Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

em-jones/.agents/skills/garden-dev

Name: .agents/skills/garden-dev
Author: em-jones

.agents/skills/garden-dev/SKILL.md

npx skillsauth add em-jones/staccato-toolkit .agents/skills/garden-dev

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Skill: Garden Dev Environment

Description: Guidance for agents implementing or modifying Garden action configs (project.garden.yml, per-service garden.yml) for the staccato platform. Covers action types, sync mode, patchResources, go.work build context patterns, and the lifecycle split between task dev-up and garden deploy.

When to use: When creating or modifying project.garden.yml, adding a new service's garden.yml, configuring sync mode for a new workload, or troubleshooting Garden deployment failures.

Quick Start

I need to add a new Go service to Garden

Read .opencode/rules/technologies/garden.md — all Garden usage rules for this platform
Create <service-dir>/garden.yml with two documents: a Build action and a Deploy action
Set source.path: ../../.. (repo root) on the Build action if the service is in the go.work workspace
Include all workspace modules the service imports in the include list
Use patchResources to inject the image tag — never modify the manifest file
Patch readOnlyRootFilesystem: false in patchResources if the manifest has it set to true
Set defaultOwner: 1000 on all sync paths (matches runAsUser: 1000 in deployments)
Add watchexec override command in sync.overrides for in-container rebuild
Run garden get status to verify the action is discovered and the version hash resolves

I need to add a new Node.js service to Garden

Read .opencode/rules/technologies/garden.md
Create <service-dir>/garden.yml with a Build action and a Deploy action
In the Build action exclude, add node_modules/**/* and packages/**/node_modules/**/*
In the Deploy sync.paths, use surgical paths targeting source directories only
Add exclude: ["*/node_modules/**/*", "*/dist/**/*"] to every sync path entry
Never sync to the container workspace root — this will wipe node_modules
Configure port-forwards for both backend (7007) and frontend (3000) ports

I need to add a CLI tool (Job workload) to Garden

Create a Build / container action with go.work-aware build context
Create a Run / kubernetes-pod action referencing the Job manifest via spec.manifestFiles
Use patchResources to inject the image tag into the Job spec
Do NOT configure spec.sync — Jobs are not sync targets

I need to debug a sync mode failure

Run garden sync status — lists active Mutagen sessions and their state
Run garden sync restart — restarts all sessions
Check readOnlyRootFilesystem is patched to false in the Deploy action's patchResources
Check defaultOwner matches the container's runAsUser
Check the pod is Running: kubectl get pods -n staccato --context kind-staccato-dev
If Backstage crashes after sync, a sync path is too broad — check node_modules exclusions

Action Config Patterns

Go Service (full example)

# src/<module>/garden.yml

apiVersion: garden.io/v0
kind: Build
type: container
name: <service>-image

source:
  path: ../../..   # repo root — required for go.work

include:
  - src/<module>/**/*
  - src/staccato-toolkit/domain/**/*   # all imported workspace modules
  - go.work
  - go.work.sum

spec:
  dockerfile: src/<module>/Containerfile.dev

---

apiVersion: garden.io/v0
kind: Deploy
type: kubernetes
name: <service>

dependencies:
  - build.<service>-image

source:
  path: ../../..

spec:
  namespace: staccato

  manifestFiles:
    - src/ops/dev/manifests/<service>/deployment.yaml
    - src/ops/dev/manifests/<service>/service.yaml

  patchResources:
    - name: <service>
      kind: Deployment
      patch:
        spec:
          template:
            spec:
              containers:
                - name: <service>
                  image: ${actions.build.<service>-image.outputs.deploymentImageId}
                  imagePullPolicy: IfNotPresent
                  securityContext:
                    readOnlyRootFilesystem: false   # required for Mutagen sync

  defaultTarget:
    kind: Deployment
    name: <service>
    containerName: <service>

  sync:
    paths:
      - sourcePath: src/<module>
        containerPath: /workspace
        mode: one-way-replica
        defaultOwner: 1000
        exclude:
          - <service>           # don't overwrite the compiled binary
          - "**/*_test.go"
      - sourcePath: src/staccato-toolkit/domain
        containerPath: /workspace/domain
        mode: one-way-replica
        defaultOwner: 1000
    overrides:
      - command:
          - watchexec
          - -r
          - --exts
          - go,mod,sum
          - --
          - sh
          - -c
          - "go build -o /workspace/<service> . && /workspace/<service>"

  portForwards:
    - name: http
      resource: Service/<service>
      targetPort: 8080
      localPort: 8080

Node.js Service (Backstage pattern)

apiVersion: garden.io/v0
kind: Build
type: container
name: <service>-image

include:
  - package.json
  - yarn.lock
  - .yarnrc.yml
  - .yarn/**/*
  - packages/**/*
  - plugins/**/*
  - tsconfig.json
  - app-config.yaml

exclude:
  - node_modules/**/*
  - packages/**/node_modules/**/*
  - packages/**/dist/**/*

spec:
  dockerfile: Containerfile.dev

---

apiVersion: garden.io/v0
kind: Deploy
type: kubernetes
name: <service>

dependencies:
  - build.<service>-image

spec:
  namespace: staccato

  # ... manifests or inline manifest ...

  defaultTarget:
    kind: Deployment
    name: <service>
    containerName: <service>

  sync:
    paths:
      - sourcePath: packages
        containerPath: /workspace/packages
        mode: one-way-replica
        exclude:
          - "*/node_modules/**/*"   # REQUIRED
          - "*/dist/**/*"
      - sourcePath: plugins
        containerPath: /workspace/plugins
        mode: one-way-replica
        exclude:
          - "*/node_modules/**/*"

  portForwards:
    - name: frontend
      resource: Service/<service>
      targetPort: 3000
      localPort: 3000
    - name: backend
      resource: Service/<service>
      targetPort: 7007
      localPort: 7007

Job Workload (CLI pattern)

apiVersion: garden.io/v0
kind: Build
type: container
name: <cli>-image

source:
  path: ../../..

include:
  - src/<module>/**/*
  - src/staccato-toolkit/domain/**/*
  - go.work
  - go.work.sum

spec:
  dockerfile: src/<module>/Containerfile.dev

---

apiVersion: garden.io/v0
kind: Run
type: kubernetes-pod
name: <cli>-health

dependencies:
  - build.<cli>-image

source:
  path: ../../..

spec:
  namespace: staccato
  manifestFiles:
    - src/ops/dev/manifests/<cli>/job.yaml
  patchResources:
    - name: <job-name>
      kind: Job
      patch:
        spec:
          template:
            spec:
              containers:
                - name: <cli>
                  image: ${actions.build.<cli>-image.outputs.deploymentImageId}
                  imagePullPolicy: IfNotPresent

Critical Rules (always check)

| Rule | Why | |------|-----| | source.path: ../../.. on Go Build actions | go.work must be in the build context for workspace module resolution | | Include all imported workspace modules in include | Missing modules → version hash misses domain changes → stale builds | | imagePullPolicy: IfNotPresent in patchResources | Manifests use Never for manual loads; Garden loads its own hash tag | | readOnlyRootFilesystem: false in patchResources | Mutagen writes files at runtime; read-only filesystem blocks all sync | | defaultOwner: 1000 on Go sync paths | Container runs as UID 1000; Mutagen must write with matching ownership | | exclude: ["*/node_modules/**/*"] on Node.js sync paths | Overwriting container node_modules with host binaries crashes the pod | | Never sync to /workspace for Node.js | Too broad — will delete node_modules installed during Docker build | | garden not in nixpkgs | Installed via init_hook curl installer; check ~/.garden/bin is on PATH |

Verification Steps

After adding a new service's garden.yml:

# 1. Verify action is discovered
garden get status

# 2. Verify version hash resolves (no "missing source" errors)
garden get actions build.<service>-image

# 3. Deploy and check the pod starts
garden deploy
kubectl get pods -n staccato --context kind-staccato-dev

# 4. Start sync and verify a file change propagates
garden deploy --sync
# Edit a source file, watch garden output for sync event
# Verify service responds: curl http://localhost:<port>/healthz

em-jones/.agents/skills/garden-dev

.agents/skills/garden-dev/SKILL.md

# Skill: Garden Dev Environment **Description**: Guidance for agents implementing or modifying Garden action configs (`project.garden.yml`, per-service `garden.yml`) for the staccato platform. Covers action types, sync mode, `patchResources`, go.work build context patterns, and the lifecycle split between `task dev-up` and `garden deploy`. **When to use**: When creating or modifying `project.garden.yml`, adding a new service's `garden.yml`, configuring sync mode for a new workload, or troubles

1 stars

development

Updated Apr 17, 2026

$ install --global

skillsauth

npx skillsauth add em-jones/staccato-toolkit .agents/skills/garden-dev

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 17, 2026, 1:48 AM20.4s1 file scanned

SKILL.md

Skill: Garden Dev Environment

When to use: When creating or modifying project.garden.yml, adding a new service's garden.yml, configuring sync mode for a new workload, or troubleshooting Garden deployment failures.

Quick Start

I need to add a new Go service to Garden

Read .opencode/rules/technologies/garden.md — all Garden usage rules for this platform
Create <service-dir>/garden.yml with two documents: a Build action and a Deploy action
Set source.path: ../../.. (repo root) on the Build action if the service is in the go.work workspace
Include all workspace modules the service imports in the include list
Use patchResources to inject the image tag — never modify the manifest file
Patch readOnlyRootFilesystem: false in patchResources if the manifest has it set to true
Set defaultOwner: 1000 on all sync paths (matches runAsUser: 1000 in deployments)
Add watchexec override command in sync.overrides for in-container rebuild
Run garden get status to verify the action is discovered and the version hash resolves

I need to add a new Node.js service to Garden

Read .opencode/rules/technologies/garden.md
Create <service-dir>/garden.yml with a Build action and a Deploy action
In the Build action exclude, add node_modules/**/* and packages/**/node_modules/**/*
In the Deploy sync.paths, use surgical paths targeting source directories only
Add exclude: ["*/node_modules/**/*", "*/dist/**/*"] to every sync path entry
Never sync to the container workspace root — this will wipe node_modules
Configure port-forwards for both backend (7007) and frontend (3000) ports

I need to add a CLI tool (Job workload) to Garden

Create a Build / container action with go.work-aware build context
Create a Run / kubernetes-pod action referencing the Job manifest via spec.manifestFiles
Use patchResources to inject the image tag into the Job spec
Do NOT configure spec.sync — Jobs are not sync targets

I need to debug a sync mode failure

Run garden sync status — lists active Mutagen sessions and their state
Run garden sync restart — restarts all sessions
Check readOnlyRootFilesystem is patched to false in the Deploy action's patchResources
Check defaultOwner matches the container's runAsUser
Check the pod is Running: kubectl get pods -n staccato --context kind-staccato-dev
If Backstage crashes after sync, a sync path is too broad — check node_modules exclusions

Action Config Patterns

Go Service (full example)

# src/<module>/garden.yml

apiVersion: garden.io/v0
kind: Build
type: container
name: <service>-image

source:
  path: ../../..   # repo root — required for go.work

include:
  - src/<module>/**/*
  - src/staccato-toolkit/domain/**/*   # all imported workspace modules
  - go.work
  - go.work.sum

spec:
  dockerfile: src/<module>/Containerfile.dev

---

apiVersion: garden.io/v0
kind: Deploy
type: kubernetes
name: <service>

dependencies:
  - build.<service>-image

source:
  path: ../../..

spec:
  namespace: staccato

  manifestFiles:
    - src/ops/dev/manifests/<service>/deployment.yaml
    - src/ops/dev/manifests/<service>/service.yaml

  patchResources:
    - name: <service>
      kind: Deployment
      patch:
        spec:
          template:
            spec:
              containers:
                - name: <service>
                  image: ${actions.build.<service>-image.outputs.deploymentImageId}
                  imagePullPolicy: IfNotPresent
                  securityContext:
                    readOnlyRootFilesystem: false   # required for Mutagen sync

  defaultTarget:
    kind: Deployment
    name: <service>
    containerName: <service>

  sync:
    paths:
      - sourcePath: src/<module>
        containerPath: /workspace
        mode: one-way-replica
        defaultOwner: 1000
        exclude:
          - <service>           # don't overwrite the compiled binary
          - "**/*_test.go"
      - sourcePath: src/staccato-toolkit/domain
        containerPath: /workspace/domain
        mode: one-way-replica
        defaultOwner: 1000
    overrides:
      - command:
          - watchexec
          - -r
          - --exts
          - go,mod,sum
          - --
          - sh
          - -c
          - "go build -o /workspace/<service> . && /workspace/<service>"

  portForwards:
    - name: http
      resource: Service/<service>
      targetPort: 8080
      localPort: 8080

Node.js Service (Backstage pattern)

apiVersion: garden.io/v0
kind: Build
type: container
name: <service>-image

include:
  - package.json
  - yarn.lock
  - .yarnrc.yml
  - .yarn/**/*
  - packages/**/*
  - plugins/**/*
  - tsconfig.json
  - app-config.yaml

exclude:
  - node_modules/**/*
  - packages/**/node_modules/**/*
  - packages/**/dist/**/*

spec:
  dockerfile: Containerfile.dev

---

apiVersion: garden.io/v0
kind: Deploy
type: kubernetes
name: <service>

dependencies:
  - build.<service>-image

spec:
  namespace: staccato

  # ... manifests or inline manifest ...

  defaultTarget:
    kind: Deployment
    name: <service>
    containerName: <service>

  sync:
    paths:
      - sourcePath: packages
        containerPath: /workspace/packages
        mode: one-way-replica
        exclude:
          - "*/node_modules/**/*"   # REQUIRED
          - "*/dist/**/*"
      - sourcePath: plugins
        containerPath: /workspace/plugins
        mode: one-way-replica
        exclude:
          - "*/node_modules/**/*"

  portForwards:
    - name: frontend
      resource: Service/<service>
      targetPort: 3000
      localPort: 3000
    - name: backend
      resource: Service/<service>
      targetPort: 7007
      localPort: 7007

Job Workload (CLI pattern)

apiVersion: garden.io/v0
kind: Build
type: container
name: <cli>-image

source:
  path: ../../..

include:
  - src/<module>/**/*
  - src/staccato-toolkit/domain/**/*
  - go.work
  - go.work.sum

spec:
  dockerfile: src/<module>/Containerfile.dev

---

apiVersion: garden.io/v0
kind: Run
type: kubernetes-pod
name: <cli>-health

dependencies:
  - build.<cli>-image

source:
  path: ../../..

spec:
  namespace: staccato
  manifestFiles:
    - src/ops/dev/manifests/<cli>/job.yaml
  patchResources:
    - name: <job-name>
      kind: Job
      patch:
        spec:
          template:
            spec:
              containers:
                - name: <cli>
                  image: ${actions.build.<cli>-image.outputs.deploymentImageId}
                  imagePullPolicy: IfNotPresent

Critical Rules (always check)

Verification Steps

After adding a new service's garden.yml:

# 1. Verify action is discovered
garden get status

# 2. Verify version hash resolves (no "missing source" errors)
garden get actions build.<service>-image

# 3. Deploy and check the pod starts
garden deploy
kubectl get pods -n staccato --context kind-staccato-dev

# 4. Start sync and verify a file change propagates
garden deploy --sync
# Edit a source file, watch garden output for sync event
# Verify service responds: curl http://localhost:<port>/healthz

Related Skills

em-jones/.agents/skills/vite-plus

tools

VerifiedTrustedCommunity

# Using Vite+, the Unified Toolchain for the Web This project is using Vite+, a unified toolchain built on top of Vite, Rolldown, Vitest, tsdown, Oxlint, Oxfmt, and Vite Task. Vite+ wraps runtime management, package management, and frontend tooling in a single global CLI called `vp`. Vite+ is distinct from Vite, but it invokes Vite through `vp dev` and `vp build`. ## Vite+ Workflow `vp` is a global binary that handles the full development lifecycle. Run `vp help` to pr

1SKILL.mdUpdated Apr 17, 2026

em-jones/.agents/skills/vite-plus

em-jones/ui-data-tables

development

VerifiedTrustedCommunity

Guide for building performant data tables. Uses tanstack-table for table logic (sorting, filtering, pagination) and tanstack-virtual for rendering large datasets efficiently.

1SKILL.mdUpdated Apr 17, 2026

em-jones/ui-data-tables

em-jones/typescript-effect-library

development

VerifiedTrustedCommunity

Expert guidance for building observable, expressive, and fault-tolerant TypeScript applications using the effect-ts/effect ecosystem. Covers Effect<A, E, R> type, error management, dependency injection via Layers, observability (logging, metrics, tracing), concurrency with Fibers, retry/scheduling, Schema validation, Streams, and Sinks.

1SKILL.mdUpdated Apr 17, 2026

em-jones/typescript-effect-library

em-jones/typescript-e2e-testing

tools

VerifiedTrustedCommunity

Complete E2E (end-to-end) and integration testing skill for TypeScript/NestJS projects using Jest, real infrastructure via Docker, and GWT pattern. ALWAYS use this skill when user needs to: **SETUP** - Initialize or configure E2E testing infrastructure: - Set up E2E testing for a new project - Configure docker-compose for testing (Kafka, PostgreSQL, MongoDB, Redis) - Create jest-e2e.config.ts or E2E Jest configuration - Set up test helpers for database, Kafka, or Redis - Configure .env.e2e environment variables - Create test/e2e directory structure **WRITE** - Create or add E2E/integration tests: - Write, create, add, or generate e2e tests or integration tests - Test API endpoints, workflows, or complete features end-to-end - Test with real databases, message brokers, or external services - Test Kafka consumers/producers, event-driven workflows - Working on any file ending in .e2e-spec.ts or in test/e2e/ directory - Use GWT (Given-When-Then) pattern for tests **REVIEW** - Audit or evaluate E2E tests: - Review existing E2E tests for quality - Check test isolation and cleanup patterns - Audit GWT pattern compliance - Evaluate assertion quality and specificity - Check for anti-patterns (multiple WHEN actions, conditional assertions) **RUN** - Execute or analyze E2E test results: - Run E2E tests - Start/stop Docker infrastructure for testing - Analyze E2E test results - Verify Docker services are healthy - Interpret test output and failures **DEBUG** - Fix failing or flaky E2E tests: - Fix failing E2E tests - Debug flaky tests or test isolation issues - Troubleshoot connection errors (database, Kafka, Redis) - Fix timeout issues or async operation failures - Diagnose race conditions or state leakage - Debug Kafka message consumption issues **OPTIMIZE** - Improve E2E test performance: - Speed up slow E2E tests - Optimize Docker infrastructure startup - Replace fixed waits with smart polling - Reduce beforeEach cleanup time - Improve test parallelization where safe Keywords: e2e, end-to-end, integration test, e2e-spec.ts, test/e2e, Jest, supertest, NestJS, Kafka, Redpanda, PostgreSQL, MongoDB, Redis, docker-compose, GWT pattern, Given-When-Then, real infrastructure, test isolation, flaky test, MSW, nock, waitForMessages, fix e2e, debug e2e, run e2e, review e2e, optimize e2e, setup e2e

1SKILL.mdUpdated Apr 17, 2026

em-jones/typescript-e2e-testing

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/em-jones/staccato-toolkit.git

# Copy into Claude Code skills folder (global)
cp -r staccato-toolkit/.agents/skills/garden-dev ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

em-jones/staccato-toolkit

1 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT

Adoption

em-jones/.agents/skills/garden-dev

$ install --global

Security Scan Results

SKILL.md

Skill: Garden Dev Environment

Quick Start

I need to add a new Go service to Garden

I need to add a new Node.js service to Garden

I need to add a CLI tool (Job workload) to Garden

I need to debug a sync mode failure

Action Config Patterns

Go Service (full example)

Node.js Service (Backstage pattern)

Job Workload (CLI pattern)

Critical Rules (always check)

Verification Steps

See Also

Related Skills

em-jones/.agents/skills/vite-plus

em-jones/ui-data-tables

em-jones/typescript-effect-library

em-jones/typescript-e2e-testing

em-jones/.agents/skills/garden-dev

$ install --global

Security Scan Results

SKILL.md

Skill: Garden Dev Environment

Quick Start

I need to add a new Go service to Garden

I need to add a new Node.js service to Garden

I need to add a CLI tool (Job workload) to Garden

I need to debug a sync mode failure

Action Config Patterns

Go Service (full example)

Node.js Service (Backstage pattern)

Job Workload (CLI pattern)

Critical Rules (always check)

Verification Steps

See Also

Related Skills

em-jones/.agents/skills/vite-plus

em-jones/ui-data-tables

em-jones/typescript-effect-library

em-jones/typescript-e2e-testing