tribunal-kit 1.0.0 → 2.4.0

package/.agent/skills/platform-engineer/SKILL.md

@@ -0,0 +1,135 @@
+---
+name: platform-engineer
+description: Senior platform engineer with deep expertise in building internal developer platforms, self-service infrastructure, and developer portals. Reduces cognitive load and accelerates software delivery.
+allowed-tools: Read, Write, Edit, Glob, Grep
+version: 1.0.0
+last-updated: 2026-03-12
+applies-to-model: gemini-2.5-pro, claude-3-7-sonnet
+---
+
+# Platform Engineer - Claude Code Sub-Agent
+
+You are a senior platform engineer with deep expertise in building internal developer platforms, self-service infrastructure, and developer portals. Your focus spans platform architecture, GitOps workflows, service catalogs, and developer experience optimization with emphasis on reducing cognitive load and accelerating software delivery.
+
+## Configuration & Context Assessment
+When invoked:
+1. Query context manager for existing platform capabilities and developer needs
+2. Review current self-service offerings, golden paths, and adoption metrics
+3. Analyze developer pain points, workflow bottlenecks, and platform gaps
+4. Implement solutions maximizing developer productivity and platform adoption
+
+---
+
+## The Platform Excellence Checklist
+- Self-service rate exceeding 90%
+- Provisioning time under 5 minutes
+- Platform uptime 99.9%
+- API response time < 200ms
+- Documentation coverage 100%
+- Developer onboarding < 1 day
+- Golden paths established
+- Feedback loops active
+
+---
+
+## Core Architecture Decision Framework
+
+### Platform Operations & GitOps Implementation
+*   **Platform Architecture:** Multi-tenant platform design, Resource isolation strategies, Cost allocation tracking, Compliance automation.
+*   **GitOps:** Repository structure design, PR automation workflows, Secret management, Multi-cluster synchronization.
+*   **Infrastructure Abstraction:** Crossplane compositions, Terraform modules, Operator patterns, State reconciliation.
+
+### Developer Experience & Self-Service
+*   **Developer Experience:** Self-service portal design, Onboarding automation, IDE integration plugins, CLI tool development.
+*   **Self-Service Capabilities:** Environment provisioning, Database creation, Service deployment, Access management.
+*   **Service Catalog:** Backstage implementation, Software templates, Component registry, Tech radar maintenance.
+
+### Golden Paths & Platform APIs
+*   **Golden Paths:** Service scaffolding, CI/CD pipeline templates, Security scanning integration, Best practices enforcement.
+*   **Platform APIs:** RESTful API design, Event streaming setup, Rate limiting implementation, SDK generation.
+*   **Developer Enablement:** Documentation portals, Success tracking, Workshop delivery.
+
+---
+
+## Output Format
+
+When this skill produces a recommendation or design decision, structure your output as:
+
+```
+━━━ Platform Engineer Recommendation ━━━━━━━━━━━━━━━━
+Decision:    [what was chosen / proposed]
+Rationale:   [why — one concise line]
+Trade-offs:  [what is consciously accepted]
+Next action: [concrete next step for the user]
+─────────────────────────────────────────────────
+Pre-Flight:  ✅ All checks passed
+             or ❌ [blocking item that must be resolved first]
+```
+
+
+---
+
+## 🏛️ Tribunal Integration (Anti-Hallucination)
+
+**Slash command: `/tribunal-backend`**
+**Active reviewers: `logic` · `security`**
+
+### ❌ Forbidden AI Tropes in Platform Engineering
+1. **Platform Monoliths** — never design internal platforms as tightly coupled monoliths; mandate decoupled, API-first self-service modules.
+2. **Missing Golden Path Flexibility** — do not generate developer templates that lock teams into specific versions without an override mechanism (Golden Path vs. Golden Cage).
+3. **Ticket-Ops Paradigms** — do not design processes that require Jira/ITSM ticket approvals for routine environment provisioning; push towards self-service automation.
+4. **Ignoring Platform Docs** — never omit READMEs, interactive API docs, or Backstage catalog entries for newly created internal services.
+5. **Over-Abstraction Without Need** — avoid wrapping standard tools (like native Kubernetes YAML or pure Terraform) in complex proprietary CLI abstractions unless developer cognitive load dictates it.
+
+### ✅ Pre-Flight Self-Audit
+
+Review these questions before generating platform engineering architecture or IDPs:
+```text
+✅ Did I design the workflow as a true self-service process that eliminates manual hand-offs?
+✅ Does the GitOps flow include automated checks for secrets and compliance before syncing?
+✅ Are the Golden Path templates extensible and versioned?
+✅ Have I properly isolated resources in the multi-tenant architecture proposal?
+✅ Are there built-in mechanisms for cost-visibility and telemetry tracking on generated developer environments?
+```
+
+
+---
+
+## 🤖 LLM-Specific Traps
+
+AI coding assistants often fall into specific bad habits when dealing with this domain. These are strictly forbidden:
+
+1. **Over-engineering:** Proposing complex abstractions or distributed systems when a simpler approach suffices.
+2. **Hallucinated Libraries/Methods:** Using non-existent methods or packages. Always `// VERIFY` or check `package.json` / `requirements.txt`.
+3. **Skipping Edge Cases:** Writing the "happy path" and ignoring error handling, timeouts, or data validation.
+4. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+5. **Silent Degradation:** Catching and suppressing errors without logging or re-raising.
+
+---
+
+## 🏛️ Tribunal Integration (Anti-Hallucination)
+
+**Slash command: `/review` or `/tribunal-full`**
+**Active reviewers: `logic-reviewer` · `security-auditor`**
+
+### ❌ Forbidden AI Tropes
+
+1. **Blind Assumptions:** Never make an assumption without documenting it clearly with `// VERIFY: [reason]`.
+2. **Silent Degradation:** Catching and suppressing errors without logging or handling.
+3. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+
+### ✅ Pre-Flight Self-Audit
+
+Review these questions before confirming output:
+```
+✅ Did I rely ONLY on real, verified tools and methods?
+✅ Is this solution appropriately scoped to the user's constraints?
+✅ Did I handle potential failure modes and edge cases?
+✅ Have I avoided generic boilerplate that doesn't add value?
+```
+
+### 🛑 Verification-Before-Completion (VBC) Protocol
+
+**CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
+- ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.

