Skip to content

Feat/skill overlay#695

Merged
stewartshea merged 3 commits into
mainfrom
feat/skill-overlay
Jun 26, 2026
Merged

Feat/skill overlay#695
stewartshea merged 3 commits into
mainfrom
feat/skill-overlay

Conversation

@stewartshea

@stewartshea stewartshea commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

add skill templates


Note

Low Risk
Documentation-only additions; no runtime, auth, or automation code paths changed in the diff.

Overview
Adds SKILL-TEMPLATE.md files across many AWS and Azure codebundles so each bundle exposes a kind: skill-template manifest for the skill overlay.

Each new file documents YAML front matter (name, description, runtime with runbook/monitor/executor, platforms, resource types, access) plus structured sections for Robot tools (task names, scripts, tags, reads/writes), monitor sub-checks where sli.robot exists, inputs/secrets/outputs, and how to invoke (production worker, local ro, standalone bash).

Coverage in this diff spans AWS (cost, CloudWatch EC2, EKS, ElastiCache, Lambda, SQS DLQ) and Azure (ACR, ADF, AKS triage/cost, APIM, App Gateway, App Service health/ops/cost, Databricks, DevOps org/project/repo, Key Vault, load balancer triage, and related bundles). No runbook or shell script logic is modified—only additive metadata for discovery and templating.

Reviewed by Cursor Bugbot for commit 5f8550c. Bugbot is set up for automated code reviews on this repo. Configure here.

stewartshea and others added 3 commits May 27, 2026 17:27
- Introduced multiple new CodeBundles including:
  - `aws-account-cost-health`: Monitors AWS account cost trends and provides recommendations for Reserved Instances and Savings Plans.
  - `aws-cloudwatch-overused-ec2`: Identifies overutilized EC2 instances based on CloudWatch metrics.
  - `aws-eks-health`: Checks the health status of EKS clusters, including node groups and add-ons.
  - `aws-elasticache-redis-health`: Monitors the health of Elasticache Redis instances.
  - `aws-lambda-health`: Analyzes AWS Lambda invocation errors and performance metrics.
  - `aws-sqs-dlq-investigation`: Investigates SQS dead-letter queues and correlates with Lambda consumers.
  - `azure-acr-health`: Conducts health checks for Azure Container Registry, including network and security assessments.
  - `azure-acr-image-sync`: Syncs images from public repositories into Azure Container Registry.
  - `azure-adf-health`: Performs health checks for Azure Data Factories, including pipeline errors and resource health.
  - `azure-aks-cost-optimization`: Analyzes AKS node pools for cost optimization opportunities.

Each CodeBundle includes detailed tools, inputs, and monitoring capabilities to enhance cloud resource management and health monitoring.
Skill templates in the repo describe unconfigured CodeBundles; workspace-builder renders fully bound Skills as SKILL.md on SLXs. Update the generator to emit kind: skill-template and remove legacy SKILL.md files.

Co-authored-by: Cursor <cursoragent@cursor.com>
@stewartshea stewartshea requested a review from a team as a code owner June 26, 2026 02:40
@stewartshea stewartshea merged commit c87a9ee into main Jun 26, 2026
8 checks passed
@stewartshea stewartshea deleted the feat/skill-overlay branch June 26, 2026 02:40

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 4 potential issues.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 5f8550c. Configure here.

base_image: rw-base-runtime
platforms: [Azure, AppService, Ops]
resource_types: [app_service]
access: read-only

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ops bundle marked read-only

High Severity

The skill template front matter sets access: read-only for bundles whose runbooks perform mutating work (App Service restart/scale/swap/redeploy and ACR image sync). Runbook tasks tag access:read-write, but that tag lives on continuation lines the generator does not read, so the overlay misstates write access.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 5f8550c. Configure here.


## Secrets

_No secrets imported in Robot source._

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Load balancer inputs incomplete

High Severity

The template lists only AZURE_RESOURCE_SUBSCRIPTION_ID under Inputs and claims no secrets, but runbook.robot requires AZ_LB_NAME, AZ_LB_ID, and AZ_HISTORY_RANGE, plus azure_credentials, for the activity-log task to run.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 5f8550c. Configure here.


## Secrets

_No secrets imported in Robot source._

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACR sync omits secrets

High Severity

Secrets states no imports, yet the runbook loads azure_credentials and optionally DOCKER_USERNAME / DOCKER_TOKEN via RW.Core.Import Secret before syncing images.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 5f8550c. Configure here.

| `RESOURCES` | string | Queue name substring filter or All for discovery-driven runs. | `All` | no |
| `DLQ_DEPTH_THRESHOLD` | string | Flag DLQ when ApproximateNumberOfMessagesVisible exceeds this value (0 means any message is an issue). | `0` | no |
| `CLOUDWATCH_LOG_LOOKBACK_MINUTES` | string | How far back to search processor logs for errors. | `60` | no |
| `EXTRA_LOG_GROUP_NAMES` | string | Optional extra CloudWatch log groups for non-Lambda processors. | `` | yes |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optional SQS inputs marked required

Medium Severity

SQS_QUEUE_URLS and EXTRA_LOG_GROUP_NAMES are documented as optional but the inputs table marks them Required because empty-string defaults are treated as missing required values.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 5f8550c. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant