Jeden Skill in Manus ausführen
mit einem Klick

Jeden Skill in Manus mit einem Klick ausführen

internal-platform-cli

Sterne0

Forks0

Aktualisiert24. Juni 2026 um 03:26

Use whenever a task touches the internal platform via the `axle` CLI — deploying a service, reading or rotating secrets, tailing logs, running one-off commands or migrations in an environment, or inspecting env config. Reach for this any time you are about to run `axle ...`, or when a command "worked locally" but hung, targeted the wrong environment, or silently hit prod instead of staging. Especially load this before anything destructive (`axle deploy`, `axle db migrate`, `axle secrets set`, `axle exec`) or anything run from CI / a non-interactive shell.

Installation

Mit Codex oder Claude installieren Kopieren Sie diesen Prompt, fügen Sie ihn in Codex, Claude oder einen anderen Assistant ein und lassen Sie die Skill-Seite prüfen und installieren.

In Manus ausführen

Quelle

az9713

az9713/skill-best-practices

GitHub-Repository öffnen Creator-Repositorys ansehen

Download

In Manus ausführen

Datei-Explorer

2 Dateien

SKILL.md

readonly

name

internal-platform-cli

description

internal-platform-cli

Overview

axle is the internal platform CLI — the single wrapper engineers use to operate services on the platform: deploys, secrets, logs, one-off command execution, database access, and environment config. Every invocation runs against a context (an auth identity) and a target environment (staging or prod). The two are independent, and the most expensive mistakes come from a command quietly resolving to the wrong one. axle is built for humans at a TTY by default; running it from CI or a script without the right flags is the second-biggest source of failures.

When to Use

Use this skill when you are:

Deploying or rolling back a service (axle deploy, axle deploy --rollback).
Reading, setting, or rotating secrets (axle secrets get|set|rotate).
Tailing or querying logs (axle logs), especially live tail.
Running a one-off command, shell, or migration inside a running service (axle exec, axle db).
Inspecting or diffing environment configuration (axle env).
Writing a CI step, cron, or script that shells out to axle (non-TTY).
Debugging a command that hung, paged, or hit the wrong environment.

Do NOT use this for: local-only development (use the service's own make/npm scripts), CI pipeline definition syntax (that's the ci.yaml schema, not axle), or cloud-provider console operations that bypass the platform. axle is the platform's front door; if a task is genuinely outside the platform, it won't help.

See references/commands.md for the full subcommand surface, flags, and worked examples. Load it whenever you need exact flag names or output formats.

Context & environment model

Two orthogonal selectors decide what an axle command actually does:

Context = who you are (auth identity + cluster credentials). Set with axle context use <name>, shown by axle context current. Stored in ~/.axle/config. A stale or wrong context is why "permission denied" and "service not found" appear for services you know exist.
Environment = what you target (staging | prod). Resolved in this order: explicit --env/-e flag → AXLE_ENV var → the context's default env. There is no global default of staging — if a context's default is prod, a bare command hits prod.

Make the target explicit on anything that writes. The safe habit is axle <cmd> -e staging ... / -e prod ... every time, rather than trusting the resolved default.

Typical flow

axle context current                 # confirm WHO and default env before anything
axle deploy api -e staging           # ship to staging, watch rollout
axle logs api -e staging --since 5m  # verify health
axle deploy api -e prod              # promote (prompts for confirmation on prod)

For machine output (CI, parsing), add --json and --no-pager:

axle logs api -e prod --since 1h --no-pager --json | jq '.[] | select(.level=="error")'

Gotchas

ALWAYS treat these as real, observed failure modes — each has bitten someone operating a live service.

