AgentSkillsCN

tf-pre-provision

借助专用代理,完成包含前置检查与事后校验的完整部署流程

SKILL.md
--- frontmatter
name: tf-pre-provision
description: Complete provisioning workflow with pre-checks and post-validation using specialized agents
license: MIT
compatibility: opencode
metadata:
  workflow: terraform
  provider: azure
  type: orchestration

What I Do

This skill defines the COMPLETE provisioning workflow that MUST be followed for any terraform apply or terraform destroy command. It orchestrates multiple specialized agents to ensure safe, secure, compliant, and VERIFIED infrastructure deployments.

When to Use Me

ALWAYS when provisioning or destroying Azure resources with Terraform.


PHASE 1: PRE-PROVISIONING CHECKS

Step 1: Validation (@tf-validator)

Invoke the validation agent to check configuration syntax:

code
@tf-validator Please validate the Terraform configuration in this project

Must Pass: terraform fmt, terraform validate, variables have values


Step 2: Security Audit (@tf-security-auditor)

Invoke the security auditor to check for vulnerabilities:

code
@tf-security-auditor Please perform a security audit on the Terraform configuration

If CRITICAL issues found: Do NOT proceed.


Step 3: Cost Estimation (@tf-cost-estimator)

Estimate costs before provisioning:

code
@tf-cost-estimator Please estimate the costs for this Terraform configuration

Step 4: Compliance Check (@tf-compliance-checker)

Verify compliance with standards:

code
@tf-compliance-checker Please check this configuration against CIS benchmarks

Step 5: Plan Review (@tf-plan-reviewer)

Review the terraform plan:

bash
terraform plan -out=tfplan

Then:

code
@tf-plan-reviewer Please review this terraform plan output for safety

Step 6: User Approval

MANDATORY: Get explicit user confirmation before applying.


PHASE 2: EXECUTION

Step 7: Apply or Destroy

bash
terraform apply -auto-approve  # Only after user approval
# OR
terraform destroy -auto-approve  # Only after user approval

PHASE 3: POST-PROVISIONING VALIDATION (MANDATORY)

Step 8: Azure Resource Validation (@tf-azure-validator)

ALWAYS RUN after every terraform apply or terraform destroy:

After Apply:

code
@tf-azure-validator Validate these resources exist in Azure: [resource names]

After Destroy:

code
@tf-azure-validator Validate these resources were deleted from Azure: [resource names]

Complete Workflow Checklist

Pre-Provisioning

  • Step 1: Validation passed (@tf-validator)
  • Step 2: No CRITICAL security issues (@tf-security-auditor)
  • Step 3: Cost estimate acceptable (@tf-cost-estimator)
  • Step 4: Compliance verified (@tf-compliance-checker)
  • Step 5: Plan reviewed (@tf-plan-reviewer)
  • Step 6: User approved

Execution

  • Step 7: terraform apply/destroy completed

Post-Provisioning

  • Step 8: Resources verified in Azure (@tf-azure-validator)

Agent Summary

AgentPhasePurpose
@tf-validatorPreSyntax validation
@tf-security-auditorPreSecurity scanning
@tf-cost-estimatorPreCost estimation
@tf-compliance-checkerPreCompliance checking
@tf-plan-reviewerPrePlan risk assessment
@tf-azure-validatorPostAzure API verification