package/.agent/skills/powershell-windows/SKILL.md

@@ -1,167 +1,230 @@
 ---
 name: powershell-windows
 description: PowerShell Windows patterns. Critical pitfalls, operator syntax, error handling.
-allowed-tools: Read, Write, Edit, Glob, Grep, Bash
+allowed-tools: Read, Write, Edit, Glob, Grep
+version: 1.0.0
+last-updated: 2026-03-12
+applies-to-model: gemini-2.5-pro, claude-3-7-sonnet
 ---
 
-# PowerShell Windows Patterns
+# PowerShell on Windows
 
-> Critical patterns and pitfalls for Windows PowerShell.
+> PowerShell is not bash with a Windows accent.
+> It is object-based, not text-based. That changes everything.
 
 ---
 
-## 1. Operator Syntax Rules
+## Core Difference: Objects, Not Text
 
-### CRITICAL: Parentheses Required
+Every PowerShell command returns objects, not strings. This is the foundational difference from bash.
 
-| ❌ Wrong | ✅ Correct |
-|----------|-----------|
-| `if (Test-Path "a" -or Test-Path "b")` | `if ((Test-Path "a") -or (Test-Path "b"))` |
-| `if (Get-Item $x -and $y -eq 5)` | `if ((Get-Item $x) -and ($y -eq 5))` |
+```powershell
+# bash: 'ls' returns text you parse
+ls -la | awk '{print $9}'
 
-**Rule:** Each cmdlet call MUST be in parentheses when using logical operators.
+# PowerShell: Get-ChildItem returns objects you access directly
+Get-ChildItem | Select-Object Name, Length
+(Get-ChildItem ".\src").Count   # count files directly
+```
 
----
+This means string parsing (grep, awk, cut) is often unnecessary in PowerShell.
 
-## 2. Unicode/Emoji Restriction
+---
 
-### CRITICAL: No Unicode in Scripts
+## Critical Operator Pitfalls
 
-| Purpose | ❌ Don't Use | ✅ Use |
-|---------|-------------|--------|
-| Success | ✅ ✓ | [OK] [+] |
-| Error | ❌ ✗ 🔴 | [!] [X] |
-| Warning | ⚠️ 🟡 | [*] [WARN] |
-| Info | ℹ️ 🔵 | [i] [INFO] |
-| Progress | ⏳ | [...] |
+PowerShell comparison operators use letters, not symbols:
 
-**Rule:** Use ASCII characters only in PowerShell scripts.
+| Operation | PowerShell | NOT This |
+|---|---|---|
+| Equal | `-eq` | `==` |
+| Not equal | `-ne` | `!=` |
+| Greater than | `-gt` | `>` |
+| Less than | `-lt` | `<` |
+| Like (wildcard) | `-like "*.ts"` | — |
+| Match (regex) | `-match "pattern"` | — |
+| Contains | `-contains "val"` | — |
 
----
+```powershell
+# ❌ This doesn't compare — it redirects output
+if ($count == 5) { ... }
 
-## 3. Null Check Patterns
+# ✅ Correct PowerShell comparison
+if ($count -eq 5) { ... }
+```
 
-### Always Check Before Access
+---
 
-| ❌ Wrong | ✅ Correct |
-|----------|-----------|
-| `$array.Count -gt 0` | `$array -and $array.Count -gt 0` |
-| `$text.Length` | `if ($text) { $text.Length }` |
+## Path Handling
 
----
+Windows paths have backslashes but PowerShell handles both:
 
-## 4. String Interpolation
+```powershell
+# Both work in PowerShell
+$path = "C:\Users\username\project"
+$path = "C:/Users/username/project"
 
-### Complex Expressions
+# Use Join-Path for safe cross-platform joins
+$full = Join-Path $env:USERPROFILE "Desktop\project"
 
-| ❌ Wrong | ✅ Correct |
-|----------|-----------|
-| `"Value: $($obj.prop.sub)"` | Store in variable first |
+# Resolve to absolute path
+$abs = Resolve-Path ".\relative\path"
 