A bare command does NOT default to staging — it resolves to the context's default env, which may be prod. New engineers assume "no --env means safe/staging." It doesn't. If your current context's default is prod, axle deploy api deploys to production. Always pass -e staging / -e prod explicitly on any write (deploy, secrets set, db migrate, exec). Run axle context current first to see the default. Treat an unflagged write command in a script as a bug.
Context and environment are independent — being "in" staging context does not stop -e prod from working. Context selects credentials; if your identity has prod access, an -e prod flag (or AXLE_ENV=prod left exported in your shell) reaches prod regardless of which context is "current." Check both: axle context current shows context AND resolved default env. A lingering export AXLE_ENV=prod from an earlier session is a classic silent foot-gun — unset AXLE_ENV when in doubt.
axle logs (live tail) and other interactive subcommands open a pager and BLOCK under non-TTY. In CI, a cron, or piped output, axle logs without flags will hang forever waiting on a pager / streaming tail that never gets a terminal. From any non-interactive context, always pass --no-pager and a bounded --since/--limit (live --follow tail never returns — don't use it in scripts). axle exec and axle db shell similarly try to allocate a TTY and fail or hang non-interactively; use axle exec -- <cmd> (one-shot, non-interactive) instead of an interactive shell.
Destructive subcommands prompt for confirmation, and that prompt is what hangs your automation — don't blindly add --yes. axle deploy -e prod, axle db migrate, axle db reset, and axle secrets rotate require typed confirmation (often re-typing the service or env name for prod). In a script this prompt blocks on stdin forever. The fix is --yes/-y to pre-confirm — but --yes on db reset or -e prod deploy removes the only guardrail, so gate it behind an explicit, reviewed CI condition, never reflexively. There is no undo for db reset.
axle secrets get prints the secret value to stdout — it is not masked. Running it in a shared terminal, a logged CI step, or a recorded session leaks the secret into scrollback and logs. Use axle secrets get NAME --copy (to clipboard) for interactive use, and never axle secrets get in a CI step whose logs are retained. To check existence without revealing the value, use axle secrets list (names only).
--json changes the contract; default human output is NOT stable to parse. The default tabular/colored output includes ANSI codes and may reflow — scripts that grep/awk it break silently on the next CLI version. Any programmatic consumer must use --json (and --no-pager). If a command lacks --json, that's a signal it isn't meant to be scripted.
axle deploy --rollback rolls back to the previous successful release, not "one commit back." If three failed deploys happened since the last good one, rollback jumps over all of them to the last healthy release — which may be older than you expect. Confirm the target with axle deploy <svc> --history before rolling back prod.

Files

references/commands.md — full subcommand reference for deploy, secrets, logs, exec, db, and env: every flag, output format, exit codes, and worked examples (including CI-safe non-TTY invocations).

Mehr aus diesem Repository

gleiches Repository

adversarial-review

az9713/skill-best-practices

Use when a change is written and "looks done" but has not had a hostile second pass before merge — especially diffs touching auth, money, migrations, concurrency, or anything the author is quietly unsure about. Spawns a fresh-eyes reviewer subagent that sees ONLY the diff and the spec, collects findings, drives fixes, and re-dispatches until findings degrade to nitpicks. Reach for this instead of self-reviewing; the author is the worst reviewer of their own diff.

2026-06-240

babysit-pr

az9713/skill-best-practices

Use when a PR is open and green-but-blocked, or red on CI for reasons that smell like flake — a timed-out test runner, a transient network 500 in a setup step, a check that passed locally but failed in CI. Reach for this whenever someone says "this PR keeps failing CI but the test is flaky", "can you babysit this PR to merge", "it's just a flaky check, retry it", or wants a PR shepherded through retries, conflict resolution, and auto-merge without sitting on it manually. Prefer this over hand-clicking "Re-run failed jobs" in the GitHub UI, which gives up no signal on flaky-vs-real and forgets to enable auto-merge.

2026-06-240

billing-lib

az9713/skill-best-practices

Use when writing or reviewing code that meters API token usage, bills accounts, issues invoices, applies credit grants, or computes balances with the internal `billing` library — especially around retries, mid-cycle plan changes, cache-read vs cache-write token pricing, or any place where double-billing or rounding drift would be a problem.

2026-06-240

checkout-verifier

az9713/skill-best-practices

Use when an API-credits checkout or paid-plan upgrade needs to be proven end-to-end against Stripe test mode — confirming a card charge actually creates the invoice and subscription in the right state, reproducing a "I paid but my credits didn't show up" report, checking that a declined or 3DS card fails the way the UI claims, or wiring a billing smoke test into CI so a checkout regression is caught before a customer's money is.

2026-06-240

cherry-pick-prod

az9713/skill-best-practices

Use when a specific fix that's already on main needs to land on a production/release branch without dragging along everything else — a hotfix to backport, a "cherry-pick this commit onto release-2.4", a "we need just that one PR on prod" request. Reach for this whenever someone wants to port one or a few commits to a release branch and open a PR for it, especially before doing it by hand in their main checkout, which pollutes their working tree and routinely leaves conflict markers committed or loses the original commit's provenance.

2026-06-240

code-style

az9713/skill-best-practices

Use when writing or editing code in this org's Python or JS/TS, especially before committing or opening a PR — and proactively the moment a diff adds an import, an except/catch, or any logging. Enforces the style rules Claude gets wrong by default: import grouping, error-wrapping (no bare except / empty catch), no leftover debug prints, explicit over clever. Runs scripts/check_style.sh (ruff, mypy --strict, eslint + grep guards) which exits nonzero so it drops into a pre-commit hook or CI.

