Infrastructure as Code for GCP — Terraform google provider, Deployment Manager, Pulumi, Config Connector
Review Terraform and Deployment Manager changes targeting GCP — blast radius analysis, destroy-operation detection, cross-project impact, state file conflicts, org policy drift,…
Audit GCP IAM bindings across the resource hierarchy (org/folder/project), identify overprivileged Service Accounts, review Workload Identity Federation configurations, evaluate…
Expertise in evaluating GCP projects for compliance — what checks are meaningful, which SCF controls they map to, and how to interpret gcloud output.
Design and review GCP landing zone foundations including organization setup, folder hierarchy, org policy baseline, Shared VPC, billing account structure, Security Command Center,…
Gate Cloud Run traffic percentage migrations, min-instances changes, and revision deletions against revision health verification and rollback posture assessment.
Gate Cloud Billing budget threshold changes, committed-use discount (CUD) purchases, and quota increase requests with explicit financial-authority approval.
Gate GKE deployment mutations, node pool upgrades, and cluster control-plane version changes against rollback posture and PDB audit before any production change.
Gate IAM binding mutations, org policy changes, and Service Account key creation against the GCP resource hierarchy.
Gate Cloud KMS key version destruction and key ring deletion against a complete CMEK dependency audit.
Traffic engineering for GCP load balancers — Global HTTPS LB, Regional HTTPS LB, TCP/SSL Proxy LB, Network LB (passthrough), Internal TCP/UDP LB — type selection, health check…
Read and query GCP logs for Hyperlane agents using gcloud CLI. Use when investigating relayer, validator, or scraper logs, debugging message processing, or analyzing operational…
GCP Maestro routing skill. Classify the user's GCP task, select the narrowest specialist agent or the right team of specialists from the catalog, and dispatch them — single…
Plan and execute migrations to GCP using Migrate to Virtual Machines, Database Migration Service, Storage Transfer Service, and design cutover sequencing with rollback plans.
Design and review GCP network architecture including global VPC topology, Shared VPC patterns, Cloud Interconnect/VPN hybrid connectivity, Cloud NAT, DNS, Cloud Armor, and Traffic…
Investigate GCP network issues by analyzing VPC Flow Logs, firewall logs, Cloud NAT logs, threat logs, and networking metrics.
Generate CI/CD pipelines for Node.js and Angular applications on GCP with Cloud Build and GKE deployment.
Hono + Node.js アプリケーションに Google Cloud Trace (Telemetry API 直接送信 OTLP) と Cloud Logging 構造化ロギングを実装するスキル。OpenTelemetry SDK の初期化、ADC を使ったトークン自動更新エクスポーター、startSpan + context.with()…
Respond to incidents and set up observability using Cloud Monitoring, Cloud Logging, Error Reporting, Cloud Trace, and SLO burn rate alerting.
GCP 프로젝트 생성부터 결제 계정 연결, API 활성화까지 원스텝 자동화. 트리거: GCP 프로젝트 만들어줘, 새 프로젝트 생성, 프로젝트 셋업해줘, GCP 프로젝트 설정
Govern GCP Artifact Registry — container image signing via Binary Authorization, vulnerability scanning via Container Analysis, repository IAM least privilege, artifact retention…
Review GCP workload HA and BCDR designs — multi-region architectures, Cloud SQL HA failover, Spanner global instances, GKE multi-cluster, RTO/RPO target analysis, and runbook…
Query Asset Inventory API for resource discovery, audit resource label/tag coverage, detect stale or orphaned resources, review change history, and build inventory reports across…
Optimize Google Cloud Platform resource allocation and manage cloud credits efficiently. Use when planning GCP deployments, analyzing cloud spend, maximizing value from expiring…
Configure GCP IAM, Secret Manager, and VPC networking with security best practices. PROACTIVELY activate for: (1) setting up service accounts and IAM permissions, (2) managing…
Design GCP solutions aligned with the Google Cloud Architecture Framework when the request spans resource hierarchy, product selection, or multi-service architecture decisions.
Design Cloud Spanner schemas with hotspot avoidance, interleaving strategies, optimal indexing, processing-unit sizing, and global write patterns for distributed OLTP at scale.
