Using Platform Skills in Your Editor

# 1. Clone platform-skills
git clone https://github.com/nitinjain999/platform-skills.git

# 2. Create the .github directory in your project (if it doesn't exist)
# macOS / Linux
mkdir -p your-project/.github

# Windows (PowerShell)
New-Item -ItemType Directory -Force your-project\.github

# 3. Copy the instructions file into your project
# macOS / Linux
cp platform-skills/.github/copilot-instructions.md your-project/.github/copilot-instructions.md

# Windows (Command Prompt)
copy platform-skills\.github\copilot-instructions.md your-project\.github\copilot-instructions.md

# Windows (PowerShell)
Copy-Item platform-skills\.github\copilot-instructions.md your-project\.github\copilot-instructions.md

# 4. Commit it so every team member gets it automatically
cd your-project
git add .github/copilot-instructions.md
git commit -m "chore: add platform-skills copilot instructions"
git push

mkdir -p your-project/.github
cp platform-skills/.github/copilot-instructions.md your-project/.github/copilot-instructions.md

Review this Deployment for production readiness

Generate a Terraform module for an EKS cluster with KMS encryption and least-privilege IAM

My Flux Kustomization is stuck NotReady — context deadline exceeded. How do I debug it?

Write a ValidatingPolicy that requires team labels on all Deployments

mkdir -p ~/.vscode
cp platform-skills/.github/copilot-instructions.md ~/.vscode/platform-skills-copilot.md

New-Item -ItemType Directory -Force "$env:USERPROFILE\.vscode"
Copy-Item platform-skills\.github\copilot-instructions.md "$env:USERPROFILE\.vscode\platform-skills-copilot.md"

{
  "github.copilot.chat.codeGeneration.instructions": [
    {
      "file": "${userHome}/.vscode/platform-skills-copilot.md"
    }
  ]
}

# Pull latest
cd platform-skills && git pull origin main

# Update project level
cp .github/copilot-instructions.md your-project/.github/copilot-instructions.md
cd your-project && git add .github/copilot-instructions.md
git commit -m "chore: update platform-skills to v$(grep 'Version:' .github/copilot-instructions.md | head -1 | awk '{print $3}')"

# Update global level
# macOS / Linux
cp platform-skills/.github/copilot-instructions.md ~/.vscode/platform-skills-copilot.md
# Windows (PowerShell)
Copy-Item platform-skills\.github\copilot-instructions.md "$env:USERPROFILE\.vscode\platform-skills-copilot.md"

# Copy the Cursor-specific rules file (NOT the Copilot file — different format)
cp platform-skills/.cursorrules your-project/.cursorrules

# macOS / Linux
mkdir -p your-project/.cursor/rules
cp platform-skills/.cursor/rules/*.mdc your-project/.cursor/rules/

# Windows (PowerShell)
New-Item -ItemType Directory -Force your-project\.cursor\rules
Copy-Item platform-skills\.cursor\rules\*.mdc your-project\.cursor\rules\

your-project/
├── .cursorrules
└── .cursor/
    └── rules/
        ├── platform-skills.mdc
        ├── kubernetes.mdc
        ├── terraform.mdc
        └── keda.mdc

# macOS / Linux
mkdir -p ~/.cursor/rules
cp platform-skills/.cursor/rules/platform-skills.mdc ~/.cursor/rules/platform-skills.mdc

# Windows (PowerShell)
New-Item -ItemType Directory -Force "$env:USERPROFILE\.cursor\rules"
Copy-Item platform-skills\.cursor\rules\platform-skills.mdc "$env:USERPROFILE\.cursor\rules\platform-skills.mdc"

Review this Terraform module for blast radius and IAM least privilege

@docs platform-skills How should I structure a Flux monorepo with three environments?

Generate a Kyverno ValidatingPolicy that requires team labels on all Deployments

Review terraform/eks for platform-skills ownership boundaries, blast radius, validation, and rollback.

Fix the Helm chart warnings in charts/payments-api, then show the validation commands I should run.

# Install GitHub CLI (https://cli.github.com) then add the Copilot extension
gh extension install github/gh-copilot

# Ask platform engineering questions from the terminal
gh copilot suggest "write a Kyverno ValidatingPolicy that requires team labels on all Deployments"
gh copilot explain "what does prune: true do in a Flux Kustomization"

gh copilot suggest "$(cat your-deployment.yaml) — review this for production readiness"

Review this for production readiness. Flag issues as Critical / Improvement / Note.
[paste file content]

Review this Deployment — check security context, resource limits, probes, and image pinning.
[paste YAML]

Review this GitHub Actions workflow — flag actions not pinned to a SHA, unsafe permissions, and OIDC gaps.
[paste workflow YAML]

Debug this symptom using the troubleshooting framework: [describe error or paste output]

My orders-service pod is in CrashLoopBackOff with exit code 137. What are the likely causes and how do I confirm each?

Flux Kustomization is NotReady: "context deadline exceeded". Changes merged 20 minutes ago but cluster not updated.

GitHub Actions OIDC error: "not authorized to perform sts:AssumeRoleWithWebIdentity". What evidence should I collect first?

Review this Terraform for blast radius, IAM least privilege, and SOC 2 compliance.
[paste HCL]

What gets replaced (forces new resource) in this terraform plan output?
[paste plan output]

Review this Terraform module for variable validation, provider placement, and output types.
[paste module files]

Troubleshoot this Flux issue. Classify by layer (source / artifact / reconciliation / runtime) and give evidence commands.
[describe symptom or paste flux get output]

My HelmRelease is stuck in "upgrade retries exhausted". How do I diagnose and safely roll back?

Argo CD application is perpetually OutOfSync despite successful manual sync. What causes this?

Generate a production-ready Helm chart for a Node.js web service. Include Deployment, Service, Ingress, HPA, PDB, and NetworkPolicy. Apply security defaults from the platform rules.

Review this Helm chart for Critical and High severity issues — missing helpers, hardcoded secrets, missing probes, label immutability.
[paste chart files or describe the chart]

Run a Helm security audit on this chart. Check pod security, RBAC, network policy, and secrets handling.
[paste values.yaml and deployment.yaml]

Write a ValidatingPolicy (apiVersion: policies.kyverno.io/v1) that requires all Deployments to have app.kubernetes.io/team and app.kubernetes.io/name labels. Start in Audit mode.

Write a MutatingPolicy that adds default resource limits to any container that omits them.

Write a GeneratingPolicy that creates a default-deny NetworkPolicy in every new namespace.

Migrate this legacy kyverno.io/v1 ClusterPolicy to the new policies.kyverno.io/v1 ValidatingPolicy format.
[paste ClusterPolicy YAML]

My ValidatingPolicy is in Audit mode but policyreport shows no violations for existing Deployments. Why?

Write a Rego policy (import rego.v1) that denies Kubernetes Deployments without resource limits. Include the METADATA block and a deny rule with a descriptive message.

Write unit tests for this Rego policy — one passing and one failing fixture per rule.
[paste policy]

Explain this Rego policy rule by rule in plain English. Map each input field to the resource attribute it checks.
[paste policy]

My deny rule produces no output when I run conftest test. What are the common causes and how do I check each?

Generate a KEDA ScaledObject for the orders-processor Deployment. Trigger: AWS SQS queue at https://sqs.eu-central-1.amazonaws.com/123456789/orders. Scale to zero when empty, max 20 replicas. Use IRSA for authentication — no static credentials.

Generate a KEDA ScaledObject for the checkout-api Deployment that scales on a schedule: 10 replicas weekday 08:00–20:00 Europe/Berlin, 2 replicas outside those hours. Add a Prometheus safety-net trigger for unexpected traffic spikes. Apply all KEDA best practices.

Generate a KEDA ScaledObject with two triggers: SQS queue depth (scale at 5 messages/replica) and a Cron floor of 3 replicas during business hours (08:00–18:00 Mon-Fri, Europe/London). Explain the OR-max semantics.

My KEDA ScaledObject shows Active: false and the Deployment stays at 0 replicas. The SQS queue has 50 messages. Give me the diagnostic commands in order and the most likely causes.

Review this ScaledObject and TriggerAuthentication for security issues. Check: are static credentials used instead of IRSA? Is the IAM policy least-privilege? Is activationQueueLength set? Is there an HPA conflict?
[paste YAML]

Generate a KEDA ScaledJob that processes SQS messages as batch Kubernetes Jobs — one Job per message. Use IRSA, set activeDeadlineSeconds to prevent zombie jobs, and apply container security hardening.

Run a SOC 2 gap analysis on this Terraform module. Map each finding to the Trust Services Criterion (CC6.1–CC8.1) and rate severity.
[paste Terraform]

Implement CC6.7 encryption at rest for this RDS instance in Terraform. Show the before and after, blast radius, and Checkov rule IDs.

What AWS CLI commands do I run to prove to auditors that all S3 buckets have encryption enabled (CC6.7)?

Fix this Checkov finding: CKV_AWS_18 — S3 bucket does not have access logging enabled.
[paste resource block]

Review this diff for cost impact. Check replica count changes, instance type changes, new storage resources, and NAT Gateways.
[paste git diff or PR description]

Check if dev and prod are aligned. I changed values-dev.yaml — does values-prod.yaml need a matching change?
[paste both files]

Review this PR for ownership gaps. Is CODEOWNERS covering all changed paths? Are team labels present on new resources?
[paste changed files list]

Review this PR for SOC 2 impact. A new IAM role and S3 bucket are added — check CC6.1, CC6.2, and CC6.7.
[paste diff]

Review this PR for deprecated APIs. Check Kubernetes API versions, Terraform provider constraints, and GitHub Actions versions.
[paste manifests or workflows]

Score the rollback feasibility of each change in this PR: FULL / PARTIAL / MANUAL / NONE. We are renaming a Deployment and increasing RDS storage.
[paste diff]

Run a full pre-merge review across all six dimensions: cost, drift, ownership, compliance, upgrade, and rollback. Summarize as Merge Ready / Needs Fix / Blocked.
[paste diff]

Add structured logging, Prometheus RED metrics, and OpenTelemetry tracing to this Node.js Express service.
[paste service file]

Write Prometheus alerting rules for the orders-service. SLO is 99.9% availability, p99 < 500ms. Use burn-rate alerts.

Generate a Grafana dashboard for the orders-service using the RED method. Include request rate, error rate, p50/p95/p99 latency panels.

Write a k6 load test for POST /orders. Peak 500 RPS, p95 must be under 200ms, error rate under 0.1%.

Analyze this git diff and generate a conventional commit message. Focus on WHY the change was made, not what files changed.
[paste git diff]

Validate this commit message against the Conventional Commits 1.0.0 spec. Report any violations with the corrected line.
"Fix: updated auth service"

A pod cannot resolve payments-service.checkout.svc.cluster.local. Walk me through the DNS resolution path and give exact dig commands to find the break.

ALB returning 502 — target group shows healthy. What is the most likely cause and how do I confirm it?

linkerd viz edges shows plaintext between orders-service and payments-service. How do I diagnose why mTLS is not working?

APM traces are missing for the payments-service. The agent shows healthy. What are the common causes and evidence commands?

OneAgent is not injecting into pods in the checkout namespace. How do I diagnose the injection failure?

Generate an animated demo doc for KEDA autoscaling. Components: ScaledObject, KEDA Operator, HPA, Deployment. Flow: metric source → KEDA → HPA → pods.

Convert docs/keda-guide.md to animated — inject SVG diagrams at the major sections.

Audit KEDA-DEMO.md for quality issues — missing captions, broken SVG refs, env-specific IDs.

Export KEDA-DEMO.md as an animated HTML file for embedding in Confluence.

Write a blameless post-mortem for this incident. Database failover at 02:15 UTC caused 18 minutes of downtime for checkout. Root cause was a missing health check on the standby.

Draft an RFC for migrating from Argo CD to Flux CD. 15 teams affected, GitOps repo restructure required.

Audit our developer experience using the SPACE framework. Engineers spend 45 minutes to get a new service to production on day 1.