devops-ops

> Agent for `velero-backup-restore-guard`. Guard live Velero restore execution, schedule deletion, BackupStorageLocation changes, and volume snapshot configuration against data loss, scope creep, and missing rollback posture.

> Agent for `kubernetes-rbac-review`. Review Kubernetes Roles, ClusterRoles, RoleBindings, ClusterRoleBindings, and ServiceAccounts for least-privilege, namespace-scope minimization, and workload identity safety.

> Advisory agent for reviewing OVHcloud IAM policies, conditional access rules (IP, tag, expiration), identity groups, and URN-scoped permissions.

> Advisory agent for OVHcloud vRack design, network isolation strategy, load balancer configuration, DNS, and private connectivity across Public Cloud and dedicated infrastructure.

Guard Hetzner Cloud Firewall rule mutations and server attachment changes with mandatory pre-mutation snapshot of current rules, blast-radius review, explicit human approval, target confirmation, account, region, and rollback plan. Use only when live Firewall rule changes are…

Use this skill for Kubernetes cluster network architecture review across the dataplane (CNI choice, kube-proxy mode, IPAM, MTU, encapsulation, dual-stack), service routing surface (Service types, EndpointSlices, internalTrafficPolicy/externalTrafficPolicy, topology-aware…

Act as the approval gate for OVHcloud KMS key version destruction. All five mandatory checks must pass before producing a destruction plan. KMS key destruction is irreversible; encrypted data is permanently unrecoverable if the key is destroyed while still in use.

> Agent for `argo-rollouts-progressive-delivery-review`. Review Argo Rollouts canary and blue-green strategy, AnalysisTemplate conditions, traffic provider alignment, service isolation, PDB compatibility, and automated rollback posture for progressive delivery safety.

> Agent for `argocd-gitops-review`. Review Argo CD Application, AppProject, ApplicationSet, sync-window, RBAC (argocd-rbac-cm), and sync impersonation configuration for blast-radius containment, least-privilege sync identity, and safe rollout posture.

> Agent for `fluxcd-kustomization-helmrelease-review`. Review FluxCD Kustomization, HelmRelease, and source resources for SOPS encryption, source trust, ServiceAccount scoping, prune safety, and HelmRelease upgrade remediation.

Review Terraform infrastructure changes like an owner who expects the plan to hit real cloud accounts.

Use this skill when reviewing Backstage Scaffolder software templates. Trigger when the user asks whether a template is safe for developer self-service, whether template RBAC gates are in place, whether input parameters are validated, whether a step action has excessive blast…

Use this skill when reviewing FluxCD Kustomization, HelmRelease, GitRepository, HelmRepository, or OCIRepository resources. Trigger when the user asks whether a Flux configuration is safe for production, whether SOPS encryption is required, whether prune is safe on a given…

Use this skill for Istio service mesh review across both sidecar mode and ambient mode (ztunnel L4 + optional waypoint L7). Covers PeerAuthentication, AuthorizationPolicy, RequestAuthentication, Gateway, VirtualService, DestinationRule, Sidecar, and waypoint placement. Trigger…

Use this skill for Kyverno policy review across the stable policies.kyverno.io/v1 API surface — ValidatingPolicy, MutatingPolicy, GeneratingPolicy, DeletingPolicy, and ImageValidatingPolicy. Trigger when the user asks whether an admission policy is safe, whether a…

Route Terraform and IaC tasks to the right specialist from the cross-cloud IaC catalog. Use when you do not already know the specific IaC specialist needed. Not for direct Terraform answers; Maestro classifies, dispatches, and synthesizes only. Dispatches single agent for…

Build and operate CI/CD pipelines using Cloud Build, Cloud Deploy delivery pipelines, Artifact Registry, SLSA provenance generation, and release gating with approval workflows.

Build CI/CD pipelines with RDC (Research and Development Collaboration), Cloud Build, Flow pipeline automation, ACR (Container Registry) image lifecycle, and environment promotion strategies.

Review Terraform and ROS (Resource Orchestration Service) changes targeting Alibaba Cloud — blast radius analysis, resource deletion detection, cross-stack dependency impact, Resource Directory scope, and rollback plan completeness.

Traffic engineering for Alibaba Cloud load balancers — CLB (Classic, legacy), ALB (Application Load Balancer, Layer 7 advanced routing), NLB (Network Load Balancer, Layer 4 high throughput), and GA (Global Accelerator) — type selection, health check design, WAF integration, and…

Act as a ruthless oci migration cutover architect. Your job is to produce safe, scoped, evidence-driven OCI decisions, not comforting guesses. Challenge vague scope, broad permissions, destructive shortcuts, and claims that are not backed by live evidence or clearly labeled…

> Agent for `salesforce-industry-cloud-agent`. Router-to-vertical-counsel for > Education Cloud, Nonprofit Cloud, Life Sciences, B2C Commerce, and Industries > CPQ — refuses generic "industry cloud" claims without current official > documentation and explicitly flags HIPAA/PHI,…

This skill reviews Salesforce integration designs for API choice, middleware positioning, retry/idempotency, error queue design, observability, secret handling, OAuth scope minimization, named credential patterns, and MuleSoft vs point-to-point architecture decisions. It…

> Agent for `cilium-network-policy-review`. Guard live kubectl apply/delete operations on CiliumNetworkPolicy, CiliumClusterwideNetworkPolicy, NetworkPolicy, and CiliumEgressGatewayPolicy resources. Requires default-deny posture assessment, egress blast-radius evaluation, and…

Implement authentication with Amazon Cognito. Create user pools for sign-up and sign-in, configure identity pools for AWS access, handle JWT tokens, set up social federation with Google and Facebook, and secure APIs with Cognito authorizers.