| name | infra-query |
| description | Use when the user asks questions about infrastructure dependencies across repositories in an AWS organization. Covers: blast-radius analysis ("if I change X, what breaks?"), resource ownership ("which repo owns this IAM role / VPC / S3 bucket?"), dependency tracing ("what does repo A depend on?"), and cross-repo change planning ("which repos need coordinated changes for this feature?"). Requires INFRA-MAP.md and infra-graph.json to be present (generated by the infra-compose tool). Trigger phrases: "blast radius", "which repo owns", "what depends on", "infra map", "dependency map", "cross-repo", "if I change", "which repos are affected", "infrastructure graph".
|
Infrastructure Query
Interactive reasoning over the cross-repository infrastructure connection map.
Setup
Before answering, locate the map files. Check in this order:
- Current working directory
- Parent directories (walk up)
- Path specified by the user
Files needed:
INFRA-MAP.md — human-readable narrative with Mermaid diagram
infra-graph.json — machine-readable connection graph
If neither file is found, tell the user: "I need INFRA-MAP.md and infra-graph.json. Run dave-infra-compose <registry-repo-path> to generate them, or tell me where they are."
Answering Queries
Load both files, then answer based on the query type:
Blast-Radius Analysis
"If I change the VPC in repo-X, which repos are affected?"
- Find
repo-X in infra-graph.json under repositories
- Collect all connections where
from == repo-X — these are direct dependents
- For each direct dependent, recursively collect their dependents (transitive)
- Report: direct dependents, transitive dependents, total blast radius
- For each affected repo, note which specific resource is the coupling point
Resource Ownership
"Which repo owns the IAM role eks-node-role?"
- Search
INFRA-MAP.md for the resource name/pattern
- Check
infra-graph.json — look in each repo's provides array
- Report the owning repo, the export mechanism (Terraform output / CFN export / SSM parameter), and confidence level
Dependency Tracing
"What does repo-A depend on?"
- Find
repo-A in infra-graph.json
- List all connections where
to == repo-A — these are its dependencies
- For each dependency: the source repo, the resources consumed, the mechanism, the confidence level
- Also check the
consumes array in the repo's metadata
Change Planning
"I need to add a new IAM permission — which repos need to change?"
- Identify the resource type in question
- Find which repo currently owns that resource category
- List repos that consume it (will need to pick up the new permission or policy)
- Suggest a coordination order: provider repo first, then consumers
Unknown Questions
If the map doesn't contain enough information to answer, say so explicitly and suggest:
- Re-running
/infra-scan in repos that may be missing or outdated
- Re-running
dave-infra-compose to refresh the map
- Checking the raw
INFRA.md in the specific repo directly
Confidence Levels
When reporting connections, always include the confidence level from infra-graph.json:
- high — explicit wiring:
terraform_remote_state, Fn::ImportValue, SSM parameter read matching a known write
- medium — naming pattern match: resource name in one repo matches a variable name in another
- low — inferred: Claude inferred coupling from context but could not confirm statically
Flag low-confidence connections clearly: "This connection is inferred — verify before acting on it."
Reference
See references/query-patterns.md for example queries and expected output formats.