{"id":"4c134e6f-d0db-490a-95ee-625b84ac4312","shortId":"FT7BxR","kind":"skill","title":"vigilante-issue-implementation-on-terraform","tagline":"Implement a GitHub issue end-to-end when Vigilante dispatches work for a Terraform repository with fmt, validate, and secret-safe infrastructure guidance.","description":"# Vigilante Terraform Issue Implementation\n\n## Focus\n- Read the prompt for detected tech stacks, process hints, and Terraform security guidance before changing code.\n- Follow idiomatic Terraform conventions for resource naming, file layout, and formatting.\n- Keep changes scoped to the issue and do not broaden into unrelated refactoring or architecture redesign.\n\n## Terraform Tooling Workflow\n- **Formatting**: run `terraform fmt -recursive` on all touched Terraform directories before committing. Do not hand-format Terraform code — let the standard formatter handle layout.\n- **Validation**: run `terraform validate` in each root module directory that contains changed files. Ensure provider and backend blocks are present or that validation is run with `-no-color` for clean output. If validation requires initialized providers, run `terraform init -backend=false` first to install providers without configuring remote state.\n- **Planning**: do not run `terraform plan` or `terraform apply` unless the repository defines a safe local workflow for it (e.g., a Makefile target, CI script, or documented local plan process). Assume cloud credentials are not available in the agent environment.\n- **Linting**: use the repository's established lint tooling. When `tflint` is configured (`.tflint.hcl`), run `tflint` on touched modules. When `tfsec` or `trivy` is configured, run the appropriate scanner. Do not introduce a different linter unless the issue specifically requires it. If no project linter is configured, `terraform validate` is sufficient.\n- **Policy checks**: when the repository uses policy tools such as OPA/Conftest, Sentinel, or Checkov, respect their configuration and run them if a safe local path exists. Do not skip policy checks to make changes pass.\n\n## Terraform Style\n- Use `snake_case` for resource names, variable names, output names, and local values.\n- Keep resource blocks focused — one logical resource per block.\n- Group related resources in files named by purpose (e.g., `main.tf`, `variables.tf`, `outputs.tf`, `providers.tf`).\n- Use `variables.tf` for input variable declarations and `outputs.tf` for output declarations.\n- Pin provider versions with `required_providers` blocks and use pessimistic version constraints (e.g., `~> 5.0`).\n- Pin module versions when sourcing from a registry. Avoid `ref=main` for git-sourced modules in production configurations.\n\n## Security and State\n- Do not store secrets, tokens, credentials, or sensitive values in `.tf` files or `terraform.tfvars` committed to the repository.\n- Mark sensitive variables and outputs with `sensitive = true`.\n- Do not configure remote state backends with inline credentials. Use environment variables or external credential helpers.\n- Do not assume cloud credentials are available. If a change requires provider authentication, document the requirement rather than embedding credentials.\n- Treat state files (`terraform.tfstate`, `*.tfstate.backup`) as sensitive — they must never be committed. Verify `.gitignore` covers state files.\n- Use `prevent_destroy` lifecycle rules on critical resources when appropriate.\n- Avoid wildcard IAM policies and overly permissive security group rules. Prefer least-privilege access patterns.\n\n## Module Hygiene\n- When creating or modifying modules, include `variables.tf`, `outputs.tf`, and a `README.md` if the module is intended for reuse.\n- Validate module inputs with `validation` blocks on variables where constraints are meaningful.\n- Prefer the Terraform registry or organization-internal module sources over ad-hoc inline resources for common patterns.\n\n## Mixed-Language Repositories\n- A Terraform repository may include application code, CI/CD configuration, scripts, or other IaC tools alongside Terraform.\n- Scope Terraform tooling (`terraform fmt`, `terraform validate`, `tflint`, `tfsec`) to `.tf` files and Terraform directories only. Do not run Terraform tools against non-Terraform code.\n- When the repository also has application code, respect its own toolchain for application-scoped changes.