Raishin

Respond to Alibaba Cloud incidents using CloudMonitor alarms, SLS log analytics, ARMS APM distributed tracing, and alert governance for ECS, RDS, ACK, and network services.

Advises on Google Cloud authentication and authorization patterns, covering Application Default Credentials (ADC), service account best practices, Workload Identity Federation, human user authentication, service-to-service authentication, and anti-patterns like service account key downloads.

Classifies and routes Scaleway tasks to the most qualified specialist agent when a user's request spans IAM, cost, Kapsule/Kubernetes, networking, or live-guard domains and the specialist is unknown. It provides a domain verdict, recommended specialist, and routing rationale without directly answering specialist questions.

Detect and coordinate response to Alibaba Cloud cost anomalies, such as MaxCompute billing mismatches, ECS spot instance interruption cascades, CDN traffic spike billing, and OSS API request cost explosions, triggering DingTalk notifications and remediation playbooks upon budget alerts.

Design Cloud Spanner schemas with hotspot avoidance, interleaving strategies, optimal indexing, processing-unit sizing, and global write patterns for distributed OLTP at scale.

Use this skill for Kubernetes cluster network architecture review, covering the dataplane, service routing surface, in-cluster DNS, and multi-cluster topologies.

Use this skill for reviewing Backstage Scaffolder software templates, especially when assessing their safety for developer self-service, RBAC, input validation, blast radius of actions, or exposure of secrets in outputs.

Use this skill for Azure resilience, business continuity, and disaster recovery reviews covering RTO/RPO realism, failover and failback assumptions, shared-responsibility gaps, and recovery runbook or drill quality.

Pre-change blast radius analysis for Huawei Cloud, covering Organizations SCP cascade scope, IAM agency dependency chains, VPC route table and Peering impacts, GaussDB instance class change disruption, CCE node pool resize safety, and Enterprise Project boundary clarity.

Design and operate OCI Exadata Database Service across OCI Dedicated Infrastructure, Exadata Cloud@Customer, Oracle Database@Azure, Oracle Database@Google Cloud, and Oracle Database@AWS. Use for Exadata architecture, VM clusters, cloud Exadata infrastructure, Exascale, RAC, Data Guard, backup, migration, compatibility, capacity, network, and multicloud destination reviews.

Design, review, and stress-test Oracle Cloud Infrastructure solution architectures across identity, compartments, networking, compute, database, storage, observability, security, reliability, cost, and operations. Use when asked for OCI landing zones, target architectures, architecture review boards, migration designs, production readiness, or tradeoff decisions.

Analyze BigQuery slot reservation sizing, BI Engine acceleration, query cost estimation, dataset governance (expiration, access controls), and partitioning/clustering optimization to reduce on-demand scan costs.

Design and operate OCI IoT digital twin adapters, models, instances, relationships, and domain context. Use for digital twin topology, lifecycle, integration, and safe model/relationship changes.

Validates Salesforce deployments against sandbox or non-production orgs to identify issues, test failures, and metadata problems without committing changes. This reversible dry-run refuses production org targets, which require human approval.

Use this skill to evaluate a Salesforce release for deployment readiness. It covers sandbox refresh strategy, source tracking state, package version differences, destructiveChanges.xml review, test coverage verification, post-deploy steps, rollback plan, comms plan, and approval matrix.

Analyze Alibaba Cloud spend via Cost Manager, optimize Savings Plans and Reserved Instance coverage, design resource tagging strategy, investigate budget drift, and right-size over-provisioned ECS, RDS, and MaxCompute resources.

Use this skill to evaluate Salesforce deployment zero-trust readiness against NIST SP 800-207 ZTA principles. It covers continuous verification, MFA status, OAuth token lifetimes, session re-authentication, certificate health, and mTLS enforcement for external integrations.

Triages GCP operational alerts, incidents, and support tickets, including P0/P1/P2/P3 classification and GCP Premium/Enhanced Support SLA enforcement. This involves war room coordination, evidence collection from Cloud Monitoring and Cloud Logging, and establishing safe escalation paths.

Review Cloud Run and Cloud Functions gen2 for production readiness, covering min-instances cold start, memory and CPU allocation, VPC connector configuration, Secret Manager injection, CMEK encryption, concurrency limits, and traffic splitting safety.

Reviews Hetzner Cloud infrastructure posture, covering firewall rules, load balancer setup, network topology, IP exposure, and region distribution across fsn1, nbg1, and hel1. Use to audit or enhance Hetzner Cloud network security or architecture.

Use this skill to review custom-audience and lookalike-audience upload specifications for hashing adequacy, PII field scope, consent-basis validity, and platform data-sharing restrictions before submission to Meta, Google, LinkedIn, or TikTok.

This skill reviews the technical path of a Global Privacy Control (GPC) opt-out signal through the tag stack and CMP to determine if ad tags, server-side forwarding, and conversion APIs cease firing. It triggers when a user provides a tag-manager container export, a CMP opt-out configuration, a server-side tag configuration, or asks about their GPC implementation.

Use this skill to review exported RPA workflow definitions for resilience and security defects that cause unattended bots to fail silently in production. It triggers when a user provides UiPath XAML files, Automation Anywhere bot exports, Power Automate Desktop flow definitions, Blue Prism process XML, project dependency manifests, or asks why an unattended bot crashes silently.

