By pulumi
Automate Pulumi IaC authoring: upgrade providers/packages across stacks via PRs, enforce TypeScript/Python best practices like Output handling and aliases, create reusable ComponentResources, manage ESC secrets/config with OIDC for AWS/Azure/GCP, orchestrate programmatic deployments with Automation API, and patch Terraform providers.
npx claudepluginhub pulumi/agent-skillsTrack which stacks use a specific Pulumi package and at what versions, or upgrade a stack to the latest version of a package. Use when users ask about package version tracking, outdated package versions across stacks, upgrade candidates, or package usage audits. Also use when users want to upgrade/update a specific package version in a stack or project. Do NOT use for general infrastructure creation, resource provisioning, or questions about how to use a package.
Upgrade any Pulumi provider to a newer version. Use when users explicitly want to upgrade or update a provider, update provider dependencies, check for breaking changes, or bump provider versions in their code. This applies to all providers (aws, azure-native, gcp, kubernetes, aws-native, cloudflare, datadog, etc.) - not just Tier 1 providers. Do NOT use for just querying which stacks use what versions. Use skill `package-usage` for version audits and affected-stack discovery. Do NOT use for general infrastructure tasks.
Load this skill when a user asks how to run Pulumi programmatically, embed Pulumi in an application, orchestrate multiple stacks in code, build a self-service infrastructure portal, replace pulumi CLI shell scripts with code, or use the Pulumi Automation API (LocalWorkspace, createOrSelectStack, inline programs). Also load for questions about multi-stack sequencing, parallel deployments, or passing outputs between stacks via code.
Load when the user is writing, reviewing, or debugging Pulumi TypeScript/Python programs; asks about Output<T> or apply() usage; wants to create ComponentResource classes; needs to refactor resources without destroying them (aliases); is setting up secrets or config; or is configuring a pulumi preview/up CI workflow. Also load for questions about resource dependency order, parent/child resource relationships, or pulumi.interpolate.
Guide for authoring Pulumi ComponentResource classes. Use when creating reusable infrastructure components, designing component interfaces, setting up multi-language support, or distributing component packages.
Guidance for working with Pulumi ESC (Environments, Secrets, and Configuration). Use when users ask about managing secrets, configuration, environments, short-term credentials, configuring OIDC for AWS, Azure, GCP, integrating with secret stores (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault, 1Password), or using ESC with Pulumi stacks.
Automate Pulumi provider repo upgrades with the `upgrade-provider` tool. Use when upgrading a pulumi provider repository to a new upstream version, running `upgrade-provider`, and addressing its common failure modes like patch conflicts or missing module mappings.
Create, amend, remove, and rebase patches for Terraform provider submodules using `./scripts/upstream.sh`. Use when `upgrade-provider` or manual patch work needs owning-patch lookup, patch conflict fixes, patch/hunk removal, or upstream rebase.
Share bugs, ideas, or general feedback.
A collection of Agent Skills for infrastructure as code workflows with Pulumi. These skills teach AI coding assistants how to help with infrastructure migrations, secret management, and code translation.
Agent Skills are reusable knowledge packages that teach AI coding assistants domain-specific workflows. They follow the agentskills.io open standard and work with:
Skills are organized into two plugin groups:
pulumi-agent-skills/
├── migration/ # Convert and import from other tools
└── authoring/ # Write quality Pulumi programs
Convert and import infrastructure from other tools to Pulumi:
| Skill | Description |
|---|---|
| pulumi-terraform-to-pulumi | Migrate Terraform projects to Pulumi |
| pulumi-cdk-to-pulumi | Migrate AWS CDK applications to Pulumi |
| cloudformation-to-pulumi | Migrate AWS CloudFormation stacks/templates to Pulumi |
| pulumi-arm-to-pulumi | Migrate Azure ARM templates and Bicep to Pulumi |
Write quality Pulumi programs, components, automation, and secrets management:
| Skill | Description |
|---|---|
| pulumi-best-practices | Best practices for writing reliable Pulumi programs |
| pulumi-component | Guide for authoring ComponentResource classes |
| pulumi-automation-api | Best practices for using Pulumi Automation API |
| pulumi-esc | Guidance for working with Pulumi ESC (Environments, Secrets, and Configuration) |
| provider-upgrade | Safe workflows for upgrading Pulumi providers without unintended infrastructure changes |
| pulumi-upgrade-provider | Automate Pulumi provider repo upgrades |
| upstream-patches | Manage upstream Terraform patch stacks in provider repos |
/plugin marketplace add pulumi/agent-skills
/plugin install pulumi-migration # Install migration skills
/plugin install pulumi-authoring # Install authoring skills
Install all skills:
npx skills add pulumi/agent-skills --skill '*'
Or install individual plugin groups:
npx skills add pulumi/agent-skills/migration --skill '*' # 4 migration skills
npx skills add pulumi/agent-skills/authoring --skill '*' # 5 authoring skills
This works with Claude Code, Cursor, Copilot, Codex, and other agent tools.
