cost-review

FollowRabbit Cost Review Skill

Overview

This skill guides you through performing a cost review using the followrabbit CLI. The CLI scans local Terraform and SQL files, sends the infrastructure context to the FollowRabbit API, and returns AI-powered cost optimization instructions.

When to Use

• User asks to review infrastructure for cost impact
• User is working with Terraform (.tf) or SQL files and mentions cost, pricing, or optimization
• User says things like "is this expensive?", "check costs", "optimize spending", "review pricing"
• During a code review involving cloud infrastructure files

Data sent to the FollowRabbit API

This skill invokes the local followrabbit CLI. The costreview command sends the following to https://api.agentic.followrabbit.ai (default; overridable with --api-url) over HTTPS:

• Full file contents of every *.tf, *.tfvars, and *.tfvars.json file under the working directory, up to a combined 512 KiB budget (over-budget files are listed by path only).
• Full file contents of every *.sql file under the working directory, with each file capped at 100 KiB (truncation marker appended when capped).
• The relative paths (from the scan root) of every file listed above.
• A summarized index of Terraform resources, modules, and .tfvars environment files extracted from the same files (alongside, not instead of, the raw content).
• The skill IDs requested (default: cost-impact,partition-check,best-practices) and, optionally, a model override.

The costreview command does not send:

• File contents outside *.tf, *.tfvars, *.tfvars.json, and *.sql.
• The absolute working-directory path, your hostname, username, OS, or any environment variables.
• .git/ history, branch state, or any VCS metadata.
• Files inside directories whose name starts with . (e.g. .git, .terraform) or inside node_modules — these are skipped during the scan.

Note: the CLI does not read or honor .gitignore. Any non-hidden directory listed in .gitignore will still be scanned.

Other commands and what they send:

• followrabbit context — local only, does not call the API.
• followrabbit status — sends only your API key (no body, no context).
• followrabbit recos list — sends your git origin remote URL (auto-detected via git remote get-url origin) as a ?repo= query parameter, plus optional type and status filters.

Every request also includes a User-Agent: followrabbit-cli/<version> header. No telemetry, analytics, error-reporting, or update-check traffic is generated by the CLI; only the three endpoints above (/cli/engine, /cli/recos, /cli/status) are contacted, all on the configured API base URL.

API keys are stored locally under ~/.config/followrabbit/credentials.json (file mode 0600, directory mode 0700). They are sent only in the X-Rabbit-Api-Key request header and never appear in request bodies or URLs.

Full policy: https://followrabbit.ai/privacy

Step 1: Verify the followrabbit CLI Is Installed

Check whether the followrabbit binary is on PATH:

which followrabbit

If the CLI is present

Continue to Step 2.

If the CLI is not present

Stop the skill here. Do not attempt to install software. Show the user this message and exit:

The followrabbit CLI is required for this skill but is not installed on this machine. Please install it manually before re-running this skill.

• Installation instructions and pricing: https://subscriptions.agentic.followrabbit.ai
• Privacy policy: https://followrabbit.ai/privacy
• Terms of service: https://followrabbit.ai/terms

Once the CLI is installed and authenticated, re-run this skill.

Do not run any package-manager or download command on the user's behalf. Do not provide install command examples in your response. Direct the user to the links above and stop.

Step 2: Ensure Authentication

Check if the CLI is authenticated:

followrabbit auth status --json

If the output shows "authenticated": false or the command fails with exit code 2, use the AskUserQuestion tool to ask:

The CLI is not authenticated. You need a FollowRabbit API key — get one at subscriptions.agentic.followrabbit.ai. How would you like to authenticate?

Options:

• I'll paste the key — run the login for me — wait for the user to provide the key, then run followrabbit auth login --key <KEY>
• I'll handle it myself — stop and wait for the user to authenticate on their own

If the user chooses to paste the key, run:

followrabbit auth login --key <KEY_PROVIDED_BY_USER>

Verify authentication succeeded:

followrabbit auth status --json

Other Auth Subcommands

Command	Purpose
followrabbit auth status --json	Check if CLI is authenticated
followrabbit auth login --key <KEY>	Store an API key
followrabbit auth logout	Remove stored credentials
followrabbit auth token	Print the current API key to stdout (useful for scripts)

Then check quota:

followrabbit status --json

If the quota usage shows no remaining budget, inform the user their quota is exhausted and when it resets.

Step 3: Run the Cost Review

Run the costreview command from the repository root (or the directory containing infrastructure files):

followrabbit costreview --json

Flags

Flag	Default	Description
--dir <path>	Current working directory	Directory to scan
--types <list>	tf	Comma-separated scan types: tf, sql
--skills <list>	cost-impact,partition-check,best-practices	Comma-separated skill IDs to request
--model <name>	API default	LLM model override (e.g., gemini-2.5-pro)
--json	Auto-enabled when piped	Output as JSON

Examples

Scan only Terraform files (default):

followrabbit costreview --json

Scan both Terraform and SQL files:

followrabbit costreview --types tf,sql --json

Scan a specific directory:

followrabbit costreview --dir ./infrastructure --json

Step 4: Parse the Response

The JSON output uses this envelope structure:

{
  "version": "1",
  "command": "costreview",
  "status": "success",
  "data": {
    "request_id": "eng_...",
    "mode": "context",
    "cost_usd": 0.01,
    "skills": [
      {
        "id": "cost-impact",
        "name": "Cost Impact Analysis",
        "instructions": "<markdown instructions>"
      },
      {
        "id": "partition-check",
        "name": "Partition Check",
        "instructions": "<markdown instructions>"
      },
      {
        "id": "best-practices",
        "name": "Best Practices",
        "instructions": "<markdown instructions>"
      }
    ]
  }
}

The data.skills array contains up to three skill areas:

Skill ID	What it covers
cost-impact	Compute sizing, storage costs, database costs, networking costs
partition-check	BigQuery partitioning, clustering, and partition expiration
best-practices	Missing labels, lifecycle rules, autoscaling, HA over-provisioning, network tier, committed use discounts

Each entry has an id, name, and instructions field. The instructions value is a markdown string with specific, actionable optimization instructions tailored to the scanned infrastructure.

If the API's primary engine is unavailable, the response will have "mode": "fallback" and "cost_usd": 0.0 — the instructions are still valid (loaded from static skill files) but not personalized to the specific context.

Step 5: Present Results and Offer to Help

1. Present the instructions to the user — show the optimization recommendations from each skill area that returned content.

2. Offer to apply the suggestions — ask the user if they'd like you to help implement any of the recommendations by editing the Terraform or SQL files directly.

3. If the user agrees, read the relevant infrastructure files and apply the suggested changes (e.g., adding labels, lifecycle rules, adjusting machine types, adding partitioning).

Error Handling

Exit Code	Meaning	What to Tell the User
0	Success	Show the instructions
2	Auth error	"Run followrabbit auth login --key <KEY> to authenticate. Get your key at subscriptions.agentic.followrabbit.ai"
3	Rate limit / quota exceeded	"API quota exhausted. Check followrabbit status for reset date"
4	Input error	"Invalid flags or arguments. Check the command syntax"
5	Processing error	"Failed to process the scan. Check that the directory contains valid .tf or .sql files"
6	Network error	"Cannot reach the FollowRabbit API. Check your internet connection"

Global Flags

These flags work with any followrabbit command:

Flag	Description
--json	Output as JSON (auto-enabled when stdout is piped)
--api-key <key>	Override the stored API key for this invocation
--api-url <url>	Override the API base URL (default: https://api.agentic.followrabbit.ai)
--quiet	Suppress non-essential output

Environment Variables

Variable	Description
FOLLOWRABBIT_API_KEY	API key override (used instead of stored credentials)
RABBIT_CONFIG_DIR	Override the default config directory (~/.config/followrabbit/)

Additional Commands

These commands are available for further investigation:

Command	Purpose
followrabbit context --json	Local-only scan — outputs structured TF/SQL context without calling the API
followrabbit recos list --json	List cost optimization recommendations for the current repo
followrabbit status --json	Check API key usage, quota, and recent activity
followrabbit completion <shell>	Generate shell completions (bash, zsh, fish, powershell)

context Flags

The context command supports the same scan flags as costreview:

Flag	Default	Description
--dir <path>	Current working directory	Directory to scan
--types <list>	tf	Comma-separated scan types: tf, sql

Example — scan a subdirectory for both Terraform and SQL files (local only, no API call):

followrabbit context --dir ./infrastructure --types tf,sql --json

recos list Flags

Flag	Description
--repo <url>	Repository URL (auto-detected from git remote if omitted)
--type <filter>	Filter by type: rightsizing, idle_resource, commitment
--status <filter>	Filter by status: open, applied, dismissed

Example Interaction

User: "Can you check if there are any cost optimization opportunities in this Terraform code?"

Agent:

1. Runs which followrabbit — found
2. Runs followrabbit auth status --json — authenticated
3. Runs followrabbit costreview --json
4. Parses the response and presents:

Here are the findings from the FollowRabbit cost review:

Cost Impact:

• Your google_compute_instance.web_server uses n2-standard-8 — consider right-sizing to n2-standard-4 if CPU utilization is low
• google_storage_bucket.logs uses Standard storage class — consider Nearline or Coldline for infrequently accessed data

Best Practices:

• 3 resources are missing cost_center and environment labels
• google_storage_bucket.backups has versioning enabled but no lifecycle rule to expire old versions

Partitioning:

• google_bigquery_table.events is missing time partitioning — this causes full table scans on every query

Would you like me to apply any of these suggestions to your code?

User: "Yes, add the missing labels and the lifecycle rule"

Agent: 5. Reads the relevant .tf files 6. Adds labels and lifecycle rules 7. Shows the diff to the user