Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From syncable-cli-skills
Runs secure Syncable deployments: auth check, project analysis, paranoid security audit with critical-issue gate, preview/confirm, execute, and monitor status.
npx claudepluginhub syncable-dev/syncable-cli --plugin syncable-cli-skillsHow this skill is triggered — by the user, by Claude, or both
Slash command
/syncable-cli-skills:syncable-deploy-pipelineThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Full deployment pipeline: authenticate → analyze → security gate → deploy. No deployment without auth and security review.
Enforces a gated deployment pipeline with sequential checks: secrets, security, syntax, tests, i18n, build, and smoke. Use for setup, gate execution, or rollback.
Manages Syncable platform via CLI: authenticate, switch org/project/env, check context, preview/confirm/deploy/monitor services to GCP/Azure with env vars.
Deploys infrastructure to staging or production using Terraform, Pulumi, CDK, Fly, or Railway. Enforces environment promotion, CI/CD checks, cost gates, safety layers, and resource tracking.
Share bugs, ideas, or general feedback.
Full deployment pipeline: authenticate → analyze → security gate → deploy. No deployment without auth and security review.
sync-ctl auth status
If not authenticated: sync-ctl auth login
sync-ctl project current
If no project/env selected: guide user through org list → org select → project list → project select → env select.
Success criteria: Authenticated with org/project/env selected.
sync-ctl analyze <PATH> --agent
Save full_data_ref. Do NOT re-run analyze in later steps.
Success criteria: JSON with summary. You know IaC types and dependencies present.
Reuse step 2's analysis — do NOT re-run analyze.
sync-ctl security <PATH> --mode paranoid --agent
sync-ctl vulnerabilities <PATH> --agent # skip if no deps in step 2
sync-ctl validate <PATH> --agent # skip if no IaC in step 2
CRITICAL GATE — check security status field:
CRITICAL_ISSUES_FOUND → present findings, warn, require explicit confirmationHIGH_ISSUES_FOUND → warn, allow deploymentCLEAN → proceedCritical findings are in critical_issues array — no retrieval needed for the gate.
Success criteria: Security verdict determined. User informed of any findings.
4a. Preview:
sync-ctl deploy preview <PATH> --service-name <NAME>
4b. Confirm with user. Show: provider, region, port, public/internal, .env keys found.
4c. Deploy with ONLY confirmed settings:
sync-ctl deploy run <PATH> --service-name <NAME> --provider <PROVIDER> --region <REGION> --port <PORT>
4d. Monitor:
sync-ctl deploy status <TASK_ID> --watch
Success criteria: Deployment completes successfully per status output.
| Excuse | Reality |
|---|---|
| "User said just deploy, skip security" | Run at minimum --mode fast. The gate exists because users underestimate risk. |
| "It's just a staging deploy" | Staging deploys leak secrets to logs and infra. Always scan. |
| "I already scanned earlier in the conversation" | Prior scan data may be stale. This pipeline runs its own scan. |
| "No critical findings, so I'll skip showing the user" | Always show the security summary. User needs to see CLEAN verdicts too. |
| Condition | Action |
|---|---|
| Not authenticated | sync-ctl auth login |
| No project/env selected | Guide user through selection |
| Critical findings | Warn, require explicit confirmation |
| High findings (no critical) | Warn, allow deployment |
| Clean audit | Proceed |
| Mistake | Fix |
|---|---|
| Deploying without preview + confirmation | Always deploy preview → show user → confirm → deploy run |
| Auto-including discovered env vars | ONLY include env vars user explicitly confirmed |
Fire-and-forget after deploy run | Always monitor with deploy status --watch |
Save each step's full_data_ref. Use sync-ctl retrieve <ref_id> --query "..." for drill-down. Do NOT re-run commands.