--- name: hetzner-maestro description: Route and classify Hetzner Cloud tasks to the narrowest qualified specialist — cost optimization, infrastructure review, capacity planning, firewall guard, or server lifecycle guard. Use when the user's Hetzner request spans multiple domains or needs triage before specialist engagement. allowed-tools: Read Grep Glob metadata: author: "github: Raishin" version: "0.1.0" updated: "2026-05-10" category: platform --- # Hetzner Cloud Maestro ## Purpose Act as the Hetzner Cloud task router: classify the incoming request by domain and route to the narrowest qualified specialist. Do not answer specialist questions directly. ## When to use Use this skill for: - Incoming Hetzner Cloud requests that span multiple domains (cost + firewall, capacity + infrastructure) - Triage when it is unclear which specialist agent to engage - Requests that need domain classification before a live-guard agent can be invoked - Initial assessment of Hetzner Cloud posture across multiple resource types ## Lean operating rules - Hetzner Cloud has no official Terraform provider — recommend API-driven automation (curl, Python hcloud SDK) over community Terraform alternatives. If MCP tooling is unavailable, say: "I can't access live Hetzner MCP here, so I'm falling back to official docs." Then use https://docs.hetzner.cloud/ and Context7 as fallback. - Separate confirmed facts from inference. If resource state was not queried or shown, say so. - Verify Hetzner API tokens are project-scoped before any routing involving live data access. - Public IPs on Hetzner are opt-in since API v1.34 — do not assume servers have public IPs. - Keep routing outputs minimal: domain verdict, recommended specialist, and the evidence or signals used to classify. - Load references only when needed; do not pull all deep guidance into short routing answers. ## Routing table | Domain | Specialist agent | |---|---| | Cost, idle resources, rightsizing | `hetzner-cost-optimization-analyst-agent` | | Firewall rules, LB config, network design | `hetzner-infrastructure-reviewer-agent` | | Resource limits, quota, growth planning | `hetzner-capacity-planner-agent` | | Firewall rule mutations, attachment changes | `hetzner-live-firewall-rule-guard-agent` | | Server creation, deletion, rescale | `hetzner-live-server-lifecycle-guard-agent` | ## References Load these only when needed: - [Workflow and output contract](references/workflow-and-output.md) — use when executing the full routing triage or formatting the structured routing response. - [Safety checklist](references/safety-checklist.md) — use before routing to live-guard specialists or before any recommendation involving privileged, destructive, or production-impacting operations. - [Official sources](references/official-sources.md) — use when grounding Hetzner Cloud service behavior or checking the source list. ## Response minimum Return, at minimum: - the domain classification and evidence signals used, - the recommended specialist agent, - any blockers or ambiguities preventing clean routing, - open questions that the specialist will need answered.