This skill reviews Kubernetes Pod Security Admission (PSA), covering namespace labels for privileged, baseline, and restricted profiles, enforce/audit/warn modes, version pinning, and migration from deprecated PodSecurityPolicy. It triggers when users ask about namespace label safety, workload profile compliance, or audit/warn modes.

Use this skill when reviewing Sigstore Cosign supply chain security for Kubernetes workloads. Trigger when the user asks whether images are properly signed, whether Kyverno imageVerify policy is correctly scoped, whether SLSA provenance attestations exist, whether SBOM attestations are present, whether keyless signing is in use, or whether Rekor transparency log posture is appropriate for private.

Routes marketing-governance review tasks to the most suitable specialist or team from a catalog when the specific expert is unknown. Maestro classifies, dispatches, and synthesizes, assigning a single agent or a parallel team (up to 4) for diverse tasks.

Use this skill when the user asks which Azure role to assign, how to grant minimum access, whether a built-in role is sufficient, or when a custom role may be required.

Use this skill to evaluate any proposed mutation to a live Salesforce production org before execution. It acts as a refusal-by-default gate, stopping if any required precondition like target_org_identity or approval_state is missing.

Plan and execute migrations to GCP using Migrate to Virtual Machines, Database Migration Service, Storage Transfer Service, and design cutover sequencing with rollback plans.

Build and operate Huawei CodeArts CI/CD pipelines across CodeHub (Git), Build, Deploy, TestPlan, and Pipeline modules, managing SWR image lifecycle, deployment automation, and environment promotion with rollback gates.

Review Alibaba Cloud workload HA and BCDR designs, including RDS High-Availability Edition failover, PolarDB Global Database Network, ACK multi-zone, ECS cross-region disaster recovery, RTO/RPO target analysis, and HBR (Hybrid Backup Recovery) coverage.

Pre-change blast radius analysis for GCP, covering cross-project resource dependency mapping, organizational policy cascade effects, Shared VPC peering impact, Service Account impersonation chain analysis, and safe change sequencing.

Advise on MLPS 2.0 grading and technical controls, DSL Article 31 cross-border data transfer, CSL network operator obligations, PIPL personal data requirements, and ICP Beian filing for mainland China CN-* region workloads.

Plan migrations to Huawei Cloud via MgC (Migration Center), SMS (Server Migration Service) for P2V/V2V, DRS for database replication, and OMS (Object Migration Service) for object storage, with cutover sequencing and rollback design.

Operate AnalyticDB for MySQL and PostgreSQL, Hologres real-time OLAP analytics, and DAS real-time diagnostics for sub-second interactive analytics workloads.

Operate ECS instances, Auto Scaling groups, ECI serverless containers, and Cloud Assistant O&M automation. Handle instance lifecycle, image management, placement groups, spot/preemptible instances, and scheduled scaling.

Review and design AWS landing zones, AWS Control Tower environments, Organizations structures, OUs, account vending patterns, guardrails, central logging, security/audit accounts, and multi-account governance. Use when the user asks how to structure AWS accounts or govern a cloud estate.

Pre-change blast radius analysis for Alibaba Cloud, covering Resource Directory OU scope mapping, RAM policy cascade effects, VPC peering and CEN impact, SLB backend pool changes, RDS connection pool disruption, and safe change sequencing.

Audit and govern Alibaba Cloud KMS key lifecycles, Certificate Manager, SSM (Secrets Manager), and HSM key operations. Ensure encryption-at-rest coverage and rotation compliance across CMKs, envelope encryption, and certificate lifecycle.

Review AWS event-driven system design across EventBridge, event buses, Pipes, SQS, SNS, Step Functions, event schemas, filtering, cross-account routing, retries, DLQs, replay, idempotency, monitoring, and event-loop risk. Prefer serverless production readiness for Lambda runtime/deployment readiness.

Plan Alibaba Cloud migrations using SMC (Server Migration Center), DTS (Data Transmission Service) for data sync, OSSImport for object storage migration, and design cutover sequencing with rollback paths.

This skill gates KMS key deletion and disable operations. It ensures complete CMK dependency audits, deletion window confirmation, and explicit operator approval, as data encrypted with a deleted CMK becomes permanently inaccessible.

Operate PolarDB (MySQL/PG/Oracle) clusters and RDS instances, covering DAS diagnostics, database proxy, Global Database Network, backup strategy, and performance tuning.

Use this skill for Argo CD GitOps review across Application, AppProject, ApplicationSet, sync windows, RBAC, sync impersonation, and Argo CD Agent multi-cluster topologies. Trigger when the user asks whether an Argo CD configuration is safe for production, whether automated sync should be enabled, whether prune+selfHeal is appropriate, whether AppProject scope is too wide, or how to enforce least-privilege.

Query Alibaba Cloud ActionTrail management API call history, build governance audit reports, create SLS-based compliance evidence trails, and detect anomalous admin activity patterns.

Gate OSS bucket ACL and policy mutations: public-read/write ACL exposes data to internet crawlers within seconds; CN-* cross-border replication requires DSL Article 31 assessment.

Triage Alibaba Cloud operational alerts, incidents, and support tickets, including P0/P1/P2/P3 classification, Alibaba Cloud Support SLA enforcement, account manager escalation, DingTalk war room coordination, evidence collection from CloudMonitor and SLS, and safe escalation paths.

Patch AWS deployment hotfix config, release parameters, manifest mistakes, environment drift, rollback blockers, and rollout blockers in-repo. Use for rapid non-destructive deployment corrections; do not use for live deploy/apply/destroy actions.