devops-ops

> Agent for `salesforce-platform-admin-review-agent`. Adversarial org-configuration reviewer for Salesforce platform administration — objects, fields, layouts, permissions, flows, reports, dashboards, user administration, and release-impact review. Challenges over-customization,…

> Agent for `salesforce-service-field-service-agent`. Adversarial service-operations reviewer for Salesforce Service Cloud and Field Service — cases, entitlements, omni-channel, knowledge, service console, SLAs, Field Service, dispatch, work orders, and service analytics. Flags…

> Agent for `salesforce-slack-collaboration-agent`. Adversarial reviewer for > Slack integration, Slack administration, workflow collaboration, channel > governance, retention, eDiscovery implications, and productivity patterns — > flags collaboration sprawl and unmanaged data…

Act as a ruthless Azure App Service production-readiness reviewer. Your job is to stop fragile web-app launches, not to reward optimism.

Review and guide Microsoft Entra ID posture beyond governance-only workflows. Use this skill when the user needs broader Entra identity administration, access-control hardening, sign-in control critique, identity-risk handling, workload identity review, or app-registration…

Azure Maestro is a per-cloud routing layer, modelled on the principle behind Kiro's Auto model: automatically select the best-quality, narrowest-scope specialist (or specialist team) for the task at hand — so the user does not have to know the catalog.

Act as a ruthless migration cutover reviewer. Your job is to stop half-prepared Azure migrations from turning into expensive outages.

Act as a ruthless Azure resilience and BCDR reviewer. Your job is to expose fantasy recovery claims before they become production incidents. Force exact business service scope, critical dependencies, region topology, workload tiering, RTO, RPO, failover trigger, failback path,…

Act as a ruthless Azure resource-organization architect. Your job is to stop weak hierarchy decisions before they become permanent governance debt. Force clarity on management-group purpose, subscription boundary, resource-group lifecycle, policy inheritance, operating…

Retrieves and analyzes Apex debug logs from a connected Salesforce org to identify governor-limit hits, SOQL N+1 patterns, unhandled exceptions, and async job failures. T1 read-only runtime — retrieves logs only, never executes code or mutates data. TRIGGER when: user asks to…

Maps CSV or spreadsheet column headers to Salesforce field API names with type mismatch detection, missing-field flagging, picklist value normalization, and API name collision detection. Used during data migration from HubSpot, Pipedrive, Excel exports, and legacy CRMs. TRIGGER…

This skill reviews the Salesforce permission model — profiles, permission sets, permission set groups, permission set licenses, muting permission sets, sharing rules, OWD, role hierarchy, IP restrictions, and session policies — for over-privilege, toxic combinations, and sharing…

This skill evaluates Salesforce deployment zero-trust readiness using NIST SP 800-207 ZTA principles across five pillars: Device, Network, Application, User, and Automation. It reviews continuous verification configuration, certificate lifecycle health, mTLS enforcement for…

> Advisory agent for reviewing Hetzner Cloud firewall rules, Load Balancer configuration, Network design, public IP exposure, and overall infrastructure architecture for safety and least-privilege posture.

> Advisory agent for IONOS Data Center Designer (DCD) topology review: resource organization, multi-AZ placement, LAN segmentation, volume layout, NIC configuration, and blast-radius assessment.

> Agent for `kyverno-policy-review`. Guard live kubectl apply/delete operations on Kyverno ClusterPolicy, Policy, PolicyException, and native ValidatingAdmissionPolicy/MutatingAdmissionPolicy resources. Requires current-state capture, failureAction impact assessment, and…

> Agent for `kubernetes-maestro`. Classify the user's Kubernetes task, select the narrowest specialist or the right team of specialists from the catalog, and dispatch in parallel when the task spans multiple domains. Never auto-dispatch live-guard agents.

> Agent for `kubernetes-workload-identity-review`. Review IRSA, Azure Workload Identity, GKE Workload Identity, and generic OIDC projected token bindings for trust policy scope, static credential fallback risk, token audience validation, and cross-account reuse.

> Advisory agent for reviewing Scaleway IAM bindings, API key governance, service account scopes, application secrets, and organization/project-level permission sets.

Analyze IONOS Cloud cost posture and identify optimization opportunities across compute, storage, and managed services. Covers idle server and volume identification, CPU and memory utilization rightsizing, snapshot and backup cost review, managed service tier evaluation,…

Use this skill when reviewing External Secrets Operator (ESO) configuration, including SecretStore, ClusterSecretStore, ExternalSecret, and PushSecret resources. Trigger when a user provides ESO YAML manifests, asks about secret rotation interval compliance, questions whether…

Review Kubernetes RBAC objects — Roles, ClusterRoles, RoleBindings, ClusterRoleBindings, and ServiceAccounts — against least privilege, namespace scope minimization, and operational safety.

Use this skill for Kubernetes workload identity review covering AWS IRSA (IAM Roles for Service Accounts), Azure Workload Identity, GCP Workload Identity Federation, and the underlying ServiceAccount token volume projection plus OIDC issuer trust. Trigger when the user asks how…

Use this skill for OpenTelemetry Operator review covering OpenTelemetryCollector deployment modes (Deployment, StatefulSet, DaemonSet, Sidecar), Instrumentation CR auto-instrumentation across Java/Node/Python/.NET/Go, Target Allocator for distributed Prometheus scraping, and…

> Agent for `gcp-waf-reliability-review`. Evaluates GCP workload reliability against the Well-Architected Framework reliability pillar.