stevefeldman/go-hystrix
skills/go-hystrix/SKILL.md
Audit and optimize Hystrix circuit breaker implementations in Go services for scaling, performance, and availability
$ install --global
skillsauthnpx skillsauth add stevefeldman/agents-skills go-hystrixInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 28, 2026, 8:12 AM296.7s8 files scanned
SKILL.md
- name:
- go-hystrix
- description:
- Audit and optimize Hystrix circuit breaker implementations in Go services for scaling, performance, and availability
Hystrix Circuit Breaker Audit
Audit a Go service's Hystrix circuit breaker implementation across 7 dimensions: configuration tuning, error handling, code patterns, observability, naming conventions, testing, and fallback patterns. Produces a tiered report with quick-win code fixes and recommendations requiring team decisions.
Context
Go services using github.com/afex/hystrix-go implement circuit breakers to protect downstream dependencies. Common patterns include:
hystrix.ConfigureCommand()inmain.goto set timeouts, concurrency, and error thresholdshystrix.Go()with a channel+select pattern for async executionhystrix.GetCircuit()in instrumenting middleware for Prometheus metricshystrix.NewStreamHandler()for real-time circuit monitoring
Instructions
0. Determine Audit Scope
- If
$ARGUMENTScontains file paths or a subdirectory: scoped audit — only audit hystrix usage in those files - If
$ARGUMENTSis empty: full repo audit — audit the entire service in the current working directory - If invoked by go-staff-engineer agent: follow the agent's scope directive
For scoped audits, skip dimensions where no relevant findings exist and produce a condensed report.
1. Find Hystrix Imports
- Check
go.modforgithub.com/afex/hystrix-godependency - Scan all
*.gofiles for"github.com/afex/hystrix-go/hystrix"imports - If no hystrix usage is found, report "No hystrix-go usage detected" and stop
2. Map Command Configurations
- Search for all
hystrix.ConfigureCommand()calls (typically inmain.go) - For each command, extract:
- Command name (first argument string)
Timeoutvalue and whether it's hardcoded or config-drivenMaxConcurrentRequestsvalueErrorPercentThresholdvalue- Whether
SleepWindoworRequestVolumeThresholdare set (note if using defaults)
Build the Command Inventory Table:
| Command | Timeout | MaxConcurrent | ErrorThreshold | SleepWindow | ReqVolumeThreshold | File:Line | |---------|---------|---------------|----------------|-------------|-------------------|-----------|
3. Map Execution Sites
- Search for all
hystrix.Go()andhystrix.Do()calls across*.gofiles - For each call, record:
- The command name string (must match a configured command)
- The file and line number
- Whether a fallback function is provided (second/third parameter)
- The service method or dependency it protects
- Flag any execution sites where the command name does not match a configured command
4. Map Middleware and Wrappers
- Search for
hystrix.GetCircuit()calls — these indicate monitoring/metrics integration - Identify instrumenting middleware that exposes circuit status (typically a
getCircuitStatus()helper) - Note which metrics system is used (Prometheus, StatsD, etc.)
5. Identify Protected Dependencies
- For each hystrix command, trace the code inside the
hystrix.Go()/hystrix.Do()closure to identify what external service or resource it protects - Categorize each dependency: external API, cache (Redis), database, internal service, etc.
Output: A command map linking each command to its configuration, execution site, and protected dependency. This map is the foundation for all 7 dimension audits.
6. Audit Dimensions
For each dimension (1-7), read the corresponding reference file under references/, then run its checklist against the command map and source code. For each finding:
- Classify severity: Critical (misconfigured/ineffective), Warning (suboptimal but functional), Info (style/consistency)
- Tag as Quick Win (include before/after code) or Recommendation (describe the issue, note effort as S/M/L)
Dimension order:
- Configuration Tuning — read
references/configuration-tuning.md - Error Handling — read
references/error-handling.md - Code Patterns — read
references/code-patterns.md - Observability — read
references/observability.md - Naming Conventions — read
references/naming-conventions.md - Testing — read
references/testing-patterns.md - Fallback Patterns — read
references/fallback-patterns.md
7. Generate Report
Produce the audit report in this format. For dimensions with no findings, include the heading with "No issues found."
