Feat/skill overlay#695
Conversation
- Introduced multiple new CodeBundles including: - `aws-account-cost-health`: Monitors AWS account cost trends and provides recommendations for Reserved Instances and Savings Plans. - `aws-cloudwatch-overused-ec2`: Identifies overutilized EC2 instances based on CloudWatch metrics. - `aws-eks-health`: Checks the health status of EKS clusters, including node groups and add-ons. - `aws-elasticache-redis-health`: Monitors the health of Elasticache Redis instances. - `aws-lambda-health`: Analyzes AWS Lambda invocation errors and performance metrics. - `aws-sqs-dlq-investigation`: Investigates SQS dead-letter queues and correlates with Lambda consumers. - `azure-acr-health`: Conducts health checks for Azure Container Registry, including network and security assessments. - `azure-acr-image-sync`: Syncs images from public repositories into Azure Container Registry. - `azure-adf-health`: Performs health checks for Azure Data Factories, including pipeline errors and resource health. - `azure-aks-cost-optimization`: Analyzes AKS node pools for cost optimization opportunities. Each CodeBundle includes detailed tools, inputs, and monitoring capabilities to enhance cloud resource management and health monitoring.
Skill templates in the repo describe unconfigured CodeBundles; workspace-builder renders fully bound Skills as SKILL.md on SLXs. Update the generator to emit kind: skill-template and remove legacy SKILL.md files. Co-authored-by: Cursor <cursoragent@cursor.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 4 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 5f8550c. Configure here.
| base_image: rw-base-runtime | ||
| platforms: [Azure, AppService, Ops] | ||
| resource_types: [app_service] | ||
| access: read-only |
There was a problem hiding this comment.
Ops bundle marked read-only
High Severity
The skill template front matter sets access: read-only for bundles whose runbooks perform mutating work (App Service restart/scale/swap/redeploy and ACR image sync). Runbook tasks tag access:read-write, but that tag lives on continuation lines the generator does not read, so the overlay misstates write access.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 5f8550c. Configure here.
|
|
||
| ## Secrets | ||
|
|
||
| _No secrets imported in Robot source._ |
There was a problem hiding this comment.
Load balancer inputs incomplete
High Severity
The template lists only AZURE_RESOURCE_SUBSCRIPTION_ID under Inputs and claims no secrets, but runbook.robot requires AZ_LB_NAME, AZ_LB_ID, and AZ_HISTORY_RANGE, plus azure_credentials, for the activity-log task to run.
Reviewed by Cursor Bugbot for commit 5f8550c. Configure here.
|
|
||
| ## Secrets | ||
|
|
||
| _No secrets imported in Robot source._ |
There was a problem hiding this comment.
ACR sync omits secrets
High Severity
Secrets states no imports, yet the runbook loads azure_credentials and optionally DOCKER_USERNAME / DOCKER_TOKEN via RW.Core.Import Secret before syncing images.
Reviewed by Cursor Bugbot for commit 5f8550c. Configure here.
| | `RESOURCES` | string | Queue name substring filter or All for discovery-driven runs. | `All` | no | | ||
| | `DLQ_DEPTH_THRESHOLD` | string | Flag DLQ when ApproximateNumberOfMessagesVisible exceeds this value (0 means any message is an issue). | `0` | no | | ||
| | `CLOUDWATCH_LOG_LOOKBACK_MINUTES` | string | How far back to search processor logs for errors. | `60` | no | | ||
| | `EXTRA_LOG_GROUP_NAMES` | string | Optional extra CloudWatch log groups for non-Lambda processors. | `` | yes | |
There was a problem hiding this comment.
Optional SQS inputs marked required
Medium Severity
SQS_QUEUE_URLS and EXTRA_LOG_GROUP_NAMES are documented as optional but the inputs table marks them Required because empty-string defaults are treated as missing required values.
Reviewed by Cursor Bugbot for commit 5f8550c. Configure here.


add skill templates
Note
Low Risk
Documentation-only additions; no runtime, auth, or automation code paths changed in the diff.
Overview
Adds
SKILL-TEMPLATE.mdfiles across many AWS and Azure codebundles so each bundle exposes akind: skill-templatemanifest for the skill overlay.Each new file documents YAML front matter (name, description,
runtimewith runbook/monitor/executor, platforms, resource types, access) plus structured sections for Robot tools (task names, scripts, tags, reads/writes), monitor sub-checks wheresli.robotexists, inputs/secrets/outputs, and how to invoke (production worker, localro, standalone bash).Coverage in this diff spans AWS (cost, CloudWatch EC2, EKS, ElastiCache, Lambda, SQS DLQ) and Azure (ACR, ADF, AKS triage/cost, APIM, App Gateway, App Service health/ops/cost, Databricks, DevOps org/project/repo, Key Vault, load balancer triage, and related bundles). No runbook or shell script logic is modified—only additive metadata for discovery and templating.
Reviewed by Cursor Bugbot for commit 5f8550c. Bugbot is set up for automated code reviews on this repo. Configure here.