Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

monkilabs/deployment-infrastructure

Name: deployment-infrastructure
Author: monkilabs

src/orchestrator/skills/deployment-infrastructure/SKILL.md

npx skillsauth add monkilabs/opencastle deployment-infrastructure

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Deployment Infrastructure

See deployment-config.md for full architecture, env vars, cron jobs, caching headers.

Environment Variables

Layering & Precedence

.env (defaults, committed) → .env.local (git-ignored) → .env.production / .env.preview → Platform-injected (highest).

Startup Validation

import { z } from 'zod';

const envSchema = z.object({
  DATABASE_URL: z.string().url(),
  API_SECRET: z.string().min(32),
  PUBLIC_SITE_URL: z.string().url(),
  CRON_SECRET: z.string().min(16),
  NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
});

export const env = envSchema.parse(process.env);

Naming

Prefix: PUBLIC_*/NEXT_PUBLIC_* (browser-safe), SECRET_*/*_SECRET (server-only). SCREAMING_SNAKE_CASE. Gitignore .env.local, .env.*.local.

CI/CD Pipeline

Branch deployment: main → Production (auto) | feature/*, fix/* → Preview (auto)

Stages (in order): Install (--frozen-lockfile), Lint, Test (unit + integration + coverage), Build (production build), Deploy

Cron auth:

export async function GET(request: Request) {
  const authHeader = request.headers.get('authorization');
  if (authHeader !== `Bearer ${process.env.CRON_SECRET}`)
    return new Response('Unauthorized', { status: 401 });
  return Response.json({ ok: true });
}

Caching Strategy

| Asset Type | Cache-Control Header | |---|---| | Hashed static assets (JS, CSS) | public, max-age=31536000, immutable | | Images / fonts | public, max-age=31536000, immutable | | Favicon / manifest | public, max-age=86400 | | HTML pages (SSG) | public, max-age=0, must-revalidate | | API responses | private, no-cache | | Prerendered pages (ISR) | public, s-maxage=3600, stale-while-revalidate=86400 |

Apply via framework headers() config or CDN rules.

Security Headers

Load security-hardening skill for full CSP inventory, header configuration.

Release Process

Audit — lint, test, build; git diff since last tag; verify no draft PRs
- Gate: all commands exit 0
Changelog — generate from commits; categorize (Features, Fixes, Breaking); include migration notes
Tag — semver tag; update version references
Verify — curl -sI https://example.com | grep -E 'HTTP|Strict' — smoke-test production URLs; monitor error rates
- Gate: homepage returns 200; headers correct
- Fail → rollback immediately

Rollback

Prefer platform rollback (promote last good deploy). Fallback: git revert -m 1 HEAD Prefer platform rollback (promote last good deploy). Fallback: git revert -m 1 HEAD && git push.Prefer platform rollback (promote last good deploy). Fallback: git revert -m 1 HEAD && git push. git push.

Roll back → 2. Smoke-test (curl -sI) → 3. Confirm 200 + correct behavior → 4. If still broken, escalate
Notify team; create post-mortem ticket

Anti-Patterns

| Anti-Pattern | Fix | |---|---| | Hardcoding secrets | Env vars + Zod startup validation | | Skipping preview deployments | Deploy every branch to preview | | Cache-Control: no-store everywhere | Per-asset cache durations (see table) | | Disabling security headers "temporarily" | Keep strict; document exceptions | | Builds without --frozen-lockfile | Always use --frozen-lockfile in CI |

monkilabs/deployment-infrastructure

src/orchestrator/skills/deployment-infrastructure/SKILL.md

Configures deployment pipelines, manages environment variables, schedules cron jobs, applies security headers, implements caching strategies. Use when working with Docker, Vercel, AWS, Dockerfile, nginx.conf, or platform deployment configs.

44 stars

testing

Updated May 19, 2026

$ install --global

skillsauth

npx skillsauth add monkilabs/opencastle deployment-infrastructure

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 19, 2026, 7:26 AM153.8s1 file scanned

SKILL.md

name:: deployment-infrastructure
description:: Configures deployment pipelines, manages environment variables, schedules cron jobs, applies security headers, implements caching strategies. Use when working with Docker, Vercel, AWS, Dockerfile, nginx.conf, or platform deployment configs.

