qwedsazxc78

zeus

GitOps Engineer for Kustomize + ArgoCD platforms. Activates when the user works with Kustomize overlays, ArgoCD applications, Kubernetes manifests, or asks for YAML validation, environment management, or service scaffolding. Commanding, methodical, thorough approach.

gateway-api-migration

Migrates Kustomize modules using NGINX Ingress to Gateway API resources. Dual-target: default Traefik (GatewayClass=traefik), opt-in GKE Gateway (--gateway-class gke-l7-global-external-managed). Handles master/minion topology (common.ingress/ + common.service/) as the primary case, with standalone Ingress as a fallback. Performs cluster-side preflight (CRDs, GatewayClass, policy CRDs, Traefik version probe on Traefik targets), deterministic discovery/analysis via bundled scripts, two-phase conversion with atomic rollback from full file backups, semantic diff of path and listener coverage, plus an ingress2gateway second-opinion cross-check. Renders a comprehensive report covering per-hostname mapping, TLS map, annotation inventory (translated/stubbed/unknown), risk register, cutover checklist, verification commands, and rollback procedures. Never modifies the master source; performs idempotent in-place edits only to common.service/overlays/<env>/kustomization.yaml.

helm-version-upgrade

Manages Helm chart version upgrades across Terraform+Helm platforms. Handles atomic 3-file updates with version discovery from ArtifactHub. Use when upgrading Helm charts, checking for outdated versions, or performing version consistency checks.

ingress-controller-install

GitOps-flavored Traefik Ingress Controller bootstrap, env addition, or chart upgrade in a Kustomize + ArgoCD repo. Operates exclusively on files under `common.traefik/` (base, overlays, argocd manifests). Never runs `helm install` or `helm upgrade` — those are ArgoCD's job. Plan-only: edits Kustomize files, emits the `git add` / commit / push commands, and the operator drives git. Validates coexistence with `ingress-nginx` via Kustomize-build inspection (no live cluster required). Use for new-cluster bootstrap, adding a new env overlay, or bumping the Traefik chart version.

ingress-migration-advisor

Read-only planner that inventories every Ingress in a Kustomize repo, scores each service on five migration-readiness dimensions, and recommends one of four paths per service (direct-gateway, two-step, swap-only, defer). Output is a Mermaid Gantt plan plus ready-to-paste Zeus commands. Critical traffic-tier services are vetoed to defer. Services already on Traefik Ingress (sourceClass=traefik) auto-route to direct-gateway. Never mutates the repo; produces docs/reports/ ingress-migration-advisor/<slug>/plan.md and state.yaml. Use for end-of-life planning (ingress-nginx EOL 2025), migration sequencing, or per-service path advisory. Requires docs/ingress-tier-map.yaml in the consumer repo.

kustomize-resource-validation

Auto-trigger skill that activates when any kustomization.yaml file is edited. Validates resource references, patch references, orphaned files, cross-environment consistency, build success, and generator configurations.

retire-nginx

Retire the nginx ingress controller and all nginx Ingress resources from a Kustomize + ArgoCD repo after Gateway API / Traefik migration is complete. Supports single-env (dev/stg/prd) or all-envs retirement in one command. Use this skill whenever: removing nginx after migration, cleaning up dead nginx Ingress resources from a kustomize base, decommissioning the ingress-nginx controller ArgoCD Application for an env, or retiring nginx from one environment without touching others. Safety-gated: aborts if no HTTPRoutes/Traefik Ingresses found (migration not done). Uses $patch: delete in the service overlay kustomization to exclude base nginx Ingress resources per-env — base files stay intact for other envs still using them.

nginx-to-gateway

Thin orchestrator that chains nginx-to-traefik (class swap) and gateway-api-migration (resource swap) against one Kustomize module in one operator session. Owns no conversion logic. Invokes skill A first, reads its outputs.traefikIngresses[] hand-off contract, then invokes skill B with --source-class traefik --no-redirect and the chosen --gateway-class. Produces a single combined index document linking both sub-reports. Each phase keeps its own state file; this skill records the chain in docs/reports/nginx-to-gateway/<slug>/index.yaml.

nginx-to-traefik

Class-swap migration that ports services from NGINX Ingress to Traefik Ingress (`ingressClassName: traefik`) while keeping both controllers running in parallel. DNS A-records are the only cutover lever. Designed for eye-of-horus-gitops conventions: nginx files move to archive/ (never deleted), Traefik Ingresses live in kustomization.resources (never patches), backend Service names and secretName are written verbatim (Kustomize namePrefix does not touch them). Operator-declared LB IPs only — never auto-derived from cluster state. State stored in docs/reports/nginx-to-traefik/<slug>/.

Web & Frontend Listed

painter

Draw clear, easy-to-understand architecture diagrams, flow charts, and feature explainer graphics from code, system architecture, or DevOps pipelines. Output is an HTML artifact (inline CSS and SVG) styled with a blue-white tech palette, flat vector icons, a card-based multi-step layout, flow arrows, and dark code blocks. Supports two output levels: `basic` (single-page overview) and `detailed` (overview plus clickable drill-down per-component pages), and can use multi-agent parallel scanning to speed up analysis of large architectures. Triggered when the user asks to "draw an architecture diagram / flow chart" or invokes `*diagram` / `devops:painter`. Output renders directly in a browser for review and screenshots, suitable for technical documentation and presentation material.

release-validate

Validates package release readiness across version consistency, cross-platform link integrity, npm package content, setup script smoke testing, skill fixture suite runs (Phase 4), shell portability static checks (Phase 5), cross-repo-style fixture coverage (Phase 6, shipped in v1.15.0), cross-AI-tool registration parity (Phase 7, shipped in v1.15.0), and release artifact generation (Phase 8). Use before running `pnpm release` to catch issues that structure tests may miss. Top-level orchestrator at `scripts/release_check.sh` runs every phase and is wired into `.github/workflows/release.yml` as a pre-publish gate. Produces `docs/reports/release-validate/<version>/RELEASE-CHECK.md` suitable verbatim for the GitHub Release body.

traefik-controller-decommission

GitOps-flavored SAFE uninstall of the `ingress-nginx` controller in a Kustomize + ArgoCD repo. Verifies cluster + repo are free of `ingressClassName: nginx` (precedence-aware: spec wins, legacy annotation falls back). After DNS bake confirmation, plans the decommission as: archive the `common.ingress-nginx/` (or equivalent) Kustomize module, disable the ArgoCD Application, wait for ArgoCD prune, then optional LB / IAM cleanup. Never runs `helm uninstall` — ArgoCD handles the actual resource removal via prune. Plan-only: emits a `commands.sh` for the operator to drive manually.

yaml-fix-suggestions

Auto-trigger skill that activates when YAML files in Kustomize module directories are modified. Checks formatting, Kubernetes label compliance, kustomization.yaml references, and build validation. Reports only when issues are found.

horus

IaC Operations Engineer for Terraform + Helm + GKE platforms. Activates when the user works with Terraform modules, Helm charts, GKE infrastructure, or asks for validation, security scanning, or CI/CD improvements. Pipeline-driven, safety-first approach with automated checks.