Coordinate GCP support incidents — case creation with correct severity, Premium/Enhanced Support SLA enforcement, TAM escalation path, status page monitoring, internal stakeholder…
Triage GCP operational alerts, incidents, and support tickets — P0/P1/P2/P3 classification, GCP Premium/Enhanced Support SLA enforcement, war room coordination, evidence…
Troubleshoot GCP services using tool-first access (via MCP when available), falling back to the CLI only when necessary.
GCP VM 생성 마법사. 용도 기반 사양 추천, VM 생성, 방화벽 설정까지 자동화. 트리거: VM 만들어줘, GCP VM 생성, 서버 하나 띄워줘, 인스턴스 생성
Design, review, and troubleshoot VPC Service Controls perimeters, access policies, dry-run mode configuration, bridge perimeters for cross-perimeter access, and Access Context…
Evaluate GCP workload cost efficiency against the Google Cloud Well-Architected Framework cost optimization pillar — covering FinOps culture, cloud spending alignment with…
Evaluate GCP workload reliability against the Google Cloud Well-Architected Framework reliability pillar — covering SLOs/error budgets, HA topology, horizontal scalability,…
GCP 到 Google Workspace 的穿越攻击方法论。当已获取 GCP Service Account 或 Project 权限并发现目标组织使用 Google Workspace、需要从云平台穿越到企业邮件/文档/管理控制台、或发现 Domain-Wide Delegation 配置时使用。覆盖 Domain-Wide Delegation…
Generates DrawIO XML diagrams for Amazon Web Services architectures from text descriptions or images. Analyzes existing .drawio files to extract AWS components.
Generates DrawIO XML diagrams for Google Cloud Platform architectures from text descriptions or images. Analyzes existing .drawio files to extract GCP components.
OpenTofu/Terraform pattern for GitHub Actions OIDC trust with AWS IAM. Covers the non-obvious `job_workflow_ref` condition (vs just `sub` for repo+branch), the Bedrock inference…
Harden a site behind Cloudflare end-to-end, from account to zone to origin. Covers DNS hygiene, origin-IP protection via Authenticated Origin Pulls and IP allowlisting, WAF…
Manage Heroku apps, dynos, and add-ons via CLI and API. Deploy and scale applications.
iFlytek Machine Translation (机器翻译) — translate text between Chinese, English, Japanese, Korean, French, Spanish, German, Russian, Arabic, Thai, Vietnamese, and many more…
Implementing AWS Config rules for continuous compliance monitoring of AWS resources, deploying managed and custom
Configure IAM permission boundaries in AWS to delegate role creation to developers while enforcing maximum privilege
Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine
Configure Microsoft Entra Privileged Identity Management to enforce just-in-time role activation, approval workflows,
Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across
Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based
Implement GCP Binary Authorization to enforce deploy-time security controls that ensure only trusted, attested
Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy,
Provisions workspace-based Azure Application Insights with a dailyQuotaGb cost cap and optional metric alerts (5xx spikes, server exceptions) on an Action Group.
json-render component catalog patterns for AI-safe generative UI. Define Zod-typed catalogs that constrain what AI can generate, use @json-render/shadcn for 36 pre-built…
Generate guardrailed UI from natural language. Claude emits constrained JSON, skill runtime renders via Preact.
Kapitalwert korrespondierender Kapitalwert prüfen: prüft die einschlägigen Voraussetzungen, Dokumente, Risiken und Ausnahmen.
AWS Lambda serverless functions for event-driven compute. Use when creating functions, configuring triggers, debugging invocations, optimizing cold starts, setting up event source…
Clerk for reserve reduction, trespass, survey errors, and railway takings; use when processing the Land_Reduction_Trespass queue.
Expert in lease surrender agreements where landlord and tenant mutually agree to terminate the lease before expiry.
List the user's saved render profiles with their codec, resolution, and rate-control summary. Use when the user says "list my render profiles", "what presets do I have", "show me…
Use when analyzing error logs, production failures, or recurring log patterns from Railway, files, or console output.
Manages versioned, idempotent Azure SQL migrations that run on every deployment via sqlcmd in GitHub Actions.
Railway platform CLI for service deployment, infrastructure management, and debugging. Use for creating services, managing deployments, configuring networking, and reviewing logs.