# Hystrix Audit Report: {service-name}
## Executive Summary
- **Commands audited:** {count}
- **Dependencies protected:** {list}
- **Overall health:** {Critical: N | Warning: N | Info: N}
### Quick Wins (ready to apply)
| # | Finding | Dimension | Severity | File:Line |
|---|---------|-----------|----------|-----------|
| 1 | ... | ... | ... | ... |
### Recommendations (team decision needed)
| # | Finding | Dimension | Severity | Effort |
|---|---------|-----------|----------|--------|
| 1 | ... | ... | ... | S/M/L |
---
## Command Inventory
| Command | Timeout | MaxConcurrent | ErrorThreshold | Protected Dependency | File:Line |
|---------|---------|---------------|----------------|---------------------|-----------|
---
## Dimension 1: Configuration Tuning
### Findings
{findings with severity badges}
### Quick Win Code
{before/after diffs for fixable items}
## Dimension 2: Error Handling
### Findings
{error filtering analysis, swallowed errors}
### Quick Win Code
{fixes where applicable}
## Dimension 3: Code Patterns
### Findings
{deviations from standard boilerplate}
### Quick Win Code
{normalization diffs}
## Dimension 4: Observability
### Findings
{metrics integration, stream handler, alerting gaps}
### Quick Win Code
{missing metrics registration, etc.}
## Dimension 5: Naming Conventions
### Findings
{inconsistent or non-traceable names}
### Quick Win Code
{renames where safe}
## Dimension 6: Testing
### Findings
{missing circuit breaker test coverage}
### Recommendations
{test patterns to add}
## Dimension 7: Fallback Patterns
### Findings
{flag missing fallbacks — no prescriptive fixes, defer to team}
Severity definitions:
- Critical — circuit breaker is misconfigured or ineffective (e.g., timeout higher than upstream timeout, circuit never trips)
- Warning — suboptimal but functional (e.g., uniform concurrency not tuned per dependency, missing sleep window config)
- Info — style/consistency issues (e.g., naming inconsistency, boilerplate deviation)
Effort sizing for recommendations:
- S — isolated change, single file
- M — multi-file change, requires testing
- L — architectural change, requires team alignment
Related Skills
stevefeldman/dependency-security-audit
development
VerifiedTrustedCommunity
Use when reviewing Dependabot alerts, npm audit findings, govulncheck output, or CVE reports on a JavaScript/Node.js or Go project — especially when triaging multiple alerts across direct and transitive dependencies to assess real-world risk and produce a remediation plan.
3SKILL.mdUpdated May 28, 2026
stevefeldman/pr-evidence
development
VerifiedTrustedCommunity
Use when a code review finding needs proof — write a focused test in JavaScript or Go that either confirms the issue is real or exposes it as over-engineering hyperbole. Trigger after code-review or code-review-skill findings are presented and evidence is requested.
3SKILL.mdUpdated May 22, 2026
stevefeldman/software-estimation
development
VerifiedTrustedCommunity
Produce data-driven software delivery estimates by analyzing historical JIRA tickets, git activity, and engineer track records, then matching the new work against the most similar past tickets. Use this skill whenever the user asks "how long will this take", wants to estimate a piece of work, scope an epic, plan a sprint, or estimate delivery for JIRA stories or a Figma design. Also use whenever the user wants developer-to-work assignment recommendations based on history, wants to optimize an estimate by adding or reallocating engineers, or asks "what's the fastest way to ship this" or "who should work on this". Especially trigger when the user provides JIRA ticket IDs, JIRA story links, or Figma designs together with any indication of a team that will execute the work.
3SKILL.mdUpdated May 16, 2026
stevefeldman/automation-rubric
tools
VerifiedTrustedCommunity
Use when auditing an existing test suite for quality and coverage gaps, evaluating Playwright migration readiness, scoring automation against a world-class e-commerce standard, or guiding the creation of new tests. Applicable to Selenium, WebdriverIO, and Playwright suites.
3SKILL.mdUpdated May 12, 2026