From agents
Infrastructure-as-Code: Terraform, Kubernetes, Docker. Generate, review, cost-compare, security-scan. Use for IaC work. NOT for CI/CD (devops-engineer), application code, or actual pricing.
npx claudepluginhub wyattowalsh/agents --plugin agentsThis skill uses the workspace's default tool permissions.
Generate, review, and analyze Infrastructure-as-Code. Terraform/OpenTofu modules, Kubernetes manifests, Dockerfiles.
data/cloud-equivalents.jsondata/dockerfile-rules.jsondata/k8s-best-practices.jsonevals/docker-optimize.jsonevals/explicit-terraform.jsonevals/implicit-trigger.jsonevals/kubernetes-manifest.jsonevals/negative-control.jsonevals/security-scan.jsonreferences/cloud-equivalents.mdreferences/cost-comparison.mdreferences/dockerfile-guide.mdreferences/kubernetes-patterns.mdreferences/security-hardening.mdreferences/terraform-patterns.mdscripts/dockerfile-analyzer.pyscripts/k8s-manifest-validator.pyscripts/terraform-module-scanner.pytemplates/dashboard.htmlCreates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
Generate, review, and analyze Infrastructure-as-Code. Terraform/OpenTofu modules, Kubernetes manifests, Dockerfiles.
Scope: IaC generation and analysis only. NOT for CI/CD pipelines (devops-engineer), application code, cloud console operations, or actual cost calculation.
| Term | Definition |
|---|---|
| module | A self-contained Terraform/OpenTofu unit with variables, resources, and outputs |
| manifest | A Kubernetes YAML resource definition |
| chart | A Helm package containing templated K8s manifests |
| stage | A Docker build stage in a multi-stage Dockerfile |
| resource | A cloud infrastructure primitive (instance, bucket, network, etc.) |
| misconfiguration | A security or reliability issue in IaC (open ports, missing encryption, no limits) |
| cost-relative | Comparison between resource types/tiers, NOT absolute dollar pricing |
| hardening | Applying security best practices to reduce attack surface |
| drift | Difference between declared IaC state and actual infrastructure |
| blast radius | How many dependent resources would be affected by a change |
| $ARGUMENTS | Mode |
|---|---|
terraform <requirements> | Generate Terraform/OpenTofu modules |
kubernetes <requirements> / k8s <requirements> | Generate K8s manifests and Helm charts |
docker <requirements> | Optimize Dockerfiles (multi-stage, caching, security) |
review <file-or-path> | Audit IaC for correctness and best practices |
cost <config-or-path> | Cost-relative estimation (compare resource types) |
security <config-or-path> | Security scan for IaC misconfigurations |
| Empty | Show mode menu with examples |
Generate production-ready Terraform/OpenTofu modules.
uv run python skills/infrastructure-coder/scripts/terraform-module-scanner.py <path> on any existing .tf files to understand current statemain.tf — resource definitionsvariables.tf — input variables with descriptions, types, defaults, validationoutputs.tf — useful outputs for downstream consumptionversions.tf — required providers and version constraints~> constraintsfor_each over count for named resourcesName, Environment, ManagedBy = "terraform"Generate Kubernetes manifests or Helm charts.
uv run python skills/infrastructure-coder/scripts/k8s-manifest-validator.py <path> on existing manifestsvalues.yaml defaultsOptimize Dockerfiles for size, build speed, and security.
uv run python skills/infrastructure-coder/scripts/dockerfile-analyzer.py <path> on existing Dockerfilelatest)Audit IaC files for correctness, best practices, and reliability.
.tf files: terraform-module-scanner.pyk8s-manifest-validator.pydockerfile-analyzer.pyCost-relative comparison between resource configurations. NOT absolute pricing.
Output relative comparisons only. Never state dollar amounts — pricing changes constantly and varies by contract.
Scan IaC for security misconfigurations.
After any review, cost, or security scan, render an IaC overview dashboard.
templates/dashboard.html:
{
"view": "iac-overview",
"resources": [...],
"findings": [...],
"dockerfile_layers": [...],
"cost_comparison": [...]
}
Load ONE reference at a time. Do not preload all references.
| File | Content | Read When |
|---|---|---|
references/terraform-patterns.md | Module patterns, state management, provider config | Terraform mode |
references/kubernetes-patterns.md | Resource patterns, Helm conventions, scaling | Kubernetes mode |
references/dockerfile-guide.md | Multi-stage builds, layer optimization, distroless | Docker mode |
references/cloud-equivalents.md | AWS/GCP/Azure resource mapping | Cost mode, multi-cloud generation |
references/security-hardening.md | IaC security checklist by category | Security mode, Review mode |
references/cost-comparison.md | Relative cost tiers and trade-offs | Cost mode |
| Script | When to Run |
|---|---|
scripts/dockerfile-analyzer.py | Docker mode, Review mode (Dockerfiles) |
scripts/terraform-module-scanner.py | Terraform mode, Review mode (.tf files) |
scripts/k8s-manifest-validator.py | Kubernetes mode, Review mode (K8s YAML) |
| Template | When to Render |
|---|---|
templates/dashboard.html | After review, cost, or security scan |
latestfor_each over count in Terraform for named resources