Deployment Infrastructure

See deployment-config.md for full architecture, env vars, cron jobs, caching headers.

Environment Variables

Layering & Precedence

.env (defaults, committed) → .env.local (git-ignored) → .env.production / .env.preview → Platform-injected (highest).

Startup Validation

import { z } from 'zod';

const envSchema = z.object({
  DATABASE_URL: z.string().url(),
  API_SECRET: z.string().min(32),
  PUBLIC_SITE_URL: z.string().url(),
  CRON_SECRET: z.string().min(16),
  NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
});

export const env = envSchema.parse(process.env);

Naming

Prefix: PUBLIC_*/NEXT_PUBLIC_* (browser-safe), SECRET_*/*_SECRET (server-only). SCREAMING_SNAKE_CASE. Gitignore .env.local, .env.*.local.

CI/CD Pipeline

Branch deployment: main → Production (auto) | feature/*, fix/* → Preview (auto)

Stages (in order): Install (--frozen-lockfile), Lint, Test (unit + integration + coverage), Build (production build), Deploy

Cron auth:

export async function GET(request: Request) {
  const authHeader = request.headers.get('authorization');
  if (authHeader !== `Bearer ${process.env.CRON_SECRET}`)
    return new Response('Unauthorized', { status: 401 });
  return Response.json({ ok: true });
}

Caching Strategy

Apply via framework headers() config or CDN rules.

Security Headers

Load security-hardening skill for full CSP inventory, header configuration.

Release Process

Audit — lint, test, build; git diff since last tag; verify no draft PRs
- Gate: all commands exit 0
Changelog — generate from commits; categorize (Features, Fixes, Breaking); include migration notes
Tag — semver tag; update version references
Verify — curl -sI https://example.com | grep -E 'HTTP|Strict' — smoke-test production URLs; monitor error rates
- Gate: homepage returns 200; headers correct
- Fail → rollback immediately

Rollback

Roll back → 2. Smoke-test (curl -sI) → 3. Confirm 200 + correct behavior → 4. If still broken, escalate
Notify team; create post-mortem ticket

Anti-Patterns

Related Skills

monkilabs/validation-gates

development

VerifiedTrustedCommunity

Defines 10 sequential validation gates: secret scanning, lint/test/build checks, blast radius analysis, dependency auditing, browser testing, cache management, regression checks, smoke tests. Use when running pre-deploy validation or CI checks, CI/CD pipelines, deployment pipeline validation, pre-merge checks, continuous integration, or pull request validation.

44SKILL.mdUpdated Apr 21, 2026

monkilabs/validation-gates

monkilabs/testing-workflow

development

VerifiedTrustedCommunity

Generates test plans, writes unit/integration/E2E test files, identifies coverage gaps, flags common testing anti-patterns. Use when writing tests, creating test suites, planning test strategies, mocking dependencies, measuring code coverage, or test planning.

44SKILL.mdUpdated Apr 21, 2026

monkilabs/testing-workflow

monkilabs/team-lead-reference

development

VerifiedTrustedCommunity

Provides model routing rules, validates delegation prerequisites, supplies cost tracking templates, defines dead-letter queue formats for Team Lead orchestration. Load when assigning tasks to agents, choosing model tiers, starting delegation session, running multi-agent workflow, delegating work, choosing which model to use, or assigning tasks.

44SKILL.mdUpdated Apr 21, 2026

monkilabs/team-lead-reference

monkilabs/session-checkpoints

testing

VerifiedTrustedCommunity

Saves, restores session state including task progress, file changes, delegation history. Use when saving progress, resuming interrupted work, picking up where you left off, or checkpointing current work.

44SKILL.mdUpdated Apr 21, 2026

monkilabs/session-checkpoints

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/monkilabs/opencastle.git

# Copy into Claude Code skills folder (global)
cp -r opencastle/src/orchestrator/skills/deployment-infrastructure ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

monkilabs/opencastle

44 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT