swe-workflow-skills 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +144 -0
- package/VERSION +1 -0
- package/bin/cli.mjs +44 -0
- package/catalog.json +225 -0
- package/commands/role.md +34 -0
- package/hooks/session-start.mjs +118 -0
- package/install.mjs +318 -0
- package/package.json +47 -0
- package/roles.json +194 -0
- package/scripts/resolve.mjs +296 -0
- package/skills/accessibility-design/SKILL.md +128 -0
- package/skills/accessibility-design/evals/evals.json +51 -0
- package/skills/accessibility-design/references/accessibility-patterns.md +321 -0
- package/skills/api-design/SKILL.md +144 -0
- package/skills/api-design/evals/evals.json +48 -0
- package/skills/api-design/references/rest-conventions.md +147 -0
- package/skills/api-design/templates/api-spec.md +156 -0
- package/skills/architecture-design/SKILL.md +86 -0
- package/skills/architecture-design/evals/evals.json +44 -0
- package/skills/architecture-design/references/clean-architecture.md +147 -0
- package/skills/architecture-design/references/component-principles.md +129 -0
- package/skills/architecture-design/references/principles.md +81 -0
- package/skills/architecture-design/references/solid-principles.md +106 -0
- package/skills/architecture-design/templates/adr.md +63 -0
- package/skills/architecture-documentation/SKILL.md +126 -0
- package/skills/architecture-documentation/evals/evals.json +44 -0
- package/skills/architecture-documentation/references/abstraction-levels.md +91 -0
- package/skills/architecture-documentation/references/diagram-tooling.md +141 -0
- package/skills/architecture-documentation/templates/architecture-doc.md +171 -0
- package/skills/bug-investigating/SKILL.md +133 -0
- package/skills/bug-investigating/evals/evals.json +56 -0
- package/skills/bug-investigating/references/common-bugs.md +62 -0
- package/skills/bug-investigating/references/debugging-patterns.md +94 -0
- package/skills/cicd-pipeline/SKILL.md +87 -0
- package/skills/cicd-pipeline/evals/evals.json +34 -0
- package/skills/cicd-pipeline/references/pipeline-patterns.md +206 -0
- package/skills/cicd-pipeline/templates/github-actions.md +206 -0
- package/skills/code-reviewing/SKILL.md +92 -0
- package/skills/code-reviewing/evals/evals.json +62 -0
- package/skills/code-reviewing/references/error-handling.md +108 -0
- package/skills/code-reviewing/references/review-checklist.md +144 -0
- package/skills/configuration-strategy/SKILL.md +109 -0
- package/skills/configuration-strategy/evals/evals.json +41 -0
- package/skills/configuration-strategy/references/config-patterns.md +161 -0
- package/skills/containerization/SKILL.md +90 -0
- package/skills/containerization/evals/evals.json +36 -0
- package/skills/containerization/references/dockerfile-patterns.md +168 -0
- package/skills/containerization/templates/dockerfile.md +154 -0
- package/skills/data-modeling/SKILL.md +83 -0
- package/skills/data-modeling/evals/evals.json +43 -0
- package/skills/data-modeling/references/conventions.md +57 -0
- package/skills/data-modeling/templates/schema.md +120 -0
- package/skills/dependency-impact-analysis/SKILL.md +113 -0
- package/skills/dependency-impact-analysis/evals/evals.json +41 -0
- package/skills/dependency-impact-analysis/references/impact-patterns.md +150 -0
- package/skills/dependency-management/SKILL.md +161 -0
- package/skills/dependency-management/evals/evals.json +48 -0
- package/skills/dependency-management/references/evaluation-checklist.md +127 -0
- package/skills/deployment-checklist/SKILL.md +132 -0
- package/skills/deployment-checklist/evals/evals.json +58 -0
- package/skills/deployment-checklist/references/pre-deploy-gates.md +91 -0
- package/skills/deployment-repo/SKILL.md +190 -0
- package/skills/deployment-repo/evals/evals.json +44 -0
- package/skills/deployment-repo/references/deployment-repo-patterns.md +258 -0
- package/skills/deployment-repo/references/version-compatibility.md +227 -0
- package/skills/deployment-repo/templates/deployment-repo-structure.md +226 -0
- package/skills/effort-estimation/SKILL.md +95 -0
- package/skills/effort-estimation/evals/evals.json +32 -0
- package/skills/effort-estimation/references/estimation-methods.md +154 -0
- package/skills/feature-planning/SKILL.md +84 -0
- package/skills/feature-planning/evals/evals.json +44 -0
- package/skills/feature-planning/templates/plan.md +55 -0
- package/skills/feature-planning/templates/task.md +26 -0
- package/skills/frontend-architecture/SKILL.md +154 -0
- package/skills/frontend-architecture/evals/evals.json +34 -0
- package/skills/frontend-architecture/references/component-patterns.md +264 -0
- package/skills/frontend-architecture/templates/folder-structure.md +203 -0
- package/skills/git-workflow/SKILL.md +127 -0
- package/skills/git-workflow/evals/evals.json +44 -0
- package/skills/git-workflow/references/conventions.md +142 -0
- package/skills/git-workflow/templates/pull-request.md +57 -0
- package/skills/gitops-delivery/SKILL.md +319 -0
- package/skills/gitops-delivery/evals/evals.json +44 -0
- package/skills/gitops-delivery/references/gitops-patterns.md +478 -0
- package/skills/gitops-delivery/templates/gitops-config.md +196 -0
- package/skills/incident-response/SKILL.md +130 -0
- package/skills/incident-response/evals/evals.json +55 -0
- package/skills/incident-response/references/communication-templates.md +134 -0
- package/skills/incident-response/references/severity-levels.md +77 -0
- package/skills/incident-response/templates/incident-timeline.md +57 -0
- package/skills/infrastructure-as-code/SKILL.md +86 -0
- package/skills/infrastructure-as-code/evals/evals.json +33 -0
- package/skills/infrastructure-as-code/references/iac-patterns.md +179 -0
- package/skills/infrastructure-as-code/templates/terraform-module.md +158 -0
- package/skills/metrics-and-okrs/SKILL.md +113 -0
- package/skills/metrics-and-okrs/evals/evals.json +33 -0
- package/skills/metrics-and-okrs/references/metric-catalog.md +90 -0
- package/skills/metrics-and-okrs/templates/okr-document.md +61 -0
- package/skills/ml-experiment-tracking/SKILL.md +96 -0
- package/skills/ml-experiment-tracking/evals/evals.json +32 -0
- package/skills/ml-experiment-tracking/references/tracking-tools.md +127 -0
- package/skills/ml-model-deployment/SKILL.md +106 -0
- package/skills/ml-model-deployment/evals/evals.json +34 -0
- package/skills/ml-model-deployment/references/serving-patterns.md +162 -0
- package/skills/ml-pipeline-design/SKILL.md +162 -0
- package/skills/ml-pipeline-design/evals/evals.json +34 -0
- package/skills/ml-pipeline-design/references/pipeline-components.md +174 -0
- package/skills/observability-design/SKILL.md +162 -0
- package/skills/observability-design/evals/evals.json +52 -0
- package/skills/observability-design/references/logging-patterns.md +229 -0
- package/skills/observability-design/references/slo-framework.md +151 -0
- package/skills/observability-design/templates/slo-document.md +80 -0
- package/skills/performance-optimization/SKILL.md +83 -0
- package/skills/performance-optimization/evals/evals.json +47 -0
- package/skills/performance-optimization/references/bottleneck-patterns.md +256 -0
- package/skills/performance-optimization/references/concurrency.md +101 -0
- package/skills/prd-writing/SKILL.md +109 -0
- package/skills/prd-writing/evals/evals.json +33 -0
- package/skills/prd-writing/references/prd-examples.md +132 -0
- package/skills/prd-writing/templates/prd.md +71 -0
- package/skills/prd-writing/templates/rfc.md +79 -0
- package/skills/project-documentation/SKILL.md +104 -0
- package/skills/project-documentation/evals/evals.json +48 -0
- package/skills/project-documentation/references/contributing-guide.md +100 -0
- package/skills/project-documentation/templates/changelog.md +59 -0
- package/skills/project-documentation/templates/readme.md +121 -0
- package/skills/project-proposal/SKILL.md +90 -0
- package/skills/project-proposal/evals/evals.json +31 -0
- package/skills/project-proposal/references/proposal-examples.md +140 -0
- package/skills/project-proposal/templates/proposal.md +76 -0
- package/skills/project-review/SKILL.md +111 -0
- package/skills/project-review/evals/evals.json +42 -0
- package/skills/refactoring/SKILL.md +90 -0
- package/skills/refactoring/evals/evals.json +44 -0
- package/skills/refactoring/references/transformations.md +132 -0
- package/skills/retrospective/SKILL.md +157 -0
- package/skills/retrospective/evals/evals.json +34 -0
- package/skills/retrospective/references/facilitation-guide.md +130 -0
- package/skills/retrospective/templates/post-mortem.md +121 -0
- package/skills/rollback-strategy/SKILL.md +116 -0
- package/skills/rollback-strategy/evals/evals.json +55 -0
- package/skills/rollback-strategy/references/rollback-patterns.md +125 -0
- package/skills/rollback-strategy/templates/rollback-plan.md +69 -0
- package/skills/security-audit/SKILL.md +146 -0
- package/skills/security-audit/evals/evals.json +66 -0
- package/skills/security-audit/references/owasp-top-10.md +167 -0
- package/skills/security-audit/templates/security-report.md +79 -0
- package/skills/skill-router/SKILL.md +171 -0
- package/skills/skill-router/evals/evals.json +39 -0
- package/skills/strategic-review/SKILL.md +106 -0
- package/skills/strategic-review/evals/evals.json +42 -0
- package/skills/strategic-review/templates/full-review-prompt.md +84 -0
- package/skills/tdd-workflow/SKILL.md +147 -0
- package/skills/tdd-workflow/evals/evals.json +58 -0
- package/skills/tdd-workflow/references/test-quality.md +71 -0
- package/skills/technical-debt-review/SKILL.md +113 -0
- package/skills/technical-debt-review/evals/evals.json +41 -0
- package/skills/technical-debt-review/references/debt-taxonomy.md +124 -0
- package/skills/technical-debt-review/templates/debt-audit.md +85 -0
- package/skills/test-data-strategy/SKILL.md +129 -0
- package/skills/test-data-strategy/evals/evals.json +49 -0
- package/skills/test-data-strategy/references/data-generation-patterns.md +341 -0
- package/skills/test-suite-design/SKILL.md +137 -0
- package/skills/test-suite-design/evals/evals.json +69 -0
- package/skills/test-suite-design/references/test-infrastructure.md +175 -0
- package/skills/test-suite-design/references/testing-pyramid.md +140 -0
- package/skills/ui-ux-design/SKILL.md +117 -0
- package/skills/ui-ux-design/evals/evals.json +35 -0
- package/skills/ui-ux-design/references/interaction-patterns.md +145 -0
- package/skills/ui-ux-design/templates/screen-spec.md +97 -0
- package/skills/verification-before-completion/SKILL.md +85 -0
- package/skills/verification-before-completion/evals/evals.json +53 -0
- package/skills/writing-skills/SKILL.md +87 -0
- package/skills/writing-skills/evals/evals.json +41 -0
- package/skills/writing-skills/references/pressure-testing.md +69 -0
- package/uninstall.mjs +182 -0
|
@@ -0,0 +1,130 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: incident-response
|
|
3
|
+
description: "Structured production incident workflow — triage, mitigation, investigation, recovery, comms. Triggers: production is down, site is down, incident, outage, users seeing errors, on-call, alert fired, p0, p1, sev1, sev2, broken in prod, rollback, emergency deploy. For active incidents under time pressure."
|
|
4
|
+
model: opus
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Incident Response
|
|
9
|
+
|
|
10
|
+
Resolve production incidents quickly and safely. Under pressure, the instinct to jump to fixes causes more harm than good — this workflow keeps the response structured without slowing it down.
|
|
11
|
+
|
|
12
|
+
## ⛔ The Iron Law
|
|
13
|
+
|
|
14
|
+
**Mitigate before you investigate; never declare resolved without verification evidence.**
|
|
15
|
+
|
|
16
|
+
Stopping user impact and understanding the cause are separate jobs — don't trade the first for the second. And under pressure, a forward fix you haven't reviewed or verified often creates a second incident: prefer the blunt, reversible mitigation now and confirm recovery with data before declaring the incident over.
|
|
17
|
+
|
|
18
|
+
## Step 1: Triage — Scope and Severity
|
|
19
|
+
|
|
20
|
+
Spend 2-3 minutes here, not more.
|
|
21
|
+
|
|
22
|
+
**Determine blast radius:**
|
|
23
|
+
- What is broken? (Specific feature, entire service, dependent services)
|
|
24
|
+
- Who is affected? (All users, subset, specific accounts, internal only)
|
|
25
|
+
- Is data being lost or corrupted? (If yes: severity immediately escalates)
|
|
26
|
+
- Is the issue getting worse over time or stable?
|
|
27
|
+
|
|
28
|
+
**Classify severity:**
|
|
29
|
+
- **Sev1/P0**: Complete service outage, data loss, security breach. All hands.
|
|
30
|
+
- **Sev2/P1**: Major feature down, significant user impact, degraded performance at scale.
|
|
31
|
+
- **Sev3/P2**: Minor feature broken, small user subset affected, workaround exists.
|
|
32
|
+
|
|
33
|
+
If you can't classify yet, treat it as Sev2 until proven otherwise.
|
|
34
|
+
|
|
35
|
+
**Notify the right people now.** Don't wait until you understand the problem. People need lead time to join.
|
|
36
|
+
|
|
37
|
+
See [references/severity-levels.md](references/severity-levels.md) for team-specific escalation paths.
|
|
38
|
+
|
|
39
|
+
## Step 2: Mitigate First — Fix Later
|
|
40
|
+
|
|
41
|
+
The goal is to stop the bleeding, not to understand it. Mitigation and root cause analysis are separate phases.
|
|
42
|
+
|
|
43
|
+
**Fastest mitigation options (try in order):**
|
|
44
|
+
1. **Feature flag off**: If the broken code is behind a flag, disable it immediately
|
|
45
|
+
2. **Rollback**: If a recent deploy caused this, revert to the previous version
|
|
46
|
+
3. **Traffic shed**: Disable the specific endpoint or functionality that's failing
|
|
47
|
+
4. **Circuit breaker / cache**: Serve stale data while the live system is broken
|
|
48
|
+
5. **Scale up**: If it's a load issue, add capacity before investigating
|
|
49
|
+
|
|
50
|
+
Apply the first option that will work. Do not spend 20 minutes finding the perfect mitigation — apply the blunt one now, refine later.
|
|
51
|
+
|
|
52
|
+
Document each action with a timestamp as you go. This builds the post-mortem timeline automatically.
|
|
53
|
+
|
|
54
|
+
See [references/communication-templates.md](references/communication-templates.md) for status page and stakeholder update templates.
|
|
55
|
+
|
|
56
|
+
## Step 3: Communicate
|
|
57
|
+
|
|
58
|
+
A brief status update every 15-30 minutes prevents stakeholders from escalating or interrupting responders. Use the template in [references/communication-templates.md](references/communication-templates.md):
|
|
59
|
+
|
|
60
|
+
```
|
|
61
|
+
[TIME] Status: [Investigating / Mitigating / Recovering]
|
|
62
|
+
Impact: [What is broken, who is affected]
|
|
63
|
+
Last action: [What was just done]
|
|
64
|
+
Next action: [What's happening next]
|
|
65
|
+
ETA: [Best estimate or "unknown"]
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
Assign one person as the incident commander (coordinates response) and one as the communications lead (external updates). The same person should not do both under pressure.
|
|
69
|
+
|
|
70
|
+
## Step 4: Investigate — Rapid Root Cause
|
|
71
|
+
|
|
72
|
+
Once mitigation is in place and user impact is reduced, find the root cause.
|
|
73
|
+
|
|
74
|
+
Apply the binary search from `bug-investigating` at high speed:
|
|
75
|
+
1. **When did it start?** Check deployment logs, config changes, dependency changes in the window before the incident.
|
|
76
|
+
2. **What changed?** Compare current state to last-known-good state.
|
|
77
|
+
3. **Reproduce in isolation?** Can you trigger the error on a single request/record?
|
|
78
|
+
4. **Trace the error path**: Follow the error from symptom back to cause using logs, traces, and metrics.
|
|
79
|
+
|
|
80
|
+
Time-box investigation phases: 15 minutes to identify the probable cause. If not found, escalate or bring in more people.
|
|
81
|
+
|
|
82
|
+
## Step 5: Recover and Verify
|
|
83
|
+
|
|
84
|
+
**Deploy the fix:**
|
|
85
|
+
- For rollbacks: verify the previous version is clean, deploy, monitor for 10 minutes
|
|
86
|
+
- For forward fixes: code review is still required (even during incidents, a second set of eyes prevents making things worse)
|
|
87
|
+
- For config changes: change one variable at a time
|
|
88
|
+
|
|
89
|
+
**Verify recovery:**
|
|
90
|
+
- Error rate returns to baseline
|
|
91
|
+
- Latency returns to normal
|
|
92
|
+
- Affected functionality works end-to-end
|
|
93
|
+
- No secondary issues (cascading failures, queue backlogs)
|
|
94
|
+
|
|
95
|
+
**Declare the incident resolved** with a timestamp. Send a final status update.
|
|
96
|
+
|
|
97
|
+
**Schedule the post-mortem** within 48-72 hours while memory is fresh. Use the `retrospective` skill (incident post-mortem format).
|
|
98
|
+
|
|
99
|
+
## Principles Applied
|
|
100
|
+
|
|
101
|
+
- **KISS**: Apply the simplest mitigation first. A blunt rollback that works beats an elegant fix that takes an hour.
|
|
102
|
+
- **Blameless culture**: Incidents are caused by systems, not people. Focus on what the system allowed, not who triggered it.
|
|
103
|
+
- **Communication over silence**: Even "we don't know yet" is better than silence. Stakeholders will escalate if they don't hear anything.
|
|
104
|
+
- **Separate mitigation from investigation**: Stopping user impact and understanding root cause are different work. Don't conflate them.
|
|
105
|
+
|
|
106
|
+
## Rationalizations to reject
|
|
107
|
+
|
|
108
|
+
Time pressure makes these tempting. Reject them anyway.
|
|
109
|
+
|
|
110
|
+
| Excuse | Reality |
|
|
111
|
+
|--------|---------|
|
|
112
|
+
| "Let me find the root cause first" | Every minute investigating is a minute users stay broken. Mitigate first. |
|
|
113
|
+
| "I know what's wrong — quick forward fix" | Forward fixes under pressure cause secondary incidents; a rollback is usually faster and safer. |
|
|
114
|
+
| "Skip code review, it's an emergency" | A second set of eyes is cheapest exactly when the stakes are highest. |
|
|
115
|
+
| "Error rate looks better, call it resolved" | "Looks better" is not baseline. Verify error rate, latency, and end-to-end function. |
|
|
116
|
+
| "I'll update people once it's fixed" | Silence makes stakeholders escalate. Send a status even when it's "we don't know yet." |
|
|
117
|
+
|
|
118
|
+
## Red flags — stop and correct course
|
|
119
|
+
|
|
120
|
+
- Debugging root cause while users are still impacted and no mitigation is live.
|
|
121
|
+
- Deploying a forward fix you haven't reviewed.
|
|
122
|
+
- Declaring resolved from a single metric or a quick glance.
|
|
123
|
+
- No timestamped action log being kept as you go.
|
|
124
|
+
|
|
125
|
+
## Cross-Skill References
|
|
126
|
+
|
|
127
|
+
- `rollback-strategy` — design safe rollback plans before incidents happen
|
|
128
|
+
- `bug-investigating` — use for offline root cause analysis after mitigation
|
|
129
|
+
- `retrospective` — use the incident post-mortem format after the incident resolves
|
|
130
|
+
- `deployment-checklist` — gate future deploys to prevent recurrence
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "incident-response",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "Production is down. Users are getting 500 errors on checkout. We deployed 20 minutes ago. What do I do?",
|
|
7
|
+
"expected_output": "Structured incident response starting with triage (scope/severity assessment), immediate mitigation recommendation (rollback the deploy), communication guidance, and timeline tracking",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Immediately recommends rollback as fastest mitigation given recent deploy",
|
|
10
|
+
"Asks or addresses scope questions: is it all users or a subset? Is it only checkout or other pages too?",
|
|
11
|
+
"Recommends notifying stakeholders now, not after root cause is found",
|
|
12
|
+
"Distinguishes mitigation (stop the bleeding) from investigation (find the cause)",
|
|
13
|
+
"Does not attempt deep root cause analysis before mitigation is in place",
|
|
14
|
+
"Suggests monitoring after rollback to verify recovery"
|
|
15
|
+
]
|
|
16
|
+
},
|
|
17
|
+
{
|
|
18
|
+
"id": 2,
|
|
19
|
+
"prompt": "We have an incident where a background job is running but producing incorrect results — all order totals calculated in the last 2 hours are wrong by about 15%. No service is down, users aren't seeing errors. How should we handle this?",
|
|
20
|
+
"expected_output": "Recognizes this as a data integrity incident (potentially Sev1 despite no downtime), recommends stopping the job immediately, scoping the data impact, and planning data correction before communication",
|
|
21
|
+
"assertions": [
|
|
22
|
+
"Recognizes data corruption as a high-severity issue even without service downtime",
|
|
23
|
+
"Recommends stopping the job immediately to prevent more bad data",
|
|
24
|
+
"Addresses scoping the affected records (which orders, time range, total count)",
|
|
25
|
+
"Raises the question of customer communication and billing correction",
|
|
26
|
+
"Does not treat this as a low-priority issue just because no service is down"
|
|
27
|
+
]
|
|
28
|
+
},
|
|
29
|
+
{
|
|
30
|
+
"id": 3,
|
|
31
|
+
"prompt": "I want to do an incident response drill with my team to practice before a real incident happens. Can you help me plan it?",
|
|
32
|
+
"expected_output": "Clarifies this is incident response preparation/training, not an active incident — redirects to planning a drill scenario rather than executing incident response steps",
|
|
33
|
+
"assertions": [
|
|
34
|
+
"Recognizes this is a planning/training request, not an active incident",
|
|
35
|
+
"Does not execute the incident response workflow as if production is down",
|
|
36
|
+
"Offers to help design drill scenarios, runbooks, or role assignments",
|
|
37
|
+
"May suggest this is adjacent to retrospective/process improvement work"
|
|
38
|
+
]
|
|
39
|
+
}
|
|
40
|
+
],
|
|
41
|
+
"pressure_tests": [
|
|
42
|
+
{
|
|
43
|
+
"id": 1,
|
|
44
|
+
"prompt": "Site is down and everyone is watching. I'm pretty sure I know the bug — let me just push a quick forward fix straight to prod, no time for a rollback or a review.",
|
|
45
|
+
"pressure": ["time", "authority"],
|
|
46
|
+
"expected_behavior": "Holds the Iron Law: mitigate before investigate, and never ship an unverified fix under pressure. Prefers fast reversible mitigation (rollback / feature flag) over an unreviewed forward fix, keeps review even during the incident, and requires verifying recovery against baseline before declaring resolved.",
|
|
47
|
+
"assertions": [
|
|
48
|
+
"Prefers fast, reversible mitigation (rollback / flag) over an unreviewed forward fix",
|
|
49
|
+
"Does not skip review on a forward fix pushed to prod",
|
|
50
|
+
"Requires verifying recovery against baseline before declaring resolved",
|
|
51
|
+
"Keeps a timestamped action log"
|
|
52
|
+
]
|
|
53
|
+
}
|
|
54
|
+
]
|
|
55
|
+
}
|
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
# Incident Communication Templates
|
|
2
|
+
|
|
3
|
+
## Principles for Incident Communication
|
|
4
|
+
|
|
5
|
+
- **Frequency over perfection**: A brief update every 15 minutes beats a comprehensive update every hour
|
|
6
|
+
- **No technical jargon in external updates**: "Database connection issue" not "connection pool exhaustion due to missing index causing table locks"
|
|
7
|
+
- **Acknowledge what you don't know**: "We're still investigating the root cause" is honest and appropriate
|
|
8
|
+
- **Never promise a resolution time you're not confident in**: "We expect resolution by 3pm" that misses creates more frustration than "ETA unknown"
|
|
9
|
+
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
## Internal Status Update (Slack / incident channel)
|
|
13
|
+
|
|
14
|
+
Use during active incident, every 15-30 minutes:
|
|
15
|
+
|
|
16
|
+
```
|
|
17
|
+
[TIME] Incident Update
|
|
18
|
+
|
|
19
|
+
Status: [INVESTIGATING | MITIGATING | RECOVERING | RESOLVED]
|
|
20
|
+
|
|
21
|
+
Impact: [What is broken, who is affected, estimated scope]
|
|
22
|
+
|
|
23
|
+
What we know: [Findings so far]
|
|
24
|
+
|
|
25
|
+
What we've tried: [Actions taken and results]
|
|
26
|
+
|
|
27
|
+
Next action: [What is happening right now / next]
|
|
28
|
+
|
|
29
|
+
ETA: [Best estimate, or "unknown — update in 15 min"]
|
|
30
|
+
|
|
31
|
+
IC: [Name of incident commander]
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
---
|
|
35
|
+
|
|
36
|
+
## External Status Page Update
|
|
37
|
+
|
|
38
|
+
For customer-visible incidents. Use plain language.
|
|
39
|
+
|
|
40
|
+
**Initial post** (publish within 5-15 minutes of declaring incident):
|
|
41
|
+
```
|
|
42
|
+
[SERVICE NAME] - Investigating
|
|
43
|
+
We are investigating reports of [brief description of what users are experiencing].
|
|
44
|
+
We will provide an update in [15/30] minutes.
|
|
45
|
+
[TIME]
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
**Update post** (every 30 minutes until resolved):
|
|
49
|
+
```
|
|
50
|
+
[SERVICE NAME] - [Investigating / Identified / Monitoring]
|
|
51
|
+
We have [identified the cause of / are continuing to investigate] [brief description].
|
|
52
|
+
[One sentence on what you're doing about it.]
|
|
53
|
+
We will provide an update in [15/30] minutes.
|
|
54
|
+
[TIME]
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
**Resolution post**:
|
|
58
|
+
```
|
|
59
|
+
[SERVICE NAME] - Resolved
|
|
60
|
+
This incident has been resolved. [Brief description of what was fixed.]
|
|
61
|
+
If you continue to experience issues, please contact support at [email/URL].
|
|
62
|
+
We will publish a full post-mortem within [48-72] hours.
|
|
63
|
+
[TIME]
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
---
|
|
67
|
+
|
|
68
|
+
## Stakeholder Notification (executive / customer success)
|
|
69
|
+
|
|
70
|
+
For Sev1 or high-visibility Sev2. Send via email or direct message within 15 minutes:
|
|
71
|
+
|
|
72
|
+
```
|
|
73
|
+
Subject: [INCIDENT] [Brief description] - [STATUS]
|
|
74
|
+
|
|
75
|
+
[DATE TIME]
|
|
76
|
+
|
|
77
|
+
What happened: [1-2 sentences, no jargon]
|
|
78
|
+
|
|
79
|
+
Who is affected: [User scope]
|
|
80
|
+
|
|
81
|
+
Current status: [What you're doing right now]
|
|
82
|
+
|
|
83
|
+
Next update: [When they'll hear from you next]
|
|
84
|
+
|
|
85
|
+
Point of contact: [Your name / incident channel]
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
---
|
|
89
|
+
|
|
90
|
+
## Post-Incident Communication
|
|
91
|
+
|
|
92
|
+
After resolution, send a brief wrap-up to stakeholders:
|
|
93
|
+
|
|
94
|
+
```
|
|
95
|
+
Subject: [RESOLVED] [Brief description] - Post-incident summary
|
|
96
|
+
|
|
97
|
+
The [description] incident that began at [time] has been fully resolved as of [time].
|
|
98
|
+
|
|
99
|
+
Duration: [X hours Y minutes]
|
|
100
|
+
Users affected: [Scope]
|
|
101
|
+
Root cause (brief): [1-2 sentences]
|
|
102
|
+
|
|
103
|
+
We will publish a full post-mortem by [date]. If you have questions, [contact].
|
|
104
|
+
```
|
|
105
|
+
|
|
106
|
+
---
|
|
107
|
+
|
|
108
|
+
## Handoff Template
|
|
109
|
+
|
|
110
|
+
When handing off an incident between engineers (shift change, bringing someone new in):
|
|
111
|
+
|
|
112
|
+
```
|
|
113
|
+
INCIDENT HANDOFF — [TIME]
|
|
114
|
+
|
|
115
|
+
Incident: [Brief description]
|
|
116
|
+
Duration: Started at [time] ([X hours ago])
|
|
117
|
+
Current status: [MITIGATING / INVESTIGATING / etc.]
|
|
118
|
+
|
|
119
|
+
What we know:
|
|
120
|
+
- [Finding 1]
|
|
121
|
+
- [Finding 2]
|
|
122
|
+
|
|
123
|
+
What we've tried:
|
|
124
|
+
- [Action 1] → [Result]
|
|
125
|
+
- [Action 2] → [Result]
|
|
126
|
+
|
|
127
|
+
Current hypothesis: [Best guess at root cause]
|
|
128
|
+
|
|
129
|
+
Immediate next step: [What the new person should do first]
|
|
130
|
+
|
|
131
|
+
Pending questions: [What we still don't know]
|
|
132
|
+
|
|
133
|
+
Stakeholder updates: Last update sent at [time]. Next due at [time].
|
|
134
|
+
```
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
# Severity Levels and Escalation
|
|
2
|
+
|
|
3
|
+
## Severity Classification
|
|
4
|
+
|
|
5
|
+
### Sev1 / P0 — Critical
|
|
6
|
+
|
|
7
|
+
**Criteria (any one is sufficient):**
|
|
8
|
+
- Complete service outage (no users can use the product)
|
|
9
|
+
- Data loss or data corruption actively occurring
|
|
10
|
+
- Security breach (unauthorized data access, account compromise)
|
|
11
|
+
- Payment processing completely down
|
|
12
|
+
- SLA breach is imminent (within minutes)
|
|
13
|
+
|
|
14
|
+
**Response:**
|
|
15
|
+
- All available engineers engaged immediately
|
|
16
|
+
- Engineering leadership notified
|
|
17
|
+
- Customer-facing status page updated within 5 minutes
|
|
18
|
+
- Updates every 15 minutes until resolved
|
|
19
|
+
- Target resolution: under 1 hour
|
|
20
|
+
|
|
21
|
+
### Sev2 / P1 — Major
|
|
22
|
+
|
|
23
|
+
**Criteria (any one is sufficient):**
|
|
24
|
+
- Core feature unavailable for a significant percentage of users
|
|
25
|
+
- Severe performance degradation (>5x normal latency)
|
|
26
|
+
- Data pipeline stopped (data freshness SLA at risk)
|
|
27
|
+
- Monitoring/alerting is completely blind
|
|
28
|
+
- Workaround exists but is severely degraded
|
|
29
|
+
|
|
30
|
+
**Response:**
|
|
31
|
+
- On-call engineer + one additional engineer
|
|
32
|
+
- Engineering manager notified
|
|
33
|
+
- Status page updated within 15 minutes
|
|
34
|
+
- Updates every 30 minutes
|
|
35
|
+
- Target resolution: under 4 hours
|
|
36
|
+
|
|
37
|
+
### Sev3 / P2 — Minor
|
|
38
|
+
|
|
39
|
+
**Criteria:**
|
|
40
|
+
- Non-critical feature broken for some users
|
|
41
|
+
- Cosmetic or UX issue with workaround
|
|
42
|
+
- Performance degradation below 5x normal
|
|
43
|
+
- Internal tooling broken (no user impact)
|
|
44
|
+
|
|
45
|
+
**Response:**
|
|
46
|
+
- On-call engineer handles during business hours
|
|
47
|
+
- No immediate escalation required
|
|
48
|
+
- Fix within one business day
|
|
49
|
+
- No status page update required (unless customer-visible)
|
|
50
|
+
|
|
51
|
+
## The Escalation Decision
|
|
52
|
+
|
|
53
|
+
Escalate when:
|
|
54
|
+
- You've been investigating for 15 minutes without identifying the cause
|
|
55
|
+
- The blast radius is larger than initially assessed
|
|
56
|
+
- You need access you don't have (database, infrastructure, vendor support)
|
|
57
|
+
- A second set of eyes would meaningfully speed up resolution
|
|
58
|
+
|
|
59
|
+
Don't wait until you're sure escalation is needed. The cost of an unnecessary page is low; the cost of delayed escalation during a real incident is high.
|
|
60
|
+
|
|
61
|
+
## Roles During an Incident
|
|
62
|
+
|
|
63
|
+
**Incident Commander (IC)**
|
|
64
|
+
- Owns the response: assigns tasks, decides priorities, tracks timeline
|
|
65
|
+
- NOT necessarily the person doing the technical work
|
|
66
|
+
- Prevents simultaneous conflicting actions ("wait, I was also trying to restart that")
|
|
67
|
+
- Can be whoever got paged first if no formal IC is assigned
|
|
68
|
+
|
|
69
|
+
**Communications Lead**
|
|
70
|
+
- Handles all external updates (status page, stakeholder messages)
|
|
71
|
+
- Shields the technical responders from interruptions
|
|
72
|
+
- If team is small, IC and communications can be the same person for Sev2/Sev3
|
|
73
|
+
|
|
74
|
+
**Technical Responders**
|
|
75
|
+
- Focus on investigation and fix
|
|
76
|
+
- Report findings to IC
|
|
77
|
+
- Don't take unilateral actions — tell IC first
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# Incident Timeline
|
|
2
|
+
|
|
3
|
+
**Incident ID**: INC-[NUMBER]
|
|
4
|
+
**Date**: [DATE]
|
|
5
|
+
**Severity**: [Sev1 / Sev2 / Sev3]
|
|
6
|
+
**Status**: [Active / Resolved]
|
|
7
|
+
**Incident Commander**: [Name]
|
|
8
|
+
**Communications Lead**: [Name]
|
|
9
|
+
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
## Impact Summary
|
|
13
|
+
|
|
14
|
+
**What broke**: [Brief description of what was unavailable or degraded]
|
|
15
|
+
**Users affected**: [Scope — all users / X% of users / specific account(s) / internal only]
|
|
16
|
+
**Started**: [TIME]
|
|
17
|
+
**Detected**: [TIME] (by [monitoring alert / user report / internal discovery])
|
|
18
|
+
**Mitigated**: [TIME]
|
|
19
|
+
**Resolved**: [TIME]
|
|
20
|
+
**Total duration**: [X hours Y minutes]
|
|
21
|
+
|
|
22
|
+
---
|
|
23
|
+
|
|
24
|
+
## Timeline
|
|
25
|
+
|
|
26
|
+
| Time | Action / Observation | Who |
|
|
27
|
+
|------|---------------------|-----|
|
|
28
|
+
| HH:MM | [Event or action] | [Name] |
|
|
29
|
+
| HH:MM | | |
|
|
30
|
+
| HH:MM | | |
|
|
31
|
+
|
|
32
|
+
*Add rows as the incident progresses. Include: alerts fired, actions taken, things tried, findings made, stakeholder updates sent.*
|
|
33
|
+
|
|
34
|
+
---
|
|
35
|
+
|
|
36
|
+
## Mitigation Steps Taken
|
|
37
|
+
|
|
38
|
+
1. [First mitigation action and result]
|
|
39
|
+
2. [Second mitigation action and result]
|
|
40
|
+
|
|
41
|
+
---
|
|
42
|
+
|
|
43
|
+
## Root Cause (preliminary)
|
|
44
|
+
|
|
45
|
+
[Complete after incident resolves. Brief description of what caused the incident.]
|
|
46
|
+
|
|
47
|
+
---
|
|
48
|
+
|
|
49
|
+
## Next Steps
|
|
50
|
+
|
|
51
|
+
- [ ] Full root cause analysis (assign to: [Name], due: [Date])
|
|
52
|
+
- [ ] Post-mortem scheduled for: [Date/Time]
|
|
53
|
+
- [ ] [Any immediate follow-up actions]
|
|
54
|
+
|
|
55
|
+
---
|
|
56
|
+
|
|
57
|
+
*This timeline will be incorporated into the post-mortem. See `retrospective` skill for post-mortem format.*
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: infrastructure-as-code
|
|
3
|
+
description: "Write and review IaC with Terraform, CloudFormation, Pulumi, or CDK — modularity, security, state management. Triggers: Terraform, CloudFormation, Pulumi, infrastructure as code, IaC, provision, cloud resources, terraform module, state management, terraform plan, CDK, drift, remote state."
|
|
4
|
+
model: sonnet
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Infrastructure as Code
|
|
9
|
+
|
|
10
|
+
Write and review IaC that is modular, secure, and maintainable. Infrastructure should be treated with the same rigor as application code — versioned, tested, reviewed, and deployed through pipelines.
|
|
11
|
+
|
|
12
|
+
## Workflow
|
|
13
|
+
|
|
14
|
+
### Step 1: Understand the Infrastructure Need
|
|
15
|
+
|
|
16
|
+
Before writing any IaC:
|
|
17
|
+
|
|
18
|
+
- **What resources are needed?** Compute, storage, networking, databases, queues, CDN?
|
|
19
|
+
- **Which cloud provider?** AWS, GCP, Azure, or multi-cloud?
|
|
20
|
+
- **Which IaC tool?** Terraform (cloud-agnostic, declarative), CloudFormation (AWS-native), Pulumi (imperative, multi-language), CDK (AWS, TypeScript/Python)?
|
|
21
|
+
- **What environments?** Dev, staging, production? How do they differ (instance sizes, replicas)?
|
|
22
|
+
- **What exists already?** Importing existing resources? Greenfield?
|
|
23
|
+
|
|
24
|
+
### Step 2: Design the Module Structure
|
|
25
|
+
|
|
26
|
+
Organize IaC for reusability and clarity:
|
|
27
|
+
|
|
28
|
+
```
|
|
29
|
+
infrastructure/
|
|
30
|
+
├── modules/ # Reusable modules
|
|
31
|
+
│ ├── networking/ # VPC, subnets, security groups
|
|
32
|
+
│ ├── database/ # RDS, ElastiCache
|
|
33
|
+
│ ├── compute/ # ECS, EKS, Lambda
|
|
34
|
+
│ └── monitoring/ # CloudWatch, alerting
|
|
35
|
+
├── environments/
|
|
36
|
+
│ ├── dev/
|
|
37
|
+
│ │ ├── main.tf # Compose modules with dev params
|
|
38
|
+
│ │ └── terraform.tfvars
|
|
39
|
+
│ ├── staging/
|
|
40
|
+
│ └── production/
|
|
41
|
+
├── backend.tf # State backend configuration
|
|
42
|
+
└── versions.tf # Provider version constraints
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Each module should be independently usable with well-defined inputs (variables) and outputs.
|
|
46
|
+
|
|
47
|
+
### Step 3: Write the Configuration
|
|
48
|
+
|
|
49
|
+
Follow these principles. Use [templates/terraform-module.md](templates/terraform-module.md) as a starting point for module structure, variables, outputs, and README format.
|
|
50
|
+
|
|
51
|
+
**Modularity**: Each module does one thing (networking, database, compute). Modules compose through outputs → inputs.
|
|
52
|
+
|
|
53
|
+
**Parameterization**: Use variables for anything that differs between environments. Never hardcode region, instance size, replica count, or credentials.
|
|
54
|
+
|
|
55
|
+
**State management**: Use remote state backends (S3 + DynamoDB for Terraform, etc.). Enable state locking. Never commit state files to git.
|
|
56
|
+
|
|
57
|
+
**Security by default**: Encrypt at rest, restrict security groups to minimum required ports, use IAM roles (not keys), enable logging.
|
|
58
|
+
|
|
59
|
+
**Tagging**: Every resource gets tags for cost allocation, ownership, and environment identification.
|
|
60
|
+
|
|
61
|
+
### Step 4: Review and Validate
|
|
62
|
+
|
|
63
|
+
Before applying:
|
|
64
|
+
|
|
65
|
+
- [ ] `terraform plan` shows only expected changes
|
|
66
|
+
- [ ] No hardcoded secrets or credentials
|
|
67
|
+
- [ ] Security groups follow least-privilege (no 0.0.0.0/0 ingress on sensitive ports)
|
|
68
|
+
- [ ] Encryption enabled for storage and databases
|
|
69
|
+
- [ ] State backend is remote with locking enabled
|
|
70
|
+
- [ ] All resources are tagged (environment, team, project)
|
|
71
|
+
- [ ] Modules have input validation (variable constraints)
|
|
72
|
+
- [ ] Outputs are defined for values downstream modules need
|
|
73
|
+
|
|
74
|
+
### Step 5: Plan Deployment
|
|
75
|
+
|
|
76
|
+
- IaC changes should go through the same PR review process as application code
|
|
77
|
+
- Use `plan` output as the PR artifact — reviewers should see what will change
|
|
78
|
+
- Apply through CI/CD pipeline, never from a developer's laptop
|
|
79
|
+
- Use workspace or directory-per-environment patterns to prevent accidental cross-environment changes
|
|
80
|
+
|
|
81
|
+
## Principles Applied
|
|
82
|
+
|
|
83
|
+
- **DRY**: Modules eliminate repeated resource definitions across environments.
|
|
84
|
+
- **KISS**: Start with simple resources, refactor into modules when patterns repeat.
|
|
85
|
+
- **YAGNI**: Don't create a module for a resource you define once. Modules earn their existence through reuse.
|
|
86
|
+
- **Functional Independence**: Each module manages its own resources with clean interfaces. No module reaches into another's state.
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "infrastructure-as-code",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "Write Terraform to provision a production-ready PostgreSQL RDS instance on AWS. It should be in a private subnet, encrypted, with automated backups, and accessible only from our ECS tasks.",
|
|
7
|
+
"expected_output": "Should create a Terraform module with VPC/subnet references, security group restricting access to ECS, encryption enabled, backup retention, and parameterized instance class.",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"RDS instance is in a private subnet (not publicly accessible)",
|
|
10
|
+
"Security group allows ingress only from ECS security group (not 0.0.0.0/0)",
|
|
11
|
+
"storage_encrypted = true",
|
|
12
|
+
"Backup retention is configured (> 0 days)",
|
|
13
|
+
"Password is not hardcoded (uses variable with sensitive flag or secrets manager)",
|
|
14
|
+
"Instance class is parameterized via variable",
|
|
15
|
+
"Resources are tagged",
|
|
16
|
+
"Outputs expose endpoint and port for consuming modules"
|
|
17
|
+
]
|
|
18
|
+
},
|
|
19
|
+
{
|
|
20
|
+
"id": 2,
|
|
21
|
+
"prompt": "Review this Terraform and tell me what's wrong:\n\nresource \"aws_s3_bucket\" \"data\" {\n bucket = \"my-data-bucket\"\n}\n\nresource \"aws_s3_bucket_policy\" \"data\" {\n bucket = aws_s3_bucket.data.id\n policy = jsonencode({\n Statement = [{\n Effect = \"Allow\"\n Principal = \"*\"\n Action = \"s3:GetObject\"\n Resource = \"${aws_s3_bucket.data.arn}/*\"\n }]\n })\n}",
|
|
22
|
+
"expected_output": "Should identify the public bucket policy (Principal: *), missing encryption, missing versioning, missing access logging, and missing tags.",
|
|
23
|
+
"assertions": [
|
|
24
|
+
"Identifies Principal '*' as making the bucket publicly readable",
|
|
25
|
+
"Flags missing server-side encryption",
|
|
26
|
+
"Flags missing versioning",
|
|
27
|
+
"Flags missing access logging",
|
|
28
|
+
"Flags missing tags",
|
|
29
|
+
"Provides corrected Terraform with restricted policy"
|
|
30
|
+
]
|
|
31
|
+
}
|
|
32
|
+
]
|
|
33
|
+
}
|