sdtk-ops-kit 0.2.0

package/README.md

@@ -0,0 +1,146 @@
+# sdtk-ops-kit
+
+> Skill-driven operations toolkit for deployment, verification, monitoring, incident response, backup or recovery, security, compliance, and cost discipline.
+
+## Package
+
+- Package: `sdtk-ops-kit`
+- CLI: `sdtk-ops`
+- First public version target: `0.2.0`
+
+Current document state:
+- first public package contract in preparation
+- use the install command below once the first public release is actually published
+
+## Target Public Install
+
+```bash
+npm install -g sdtk-ops-kit@0.2.0
+```
+
+Then verify the installed command:
+
+```bash
+sdtk-ops --version
+sdtk-ops --help
+```
+
+## Supported Command Surface
+
+`SDTK-OPS` keeps a deliberately small CLI surface.
+
+| Command | Purpose |
+|---|---|
+| `sdtk-ops help` | Show the supported command surface and routing guidance |
+| `sdtk-ops init` | Copy shared project files and prepare runtime installation |
+| `sdtk-ops runtime install` | Install runtime assets for Claude or Codex |
+| `sdtk-ops runtime status` | Check installed runtime assets |
+| `sdtk-ops runtime uninstall` | Remove runtime assets cleanly |
+
+Not supported:
+- `sdtk-ops generate`
+- workflow-first commands such as `sdtk-ops deploy`, `sdtk-ops incident`, or `sdtk-ops monitor`
+
+## Runtime Matrix
+
+| Runtime | Project Scope | User Scope | Notes |
+|---|:---:|:---:|---|
+| Claude | Yes | Yes | Default scope is project |
+| Codex | No | Yes | Gate C0 blocks project-local install |
+
+Important truth:
+- Claude supports `project` and `user` scope.
+- Codex supports `user` scope only.
+- Codex installs collision-avoiding `sdtk-ops-*` skill names.
+
+## Quick Start After Publish
+
+Once the first public release is published and installed:
+
+### 1. Initialize a project
+
+```bash
+sdtk-ops init --runtime claude --project-path ./my-project
+```
+
+`init` copies:
+- `AGENTS.md`
+- `sdtk-spec.config.json`
+- `sdtk-spec.config.profiles.example.json`
+
+### 2. Install runtime assets
+
+Claude project scope:
+
+```bash
+sdtk-ops runtime install --runtime claude --scope project --project-path ./my-project
+```
+
+Claude user scope:
+
+```bash
+sdtk-ops runtime install --runtime claude --scope user
+```
+
+Codex user scope:
+
+```bash
+sdtk-ops runtime install --runtime codex --scope user
+```
+
+Gate C0:
+
+```bash
+sdtk-ops runtime install --runtime codex --scope project
+```
+
+The Codex project-scope command must fail. That rejection is the correct product behavior.
+
+### 3. Choose the right skill journey
+
+Use `ops-discover` when the correct operational path is unclear.
+
+Canonical journeys:
+- deployment: `ops-plan -> ops-infra-plan -> ops-container -> ops-ci-cd -> ops-deploy -> ops-monitor -> ops-verify`
+- incident: `ops-incident -> ops-debug -> ops-deploy` when rollback or corrective rollout is needed, then `ops-monitor -> ops-verify`
+- monitoring: `ops-plan -> ops-monitor -> ops-verify`
+- backup or recovery: `ops-plan -> ops-backup -> ops-verify`
+
+Always close work with `ops-verify`.
+
+## Product Boundary
+
+`SDTK-OPS` is the downstream operations product in the `SDTK-SPEC -> SDTK-CODE -> SDTK-OPS` family.
+
+It is:
+- skill-driven
+- operations-focused
+- suitable for deployment, verification, monitoring, incident response, backup, security, compliance, and cost work
+
+It is not:
+- a workflow-first CLI like `SDTK-CODE`
+- a generator product
+- a provider-pack catalog
+- a Kubernetes or cloud-platform package
+
+## Package Validation
+
+Maintainers validating a release candidate from source can run:
+
+```bash
+npm run build:payload
+npm run verify:payload
+npm test
+npm run pack:smoke
+```
+
+Those commands validate payload integrity, runtime behavior, and isolated packed-package smoke before publish.
+
+## Documentation
+
+- Usage guide:
+  - `https://github.com/codexsdtk/sdtk-toolkit/blob/main/products/sdtk-ops/governance/SDTKOPS_TOOLKIT_USAGE_GUIDE.md`
+- Installation runbook:
+  - `https://github.com/codexsdtk/sdtk-toolkit/blob/main/products/sdtk-ops/governance/installation-runbook.md`
+- Product boundary doc:
+  - `https://github.com/codexsdtk/sdtk-toolkit/blob/main/products/sdtk-ops/toolkit/SDTKOPS_TOOLKIT.md`

package/assets/manifest/toolkit-bundle.manifest.json

@@ -0,0 +1,187 @@
+{
+    "version":  "0.2.0",
+    "sourceCommit":  "97ca3bf78f08840f29c6a3f0353c9d38793d31e5",
+    "fileCount":  36,
+    "files":  [
+                  {
+                      "path":  "toolkit/AGENTS.md",
+                      "sha256":  "be7565adbd8d38dd90bc350eaecbd058cc8acb2a549b7e648d469b1f57916bbc",
+                      "size":  4146
+                  },
+                  {
+                      "path":  "toolkit/install.ps1",
+                      "sha256":  "bcb77479f810e8449ea6e68fc775ea92758d2501e2bc29428d0c980fd996d5c6",
+                      "size":  3210
+                  },
+                  {
+                      "path":  "toolkit/scripts/install-claude-skills.ps1",
+                      "sha256":  "5eae77f4d14b81d56c3c109f563fefafd1967d85093ff1b192293fe438aeabe5",
+                      "size":  2474
+                  },
+                  {
+                      "path":  "toolkit/scripts/install-codex-skills.ps1",
+                      "sha256":  "ebd12d2fef1f3080a3a9d173d6a4dac4358b69d506fd7a37e347bb11a9936d9c",
+                      "size":  3980
+                  },
+                  {
+                      "path":  "toolkit/scripts/uninstall-claude-skills.ps1",
+                      "sha256":  "2c629d8316b205c6a7cd0d95959b80801b281ef62e205c10a92e3a2568eb8b41",
+                      "size":  1901
+                  },
+                  {
+                      "path":  "toolkit/scripts/uninstall-codex-skills.ps1",
+                      "sha256":  "290301c13e3e39adec2f76b2611383037544a4f05f4a030907429295ff8e9dc8",
+                      "size":  1517
+                  },
+                  {
+                      "path":  "toolkit/SDTKOPS_TOOLKIT.md",
+                      "sha256":  "8c971775d71d70aab59e5b36e0fdb631922ce79ef139fbf77ff27258ce3fac7a",
+                      "size":  5921
+                  },
+                  {
+                      "path":  "toolkit/sdtk-spec.config.json",
+                      "sha256":  "8247ddf24502ce285bee213eefc801ce6b0b83afe00efd828468ac9130f53b09",
+                      "size":  111
+                  },
+                  {
+                      "path":  "toolkit/sdtk-spec.config.profiles.example.json",
+                      "sha256":  "2c1668df46aa57dba06c2c924a60f6c1667a1d4551b4eb70fb18c190356a2180",
+                      "size":  312
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-backup/references/backup-script-patterns.md",
+                      "sha256":  "bcb9252a08b98e7a6a92057153f8f8882b948149b3897bee5e9328cd456de025",
+                      "size":  3173
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-backup/SKILL.md",
+                      "sha256":  "99bee57db26fb09714da32dffff8172da9222e5182039fbc659a08007d4ce205",
+                      "size":  3639
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-ci-cd/references/pipeline-examples.md",
+                      "sha256":  "ec5ae90ebceb679554a8ec977ff27327ae608f1d5852170665a8a581cc9faea2",
+                      "size":  2359
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-ci-cd/SKILL.md",
+                      "sha256":  "b0752e0452a85423817f17e2e3321e88fd5186579ae816ccb4b2cd105f45871c",
+                      "size":  2759
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-compliance/SKILL.md",
+                      "sha256":  "a0bb24484cba68a7201e6b7f614c8b5ada8b2dff540a4e4390661a0ced112e8d",
+                      "size":  3963
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-container/references/k8s-manifest-patterns.md",
+                      "sha256":  "131711d0af5d4dc4227e4b2669a910d05d50c80b4f82a47e0a13699d8e5a9f10",
+                      "size":  2339
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-container/SKILL.md",
+                      "sha256":  "7834e362ef5f3d6628acb4653997d9eab379bc7dff372280728fd5aa6abf087a",
+                      "size":  3643
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-cost/SKILL.md",
+                      "sha256":  "e0e791f153b31ee75d012a26b01f4f6be50aed4fe4268bd02c6a76debba52a1d",
+                      "size":  3458
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-debug/references/root-cause-tracing.md",
+                      "sha256":  "d30c380152237d92f102b8db1849baa3d7a082c4e42e9ba9174d7ef49000672f",
+                      "size":  3965
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-debug/SKILL.md",
+                      "sha256":  "ddedf16d59fae6e54cddae23b5bf24f2878ff23f17d81a88298e021c25401d1c",
+                      "size":  11156
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-deploy/SKILL.md",
+                      "sha256":  "a18ec9032e4e2c14e5daa1984cb8260e1d735fc38a44926fe037f0f2b99fcd33",
+                      "size":  4214
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-discover/SKILL.md",
+                      "sha256":  "4a0c7f482e1666a538038ea9b25314cd0333754c413af7bde7b74d0cddb868c7",
+                      "size":  4453
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-incident/references/communication-templates.md",
+                      "sha256":  "396e951ef529f1ae8c4d6db6773f383d35c5e14d666399583640cd2f1811f93b",
+                      "size":  1102
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-incident/references/postmortem-template.md",
+                      "sha256":  "5eebfd217bf7ea2bb2d59c9d30ab77d04277d78cf42114f044f6ad998040f926",
+                      "size":  2110
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-incident/references/runbook-template.md",
+                      "sha256":  "b6479d8ef31c2a4fd8242219bb02b87ce8babffa70fc219fe7e5db408471f326",
+                      "size":  1672
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-incident/SKILL.md",
+                      "sha256":  "a5fa64bcd10ff0d04ca8cd25e883a3a667034a726162cfaff63252719081a834",
+                      "size":  4230
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-infra-plan/references/iac-patterns.md",
+                      "sha256":  "fe767ccec7a8efb84ddfa8097eea9cb92c1e9d7f478ab89632b0516b738b5e20",
+                      "size":  4136
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-infra-plan/SKILL.md",
+                      "sha256":  "8c1b5583b3ba9761311a950cb7ab24c1abe573903ded68484bcf0811435feb5c",
+                      "size":  4621
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-monitor/references/alert-rules.md",
+                      "sha256":  "6deee66c8b0c65219fe907934382b0c9cdba007a971a98af54f703b6360f3c56",
+                      "size":  2607
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-monitor/references/slo-templates.md",
+                      "sha256":  "a1d8fe86ba90287cf21cc204478949002e4d28103496dd46b60a2b5fef55d2b2",
+                      "size":  2205
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-monitor/SKILL.md",
+                      "sha256":  "83058acaf39ee925d90ba0f04a4e4e2be584fe90de540d4bdedab61d9a3c85dc",
+                      "size":  4394
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-parallel/SKILL.md",
+                      "sha256":  "c5273d155c67bcade47868b4cd5a1f7e9c66e5bb864616036b1cc22676f25ecf",
+                      "size":  6258
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-plan/SKILL.md",
+                      "sha256":  "e405117c97e3475dee69133e31759e3ce0926fb6a83929eab55a95509b213c38",
+                      "size":  5730
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-security-infra/references/cicd-security-pipeline.md",
+                      "sha256":  "8876ffa8cfc97335fb68063270b2bffdb3cd0630663123008575a8b98ea485a8",
+                      "size":  1275
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-security-infra/references/security-headers.md",
+                      "sha256":  "1e6996cf39c923765c5fa3506932cacf749ca23e130a0d7e4fa1a06d4fe8eada",
+                      "size":  1057
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-security-infra/SKILL.md",
+                      "sha256":  "bd58371057178ebd8ad61de267bdc485bbea6bf1b1c804f767f3690454255fa6",
+                      "size":  5001
+                  },
+                  {
+                      "path":  "toolkit/skills/ops-verify/SKILL.md",
+                      "sha256":  "53f10a44c4e7803a85110c10269b51c20b625877827ae177bf779010b0040c69",
+                      "size":  5184
+                  }
+              ]
+}

package/assets/manifest/toolkit-bundle.sha256.txt

@@ -0,0 +1,36 @@
+be7565adbd8d38dd90bc350eaecbd058cc8acb2a549b7e648d469b1f57916bbc  toolkit/AGENTS.md
+bcb77479f810e8449ea6e68fc775ea92758d2501e2bc29428d0c980fd996d5c6  toolkit/install.ps1
+5eae77f4d14b81d56c3c109f563fefafd1967d85093ff1b192293fe438aeabe5  toolkit/scripts/install-claude-skills.ps1
+ebd12d2fef1f3080a3a9d173d6a4dac4358b69d506fd7a37e347bb11a9936d9c  toolkit/scripts/install-codex-skills.ps1
+2c629d8316b205c6a7cd0d95959b80801b281ef62e205c10a92e3a2568eb8b41  toolkit/scripts/uninstall-claude-skills.ps1
+290301c13e3e39adec2f76b2611383037544a4f05f4a030907429295ff8e9dc8  toolkit/scripts/uninstall-codex-skills.ps1
+8c971775d71d70aab59e5b36e0fdb631922ce79ef139fbf77ff27258ce3fac7a  toolkit/SDTKOPS_TOOLKIT.md
+8247ddf24502ce285bee213eefc801ce6b0b83afe00efd828468ac9130f53b09  toolkit/sdtk-spec.config.json
+2c1668df46aa57dba06c2c924a60f6c1667a1d4551b4eb70fb18c190356a2180  toolkit/sdtk-spec.config.profiles.example.json
+bcb9252a08b98e7a6a92057153f8f8882b948149b3897bee5e9328cd456de025  toolkit/skills/ops-backup/references/backup-script-patterns.md
+99bee57db26fb09714da32dffff8172da9222e5182039fbc659a08007d4ce205  toolkit/skills/ops-backup/SKILL.md
+ec5ae90ebceb679554a8ec977ff27327ae608f1d5852170665a8a581cc9faea2  toolkit/skills/ops-ci-cd/references/pipeline-examples.md
+b0752e0452a85423817f17e2e3321e88fd5186579ae816ccb4b2cd105f45871c  toolkit/skills/ops-ci-cd/SKILL.md
+a0bb24484cba68a7201e6b7f614c8b5ada8b2dff540a4e4390661a0ced112e8d  toolkit/skills/ops-compliance/SKILL.md
+131711d0af5d4dc4227e4b2669a910d05d50c80b4f82a47e0a13699d8e5a9f10  toolkit/skills/ops-container/references/k8s-manifest-patterns.md
+7834e362ef5f3d6628acb4653997d9eab379bc7dff372280728fd5aa6abf087a  toolkit/skills/ops-container/SKILL.md
+e0e791f153b31ee75d012a26b01f4f6be50aed4fe4268bd02c6a76debba52a1d  toolkit/skills/ops-cost/SKILL.md
+d30c380152237d92f102b8db1849baa3d7a082c4e42e9ba9174d7ef49000672f  toolkit/skills/ops-debug/references/root-cause-tracing.md
+ddedf16d59fae6e54cddae23b5bf24f2878ff23f17d81a88298e021c25401d1c  toolkit/skills/ops-debug/SKILL.md
+a18ec9032e4e2c14e5daa1984cb8260e1d735fc38a44926fe037f0f2b99fcd33  toolkit/skills/ops-deploy/SKILL.md
+4a0c7f482e1666a538038ea9b25314cd0333754c413af7bde7b74d0cddb868c7  toolkit/skills/ops-discover/SKILL.md