\n- When an issue touches both Terraform and application code, validate each side with its own toolchain.\n\n## Workflow\n- Follow the base `vigilante-issue-implementation` workflow for issue comments, validation, push, and PR creation.\n- Use `vigilante commit` for all commit-producing operations. Do not use `git commit` or GitHub CLI commit flows directly.\n- Any commit or amend must preserve the user's existing git author, committer, and signing configuration. Commit on behalf of the user and do not overwrite `git config` with a coding-agent identity.\n- Do not add `Co-authored by:` trailers or any other agent attribution for Codex, Claude, Gemini, or similar coding-agent identities.\n- Repository-specific instructions (`AGENTS.md`, `README.md`, CI config) remain authoritative when they are more specific than the generic Terraform guidance in this skill.","tags":["vigilante","issue","implementation","terraform","aliengiraffe","agent","agent-skills","agentic-ai","agentic-workflow","agents","ai-orchestration","ai-orchestrator"],"capabilities":["skill","source-aliengiraffe","skill-vigilante-issue-implementation-on-terraform","topic-agent","topic-agent-skills","topic-agentic-ai","topic-agentic-workflow","topic-agents","topic-ai-orchestration","topic-ai-orchestrator","topic-orchestration"],"categories":["vigilante"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/aliengiraffe/vigilante/vigilante-issue-implementation-on-terraform","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add aliengiraffe/vigilante","source_repo":"https://github.com/aliengiraffe/vigilante","install_from":"skills.sh"}},"qualityScore":"0.464","qualityRationale":"deterministic score 0.46 from registry signals: · indexed on github topic:agent-skills · 28 github stars · SKILL.md body (4,917 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-01T07:01:25.368Z","embedding":null,"createdAt":"2026-04-18T22:23:23.592Z","updatedAt":"2026-05-01T07:01:25.368Z","lastSeenAt":"2026-05-01T07:01:25.368Z","tsv":"'5.0':344 'access':470 'ad':516 'ad-hoc':515 'add':674 'agent':196,670,683,693 'agents.md':699 'alongsid':541 'also':572 'amend':641 'appli':166 'applic':532,574,582,592 'application-scop':581 'appropri':224,455 'architectur':78 'assum':188,411 'attribut':684 'authent':421 'author':649,677 'authorit':704 'avail':193,415 'avoid':353,456 'backend':124,148,398 'base':604 'behalf':656 'block':125,300,306,337,497 'broaden':73 'case':287 'chang':51,65,119,281,418,584 'check':249,278 'checkov':261 'ci':181,701 'ci/cd':534 'claud':687 'clean':138 'cli':634 'cloud':189,412 'co':676 'co-author':675 'code':52,101,533,568,575,593,669,692 'codex':686 'coding-ag':668,691 'color':136 'comment':612 'commit':94,381,440,620,624,631,635,639,654 'commit-produc':623 'committ':650 'common':521 'config':665,702 'configur':155,209,221,243,264,363,395,535,653 'constraint':342,501 'contain':118 'convent':56 'cover':443 'creat':475 'creation':617 'credenti':190,372,401,407,413,428 'critic':452 'declar':325,330 'defin':170 'destroy':448 'detect':41 'differ':230 'direct':637 'directori':92,116,557 'dispatch':17 'document':184,422 'e.g':177,315,343 'embed':427 'end':12,14 'end-to-end':11 'ensur':121 'environ':197,403 'establish':203 'exist':273,647 'extern':406 'fals':149 'file':60,120,311,378,431,445,554 'first':150 'flow':636 'fmt':24,86,547 'focus':36,301 'follow':53,602 'format':63,83,99 'formatt':105 'gemini':688 'generic':712 'git':358,630,648,664 'git-sourc':357 'github':9,633 'gitignor':442 'group':307,464 'guidanc':31,49,714 'hand':98 'hand-format':97 'handl':106 'helper':408 'hint':45 'hoc':517 'hygien':473 'iac':539 'iam':458 'ident':671,694 'idiomat':54 'implement':4,7,35,608 'includ':479,531 'infrastructur':30 'init':147 'initi':143 'inlin':400,518 'input':323,494 'instal':152 'instruct':698 'intend':489 'intern':511 'introduc':228 'issu':3,10,34,69,234,587,607,611 'keep':64,298 'languag':525 'layout':61,107 'least':468 'least-privileg':467 'let':102 'lifecycl':449 'lint':198,204 'linter':231,241 'local':173,185,271,296 'logic':303 'main':355 'main.tf':316 'make':280 'makefil':179 'mark':385 'may':530 'meaning':503 'mix':524 'mixed-languag':523 'modifi':477 'modul':115,215,346,360,472,478,487,493,512 'must':437,642 'name':59,290,292,294,312 'never':438 'no-color':134 'non':566 'non-terraform':565 'one':302 