🇺🇸English
HyperFleet Operational Readiness Audit Skill
CRITICAL: READ-ONLY MODE
This skill MUST NOT modify any files in the repository being audited. All operations are read-only analysis. The skill produces reports but never changes code, configuration, or documentation.
When to Use This Skill
Activate this skill when the user:
- Asks to "check operational readiness"
- Asks "is this repo operationally ready?"
- Asks to "audit for production readiness"
- Asks "what operational gaps does this repo have?"
- Asks to "run an operational readiness check"
- Asks about "production readiness"
- Asks "is this service ready for production operations?"
- Asks to "validate operational requirements"
Operational Readiness Requirements Source
These checks are based on HYPERFLEET-539 requirements for operational readiness. Unlike the standards-audit skill which dynamically fetches standards, these operational requirements are hardcoded as they represent core reliability requirements that rarely change.
Repository Type Detection
Before running applicable checks, detect the repository type.
Detection Commands
# Check for API indicators
ls pkg/api/ 2>/dev/null && echo "HAS_API_PKG"
ls openapi.yaml 2>/dev/null || ls openapi/openapi.yaml 2>/dev/null && echo "HAS_OPENAPI"
grep -l "database" cmd/*.go 2>/dev/null && echo "HAS_DATABASE"
# Check for Sentinel indicators
basename $(pwd) | grep -i sentinel && echo "IS_SENTINEL"
grep -r "polling\|reconcile" --include="*.go" -l 2>/dev/null | head -1 && echo "HAS_RECONCILE"
# Check for Adapter indicators
basename $(pwd) | grep "^adapter-" && echo "IS_ADAPTER"
grep -r "cloudevents\|pubsub" --include="*.go" -l 2>/dev/null | head -1 && echo "HAS_CLOUDEVENTS"
# Check for Infrastructure
ls charts/Chart.yaml 2>/dev/null || ls Chart.yaml 2>/dev/null && echo "HAS_HELM"
ls *.tf 2>/dev/null && echo "HAS_TERRAFORM"
# Check for Go code
ls cmd/*.go 2>/dev/null || ls pkg/**/*.go 2>/dev/null && echo "IS_GO_REPO"
Repository Type Matrix
| Indicators | Repository Type |
|---|
| HAS_API_PKG + HAS_OPENAPI + HAS_DATABASE | API Service |
| IS_SENTINEL or HAS_RECONCILE | Sentinel |
| IS_ADAPTER or HAS_CLOUDEVENTS (without API) | Adapter |
| HAS_HELM or HAS_TERRAFORM (without Go) | Infrastructure |
| IS_GO_REPO (without service patterns) | Tooling |
Operational Readiness Checks
Check 1: Functional Health Probes
Severity: Critical Requirement: Health and readiness endpoints must verify actual dependencies (database, message broker, external services), not just return 200 OK.
Applies to: API, Sentinel, Adapter Does NOT apply to: Infrastructure, Tooling
What to check:
- Health endpoint exists (
/healthz or /health)
- Readiness endpoint exists (
/readyz or /ready)
- Health checks verify actual dependencies:
- Database connectivity
- Message broker connectivity
- Critical external service availability
Check commands:
# Check for health endpoints
grep -r "/healthz\|/health\|/readyz\|/ready" --include="*.go" -l 2>/dev/null
# Check if health checks verify dependencies (not just returning OK)
grep -r "healthz\|readyz" --include="*.go" -A 20 2>/dev/null | grep -i "ping\|check\|db\|database\|broker\|connect"
Pass criteria:
- Health endpoints exist
- Endpoints contain actual dependency checks (not just
return 200)
Fail indicators:
- No health endpoints found
- Health handlers only return static OK without checking dependencies
- Missing readiness probe separate from liveness
Check 2: Dead Man's Switch Metrics
Severity: Critical (REQUIRED for Sentinel services) Requirement: Services must emit heartbeat/timestamp metrics that external monitoring can use to detect silent failures.
Applies to: Sentinel (CRITICAL), Adapter (Yes), API (Optional) Does NOT apply to: Infrastructure, Tooling
What to check:
- Heartbeat or timestamp metric exists
- Metric is updated on each successful operation cycle
- Metric follows naming convention:
hyperfleet_*_last_success_timestamp or hyperfleet_*_heartbeat
Check commands:
# Check for dead man's switch / heartbeat metrics
grep -r "last_success\|heartbeat\|last_run\|last_processed" --include="*.go" -l 2>/dev/null
# Check for timestamp metric patterns
grep -r "SetToCurrentTime\|prometheus.NewGauge.*timestamp\|prometheus.NewGauge.*heartbeat" --include="*.go" -l 2>/dev/null
# Look for reconciliation loop metrics
grep -r "reconcile.*success\|loop.*completed\|cycle.*finished" --include="*.go" -l 2>/dev/null
Pass criteria:
- Heartbeat or timestamp metric exists
- Metric is updated in main processing loop
Fail indicators (CRITICAL for Sentinel):
- No heartbeat/timestamp metrics found
- Metrics exist but not updated on success path
- Only error metrics without success indicators
Check 3: Retry Logic with Exponential Backoff
Severity: Major Requirement: All HTTP clients and message broker interactions must implement retry logic with exponential backoff to handle transient failures.
Applies to: API, Sentinel, Adapter Does NOT apply to: Infrastructure, Tooling
What to check:
- HTTP client retry configuration
- Message broker client retry configuration
- Exponential backoff implementation (not just fixed delays)
Check commands:
# Check for retry libraries or patterns
grep -r "retry\|backoff\|Retry\|Backoff" --include="*.go" -l 2>/dev/null
# Check for exponential backoff specifically
grep -r "exponential\|ExponentialBackoff\|backoff.Exponential" --include="*.go" -l 2>/dev/null
# Check for common retry libraries
grep -r "cenkalti/backoff\|avast/retry-go\|hashicorp/go-retryablehttp" --include="*.go" -l 2>/dev/null
# Check if raw http.Client is wrapped
grep -r "http.Client\|http.NewRequest" --include="*.go" -A 5 2>/dev/null | grep -i "retry"
Pass criteria:
- Retry library is imported/used
- HTTP clients wrapped with retry logic
- Exponential backoff configured (not fixed delays)
Fail indicators:
- Raw http.Client used without retry wrapper
- Fixed sleep delays instead of exponential backoff
- No retry logic on broker/external service calls
Check 4: PodDisruptionBudget
Severity: Major Requirement: Helm charts must include PodDisruptionBudget templates to ensure availability during node maintenance and cluster upgrades.
Applies to: API, Sentinel, Adapter, Infrastructure Does NOT apply to: Tooling
What to check:
- PDB template exists in Helm chart
- PDB has sensible defaults (minAvailable or maxUnavailable)
Check commands:
# Check for PDB template
ls charts/*/templates/pdb.yaml 2>/dev/null || ls charts/*/templates/poddisruptionbudget.yaml 2>/dev/null
# Check values.yaml for PDB configuration
grep -r "podDisruptionBudget\|pdb:" charts/*/values.yaml 2>/dev/null
# Check for PDB in any template
grep -r "PodDisruptionBudget" charts/*/templates/*.yaml 2>/dev/null
Pass criteria:
- PDB template exists
- PDB values configurable in values.yaml
Fail indicators:
- No PDB template in Helm chart
- PDB exists but hardcoded (not configurable)
- No Helm chart exists (for services that should have one)
Check 5: Resource Limits
Severity: Major Requirement: Deployment must have CPU and memory requests AND limits defined to ensure proper scheduling and prevent resource exhaustion.
Applies to: API, Sentinel, Adapter, Infrastructure Does NOT apply to: Tooling
What to check:
- Resource requests defined (cpu, memory)
- Resource limits defined (cpu, memory)
- Values are configurable in values.yaml
Check commands:
# Check values.yaml for resource configuration
grep -A 10 "resources:" charts/*/values.yaml 2>/dev/null
# Check for both requests and limits
grep -A 20 "resources:" charts/*/values.yaml 2>/dev/null | grep -E "requests:|limits:|cpu:|memory:"
# Check deployment template uses resources
grep -r "\.Values.resources\|resources:" charts/*/templates/deployment.yaml 2>/dev/null
Pass criteria:
resources.requests.cpu definedresources.requests.memory definedresources.limits.cpu definedresources.limits.memory defined- Values are templates (not hardcoded)
Fail indicators:
- Missing requests or limits
- Only requests without limits (or vice versa)
- Hardcoded values instead of templated
Check 6: Graceful Shutdown
Severity: Critical Requirement: Services must handle SIGTERM/SIGINT signals, stop accepting new work, drain existing work, and exit cleanly within the termination grace period.
Applies to: API, Sentinel, Adapter Does NOT apply to: Infrastructure, Tooling
What to check:
- Signal handling for SIGTERM and SIGINT
- Server/listener graceful shutdown
- In-flight request completion
- Connection draining
Check commands:
# Check for signal handling
grep -r "SIGTERM\|SIGINT\|signal.Notify\|os.Signal" --include="*.go" -l 2>/dev/null
# Check for graceful shutdown
grep -r "Shutdown\|GracefulStop\|graceful" --include="*.go" -l 2>/dev/null
# Check for context cancellation on shutdown
grep -r "context.WithCancel\|ctx.Done" --include="*.go" -A 5 2>/dev/null | grep -i "shutdown\|signal"
Pass criteria:
- Signal handlers registered for SIGTERM and SIGINT
- Server Shutdown() or GracefulStop() called
- Context cancellation propagated
Fail indicators:
- No signal handling
- Using os.Exit() directly without cleanup
- No graceful server shutdown
Check 7: Reliability Documentation
Severity: Minor Requirement: Services should have operational documentation including runbooks, metrics documentation, and operational guides.
