AgentSkillsCN

environment-traceability

每当部署或审计环境时,运用此技能确保每个环境都能映射至明确的组件版本与标签,从而保留不可变的溯源记录。

SKILL.md
--- frontmatter
name: environment-traceability
description: >
  Use this skill whenever deploying or auditing environments to ensure each
  environment can be mapped to explicit component versions and tags, preserving
  immutable provenance.

Environment Deployment Traceability Review

Intent

Ensure environments have an explicit, reviewable record of what component versions/tags are deployed, enabling auditability and reliable rollbacks.


When to Use

  • Before and after deployments to any environment
  • During incident response or rollback planning
  • During compliance or audit reviews

Precondition Failure Signal

  • Environment state cannot be expressed as component versions/tags
  • Deployments are not tied to immutable release identifiers
  • Rollbacks require guesswork or manual archaeology
  • Multiple versions appear deployed without clear explanation

Postcondition Success Signal

  • Environment state lists each deployed component version and tag
  • Deployments are traceable to immutable release inputs
  • Rollback candidates are identifiable and verifiable
  • Traceability records are reproducible from source-of-truth artifacts

Process

  1. Source Review: Inspect the current environment state, deployment records, and source control tags.
  2. Implementation: Ensure deployment tools and records correctly capture and link component versions and tags.
  3. Verification: Perform an audit of an environment to prove it can be mapped back to specific source versions and tags.
  4. Documentation: Maintain a registry or record of environment versions; use an ADR if the traceability mechanism is changed.
  5. Review: Release Manager/SRE and Platform Engineer review the traceability mechanisms and records.

Example Test / Validation

  • For an environment, produce a component→version→tag mapping and verify it matches reality (conceptually)
  • Select a deployed version and verify the tag identifies the source state
  • Demonstrate rollback selection using recorded versions/tags

Common Red Flags / Guardrail Violations

  • “We’ll track it in a spreadsheet”
  • Deploying without tagging because “it’s only dev”
  • Allowing mutable references (“latest”, “main”) in deployments
  • Inconsistent component naming/versioning across environments

Recommended Review Personas

  • Platform/DevOps Engineer – validates traceability mechanisms and records
  • Tech Lead – validates alignment to release discipline and scope
  • Security/Compliance Reviewer – validates provenance and audit needs

Skill Priority

P0 – Safety & Integrity


Conflict Resolution Rules

  • Overrides all lower-priority skills
  • No environment promotion without traceability evidence unless escalated
  • Traceability cannot be traded for speed

Conceptual Dependencies

  • release-tagging-plan
  • incremental-deployment

Classification

Core
Governance


Notes

Traceability is a system property. If it’s optional, it won’t exist when needed.