rsc-universal 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +279 -0
- package/manifest.json +4761 -0
- package/package.json +59 -0
- package/schema/frontmatter.schema.json +12 -0
- package/scripts/build-manifest.js +72 -0
- package/scripts/consult.js +106 -0
- package/scripts/detect-repo.js +118 -0
- package/scripts/doctor.js +21 -0
- package/scripts/eval-lint.sh +179 -0
- package/scripts/install-apply.js +52 -0
- package/scripts/install-plan.js +13 -0
- package/scripts/lib/behavior-score.js +103 -0
- package/scripts/lib/frontmatter.js +47 -0
- package/scripts/lib/harden-policy.js +41 -0
- package/scripts/lib/manifest.js +18 -0
- package/scripts/lib/recommend.js +36 -0
- package/scripts/lib/registry.js +110 -0
- package/scripts/lib/result-envelope.js +35 -0
- package/scripts/lib/state.js +12 -0
- package/scripts/lib/ui.js +17 -0
- package/scripts/reviewer-guard.sh +67 -0
- package/scripts/rsc.js +108 -0
- package/scripts/skill-behavior-eval.js +33 -0
- package/scripts/skill-behavior-eval.workflow.js +136 -0
- package/scripts/skill-behavior-rubric.md +63 -0
- package/scripts/skill-harden-rubric.md +40 -0
- package/scripts/skill-harden.workflow.js +161 -0
- package/scripts/skill-rubric.md +39 -0
- package/scripts/skill-scoreboard.workflow.js +35 -0
- package/skills/ab-testing/SKILL.md +191 -0
- package/skills/ab-testing/evals/README.md +8 -0
- package/skills/ab-testing/evals/cases.yaml +49 -0
- package/skills/ab-testing/references/pitfalls.md +74 -0
- package/skills/ab-testing/references/sample-size-and-cuped.md +128 -0
- package/skills/ab-testing/scripts/verify.sh +89 -0
- package/skills/accessibility/SKILL.md +218 -0
- package/skills/accessibility/evals/README.md +3 -0
- package/skills/accessibility/evals/cases.yaml +47 -0
- package/skills/accessibility/references/aria-patterns.md +113 -0
- package/skills/accessibility/references/wcag22-checklist.md +83 -0
- package/skills/accessibility/scripts/verify.sh +103 -0
- package/skills/ads/SKILL.md +175 -0
- package/skills/ads/evals/README.md +15 -0
- package/skills/ads/evals/cases.yaml +58 -0
- package/skills/ads/references/platform-specs.md +73 -0
- package/skills/ads/references/roas-model.md +77 -0
- package/skills/ads/scripts/verify.sh +210 -0
- package/skills/agent-eval/SKILL.md +213 -0
- package/skills/agent-eval/evals/README.md +12 -0
- package/skills/agent-eval/evals/cases.yaml +45 -0
- package/skills/agent-eval/references/judge-design.md +118 -0
- package/skills/agent-eval/references/runner-and-gate.md +183 -0
- package/skills/agent-eval/scripts/verify.sh +161 -0
- package/skills/agent-safety/SKILL.md +176 -0
- package/skills/agent-safety/evals/README.md +12 -0
- package/skills/agent-safety/evals/cases.yaml +46 -0
- package/skills/agent-safety/references/threat-model.md +51 -0
- package/skills/ai-media/SKILL.md +196 -0
- package/skills/ai-media/evals/README.md +3 -0
- package/skills/ai-media/evals/cases.yaml +45 -0
- package/skills/ai-media/references/ffmpeg-assembly.md +117 -0
- package/skills/ai-media/references/models-and-params.md +78 -0
- package/skills/ai-media/scripts/verify.sh +103 -0
- package/skills/analytics/SKILL.md +219 -0
- package/skills/analytics/evals/README.md +9 -0
- package/skills/analytics/evals/cases.yaml +53 -0
- package/skills/analytics/references/event-taxonomy.md +75 -0
- package/skills/analytics/references/ga4-setup.md +122 -0
- package/skills/analytics/references/posthog-setup.md +100 -0
- package/skills/analytics/scripts/verify.sh +95 -0
- package/skills/analyze/SKILL.md +136 -0
- package/skills/analyze/evals/README.md +72 -0
- package/skills/analyze/evals/cases.yaml +74 -0
- package/skills/angular/SKILL.md +288 -0
- package/skills/angular/evals/README.md +3 -0
- package/skills/angular/evals/cases.yaml +38 -0
- package/skills/angular/references/migration.md +81 -0
- package/skills/angular/references/signals-rxjs.md +92 -0
- package/skills/angular/scripts/verify.sh +122 -0
- package/skills/api-connector-builder/SKILL.md +285 -0
- package/skills/api-connector-builder/evals/README.md +11 -0
- package/skills/api-connector-builder/evals/cases.yaml +47 -0
- package/skills/api-connector-builder/references/auth-flows.md +132 -0
- package/skills/api-connector-builder/references/pagination.md +144 -0
- package/skills/api-connector-builder/scripts/verify.sh +172 -0
- package/skills/api-design/SKILL.md +189 -0
- package/skills/api-design/evals/README.md +3 -0
- package/skills/api-design/evals/cases.yaml +45 -0
- package/skills/api-design/references/graphql-design.md +70 -0
- package/skills/api-design/references/openapi-contract.md +86 -0
- package/skills/api-design/references/rest-conventions.md +63 -0
- package/skills/api-design/references/versioning-and-evolution.md +49 -0
- package/skills/api-design/scripts/verify.sh +138 -0
- package/skills/article-writing/SKILL.md +175 -0
- package/skills/article-writing/evals/README.md +3 -0
- package/skills/article-writing/evals/cases.yaml +47 -0
- package/skills/article-writing/references/ai-tell-banlist.md +114 -0
- package/skills/article-writing/references/on-page-seo.md +133 -0
- package/skills/article-writing/scripts/verify.sh +165 -0
- package/skills/astro/SKILL.md +275 -0
- package/skills/astro/evals/README.md +3 -0
- package/skills/astro/evals/cases.yaml +41 -0
- package/skills/astro/references/content-layer.md +118 -0
- package/skills/astro/references/deploy-and-integrations.md +163 -0
- package/skills/astro/scripts/verify.sh +137 -0
- package/skills/author-skill/SKILL.md +206 -0
- package/skills/author-skill/evals/README.md +66 -0
- package/skills/author-skill/evals/cases.yaml +75 -0
- package/skills/author-skill/references/description-recipe.md +84 -0
- package/skills/author-skill/references/eval-authoring.md +74 -0
- package/skills/author-skill/references/rsc-conventions.md +91 -0
- package/skills/automation-flows/SKILL.md +132 -0
- package/skills/automation-flows/evals/README.md +5 -0
- package/skills/automation-flows/evals/cases.yaml +44 -0
- package/skills/automation-flows/references/error-handling.md +58 -0
- package/skills/automation-flows/references/n8n-workflow-json.md +63 -0
- package/skills/automation-flows/scripts/verify.sh +78 -0
- package/skills/aws-essentials/SKILL.md +223 -0
- package/skills/aws-essentials/evals/README.md +10 -0
- package/skills/aws-essentials/evals/cases.yaml +44 -0
- package/skills/aws-essentials/references/iam-least-privilege.md +134 -0
- package/skills/aws-essentials/references/rds-cloudfront-recipes.md +127 -0
- package/skills/aws-essentials/scripts/verify.sh +99 -0
- package/skills/backups/SKILL.md +137 -0
- package/skills/backups/evals/README.md +3 -0
- package/skills/backups/evals/cases.yaml +42 -0
- package/skills/backups/references/engine-recipes.md +121 -0
- package/skills/backups/references/restore-runbook.md +65 -0
- package/skills/backups/scripts/verify.sh +80 -0
- package/skills/bash-scripting/SKILL.md +231 -0
- package/skills/bash-scripting/evals/README.md +3 -0
- package/skills/bash-scripting/evals/cases.yaml +45 -0
- package/skills/bash-scripting/references/portability.md +97 -0
- package/skills/bash-scripting/scripts/verify.sh +140 -0
- package/skills/bookkeeping/SKILL.md +184 -0
- package/skills/bookkeeping/evals/README.md +5 -0
- package/skills/bookkeeping/evals/cases.yaml +52 -0
- package/skills/bookkeeping/references/chart-of-accounts.md +87 -0
- package/skills/bookkeeping/references/reconciliation-playbook.md +54 -0
- package/skills/bookkeeping/references/tricky-transactions.md +192 -0
- package/skills/brand-identity/SKILL.md +161 -0
- package/skills/brand-identity/evals/README.md +14 -0
- package/skills/brand-identity/evals/cases.yaml +43 -0
- package/skills/brand-identity/references/color-and-tokens.md +129 -0
- package/skills/brand-identity/references/logo-and-assets.md +117 -0
- package/skills/brand-identity/scripts/verify.sh +224 -0
- package/skills/brand-voice/SKILL.md +183 -0
- package/skills/brand-voice/evals/README.md +3 -0
- package/skills/brand-voice/evals/cases.yaml +57 -0
- package/skills/brand-voice/references/voice-guide-template.md +150 -0
- package/skills/brand-voice/references/word-bank.md +61 -0
- package/skills/brand-voice/scripts/verify.sh +190 -0
- package/skills/building-agents/SKILL.md +469 -0
- package/skills/building-agents/evals/README.md +68 -0
- package/skills/building-agents/evals/cases.yaml +60 -0
- package/skills/building-agents/references/agent-loops-and-harness.md +371 -0
- package/skills/building-agents/references/evals-and-observability.md +420 -0
- package/skills/building-agents/references/mcp-servers.md +294 -0
- package/skills/building-agents/references/provider-abstraction.md +489 -0
- package/skills/building-agents/references/tools-and-rag.md +417 -0
- package/skills/building-agents/scripts/verify.sh +121 -0
- package/skills/business-intelligence/SKILL.md +176 -0
- package/skills/business-intelligence/evals/README.md +3 -0
- package/skills/business-intelligence/evals/cases.yaml +43 -0
- package/skills/business-intelligence/references/authoring-semantic-models.md +120 -0
- package/skills/business-intelligence/references/wiring-agents-and-apis.md +79 -0
- package/skills/business-intelligence/scripts/verify.sh +143 -0
- package/skills/calendar-scheduling/SKILL.md +196 -0
- package/skills/calendar-scheduling/evals/README.md +14 -0
- package/skills/calendar-scheduling/evals/cases.yaml +45 -0
- package/skills/calendar-scheduling/references/google-calendar-sync.md +78 -0
- package/skills/calendar-scheduling/references/provider-matrix.md +71 -0
- package/skills/calendar-scheduling/scripts/verify.sh +117 -0
- package/skills/case-studies/SKILL.md +147 -0
- package/skills/case-studies/evals/README.md +3 -0
- package/skills/case-studies/evals/cases.yaml +63 -0
- package/skills/case-studies/references/case-study-skeleton.md +90 -0
- package/skills/case-studies/references/consent-and-substantiation.md +80 -0
- package/skills/case-studies/scripts/verify.sh +161 -0
- package/skills/chatbot/SKILL.md +168 -0
- package/skills/chatbot/evals/README.md +13 -0
- package/skills/chatbot/evals/cases.yaml +43 -0
- package/skills/chatbot/references/handoff-and-sales.md +71 -0
- package/skills/chatbot/references/system-prompt-and-guardrails.md +78 -0
- package/skills/chatbot/scripts/verify.sh +162 -0
- package/skills/chrome-extension/SKILL.md +169 -0
- package/skills/chrome-extension/evals/README.md +12 -0
- package/skills/chrome-extension/evals/cases.yaml +40 -0
- package/skills/chrome-extension/references/store-and-migration.md +84 -0
- package/skills/chrome-extension/scripts/verify.sh +62 -0
- package/skills/clarify/SKILL.md +159 -0
- package/skills/clarify/evals/README.md +70 -0
- package/skills/clarify/evals/cases.yaml +71 -0
- package/skills/clickhouse-analytics/SKILL.md +165 -0
- package/skills/clickhouse-analytics/evals/README.md +3 -0
- package/skills/clickhouse-analytics/evals/cases.yaml +45 -0
- package/skills/clickhouse-analytics/references/ingestion-and-mvs.md +109 -0
- package/skills/clickhouse-analytics/references/query-optimization.md +76 -0
- package/skills/clickhouse-analytics/references/schema-and-engines.md +63 -0
- package/skills/clickhouse-analytics/scripts/verify.sh +109 -0
- package/skills/client-onboarding/SKILL.md +254 -0
- package/skills/client-onboarding/evals/README.md +14 -0
- package/skills/client-onboarding/evals/cases.yaml +40 -0
- package/skills/client-onboarding/references/onboarding-playbook.md +126 -0
- package/skills/cloudflare/SKILL.md +191 -0
- package/skills/cloudflare/evals/README.md +15 -0
- package/skills/cloudflare/evals/cases.yaml +46 -0
- package/skills/cloudflare/references/storage-primitives.md +104 -0
- package/skills/cloudflare/references/wrangler-config.md +91 -0
- package/skills/cloudflare/scripts/verify.sh +133 -0
- package/skills/code-review/SKILL.md +143 -0
- package/skills/code-review/evals/README.md +3 -0
- package/skills/code-review/evals/cases.yaml +55 -0
- package/skills/code-review/references/pr-workflow.md +67 -0
- package/skills/codebase-onboarding/SKILL.md +133 -0
- package/skills/codebase-onboarding/evals/README.md +3 -0
- package/skills/codebase-onboarding/evals/cases.yaml +69 -0
- package/skills/codebase-onboarding/references/recon-playbook.md +57 -0
- package/skills/codebase-onboarding/scripts/verify.sh +54 -0
- package/skills/cold-outreach/SKILL.md +206 -0
- package/skills/cold-outreach/evals/README.md +3 -0
- package/skills/cold-outreach/evals/cases.yaml +60 -0
- package/skills/cold-outreach/references/compliance-footer.md +50 -0
- package/skills/cold-outreach/references/hook-derivation.md +73 -0
- package/skills/cold-outreach/references/templates.md +88 -0
- package/skills/cold-outreach/scripts/verify.sh +170 -0
- package/skills/community/SKILL.md +225 -0
- package/skills/community/evals/README.md +3 -0
- package/skills/community/evals/cases.yaml +40 -0
- package/skills/community/references/metrics-and-rituals.md +58 -0
- package/skills/community/references/platform-playbooks.md +64 -0
- package/skills/community/scripts/verify.sh +83 -0
- package/skills/competitor-watch/SKILL.md +193 -0
- package/skills/competitor-watch/evals/README.md +19 -0
- package/skills/competitor-watch/evals/cases.yaml +54 -0
- package/skills/competitor-watch/references/monitoring-config.md +124 -0
- package/skills/competitor-watch/references/tracker-schema.md +79 -0
- package/skills/competitor-watch/scripts/verify.sh +253 -0
- package/skills/compliance/SKILL.md +184 -0
- package/skills/compliance/evals/README.md +14 -0
- package/skills/compliance/evals/cases.yaml +46 -0
- package/skills/compliance/references/frameworks.md +108 -0
- package/skills/compliance/references/operating-rhythm.md +79 -0
- package/skills/compliance/scripts/verify.sh +168 -0
- package/skills/compose-multiplatform/SKILL.md +198 -0
- package/skills/compose-multiplatform/evals/README.md +3 -0
- package/skills/compose-multiplatform/evals/cases.yaml +40 -0
- package/skills/compose-multiplatform/references/ios-interop.md +91 -0
- package/skills/compose-multiplatform/references/project-setup.md +96 -0
- package/skills/compose-multiplatform/scripts/verify.sh +123 -0
- package/skills/constitution/SKILL.md +160 -0
- package/skills/constitution/evals/README.md +68 -0
- package/skills/constitution/evals/cases.yaml +72 -0
- package/skills/constitution/references/constitution-template.md +90 -0
- package/skills/content-engine/SKILL.md +164 -0