Applies to: API, Sentinel, Adapter, Infrastructure (Partial) Does NOT apply to: Tooling
What to check:
- Runbook exists (docs/runbook.md or similar)
- Metrics documented
- Operational guide or README with ops section
Check commands:
# Check for runbook
ls docs/runbook.md 2>/dev/null || ls docs/runbooks/*.md 2>/dev/null || ls RUNBOOK.md 2>/dev/null
# Check for metrics documentation
ls docs/metrics.md 2>/dev/null || grep -l "## Metrics" docs/*.md 2>/dev/null || grep -l "## Metrics" README.md 2>/dev/null
# Check for operational documentation
ls docs/operations.md 2>/dev/null || grep -l "## Operations\|## Operational" docs/*.md 2>/dev/null
Pass criteria:
- At least one form of operational documentation exists
- Metrics are documented somewhere
Fail indicators:
- No runbook
- No metrics documentation
- No operational guidance
Applicability Matrix
| Check | API | Sentinel | Adapter | Infrastructure | Tooling |
|---|
| Functional Health Probes | Yes | Yes | Yes | No | No |
| Dead Man's Switch Metrics | Optional | CRITICAL | Yes | No | No |
| Retry Logic with Backoff | Yes | Yes | Yes | No | No |
| PodDisruptionBudget | Yes | Yes | Yes | Yes | No |
| Resource Limits | Yes | Yes |
Audit Execution
For Each Applicable Check
- Determine applicability based on repository type
- Execute check commands listed above
- Evaluate results against pass/fail criteria
- Record status as PASS, PARTIAL, or FAIL
- Document specific gaps with file locations and remediation
Output Format
Audit Report Structure
# HyperFleet Operational Readiness Audit Report
**Repository:** [repo name]
**Path:** [full path]
**Repository Type:** [API/Sentinel/Adapter/Infrastructure/Tooling]
**Audit Date:** [ISO timestamp]
**Requirements Source:** HYPERFLEET-539
---
## Summary
| Check | Status | Severity | Applicable |
|-------|--------|----------|------------|
| Functional Health Probes | PASS/PARTIAL/FAIL | Critical | Yes/No |
| Dead Man's Switch Metrics | PASS/PARTIAL/FAIL | Critical | Yes/No |
| Retry Logic with Backoff | PASS/PARTIAL/FAIL | Major | Yes/No |
| PodDisruptionBudget | PASS/PARTIAL/FAIL | Major | Yes/No |
| Resource Limits | PASS/PARTIAL/FAIL | Major | Yes/No |
| Graceful Shutdown | PASS/PARTIAL/FAIL | Critical | Yes/No |
| Reliability Documentation | PASS/PARTIAL/FAIL | Minor | Yes/No |
**Overall Operational Readiness:** X/Y checks passing (Z%)
---
## Detailed Findings
### [Check Name]
**Status:** PASS/PARTIAL/FAIL
**Severity:** Critical/Major/Minor
**Applicable:** Yes/No (reason if No)
#### Evidence Found
- [File path:line - what was found]
#### Gaps Found (if any)
- **Location:** [file path:line number or N/A]
- **Expected:** [what operational readiness requires]
- **Found:** [what was actually found]
- **Remediation:** [how to fix]
---
## Recommendations
**Critical Issues (address before production):**
1. [Issue description and remediation]
**Major Issues (address soon):**
1. [Issue description and remediation]
**Minor Issues (address when convenient):**
1. [Issue description and remediation]
Example Audit Session
User: "check operational readiness"
Skill Response:
# HyperFleet Operational Readiness Audit Report
**Repository:** hyperfleet-sentinel
**Path:** /home/croche/Projects/hyperfleet/hyperfleet-sentinel
**Repository Type:** Sentinel
**Audit Date:** 2026-01-29T14:30:00Z
**Requirements Source:** HYPERFLEET-539
---
## Summary
| Check | Status | Severity | Applicable |
|-------|--------|----------|------------|
| Functional Health Probes | PASS | Critical | Yes |
| Dead Man's Switch Metrics | FAIL | Critical | Yes (REQUIRED) |
| Retry Logic with Backoff | PARTIAL | Major | Yes |
| PodDisruptionBudget | PASS | Major | Yes |
| Resource Limits | PASS | Major | Yes |
| Graceful Shutdown | PASS | Critical | Yes |
| Reliability Documentation | FAIL | Minor | Yes |
**Overall Operational Readiness:** 4/7 checks passing (57%)
---
## Detailed Findings
### Functional Health Probes
**Status:** PASS
**Severity:** Critical
**Applicable:** Yes
#### Evidence Found
- cmd/server/health.go:23 - `/healthz` endpoint registered
