Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

moonming/a6-persona-operator

Name: a6-persona-operator
Author: moonming

skills/a6-persona-operator/SKILL.md

npx skillsauth add moonming/a6 a6-persona-operator

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

a6-persona-operator

Who This Is For

You are a platform operator or DevOps engineer responsible for:

Managing one or more APISIX gateway instances
Ensuring API availability and performance
Deploying and rolling back configuration changes
Monitoring health, diagnosing issues, and responding to incidents
Enforcing security policies across all APIs

Context Management

Operators typically manage multiple environments. Use contexts to switch between them without re-entering connection details.

# Set up contexts for each environment
a6 context create dev --server http://apisix-dev:9180 --api-key dev-key-123
a6 context create staging --server http://apisix-staging:9180 --api-key staging-key-456
a6 context create prod --server http://apisix-prod:9180 --api-key prod-key-789

# Switch to production
a6 context use prod

# Check current context
a6 context current

# List all contexts
a6 context list

Always verify the active context before running destructive operations.

Daily Operations Checklist

1. Health check

# Verify APISIX is reachable and get version
a6 health

# Check all upstream health status
a6 upstream list --output json | jq '.[] | {id: .id, name: .name}'
a6 upstream health <upstream-id>

2. Configuration audit

# Dump current state
a6 config dump > current-state.yaml

# Compare with expected state
a6 config diff -f expected-state.yaml

# Validate a config file before applying
a6 config validate -f new-config.yaml

3. Certificate management

# List SSL certificates and check expiry
a6 ssl list

# Upload a new certificate
a6 ssl create -f - <<'EOF'
{
  "cert": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
  "key": "-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----",
  "snis": ["api.example.com", "*.example.com"]
}
EOF

Deployment Workflow

Safe deployment pattern

# 1. Validate the config locally
a6 config validate -f new-config.yaml

# 2. Preview what will change
a6 config diff -f new-config.yaml

# 3. Apply to staging first
a6 --context staging config sync -f new-config.yaml

# 4. Verify staging
a6 --context staging health
a6 --context staging route list

# 5. Apply to production
a6 --context prod config sync -f new-config.yaml

# 6. Verify production
a6 --context prod health

Rollback

# Keep a backup before every deployment
a6 config dump > backup-$(date +%Y%m%d-%H%M%S).yaml

# Rollback by syncing the backup
a6 config sync -f backup-20260308-143000.yaml

Troubleshooting

Request not reaching upstream

# 1. Check if the route exists
a6 route list
a6 route get <route-id> --output json

# 2. Trace the request path
a6 debug trace --uri /api/v1/users --method GET

# 3. Stream error logs in real-time
a6 debug logs --follow

# 4. Check upstream health
a6 upstream health <upstream-id>

502 Bad Gateway

# Check upstream node health
a6 upstream get <upstream-id> --output json

# Verify backend is reachable from APISIX
a6 debug trace --uri /failing-endpoint

# Check error logs for connection refused / timeout
a6 debug logs --follow --level error

Authentication failures (401/403)

# Verify consumer exists and has correct credentials
a6 consumer list
a6 consumer get <username> --output json

# Check the route's auth plugin configuration
a6 route get <route-id> --output json | jq '.plugins'

# Check global rules that might override
a6 global-rule list --output json

Security Hardening

Global rate limiting

a6 global-rule create -f - <<'EOF'
{
  "id": "global-rate-limit",
  "plugins": {
    "limit-count": {
      "count": 10000,
      "time_window": 60,
      "key_type": "var",
      "key": "remote_addr",
      "rejected_code": 429
    }
  }
}
EOF

Global IP restriction

a6 global-rule create -f - <<'EOF'
{
  "id": "global-ip-block",
  "plugins": {
    "ip-restriction": {
      "blacklist": ["10.0.0.0/8", "192.168.0.0/16"]
    }
  }
}
EOF

Enforce CORS globally

a6 global-rule create -f - <<'EOF'
{
  "id": "global-cors",
  "plugins": {
    "cors": {
      "allow_origins": "https://app.example.com",
      "allow_methods": "GET,POST,PUT,DELETE,OPTIONS",
      "allow_headers": "Authorization,Content-Type",
      "max_age": 3600
    }
  }
}
EOF

Monitoring Setup

Enable Prometheus metrics

# Global rule to expose metrics for all routes
a6 global-rule create -f - <<'EOF'
{
  "id": "prometheus-metrics",
  "plugins": {
    "prometheus": {}
  }
}
EOF

Scrape metrics at http://apisix:9091/apisix/prometheus/metrics.

