devops-ops

Fetches Salesforce metadata (objects, fields, flows, validation rules, permission sets, profiles, Apex classes/triggers, Lightning components) live from a connected org under T1 least-privilege scope (api + refresh_token only, no ModifyMetadata grant — uses sf org list metadata…

This skill provides a structured workflow for assessing a Salesforce org's overall posture from sanitized metadata exports. It produces a risk register and remediation backlog covering the object model, automation inventory, permission topology, integration map, and technical…

Converts business rules described in plain English into deployable Salesforce validation rule formula syntax, including error message copy, profile bypass logic, null handling, and formula compilation safety. TRIGGER when: user says write a validation rule, create validation…

> Live-guard agent for Hetzner Cloud server creation, destruction, and type changes (rescale). Requires server ID, region, explicit human approval, target confirmation, account, and rollback plan before any mutation. Server deletion is irreversible without a prior snapshot.

> Agent for `external-secrets-operator-review`. Reviews ESO SecretStore, ClusterSecretStore, ExternalSecret, and PushSecret manifests for namespace scope creep, authentication anti-patterns, dataFrom blast radius, refresh interval compliance, and PushSecret privilege escalation.

> Agent for `argocd-gitops-review`. Guard live argocd CLI or kubectl operations on Argo CD Application, AppProject, and ApplicationSet resources, and sync-window modifications. Requires AppProject blast-radius assessment, sync identity review, and explicit approval before any…

> Agent for `istio-ambient-mesh-review`. Guard live kubectl apply/delete operations on Istio AuthorizationPolicy, PeerAuthentication, RequestAuthentication, Gateway, and VirtualService resources. Requires current mTLS posture assessment, waypoint enrollment check for L7 rules,…

> Agent for `kubernetes-live-rbac-mutation-guard`. Guard live kubectl apply, create, or delete operations on Kubernetes RBAC objects with privilege-escalation verb detection, scope assessment, current-state diff, and explicit approval before any write.

> Agent for `kubernetes-network-architecture-review`. Review Kubernetes cluster network architecture across the dataplane (CNI, kube-proxy mode, IPAM, MTU, encapsulation), service routing surface (Service types, EndpointSlices, internal/externalTrafficPolicy, topology-aware…

> Advisory agent for Scaleway Kapsule managed Kubernetes readiness: node pool strategy, CNI selection, placement group policies, version upgrades, and workload scheduling posture.

Plan Hetzner Cloud capacity across resource limits (servers, Volumes, Networks, Load Balancers, Floating IPs per project), region distribution across fsn1, nbg1, and hel1, quota exhaustion risk, growth trajectory, and server type upgrade paths from shared to dedicated compute.…

Review Hetzner Cloud infrastructure posture including Firewall inbound and outbound rules and server attachment, Load Balancer health check configuration and target pool design, private Network topology, Floating IP and Primary IP exposure, and region distribution across fsn1,…

Guard Hetzner Cloud server creation, destruction, type changes (rescale), and power operations with mandatory server ID, region, explicit human approval, target confirmation, account, and rollback plan. Server deletion is irreversible without a prior snapshot. Use only when live…

Review IONOS Data Center Designer (DCD) topology for resource organization, multi-availability-zone placement, private LAN segmentation, volume layout, NIC configuration, and firewall posture. DCD is unique to IONOS as a graphical infrastructure orchestrator where topology…

Execute and advise on IONOS DBaaS lifecycle operations for PostgreSQL, MariaDB, and MongoDB managed databases. Covers failover initiation, replica promotion, horizontal and vertical scaling, backup schedule review, point-in-time recovery, cluster deletion protection, and…

Guard live kubectl apply, create, or delete operations on Kubernetes RBAC objects — Roles, ClusterRoles, RoleBindings, ClusterRoleBindings — with privilege-escalation verb detection, scope assessment, current-state diff, and explicit approval before any write. Use only when an…

Installs and configures the case.dev CLI for legal AI workflows including document vaults, OCR, transcription, and search. Use when the user mentions "case.dev", "casedev", needs to authenticate with case.dev, run diagnostics, set focus targets, list API routes, track jobs, or…

Argo CD for GitOps continuous delivery on Kubernetes. Use when the user needs to define applications declaratively, sync Kubernetes manifests from Git repositories, manage sync policies, and implement progressive delivery workflows.

AWS Command Line Interface for managing Amazon Web Services. Use when the user needs to interact with S3, EC2, Lambda, CloudWatch, IAM, and other AWS services directly from the terminal for operations, scripting, and automation.

Configure Amazon CloudFront for global content delivery. Set up distributions with S3 and ALB origins, define cache behaviors and TTLs, invalidate cached content, and use Lambda@Edge for request/response manipulation at the edge.

Launch and manage Amazon EC2 instances for scalable compute. Configure AMIs, security groups, key pairs, and EBS volumes. Set up auto-scaling groups for high availability and cost optimization across availability zones.

Run containerized applications with Amazon ECS. Define tasks and services, deploy on Fargate for serverless containers or EC2 for full control. Configure load balancing, auto-scaling, and service discovery for production workloads.

You are an expert in AWS Lambda, Amazon's serverless compute service. You help developers build event-driven applications using Lambda functions triggered by API Gateway, S3 events, SQS queues, DynamoDB streams, and scheduled events — with support for Node.js, Python, Go, Rust,…

Send transactional and marketing emails with Amazon SES. Verify domains and identities, create reusable email templates, configure receipt rules for incoming mail, and handle bounces and complaints with SNS notifications.

Use Amazon SNS for pub/sub messaging and notifications. Create topics and manage subscriptions across protocols (SQS, Lambda, HTTP, email, SMS). Configure message filtering, mobile push notifications, and fan-out architectures.