+396e951ef529f1ae8c4d6db6773f383d35c5e14d666399583640cd2f1811f93b  toolkit/skills/ops-incident/references/communication-templates.md
+5eebfd217bf7ea2bb2d59c9d30ab77d04277d78cf42114f044f6ad998040f926  toolkit/skills/ops-incident/references/postmortem-template.md
+b6479d8ef31c2a4fd8242219bb02b87ce8babffa70fc219fe7e5db408471f326  toolkit/skills/ops-incident/references/runbook-template.md
+a5fa64bcd10ff0d04ca8cd25e883a3a667034a726162cfaff63252719081a834  toolkit/skills/ops-incident/SKILL.md
+fe767ccec7a8efb84ddfa8097eea9cb92c1e9d7f478ab89632b0516b738b5e20  toolkit/skills/ops-infra-plan/references/iac-patterns.md
+8c1b5583b3ba9761311a950cb7ab24c1abe573903ded68484bcf0811435feb5c  toolkit/skills/ops-infra-plan/SKILL.md
+6deee66c8b0c65219fe907934382b0c9cdba007a971a98af54f703b6360f3c56  toolkit/skills/ops-monitor/references/alert-rules.md
+a1d8fe86ba90287cf21cc204478949002e4d28103496dd46b60a2b5fef55d2b2  toolkit/skills/ops-monitor/references/slo-templates.md
+83058acaf39ee925d90ba0f04a4e4e2be584fe90de540d4bdedab61d9a3c85dc  toolkit/skills/ops-monitor/SKILL.md
+c5273d155c67bcade47868b4cd5a1f7e9c66e5bb864616036b1cc22676f25ecf  toolkit/skills/ops-parallel/SKILL.md
+e405117c97e3475dee69133e31759e3ce0926fb6a83929eab55a95509b213c38  toolkit/skills/ops-plan/SKILL.md
+8876ffa8cfc97335fb68063270b2bffdb3cd0630663123008575a8b98ea485a8  toolkit/skills/ops-security-infra/references/cicd-security-pipeline.md
+1e6996cf39c923765c5fa3506932cacf749ca23e130a0d7e4fa1a06d4fe8eada  toolkit/skills/ops-security-infra/references/security-headers.md
+bd58371057178ebd8ad61de267bdc485bbea6bf1b1c804f767f3690454255fa6  toolkit/skills/ops-security-infra/SKILL.md
+53f10a44c4e7803a85110c10269b51c20b625877827ae177bf779010b0040c69  toolkit/skills/ops-verify/SKILL.md

package/assets/toolkit/toolkit/AGENTS.md

@@ -0,0 +1,65 @@
+# SDTK-OPS -- Operations Discipline Toolkit
+
+Purpose: use SDTK-OPS to drive disciplined infrastructure and operations work across planning, deployment, monitoring, incident response, recovery, security hardening, and cost optimization.
+
+Canonical end-user guide:
+- `products/sdtk-ops/governance/SDTKOPS_TOOLKIT_USAGE_GUIDE.md`
+
+Document role:
+- runtime routing and skill-catalog truth after `sdtk-ops init`
+- not the primary install or onboarding guide
+
+## Default Rules
+
+- If the correct entry point is unclear, start with `ops-discover`.
+- Use `ops-verify` before marking any operational task complete.
+- Use `ops-debug` for evidence-first diagnosis before proposing speculative fixes.
+- Keep guidance cloud-agnostic unless the task explicitly requires a platform-specific example.
+- Do not drift into application specification or coding workflows. Those belong to SDTK-SPEC or SDTK-CODE.
+- `ops-discover` is a skill, not a CLI command.
+- `generate` remains unsupported and deferred in the current SDTK-OPS CLI surface.
+
+## Primary Routing Journeys
+
+| Journey | Start With | Suggested Chain | Close With |
+|---------|------------|-----------------|------------|
+| Deployment | `ops-plan` | `ops-plan` -> `ops-infra-plan` -> `ops-container` -> `ops-ci-cd` -> `ops-deploy` -> `ops-monitor` | `ops-verify` |
+| Incident | `ops-incident` | `ops-incident` -> `ops-debug` -> `ops-deploy` if a change or rollback is required -> `ops-monitor` | `ops-verify` |
+| Monitoring | `ops-plan` | `ops-plan` -> `ops-monitor` | `ops-verify` |
+| Backup or recovery | `ops-plan` | `ops-plan` -> `ops-backup` | `ops-verify` |
+
+## Other Valid Skills
+
+- `ops-security-infra`, `ops-compliance`, and `ops-cost` remain valid SDTK-OPS skills, but they are not the primary routed journeys in the current wave.
+- Use `ops-discover` when the correct boundary between deployment, incident, monitoring, backup or recovery, security, compliance, and cost work is unclear.
+
+## Skill Catalog
+
+| Category | Skill | Trigger Condition |
+|----------|-------|-------------------|
+| Core Process | `ops-verify` | you need evidence before claiming an operational task is complete |
+| Core Process | `ops-debug` | a deployment, service, network, DNS, or runtime issue needs root-cause analysis |
+| Core Process | `ops-plan` | the team needs a step-by-step operational change plan |
+| Core Process | `ops-parallel` | two or more independent operations tasks can proceed without shared state |
+| Deployment | `ops-infra-plan` | you are designing infrastructure, networking, IAM, or resource topology before provisioning |
+| Deployment | `ops-deploy` | you are executing a rollout, promotion, cutover, or rollback |
+| Deployment | `ops-container` | you are building images, Dockerfiles, manifests, or container runtime patterns |
+| Deployment | `ops-ci-cd` | you are setting up or modifying pipelines, artifact flow, or deployment gates |
+| Operations | `ops-monitor` | you need SLOs, alerts, dashboards, logs, traces, or observability coverage |
+| Operations | `ops-incident` | a production incident is active or incident procedures need to be established |
+| Operations | `ops-backup` | backup, restore, disaster recovery, RTO, or RPO design is in scope |
+| Operations | `ops-cost` | you are reviewing spend, right-sizing, or budget controls |
+| Security And Compliance | `ops-security-infra` | infrastructure hardening, secrets, network policy, or security scanning is the main concern |
+| Security And Compliance | `ops-compliance` | audit readiness, evidence collection, retention, or policy enforcement is the main concern |
+| Discovery | `ops-discover` | you need help choosing among SDTK-OPS skills or sequencing them |
+
+## Runtime Support
+
+| Runtime | Project Scope | User Scope | Default Scope | Notes |
+|---------|:-------------:|:----------:|---------------|-------|
+| Claude | true | true | project | project-local toolkit supported |
+| Codex | false | true | user | Gate C0: no project-local skill runtime |
+
+## Verification Policy
+
+Use `ops-verify` before marking any operational task complete, including deployment, incident, monitoring, and backup or recovery journeys.

package/assets/toolkit/toolkit/SDTKOPS_TOOLKIT.md

@@ -0,0 +1,166 @@
+# Software Development Toolkit - Operations (SDTK-OPS)
+
+## Document Role
+This file is the architecture and product-boundary document for `SDTK-OPS`.
+
+Use this file to understand:
+- how `SDTK-OPS` fits inside the `SDTK-SPEC -> SDTK-CODE -> SDTK-OPS` family
+- what the current skill-driven entry model owns
+- which journeys are canonical in the current wave
+- what stays outside `SDTK-OPS` scope
+
+Do not use this file as the primary install or onboarding guide.
+
+Canonical end-user guide:
+- `products/sdtk-ops/governance/SDTKOPS_TOOLKIT_USAGE_GUIDE.md`
+
+## 1. Overview
+
+`SDTK-OPS` is the operations-process product in the `SDTK-SPEC -> SDTK-CODE -> SDTK-OPS` family.
+
+It is not a workflow-first CLI like `SDTK-CODE`.
+
+The truthful current CLI surface is:
+- `sdtk-ops help`
+- `sdtk-ops init`
+- `sdtk-ops runtime install`
+- `sdtk-ops runtime status`
+- `sdtk-ops runtime uninstall`
+
+The truthful current operational surface after `init` is skill-driven:
+- the 15 `ops-*` skills remain the real operating surface
+- `ops-discover` remains a skill, not a CLI command
+- `ops-verify` remains the required closing skill for every canonical journey
+- `generate` remains unsupported and deferred
+
+## 2. Boundary With SDTK-SPEC And SDTK-CODE
+
+`SDTK-SPEC` is upstream and remains the docs-first specification and handoff system.
+
+`SDTK-SPEC` owns:
+- specification and handoff generation
+- PM, BA, ARCH, DEV, and QA orchestration
+- upstream workflow contracts and design artifacts
+
+`SDTK-CODE` owns:
+- coding-process execution after handoff
+- workflow-first build, verify, and closeout discipline
+- implementation evidence for the coded slice
+
+`SDTK-OPS` owns:
+- operational planning and deployment discipline
+- environment/runtime validation
+- monitoring, incident response, and backup or recovery execution
+- infrastructure security, compliance, and cost work when those are the active concern
+
+`SDTK-OPS` does not own:
+- upstream requirements or architecture generation
+- coding workflow execution
+- provider-specific platform packs in the current wave
+- public product launch claims
+
+## 3. Entry And Routing Model
+
+After `sdtk-ops init`, choose a journey directly when the goal is clear.
+
+If the correct path is unclear:
+- start with `ops-discover`
+
+Always:
+- close every canonical journey with `ops-verify`
+- keep `generate` out of the documented command path
+
+| Journey | Start With | Suggested Chain | Close With |
+|---------|------------|-----------------|------------|
+| Deployment | `ops-plan` | `ops-plan` -> `ops-infra-plan` -> `ops-container` -> `ops-ci-cd` -> `ops-deploy` -> `ops-monitor` | `ops-verify` |
+| Incident | `ops-incident` | `ops-incident` -> `ops-debug` -> `ops-deploy` if a change or rollback is required -> `ops-monitor` | `ops-verify` |
+| Monitoring | `ops-plan` | `ops-plan` -> `ops-monitor` | `ops-verify` |
+| Backup or recovery | `ops-plan` | `ops-plan` -> `ops-backup` | `ops-verify` |
+
+Other valid but non-primary routed skills in this wave:
+- `ops-security-infra`
+- `ops-compliance`
+- `ops-cost`
+- `ops-parallel`
+
+## 4. Skill Catalog
+
+### 4.1 Core Process
+
+| Skill | Purpose |
+|-------|---------|
+| `ops-verify` | verify commands, state, and evidence before declaring work complete |
+| `ops-debug` | diagnose operational failures systematically and trace root cause |
+| `ops-plan` | write reviewable operational plans with rollback and verification steps |
+| `ops-parallel` | split truly independent operations tasks into parallel workstreams |
+
+### 4.2 Deployment
+
+| Skill | Purpose |
+|-------|---------|
+| `ops-infra-plan` | design infrastructure architecture and provisioning order before apply |
+| `ops-deploy` | execute deployments with health gates, rollout strategy, and rollback discipline |
+| `ops-container` | define secure image build and container orchestration patterns |
+| `ops-ci-cd` | build and manage pipelines, promotion flow, artifact handling, and secret controls |
+
+### 4.3 Operations
+
+| Skill | Purpose |
+|-------|---------|
+| `ops-monitor` | define SLOs, alerts, dashboards, logs, and traces |
+| `ops-incident` | coordinate incident response, stabilization, and post-mortem follow-up |
+| `ops-backup` | design backup, restore, and disaster recovery procedures |
+| `ops-cost` | review spend, identify waste, and plan safe right-sizing |
+
+### 4.4 Security And Compliance
+
+| Skill | Purpose |
+|-------|---------|
+| `ops-security-infra` | harden infrastructure, secrets, network policy, and security scanning |
+| `ops-compliance` | automate audit readiness, evidence collection, retention, and policy enforcement |
+
+### 4.5 Discovery
+
+| Skill | Purpose |
+|-------|---------|
+| `ops-discover` | choose the correct SDTK-OPS entry point and sequencing |
+
+## 5. Runtime Truth
+
+### Claude
+- supports project and user scope
+- default scope is project
+- uses the `ops-*` runtime payload after install
+
+### Codex
+- supports user scope only
+- default scope is user
+- uses collision-avoiding `sdtk-ops-*` skill directory names
+- project scope remains blocked by Gate C0
+
+## 6. Documentation Map
+
+Use these documents by role:
+
+- Canonical end-user install and usage guide:
+  - `products/sdtk-ops/governance/SDTKOPS_TOOLKIT_USAGE_GUIDE.md`
+- Install-truth and smoke appendix:
+  - `products/sdtk-ops/governance/installation-runbook.md`
+- Workflow-entry and reference stub:
+  - `products/sdtk-ops/governance/usage-guide.md`
+- Package landing page:
+  - `products/sdtk-ops/distribution/sdtk-ops-kit/README.md`
+- Runtime routing inventory:
+  - `products/sdtk-ops/toolkit/AGENTS.md`
+- Internal release docs:
+  - `products/sdtk-ops/governance/release-packaging.md`
+  - `products/sdtk-ops/governance/release-evidence.md`
+
+## 7. Scope
+
+`SDTK-OPS` v1 contains 15 core skills and stays cloud-agnostic.
+
+Not part of the current supported wave:
+- provider-specific packs such as AWS, GCP, or Azure variants
+- a workflow-first CLI command suite such as `sdtk-ops deploy`
+- public npm installation claims