- cmd/server/health.go:45 - `/readyz` endpoint registered
- cmd/server/health.go:52 - Database ping check in readiness handler
---
### Dead Man's Switch Metrics
**Status:** FAIL
**Severity:** Critical (REQUIRED for Sentinel)
**Applicable:** Yes - Sentinel services MUST have dead man's switch metrics
#### Evidence Found
- No heartbeat or timestamp metrics found
#### Gaps Found
- **Location:** N/A - not implemented
- **Expected:** Heartbeat or timestamp metric updated on each reconciliation cycle
- **Found:** No metrics that would alert on silent failures
- **Remediation:** Add `hyperfleet_sentinel_last_success_timestamp` gauge metric, call `SetToCurrentTime()` after each successful reconciliation cycle
---
### Retry Logic with Backoff
**Status:** PARTIAL
**Severity:** Major
**Applicable:** Yes
#### Evidence Found
- pkg/client/http.go:45 - Basic retry logic found
- No exponential backoff implementation
#### Gaps Found
- **Location:** pkg/client/http.go:45
- **Expected:** Exponential backoff with jitter
- **Found:** Fixed 1-second delay between retries
- **Remediation:** Replace fixed delays with exponential backoff using `cenkalti/backoff` or similar library
---
### PodDisruptionBudget
**Status:** PASS
**Severity:** Major
**Applicable:** Yes
#### Evidence Found
- charts/hyperfleet-sentinel/templates/pdb.yaml exists
- charts/hyperfleet-sentinel/values.yaml:78 - `podDisruptionBudget.minAvailable: 1`
---
### Resource Limits
**Status:** PASS
**Severity:** Major
**Applicable:** Yes
#### Evidence Found
- charts/hyperfleet-sentinel/values.yaml:45 - resources.requests.cpu: 100m
- charts/hyperfleet-sentinel/values.yaml:46 - resources.requests.memory: 128Mi
- charts/hyperfleet-sentinel/values.yaml:47 - resources.limits.cpu: 500m
- charts/hyperfleet-sentinel/values.yaml:48 - resources.limits.memory: 512Mi
---
### Graceful Shutdown
**Status:** PASS
**Severity:** Critical
**Applicable:** Yes
#### Evidence Found
- cmd/main.go:67 - `signal.Notify(sigChan, syscall.SIGTERM, syscall.SIGINT)`
- cmd/main.go:89 - `server.Shutdown(ctx)` called on signal
---
### Reliability Documentation
**Status:** FAIL
**Severity:** Minor
**Applicable:** Yes
#### Evidence Found
- No runbook found
- No metrics documentation found
#### Gaps Found
- **Location:** docs/ directory
- **Expected:** Runbook and metrics documentation
- **Found:** Only README.md with installation instructions
- **Remediation:** Create docs/runbook.md with operational procedures and docs/metrics.md documenting exposed metrics
---
## Recommendations
**Critical Issues (address before production):**
1. **Dead Man's Switch Metrics** - Add heartbeat metric to detect silent failures. This is REQUIRED for Sentinel services.
**Major Issues (address soon):**
1. **Retry Logic** - Replace fixed delays with exponential backoff to prevent thundering herd during outages.
**Minor Issues (address when convenient):**
1. **Reliability Documentation** - Add runbook and metrics documentation for on-call support.
Error Handling
If the skill cannot complete an audit:
- Unknown repo type: Ask user to specify or default to "Tooling" (most restrictive)
- No Helm chart: Skip Helm-related checks and note in report
- No Go code: Skip code-based checks and note in report
- Partial checks: Report which checks could not be performed
Always provide partial results where possible and suggest manual verification steps for incomplete checks.
Notes
- This skill is READ-ONLY - it never modifies files
- Requirements are hardcoded based on HYPERFLEET-539 (not dynamically fetched)
- Severity ratings: Critical > Major > Minor
- Repository type affects which checks apply
- Sentinel services have stricter requirements for dead man's switch metrics
- All checks include file locations and specific remediation guidance
Weekly Installs
–
Repository
openshift-hyper…-plugins
GitHub Stars
5
First Seen
–
Security Audits
Gen Agent Trust HubPassSocketPassSnykPass
