npx claudepluginhub arbazkhan971/godmodeThis skill uses the workspace's default tool permissions.
Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.
Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
/godmode:network, "configure DNS", "SSL certificate"dig +short <domain> A
dig +short <domain> CNAME
dig +short <domain> MX
dig +short <domain> TXT
nslookup <domain>
| Component | Provider | Status |
| DNS | <provider> | configured/missing |
| SSL/TLS | <issuer> | valid/expired/none |
| CDN | <provider> | active/none |
| LB | <type> | healthy/degraded |
| VPC | <provider> | configured/none |
| Record | Type | Value | TTL | Proxy |
| @ | A | <LB IP> | 300 | Yes |
| www | CNAME | @ | 300 | Yes |
| api | A | <API LB> | 60 | Yes |
| mail | MX | <server> | 3600 | N/A |
| @ | TXT | v=spf1.. | 3600 | N/A |
# Check propagation
dig @8.8.8.8 <domain> A +short
dig @1.1.1.1 <domain> A +short
IF domain not resolving: check NS records first. IF email not delivered: verify MX + SPF + DKIM + DMARC.
sudo certbot certonly --webroot \
-w /var/www/html -d <domain> -d www.<domain>
# Wildcard (DNS challenge)
sudo certbot certonly --dns-<provider> \
-d <domain> -d *.<domain>
Auto-renewal: ENABLED (certbot or cert-manager)
Alert: 14 days before expiry
TLS: min 1.2, prefer 1.3
HSTS: enabled with preload
IF cert expires < 30 days: renew immediately. IF TLS < 1.2: upgrade, disable SSLv3/TLS1.0/1.1.
Cache strategy:
| Asset | Cache-Control | CDN TTL |
| HTML | no-cache | 0 |
| JS/CSS (hashed) | immutable, max-age=31536000 | 1yr |
| Images | max-age=604800 | 7 days |
| Fonts | max-age=31536000 | 1 year |
| API | private, no-store | 0 |
ALB: internet-facing, 2+ AZs, TLS termination
Health check: /healthz every 5s, rise 2, fall 3
Target groups by service, port-based routing
Nginx: least_conn, keepalive 32
Primary servers weighted, backup for failover
HAProxy: leastconn backend, 5s health interval
Max 1000 connections/server, 5s queue timeout
IF 502/503: check target health, SGs, port, path. IF high latency: check backend connections, keepalive.
VPC: 10.0.0.0/16
Public: 10.0.1.0/24, 10.0.2.0/24 (ALB, NAT)
Private: 10.0.10.0/24, 10.0.11.0/24 (app)
Isolated: 10.0.20.0/24, 10.0.21.0/24 (DB)
SG: alb-sg (443 from 0.0.0.0/0)
app-sg (<port> from alb-sg only)
db-sg (5432 from app-sg only)
Defense in depth: WAF -> NACL -> SG -> NetworkPolicy
# Network diagnostics
curl -w "@curl-format.txt" -o /dev/null -s http://localhost:8080/health
dig +stats example.com
Append .godmode/network-results.tsv:
timestamp resource_type count tls_status status
KEEP if: validation passes AND connectivity confirmed
AND no security regressions.
DISCARD if: validation fails OR connectivity broken.
Validate: dig, openssl, curl, traceroute.
STOP when FIRST of:
- All components configured and validated
- curl -sI https://{domain} returns 200 + HSTS
- User requests stop
On failure: git reset --hard HEAD~1. Never pause.
| Failure | Action |
|---|---|
| TLS expires | Auto-renewal + alert at 30/14/7d |
| LB 502/503 | Target health, SGs, port, path |
| DNS wrong IP | Check A/AAAA, CDN proxy, TTL |