'opa/conftest':258 'oper':626 'organ':510 'organization-intern':509 'output':139,293,329,389 'outputs.tf':318,327,481 'over':461 'overwrit':663 'pass':282 'path':272 'pattern':471,522 'per':305 'permiss':462 'pessimist':340 'pin':331,345 'plan':158,163,186 'polici':248,254,277,459 'pr':616 'prefer':466,504 'present':127 'preserv':643 'prevent':447 'privileg':469 'process':44,187 'produc':625 'product':362 'project':240 'prompt':39 'provid':122,144,153,332,336,420 'providers.tf':319 'purpos':314 'push':614 'rather':425 'read':37 'readme.md':484,700 'recurs':87 'redesign':79 'ref':354 'refactor':76 'registri':352,507 'relat':308 'remain':703 'remot':156,396 'repositori':22,169,201,252,384,526,529,571,696 'repository-specif':695 'requir':142,236,335,419,424 'resourc':58,289,299,304,309,453,519 'respect':262,576 'reus':491 'root':114 'rule':450,465 'run':84,109,132,145,161,211,222,266,561 'safe':29,172,270 'scanner':225 'scope':66,543,583 'script':182,536 'secret':28,370 'secret-saf':27 'secur':48,364,463 'sensit':374,386,391,435 'sentinel':259 'side':596 'sign':652 'similar':690 'skill':717 'skill-vigilante-issue-implementation-on-terraform' 'skip':276 'snake':286 'sourc':349,359,513 'source-aliengiraffe' 'specif':235,697,709 'stack':43 'standard':104 'state':157,366,397,430,444 'store':369 'style':284 'suffici':247 'target':180 'tech':42 'terraform':6,21,33,47,55,80,85,91,100,110,146,162,165,244,283,506,528,542,544,546,548,556,562,567,590,713 'terraform.tfstate':432 'terraform.tfvars':380 'tf':377,553 'tflint':207,212,550 'tflint.hcl':210 'tfsec':217,551 'tfstate.backup':433 'token':371 'tool':81,205,255,540,545,563 'toolchain':579,600 'topic-agent' 'topic-agent-skills' 'topic-agentic-ai' 'topic-agentic-workflow' 'topic-agents' 'topic-ai-orchestration' 'topic-ai-orchestrator' 'topic-orchestration' 'touch':90,214,588 'trailer':679 'treat':429 'trivi':219 'true':392 'unless':167,232 'unrel':75 'use':199,253,285,320,339,402,446,618,629 'user':645,659 'valid':25,108,111,130,141,245,492,496,549,594,613 'valu':297,375 'variabl':291,324,387,404,499 'variables.tf':317,321,480 'verifi':441 'version':333,341,347 'vigilant':2,16,32,606,619 'vigilante-issue-implement':605 'vigilante-issue-implementation-on-terraform':1 'wildcard':457 'without':154 'work':18 'workflow':82,174,601,609","prices":[{"id":"605ba08b-983d-4c3c-a6ee-ef68e321d41f","listingId":"4c134e6f-d0db-490a-95ee-625b84ac4312","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"aliengiraffe","category":"vigilante","install_from":"skills.sh"},"createdAt":"2026-04-18T22:23:23.592Z"}],"sources":[{"listingId":"4c134e6f-d0db-490a-95ee-625b84ac4312","source":"github","sourceId":"aliengiraffe/vigilante/vigilante-issue-implementation-on-terraform","sourceUrl":"https://github.com/aliengiraffe/vigilante/tree/main/skills/vigilante-issue-implementation-on-terraform","isPrimary":false,"firstSeenAt":"2026-04-18T22:23:23.592Z","lastSeenAt":"2026-05-01T07:01:25.368Z"}],"details":{"listingId":"4c134e6f-d0db-490a-95ee-625b84ac4312","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"aliengiraffe","slug":"vigilante-issue-implementation-on-terraform","github":{"repo":"aliengiraffe/vigilante","stars":28,"topics":["agent","agent-skills","agentic-ai","agentic-workflow","agents","ai","ai-orchestration","ai-orchestrator","orchestration"],"license":"apache-2.0","html_url":"https://github.com/aliengiraffe/vigilante","pushed_at":"2026-04-23T16:58:46Z","description":"Vigilante is a sandbox-first orchestration layer for coding agents. It isolates every task in a git worktree, enforces strict credential scoping, and gives you full audit logs — so your agents can't burn down production.","skill_md_sha":"75d6b470bd657181a10069a4a0f91e539fd9aed4","skill_md_path":"skills/vigilante-issue-implementation-on-terraform/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/aliengiraffe/vigilante/tree/main/skills/vigilante-issue-implementation-on-terraform"},"layout":"multi","source":"github","category":"vigilante","frontmatter":{"name":"vigilante-issue-implementation-on-terraform","description":"Implement a GitHub issue end-to-end when Vigilante dispatches work for a Terraform repository with fmt, validate, and secret-safe infrastructure guidance."},"skills_sh_url":"https://skills.sh/aliengiraffe/vigilante/vigilante-issue-implementation-on-terraform"},"updatedAt":"2026-05-01T07:01:25.368Z"}}