rzyfront/vendix-ec2-maintenance
skills/vendix-ec2-maintenance/SKILL.md
Vendix EC2 production maintenance and troubleshooting: GitHub Actions to ECR + EC2 deploy, targeted Docker cleanup, CloudWatch/monitoring-first diagnosis, and safe SSH/AWS access expectations. Trigger: When dealing with EC2 deployment failures, disk pressure, Docker pull/layer errors, or server cleanup.
$ install --global
skillsauthnpx skillsauth add rzyfront/vendix vendix-ec2-maintenanceInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 16, 2026, 5:05 AM135.4s1 file scanned
SKILL.md
- name:
- vendix-ec2-maintenance
- description:
- >
- Vendix EC2 production maintenance and troubleshooting:
- GitHub Actions to ECR + EC2 deploy,
- expectations. Trigger:
- When dealing with EC2 deployment failures, disk pressure, Docker
- license:
- MIT
- author:
- rzyfront
- version:
- 2.0
- scope:
- [root]
- auto_invoke:
- EC2 maintenance, deployment disk issues, or Docker layer/pull failures
Vendix EC2 Maintenance
Source of Truth
.github/workflows/deploy-backend-ec2.yml.github/workflows/deploy-s3.yml- backend monitoring services under
apps/backend/src/domains/superadmin/monitoring/ docker-compose.yml
Production Reality
- Backend is built in GitHub Actions, pushed to ECR, and deployed on EC2.
- Frontend is deployed separately to S3/CloudFront, not through the EC2 backend workflow.
- Deploy workflow fetches secrets from AWS Secrets Manager.
Access Expectations
- Do not hard-require a user-provided local
.pempath in the skill text. - For this repo, automation commonly uses GitHub secret
VENDIX_SSH_PRIVATE_KEYand resolves host/instance data through AWS. - If manual access is needed, confirm the approved access method first: AWS CLI, SSM/SSH, bastion, or a provided key.
Diagnosis Order
Prefer evidence in this order:
- GitHub Actions deploy logs.
- Superadmin infrastructure/monitoring views backed by CloudWatch.
- AWS CLI inspection if available.
- SSH only when server-level state is needed.
Disk / Docker Cleanup
Avoid blanket docker system prune -a -f as the default advice.
Prefer the repo’s targeted cleanup sequence when disk pressure or layer registration failures appear:
- container prune
- image prune
- volume prune
- builder prune
- package/cache cleanup as used in deploy automation
Be careful with persistent infra components such as shared Docker network/Redis state.
Common Symptoms
no space left on device- Docker layer registration or pull failures
- stale images/containers consuming disk during deploy
npm install failure is not a primary EC2 deploy symptom for this repo because production backend images are built before reaching the instance.
Live Infra Note
AWS CLI checks such as aws sts get-caller-identity are safe for validating access context. Use live infra reads only when repository evidence is insufficient.
Related Skills
vendix-cloud-operations- General AWS CLI, SSH, and private production runbook orientation.vendix-monorepo-workspacesbuildcheck-devgit-workflow
Related Skills
rzyfront/mobile-dev
development
VerifiedTrustedCommunity
Mobile app development rules for Vendix Expo/React Native project. Trigger: When editing, creating, or modifying any file under apps/mobile, or when developing mobile-specific features.
5SKILL.mdUpdated May 29, 2026
rzyfront/vendix-subscription-gate
development
VerifiedTrustedCommunity
Feature gating by store subscription state: global store write guard, AI feature gate, Redis feature resolution, quota consumption, frontend paywall interceptor, banner, and subscription UI states. Trigger: When adding feature gates, paywalls, subscription-based access control, protecting store write operations, AI feature gates, or rollout flags.
5SKILL.mdUpdated May 16, 2026
rzyfront/vendix-saas-billing
testing
VerifiedTrustedCommunity
SaaS subscription billing for Vendix stores: plan pricing, invoices, Wompi platform payments, manual payments, partner commissions, payouts, proration, and dunning. Trigger: When creating SaaS invoices, working with partner rev-share, margin/surcharge pricing, invoice sequence allocation, partner payout batches, subscription payments, manual payments, or dunning flows.
5SKILL.mdUpdated May 16, 2026
rzyfront/vendix-redis-quota
development
VerifiedTrustedCommunity
Periodic quota counters with Redis, UTC period keys, Lua-based idempotent AI quota consumption, request-id deduplication, and post-success consumption. Trigger: When building quota counters, enforcing monthly/daily feature caps, or reusing AI quota patterns for uploads, emails, exports, or rate-limited features.
5SKILL.mdUpdated May 16, 2026