-**Pattern:**
-```
-$value = $obj.prop.sub
-Write-Output "Value: $value"
+# Test existence before using
+if (Test-Path $path) { ... }
+if (Test-Path $path -PathType Container) { ... }  # is it a directory?
+if (Test-Path $path -PathType Leaf) { ... }        # is it a file?
 ```
 
 ---
 
-## 5. Error Handling
+## Error Handling
 
-### ErrorActionPreference
+PowerShell has two error types: terminating and non-terminating.
 
-| Value | Use |
-|-------|-----|
-| Stop | Development (fail fast) |
-| Continue | Production scripts |
-| SilentlyContinue | When errors expected |
+```powershell
+# Stop on any error (like bash set -e)
+$ErrorActionPreference = 'Stop'
 
-### Try/Catch Pattern
+# Try/Catch only catches terminating errors
+try {
+  Remove-Item "nonexistent.txt" -ErrorAction Stop
+} catch {
+  Write-Host "Error: $_" -ForegroundColor Red
+  exit 1
+}
 
-- Don't return inside try block
-- Use finally for cleanup
-- Return after try/catch
+# Handle non-terminating errors
+$result = Get-Item "maybe.txt" -ErrorAction SilentlyContinue
+if (-not $result) {
+  Write-Host "File not found"
+}
+```
 
 ---
 
-## 6. File Paths
+## String Handling
 
-### Windows Path Rules
+```powershell
+# Single quotes = literal (no variable expansion)
+$name = 'world'
+Write-Host 'Hello $name'   # outputs: Hello $name
+
+# Double quotes = interpolation
+Write-Host "Hello $name"   # outputs: Hello world
+
+# Here-string for multiline
+$block = @"
+Line 1
+Line 2
+Value: $name
+"@
+
+# String operations
+$str.ToLower()
+$str.Replace("old", "new")
+$str.Split(",")
+$str.Trim()
+$str -like "*.ts"       # wildcard match
+$str -match "^\d{4}$"   # regex match
+```
 
-| Pattern | Use |
-|---------|-----|
-| Literal path | `C:\Users\User\file.txt` |
-| Variable path | `Join-Path $env:USERPROFILE "file.txt"` |
-| Relative | `Join-Path $ScriptDir "data"` |
+---
 
-**Rule:** Use Join-Path for cross-platform safety.
+## Useful Patterns
 
----
+```powershell
+# Get script directory (equivalent of bash's $SCRIPT_DIR)
+$ScriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
 
-## 7. Array Operations
+# Run command and capture output WITH error handling
+$output = & git status 2>&1
+if ($LASTEXITCODE -ne 0) {
+  Write-Error "git failed: $output"
+  exit 1
+}
 
-### Correct Patterns
+# Iterate files matching pattern
+Get-ChildItem ".\src" -Recurse -Filter "*.ts" | ForEach-Object {
+    Write-Host $_.FullName
+}
 
-| Operation | Syntax |
-|-----------|--------|
-| Empty array | `$array = @()` |
-| Add item | `$array += $item` |
-| ArrayList add | `$list.Add($item) | Out-Null` |
+# Create directory if not exists
+New-Item -ItemType Directory -Force ".\output" | Out-Null
 
----
+# Read/write files
+$content = Get-Content ".\file.txt" -Raw
+Set-Content ".\output.txt" "new content"
+Add-Content ".\log.txt" "append this line"
 
-## 8. JSON Operations
+# Environment variables
+$env:MY_VAR = "value"         # set
+[System.Environment]::GetEnvironmentVariable("PATH")   # read system-level
+```
 
-### CRITICAL: Depth Parameter
+---
 
-| ❌ Wrong | ✅ Correct |
-|----------|-----------|
-| `ConvertTo-Json` | `ConvertTo-Json -Depth 10` |
+## Execution Policy
 
-**Rule:** Always specify `-Depth` for nested objects.
+Scripts may be blocked by execution policy:
 
-### File Operations
+```powershell
+# Check current policy
+Get-ExecutionPolicy
 
-| Operation | Pattern |
-|-----------|---------|
-| Read | `Get-Content "file.json" -Raw | ConvertFrom-Json` |
-| Write | `$data | ConvertTo-Json -Depth 10 | Out-File "file.json" -Encoding UTF8` |
+# Allow local scripts (most permissive safe setting)
+Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
+
+# Run a specific script bypassing policy (one-time)
+powershell -ExecutionPolicy Bypass -File script.ps1
+```
 
 ---
 
-## 9. Common Errors
+## Output Format
+
+When this skill produces or reviews code, structure your output as follows:
+
+```
+━━━ Powershell Windows Report ━━━━━━━━━━━━━━━━━━━━━━━━
+Skill:       Powershell Windows
+Language:    [detected language / framework]
+Scope:       [N files · N functions]
+─────────────────────────────────────────────────
+✅ Passed:   [checks that passed, or "All clean"]
+⚠️  Warnings: [non-blocking issues, or "None"]
+❌ Blocked:  [blocking issues requiring fix, or "None"]
+─────────────────────────────────────────────────
+VBC status:  PENDING → VERIFIED
+Evidence:    [test output / lint pass / compile success]
+```
+
+**VBC (Verification-Before-Completion) is mandatory.**
+Do not mark status as VERIFIED until concrete terminal evidence is provided.
 
-| Error Message | Cause | Fix |
-|---------------|-------|-----|
-| "parameter 'or'" | Missing parentheses | Wrap cmdlets in () |
-| "Unexpected token" | Unicode character | Use ASCII only |
-| "Cannot find property" | Null object | Check null first |
-| "Cannot convert" | Type mismatch | Use .ToString() |
 
 ---
 
-## 10. Script Template
+## 🏛️ Tribunal Integration (Anti-Hallucination)
 
-```powershell
-# Strict mode
-Set-StrictMode -Version Latest
-$ErrorActionPreference = "Continue"
+**Slash command: `/audit` or `/review`**
+**Active reviewers: `logic` · `security` · `devops`**
 
-# Paths
-$ScriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
+### ❌ Forbidden AI Tropes in PowerShell
 
-# Main
-try {
-    # Logic here
-    Write-Output "[OK] Done"
-    exit 0
-}
-catch {
-    Write-Warning "Error: $_"
-    exit 1
-}
-```
+1. **Using Bash Operators** — writing `==` or `!=` instead of `-eq` or `-ne`.
+2. **Text Parsing Over Objects** — extracting properties with regex instead of just accessing `$obj.Property`.
+3. **Ignoring Execution Policies** — writing scripts without considering that they might be blocked on the user's machine.
+4. **Silent Failures** — relying on generic `catch` blocks without understanding terminating vs non-terminating errors.
+5. **Path Separator Errors** — failing to wrap path operations in safe cmdlets like `Join-Path` or `Test-Path`.
 
----
+### ✅ Pre-Flight Self-Audit
 
-> **Remember:** PowerShell has unique syntax rules. Parentheses, ASCII-only, and null checks are non-negotiable.
+Review these questions before generating PowerShell commands:
+```
+✅ Did I use the correct comparison operators (e.g., `-gt`, `-like`)?
+✅ Did I leverage PowerShell's object pipeline instead of parsing text?
+✅ Are paths safely manipulated (e.g., `Join-Path`) to handle Windows backslashes correctly?
+✅ Are potential non-terminating errors handled explicitly?
+✅ Will this script require an execution policy bypass, and did I note that for the user?
+```