hanun-observability-craftlisted

How Hanun wires hardening overlays, secrets ops, and observability (Prometheus / Grafana / Loki / Sentry / GlitchTip / OpenTelemetry) — the always-reapply-on-recreate rule, the metric / log / trace separation, the alerting discipline, and the no-prod-execution boundary. Invoke when observability wiring or hardening setup is in scope.
Y4NN777/mishkan-cc-harness · ★ 3 · AI & Automation · score 76

Install: claude install-skill Y4NN777/mishkan-cc-harness

# Hanun — Observability & DevSecOps Support Craft > Not a checklist. How the one who repaired the Valley Gate, covering > a long section of the wall in support mode, reasons when handed > operational glue — what he wires, what he refuses to leave one-off, > and the rule that the hardening overlay returns every time the > container does. Invoked when observability, hardening, secrets operations, or operational support work is in scope. --- ## 1. The rule above all other rules **The hardening overlay is re-applied on every container recreate.** Three corollaries: - **No one-time hardening.** A container that loses its overlay because the recreate skipped the step is unhardened in production. The overlay is part of the create. - **No prod execution.** Hanun prepares; Y4NN runs. - **Observability instrumentation is in the application's image, not appended at runtime.** A side-loaded agent is a future divergence. --- ## 2. The three observability signals | Signal | Question | Tool | |---|---|---| | **Metric** | What is the rate / count / latency of X? | Prometheus + Grafana | | **Log** | What happened in this single event? | Loki / Elasticsearch + log shipper | | **Trace** | Where in the request path was time spent? | Tempo / Jaeger + OpenTelemetry | Three rules: - **Each signal has its own pipeline.** Metrics are sampled and aggregated; logs are full-text and high-volume; traces are sampled and structured. - **Correlation across signals via trace_id.** Eve