2026-06-240

name

internal-platform-cli

description

internal-platform-cli

Overview

When to Use

Use this skill when you are:

Deploying or rolling back a service (axle deploy, axle deploy --rollback).
Reading, setting, or rotating secrets (axle secrets get|set|rotate).
Tailing or querying logs (axle logs), especially live tail.
Running a one-off command, shell, or migration inside a running service (axle exec, axle db).
Inspecting or diffing environment configuration (axle env).
Writing a CI step, cron, or script that shells out to axle (non-TTY).
Debugging a command that hung, paged, or hit the wrong environment.

See references/commands.md for the full subcommand surface, flags, and worked examples. Load it whenever you need exact flag names or output formats.

Context & environment model

Two orthogonal selectors decide what an axle command actually does:

Context = who you are (auth identity + cluster credentials). Set with axle context use <name>, shown by axle context current. Stored in ~/.axle/config. A stale or wrong context is why "permission denied" and "service not found" appear for services you know exist.
Environment = what you target (staging | prod). Resolved in this order: explicit --env/-e flag → AXLE_ENV var → the context's default env. There is no global default of staging — if a context's default is prod, a bare command hits prod.

Make the target explicit on anything that writes. The safe habit is axle <cmd> -e staging ... / -e prod ... every time, rather than trusting the resolved default.

Typical flow

axle context current                 # confirm WHO and default env before anything
axle deploy api -e staging           # ship to staging, watch rollout
axle logs api -e staging --since 5m  # verify health
axle deploy api -e prod              # promote (prompts for confirmation on prod)

For machine output (CI, parsing), add --json and --no-pager:

axle logs api -e prod --since 1h --no-pager --json | jq '.[] | select(.level=="error")'

Gotchas

ALWAYS treat these as real, observed failure modes — each has bitten someone operating a live service.

A bare command does NOT default to staging — it resolves to the context's default env, which may be prod. New engineers assume "no --env means safe/staging." It doesn't. If your current context's default is prod, axle deploy api deploys to production. Always pass -e staging / -e prod explicitly on any write (deploy, secrets set, db migrate, exec). Run axle context current first to see the default. Treat an unflagged write command in a script as a bug.
Context and environment are independent — being "in" staging context does not stop -e prod from working. Context selects credentials; if your identity has prod access, an -e prod flag (or AXLE_ENV=prod left exported in your shell) reaches prod regardless of which context is "current." Check both: axle context current shows context AND resolved default env. A lingering export AXLE_ENV=prod from an earlier session is a classic silent foot-gun — unset AXLE_ENV when in doubt.
axle logs (live tail) and other interactive subcommands open a pager and BLOCK under non-TTY. In CI, a cron, or piped output, axle logs without flags will hang forever waiting on a pager / streaming tail that never gets a terminal. From any non-interactive context, always pass --no-pager and a bounded --since/--limit (live --follow tail never returns — don't use it in scripts). axle exec and axle db shell similarly try to allocate a TTY and fail or hang non-interactively; use axle exec -- <cmd> (one-shot, non-interactive) instead of an interactive shell.
Destructive subcommands prompt for confirmation, and that prompt is what hangs your automation — don't blindly add --yes. axle deploy -e prod, axle db migrate, axle db reset, and axle secrets rotate require typed confirmation (often re-typing the service or env name for prod). In a script this prompt blocks on stdin forever. The fix is --yes/-y to pre-confirm — but --yes on db reset or -e prod deploy removes the only guardrail, so gate it behind an explicit, reviewed CI condition, never reflexively. There is no undo for db reset.
axle secrets get prints the secret value to stdout — it is not masked. Running it in a shared terminal, a logged CI step, or a recorded session leaks the secret into scrollback and logs. Use axle secrets get NAME --copy (to clipboard) for interactive use, and never axle secrets get in a CI step whose logs are retained. To check existence without revealing the value, use axle secrets list (names only).
--json changes the contract; default human output is NOT stable to parse. The default tabular/colored output includes ANSI codes and may reflow — scripts that grep/awk it break silently on the next CLI version. Any programmatic consumer must use --json (and --no-pager). If a command lacks --json, that's a signal it isn't meant to be scripted.
axle deploy --rollback rolls back to the previous successful release, not "one commit back." If three failed deploys happened since the last good one, rollback jumps over all of them to the last healthy release — which may be older than you expect. Confirm the target with axle deploy <svc> --history before rolling back prod.

Files

references/commands.md — full subcommand reference for deploy, secrets, logs, exec, db, and env: every flag, output format, exit codes, and worked examples (including CI-safe non-TTY invocations).