Ask your AI assistant:
"Convert this Terraform configuration to Pulumi TypeScript"
The assistant will use the pulumi-terraform-to-pulumi skill to produce idiomatic Pulumi code.
Ask your AI assistant:
Help me migrate my CDK application to Pulumi
The assistant will use the pulumi-cdk-to-pulumi skill to guide you through the complete migration workflow.
Ask your AI assistant:
Set up AWS OIDC credentials using Pulumi ESC
The assistant will use the pulumi-esc skill to help configure dynamic credentials.
Ask your AI assistant:
Help me create a reusable Pulumi component for a web service
The assistant will use the pulumi-component skill to guide you through component authoring best practices.
Ask your AI assistant:
Help me upgrade the Pulumi AWS provider safely without changing real infrastructure
The assistant will use the provider-upgrade skill to guide you through a low-risk upgrade workflow.
We welcome contributions! See CONTRIBUTING.md for guidelines on:
Also see AGENTS.md for agent-specific documentation on skill conventions, cross-skill references, and plugin structure.
Apache 2.0 - See LICENSE for details.
Convert and import infrastructure from Terraform, CDK, ARM, and CloudFormation to Pulumi
Pulumi infrastructure-as-code validation
Generate Infrastructure as Code for Terraform, CloudFormation, Pulumi, and more
Comprehensive Terraform and OpenTofu expertise covering testing, modules, CI/CD, and production patterns. Accelerates infrastructure-as-code development.
Complete Terraform and OpenTofu expertise system for all cloud providers with 2025 features. PROACTIVELY activate for: (1) ANY Terraform/OpenTofu task, (2) Terraform 1.10 ephemeral values and 1.11 write-only arguments, (3) AzureRM Provider 4.x (provider-defined functions, 1,101+ resources), (4) AWS Provider 6.0 GA breaking changes and migration, (5) OpenTofu 1.10/1.11 (OCI registry, state encryption, native S3 locking), (6) Ephemeral resources (azurerm_key_vault_secret, aws_secretsmanager_secret_version), (7) Policy-as-code with Sentinel/OPA/Checkov (NIST SP 800-53 Rev 5), (8) Terraform Stacks (GA) with Linked Stacks, (9) Testing with terraform test framework and Terratest, (10) Git Bash/MINGW path conversion issues on Windows, (11) Private module registry and no-code provisioning, (12) Cross-platform scripts with shell detection. Provides: Terraform 1.10/1.11 ephemeral and write-only patterns, AzureRM 4.x provider functions (normalize_resource_id, parse_resource_id), AWS 6.0 migration guidance, comprehensive ephemeral resource examples, Git Bash Windows compatibility, policy-as-code governance, OpenTofu state encryption, native S3 locking without DynamoDB, version-aware code generation, Trivy security scanning, cost estimation with Infracost, CLI mastery, and 2025 industry best practices across Windows (PowerShell/Git Bash), Linux, and macOS. Ensures enterprise-ready, compliant, scalable, governed infrastructure with policy enforcement and self-service capabilities.
Infrastructure and cloud operations: Kubernetes, Terraform, Helm, GitHub Actions, AWS, GCP