navraj007in/infrastructure-generators
skills/infrastructure-generators/SKILL.md
SDL generators for Docker Compose, Kubernetes, Monitoring, Nginx, and Deploy Diagram
$ install --global
skillsauthnpx skillsauth add navraj007in/architecture-cowork-plugin infrastructure-generatorsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 7:13 PM67.2s1 file scanned
SKILL.md
- name:
- infrastructure-generators
- description:
- SDL generators for Docker Compose, Kubernetes, Monitoring, Nginx, and Deploy Diagram
Infrastructure Generators
SDL-driven, deterministic generators that produce production-ready infrastructure configs. Same input always produces identical output.
Input: Compiled SDL document
Output: YAML/JSON config files in artifacts/ directory
Docker Compose Generator
Generates a docker-compose.yml for local development with all services, databases, caches, queues, and search.
API: POST /api/sdl/docker-compose — { yaml: string }
Output files:
artifacts/docker/docker-compose.yml— complete service orchestrationartifacts/docker/.env— environment variable template
SDL sections used:
architecture.projects.frontend[]/backend[]— service definitionsdata.primaryDatabase.type— database container (postgres, mysql, mongodb, sqlserver)data.secondaryDatabases[]— additional database containersdata.cache.type— Redis containerdata.queues.provider— queue container (rabbitmq, kafka, redis)data.search.provider— search container (elasticsearch, meilisearch, typesense)auth.identityProvider— auth env vars (Auth0, Clerk, Cognito, Firebase)solution.name— container naming
What it includes per service:
- Multi-stage Dockerfile build context
- Framework-aware port assignment (Node=3000, FastAPI=8000, Go=8080, .NET=5000, Spring=8080, Rails=3000, Laravel=9000)
- Database URLs injected as env vars
- Redis URL if cache enabled
- Inter-service URLs using Docker service names
- Health checks with
service_healthydepends_on - Volume mounts for live reload
- Named volumes for data persistence
- Custom network
Kubernetes Generator
Generates production-ready K8s manifests with Deployments, Services, HPA, Ingress, ConfigMap, and Namespace.
API: POST /api/sdl/kubernetes — { yaml: string }
Output files (in artifacts/k8s/):
namespace.yaml— namespace scoped to solution nameconfigmap.yaml— shared config (NODE_ENV, DB_TYPE, AUTH_PROVIDER, REDIS_ENABLED)- Per backend:
backend-{name}-deployment.yaml,-service.yaml,-hpa.yaml - Per frontend:
frontend-{name}-deployment.yaml,-service.yaml ingress.yaml— HTTPS routing with cert-manager
SDL sections used:
architecture.projects.backend[]/frontend[]— deployments and servicesnonFunctional.scaling.expectedUsersYear1— replica count (>50k=5, >10k=3, else=2)solution.domain— ingress hostname (defaults to{slug}.example.com)nonFunctional.security.encryptionInTransit— TLS/cert-manager annotationsdata.primaryDatabase.type— ConfigMap DB_TYPEdata.cache.type— ConfigMap REDIS_ENABLEDauth.identityProvider— ConfigMap AUTH_PROVIDER
Resource limits:
| Tier | CPU Request | CPU Limit | Memory Request | Memory Limit | |------|------------|-----------|----------------|--------------| | Backend | 100m | 500m | 128Mi | 512Mi | | Frontend | 50m | 200m | 64Mi | 256Mi |
HPA: Scales on 70% CPU / 80% memory utilization, max replicas = min × 3
Probes: HTTP GET /health — readiness (5s initial, 10s period), liveness (15s initial, 20s period)
Monitoring Generator
Generates Prometheus scrape config, alert rules, and a Grafana dashboard JSON.
API: POST /api/sdl/monitoring — { yaml: string }
Output files (in artifacts/monitoring/):
prometheus.yml— scrape config with per-service job definitions + node-exporteralert-rules.yml— alerting rules derived from NFRsgrafana-dashboard.json— complete dashboard with per-service panels
SDL sections used:
architecture.projects.backend[]/frontend[]— per-service scrape targets and panelsnonFunctional.availability.target— error budget calculation for HighErrorRate thresholdnonFunctional.performance.apiResponseTime— P95 latency alert thresholddata.primaryDatabase.type— database connection pool alert (postgres/mysql/sqlserver only)integrations.monitoring.provider— metadata only
Alert rules generated:
| Alert | Trigger | Severity |
|-------|---------|----------|
| HighErrorRate | 5xx rate exceeds error budget | critical |
| HighLatency | P95 > apiResponseTime target | warning |
| ServiceDown_{name} | up{job} == 0 for 1m | critical |
| HighCpuUsage | CPU > 85% for 10m | warning |
| HighMemoryUsage | Memory > 90% for 5m | warning |
| DatabaseConnectionPoolHigh | Pool > 80% for 5m | warning |
Grafana panels: Request rate, error rate, P95 latency, service uptime, per-service CPU/memory, per-service request duration percentiles (P50/P95/P99), database connections.
Nginx Generator
Generates a reverse proxy config with SSL, gzip, rate limiting, and security headers.
API: POST /api/sdl/nginx — { yaml: string }
Output files (in artifacts/nginx/):
nginx.conf— complete reverse proxy configurationmime.types.conf— MIME type mappingsdocker-compose.nginx.yml— Docker Compose snippet to add nginx service
SDL sections used:
architecture.projects.backend[]/frontend[]— upstream definitionssolution.domain— server_name for HTTPS block- Backend framework → port mapping (same as Docker Compose)
Features:
- HTTP → HTTPS redirect
- SSL/TLS config (TLSv1.2/1.3, session cache)
- Gzip compression (6 content types)
- Rate limiting: 30 req/s per IP, burst 50
- Security headers: X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy
- WebSocket support (Upgrade/Connection headers)
- Per-backend API locations (single backend →
/api, multiple →/api/{name}) - Frontend fallback at
/ - Health check endpoint at
/health
Deploy Diagram Generator
Generates a Mermaid deployment topology diagram from a deployment plan.
Not exposed via dedicated API route — used programmatically by the deploy-planner module.
Input: DeployDiagramInput (not an SDL document directly):
strategy— deployment strategy nameservices[]— array of{ name, platform, tier?, estimatedCost, config? }monthlyCost?—{ min, max, typical }
Output: diagrams/deployment-topology.mmd — Mermaid flowchart
Features:
- Services grouped into subgraphs by platform (AWS, Azure, GCP, etc.)
- Categorized by role: frontend (cyan), backend (purple), data (amber)
- User → Frontend → Backend → Data flow edges
- Cost labels per service (
$X/mo) - Tier labels when specified
When to Use
- Docker Compose: After scaffolding — gives developers a one-command local dev setup
- Kubernetes: When deploying to K8s clusters — production-ready manifests
- Monitoring: When setting up observability — alerts tuned to SDL availability/performance targets
- Nginx: When adding a reverse proxy — SSL, routing, rate limiting preconfigured
- Deploy Diagram: When visualizing deployment topology — auto-generated from deploy planner output
Related Skills
navraj007in/skills/tradeoff-analysis
development
VerifiedTrustedCommunity
# Trade-Off Analysis Skill Quantifies exact trade-offs when switching between architecture options. Shows users precisely what they gain and lose when choosing Option A over Option B. ## When to Use Use this skill to help users decide between options by showing: 1. **Cost difference** — how much more/less per month? 2. **Performance difference** — how much faster/slower? 3. **Complexity difference** — how much harder to build/maintain? 4. **Scalability difference** — when does this option hit
2SKILL.mdUpdated Apr 27, 2026
navraj007in/skills/stage-detection
testing
VerifiedTrustedCommunity
# Stage Detection Skill Detects the current project stage (concept → mvp → growth → enterprise) based on `_state.json` field presence and completeness. Used by `/architect:next-steps`, `/architect:check-state`, and roadmap commands. ## When to Use Invoke this skill when you need to determine what stage a project is at based on its state file. Stage detection drives: - Command recommendations (what to run next) - Required fields validation (what should exist at this stage) - Risk assessment (w
2SKILL.mdUpdated Apr 27, 2026
navraj007in/skills/stack-swap-simulator
development
VerifiedTrustedCommunity
# Stack Swap Simulator Skill Estimates cost and effort to switch from one tech stack to another. Helps answer: "Can we migrate later if needed?" ## When to Use Use this skill to understand: 1. **Cost of switching stacks** — engineer weeks + downtime risk 2. **Timeline to switch** — how long is the project? 3. **Risk of switching** — what can go wrong? 4. **ROI of switching** — does it save money long-term? 5. **Backwards compatibility** — can we do a gradual migration? ## Input Provide sour
2SKILL.mdUpdated Apr 27, 2026
navraj007in/skills/stack-compatibility
tools
VerifiedTrustedCommunity
# Stack Compatibility Skill Verifies that chosen technologies integrate well together. Prevents "I picked these tools and they don't work well together" regrets. ## When to Use Use this skill to verify: 1. **Chosen tools work together** — React + Node + MongoDB = good? 2. **No hidden incompatibilities** — will I hit issues in production? 3. **Team can support it** — do we have expertise for this combo? 4. **Licenses compatible** — can we use these together commercially? 5. **Performance assum
2SKILL.mdUpdated Apr 27, 2026