swe-workflow-skills 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (177) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +144 -0
  3. package/VERSION +1 -0
  4. package/bin/cli.mjs +44 -0
  5. package/catalog.json +225 -0
  6. package/commands/role.md +34 -0
  7. package/hooks/session-start.mjs +118 -0
  8. package/install.mjs +318 -0
  9. package/package.json +47 -0
  10. package/roles.json +194 -0
  11. package/scripts/resolve.mjs +296 -0
  12. package/skills/accessibility-design/SKILL.md +128 -0
  13. package/skills/accessibility-design/evals/evals.json +51 -0
  14. package/skills/accessibility-design/references/accessibility-patterns.md +321 -0
  15. package/skills/api-design/SKILL.md +144 -0
  16. package/skills/api-design/evals/evals.json +48 -0
  17. package/skills/api-design/references/rest-conventions.md +147 -0
  18. package/skills/api-design/templates/api-spec.md +156 -0
  19. package/skills/architecture-design/SKILL.md +86 -0
  20. package/skills/architecture-design/evals/evals.json +44 -0
  21. package/skills/architecture-design/references/clean-architecture.md +147 -0
  22. package/skills/architecture-design/references/component-principles.md +129 -0
  23. package/skills/architecture-design/references/principles.md +81 -0
  24. package/skills/architecture-design/references/solid-principles.md +106 -0
  25. package/skills/architecture-design/templates/adr.md +63 -0
  26. package/skills/architecture-documentation/SKILL.md +126 -0
  27. package/skills/architecture-documentation/evals/evals.json +44 -0
  28. package/skills/architecture-documentation/references/abstraction-levels.md +91 -0
  29. package/skills/architecture-documentation/references/diagram-tooling.md +141 -0
  30. package/skills/architecture-documentation/templates/architecture-doc.md +171 -0
  31. package/skills/bug-investigating/SKILL.md +133 -0
  32. package/skills/bug-investigating/evals/evals.json +56 -0
  33. package/skills/bug-investigating/references/common-bugs.md +62 -0
  34. package/skills/bug-investigating/references/debugging-patterns.md +94 -0
  35. package/skills/cicd-pipeline/SKILL.md +87 -0
  36. package/skills/cicd-pipeline/evals/evals.json +34 -0
  37. package/skills/cicd-pipeline/references/pipeline-patterns.md +206 -0
  38. package/skills/cicd-pipeline/templates/github-actions.md +206 -0
  39. package/skills/code-reviewing/SKILL.md +92 -0
  40. package/skills/code-reviewing/evals/evals.json +62 -0
  41. package/skills/code-reviewing/references/error-handling.md +108 -0
  42. package/skills/code-reviewing/references/review-checklist.md +144 -0
  43. package/skills/configuration-strategy/SKILL.md +109 -0
  44. package/skills/configuration-strategy/evals/evals.json +41 -0
  45. package/skills/configuration-strategy/references/config-patterns.md +161 -0
  46. package/skills/containerization/SKILL.md +90 -0
  47. package/skills/containerization/evals/evals.json +36 -0
  48. package/skills/containerization/references/dockerfile-patterns.md +168 -0
  49. package/skills/containerization/templates/dockerfile.md +154 -0
  50. package/skills/data-modeling/SKILL.md +83 -0
  51. package/skills/data-modeling/evals/evals.json +43 -0
  52. package/skills/data-modeling/references/conventions.md +57 -0
  53. package/skills/data-modeling/templates/schema.md +120 -0
  54. package/skills/dependency-impact-analysis/SKILL.md +113 -0
  55. package/skills/dependency-impact-analysis/evals/evals.json +41 -0
  56. package/skills/dependency-impact-analysis/references/impact-patterns.md +150 -0
  57. package/skills/dependency-management/SKILL.md +161 -0
  58. package/skills/dependency-management/evals/evals.json +48 -0
  59. package/skills/dependency-management/references/evaluation-checklist.md +127 -0
  60. package/skills/deployment-checklist/SKILL.md +132 -0
  61. package/skills/deployment-checklist/evals/evals.json +58 -0
  62. package/skills/deployment-checklist/references/pre-deploy-gates.md +91 -0
  63. package/skills/deployment-repo/SKILL.md +190 -0
  64. package/skills/deployment-repo/evals/evals.json +44 -0
  65. package/skills/deployment-repo/references/deployment-repo-patterns.md +258 -0
  66. package/skills/deployment-repo/references/version-compatibility.md +227 -0
  67. package/skills/deployment-repo/templates/deployment-repo-structure.md +226 -0
  68. package/skills/effort-estimation/SKILL.md +95 -0
  69. package/skills/effort-estimation/evals/evals.json +32 -0
  70. package/skills/effort-estimation/references/estimation-methods.md +154 -0
  71. package/skills/feature-planning/SKILL.md +84 -0
  72. package/skills/feature-planning/evals/evals.json +44 -0
  73. package/skills/feature-planning/templates/plan.md +55 -0
  74. package/skills/feature-planning/templates/task.md +26 -0
  75. package/skills/frontend-architecture/SKILL.md +154 -0
  76. package/skills/frontend-architecture/evals/evals.json +34 -0
  77. package/skills/frontend-architecture/references/component-patterns.md +264 -0
  78. package/skills/frontend-architecture/templates/folder-structure.md +203 -0
  79. package/skills/git-workflow/SKILL.md +127 -0
  80. package/skills/git-workflow/evals/evals.json +44 -0
  81. package/skills/git-workflow/references/conventions.md +142 -0
  82. package/skills/git-workflow/templates/pull-request.md +57 -0
  83. package/skills/gitops-delivery/SKILL.md +319 -0
  84. package/skills/gitops-delivery/evals/evals.json +44 -0
  85. package/skills/gitops-delivery/references/gitops-patterns.md +478 -0
  86. package/skills/gitops-delivery/templates/gitops-config.md +196 -0
  87. package/skills/incident-response/SKILL.md +130 -0
  88. package/skills/incident-response/evals/evals.json +55 -0
  89. package/skills/incident-response/references/communication-templates.md +134 -0
  90. package/skills/incident-response/references/severity-levels.md +77 -0
  91. package/skills/incident-response/templates/incident-timeline.md +57 -0
  92. package/skills/infrastructure-as-code/SKILL.md +86 -0
  93. package/skills/infrastructure-as-code/evals/evals.json +33 -0
  94. package/skills/infrastructure-as-code/references/iac-patterns.md +179 -0
  95. package/skills/infrastructure-as-code/templates/terraform-module.md +158 -0
  96. package/skills/metrics-and-okrs/SKILL.md +113 -0
  97. package/skills/metrics-and-okrs/evals/evals.json +33 -0
  98. package/skills/metrics-and-okrs/references/metric-catalog.md +90 -0
  99. package/skills/metrics-and-okrs/templates/okr-document.md +61 -0
  100. package/skills/ml-experiment-tracking/SKILL.md +96 -0
  101. package/skills/ml-experiment-tracking/evals/evals.json +32 -0
  102. package/skills/ml-experiment-tracking/references/tracking-tools.md +127 -0
  103. package/skills/ml-model-deployment/SKILL.md +106 -0
  104. package/skills/ml-model-deployment/evals/evals.json +34 -0
  105. package/skills/ml-model-deployment/references/serving-patterns.md +162 -0
  106. package/skills/ml-pipeline-design/SKILL.md +162 -0
  107. package/skills/ml-pipeline-design/evals/evals.json +34 -0
  108. package/skills/ml-pipeline-design/references/pipeline-components.md +174 -0
  109. package/skills/observability-design/SKILL.md +162 -0
  110. package/skills/observability-design/evals/evals.json +52 -0
  111. package/skills/observability-design/references/logging-patterns.md +229 -0
  112. package/skills/observability-design/references/slo-framework.md +151 -0
  113. package/skills/observability-design/templates/slo-document.md +80 -0
  114. package/skills/performance-optimization/SKILL.md +83 -0
  115. package/skills/performance-optimization/evals/evals.json +47 -0
  116. package/skills/performance-optimization/references/bottleneck-patterns.md +256 -0
  117. package/skills/performance-optimization/references/concurrency.md +101 -0
  118. package/skills/prd-writing/SKILL.md +109 -0
  119. package/skills/prd-writing/evals/evals.json +33 -0
  120. package/skills/prd-writing/references/prd-examples.md +132 -0
  121. package/skills/prd-writing/templates/prd.md +71 -0
  122. package/skills/prd-writing/templates/rfc.md +79 -0
  123. package/skills/project-documentation/SKILL.md +104 -0
  124. package/skills/project-documentation/evals/evals.json +48 -0
  125. package/skills/project-documentation/references/contributing-guide.md +100 -0
  126. package/skills/project-documentation/templates/changelog.md +59 -0
  127. package/skills/project-documentation/templates/readme.md +121 -0
  128. package/skills/project-proposal/SKILL.md +90 -0
  129. package/skills/project-proposal/evals/evals.json +31 -0
  130. package/skills/project-proposal/references/proposal-examples.md +140 -0
  131. package/skills/project-proposal/templates/proposal.md +76 -0
  132. package/skills/project-review/SKILL.md +111 -0
  133. package/skills/project-review/evals/evals.json +42 -0
  134. package/skills/refactoring/SKILL.md +90 -0
  135. package/skills/refactoring/evals/evals.json +44 -0
  136. package/skills/refactoring/references/transformations.md +132 -0
  137. package/skills/retrospective/SKILL.md +157 -0
  138. package/skills/retrospective/evals/evals.json +34 -0
  139. package/skills/retrospective/references/facilitation-guide.md +130 -0
  140. package/skills/retrospective/templates/post-mortem.md +121 -0
  141. package/skills/rollback-strategy/SKILL.md +116 -0
  142. package/skills/rollback-strategy/evals/evals.json +55 -0
  143. package/skills/rollback-strategy/references/rollback-patterns.md +125 -0
  144. package/skills/rollback-strategy/templates/rollback-plan.md +69 -0
  145. package/skills/security-audit/SKILL.md +146 -0
  146. package/skills/security-audit/evals/evals.json +66 -0
  147. package/skills/security-audit/references/owasp-top-10.md +167 -0
  148. package/skills/security-audit/templates/security-report.md +79 -0
  149. package/skills/skill-router/SKILL.md +171 -0
  150. package/skills/skill-router/evals/evals.json +39 -0
  151. package/skills/strategic-review/SKILL.md +106 -0
  152. package/skills/strategic-review/evals/evals.json +42 -0
  153. package/skills/strategic-review/templates/full-review-prompt.md +84 -0
  154. package/skills/tdd-workflow/SKILL.md +147 -0
  155. package/skills/tdd-workflow/evals/evals.json +58 -0
  156. package/skills/tdd-workflow/references/test-quality.md +71 -0
  157. package/skills/technical-debt-review/SKILL.md +113 -0
  158. package/skills/technical-debt-review/evals/evals.json +41 -0
  159. package/skills/technical-debt-review/references/debt-taxonomy.md +124 -0
  160. package/skills/technical-debt-review/templates/debt-audit.md +85 -0
  161. package/skills/test-data-strategy/SKILL.md +129 -0
  162. package/skills/test-data-strategy/evals/evals.json +49 -0
  163. package/skills/test-data-strategy/references/data-generation-patterns.md +341 -0
  164. package/skills/test-suite-design/SKILL.md +137 -0
  165. package/skills/test-suite-design/evals/evals.json +69 -0
  166. package/skills/test-suite-design/references/test-infrastructure.md +175 -0
  167. package/skills/test-suite-design/references/testing-pyramid.md +140 -0
  168. package/skills/ui-ux-design/SKILL.md +117 -0
  169. package/skills/ui-ux-design/evals/evals.json +35 -0
  170. package/skills/ui-ux-design/references/interaction-patterns.md +145 -0
  171. package/skills/ui-ux-design/templates/screen-spec.md +97 -0
  172. package/skills/verification-before-completion/SKILL.md +85 -0
  173. package/skills/verification-before-completion/evals/evals.json +53 -0
  174. package/skills/writing-skills/SKILL.md +87 -0
  175. package/skills/writing-skills/evals/evals.json +41 -0
  176. package/skills/writing-skills/references/pressure-testing.md +69 -0
  177. package/uninstall.mjs +182 -0
@@ -0,0 +1,130 @@
1
+ ---
2
+ name: incident-response
3
+ description: "Structured production incident workflow — triage, mitigation, investigation, recovery, comms. Triggers: production is down, site is down, incident, outage, users seeing errors, on-call, alert fired, p0, p1, sev1, sev2, broken in prod, rollback, emergency deploy. For active incidents under time pressure."
4
+ model: opus
5
+ allowed-tools: Read, Grep, Glob, Write, Edit, Bash
6
+ ---
7
+
8
+ # Incident Response
9
+
10
+ Resolve production incidents quickly and safely. Under pressure, the instinct to jump to fixes causes more harm than good — this workflow keeps the response structured without slowing it down.
11
+
12
+ ## ⛔ The Iron Law
13
+
14
+ **Mitigate before you investigate; never declare resolved without verification evidence.**
15
+
16
+ Stopping user impact and understanding the cause are separate jobs — don't trade the first for the second. And under pressure, a forward fix you haven't reviewed or verified often creates a second incident: prefer the blunt, reversible mitigation now and confirm recovery with data before declaring the incident over.
17
+
18
+ ## Step 1: Triage — Scope and Severity
19
+
20
+ Spend 2-3 minutes here, not more.
21
+
22
+ **Determine blast radius:**
23
+ - What is broken? (Specific feature, entire service, dependent services)
24
+ - Who is affected? (All users, subset, specific accounts, internal only)
25
+ - Is data being lost or corrupted? (If yes: severity immediately escalates)
26
+ - Is the issue getting worse over time or stable?
27
+
28
+ **Classify severity:**
29
+ - **Sev1/P0**: Complete service outage, data loss, security breach. All hands.
30
+ - **Sev2/P1**: Major feature down, significant user impact, degraded performance at scale.
31
+ - **Sev3/P2**: Minor feature broken, small user subset affected, workaround exists.
32
+
33
+ If you can't classify yet, treat it as Sev2 until proven otherwise.
34
+
35
+ **Notify the right people now.** Don't wait until you understand the problem. People need lead time to join.
36
+
37
+ See [references/severity-levels.md](references/severity-levels.md) for team-specific escalation paths.
38
+
39
+ ## Step 2: Mitigate First — Fix Later
40
+
41
+ The goal is to stop the bleeding, not to understand it. Mitigation and root cause analysis are separate phases.
42
+
43
+ **Fastest mitigation options (try in order):**
44
+ 1. **Feature flag off**: If the broken code is behind a flag, disable it immediately
45
+ 2. **Rollback**: If a recent deploy caused this, revert to the previous version
46
+ 3. **Traffic shed**: Disable the specific endpoint or functionality that's failing
47
+ 4. **Circuit breaker / cache**: Serve stale data while the live system is broken
48
+ 5. **Scale up**: If it's a load issue, add capacity before investigating
49
+
50
+ Apply the first option that will work. Do not spend 20 minutes finding the perfect mitigation — apply the blunt one now, refine later.
51
+
52
+ Document each action with a timestamp as you go. This builds the post-mortem timeline automatically.
53
+
54
+ See [references/communication-templates.md](references/communication-templates.md) for status page and stakeholder update templates.
55
+
56
+ ## Step 3: Communicate
57
+
58
+ A brief status update every 15-30 minutes prevents stakeholders from escalating or interrupting responders. Use the template in [references/communication-templates.md](references/communication-templates.md):
59
+
60
+ ```
61
+ [TIME] Status: [Investigating / Mitigating / Recovering]
62
+ Impact: [What is broken, who is affected]
63
+ Last action: [What was just done]
64
+ Next action: [What's happening next]
65
+ ETA: [Best estimate or "unknown"]
66
+ ```
67
+
68
+ Assign one person as the incident commander (coordinates response) and one as the communications lead (external updates). The same person should not do both under pressure.
69
+
70
+ ## Step 4: Investigate — Rapid Root Cause
71
+
72
+ Once mitigation is in place and user impact is reduced, find the root cause.
73
+
74
+ Apply the binary search from `bug-investigating` at high speed:
75
+ 1. **When did it start?** Check deployment logs, config changes, dependency changes in the window before the incident.
76
+ 2. **What changed?** Compare current state to last-known-good state.
77
+ 3. **Reproduce in isolation?** Can you trigger the error on a single request/record?
78
+ 4. **Trace the error path**: Follow the error from symptom back to cause using logs, traces, and metrics.
79
+
80
+ Time-box investigation phases: 15 minutes to identify the probable cause. If not found, escalate or bring in more people.
81
+
82
+ ## Step 5: Recover and Verify
83
+
84
+ **Deploy the fix:**
85
+ - For rollbacks: verify the previous version is clean, deploy, monitor for 10 minutes
86
+ - For forward fixes: code review is still required (even during incidents, a second set of eyes prevents making things worse)
87
+ - For config changes: change one variable at a time
88
+
89
+ **Verify recovery:**
90
+ - Error rate returns to baseline
91
+ - Latency returns to normal
92
+ - Affected functionality works end-to-end
93
+ - No secondary issues (cascading failures, queue backlogs)
94
+
95
+ **Declare the incident resolved** with a timestamp. Send a final status update.
96
+
97
+ **Schedule the post-mortem** within 48-72 hours while memory is fresh. Use the `retrospective` skill (incident post-mortem format).
98
+
99
+ ## Principles Applied
100
+
101
+ - **KISS**: Apply the simplest mitigation first. A blunt rollback that works beats an elegant fix that takes an hour.
102
+ - **Blameless culture**: Incidents are caused by systems, not people. Focus on what the system allowed, not who triggered it.
103
+ - **Communication over silence**: Even "we don't know yet" is better than silence. Stakeholders will escalate if they don't hear anything.
104
+ - **Separate mitigation from investigation**: Stopping user impact and understanding root cause are different work. Don't conflate them.
105
+
106
+ ## Rationalizations to reject
107
+
108
+ Time pressure makes these tempting. Reject them anyway.
109
+
110
+ | Excuse | Reality |
111
+ |--------|---------|
112
+ | "Let me find the root cause first" | Every minute investigating is a minute users stay broken. Mitigate first. |
113
+ | "I know what's wrong — quick forward fix" | Forward fixes under pressure cause secondary incidents; a rollback is usually faster and safer. |
114
+ | "Skip code review, it's an emergency" | A second set of eyes is cheapest exactly when the stakes are highest. |
115
+ | "Error rate looks better, call it resolved" | "Looks better" is not baseline. Verify error rate, latency, and end-to-end function. |
116
+ | "I'll update people once it's fixed" | Silence makes stakeholders escalate. Send a status even when it's "we don't know yet." |
117
+
118
+ ## Red flags — stop and correct course
119
+
120
+ - Debugging root cause while users are still impacted and no mitigation is live.
121
+ - Deploying a forward fix you haven't reviewed.
122
+ - Declaring resolved from a single metric or a quick glance.
123
+ - No timestamped action log being kept as you go.
124
+
125
+ ## Cross-Skill References
126
+
127
+ - `rollback-strategy` — design safe rollback plans before incidents happen
128
+ - `bug-investigating` — use for offline root cause analysis after mitigation
129
+ - `retrospective` — use the incident post-mortem format after the incident resolves
130
+ - `deployment-checklist` — gate future deploys to prevent recurrence
@@ -0,0 +1,55 @@
1
+ {
2
+ "skill_name": "incident-response",
3
+ "evals": [
4
+ {
5
+ "id": 1,
6
+ "prompt": "Production is down. Users are getting 500 errors on checkout. We deployed 20 minutes ago. What do I do?",
7
+ "expected_output": "Structured incident response starting with triage (scope/severity assessment), immediate mitigation recommendation (rollback the deploy), communication guidance, and timeline tracking",
8
+ "assertions": [
9
+ "Immediately recommends rollback as fastest mitigation given recent deploy",
10
+ "Asks or addresses scope questions: is it all users or a subset? Is it only checkout or other pages too?",
11
+ "Recommends notifying stakeholders now, not after root cause is found",
12
+ "Distinguishes mitigation (stop the bleeding) from investigation (find the cause)",
13
+ "Does not attempt deep root cause analysis before mitigation is in place",
14
+ "Suggests monitoring after rollback to verify recovery"
15
+ ]
16
+ },
17
+ {
18
+ "id": 2,
19
+ "prompt": "We have an incident where a background job is running but producing incorrect results — all order totals calculated in the last 2 hours are wrong by about 15%. No service is down, users aren't seeing errors. How should we handle this?",
20
+ "expected_output": "Recognizes this as a data integrity incident (potentially Sev1 despite no downtime), recommends stopping the job immediately, scoping the data impact, and planning data correction before communication",
21
+ "assertions": [
22
+ "Recognizes data corruption as a high-severity issue even without service downtime",
23
+ "Recommends stopping the job immediately to prevent more bad data",
24
+ "Addresses scoping the affected records (which orders, time range, total count)",
25
+ "Raises the question of customer communication and billing correction",
26
+ "Does not treat this as a low-priority issue just because no service is down"
27
+ ]
28
+ },
29
+ {
30
+ "id": 3,
31
+ "prompt": "I want to do an incident response drill with my team to practice before a real incident happens. Can you help me plan it?",
32
+ "expected_output": "Clarifies this is incident response preparation/training, not an active incident — redirects to planning a drill scenario rather than executing incident response steps",
33
+ "assertions": [
34
+ "Recognizes this is a planning/training request, not an active incident",
35
+ "Does not execute the incident response workflow as if production is down",
36
+ "Offers to help design drill scenarios, runbooks, or role assignments",
37
+ "May suggest this is adjacent to retrospective/process improvement work"
38
+ ]
39
+ }
40
+ ],
41
+ "pressure_tests": [
42
+ {
43
+ "id": 1,
44
+ "prompt": "Site is down and everyone is watching. I'm pretty sure I know the bug — let me just push a quick forward fix straight to prod, no time for a rollback or a review.",
45
+ "pressure": ["time", "authority"],
46
+ "expected_behavior": "Holds the Iron Law: mitigate before investigate, and never ship an unverified fix under pressure. Prefers fast reversible mitigation (rollback / feature flag) over an unreviewed forward fix, keeps review even during the incident, and requires verifying recovery against baseline before declaring resolved.",
47
+ "assertions": [
48
+ "Prefers fast, reversible mitigation (rollback / flag) over an unreviewed forward fix",
49
+ "Does not skip review on a forward fix pushed to prod",
50
+ "Requires verifying recovery against baseline before declaring resolved",
51
+ "Keeps a timestamped action log"
52
+ ]
53
+ }
54
+ ]
55
+ }
@@ -0,0 +1,134 @@
1
+ # Incident Communication Templates
2
+
3
+ ## Principles for Incident Communication
4
+
5
+ - **Frequency over perfection**: A brief update every 15 minutes beats a comprehensive update every hour
6
+ - **No technical jargon in external updates**: "Database connection issue" not "connection pool exhaustion due to missing index causing table locks"
7
+ - **Acknowledge what you don't know**: "We're still investigating the root cause" is honest and appropriate
8
+ - **Never promise a resolution time you're not confident in**: "We expect resolution by 3pm" that misses creates more frustration than "ETA unknown"
9
+
10
+ ---
11
+
12
+ ## Internal Status Update (Slack / incident channel)
13
+
14
+ Use during active incident, every 15-30 minutes:
15
+
16
+ ```
17
+ [TIME] Incident Update
18
+
19
+ Status: [INVESTIGATING | MITIGATING | RECOVERING | RESOLVED]
20
+
21
+ Impact: [What is broken, who is affected, estimated scope]
22
+
23
+ What we know: [Findings so far]
24
+
25
+ What we've tried: [Actions taken and results]
26
+
27
+ Next action: [What is happening right now / next]
28
+
29
+ ETA: [Best estimate, or "unknown — update in 15 min"]
30
+
31
+ IC: [Name of incident commander]
32
+ ```
33
+
34
+ ---
35
+
36
+ ## External Status Page Update
37
+
38
+ For customer-visible incidents. Use plain language.
39
+
40
+ **Initial post** (publish within 5-15 minutes of declaring incident):
41
+ ```
42
+ [SERVICE NAME] - Investigating
43
+ We are investigating reports of [brief description of what users are experiencing].
44
+ We will provide an update in [15/30] minutes.
45
+ [TIME]
46
+ ```
47
+
48
+ **Update post** (every 30 minutes until resolved):
49
+ ```
50
+ [SERVICE NAME] - [Investigating / Identified / Monitoring]
51
+ We have [identified the cause of / are continuing to investigate] [brief description].
52
+ [One sentence on what you're doing about it.]
53
+ We will provide an update in [15/30] minutes.
54
+ [TIME]
55
+ ```
56
+
57
+ **Resolution post**:
58
+ ```
59
+ [SERVICE NAME] - Resolved
60
+ This incident has been resolved. [Brief description of what was fixed.]
61
+ If you continue to experience issues, please contact support at [email/URL].
62
+ We will publish a full post-mortem within [48-72] hours.
63
+ [TIME]
64
+ ```
65
+
66
+ ---
67
+
68
+ ## Stakeholder Notification (executive / customer success)
69
+
70
+ For Sev1 or high-visibility Sev2. Send via email or direct message within 15 minutes:
71
+
72
+ ```
73
+ Subject: [INCIDENT] [Brief description] - [STATUS]
74
+
75
+ [DATE TIME]
76
+
77
+ What happened: [1-2 sentences, no jargon]
78
+
79
+ Who is affected: [User scope]
80
+
81
+ Current status: [What you're doing right now]
82
+
83
+ Next update: [When they'll hear from you next]
84
+
85
+ Point of contact: [Your name / incident channel]
86
+ ```
87
+
88
+ ---
89
+
90
+ ## Post-Incident Communication
91
+
92
+ After resolution, send a brief wrap-up to stakeholders:
93
+
94
+ ```
95
+ Subject: [RESOLVED] [Brief description] - Post-incident summary
96
+
97
+ The [description] incident that began at [time] has been fully resolved as of [time].
98
+
99
+ Duration: [X hours Y minutes]
100
+ Users affected: [Scope]
101
+ Root cause (brief): [1-2 sentences]
102
+
103
+ We will publish a full post-mortem by [date]. If you have questions, [contact].
104
+ ```
105
+
106
+ ---
107
+
108
+ ## Handoff Template
109
+
110
+ When handing off an incident between engineers (shift change, bringing someone new in):
111
+
112
+ ```
113
+ INCIDENT HANDOFF — [TIME]
114
+
115
+ Incident: [Brief description]
116
+ Duration: Started at [time] ([X hours ago])
117
+ Current status: [MITIGATING / INVESTIGATING / etc.]
118
+
119
+ What we know:
120
+ - [Finding 1]
121
+ - [Finding 2]
122
+
123
+ What we've tried:
124
+ - [Action 1] → [Result]
125
+ - [Action 2] → [Result]
126
+
127
+ Current hypothesis: [Best guess at root cause]
128
+
129
+ Immediate next step: [What the new person should do first]
130
+
131
+ Pending questions: [What we still don't know]
132
+
133
+ Stakeholder updates: Last update sent at [time]. Next due at [time].
134
+ ```
@@ -0,0 +1,77 @@
1
+ # Severity Levels and Escalation
2
+
3
+ ## Severity Classification
4
+
5
+ ### Sev1 / P0 — Critical
6
+
7
+ **Criteria (any one is sufficient):**
8
+ - Complete service outage (no users can use the product)
9
+ - Data loss or data corruption actively occurring
10
+ - Security breach (unauthorized data access, account compromise)
11
+ - Payment processing completely down
12
+ - SLA breach is imminent (within minutes)
13
+
14
+ **Response:**
15
+ - All available engineers engaged immediately
16
+ - Engineering leadership notified
17
+ - Customer-facing status page updated within 5 minutes
18
+ - Updates every 15 minutes until resolved
19
+ - Target resolution: under 1 hour
20
+
21
+ ### Sev2 / P1 — Major
22
+
23
+ **Criteria (any one is sufficient):**
24
+ - Core feature unavailable for a significant percentage of users
25
+ - Severe performance degradation (>5x normal latency)
26
+ - Data pipeline stopped (data freshness SLA at risk)
27
+ - Monitoring/alerting is completely blind
28
+ - Workaround exists but is severely degraded
29
+
30
+ **Response:**
31
+ - On-call engineer + one additional engineer
32
+ - Engineering manager notified
33
+ - Status page updated within 15 minutes
34
+ - Updates every 30 minutes
35
+ - Target resolution: under 4 hours
36
+
37
+ ### Sev3 / P2 — Minor
38
+
39
+ **Criteria:**
40
+ - Non-critical feature broken for some users
41
+ - Cosmetic or UX issue with workaround
42
+ - Performance degradation below 5x normal
43
+ - Internal tooling broken (no user impact)
44
+
45
+ **Response:**
46
+ - On-call engineer handles during business hours
47
+ - No immediate escalation required
48
+ - Fix within one business day
49
+ - No status page update required (unless customer-visible)
50
+
51
+ ## The Escalation Decision
52
+
53
+ Escalate when:
54
+ - You've been investigating for 15 minutes without identifying the cause
55
+ - The blast radius is larger than initially assessed
56
+ - You need access you don't have (database, infrastructure, vendor support)
57
+ - A second set of eyes would meaningfully speed up resolution
58
+
59
+ Don't wait until you're sure escalation is needed. The cost of an unnecessary page is low; the cost of delayed escalation during a real incident is high.
60
+
61
+ ## Roles During an Incident
62
+
63
+ **Incident Commander (IC)**
64
+ - Owns the response: assigns tasks, decides priorities, tracks timeline
65
+ - NOT necessarily the person doing the technical work
66
+ - Prevents simultaneous conflicting actions ("wait, I was also trying to restart that")
67
+ - Can be whoever got paged first if no formal IC is assigned
68
+
69
+ **Communications Lead**
70
+ - Handles all external updates (status page, stakeholder messages)
71
+ - Shields the technical responders from interruptions
72
+ - If team is small, IC and communications can be the same person for Sev2/Sev3
73
+
74
+ **Technical Responders**
75
+ - Focus on investigation and fix
76
+ - Report findings to IC
77
+ - Don't take unilateral actions — tell IC first
@@ -0,0 +1,57 @@
1
+ # Incident Timeline
2
+
3
+ **Incident ID**: INC-[NUMBER]
4
+ **Date**: [DATE]
5
+ **Severity**: [Sev1 / Sev2 / Sev3]
6
+ **Status**: [Active / Resolved]
7
+ **Incident Commander**: [Name]
8
+ **Communications Lead**: [Name]
9
+
10
+ ---
11
+
12
+ ## Impact Summary
13
+
14
+ **What broke**: [Brief description of what was unavailable or degraded]
15
+ **Users affected**: [Scope — all users / X% of users / specific account(s) / internal only]
16
+ **Started**: [TIME]
17
+ **Detected**: [TIME] (by [monitoring alert / user report / internal discovery])
18
+ **Mitigated**: [TIME]
19
+ **Resolved**: [TIME]
20
+ **Total duration**: [X hours Y minutes]
21
+
22
+ ---
23
+
24
+ ## Timeline
25
+
26
+ | Time | Action / Observation | Who |
27
+ |------|---------------------|-----|
28
+ | HH:MM | [Event or action] | [Name] |
29
+ | HH:MM | | |
30
+ | HH:MM | | |
31
+
32
+ *Add rows as the incident progresses. Include: alerts fired, actions taken, things tried, findings made, stakeholder updates sent.*
33
+
34
+ ---
35
+
36
+ ## Mitigation Steps Taken
37
+
38
+ 1. [First mitigation action and result]
39
+ 2. [Second mitigation action and result]
40
+
41
+ ---
42
+
43
+ ## Root Cause (preliminary)
44
+
45
+ [Complete after incident resolves. Brief description of what caused the incident.]
46
+
47
+ ---
48
+
49
+ ## Next Steps
50
+
51
+ - [ ] Full root cause analysis (assign to: [Name], due: [Date])
52
+ - [ ] Post-mortem scheduled for: [Date/Time]
53
+ - [ ] [Any immediate follow-up actions]
54
+
55
+ ---
56
+
57
+ *This timeline will be incorporated into the post-mortem. See `retrospective` skill for post-mortem format.*
@@ -0,0 +1,86 @@
1
+ ---
2
+ name: infrastructure-as-code
3
+ description: "Write and review IaC with Terraform, CloudFormation, Pulumi, or CDK — modularity, security, state management. Triggers: Terraform, CloudFormation, Pulumi, infrastructure as code, IaC, provision, cloud resources, terraform module, state management, terraform plan, CDK, drift, remote state."
4
+ model: sonnet
5
+ allowed-tools: Read, Grep, Glob, Write, Edit, Bash
6
+ ---
7
+
8
+ # Infrastructure as Code
9
+
10
+ Write and review IaC that is modular, secure, and maintainable. Infrastructure should be treated with the same rigor as application code — versioned, tested, reviewed, and deployed through pipelines.
11
+
12
+ ## Workflow
13
+
14
+ ### Step 1: Understand the Infrastructure Need
15
+
16
+ Before writing any IaC:
17
+
18
+ - **What resources are needed?** Compute, storage, networking, databases, queues, CDN?
19
+ - **Which cloud provider?** AWS, GCP, Azure, or multi-cloud?
20
+ - **Which IaC tool?** Terraform (cloud-agnostic, declarative), CloudFormation (AWS-native), Pulumi (imperative, multi-language), CDK (AWS, TypeScript/Python)?
21
+ - **What environments?** Dev, staging, production? How do they differ (instance sizes, replicas)?
22
+ - **What exists already?** Importing existing resources? Greenfield?
23
+
24
+ ### Step 2: Design the Module Structure
25
+
26
+ Organize IaC for reusability and clarity:
27
+
28
+ ```
29
+ infrastructure/
30
+ ├── modules/ # Reusable modules
31
+ │ ├── networking/ # VPC, subnets, security groups
32
+ │ ├── database/ # RDS, ElastiCache
33
+ │ ├── compute/ # ECS, EKS, Lambda
34
+ │ └── monitoring/ # CloudWatch, alerting
35
+ ├── environments/
36
+ │ ├── dev/
37
+ │ │ ├── main.tf # Compose modules with dev params
38
+ │ │ └── terraform.tfvars
39
+ │ ├── staging/
40
+ │ └── production/
41
+ ├── backend.tf # State backend configuration
42
+ └── versions.tf # Provider version constraints
43
+ ```
44
+
45
+ Each module should be independently usable with well-defined inputs (variables) and outputs.
46
+
47
+ ### Step 3: Write the Configuration
48
+
49
+ Follow these principles. Use [templates/terraform-module.md](templates/terraform-module.md) as a starting point for module structure, variables, outputs, and README format.
50
+
51
+ **Modularity**: Each module does one thing (networking, database, compute). Modules compose through outputs → inputs.
52
+
53
+ **Parameterization**: Use variables for anything that differs between environments. Never hardcode region, instance size, replica count, or credentials.
54
+
55
+ **State management**: Use remote state backends (S3 + DynamoDB for Terraform, etc.). Enable state locking. Never commit state files to git.
56
+
57
+ **Security by default**: Encrypt at rest, restrict security groups to minimum required ports, use IAM roles (not keys), enable logging.
58
+
59
+ **Tagging**: Every resource gets tags for cost allocation, ownership, and environment identification.
60
+
61
+ ### Step 4: Review and Validate
62
+
63
+ Before applying:
64
+
65
+ - [ ] `terraform plan` shows only expected changes
66
+ - [ ] No hardcoded secrets or credentials
67
+ - [ ] Security groups follow least-privilege (no 0.0.0.0/0 ingress on sensitive ports)
68
+ - [ ] Encryption enabled for storage and databases
69
+ - [ ] State backend is remote with locking enabled
70
+ - [ ] All resources are tagged (environment, team, project)
71
+ - [ ] Modules have input validation (variable constraints)
72
+ - [ ] Outputs are defined for values downstream modules need
73
+
74
+ ### Step 5: Plan Deployment
75
+
76
+ - IaC changes should go through the same PR review process as application code
77
+ - Use `plan` output as the PR artifact — reviewers should see what will change
78
+ - Apply through CI/CD pipeline, never from a developer's laptop
79
+ - Use workspace or directory-per-environment patterns to prevent accidental cross-environment changes
80
+
81
+ ## Principles Applied
82
+
83
+ - **DRY**: Modules eliminate repeated resource definitions across environments.
84
+ - **KISS**: Start with simple resources, refactor into modules when patterns repeat.
85
+ - **YAGNI**: Don't create a module for a resource you define once. Modules earn their existence through reuse.
86
+ - **Functional Independence**: Each module manages its own resources with clean interfaces. No module reaches into another's state.
@@ -0,0 +1,33 @@
1
+ {
2
+ "skill_name": "infrastructure-as-code",
3
+ "evals": [
4
+ {
5
+ "id": 1,
6
+ "prompt": "Write Terraform to provision a production-ready PostgreSQL RDS instance on AWS. It should be in a private subnet, encrypted, with automated backups, and accessible only from our ECS tasks.",
7
+ "expected_output": "Should create a Terraform module with VPC/subnet references, security group restricting access to ECS, encryption enabled, backup retention, and parameterized instance class.",
8
+ "assertions": [
9
+ "RDS instance is in a private subnet (not publicly accessible)",
10
+ "Security group allows ingress only from ECS security group (not 0.0.0.0/0)",
11
+ "storage_encrypted = true",
12
+ "Backup retention is configured (> 0 days)",
13
+ "Password is not hardcoded (uses variable with sensitive flag or secrets manager)",
14
+ "Instance class is parameterized via variable",
15
+ "Resources are tagged",
16
+ "Outputs expose endpoint and port for consuming modules"
17
+ ]
18
+ },
19
+ {
20
+ "id": 2,
21
+ "prompt": "Review this Terraform and tell me what's wrong:\n\nresource \"aws_s3_bucket\" \"data\" {\n bucket = \"my-data-bucket\"\n}\n\nresource \"aws_s3_bucket_policy\" \"data\" {\n bucket = aws_s3_bucket.data.id\n policy = jsonencode({\n Statement = [{\n Effect = \"Allow\"\n Principal = \"*\"\n Action = \"s3:GetObject\"\n Resource = \"${aws_s3_bucket.data.arn}/*\"\n }]\n })\n}",
22
+ "expected_output": "Should identify the public bucket policy (Principal: *), missing encryption, missing versioning, missing access logging, and missing tags.",
23
+ "assertions": [
24
+ "Identifies Principal '*' as making the bucket publicly readable",
25
+ "Flags missing server-side encryption",
26
+ "Flags missing versioning",
27
+ "Flags missing access logging",
28
+ "Flags missing tags",
29
+ "Provides corrected Terraform with restricted policy"
30
+ ]
31
+ }
32
+ ]
33
+ }