- package/skills/content-engine/evals/README.md +17 -0
- package/skills/content-engine/evals/cases.yaml +62 -0
- package/skills/content-engine/references/atomization.md +81 -0
- package/skills/content-engine/references/brief-and-pipeline.md +90 -0
- package/skills/content-engine/scripts/verify.sh +146 -0
- package/skills/context-budget/SKILL.md +132 -0
- package/skills/context-budget/evals/README.md +11 -0
- package/skills/context-budget/evals/cases.yaml +40 -0
- package/skills/context-budget/references/handoff-and-compaction.md +96 -0
- package/skills/continuous-learning/SKILL.md +136 -0
- package/skills/continuous-learning/evals/README.md +16 -0
- package/skills/continuous-learning/evals/cases.yaml +39 -0
- package/skills/continuous-learning/references/lesson-routing.md +106 -0
- package/skills/contracts/SKILL.md +124 -0
- package/skills/contracts/evals/README.md +3 -0
- package/skills/contracts/evals/cases.yaml +42 -0
- package/skills/contracts/references/clause-library.md +129 -0
- package/skills/contracts/references/review-playbook.md +49 -0
- package/skills/contracts/scripts/verify.sh +53 -0
- package/skills/coolify/SKILL.md +201 -0
- package/skills/coolify/evals/README.md +21 -0
- package/skills/coolify/evals/cases.yaml +46 -0
- package/skills/coolify/references/databases-and-backups.md +99 -0
- package/skills/coolify/references/deploy-recipes.md +105 -0
- package/skills/coolify/references/install-and-proxy.md +80 -0
- package/skills/coolify/scripts/verify.sh +123 -0
- package/skills/cost-tracking/SKILL.md +183 -0
- package/skills/cost-tracking/evals/README.md +3 -0
- package/skills/cost-tracking/evals/cases.yaml +45 -0
- package/skills/cost-tracking/references/cloud-caps.md +52 -0
- package/skills/cost-tracking/references/pricing-tables.md +51 -0
- package/skills/cost-tracking/scripts/verify.sh +135 -0
- package/skills/course-builder/SKILL.md +186 -0
- package/skills/course-builder/evals/README.md +16 -0
- package/skills/course-builder/evals/cases.yaml +49 -0
- package/skills/course-builder/references/assessment-design.md +74 -0
- package/skills/course-builder/references/grounding-and-scoping.md +69 -0
- package/skills/course-builder/references/outcomes-and-blooms.md +82 -0
- package/skills/course-builder/scripts/verify.sh +247 -0
- package/skills/course-storytelling/SKILL.md +205 -0
- package/skills/course-storytelling/evals/README.md +54 -0
- package/skills/course-storytelling/evals/cases.yaml +50 -0
- package/skills/course-storytelling/references/brunson-frameworks.md +190 -0
- package/skills/course-storytelling/references/concept-landing-recipe.md +136 -0
- package/skills/course-storytelling/references/course-analysis.md +124 -0
- package/skills/course-storytelling/references/learner-grounding.md +183 -0
- package/skills/course-storytelling/references/mental-models.md +115 -0
- package/skills/course-storytelling/scripts/verify.sh +223 -0
- package/skills/cpp/SKILL.md +349 -0
- package/skills/cpp/evals/README.md +14 -0
- package/skills/cpp/evals/cases.yaml +44 -0
- package/skills/cpp/references/cmake.md +167 -0
- package/skills/cpp/references/move-and-templates.md +130 -0
- package/skills/cpp/references/undefined-behavior.md +86 -0
- package/skills/cpp/scripts/verify.sh +165 -0
- package/skills/csharp-dotnet/SKILL.md +291 -0
- package/skills/csharp-dotnet/evals/README.md +3 -0
- package/skills/csharp-dotnet/evals/cases.yaml +48 -0
- package/skills/csharp-dotnet/references/aspnetcore.md +99 -0
- package/skills/csharp-dotnet/references/async.md +82 -0
- package/skills/csharp-dotnet/references/efcore.md +96 -0
- package/skills/csharp-dotnet/scripts/verify.sh +90 -0
- package/skills/customer-support/SKILL.md +193 -0
- package/skills/customer-support/evals/README.md +13 -0
- package/skills/customer-support/evals/cases.yaml +61 -0
- package/skills/customer-support/references/macros-and-sla.md +142 -0
- package/skills/dashboard/SKILL.md +205 -0
- package/skills/dashboard/evals/README.md +3 -0
- package/skills/dashboard/evals/cases.yaml +50 -0
- package/skills/dashboard/references/chart-selection.md +34 -0
- package/skills/dashboard/references/tile-schema.md +164 -0
- package/skills/dashboard/scripts/verify.sh +130 -0
- package/skills/data-cleaning/SKILL.md +285 -0
- package/skills/data-cleaning/evals/README.md +16 -0
- package/skills/data-cleaning/evals/cases.yaml +57 -0
- package/skills/data-cleaning/references/normalization-recipes.md +136 -0
- package/skills/data-cleaning/references/validation-patterns.md +134 -0
- package/skills/data-cleaning/scripts/verify.sh +115 -0
- package/skills/data-policy/SKILL.md +163 -0
- package/skills/data-policy/evals/README.md +15 -0
- package/skills/data-policy/evals/cases.yaml +44 -0
- package/skills/data-policy/references/consent-and-ropa.md +97 -0
- package/skills/data-policy/references/retention-schedule.md +83 -0
- package/skills/data-policy/scripts/verify.sh +143 -0
- package/skills/data-scraper/SKILL.md +134 -0
- package/skills/data-scraper/evals/README.md +3 -0
- package/skills/data-scraper/evals/cases.yaml +46 -0
- package/skills/data-scraper/references/anti-bot.md +85 -0
- package/skills/data-scraper/references/frameworks.md +116 -0
- package/skills/data-scraper/references/legal-compliance.md +59 -0
- package/skills/data-scraper/scripts/verify.sh +166 -0
- package/skills/db-migrations/SKILL.md +254 -0
- package/skills/db-migrations/evals/README.md +10 -0
- package/skills/db-migrations/evals/cases.yaml +46 -0
- package/skills/db-migrations/references/backfill-and-batching.md +105 -0
- package/skills/db-migrations/references/expand-contract-playbook.md +152 -0
- package/skills/db-migrations/references/tools-and-runners.md +88 -0
- package/skills/db-migrations/scripts/verify.sh +112 -0
- package/skills/debug/SKILL.md +227 -0
- package/skills/debug/evals/README.md +88 -0
- package/skills/debug/evals/cases.yaml +74 -0
- package/skills/decision-records/SKILL.md +189 -0
- package/skills/decision-records/evals/README.md +3 -0
- package/skills/decision-records/evals/cases.yaml +43 -0
- package/skills/decision-records/references/templates.md +232 -0
- package/skills/decision-records/scripts/verify.sh +105 -0
- package/skills/deployment/SKILL.md +439 -0
- package/skills/deployment/evals/README.md +50 -0
- package/skills/deployment/evals/cases.yaml +53 -0
- package/skills/deployment/references/coolify.md +216 -0
- package/skills/deployment/references/dockerfiles-by-stack.md +319 -0
- package/skills/deployment/references/github-actions.md +295 -0
- package/skills/deployment/references/hosting-targets.md +272 -0
- package/skills/deployment/scripts/verify.sh +134 -0
- package/skills/design/SKILL.md +399 -0
- package/skills/design/evals/README.md +53 -0
- package/skills/design/evals/cases.yaml +56 -0
- package/skills/design/references/brand-grounding.md +187 -0
- package/skills/design/references/copywriting-frameworks.md +138 -0
- package/skills/design/references/landing-anatomy-and-cro.md +202 -0
- package/skills/design/references/motion-and-interaction.md +182 -0
- package/skills/design/references/research-method.md +147 -0
- package/skills/design/references/signature-and-craft.md +148 -0
- package/skills/design/references/trends-2026.md +80 -0
- package/skills/design/references/visual-system.md +236 -0
- package/skills/design/scripts/verify.sh +248 -0
- package/skills/digitalocean/SKILL.md +251 -0
- package/skills/digitalocean/evals/README.md +10 -0
- package/skills/digitalocean/evals/cases.yaml +37 -0
- package/skills/digitalocean/references/app-spec.md +126 -0
- package/skills/digitalocean/references/droplet-ops.md +95 -0
- package/skills/digitalocean/scripts/verify.sh +102 -0
- package/skills/django/SKILL.md +268 -0
- package/skills/django/evals/README.md +11 -0
- package/skills/django/evals/cases.yaml +47 -0
- package/skills/django/references/drf.md +109 -0
- package/skills/django/references/orm-performance.md +91 -0
- package/skills/django/references/security.md +81 -0
- package/skills/django/references/testing.md +86 -0
- package/skills/django/scripts/verify.sh +115 -0
- package/skills/docker/SKILL.md +283 -0
- package/skills/docker/evals/README.md +10 -0
- package/skills/docker/evals/cases.yaml +44 -0
- package/skills/docker/references/base-images-and-stages.md +104 -0
- package/skills/docker/references/compose-recipes.md +109 -0
- package/skills/docker/scripts/verify.sh +149 -0
- package/skills/document-processing/SKILL.md +214 -0
- package/skills/document-processing/evals/README.md +3 -0
- package/skills/document-processing/evals/cases.yaml +65 -0
- package/skills/document-processing/references/engines.md +67 -0
- package/skills/document-processing/scripts/verify.sh +172 -0
- package/skills/domains-dns/SKILL.md +146 -0
- package/skills/domains-dns/evals/README.md +16 -0
- package/skills/domains-dns/evals/cases.yaml +47 -0
- package/skills/domains-dns/references/record-cookbook.md +94 -0
- package/skills/domains-dns/references/tls-and-acme.md +90 -0
- package/skills/domains-dns/references/verify-and-debug.md +64 -0
- package/skills/domains-dns/scripts/verify.sh +163 -0
- package/skills/drizzle-orm/SKILL.md +234 -0
- package/skills/drizzle-orm/evals/README.md +12 -0
- package/skills/drizzle-orm/evals/cases.yaml +47 -0
- package/skills/drizzle-orm/references/relations-and-drivers.md +118 -0
- package/skills/drizzle-orm/scripts/verify.sh +155 -0
- package/skills/duckdb/SKILL.md +207 -0
- package/skills/duckdb/evals/README.md +31 -0
- package/skills/duckdb/evals/cases.yaml +41 -0
- package/skills/duckdb/references/python-and-interop.md +105 -0
- package/skills/duckdb/references/remote-and-lakehouse.md +101 -0
- package/skills/duckdb/scripts/verify.sh +71 -0
- package/skills/dynamodb/SKILL.md +217 -0
- package/skills/dynamodb/evals/README.md +8 -0
- package/skills/dynamodb/evals/cases.yaml +46 -0
- package/skills/dynamodb/references/access-patterns.md +127 -0
- package/skills/dynamodb/references/capacity-and-limits.md +78 -0
- package/skills/dynamodb/scripts/verify.sh +108 -0
- package/skills/e-signature/SKILL.md +185 -0
- package/skills/e-signature/evals/README.md +3 -0
- package/skills/e-signature/evals/cases.yaml +44 -0
- package/skills/e-signature/references/docusign.md +83 -0
- package/skills/e-signature/references/dropbox-sign.md +73 -0
- package/skills/e-signature/references/legal-tiers.md +37 -0
- package/skills/e-signature/scripts/verify.sh +81 -0
- package/skills/e2e-testing/SKILL.md +243 -0
- package/skills/e2e-testing/evals/README.md +10 -0
- package/skills/e2e-testing/evals/cases.yaml +64 -0
- package/skills/e2e-testing/references/config-and-ci.md +156 -0
- package/skills/e2e-testing/references/flakiness-playbook.md +124 -0
- package/skills/e2e-testing/scripts/verify.sh +117 -0
- package/skills/electron/SKILL.md +221 -0
- package/skills/electron/evals/README.md +13 -0
- package/skills/electron/evals/cases.yaml +38 -0
- package/skills/electron/references/packaging-and-updates.md +122 -0
- package/skills/electron/references/security-and-ipc.md +158 -0
- package/skills/electron/scripts/verify.sh +143 -0
- package/skills/elixir/SKILL.md +217 -0
- package/skills/elixir/evals/README.md +3 -0
- package/skills/elixir/evals/cases.yaml +41 -0
- package/skills/elixir/references/mix-and-releases.md +91 -0
- package/skills/elixir/references/otp-patterns.md +96 -0
- package/skills/elixir/scripts/verify.sh +76 -0
- package/skills/email-connector/SKILL.md +294 -0
- package/skills/email-connector/evals/README.md +19 -0
- package/skills/email-connector/evals/cases.yaml +39 -0
- package/skills/email-connector/references/providers.md +107 -0
- package/skills/email-connector/scripts/verify.sh +72 -0
- package/skills/email-deliverability/SKILL.md +168 -0
- package/skills/email-deliverability/evals/README.md +21 -0
- package/skills/email-deliverability/evals/cases.yaml +45 -0
- package/skills/email-deliverability/scripts/verify.sh +98 -0
- package/skills/embeddings-search/SKILL.md +193 -0
- package/skills/embeddings-search/evals/README.md +10 -0
- package/skills/embeddings-search/evals/cases.yaml +44 -0
- package/skills/embeddings-search/references/evaluation.md +86 -0
- package/skills/embeddings-search/references/models.md +73 -0
- package/skills/embeddings-search/scripts/verify.sh +103 -0
- package/skills/error-handling/SKILL.md +307 -0
- package/skills/error-handling/evals/README.md +12 -0
- package/skills/error-handling/evals/cases.yaml +46 -0
- package/skills/error-handling/references/boundaries-and-messaging.md +120 -0
- package/skills/error-handling/references/retry-and-resilience.md +154 -0
- package/skills/error-handling/scripts/verify.sh +110 -0
- package/skills/expo/SKILL.md +253 -0
- package/skills/expo/evals/README.md +13 -0
- package/skills/expo/evals/cases.yaml +44 -0
- package/skills/expo/references/config-plugins.md +117 -0
- package/skills/expo/references/eas-update.md +118 -0
- package/skills/expo/scripts/verify.sh +132 -0
- package/skills/fal/SKILL.md +210 -0
- package/skills/fal/evals/README.md +3 -0
- package/skills/fal/evals/cases.yaml +42 -0
- package/skills/fal/references/models-and-cost.md +53 -0
- package/skills/fal/references/queue-and-webhooks.md +153 -0
- package/skills/fal/scripts/verify.sh +72 -0
- package/skills/fastapi/SKILL.md +499 -0
- package/skills/fastapi/evals/README.md +50 -0
- package/skills/fastapi/evals/cases.yaml +55 -0
- package/skills/fastapi/references/database.md +347 -0
- package/skills/fastapi/references/production.md +338 -0
- package/skills/fastapi/references/security.md +330 -0
- package/skills/fastapi/references/testing.md +349 -0
- package/skills/fastapi/scripts/verify.sh +116 -0
- package/skills/finance-ops/SKILL.md +149 -0
- package/skills/finance-ops/evals/README.md +3 -0
- package/skills/finance-ops/evals/cases.yaml +39 -0
- package/skills/finance-ops/references/cash-flow-forecast.md +57 -0
- package/skills/finance-ops/references/month-close.md +59 -0
- package/skills/finance-ops/references/reconciliation.md +65 -0
- package/skills/finance-ops/scripts/verify.sh +166 -0
- package/skills/financial-model/SKILL.md +170 -0
- package/skills/financial-model/evals/README.md +3 -0
- package/skills/financial-model/evals/cases.yaml +53 -0
- package/skills/financial-model/references/benchmarks-and-scenarios.md +55 -0
- package/skills/financial-model/references/model-structure.md +67 -0
- package/skills/financial-model/references/revenue-build.md +68 -0
