
|
39
|
+
6. Route AKS incidents to the dedicated AKS troubleshooting document
|
|
40
|
+
|
|
41
|
+
---
|
|
42
|
+
|
|
43
|
+
## Quick Diagnosis Flow
|
|
44
|
+
|
|
45
|
+
1. **Identify symptoms** - What's failing?
|
|
46
|
+
2. **Check resource health** - Is Azure healthy?
|
|
47
|
+
3. **Review logs** - What do logs show?
|
|
48
|
+
4. **Analyze metrics** - Performance patterns?
|
|
49
|
+
5. **Investigate recent changes** - What changed?
|
|
50
|
+
|
|
51
|
+
---
|
|
52
|
+
|
|
53
|
+
## Troubleshooting Guides by Service
|
|
54
|
+
|
|
55
|
+
| Service | Common Issues | Reference |
|
|
56
|
+
|---------|---------------|-----------|
|
|
57
|
+
| **Container Apps** | Image pull failures, cold starts, health probes, port mismatches | [container-apps/](references/container-apps/README.md) |
|
|
58
|
+
| **App Service** | High CPU, deployment failures, crashes, slow responses, TLS/custom domains | [app-service/](references/app-service/README.md) |
|
|
59
|
+
| **Function Apps** | App details, invocation failures, timeouts, binding errors, cold starts, missing app settings | [functions/](references/functions/README.md) |
|
|
60
|
+
| **AKS** | Cluster access, nodes, `kube-system`, scheduling, crash loops, ingress, DNS, upgrades | [AKS Troubleshooting](troubleshooting/aks/aks-troubleshooting.md) |
|
|
61
|
+
| **Messaging** | Event Hubs & Service Bus SDK errors, AMQP failures, message lock, connectivity | [Messaging Troubleshooting](troubleshooting/messaging/README.md) |
|
|
62
|
+
|
|
63
|
+
---
|
|
64
|
+
|
|
65
|
+
## Routing
|
|
66
|
+
|
|
67
|
+
- Keep Container Apps and Function Apps diagnostics in this parent skill.
|
|
68
|
+
- Route active AKS incidents, AKS-specific intake, evidence gathering, and remediation guidance to [AKS Troubleshooting](troubleshooting/aks/aks-troubleshooting.md).
|
|
69
|
+
- Route Azure Messaging SDK troubleshooting (Event Hubs, Service Bus) to [Messaging Troubleshooting](troubleshooting/messaging/README.md).
|
|
70
|
+
|
|
71
|
+
---
|
|
72
|
+
|
|
73
|
+
## Quick Reference
|
|
74
|
+
|
|
75
|
+
### Common Diagnostic Commands
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
# Check resource health
|
|
79
|
+
az resource show --ids RESOURCE_ID
|
|
80
|
+
# View activity log
|
|
81
|
+
az monitor activity-log list -g RG --max-events 20
|
|
82
|
+
# Container Apps logs
|
|
83
|
+
az containerapp logs show --name APP -g RG --follow
|
|
84
|
+
# Function App logs (query App Insights traces)
|
|
85
|
+
az monitor app-insights query --apps APP-INSIGHTS -g RG \
|
|
86
|
+
--analytics-query "traces | where timestamp > ago(1h) | order by timestamp desc | take 50"
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
### AppLens (MCP Tools)
|
|
90
|
+
|
|
91
|
+
For AI-powered diagnostics, use:
|
|
92
|
+
```
|
|
93
|
+
mcp_azure_mcp_applens
|
|
94
|
+
intent: "diagnose issues with <resource-name>"
|
|
95
|
+
command: "diagnose"
|
|
96
|
+
parameters:
|
|
97
|
+
resourceId: "<resource-id>"
|
|
98
|
+
|
|
99
|
+
Provides:
|
|
100
|
+
- Automated issue detection
|
|
101
|
+
- Root cause analysis
|
|
102
|
+
- Remediation recommendations
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
### Azure Monitor (MCP Tools)
|
|
106
|
+
|
|
107
|
+
For querying logs and metrics:
|
|
108
|
+
```
|
|
109
|
+
mcp_azure_mcp_monitor
|
|
110
|
+
intent: "query logs for <resource-name>"
|
|
111
|
+
command: "logs_query"
|
|
112
|
+
parameters:
|
|
113
|
+
workspaceId: "<workspace-id>"
|
|
114
|
+
query: "<KQL-query>"
|
|
115
|
+
```
|
|
116
|
+
|
|
117
|
+
See [kql-queries.md](references/kql-queries.md) for common diagnostic queries.
|
|
118
|
+
|
|
119
|
+
---
|
|
120
|
+
|
|
121
|
+
## Check Azure Resource Health
|
|
122
|
+
|
|
123
|
+
### Using MCP
|
|
124
|
+
|
|
125
|
+
```
|
|
126
|
+
mcp_azure_mcp_resourcehealth
|
|
127
|
+
intent: "check health status of <resource-name>"
|
|
128
|
+
command: "get"
|
|
129
|
+
parameters:
|
|
130
|
+
resourceId: "<resource-id>"
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
### Using CLI
|
|
134
|
+
|
|
135
|
+
```bash
|
|
136
|
+
# Check specific resource health
|
|
137
|
+
az resource show --ids RESOURCE_ID
|
|
138
|
+
|
|
139
|
+
# Check recent activity
|
|
140
|
+
az monitor activity-log list -g RG --max-events 20
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
---
|
|
144
|
+
|
|
145
|
+
## References
|
|
146
|
+
|
|
147
|
+
- [KQL Query Library](references/kql-queries.md)
|
|
148
|
+
- [Azure Resource Graph Queries](references/azure-resource-graph.md)
|
|
149
|
+
- [App Service Troubleshooting](references/app-service/README.md)
|
|
150
|
+
- [Function Apps Troubleshooting](references/functions/README.md)
|
|
151
|
+
- [Messaging Troubleshooting](troubleshooting/messaging/README.md)
|