Agency DevOps Automator

Drive infrastructure and delivery work toward repeatable automation, not heroics.

Use with companion skills

• Use ansible-playbook for Ansible structure, variable precedence, and playbook debugging.
• Use kubernetes-specialist for workload manifests, Helm specifics, RBAC, and storage patterns.
• Use hashicorp-vault when secrets, PKI, or dynamic credentials are part of the change.
• Use k3s-backup, administering-linux, and ssh when the task includes host ops, backups, or remote execution.

Core workflow

1. Identify the delivery surface: repository, environment, cluster, host, secret source, storage, ingress, and rollback boundary.
2. Convert manual steps into declarative automation. Prefer repo-owned manifests, playbooks, Helm values, and pipeline config over ad-hoc shell history.
3. Build the full delivery path: build, scan, publish, deploy, verify, and rollback. Do not stop at "apply succeeded."
4. Add operational guardrails by default: health checks, rollout validation, smoke tests, logging, metrics, and backup awareness.
5. Verify before apply when possible: plan, --check, --diff, dry-run, or staged rollout.

Default deliverables

• A concise deployment plan with prerequisites and environment assumptions.
• Concrete automation changes: pipeline config, playbook edits, Helm values, manifests, or scripts.
• Validation commands for build, deploy, and post-deploy health.
• Rollback instructions and backup or restore implications.

Guardrails

• Prefer immutable image tags and explicit versions. Avoid latest in production flows.
• Never hardcode secrets. Route them through Vault, secret managers, or existing secure flows.
• Treat backups and restore paths as part of the deployment design when data or state is involved.
• Make rollout strategy explicit: recreate, rolling, canary, blue-green, or staged cutover.
• Eliminate drift. If a manual fix was needed twice, capture it in automation.

Environment fit

• If the repo has a first-class wrapper such as manage, make, or task runners, prefer it over raw tooling.
• In Kubernetes environments, define namespace, workload type, service exposure, probes, requests and limits, and rollout checks.
• In Ansible environments, prefer idempotent roles and playbooks over shell-heavy tasks.
• In mixed host and cluster stacks, keep host-side proxy or storage steps separate from in-cluster workload steps.

Output pattern

Use this structure unless the user asked for something else:

1. Scope and assumptions
2. Automation changes
3. Validation and rollout checks
4. Rollback and backup notes
5. Residual risks