Add HTTP logging

a6 global-rule create -f - <<'EOF'
{
  "id": "http-logging",
  "plugins": {
    "http-logger": {
      "uri": "http://log-collector:9200/_bulk",
      "batch_max_size": 1000,
      "inactive_timeout": 5
    }
  }
}
EOF

Decision Framework

| Situation | Action | |-----------|--------| | New deployment | config validate → config diff → config sync (staging) → verify → config sync (prod) | | Incident — route broken | debug trace → debug logs → fix → config sync | | Incident — upstream down | upstream health → check backends → update nodes or enable health checks | | Certificate expiring | ssl list → ssl create with new cert → ssl delete old | | Performance issue | debug logs to find slow routes → add rate limiting or caching | | Security audit | config dump → review global rules, auth plugins, IP restrictions | | Rollback needed | config sync -f backup.yaml | | New environment | context create → config sync -f base-config.yaml |

Best Practices

Always dump before sync — a6 config dump > backup.yaml before every deployment
Validate before apply — a6 config validate -f config.yaml catches errors early
Diff before sync — a6 config diff -f config.yaml shows exactly what will change
Stage before prod — always apply to staging first, verify, then promote to production
Use global rules sparingly — they apply to ALL routes; prefer per-route plugins
Monitor upstream health — enable active health checks on critical upstreams
Keep contexts organized — name contexts clearly (prod, staging, dev) and verify the current context before destructive operations
Version control configs — store YAML configs in git for audit trail and rollback

moonming/a6-persona-operator

skills/a6-persona-operator/SKILL.md

Persona skill for platform operators and DevOps engineers managing APISIX instances using the a6 CLI. Provides decision frameworks for day-to-day operations including deployment, monitoring, troubleshooting, scaling, security hardening, and disaster recovery workflows.

tools

Updated Apr 21, 2026

$ install --global

skillsauth

npx skillsauth add moonming/a6 a6-persona-operator

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 30, 2026, 12:33 PM3.4s1 file scanned

SKILL.md

name:: a6-persona-operator
description:: >-
version:: 1.0.0
author:: Apache APISIX Contributors
license:: Apache-2.0
category:: persona
apisix_version:: >=3.0.0

a6-persona-operator

Who This Is For

You are a platform operator or DevOps engineer responsible for:

Managing one or more APISIX gateway instances
Ensuring API availability and performance
Deploying and rolling back configuration changes
Monitoring health, diagnosing issues, and responding to incidents
Enforcing security policies across all APIs

Context Management

Operators typically manage multiple environments. Use contexts to switch between them without re-entering connection details.

# Set up contexts for each environment
a6 context create dev --server http://apisix-dev:9180 --api-key dev-key-123
a6 context create staging --server http://apisix-staging:9180 --api-key staging-key-456
a6 context create prod --server http://apisix-prod:9180 --api-key prod-key-789

# Switch to production
a6 context use prod

# Check current context
a6 context current

# List all contexts
a6 context list

Always verify the active context before running destructive operations.

Daily Operations Checklist

1. Health check

# Verify APISIX is reachable and get version
a6 health

# Check all upstream health status
a6 upstream list --output json | jq '.[] | {id: .id, name: .name}'
a6 upstream health <upstream-id>

2. Configuration audit

# Dump current state
a6 config dump > current-state.yaml

# Compare with expected state
a6 config diff -f expected-state.yaml

# Validate a config file before applying
a6 config validate -f new-config.yaml

3. Certificate management

# List SSL certificates and check expiry
a6 ssl list

# Upload a new certificate
a6 ssl create -f - <<'EOF'
{
  "cert": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
  "key": "-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----",
  "snis": ["api.example.com", "*.example.com"]
}
EOF

Deployment Workflow

Safe deployment pattern

# 1. Validate the config locally
a6 config validate -f new-config.yaml

# 2. Preview what will change
a6 config diff -f new-config.yaml

# 3. Apply to staging first
a6 --context staging config sync -f new-config.yaml

# 4. Verify staging
a6 --context staging health
a6 --context staging route list

# 5. Apply to production
a6 --context prod config sync -f new-config.yaml

# 6. Verify production
a6 --context prod health

Rollback

# Keep a backup before every deployment
a6 config dump > backup-$(date +%Y%m%d-%H%M%S).yaml

# Rollback by syncing the backup
a6 config sync -f backup-20260308-143000.yaml

Troubleshooting

Request not reaching upstream

# 1. Check if the route exists
a6 route list
a6 route get <route-id> --output json

# 2. Trace the request path
a6 debug trace --uri /api/v1/users --method GET

# 3. Stream error logs in real-time
a6 debug logs --follow

# 4. Check upstream health
a6 upstream health <upstream-id>

502 Bad Gateway

# Check upstream node health
a6 upstream get <upstream-id> --output json

# Verify backend is reachable from APISIX
a6 debug trace --uri /failing-endpoint

# Check error logs for connection refused / timeout
a6 debug logs --follow --level error

Authentication failures (401/403)

# Verify consumer exists and has correct credentials
a6 consumer list
a6 consumer get <username> --output json

# Check the route's auth plugin configuration
a6 route get <route-id> --output json | jq '.plugins'

# Check global rules that might override
a6 global-rule list --output json

Security Hardening

Global rate limiting

a6 global-rule create -f - <<'EOF'
{
  "id": "global-rate-limit",
  "plugins": {
    "limit-count": {
      "count": 10000,
      "time_window": 60,
      "key_type": "var",
      "key": "remote_addr",
      "rejected_code": 429
    }
  }
}
EOF

Global IP restriction

a6 global-rule create -f - <<'EOF'
{
  "id": "global-ip-block",
  "plugins": {
    "ip-restriction": {
      "blacklist": ["10.0.0.0/8", "192.168.0.0/16"]
    }
  }
}
EOF

Enforce CORS globally

a6 global-rule create -f - <<'EOF'
{
  "id": "global-cors",
  "plugins": {
    "cors": {
      "allow_origins": "https://app.example.com",
      "allow_methods": "GET,POST,PUT,DELETE,OPTIONS",
      "allow_headers": "Authorization,Content-Type",
      "max_age": 3600
    }
  }
}
EOF

Monitoring Setup

Enable Prometheus metrics

# Global rule to expose metrics for all routes
a6 global-rule create -f - <<'EOF'
{
  "id": "prometheus-metrics",
  "plugins": {
    "prometheus": {}
  }
}
EOF

Scrape metrics at http://apisix:9091/apisix/prometheus/metrics.

Add HTTP logging

a6 global-rule create -f - <<'EOF'
{
  "id": "http-logging",
  "plugins": {
    "http-logger": {
      "uri": "http://log-collector:9200/_bulk",
      "batch_max_size": 1000,
      "inactive_timeout": 5
    }
  }
}
EOF

Decision Framework

Best Practices

Always dump before sync — a6 config dump > backup.yaml before every deployment
Validate before apply — a6 config validate -f config.yaml catches errors early
Diff before sync — a6 config diff -f config.yaml shows exactly what will change
Stage before prod — always apply to staging first, verify, then promote to production
Use global rules sparingly — they apply to ALL routes; prefer per-route plugins
Monitor upstream health — enable active health checks on critical upstreams
Keep contexts organized — name contexts clearly (prod, staging, dev) and verify the current context before destructive operations
Version control configs — store YAML configs in git for audit trail and rollback

Related Skills

moonming/a6-shared

tools

VerifiedTrustedCommunity

Core skill for working with the a6 CLI — the Apache APISIX command-line tool. Provides project conventions, command patterns, architecture overview, and development workflow. Load this skill when working on a6 source code, adding new commands, writing tests, or modifying any a6 component.

SKILL.mdUpdated Apr 21, 2026

moonming/a6-recipe-multi-tenant

tools

VerifiedTrustedCommunity

Recipe skill for implementing multi-tenant API gateway patterns using the a6 CLI. Covers tenant isolation via Consumer Groups, host/path/header-based routing, per-tenant rate limiting, context forwarding with proxy-rewrite, and declarative config sync workflows for multi-tenant management.

SKILL.mdUpdated Apr 21, 2026

moonming/a6-recipe-multi-tenant

moonming/a6-recipe-mtls

tools

VerifiedTrustedCommunity

Recipe skill for configuring mutual TLS (mTLS) using the a6 CLI. Covers SSL certificate management, upstream mTLS to backend services, client certificate verification, and end-to-end mTLS setup from client through APISIX to upstream.

SKILL.mdUpdated Apr 21, 2026

moonming/a6-recipe-mtls

moonming/a6-recipe-health-check

tools

VerifiedTrustedCommunity

Recipe skill for configuring upstream health checks using the a6 CLI. Covers active health checks (HTTP probing), passive health checks (response analysis), combining both, configuring healthy/unhealthy thresholds, and monitoring upstream node status.

SKILL.mdUpdated Apr 21, 2026

moonming/a6-recipe-health-check

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/moonming/a6.git

# Copy into Claude Code skills folder (global)
cp -r a6/skills/a6-persona-operator ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

moonming/a6

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT