Collaboration platform configuration methodology for legal matter sites. Site architecture, workflow identification, dashboard design, data quality governance, and user adoption for SharePoint, Teams, and equivalent platforms. M365 is the reference implementation — outputs are platform-agnostic enough to brief IT or build simple automations without becoming a Power Automate manual. Use when setting up a matter site, identifying workflows to automate, designing reporting dashboards, managing platform data quality, or driving user adoption. Trigger on: 'set up the matter site', 'configure SharePoint', 'build a dashboard', 'what should we automate', 'brief IT on this workflow', 'nobody is using the platform', 'data quality is poor', 'set up Teams channel', 'matter site structure', 'alerts and notifications', 'user training', 'platform governance', 'status dashboard', 'what workflows can we automate', 'matter site template'.

Matter budgeting and ongoing WIP/variance monitoring. Build phase-based fee estimates at matter setup, run bottom-up budgets by jurisdiction or workstream, calculate contingency, and structure AFA arrangements (fixed fee, capped fee, phased fixed fees). Ongoing monitoring: WIP tracking against budget, proportionality assessment (spend vs progress), variance commentary with root cause analysis, forecast-to-complete, realisation monitoring, write-off analysis. Trigger on: 'build a budget', 'fee estimate', 'what will this cost', 'WIP review', 'budget vs actual', 'how are we tracking against budget', 'we're over budget', 'realisation is poor', 'what's our ETC', 'budget for the German workstream', 'model the financial impact of this scope change', 'draft a fee adjustment', 'write-off analysis', 'how much contingency', 'AFA structure', 'fixed fee estimate', 'budget update', 'forecast to complete'.

Build Airflow 3.1+ plugins that embed FastAPI apps, custom UI pages, React components, middleware, macros, and operator links directly into the Airflow UI. Use this skill whenever the user wants to create an Airflow plugin, add a custom UI page or nav entry to Airflow, build FastAPI-backed endpoints inside Airflow, serve static assets from a plugin, embed a React app in the Airflow UI, add middleware to the Airflow API server, create custom operator extra links, or call the Airflow REST API from inside a plugin. Also trigger when the user mentions AirflowPlugin, fastapi_apps, external_views, react_apps, plugin registration, or embedding a web app in Airflow 3.1+. If someone is building anything custom inside Airflow 3.1+ that involves Python and a browser-facing interface, this skill almost certainly applies.

Define reusable Airflow task group templates with Pydantic validation and compose DAGs from YAML. Use when creating blueprint templates, composing DAGs from YAML, validating configurations, or enabling no-code DAG authoring for non-engineers.

Identify the precise location of bugs in source code, modules, and systems. Use this skill when debugging applications, investigating test failures, analyzing error reports, tracing runtime issues, or performing root cause analysis. Analyzes stack traces, error messages, failing tests, and code patterns to pinpoint buggy functions, classes, files, or modules with confidence rankings and supporting evidence.

Set up, configure, and troubleshoot Grafana Cloud integrations for AWS, Azure, and other cloud providers. Use when the user asks to connect AWS CloudWatch, set up Azure Monitor, configure Confluent Cloud observability, install a Grafana integration, set up hosted exporters, use AWS Firehose for CloudWatch logs, or troubleshoot a cloud integration. Triggers on phrases like "AWS CloudWatch", "Azure Monitor", "Confluent integration", "cloud integration", "hosted exporter", "AWS Firehose", "install integration", "cloud metrics", or "cloud logs".

Reviews Workers and Cloudflare Developer Platform code for type correctness, API usage, and configuration validity. Load when reviewing TypeScript/JavaScript using Workers APIs, wrangler.jsonc/toml config, or Cloudflare bindings (KV, R2, D1, Durable Objects, Queues, Vectorize, AI, Hyperdrive).

Creates, updates, and reviews product changelog entries for the Cloudflare documentation site. Load when generating changelog MDX files, editing existing entries, reviewing changelog style, or validating frontmatter.

Creates and updates GitHub pull requests for cloudflare-docs changes. Load when asked to open, create, submit, update, edit, or write a title or description for a PR. Covers title conventions, PR body structure, and the documentation checklist template.

Configures and hardens IP allowlists for CockroachDB Cloud clusters to restrict network access to authorized CIDR ranges. Use when tightening network security, removing overly permissive allowlist entries like 0.0.0.0/0, or setting up allowlists for a new cluster.

Configures private network connectivity for CockroachDB Cloud clusters including AWS PrivateLink, GCP Private Service Connect, Azure Private Link, egress private endpoints, and VPC peering. Use when setting up private endpoints to eliminate public internet exposure, configuring egress to external services like Kafka, or establishing VPC peering.

Audits the security posture of a CockroachDB cluster (Cloud or self-hosted) across network, authentication, authorization, encryption, audit logging, and backup dimensions. Use when assessing cluster security readiness, preparing for compliance reviews, or investigating security configuration gaps.

Configures log and metric export for CockroachDB Cloud clusters to external monitoring services including AWS CloudWatch, GCP Cloud Logging, and Datadog. Use when setting up log export for audit compliance, configuring metric export for monitoring, or troubleshooting log delivery issues.

Configures SQL audit logging on CockroachDB clusters to capture security-relevant events including authentication, privilege changes, and sensitive data access. Use when enabling audit logging for compliance, setting up role-based audit policies, or verifying audit configuration.

Hardens CockroachDB user privileges by auditing and tightening role-based access control, reducing admin grants, restricting PUBLIC role permissions, and applying least-privilege principles. Use when reducing excessive privileges, cleaning up admin access, or implementing RBAC best practices.

Guides preparation of compliance documentation for CockroachDB Cloud deployments, covering SOC 2, PCI DSS, ISO 27001, HIPAA, and GDPR certifications. Use when responding to compliance questionnaires, preparing for audits, locating certification documents, or assessing cluster configuration for compliance readiness.

Guide for using the CockroachDB replicator to continuously replicate changes from PostgreSQL, MySQL, or Oracle to CockroachDB after an initial molt fetch data load. Use when setting up CDC replication, configuring pglogical/mylogical/oraclelogminer, or managing the fetch → replicator cutover workflow.

Guides developers in selecting and implementing multi-region patterns for CockroachDB applications, covering active-passive vs active-active architectures, REGIONAL BY ROW, GLOBAL tables, manual geo-partitioning with lease preferences, and live demo setup with validation queries. Use when designing multi-region database topologies, choosing between REGIONAL BY ROW and manual partitioning, building multi-region demos, or optimizing cross-region latency.

Analyzes CockroachDB range distribution across tables and indexes using SHOW RANGES to identify range count, size patterns, leaseholder placement, and replication health. Use when investigating hotspots, uneven data distribution, range fragmentation, or validating zone configuration effects without DB Console access.

Diagnoses live CockroachDB cluster performance issues by identifying long-running queries, busy sessions, and active transactions using SQL-only interfaces. Use when users report cluster slowness, high CPU, or need to find runaway queries and their source applications without DB Console access.