- package/skills/financial-model/scripts/verify.sh +232 -0
- package/skills/firebase/SKILL.md +251 -0
- package/skills/firebase/evals/README.md +12 -0
- package/skills/firebase/evals/cases.yaml +45 -0
- package/skills/firebase/references/cloud-functions.md +102 -0
- package/skills/firebase/references/data-modeling.md +108 -0
- package/skills/firebase/references/security-rules.md +137 -0
- package/skills/firebase/scripts/verify.sh +98 -0
- package/skills/flutter/SKILL.md +448 -0
- package/skills/flutter/evals/README.md +54 -0
- package/skills/flutter/evals/cases.yaml +69 -0
- package/skills/flutter/references/architecture-and-state.md +499 -0
- package/skills/flutter/references/i18n-and-dependencies.md +197 -0
- package/skills/flutter/references/performance.md +299 -0
- package/skills/flutter/references/testing.md +385 -0
- package/skills/flutter/references/ui-and-navigation.md +378 -0
- package/skills/flutter/scripts/verify.sh +104 -0
- package/skills/fly-io/SKILL.md +206 -0
- package/skills/fly-io/evals/README.md +3 -0
- package/skills/fly-io/evals/cases.yaml +42 -0
- package/skills/fly-io/references/fly-toml.md +155 -0
- package/skills/fly-io/references/multi-region.md +66 -0
- package/skills/fly-io/scripts/verify.sh +90 -0
- package/skills/forecasting/SKILL.md +139 -0
- package/skills/forecasting/evals/README.md +13 -0
- package/skills/forecasting/evals/cases.yaml +47 -0
- package/skills/forecasting/references/accuracy-and-backtesting.md +104 -0
- package/skills/forecasting/references/methods-cheatsheet.md +94 -0
- package/skills/forecasting/scripts/verify.sh +99 -0
- package/skills/fundraising/SKILL.md +162 -0
- package/skills/fundraising/evals/README.md +18 -0
- package/skills/fundraising/evals/cases.yaml +76 -0
- package/skills/fundraising/references/funnel-math.md +90 -0
- package/skills/fundraising/references/process-playbook.md +97 -0
- package/skills/gcp-essentials/SKILL.md +327 -0
- package/skills/gcp-essentials/evals/README.md +12 -0
- package/skills/gcp-essentials/evals/cases.yaml +38 -0
- package/skills/gcp-essentials/references/deploy-recipes.md +81 -0
- package/skills/gcp-essentials/references/iam-and-auth.md +94 -0
- package/skills/gcp-essentials/references/networking-and-sql.md +74 -0
- package/skills/gcp-essentials/scripts/verify.sh +158 -0
- package/skills/gdpr-privacy/SKILL.md +167 -0
- package/skills/gdpr-privacy/evals/README.md +3 -0
- package/skills/gdpr-privacy/evals/cases.yaml +47 -0
- package/skills/gdpr-privacy/references/dpa-and-transfers.md +63 -0
- package/skills/gdpr-privacy/references/dsar-and-consent.md +83 -0
- package/skills/gdpr-privacy/references/privacy-policy-blueprint.md +99 -0
- package/skills/gdpr-privacy/scripts/verify.sh +84 -0
- package/skills/git-workflow/SKILL.md +190 -0
- package/skills/git-workflow/evals/README.md +10 -0
- package/skills/git-workflow/evals/cases.yaml +47 -0
- package/skills/git-workflow/references/interactive-rebase.md +89 -0
- package/skills/github-actions/SKILL.md +256 -0
- package/skills/github-actions/evals/README.md +3 -0
- package/skills/github-actions/evals/cases.yaml +45 -0
- package/skills/github-actions/references/caching-and-matrix.md +92 -0
- package/skills/github-actions/references/oidc-deploys.md +130 -0
- package/skills/github-actions/scripts/verify.sh +105 -0
- package/skills/go/SKILL.md +438 -0
- package/skills/go/evals/README.md +56 -0
- package/skills/go/evals/cases.yaml +55 -0
- package/skills/go/references/concurrency.md +557 -0
- package/skills/go/references/http-services.md +529 -0
- package/skills/go/references/testing.md +338 -0
- package/skills/go/scripts/verify.sh +109 -0
- package/skills/google-workspace/SKILL.md +287 -0
- package/skills/google-workspace/evals/README.md +16 -0
- package/skills/google-workspace/evals/cases.yaml +44 -0
- package/skills/google-workspace/references/api-recipes.md +148 -0
- package/skills/google-workspace/references/auth-setup.md +100 -0
- package/skills/google-workspace/scripts/verify.sh +128 -0
- package/skills/grants/SKILL.md +171 -0
- package/skills/grants/evals/README.md +3 -0
- package/skills/grants/evals/cases.yaml +69 -0
- package/skills/grants/references/budget-justification.md +71 -0
- package/skills/grants/references/jurisdictions.md +35 -0
- package/skills/grants/references/logic-model.md +66 -0
- package/skills/grants/scripts/verify.sh +193 -0
- package/skills/harness/SKILL.md +329 -0
- package/skills/harness/assets/_TEMPLATE/.env.example +8 -0
- package/skills/harness/assets/_TEMPLATE/CREDENTIALS.md +25 -0
- package/skills/harness/assets/_TEMPLATE/README.md +25 -0
- package/skills/harness/assets/_TEMPLATE/test_connection.sh +30 -0
- package/skills/harness/evals/README.md +54 -0
- package/skills/harness/evals/cases.yaml +72 -0
- package/skills/harness/examples/audit-example.md +120 -0
- package/skills/harness/references/agents-md-template.md +41 -0
- package/skills/harness/references/audit-report-template.html +140 -0
- package/skills/harness/references/audit-report-template.md +116 -0
- package/skills/harness/references/claude-md-template.md +98 -0
- package/skills/harness/references/inbox-readme-template.md +51 -0
- package/skills/harness/references/ingest-formats.md +185 -0
- package/skills/harness/references/providers.yaml +3410 -0
- package/skills/harness/references/tools-readme-template.md +88 -0
- package/skills/harness/references/wiki-archive-template.html +81 -0
- package/skills/harness/references/wiki-article-template.md +20 -0
- package/skills/harness/references/wiki-dashboard-template.html +136 -0
- package/skills/harness/references/wiki-deep-improve-report-template.html +126 -0
- package/skills/harness/references/wiki-gaps-template.md +18 -0
- package/skills/harness/references/wiki-index-template.md +23 -0
- package/skills/harness/references/wiki-protocol.md +699 -0
- package/skills/harness/references/wiki-raw-template.md +7 -0
- package/skills/hetzner/SKILL.md +221 -0
- package/skills/hetzner/evals/README.md +35 -0
- package/skills/hetzner/evals/cases.yaml +46 -0
- package/skills/hetzner/references/cloud-init.md +120 -0
- package/skills/hetzner/references/plans-and-locations.md +56 -0
- package/skills/hetzner/scripts/verify.sh +122 -0
- package/skills/hiring/SKILL.md +248 -0
- package/skills/hiring/evals/README.md +13 -0
- package/skills/hiring/evals/cases.yaml +41 -0
- package/skills/hiring/references/templates.md +118 -0
- package/skills/htmx/SKILL.md +261 -0
- package/skills/htmx/evals/README.md +3 -0
- package/skills/htmx/evals/cases.yaml +38 -0
- package/skills/htmx/references/patterns.md +113 -0
- package/skills/htmx/references/server-contract.md +91 -0
- package/skills/htmx/scripts/verify.sh +93 -0
- package/skills/huggingface/SKILL.md +190 -0
- package/skills/huggingface/evals/README.md +11 -0
- package/skills/huggingface/evals/cases.yaml +41 -0
- package/skills/huggingface/references/endpoints-and-spaces.md +99 -0
- package/skills/huggingface/references/hub-and-cli.md +85 -0
- package/skills/huggingface/references/inference-providers.md +115 -0
- package/skills/huggingface/scripts/verify.sh +123 -0
- package/skills/implement/SKILL.md +283 -0
- package/skills/implement/evals/README.md +56 -0
- package/skills/implement/evals/cases.yaml +43 -0
- package/skills/init/SKILL.md +184 -0
- package/skills/init/evals/README.md +49 -0
- package/skills/init/evals/cases.yaml +74 -0
- package/skills/init/references/accompaniment-and-profile.md +140 -0
- package/skills/init/references/discovery.md +90 -0
- package/skills/init/references/recommend-skills.md +115 -0
- package/skills/init/scripts/verify.sh +122 -0
- package/skills/instagram-api/SKILL.md +241 -0
- package/skills/instagram-api/evals/README.md +3 -0
- package/skills/instagram-api/evals/cases.yaml +43 -0
- package/skills/instagram-api/references/insights-metrics.md +88 -0
- package/skills/instagram-api/references/publish-reel.md +98 -0
- package/skills/instagram-api/scripts/verify.sh +137 -0
- package/skills/inventory/SKILL.md +131 -0
- package/skills/inventory/evals/README.md +3 -0
- package/skills/inventory/evals/cases.yaml +43 -0
- package/skills/inventory/references/abc-xyz.md +52 -0
- package/skills/inventory/references/ddmrp.md +32 -0
- package/skills/inventory/references/reorder-policies.md +85 -0
- package/skills/inventory/references/safety-stock.md +63 -0
- package/skills/inventory/scripts/verify.sh +155 -0
- package/skills/investor-materials/SKILL.md +175 -0
- package/skills/investor-materials/evals/README.md +15 -0
- package/skills/investor-materials/evals/cases.yaml +60 -0
- package/skills/investor-materials/references/dataroom-checklist.md +134 -0
- package/skills/investor-materials/references/update-and-onepager-templates.md +152 -0
- package/skills/investor-materials/scripts/verify.sh +148 -0
- package/skills/invoicing/SKILL.md +154 -0
- package/skills/invoicing/evals/README.md +5 -0
- package/skills/invoicing/evals/cases.yaml +49 -0
- package/skills/invoicing/references/dunning-ladder.md +53 -0
- package/skills/invoicing/references/e-invoicing-mandates.md +43 -0
- package/skills/invoicing/scripts/fixtures/broken-invoice.json +13 -0
- package/skills/invoicing/scripts/fixtures/valid-invoice.json +15 -0
- package/skills/invoicing/scripts/verify.sh +133 -0
- package/skills/ip-trademark/SKILL.md +186 -0
- package/skills/ip-trademark/evals/README.md +10 -0
- package/skills/ip-trademark/evals/cases.yaml +47 -0
- package/skills/ip-trademark/references/jurisdictions.md +63 -0
- package/skills/ip-trademark/references/ownership-and-licensing.md +90 -0
- package/skills/java/SKILL.md +341 -0
- package/skills/java/evals/README.md +23 -0
- package/skills/java/evals/cases.yaml +43 -0
- package/skills/java/references/builds.md +133 -0
- package/skills/java/references/concurrency.md +108 -0
- package/skills/java/references/streams.md +102 -0
- package/skills/java/scripts/verify.sh +107 -0
- package/skills/knowledge-ops/SKILL.md +125 -0
- package/skills/knowledge-ops/evals/README.md +16 -0
- package/skills/knowledge-ops/evals/cases.yaml +50 -0
- package/skills/knowledge-ops/references/gardening-playbook.md +116 -0
- package/skills/kotlin-android/SKILL.md +245 -0
- package/skills/kotlin-android/evals/README.md +13 -0
- package/skills/kotlin-android/evals/cases.yaml +56 -0
- package/skills/kotlin-android/references/architecture.md +200 -0
- package/skills/kotlin-android/references/gradle-setup.md +125 -0
- package/skills/kotlin-android/scripts/verify.sh +109 -0
- package/skills/kpi-framework/SKILL.md +199 -0
- package/skills/kpi-framework/evals/README.md +11 -0
- package/skills/kpi-framework/evals/cases.yaml +42 -0
- package/skills/kpi-framework/references/definition-and-targets.md +64 -0
- package/skills/kpi-framework/references/metric-catalog.md +84 -0
- package/skills/landing-copy/SKILL.md +153 -0
- package/skills/landing-copy/evals/README.md +18 -0
- package/skills/landing-copy/evals/cases.yaml +63 -0
- package/skills/landing-copy/references/frameworks.md +61 -0
- package/skills/landing-copy/references/page-skeleton.md +92 -0
- package/skills/landing-copy/scripts/verify.sh +164 -0
- package/skills/laravel/SKILL.md +301 -0
- package/skills/laravel/evals/README.md +10 -0
- package/skills/laravel/evals/cases.yaml +45 -0
- package/skills/laravel/references/eloquent-patterns.md +126 -0
- package/skills/laravel/references/queues-and-scheduling.md +153 -0
- package/skills/laravel/scripts/verify.sh +128 -0
- package/skills/lead-gen/SKILL.md +155 -0
- package/skills/lead-gen/evals/README.md +3 -0
- package/skills/lead-gen/evals/cases.yaml +43 -0
- package/skills/lead-gen/references/data-sources.md +87 -0
- package/skills/lead-gen/references/scoring-model.md +93 -0
- package/skills/lead-gen/scripts/verify.sh +179 -0
- package/skills/linkedin-api/SKILL.md +211 -0
- package/skills/linkedin-api/evals/README.md +3 -0
- package/skills/linkedin-api/evals/cases.yaml +41 -0
- package/skills/linkedin-api/references/api-reference.md +168 -0
- package/skills/linkedin-api/scripts/verify.sh +98 -0
- package/skills/linkedin-carousels/SKILL.md +239 -0
- package/skills/linkedin-carousels/evals/README.md +13 -0
- package/skills/linkedin-carousels/evals/cases.yaml +62 -0
- package/skills/linkedin-carousels/references/carousel-patterns.md +200 -0
- package/skills/linkedin-carousels/scripts/verify.sh +160 -0
- package/skills/linkedin-content/SKILL.md +162 -0
- package/skills/linkedin-content/evals/README.md +13 -0
- package/skills/linkedin-content/evals/cases.yaml +62 -0
- package/skills/linkedin-content/references/hooks-and-formats.md +114 -0
- package/skills/linkedin-content/scripts/verify.sh +154 -0
- package/skills/linkedin-outreach/SKILL.md +174 -0
- package/skills/linkedin-outreach/evals/README.md +3 -0
- package/skills/linkedin-outreach/evals/cases.yaml +43 -0
- package/skills/linkedin-outreach/references/ledger-schema.md +48 -0
- package/skills/linkedin-outreach/references/sales-navigator-playbook.md +61 -0
- package/skills/linkedin-outreach/scripts/verify.sh +120 -0
- package/skills/linkedin-strategy/SKILL.md +167 -0
- package/skills/linkedin-strategy/evals/README.md +3 -0
- package/skills/linkedin-strategy/evals/cases.yaml +49 -0
- package/skills/linkedin-strategy/references/ssi-and-pillars.md +59 -0
- package/skills/linkedin-strategy/references/wiki-records.md +62 -0
- package/skills/linkedin-strategy/scripts/verify.sh +120 -0
- package/skills/llm-pipeline/SKILL.md +155 -0
- package/skills/llm-pipeline/evals/README.md +3 -0
- package/skills/llm-pipeline/evals/cases.yaml +44 -0
- package/skills/llm-pipeline/references/caching-layers.md +60 -0
- package/skills/llm-pipeline/references/litellm-router.md +101 -0
- package/skills/llm-pipeline/scripts/verify.sh +169 -0
- package/skills/logistics-ops/SKILL.md +219 -0
- package/skills/logistics-ops/evals/README.md +20 -0
- package/skills/logistics-ops/evals/cases.yaml +48 -0
- package/skills/logistics-ops/references/carriers-and-claims.md +105 -0
- package/skills/market-research/SKILL.md +145 -0
- package/skills/market-research/evals/README.md +3 -0
- package/skills/market-research/evals/cases.yaml +48 -0
- package/skills/market-research/references/demand-signals.md +63 -0
- package/skills/market-research/references/sizing-playbook.md +121 -0
- package/skills/market-research/scripts/verify.sh +215 -0
- package/skills/marketing/SKILL.md +233 -0
- package/skills/marketing/evals/README.md +61 -0
- package/skills/marketing/evals/cases.yaml +84 -0
- package/skills/marketing/references/brand-grounding.md +197 -0
- package/skills/marketing/references/campaigns-and-channels.md +151 -0
- package/skills/marketing/references/copy-frameworks.md +166 -0
- package/skills/marketing/references/landing-copy.md +191 -0
- package/skills/marketing/references/seo-geo.md +391 -0
- package/skills/marketing/scripts/seo_audit.py +166 -0
- package/skills/marketing/scripts/verify.sh +233 -0
- package/skills/medium-publishing/SKILL.md +152 -0
- package/skills/medium-publishing/evals/README.md +3 -0
- package/skills/medium-publishing/evals/cases.yaml +42 -0
- package/skills/medium-publishing/references/cross-post-and-canonical.md +65 -0
- package/skills/medium-publishing/references/legacy-api.md +100 -0
- package/skills/medium-strategy/SKILL.md +161 -0
- package/skills/medium-strategy/evals/README.md +3 -0
- package/skills/medium-strategy/evals/cases.yaml +50 -0
- package/skills/medium-strategy/references/distribution-and-boost.md +65 -0
- package/skills/medium-strategy/references/wiki-records.md +60 -0
- package/skills/medium-strategy/scripts/verify.sh +118 -0
- package/skills/medium-writing/SKILL.md +140 -0
- package/skills/medium-writing/evals/README.md +5 -0
- package/skills/medium-writing/evals/cases.yaml +39 -0
- package/skills/medium-writing/references/title-patterns.md +79 -0
- package/skills/meeting-notes/SKILL.md +168 -0
- package/skills/meeting-notes/evals/README.md +14 -0
- package/skills/meeting-notes/evals/cases.yaml +46 -0
- package/skills/meeting-notes/references/templates.md +140 -0
- package/skills/modal/SKILL.md +307 -0
- package/skills/modal/evals/README.md +29 -0
- package/skills/modal/evals/cases.yaml +50 -0
- package/skills/modal/references/images-gpu-cookbook.md +160 -0
- package/skills/modal/references/web-and-scaling.md +138 -0
- package/skills/modal/scripts/verify.sh +127 -0
- package/skills/mongodb/SKILL.md +342 -0
- package/skills/mongodb/evals/README.md +29 -0
- package/skills/mongodb/evals/cases.yaml +41 -0
- package/skills/mongodb/references/aggregation.md +115 -0
- package/skills/mongodb/references/data-modeling.md +135 -0
- package/skills/mongodb/references/transactions-and-ops.md +128 -0
- package/skills/mongodb/scripts/verify.sh +151 -0
- package/skills/monitoring/SKILL.md +155 -0
- package/skills/monitoring/evals/README.md +3 -0
- package/skills/monitoring/evals/cases.yaml +47 -0
- package/skills/monitoring/references/burn-rate-and-oncall.md +128 -0
- package/skills/monitoring/references/tool-setup.md +154 -0
- package/skills/monitoring/scripts/verify.sh +145 -0
- package/skills/mysql/SKILL.md +249 -0
- package/skills/mysql/evals/README.md +12 -0
- package/skills/mysql/evals/cases.yaml +49 -0
- package/skills/mysql/references/indexing-and-explain.md +161 -0
- package/skills/mysql/references/mysql-vs-mariadb.md +78 -0
- package/skills/mysql/references/online-ddl-and-migrations.md +120 -0
- package/skills/mysql/references/replication-and-ha.md +115 -0
- package/skills/mysql/scripts/verify.sh +141 -0
- package/skills/neon/SKILL.md +218 -0
- package/skills/neon/evals/README.md +11 -0
- package/skills/neon/evals/cases.yaml +45 -0
- package/skills/neon/references/branching-ci.md +86 -0
- package/skills/neon/scripts/verify.sh +78 -0
- package/skills/nestjs/SKILL.md +225 -0
- package/skills/nestjs/evals/README.md +3 -0
- package/skills/nestjs/evals/cases.yaml +38 -0
- package/skills/nestjs/references/cross-cutting.md +135 -0
- package/skills/nestjs/references/testing-recipes.md +105 -0
- package/skills/nestjs/scripts/verify.sh +98 -0
- package/skills/netlify/SKILL.md +208 -0
- package/skills/netlify/evals/README.md +13 -0
- package/skills/netlify/evals/cases.yaml +43 -0
- package/skills/netlify/references/functions.md +97 -0
- package/skills/netlify/references/netlify-toml.md +115 -0
- package/skills/netlify/scripts/verify.sh +95 -0
- package/skills/newsletter/SKILL.md +162 -0
- package/skills/newsletter/evals/README.md +12 -0
- package/skills/newsletter/evals/cases.yaml +42 -0
- package/skills/newsletter/references/growth-loops.md +73 -0
- package/skills/newsletter/references/welcome-sequence.md +62 -0
- package/skills/newsletter/scripts/verify.sh +173 -0
- package/skills/nextjs/SKILL.md +472 -0
- package/skills/nextjs/evals/README.md +59 -0
- package/skills/nextjs/evals/cases.yaml +56 -0
- package/skills/nextjs/references/data-and-caching.md +309 -0
- package/skills/nextjs/references/metadata.md +208 -0
- package/skills/nextjs/references/performance.md +325 -0
- package/skills/nextjs/references/react.md +383 -0
- package/skills/nextjs/references/security.md +239 -0
- package/skills/nextjs/references/testing.md +290 -0
- package/skills/nextjs/scripts/verify.sh +141 -0
- package/skills/no-code-app/SKILL.md +153 -0
- package/skills/no-code-app/evals/README.md +3 -0
- package/skills/no-code-app/evals/cases.yaml +43 -0
- package/skills/no-code-app/references/platform-limits.md +100 -0
- package/skills/nodejs/SKILL.md +242 -0
- package/skills/nodejs/evals/README.md +3 -0
- package/skills/nodejs/evals/cases.yaml +39 -0
- package/skills/nodejs/references/express5-migration.md +53 -0
- package/skills/nodejs/references/graceful-shutdown.md +73 -0
- package/skills/nodejs/scripts/verify.sh +122 -0
- package/skills/notion-connector/SKILL.md +234 -0
- package/skills/notion-connector/evals/README.md +15 -0
- package/skills/notion-connector/evals/cases.yaml +45 -0
- package/skills/notion-connector/references/api-versions.md +63 -0
- package/skills/notion-connector/references/property-shapes.md +110 -0
- package/skills/notion-connector/references/sync-patterns.md +95 -0
- package/skills/notion-connector/scripts/verify.sh +162 -0
- package/skills/observability/SKILL.md +231 -0
- package/skills/observability/evals/README.md +3 -0
- package/skills/observability/evals/cases.yaml +49 -0
- package/skills/observability/references/collector-config.md +98 -0
- package/skills/observability/references/instrumentation-recipes.md +115 -0
- package/skills/observability/scripts/verify.sh +156 -0
- package/skills/ollama/SKILL.md +213 -0
- package/skills/ollama/evals/README.md +9 -0
- package/skills/ollama/evals/cases.yaml +43 -0
- package/skills/ollama/references/api.md +148 -0
- package/skills/ollama/references/hardware-sizing.md +87 -0
- package/skills/ollama/scripts/verify.sh +116 -0
- package/skills/orient/SKILL.md +54 -0
- package/skills/orient/evals/README.md +16 -0
- package/skills/orient/evals/cases.yaml +57 -0
- package/skills/orient/references/orientation-contract.md +34 -0
- package/skills/parallel/SKILL.md +198 -0
- package/skills/parallel/evals/README.md +62 -0
- package/skills/parallel/evals/cases.yaml +44 -0
- package/skills/people-ops/SKILL.md +122 -0
- package/skills/people-ops/evals/README.md +14 -0
- package/skills/people-ops/evals/cases.yaml +43 -0
- package/skills/people-ops/references/templates.md +129 -0
- package/skills/performance/SKILL.md +221 -0
- package/skills/performance/evals/README.md +3 -0
- package/skills/performance/evals/cases.yaml +47 -0
- package/skills/performance/references/profiling-playbook.md +54 -0
- package/skills/performance/scripts/verify.sh +94 -0
- package/skills/phoenix/SKILL.md +169 -0
- package/skills/phoenix/evals/README.md +3 -0
- package/skills/phoenix/evals/cases.yaml +40 -0
- package/skills/phoenix/references/auth-and-scopes.md +82 -0
- package/skills/phoenix/references/ecto-patterns.md +93 -0
- package/skills/phoenix/references/liveview.md +134 -0
- package/skills/phoenix/scripts/verify.sh +73 -0
- package/skills/php/SKILL.md +397 -0
- package/skills/php/evals/README.md +12 -0
- package/skills/php/evals/cases.yaml +45 -0
- package/skills/php/references/tooling.md +170 -0
- package/skills/php/references/type-system.md +220 -0
- package/skills/php/scripts/verify.sh +155 -0
- package/skills/pitch-deck/SKILL.md +209 -0
- package/skills/pitch-deck/evals/README.md +15 -0
- package/skills/pitch-deck/evals/cases.yaml +55 -0
- package/skills/pitch-deck/references/numbers-that-matter.md +78 -0
- package/skills/pitch-deck/references/slide-spine.md +149 -0
- package/skills/pitch-deck/scripts/verify.sh +186 -0
- package/skills/plan/SKILL.md +204 -0
- package/skills/plan/evals/README.md +62 -0
- package/skills/plan/evals/cases.yaml +49 -0
- package/skills/plan/references/plan-template.md +124 -0
- package/skills/planetscale/SKILL.md +223 -0
- package/skills/planetscale/evals/README.md +11 -0
- package/skills/planetscale/evals/cases.yaml +46 -0
- package/skills/planetscale/references/deploy-requests.md +75 -0
- package/skills/planetscale/references/no-foreign-keys.md +88 -0
- package/skills/planetscale/scripts/verify.sh +115 -0
- package/skills/podcast/SKILL.md +166 -0
- package/skills/podcast/evals/README.md +17 -0
- package/skills/podcast/evals/cases.yaml +61 -0
- package/skills/podcast/references/rss-and-namespace.md +136 -0
- package/skills/podcast/scripts/verify.sh +246 -0
- package/skills/postgresdb/SKILL.md +372 -0
- package/skills/postgresdb/evals/README.md +55 -0
- package/skills/postgresdb/evals/cases.yaml +57 -0
- package/skills/postgresdb/references/migrations.md +279 -0
- package/skills/postgresdb/references/operations-and-security.md +267 -0
- package/skills/postgresdb/references/query-optimization.md +374 -0
- package/skills/postgresdb/references/schema-and-indexing.md +379 -0
- package/skills/postgresdb/scripts/verify.sh +191 -0
- package/skills/presentations/SKILL.md +296 -0
- package/skills/presentations/evals/README.md +61 -0
- package/skills/presentations/evals/cases.yaml +56 -0
- package/skills/presentations/references/brand-grounding.md +160 -0
- package/skills/presentations/references/markdown-decks.md +290 -0
- package/skills/presentations/references/pptx-python.md +242 -0
- package/skills/presentations/references/slide-design.md +261 -0
- package/skills/presentations/references/storytelling-and-decks.md +150 -0
- package/skills/presentations/scripts/verify.sh +252 -0
- package/skills/press-kit/SKILL.md +243 -0
- package/skills/press-kit/evals/README.md +15 -0
- package/skills/press-kit/evals/cases.yaml +55 -0
- package/skills/press-kit/references/release-types.md +102 -0
- package/skills/press-kit/references/templates.md +132 -0
- package/skills/press-kit/scripts/verify.sh +161 -0
- package/skills/pricing/SKILL.md +160 -0
- package/skills/pricing/evals/README.md +5 -0
- package/skills/pricing/evals/cases.yaml +44 -0
- package/skills/pricing/references/localization.md +56 -0
- package/skills/pricing/references/pricing-models.md +55 -0
- package/skills/pricing/scripts/verify.sh +91 -0
- package/skills/prisma-orm/SKILL.md +320 -0
- package/skills/prisma-orm/evals/README.md +12 -0
- package/skills/prisma-orm/evals/cases.yaml +56 -0
- package/skills/prisma-orm/references/migrations-and-v7-upgrade.md +197 -0
- package/skills/prisma-orm/references/queries-and-performance.md +169 -0
- package/skills/prisma-orm/scripts/verify.sh +137 -0
- package/skills/procurement/SKILL.md +179 -0
- package/skills/procurement/evals/README.md +20 -0
- package/skills/procurement/evals/cases.yaml +49 -0
- package/skills/procurement/references/scorecard-and-tco.md +100 -0
- package/skills/procurement/references/sourcing-requests.md +116 -0
- package/skills/procurement/scripts/verify.sh +280 -0
- package/skills/project-ops/SKILL.md +130 -0
- package/skills/project-ops/evals/README.md +3 -0
- package/skills/project-ops/evals/cases.yaml +71 -0
- package/skills/project-ops/references/raid-and-rag.md +58 -0
- package/skills/project-ops/references/status-report-template.md +68 -0
- package/skills/project-ops/scripts/verify.sh +257 -0
- package/skills/prompt-engineering/SKILL.md +138 -0
- package/skills/prompt-engineering/evals/README.md +11 -0
- package/skills/prompt-engineering/evals/cases.yaml +46 -0
- package/skills/prompt-engineering/references/eval-templates.md +94 -0
- package/skills/prompt-engineering/references/output-contracts.md +120 -0
- package/skills/prompt-engineering/scripts/verify.sh +84 -0
- package/skills/proposals/SKILL.md +159 -0
- package/skills/proposals/evals/README.md +3 -0
- package/skills/proposals/evals/cases.yaml +53 -0
- package/skills/proposals/references/proposal-skeleton.md +110 -0
- package/skills/proposals/references/sow-skeleton.md +79 -0
- package/skills/proposals/scripts/verify.sh +201 -0
- package/skills/python/SKILL.md +369 -0
- package/skills/python/evals/README.md +19 -0
- package/skills/python/evals/cases.yaml +46 -0
- package/skills/python/references/async.md +136 -0
- package/skills/python/references/stdlib.md +162 -0
- package/skills/python/references/typing.md +160 -0
- package/skills/python/scripts/verify.sh +125 -0
- package/skills/rag/SKILL.md +226 -0
- package/skills/rag/evals/README.md +13 -0
- package/skills/rag/evals/cases.yaml +45 -0
- package/skills/rag/references/evaluation.md +99 -0
- package/skills/rag/references/pipeline.md +151 -0
- package/skills/rag/scripts/verify.sh +99 -0
- package/skills/rails/SKILL.md +264 -0
- package/skills/rails/evals/README.md +12 -0
- package/skills/rails/evals/cases.yaml +47 -0
- package/skills/rails/references/activerecord.md +148 -0
- package/skills/rails/references/hotwire.md +139 -0
- package/skills/rails/references/testing.md +110 -0
- package/skills/rails/scripts/verify.sh +128 -0
- package/skills/railway/SKILL.md +245 -0
- package/skills/railway/evals/README.md +14 -0
- package/skills/railway/evals/cases.yaml +44 -0
- package/skills/railway/references/cli-cookbook.md +137 -0
- package/skills/railway/references/config-as-code.md +120 -0
- package/skills/railway/scripts/verify.sh +162 -0
- package/skills/react/SKILL.md +222 -0
- package/skills/react/evals/README.md +3 -0
- package/skills/react/evals/cases.yaml +43 -0
- package/skills/react/references/data-and-state.md +152 -0
- package/skills/react/references/performance.md +75 -0
- package/skills/react/references/routing.md +99 -0
- package/skills/react/scripts/verify.sh +123 -0
- package/skills/react-native/SKILL.md +220 -0
- package/skills/react-native/evals/README.md +3 -0
- package/skills/react-native/evals/cases.yaml +42 -0
- package/skills/react-native/references/native-modules.md +123 -0
- package/skills/react-native/references/performance-debugging.md +46 -0
- package/skills/react-native/scripts/verify.sh +117 -0
- package/skills/redis/SKILL.md +298 -0
- package/skills/redis/evals/README.md +10 -0
- package/skills/redis/evals/cases.yaml +43 -0
- package/skills/redis/references/caching.md +116 -0
- package/skills/redis/references/locks-and-rate-limiting.md +140 -0
- package/skills/redis/references/queues.md +102 -0
- package/skills/redis/scripts/verify.sh +164 -0
- package/skills/remotion-video/SKILL.md +218 -0
- package/skills/remotion-video/evals/README.md +23 -0
- package/skills/remotion-video/evals/cases.yaml +64 -0
- package/skills/remotion-video/references/captions-pipeline.md +163 -0
- package/skills/remotion-video/references/render-and-pipeline.md +131 -0
- package/skills/remotion-video/scripts/verify.sh +169 -0
- package/skills/render/SKILL.md +256 -0
- package/skills/render/evals/README.md +12 -0
- package/skills/render/evals/cases.yaml +45 -0
- package/skills/render/references/blueprint-reference.md +203 -0
- package/skills/render/scripts/verify.sh +167 -0
- package/skills/replicate/SKILL.md +210 -0
- package/skills/replicate/evals/README.md +9 -0
- package/skills/replicate/evals/cases.yaml +45 -0
- package/skills/replicate/references/cog-packaging.md +89 -0
- package/skills/replicate/references/deployments-api.md +87 -0
- package/skills/replicate/references/webhooks-and-async.md +110 -0
- package/skills/replicate/scripts/verify.sh +162 -0
- package/skills/replicate-images/SKILL.md +241 -0
- package/skills/replicate-images/evals/README.md +13 -0
- package/skills/replicate-images/evals/cases.yaml +41 -0
- package/skills/replicate-images/references/editing-recipes.md +129 -0
- package/skills/replicate-images/references/models.md +131 -0
- package/skills/replicate-images/scripts/verify.sh +178 -0
- package/skills/reporting/SKILL.md +178 -0
- package/skills/reporting/evals/README.md +12 -0
- package/skills/reporting/evals/cases.yaml +46 -0
- package/skills/reporting/references/pipeline.md +213 -0
- package/skills/reporting/scripts/verify.sh +149 -0
- package/skills/research-ops/SKILL.md +200 -0
- package/skills/research-ops/evals/README.md +13 -0
- package/skills/research-ops/evals/cases.yaml +38 -0
- package/skills/research-ops/references/credibility-rubric.md +78 -0
- package/skills/research-ops/references/memo-template.md +63 -0
- package/skills/research-ops/scripts/verify.sh +181 -0
- package/skills/retention/SKILL.md +206 -0
- package/skills/retention/evals/README.md +13 -0
- package/skills/retention/evals/cases.yaml +42 -0
- package/skills/retention/references/health-score-and-metrics.md +97 -0
- package/skills/retention/references/save-and-winback-plays.md +65 -0
- package/skills/review/SKILL.md +222 -0
- package/skills/review/evals/README.md +84 -0
- package/skills/review/evals/cases.yaml +55 -0
- package/skills/review-management/SKILL.md +204 -0
- package/skills/review-management/evals/README.md +13 -0
- package/skills/review-management/evals/cases.yaml +60 -0
- package/skills/review-management/references/platform-apis.md +86 -0
- package/skills/review-management/scripts/verify.sh +128 -0
- package/skills/ruby/SKILL.md +316 -0
- package/skills/ruby/evals/README.md +12 -0
- package/skills/ruby/evals/cases.yaml +41 -0
- package/skills/ruby/references/gems-and-testing.md +208 -0
- package/skills/ruby/references/metaprogramming.md +161 -0
- package/skills/ruby/scripts/verify.sh +83 -0
- package/skills/runpod/SKILL.md +238 -0
- package/skills/runpod/evals/README.md +11 -0
- package/skills/runpod/evals/cases.yaml +47 -0
- package/skills/runpod/references/cost-and-scaling.md +85 -0
- package/skills/runpod/references/serverless-workers.md +101 -0
- package/skills/runpod/scripts/verify.sh +126 -0
- package/skills/rust/SKILL.md +395 -0
- package/skills/rust/evals/README.md +12 -0
- package/skills/rust/evals/cases.yaml +42 -0
- package/skills/rust/references/async-tokio.md +141 -0
- package/skills/rust/references/axum-service.md +132 -0
- package/skills/rust/references/ownership.md +86 -0
- package/skills/rust/references/testing.md +108 -0
- package/skills/rust/scripts/verify.sh +91 -0
- package/skills/sales-pipeline/SKILL.md +162 -0
- package/skills/sales-pipeline/evals/README.md +13 -0
- package/skills/sales-pipeline/evals/cases.yaml +60 -0
- package/skills/sales-pipeline/references/forecasting-math.md +82 -0
- package/skills/sales-pipeline/references/stage-playbook.md +84 -0
- package/skills/sales-pipeline/scripts/verify.sh +210 -0
- package/skills/scaling/SKILL.md +137 -0
- package/skills/scaling/evals/README.md +3 -0
- package/skills/scaling/evals/cases.yaml +42 -0
- package/skills/scaling/references/load-testing-k6.md +127 -0
- package/skills/scaling/scripts/example.load.js +24 -0
- package/skills/scaling/scripts/verify.sh +70 -0
- package/skills/sdd/SKILL.md +203 -0
- package/skills/sdd/evals/README.md +60 -0
- package/skills/sdd/evals/cases.yaml +78 -0
- package/skills/sdd-init/SKILL.md +148 -0
- package/skills/sdd-init/evals/README.md +3 -0
- package/skills/sdd-init/evals/cases.yaml +43 -0
- package/skills/secure-coding/SKILL.md +365 -0
- package/skills/secure-coding/evals/README.md +68 -0
- package/skills/secure-coding/evals/cases.yaml +55 -0
- package/skills/secure-coding/references/authn-authz.md +249 -0
- package/skills/secure-coding/references/owasp-by-stack.md +574 -0
- package/skills/secure-coding/references/secrets-and-supply-chain.md +205 -0
- package/skills/secure-coding/references/threat-modeling.md +213 -0
- package/skills/secure-coding/scripts/verify.sh +208 -0
- package/skills/security-scan/SKILL.md +239 -0
- package/skills/security-scan/evals/README.md +14 -0
- package/skills/security-scan/evals/cases.yaml +50 -0
- package/skills/security-scan/references/tools.md +98 -0
- package/skills/security-scan/references/triage.md +93 -0
- package/skills/security-scan/scripts/verify.sh +108 -0
- package/skills/seo-geo/SKILL.md +192 -0
- package/skills/seo-geo/evals/README.md +14 -0
- package/skills/seo-geo/evals/cases.yaml +45 -0
- package/skills/seo-geo/references/ai-crawler-control.md +104 -0
- package/skills/seo-geo/references/schema-recipes.md +130 -0
- package/skills/seo-geo/scripts/verify.sh +236 -0
- package/skills/ship/SKILL.md +258 -0
- package/skills/ship/evals/README.md +89 -0
- package/skills/ship/evals/cases.yaml +44 -0
- package/skills/shopify/SKILL.md +229 -0
- package/skills/shopify/evals/README.md +14 -0
- package/skills/shopify/evals/cases.yaml +41 -0
- package/skills/shopify/references/apps-graphql.md +103 -0
- package/skills/shopify/references/checkout-extensibility.md +71 -0
- package/skills/shopify/references/liquid-themes.md +89 -0
- package/skills/shopify/scripts/verify.sh +120 -0
- package/skills/shortform-editing/SKILL.md +161 -0
- package/skills/shortform-editing/evals/README.md +16 -0
- package/skills/shortform-editing/evals/cases.yaml +61 -0
- package/skills/shortform-editing/references/captions.md +85 -0
- package/skills/shortform-editing/references/ffmpeg-pipeline.md +126 -0
- package/skills/shortform-editing/scripts/verify.sh +148 -0
- package/skills/shortform-ideation/SKILL.md +153 -0
- package/skills/shortform-ideation/evals/README.md +20 -0
- package/skills/shortform-ideation/evals/cases.yaml +58 -0
- package/skills/shortform-ideation/references/experiment-ledger.md +85 -0
- package/skills/shortform-ideation/references/trend-sources.md +69 -0
- package/skills/shortform-ideation/scripts/verify.sh +172 -0
- package/skills/shortform-packaging/SKILL.md +247 -0
- package/skills/shortform-packaging/evals/README.md +10 -0
- package/skills/shortform-packaging/evals/cases.yaml +48 -0
- package/skills/shortform-packaging/references/package-templates.md +117 -0
- package/skills/shortform-packaging/scripts/verify.sh +210 -0
- package/skills/shortform-strategy/SKILL.md +149 -0
- package/skills/shortform-strategy/evals/README.md +3 -0
- package/skills/shortform-strategy/evals/cases.yaml +52 -0
- package/skills/shortform-strategy/references/learning-loop-template.md +49 -0
- package/skills/shortform-strategy/references/platform-signals-2026.md +46 -0
- package/skills/shortform-strategy/scripts/verify.sh +176 -0
- package/skills/skill-scout/SKILL.md +133 -0
- package/skills/skill-scout/evals/README.md +12 -0
- package/skills/skill-scout/evals/cases.yaml +56 -0
- package/skills/skill-scout/references/install-commands.md +76 -0
- package/skills/skill-scout/scripts/verify.sh +154 -0
- package/skills/social-publisher/SKILL.md +179 -0
- package/skills/social-publisher/evals/README.md +14 -0
- package/skills/social-publisher/evals/cases.yaml +55 -0
- package/skills/social-publisher/references/calendar-schema.md +97 -0
- package/skills/social-publisher/references/platform-limits.md +56 -0
- package/skills/social-publisher/scripts/verify.sh +232 -0
- package/skills/solid-js/SKILL.md +260 -0
- package/skills/solid-js/evals/README.md +3 -0
- package/skills/solid-js/evals/cases.yaml +38 -0
- package/skills/solid-js/references/reactivity-deep-dive.md +89 -0
- package/skills/solid-js/references/router-and-start.md +93 -0
- package/skills/solid-js/scripts/verify.sh +130 -0
- package/skills/sop-builder/SKILL.md +233 -0
- package/skills/sop-builder/evals/README.md +14 -0
- package/skills/sop-builder/evals/cases.yaml +48 -0
- package/skills/sop-builder/references/sop-skeleton.md +170 -0
- package/skills/specify/SKILL.md +214 -0
- package/skills/specify/evals/README.md +73 -0
- package/skills/specify/evals/cases.yaml +80 -0
- package/skills/specify/references/eliciting-requirements.md +77 -0
- package/skills/specify/references/spec-template.md +60 -0
- package/skills/spreadsheet-ops/SKILL.md +180 -0
- package/skills/spreadsheet-ops/evals/README.md +33 -0
- package/skills/spreadsheet-ops/evals/cases.yaml +42 -0
- package/skills/spreadsheet-ops/references/formula-cookbook.md +70 -0
- package/skills/spreadsheet-ops/references/python-excel.md +87 -0
- package/skills/spreadsheet-ops/references/sheets-api-appsscript.md +118 -0
- package/skills/spreadsheet-ops/scripts/verify.sh +152 -0
- package/skills/spring-boot/SKILL.md +375 -0
- package/skills/spring-boot/evals/README.md +11 -0
- package/skills/spring-boot/evals/cases.yaml +49 -0
- package/skills/spring-boot/references/jpa.md +94 -0
- package/skills/spring-boot/references/security.md +92 -0
- package/skills/spring-boot/references/testing.md +95 -0
- package/skills/spring-boot/scripts/verify.sh +115 -0
- package/skills/sql/SKILL.md +286 -0
- package/skills/sql/evals/README.md +9 -0
- package/skills/sql/evals/cases.yaml +49 -0
- package/skills/sql/references/ctes-and-recursion.md +63 -0
- package/skills/sql/references/joins-and-sets.md +71 -0
- package/skills/sql/references/portability.md +38 -0
- package/skills/sql/references/window-functions.md +72 -0
- package/skills/sql/scripts/verify.sh +139 -0
- package/skills/sqlite-turso/SKILL.md +214 -0
- package/skills/sqlite-turso/evals/README.md +24 -0
- package/skills/sqlite-turso/evals/cases.yaml +45 -0
- package/skills/sqlite-turso/references/embedded-replicas.md +96 -0
- package/skills/sqlite-turso/scripts/verify.sh +95 -0
- package/skills/stripe/SKILL.md +269 -0
- package/skills/stripe/evals/README.md +11 -0
- package/skills/stripe/evals/cases.yaml +45 -0
- package/skills/stripe/references/going-live.md +64 -0
- package/skills/stripe/references/webhook-events.md +79 -0
- package/skills/stripe/scripts/verify.sh +130 -0
- package/skills/structured-extraction/SKILL.md +230 -0
- package/skills/structured-extraction/evals/README.md +13 -0
- package/skills/structured-extraction/evals/cases.yaml +70 -0
- package/skills/structured-extraction/references/providers.md +152 -0
- package/skills/structured-extraction/scripts/verify.sh +160 -0
- package/skills/suggest/SKILL.md +30 -0
- package/skills/suggest/evals/README.md +14 -0
- package/skills/suggest/evals/cases.yaml +51 -0
- package/skills/supabase/SKILL.md +268 -0
- package/skills/supabase/evals/README.md +12 -0
- package/skills/supabase/evals/cases.yaml +42 -0
- package/skills/supabase/references/auth-ssr.md +173 -0
- package/skills/supabase/references/rls-cookbook.md +122 -0
- package/skills/supabase/scripts/verify.sh +149 -0
- package/skills/svelte/SKILL.md +238 -0
- package/skills/svelte/evals/README.md +3 -0
- package/skills/svelte/evals/cases.yaml +41 -0
- package/skills/svelte/references/runes.md +97 -0
- package/skills/svelte/references/sveltekit-data.md +156 -0
- package/skills/svelte/scripts/verify.sh +128 -0
- package/skills/swift-ios/SKILL.md +217 -0
- package/skills/swift-ios/evals/README.md +3 -0
- package/skills/swift-ios/evals/cases.yaml +46 -0
- package/skills/swift-ios/references/concurrency.md +132 -0
- package/skills/swift-ios/references/testing.md +112 -0
- package/skills/swift-ios/scripts/verify.sh +98 -0
- package/skills/tasks/SKILL.md +260 -0
- package/skills/tasks/evals/README.md +70 -0
- package/skills/tasks/evals/cases.yaml +75 -0
- package/skills/tauri/SKILL.md +224 -0
- package/skills/tauri/evals/README.md +12 -0
- package/skills/tauri/evals/cases.yaml +46 -0
- package/skills/tauri/references/bundling-distribution.md +129 -0
- package/skills/tauri/references/security.md +143 -0
- package/skills/tauri/scripts/verify.sh +178 -0
- package/skills/technical-writing/SKILL.md +230 -0
- package/skills/technical-writing/evals/README.md +12 -0
- package/skills/technical-writing/evals/cases.yaml +53 -0
- package/skills/technical-writing/references/diataxis-modes.md +131 -0
- package/skills/technical-writing/references/vale-starter.md +90 -0
- package/skills/technical-writing/scripts/verify.sh +83 -0
- package/skills/terms-conditions/SKILL.md +147 -0
- package/skills/terms-conditions/evals/README.md +14 -0
- package/skills/terms-conditions/evals/cases.yaml +48 -0
- package/skills/terms-conditions/references/clause-library.md +158 -0
- package/skills/terms-conditions/references/notices-and-aup.md +125 -0
- package/skills/terms-conditions/scripts/verify.sh +92 -0
- package/skills/testing-go/SKILL.md +246 -0
- package/skills/testing-go/evals/README.md +3 -0
- package/skills/testing-go/evals/cases.yaml +44 -0
- package/skills/testing-go/references/coverage-and-benchmarks.md +85 -0
- package/skills/testing-go/references/mocks-and-fakes.md +140 -0
- package/skills/testing-go/references/synctest-and-concurrency.md +82 -0
- package/skills/testing-go/scripts/verify.sh +72 -0
- package/skills/testing-py/SKILL.md +179 -0
- package/skills/testing-py/evals/README.md +5 -0
- package/skills/testing-py/evals/cases.yaml +44 -0
- package/skills/testing-py/references/mocking.md +141 -0
- package/skills/testing-py/references/property-testing.md +99 -0
- package/skills/testing-py/scripts/verify.sh +117 -0
- package/skills/testing-web/SKILL.md +224 -0
- package/skills/testing-web/evals/README.md +11 -0
- package/skills/testing-web/evals/cases.yaml +52 -0
- package/skills/testing-web/references/jest-setup.md +88 -0
- package/skills/testing-web/references/recipes.md +116 -0
- package/skills/testing-web/scripts/verify.sh +111 -0
- package/skills/tiktok-api/SKILL.md +315 -0
- package/skills/tiktok-api/evals/README.md +17 -0
- package/skills/tiktok-api/evals/cases.yaml +51 -0
- package/skills/tiktok-api/references/metrics-and-publish.md +127 -0
- package/skills/tiktok-api/references/oauth-setup.md +105 -0
- package/skills/tiktok-api/references/wiki-schema.md +85 -0
- package/skills/tiktok-api/scripts/verify.sh +96 -0
- package/skills/together-fireworks/SKILL.md +181 -0
- package/skills/together-fireworks/evals/README.md +3 -0
- package/skills/together-fireworks/evals/cases.yaml +50 -0
- package/skills/together-fireworks/references/batch-and-tuning.md +59 -0
- package/skills/together-fireworks/references/models-and-pricing.md +79 -0
- package/skills/together-fireworks/scripts/verify.sh +165 -0
- package/skills/translation-l10n/SKILL.md +229 -0
- package/skills/translation-l10n/evals/README.md +3 -0
- package/skills/translation-l10n/evals/cases.yaml +39 -0
- package/skills/translation-l10n/references/icu-cookbook.md +82 -0
- package/skills/translation-l10n/references/rtl-and-bidi.md +60 -0
- package/skills/typescript/SKILL.md +258 -0
- package/skills/typescript/evals/README.md +15 -0
- package/skills/typescript/evals/cases.yaml +46 -0
- package/skills/typescript/references/build-and-monorepo.md +141 -0
- package/skills/typescript/references/type-system.md +162 -0
- package/skills/typescript/scripts/verify.sh +52 -0
- package/skills/unit-economics/SKILL.md +180 -0
- package/skills/unit-economics/evals/README.md +5 -0
- package/skills/unit-economics/evals/cases.yaml +43 -0
- package/skills/unit-economics/references/formulas.md +144 -0
- package/skills/unit-economics/scripts/verify.sh +179 -0
- package/skills/vector-db/SKILL.md +189 -0
- package/skills/vector-db/evals/README.md +10 -0
- package/skills/vector-db/evals/cases.yaml +45 -0
- package/skills/vector-db/references/engines.md +175 -0
- package/skills/vector-db/references/tuning.md +62 -0
- package/skills/vector-db/scripts/verify.sh +110 -0
- package/skills/vercel/SKILL.md +242 -0
- package/skills/vercel/evals/README.md +23 -0
- package/skills/vercel/evals/cases.yaml +45 -0
- package/skills/vercel/references/cli-cookbook.md +98 -0
- package/skills/vercel/references/vercel-json.md +120 -0
- package/skills/vercel/scripts/verify.sh +168 -0
- package/skills/verify/SKILL.md +188 -0
- package/skills/verify/evals/README.md +78 -0
- package/skills/verify/evals/cases.yaml +74 -0
- package/skills/video-shorts/SKILL.md +163 -0
- package/skills/video-shorts/evals/README.md +15 -0
- package/skills/video-shorts/evals/cases.yaml +56 -0
- package/skills/video-shorts/references/hook-and-script-patterns.md +95 -0
- package/skills/video-shorts/references/specs-and-safe-zones.md +74 -0
- package/skills/video-shorts/scripts/verify.sh +172 -0
- package/skills/vue-nuxt/SKILL.md +384 -0
- package/skills/vue-nuxt/evals/README.md +11 -0
- package/skills/vue-nuxt/evals/cases.yaml +49 -0
- package/skills/vue-nuxt/references/data-and-state.md +127 -0
- package/skills/vue-nuxt/references/migration-nuxt4.md +79 -0
- package/skills/vue-nuxt/references/nitro-and-rendering.md +117 -0
- package/skills/vue-nuxt/references/reactivity.md +135 -0
- package/skills/vue-nuxt/scripts/verify.sh +148 -0
- package/skills/webhooks/SKILL.md +246 -0
- package/skills/webhooks/evals/README.md +15 -0
- package/skills/webhooks/evals/cases.yaml +46 -0
- package/skills/webhooks/references/framework-raw-body.md +97 -0
- package/skills/webhooks/references/signature-schemes.md +66 -0
- package/skills/webhooks/scripts/verify.sh +142 -0
- package/skills/webinar/SKILL.md +196 -0
- package/skills/webinar/evals/README.md +14 -0
- package/skills/webinar/evals/cases.yaml +44 -0
- package/skills/webinar/references/email-cadence.md +75 -0
- package/skills/webinar/references/run-of-show.md +83 -0
- package/skills/whatsapp-telegram/SKILL.md +235 -0
- package/skills/whatsapp-telegram/evals/README.md +11 -0
- package/skills/whatsapp-telegram/evals/cases.yaml +44 -0
- package/skills/whatsapp-telegram/references/telegram-bot-api.md +91 -0
- package/skills/whatsapp-telegram/references/whatsapp-cloud-api.md +103 -0
- package/skills/whatsapp-telegram/scripts/verify.sh +90 -0
- package/skills/wordpress/SKILL.md +224 -0
- package/skills/wordpress/evals/README.md +3 -0
- package/skills/wordpress/evals/cases.yaml +50 -0
- package/skills/wordpress/references/hardening.md +108 -0
- package/skills/wordpress/references/performance.md +80 -0
- package/skills/wordpress/references/woocommerce.md +65 -0
- package/skills/wordpress/scripts/verify.sh +96 -0
- package/skills/worktrees/SKILL.md +199 -0
- package/skills/worktrees/evals/README.md +78 -0
- package/skills/worktrees/evals/cases.yaml +47 -0
- package/skills/youtube-api/SKILL.md +286 -0
- package/skills/youtube-api/evals/README.md +3 -0
- package/skills/youtube-api/evals/cases.yaml +50 -0
- package/skills/youtube-api/references/analytics-queries.md +89 -0
- package/skills/youtube-api/references/oauth-setup.md +55 -0
- package/skills/youtube-api/references/wiki-schema.md +70 -0
- package/skills/youtube-api/scripts/verify.sh +84 -0
- package/skills/youtube-ideation/SKILL.md +234 -0
- package/skills/youtube-ideation/evals/README.md +14 -0
- package/skills/youtube-ideation/evals/cases.yaml +52 -0
- package/skills/youtube-ideation/references/idea-ledger-and-loop.md +89 -0
- package/skills/youtube-ideation/references/research-and-signals.md +92 -0
- package/skills/youtube-ideation/scripts/verify.sh +237 -0
- package/skills/youtube-packaging/SKILL.md +220 -0
- package/skills/youtube-packaging/evals/README.md +16 -0
- package/skills/youtube-packaging/evals/cases.yaml +48 -0
- package/skills/youtube-packaging/references/description-and-chapters.md +135 -0
- package/skills/youtube-packaging/scripts/verify.sh +250 -0
- package/skills/youtube-strategy/SKILL.md +157 -0
- package/skills/youtube-strategy/evals/README.md +5 -0
- package/skills/youtube-strategy/evals/cases.yaml +61 -0
- package/skills/youtube-strategy/references/channel-architecture.md +46 -0
- package/skills/youtube-strategy/references/wiki-records.md +86 -0
- package/skills/youtube-strategy/scripts/verify.sh +118 -0
- package/skills/youtube-thumbnails/SKILL.md +180 -0
- package/skills/youtube-thumbnails/evals/README.md +11 -0
- package/skills/youtube-thumbnails/evals/cases.yaml +48 -0
- package/skills/youtube-thumbnails/references/composition-and-specs.md +69 -0
- package/skills/youtube-thumbnails/references/experiment-log-format.md +65 -0
- package/skills/youtube-thumbnails/scripts/verify.sh +123 -0
- package/targets/claude.js +23 -0
- package/targets/codex.js +29 -0
- package/targets/cursor.js +20 -0
- package/targets/gemini.js +29 -0
- package/targets/index.js +55 -0
|
@@ -0,0 +1,327 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: gcp-essentials
|
|
3
|
+
description: "Use when running a small product on the core of Google Cloud with the gcloud CLI: creating a project, deploying a container to Cloud Run, standing up a Cloud Storage bucket, a managed Cloud SQL Postgres/MySQL, and wiring them together with least-privilege IAM. Triggers: 'deploy to Cloud Run', 'gcloud run deploy', 'set up a GCP project', 'crear bucket en GCP', 'desplegar a Cloud Run', 'service account sin claves JSON', 'why is my Cloud Run running as the default service account', 'connect Cloud Run to Cloud SQL', 'turn off the bucket public access'. NOT AWS (that is aws-essentials)."
|
|
4
|
+
tags: [gcp, cloud-run, cloud-sql, cloud-storage, iam, gcloud, serverless, devops]
|
|
5
|
+
recommends: [aws-essentials, docker, github-actions, secure-coding, postgresdb, deployment, monitoring, backups]
|
|
6
|
+
origin: risco
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# GCP essentials
|
|
10
|
+
|
|
11
|
+
Get a small product running on the core of Google Cloud — safely and cheaply — with
|
|
12
|
+
the `gcloud` CLI as the source of truth. The console is fine for reading; the CLI is
|
|
13
|
+
what you commit, review, and reproduce. Bias toward **secure-by-default and near-zero
|
|
14
|
+
bill**, not "every GCP service".
|
|
15
|
+
|
|
16
|
+
Four primitives carry most products, plus the project/billing scaffold under them:
|
|
17
|
+
|
|
18
|
+
- **IAM** — who can do what. Get this wrong and nothing else matters.
|
|
19
|
+
- **Cloud Run** — serverless containers, scale to zero.
|
|
20
|
+
- **Cloud Storage** — object storage (buckets).
|
|
21
|
+
- **Cloud SQL** — managed Postgres/MySQL.
|
|
22
|
+
|
|
23
|
+
Out of scope, route elsewhere: AWS -> `aws-essentials`. Building/shipping the image
|
|
24
|
+
itself -> `docker` / `github-actions` / [`../deployment/SKILL.md`](../deployment/SKILL.md).
|
|
25
|
+
Postgres schema/index/query tuning -> [`../postgresdb/SKILL.md`](../postgresdb/SKILL.md).
|
|
26
|
+
App-level injection/secret-handling review -> [`../secure-coding/SKILL.md`](../secure-coding/SKILL.md).
|
|
27
|
+
Logging/alerting/SLOs as a practice -> `monitoring`. Backup strategy as a discipline
|
|
28
|
+
-> `backups`. One-click PaaS where you never touch IAM/VPC -> [`../vercel/SKILL.md`](../vercel/SKILL.md)
|
|
29
|
+
/ [`../railway/SKILL.md`](../railway/SKILL.md) / [`../render/SKILL.md`](../render/SKILL.md)
|
|
30
|
+
/ [`../fly-io/SKILL.md`](../fly-io/SKILL.md).
|
|
31
|
+
|
|
32
|
+
## 0. Bootstrap a project
|
|
33
|
+
|
|
34
|
+
One project per environment (e.g. `acme-prod`, `acme-staging`). Projects are the IAM
|
|
35
|
+
and billing boundary; mixing prod and dev in one project is how a staging credential
|
|
36
|
+
deletes prod data.
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
# Create the project and point gcloud at it
|
|
40
|
+
gcloud projects create acme-prod --name="Acme prod"
|
|
41
|
+
gcloud config set project acme-prod
|
|
42
|
+
gcloud config set run/region europe-west1 # set once; every run command inherits it
|
|
43
|
+
|
|
44
|
+
# Link billing (no billing = APIs 403). Find your account id first:
|
|
45
|
+
gcloud billing accounts list
|
|
46
|
+
gcloud billing projects link acme-prod --billing-account=0X0X0X-0X0X0X-0X0X0X
|
|
47
|
+
|
|
48
|
+
# Enable ONLY the APIs this product needs. Why: every enabled API widens the
|
|
49
|
+
# attack surface and some bill the moment they are on.
|
|
50
|
+
gcloud services enable \
|
|
51
|
+
run.googleapis.com \
|
|
52
|
+
sqladmin.googleapis.com \
|
|
53
|
+
storage.googleapis.com \
|
|
54
|
+
secretmanager.googleapis.com \
|
|
55
|
+
iam.googleapis.com
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
## 1. IAM without footguns
|
|
59
|
+
|
|
60
|
+
A binding is `member + role` on a resource. Members come in three flavours you will
|
|
61
|
+
actually type:
|
|
62
|
+
|
|
63
|
+
| Member type | Syntax | Use for |
|
|
64
|
+
|------------------|-------------------------------------|----------------------------------|
|
|
65
|
+
| User | `user:alice@acme.com` | a human |
|
|
66
|
+
| Group | `group:eng@acme.com` | a team (manage in Workspace) |
|
|
67
|
+
| Service account | `serviceAccount:NAME@PROJ.iam.gserviceaccount.com` | a workload identity |
|
|
68
|
+
|
|
69
|
+
Grant grammar — bind at the smallest resource that works (project here, but prefer
|
|
70
|
+
bucket/instance scope when the role supports it):
|
|
71
|
+
|
|
72
|
+
```bash
|
|
73
|
+
gcloud projects add-iam-policy-binding acme-prod \
|
|
74
|
+
--member="serviceAccount:api@acme-prod.iam.gserviceaccount.com" \
|
|
75
|
+
--role="roles/cloudsql.client"
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
Choosing a role:
|
|
79
|
+
|
|
80
|
+
| Role kind | Example | When |
|
|
81
|
+
|----------------|-------------------------------|-------------------------------------------------------------|
|
|
82
|
+
| Primitive | `roles/owner`, `roles/editor` | Almost never on a workload — project-wide, far too broad. |
|
|
83
|
+
| **Predefined** | `roles/storage.objectAdmin` | **Default.** Google-maintained, scoped to one service. |
|
|
84
|
+
| Custom | your own permission list | Only when no predefined role fits — you now own the upkeep. |
|
|
85
|
+
|
|
86
|
+
Two hard rules, each with teeth:
|
|
87
|
+
|
|
88
|
+
1. **Never run a workload as the default compute service account.** It carries
|
|
89
|
+
`Editor` on the whole project, so a single RCE in your container = full project
|
|
90
|
+
takeover. Mint a dedicated SA per service and pass it explicitly (see Cloud Run).
|
|
91
|
+
```bash
|
|
92
|
+
gcloud iam service-accounts create api-sa --display-name="api runtime"
|
|
93
|
+
```
|
|
94
|
+
2. **Never create service-account JSON keys.** A leaked key is a long-lived,
|
|
95
|
+
un-rotated credential. Use the *attached* SA on Cloud Run/Compute, and Workload
|
|
96
|
+
Identity Federation for external/CI auth (GitHub Actions). If `... keys create` is
|
|
97
|
+
in your runbook, the runbook is wrong.
|
|
98
|
+
|
|
99
|
+
WIF for keyless CI, SA impersonation, IAM Recommender and Conditions live in
|
|
100
|
+
[`references/iam-and-auth.md`](references/iam-and-auth.md).
|
|
101
|
+
|
|
102
|
+
## 2. Cloud Run
|
|
103
|
+
|
|
104
|
+
Minimal *safe* deploy: dedicated runtime SA, explicit region, no anonymous ingress.
|
|
105
|
+
|
|
106
|
+
```bash
|
|
107
|
+
gcloud run deploy api \
|
|
108
|
+
--image=europe-west1-docker.pkg.dev/acme-prod/app/api:1.4.0 \
|
|
109
|
+
--region=europe-west1 \
|
|
110
|
+
--service-account=api-sa@acme-prod.iam.gserviceaccount.com \
|
|
111
|
+
--no-allow-unauthenticated
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
- `--service-account` sets the runtime identity. Omit it and the revision runs as the
|
|
115
|
+
over-privileged default compute SA — the rule-1 footgun. Always pass it.
|
|
116
|
+
- `--no-allow-unauthenticated` keeps the service private (callers need
|
|
117
|
+
`roles/run.invoker`). Flip to `--allow-unauthenticated` *only* for a genuinely public
|
|
118
|
+
endpoint. Open by accident and you have shipped an unauthenticated API.
|
|
119
|
+
|
|
120
|
+
Production knobs:
|
|
121
|
+
|
|
122
|
+
```bash
|
|
123
|
+
# Cold starts hurt: pin a warm instance and boost CPU on startup.
|
|
124
|
+
# Default min-instances is 0 (scales to zero); default max is 100 (your cost ceiling).
|
|
125
|
+
gcloud run services update api --region=europe-west1 \
|
|
126
|
+
--min-instances=1 --cpu-boost --max-instances=20
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
Config vs secrets — **secrets never go in `--set-env-vars`**, because env vars show up
|
|
130
|
+
in plaintext in `describe`, logs and the console. Mount them from Secret Manager:
|
|
131
|
+
|
|
132
|
+
```bash
|
|
133
|
+
gcloud run deploy api --region=europe-west1 \
|
|
134
|
+
--service-account=api-sa@acme-prod.iam.gserviceaccount.com \
|
|
135
|
+
--set-env-vars="LOG_LEVEL=info" \
|
|
136
|
+
--set-secrets="DB_PASSWORD=db-password:latest"
|
|
137
|
+
```
|
|
138
|
+
|
|
139
|
+
## 3. Cloud Storage
|
|
140
|
+
|
|
141
|
+
Create buckets locked down; loosen deliberately, never the reverse.
|
|
142
|
+
|
|
143
|
+
```bash
|
|
144
|
+
gcloud storage buckets create gs://acme-prod-uploads \
|
|
145
|
+
--location=europe-west1 \
|
|
146
|
+
--uniform-bucket-level-access \
|
|
147
|
+
--public-access-prevention
|
|
148
|
+
```
|
|
149
|
+
|
|
150
|
+
- `--uniform-bucket-level-access` (UBLA) turns off per-object ACLs so access is *only*
|
|
151
|
+
IAM — one place to reason about, one place to audit. There is a 90-day window to
|
|
152
|
+
revert UBLA; after that it is permanent, so set it at creation.
|
|
153
|
+
- `--public-access-prevention` makes a public grant impossible even by mistake.
|
|
154
|
+
|
|
155
|
+
Grant access to the workload, not the world:
|
|
156
|
+
|
|
157
|
+
```bash
|
|
158
|
+
gcloud storage buckets add-iam-policy-binding gs://acme-prod-uploads \
|
|
159
|
+
--member="serviceAccount:api-sa@acme-prod.iam.gserviceaccount.com" \
|
|
160
|
+
--role="roles/storage.objectAdmin"
|
|
161
|
+
```
|
|
162
|
+
|
|
163
|
+
Need to hand a file to an anonymous browser? Use a **signed URL** (time-limited),
|
|
164
|
+
never `allUsers`:
|
|
165
|
+
|
|
166
|
+
```bash
|
|
167
|
+
gcloud storage sign-url gs://acme-prod-uploads/report.pdf --duration=15m \
|
|
168
|
+
--impersonate-service-account=api-sa@acme-prod.iam.gserviceaccount.com
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
`--impersonate-service-account` is not decoration. Signing needs a private key, and the
|
|
172
|
+
keyless model this skill mandates (attached SA, no JSON keys) hands you an ADC *token*,
|
|
173
|
+
not a key. The flag tells gcloud to sign via the IAM `signBlob` API instead — so the
|
|
174
|
+
caller must hold `roles/iam.serviceAccountTokenCreator` (which grants
|
|
175
|
+
`iam.serviceAccounts.signBlob`) **on `api-sa`**. Without it, the command fails or
|
|
176
|
+
silently wants a key file, which would reopen the rule-2 footgun. Grant it once:
|
|
177
|
+
|
|
178
|
+
```bash
|
|
179
|
+
gcloud iam service-accounts add-iam-policy-binding \
|
|
180
|
+
api-sa@acme-prod.iam.gserviceaccount.com \
|
|
181
|
+
--member="serviceAccount:api-sa@acme-prod.iam.gserviceaccount.com" \
|
|
182
|
+
--role="roles/iam.serviceAccountTokenCreator"
|
|
183
|
+
```
|
|
184
|
+
|
|
185
|
+
Durability one-liners:
|
|
186
|
+
|
|
187
|
+
```bash
|
|
188
|
+
gcloud storage buckets update gs://acme-prod-uploads --versioning # keep old versions
|
|
189
|
+
gcloud storage buckets update gs://acme-prod-uploads \
|
|
190
|
+
--lifecycle-file=lifecycle.json # auto-expire/age out
|
|
191
|
+
```
|
|
192
|
+
|
|
193
|
+
## 4. Cloud SQL
|
|
194
|
+
|
|
195
|
+
Create a managed Postgres with a private IP and **no** public IP — the public IP is
|
|
196
|
+
the part that gets scanned and brute-forced.
|
|
197
|
+
|
|
198
|
+
```bash
|
|
199
|
+
gcloud sql instances create acme-db \
|
|
200
|
+
--database-version=POSTGRES_16 \
|
|
201
|
+
--edition=ENTERPRISE \
|
|
202
|
+
--region=europe-west1 \
|
|
203
|
+
--tier=db-f1-micro \
|
|
204
|
+
--no-assign-ip \
|
|
205
|
+
--network=projects/acme-prod/global/networks/default
|
|
206
|
+
```
|
|
207
|
+
|
|
208
|
+
`--edition=ENTERPRISE` is **mandatory** here, not optional. From POSTGRES_16 up the
|
|
209
|
+
default edition is Enterprise *Plus*, which only runs on N2/C4A/N4 machine series — the
|
|
210
|
+
shared-core `db-f1-micro` is an Enterprise-only tier, so the create **fails** without
|
|
211
|
+
this flag. Want the cheapest box? Stay on Enterprise. Reach for Enterprise Plus only
|
|
212
|
+
when you actually need its dedicated cores and faster failover, and drop `--tier` for a
|
|
213
|
+
`--cpu`/`--memory` pair then.
|
|
214
|
+
|
|
215
|
+
Put the password in Secret Manager, not in a flag or a file:
|
|
216
|
+
|
|
217
|
+
```bash
|
|
218
|
+
gcloud sql users create app --instance=acme-db --password="$(openssl rand -base64 24)"
|
|
219
|
+
printf '%s' "$(openssl rand -base64 24)" | \
|
|
220
|
+
gcloud secrets create db-password --data-file=-
|
|
221
|
+
```
|
|
222
|
+
|
|
223
|
+
Attach the instance to Cloud Run — serverless connects over a Unix socket, **no Auth
|
|
224
|
+
Proxy sidecar needed**:
|
|
225
|
+
|
|
226
|
+
```bash
|
|
227
|
+
gcloud run deploy api --region=europe-west1 \
|
|
228
|
+
--service-account=api-sa@acme-prod.iam.gserviceaccount.com \
|
|
229
|
+
--add-cloudsql-instances=acme-prod:europe-west1:acme-db \
|
|
230
|
+
--set-secrets="DB_PASSWORD=db-password:latest"
|
|
231
|
+
# In the app, connect via the socket:
|
|
232
|
+
# host=/cloudsql/acme-prod:europe-west1:acme-db
|
|
233
|
+
```
|
|
234
|
+
|
|
235
|
+
The Cloud SQL **Auth Proxy** (short-lived certs, TLS 1.3) is for connecting from
|
|
236
|
+
*outside* — local dev or a non-serverless host — not for Cloud Run. Private IP, PSC
|
|
237
|
+
and proxy invocation are in [`references/networking-and-sql.md`](references/networking-and-sql.md).
|
|
238
|
+
|
|
239
|
+
## 5. Wire it together
|
|
240
|
+
|
|
241
|
+
One service, one dedicated SA, exactly the roles it needs — and nothing else.
|
|
242
|
+
|
|
243
|
+
```bash
|
|
244
|
+
# Identity
|
|
245
|
+
gcloud iam service-accounts create api-sa --display-name="api runtime"
|
|
246
|
+
SA=api-sa@acme-prod.iam.gserviceaccount.com
|
|
247
|
+
|
|
248
|
+
# Exactly four predefined roles. No Editor, no Owner.
|
|
249
|
+
gcloud projects add-iam-policy-binding acme-prod \
|
|
250
|
+
--member="serviceAccount:$SA" --role="roles/cloudsql.client"
|
|
251
|
+
gcloud secrets add-iam-policy-binding db-password \
|
|
252
|
+
--member="serviceAccount:$SA" --role="roles/secretmanager.secretAccessor"
|
|
253
|
+
gcloud storage buckets add-iam-policy-binding gs://acme-prod-uploads \
|
|
254
|
+
--member="serviceAccount:$SA" --role="roles/storage.objectAdmin"
|
|
255
|
+
|
|
256
|
+
# Deploy with all three wired in
|
|
257
|
+
gcloud run deploy api --region=europe-west1 \
|
|
258
|
+
--image=europe-west1-docker.pkg.dev/acme-prod/app/api:1.4.0 \
|
|
259
|
+
--service-account="$SA" \
|
|
260
|
+
--no-allow-unauthenticated \
|
|
261
|
+
--add-cloudsql-instances=acme-prod:europe-west1:acme-db \
|
|
262
|
+
--set-secrets="DB_PASSWORD=db-password:latest" \
|
|
263
|
+
--set-env-vars="BUCKET=acme-prod-uploads"
|
|
264
|
+
```
|
|
265
|
+
|
|
266
|
+
Note the scoping: `cloudsql.client` is project-wide (the role needs it), but the
|
|
267
|
+
storage and secret grants are bound to the *specific* bucket and secret, not the
|
|
268
|
+
project. Grant narrow.
|
|
269
|
+
|
|
270
|
+
## 6. Cost & teardown
|
|
271
|
+
|
|
272
|
+
- Cloud Run scales to zero by default — an idle service costs ~nothing. Keep
|
|
273
|
+
`--min-instances=0` on staging.
|
|
274
|
+
- Cap blast radius with `--max-instances` and a budget alert (full command in
|
|
275
|
+
[`references/deploy-recipes.md`](references/deploy-recipes.md)):
|
|
276
|
+
```bash
|
|
277
|
+
gcloud billing budgets create --billing-account=0X0X0X-0X0X0X-0X0X0X \
|
|
278
|
+
--display-name="acme-prod" --budget-amount=50 \
|
|
279
|
+
--threshold-rule=percent=0.9
|
|
280
|
+
```
|
|
281
|
+
- Tear down in dependency order so nothing dangles:
|
|
282
|
+
```bash
|
|
283
|
+
gcloud run services delete api --region=europe-west1
|
|
284
|
+
gcloud sql instances delete acme-db
|
|
285
|
+
gcloud storage rm --recursive gs://acme-prod-uploads
|
|
286
|
+
```
|
|
287
|
+
|
|
288
|
+
## Anti-patterns
|
|
289
|
+
|
|
290
|
+
| Bad | Good | Why |
|
|
291
|
+
|-----|------|-----|
|
|
292
|
+
| Deploy with no `--service-account` | Pass a dedicated per-service SA | Default compute SA has Editor; an RCE becomes project takeover |
|
|
293
|
+
| `gcloud iam service-accounts keys create key.json` | Attached SA + Workload Identity Federation | JSON keys are long-lived, leak, and are rarely rotated |
|
|
294
|
+
| `--role=roles/editor` on a workload SA | Scoped predefined roles (`cloudsql.client`, …) | Primitive roles grant far more than the service needs |
|
|
295
|
+
| Bucket public via `allUsers` | Signed URL via `--impersonate-service-account` (+ Token Creator) | A public bucket is a data leak; keyless signing needs `signBlob`, not a key file |
|
|
296
|
+
| Bucket created without UBLA/PAP | `--uniform-bucket-level-access --public-access-prevention` at create | ACLs sprawl; PAP blocks accidental public grants |
|
|
297
|
+
| Cloud SQL with public IP open to `0.0.0.0/0` | `--no-assign-ip` + private IP / Auth Proxy | Public DB IPs get scanned and brute-forced |
|
|
298
|
+
| Secrets in `--set-env-vars` | `--set-secrets` from Secret Manager | Env vars are plaintext in `describe`, logs, console |
|
|
299
|
+
| `gcloud services enable` everything | Enable only the APIs you use | Each API widens attack surface; some bill on enable |
|
|
300
|
+
| No `--min-instances` on prod, then blame cold starts | `--min-instances=1 --cpu-boost` on prod | Scale-to-zero is the cause; pin a warm instance |
|
|
301
|
+
| Auth Proxy sidecar on Cloud Run | `--add-cloudsql-instances` + `/cloudsql/...` socket | Serverless connects natively; the proxy is for outside-VPC |
|
|
302
|
+
|
|
303
|
+
## Verify
|
|
304
|
+
|
|
305
|
+
`scripts/verify.sh` is an offline static linter (no GCP calls, no network) over files
|
|
306
|
+
that contain `gcloud` command blocks. It flags the unsafe patterns above: JSON key
|
|
307
|
+
creation, `roles/owner|roles/editor` bound to a service account, bucket creates missing
|
|
308
|
+
UBLA/PAP, Cloud SQL public IP without private IP, and Cloud Run deploys missing
|
|
309
|
+
`--service-account`.
|
|
310
|
+
|
|
311
|
+
```bash
|
|
312
|
+
bash scripts/verify.sh path/to/runbook.sh # one file
|
|
313
|
+
bash scripts/verify.sh path/to/dir/ # recurse a directory
|
|
314
|
+
```
|
|
315
|
+
|
|
316
|
+
It prints `PASS`/`FAIL` per check and exits nonzero on any FAIL. An empty or
|
|
317
|
+
clean target passes (exit 0).
|
|
318
|
+
|
|
319
|
+
## References
|
|
320
|
+
|
|
321
|
+
- [`references/iam-and-auth.md`](references/iam-and-auth.md) — predefined-role catalog,
|
|
322
|
+
Workload Identity Federation for GitHub Actions, SA impersonation, IAM Recommender,
|
|
323
|
+
Conditions.
|
|
324
|
+
- [`references/networking-and-sql.md`](references/networking-and-sql.md) — Direct VPC
|
|
325
|
+
egress vs legacy connectors, Cloud SQL private IP / PSC, Auth Proxy, pooling.
|
|
326
|
+
- [`references/deploy-recipes.md`](references/deploy-recipes.md) — copy-paste runbooks:
|
|
327
|
+
container deploy, attach SQL, mount a secret, budget alert, full teardown.
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# Evals — gcp-essentials
|
|
2
|
+
|
|
3
|
+
`cases.yaml` drives two checks through the repo's standard eval harness. The
|
|
4
|
+
`should_trigger` / `should_not_trigger` prompts verify routing: each negative case
|
|
5
|
+
names the real sibling skill it should defer to (`aws-essentials`, `docker`,
|
|
6
|
+
`postgresdb`, `secure-coding`, `vercel`) so the boundary is graded, not assumed. The
|
|
7
|
+
`capability` case is graded by an LLM judge against its `must_include` rubric — there
|
|
8
|
+
are no live GCP calls and nothing is deployed; the judge reads the produced gcloud
|
|
9
|
+
commands and checks that they are least-privilege, keyless, private-by-default, and
|
|
10
|
+
include a cost/teardown note. Run it the same way as every other skill in this repo
|
|
11
|
+
(point the harness at this directory); inspect any rubric miss by hand before trusting
|
|
12
|
+
the score.
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
skill: gcp-essentials
|
|
2
|
+
|
|
3
|
+
should_trigger:
|
|
4
|
+
- prompt: "Deploy this container to Cloud Run with the gcloud CLI and keep it private."
|
|
5
|
+
why: "Cloud Run deployment with gcloud is the core GCP runtime path this skill owns."
|
|
6
|
+
- prompt: "Set up a small GCP project with Cloud SQL Postgres and a storage bucket."
|
|
7
|
+
why: "Project bootstrap plus Cloud SQL and Cloud Storage are core primitives in the skill."
|
|
8
|
+
- prompt: "Why is my Cloud Run service using the default compute service account?"
|
|
9
|
+
why: "Avoiding the default compute service account is a named IAM footgun this skill handles."
|
|
10
|
+
- prompt: "Connect Cloud Run to Cloud SQL without exposing the database publicly."
|
|
11
|
+
why: "Cloud Run to Cloud SQL with private/safe connectivity is a central workflow."
|
|
12
|
+
- prompt: "Crear un bucket en GCP bloqueando acceso publico y usando IAM correctamente."
|
|
13
|
+
why: "Spanish GCP bucket setup with public access prevention and IAM maps directly to Cloud Storage guidance."
|
|
14
|
+
|
|
15
|
+
should_not_trigger:
|
|
16
|
+
- prompt: "Deploy this app to AWS Lambda with S3 and RDS."
|
|
17
|
+
route_to: "aws-essentials"
|
|
18
|
+
why: "AWS services belong to the AWS cloud skill, not GCP."
|
|
19
|
+
- prompt: "Tune this Postgres query and choose indexes after EXPLAIN ANALYZE."
|
|
20
|
+
route_to: "postgresdb"
|
|
21
|
+
why: "Postgres schema/query tuning is the database skill; GCP only owns Cloud SQL operations."
|
|
22
|
+
- prompt: "Create a Dockerfile and GitHub Actions workflow to build my image."
|
|
23
|
+
route_to: "deployment"
|
|
24
|
+
why: "Container build and CI/CD mechanics are deployment work, not GCP service setup."
|
|
25
|
+
- prompt: "Review this authentication code for injection and broken authorization."
|
|
26
|
+
route_to: "secure-coding"
|
|
27
|
+
why: "Application security review belongs to secure-coding."
|
|
28
|
+
|
|
29
|
+
capability:
|
|
30
|
+
- scenario: "A developer says: 'I need a private Cloud Run API connected to Cloud SQL and a bucket, with least-privilege IAM. Give me the safe gcloud shape.'"
|
|
31
|
+
must_include:
|
|
32
|
+
- "Creates or selects a GCP project and enables only required APIs."
|
|
33
|
+
- "Creates a dedicated runtime service account and explicitly avoids the default compute service account."
|
|
34
|
+
- "Deploys Cloud Run with --service-account and --no-allow-unauthenticated unless a public endpoint is intentional."
|
|
35
|
+
- "Creates Cloud Storage with uniform bucket-level access and public access prevention."
|
|
36
|
+
- "Uses Secret Manager for DB password/secrets, not plaintext env vars."
|
|
37
|
+
- "Connects Cloud Run to Cloud SQL with the proper instance attachment/socket guidance."
|
|
38
|
+
- "Keeps IAM grants narrow and uses predefined roles instead of Owner/Editor."
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
# Deploy recipes
|
|
2
|
+
|
|
3
|
+
Copy-paste runbooks. Replace `acme-prod`, region, image tag, and the billing account
|
|
4
|
+
id. Every block assumes `gcloud config set project acme-prod` and
|
|
5
|
+
`gcloud config set run/region europe-west1` are done.
|
|
6
|
+
|
|
7
|
+
## Build & push an image to Artifact Registry
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
gcloud artifacts repositories create app \
|
|
11
|
+
--repository-format=docker --location=europe-west1
|
|
12
|
+
gcloud auth configure-docker europe-west1-docker.pkg.dev
|
|
13
|
+
docker build -t europe-west1-docker.pkg.dev/acme-prod/app/api:1.4.0 .
|
|
14
|
+
docker push europe-west1-docker.pkg.dev/acme-prod/app/api:1.4.0
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
## Deploy a private container with a dedicated SA
|
|
18
|
+
|
|
19
|
+
```bash
|
|
20
|
+
gcloud iam service-accounts create api-sa --display-name="api runtime"
|
|
21
|
+
gcloud run deploy api \
|
|
22
|
+
--image=europe-west1-docker.pkg.dev/acme-prod/app/api:1.4.0 \
|
|
23
|
+
--region=europe-west1 \
|
|
24
|
+
--service-account=api-sa@acme-prod.iam.gserviceaccount.com \
|
|
25
|
+
--no-allow-unauthenticated
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
## Attach Cloud SQL to the service
|
|
29
|
+
|
|
30
|
+
```bash
|
|
31
|
+
gcloud projects add-iam-policy-binding acme-prod \
|
|
32
|
+
--member="serviceAccount:api-sa@acme-prod.iam.gserviceaccount.com" \
|
|
33
|
+
--role="roles/cloudsql.client"
|
|
34
|
+
gcloud run services update api --region=europe-west1 \
|
|
35
|
+
--add-cloudsql-instances=acme-prod:europe-west1:acme-db
|
|
36
|
+
# App connects via host=/cloudsql/acme-prod:europe-west1:acme-db
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
## Mount a Secret Manager secret
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
printf '%s' "$(openssl rand -base64 24)" | gcloud secrets create db-password --data-file=-
|
|
43
|
+
gcloud secrets add-iam-policy-binding db-password \
|
|
44
|
+
--member="serviceAccount:api-sa@acme-prod.iam.gserviceaccount.com" \
|
|
45
|
+
--role="roles/secretmanager.secretAccessor"
|
|
46
|
+
gcloud run services update api --region=europe-west1 \
|
|
47
|
+
--set-secrets="DB_PASSWORD=db-password:latest"
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
To rotate: add a new version, then redeploy (or rely on `:latest`):
|
|
51
|
+
|
|
52
|
+
```bash
|
|
53
|
+
printf '%s' "$NEW" | gcloud secrets versions add db-password --data-file=-
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
## Budget alert
|
|
57
|
+
|
|
58
|
+
```bash
|
|
59
|
+
gcloud billing budgets create \
|
|
60
|
+
--billing-account=0X0X0X-0X0X0X-0X0X0X \
|
|
61
|
+
--display-name="acme-prod monthly" \
|
|
62
|
+
--budget-amount=50 \
|
|
63
|
+
--threshold-rule=percent=0.5 \
|
|
64
|
+
--threshold-rule=percent=0.9 \
|
|
65
|
+
--threshold-rule=percent=1.0
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
A budget alert notifies; it does **not** cap spend. To actually stop spend, wire the
|
|
69
|
+
Pub/Sub budget notification to a function that disables billing on the project.
|
|
70
|
+
|
|
71
|
+
## Full teardown (dependency order)
|
|
72
|
+
|
|
73
|
+
```bash
|
|
74
|
+
gcloud run services delete api --region=europe-west1 --quiet
|
|
75
|
+
gcloud sql instances delete acme-db --quiet
|
|
76
|
+
gcloud storage rm --recursive gs://acme-prod-uploads
|
|
77
|
+
gcloud secrets delete db-password --quiet
|
|
78
|
+
gcloud iam service-accounts delete api-sa@acme-prod.iam.gserviceaccount.com --quiet
|
|
79
|
+
# Optional: shut the whole project (30-day recoverable window)
|
|
80
|
+
gcloud projects delete acme-prod
|
|
81
|
+
```
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
# IAM & auth
|
|
2
|
+
|
|
3
|
+
Depth for the IAM section of SKILL.md. Predefined roles, keyless CI, impersonation,
|
|
4
|
+
drift detection.
|
|
5
|
+
|
|
6
|
+
## Predefined roles for a typical product
|
|
7
|
+
|
|
8
|
+
Prefer these Google-maintained roles over primitives or custom roles. Bind them to the
|
|
9
|
+
service's dedicated SA at the narrowest resource scope the role supports.
|
|
10
|
+
|
|
11
|
+
| Need | Role | Scope it to |
|
|
12
|
+
|------|------|-------------|
|
|
13
|
+
| Connect to Cloud SQL from the workload | `roles/cloudsql.client` | project |
|
|
14
|
+
| Read/write objects in one bucket | `roles/storage.objectAdmin` | the bucket |
|
|
15
|
+
| Read object content only | `roles/storage.objectViewer` | the bucket |
|
|
16
|
+
| Read one secret's value | `roles/secretmanager.secretAccessor` | the secret |
|
|
17
|
+
| Invoke a private Cloud Run service | `roles/run.invoker` | the service |
|
|
18
|
+
| Push/pull container images | `roles/artifactregistry.writer` | the repo |
|
|
19
|
+
| Write logs/metrics from the app | usually implicit on Cloud Run runtime SA | — |
|
|
20
|
+
|
|
21
|
+
Bind at resource scope when possible — e.g. a secret, not the project:
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
gcloud secrets add-iam-policy-binding db-password \
|
|
25
|
+
--member="serviceAccount:api-sa@acme-prod.iam.gserviceaccount.com" \
|
|
26
|
+
--role="roles/secretmanager.secretAccessor"
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
## Workload Identity Federation for GitHub Actions (keyless)
|
|
30
|
+
|
|
31
|
+
No JSON key downloaded, ever. GitHub's OIDC token is exchanged for short-lived GCP
|
|
32
|
+
credentials.
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
# 1. A pool + an OIDC provider that trusts GitHub's issuer
|
|
36
|
+
gcloud iam workload-identity-pools create github \
|
|
37
|
+
--location=global --display-name="GitHub Actions"
|
|
38
|
+
|
|
39
|
+
gcloud iam workload-identity-pools providers create-oidc github-oidc \
|
|
40
|
+
--location=global --workload-identity-pool=github \
|
|
41
|
+
--display-name="GitHub OIDC" \
|
|
42
|
+
--issuer-uri="https://token.actions.githubusercontent.com" \
|
|
43
|
+
--attribute-mapping="google.subject=assertion.sub,attribute.repository=assertion.repository" \
|
|
44
|
+
--attribute-condition="assertion.repository=='acme/api'"
|
|
45
|
+
|
|
46
|
+
# 2. Let the deploy SA be impersonated only from that repo
|
|
47
|
+
PROJECT_NUM=$(gcloud projects describe acme-prod --format='value(projectNumber)')
|
|
48
|
+
gcloud iam service-accounts add-iam-policy-binding \
|
|
49
|
+
deployer@acme-prod.iam.gserviceaccount.com \
|
|
50
|
+
--role="roles/iam.workloadIdentityUser" \
|
|
51
|
+
--member="principalSet://iam.googleapis.com/projects/${PROJECT_NUM}/locations/global/workloadIdentityPools/github/attribute.repository/acme/api"
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
In the workflow, use `google-github-actions/auth` with the provider resource name and
|
|
55
|
+
`service_account` — never a `credentials_json` secret. The `attribute-condition`
|
|
56
|
+
pinning the exact repo is the security boundary; without it any repo could mint
|
|
57
|
+
credentials.
|
|
58
|
+
|
|
59
|
+
## Service account impersonation
|
|
60
|
+
|
|
61
|
+
Run a one-off command *as* a service account without holding its key. The caller needs
|
|
62
|
+
`roles/iam.serviceAccountTokenCreator` on the target SA.
|
|
63
|
+
|
|
64
|
+
```bash
|
|
65
|
+
gcloud storage ls gs://acme-prod-uploads \
|
|
66
|
+
--impersonate-service-account=api-sa@acme-prod.iam.gserviceaccount.com
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
Use this to test that an SA actually has the access you think it does — least surprise
|
|
70
|
+
before deploy.
|
|
71
|
+
|
|
72
|
+
## IAM Recommender (catch drift)
|
|
73
|
+
|
|
74
|
+
The Recommender flags roles a member has not used in 90 days, so you can prune
|
|
75
|
+
over-grants. Review it on a schedule.
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
gcloud recommender recommendations list \
|
|
79
|
+
--project=acme-prod --location=global \
|
|
80
|
+
--recommender=google.iam.policy.Recommender \
|
|
81
|
+
--format="table(content.overview)"
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
## IAM Conditions
|
|
85
|
+
|
|
86
|
+
Attach a condition to narrow a binding by time or resource attribute — e.g. access to
|
|
87
|
+
objects under one prefix only.
|
|
88
|
+
|
|
89
|
+
```bash
|
|
90
|
+
gcloud projects add-iam-policy-binding acme-prod \
|
|
91
|
+
--member="serviceAccount:api-sa@acme-prod.iam.gserviceaccount.com" \
|
|
92
|
+
--role="roles/storage.objectViewer" \
|
|
93
|
+
--condition='expression=resource.name.startsWith("projects/_/buckets/acme-prod-uploads/objects/public/"),title=public-prefix-only'
|
|
94
|
+
```
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
# Networking & Cloud SQL
|
|
2
|
+
|
|
3
|
+
Depth for the Cloud SQL and VPC parts of SKILL.md.
|
|
4
|
+
|
|
5
|
+
## Cloud Run egress: Direct VPC egress, not the legacy connector
|
|
6
|
+
|
|
7
|
+
To reach private IPs (a Cloud SQL private instance, an internal service) from Cloud
|
|
8
|
+
Run, prefer **Direct VPC egress** over the older Serverless VPC Access connector —
|
|
9
|
+
fewer moving parts, lower latency, no connector VM to size or pay for.
|
|
10
|
+
|
|
11
|
+
```bash
|
|
12
|
+
gcloud run deploy api --region=europe-west1 \
|
|
13
|
+
--service-account=api-sa@acme-prod.iam.gserviceaccount.com \
|
|
14
|
+
--network=projects/acme-prod/global/networks/default \
|
|
15
|
+
--subnet=projects/acme-prod/regions/europe-west1/subnetworks/default \
|
|
16
|
+
--vpc-egress=all-traffic
|
|
17
|
+
```
|
|
18
|
+
|
|
19
|
+
- `--vpc-egress=all-traffic` routes all outbound through the VPC. The older explicit
|
|
20
|
+
Direct-VPC-egress value is deprecated in favour of `all-traffic`.
|
|
21
|
+
- `--vpc-egress=private-ranges-only` sends only RFC-1918 traffic through the VPC and
|
|
22
|
+
lets public traffic exit directly — use it when only the DB is private.
|
|
23
|
+
|
|
24
|
+
The legacy `--vpc-connector` still works but is no longer the default recommendation;
|
|
25
|
+
do not provision a new connector for greenfield work.
|
|
26
|
+
|
|
27
|
+
## Cloud SQL private IP
|
|
28
|
+
|
|
29
|
+
Disable the public IP and give the instance a private address on your VPC. This is the
|
|
30
|
+
single biggest attack-surface reduction for a database.
|
|
31
|
+
|
|
32
|
+
```bash
|
|
33
|
+
# One-time: allocate a range and peer it (Service Networking)
|
|
34
|
+
gcloud compute addresses create google-managed-services-default \
|
|
35
|
+
--global --purpose=VPC_PEERING --prefix-length=16 \
|
|
36
|
+
--network=projects/acme-prod/global/networks/default
|
|
37
|
+
gcloud services vpc-peerings connect \
|
|
38
|
+
--service=servicenetworking.googleapis.com \
|
|
39
|
+
--ranges=google-managed-services-default \
|
|
40
|
+
--network=default --project=acme-prod
|
|
41
|
+
|
|
42
|
+
# Create the instance with private IP, no public IP.
|
|
43
|
+
# --edition=ENTERPRISE is required: POSTGRES_16+ defaults to Enterprise Plus, which
|
|
44
|
+
# cannot run the shared-core db-f1-micro tier, so the create fails without it.
|
|
45
|
+
gcloud sql instances create acme-db \
|
|
46
|
+
--database-version=POSTGRES_16 --edition=ENTERPRISE \
|
|
47
|
+
--region=europe-west1 --tier=db-f1-micro \
|
|
48
|
+
--no-assign-ip \
|
|
49
|
+
--network=projects/acme-prod/global/networks/default
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
PSC (Private Service Connect) is the alternative when you need the instance reachable
|
|
53
|
+
from multiple VPCs or projects; enable it with `--enable-private-service-connect` and
|
|
54
|
+
allow the consumer projects.
|
|
55
|
+
|
|
56
|
+
## Cloud SQL Auth Proxy (for outside-VPC connections)
|
|
57
|
+
|
|
58
|
+
The proxy gives short-lived client certs and TLS 1.3 without managing certificates. Use
|
|
59
|
+
it for **local dev** or any non-serverless host — Cloud Run does **not** need it (it
|
|
60
|
+
uses the `/cloudsql/...` socket via `--add-cloudsql-instances`).
|
|
61
|
+
|
|
62
|
+
```bash
|
|
63
|
+
# Local dev against a private-IP instance over the proxy
|
|
64
|
+
./cloud-sql-proxy --private-ip acme-prod:europe-west1:acme-db
|
|
65
|
+
# then connect your client to 127.0.0.1:5432
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
## Connection pooling
|
|
69
|
+
|
|
70
|
+
Cloud SQL has a hard `max_connections` ceiling and Cloud Run can fan out to many
|
|
71
|
+
instances, each opening its own pool — you will exhaust connections under load. Keep
|
|
72
|
+
each instance's pool small (e.g. a few connections) and, for high concurrency, front
|
|
73
|
+
the database with a pooler (PgBouncer / a managed proxy) rather than raising
|
|
74
|
+
`max_connections`. Schema and query tuning beyond this is `postgresdb` territory.
|