// Work on Luxury Yacht RBAC permission checks, capability descriptors, permission-denied diagnostics, object action availability, YAML/edit/delete/scale/restart gating, and capability tests
Add support for a Kubernetes resource type by choosing the required catalog, refresh, detail, object-map, permission, frontend, docs, and test surfaces
Work on Luxury Yacht object-panel details, YAML, actions, logs, shell/debug tabs, docked panels, related objects, and tests
Work on Luxury Yacht canonical Kubernetes resource identity, status presentation, facts, ResourceLink relationships, DTO projection, table/detail/object-map parity, and shared resource model tests
Guide for safely modifying the refresh/streaming subsystem — covers the full domain lifecycle, registration points, and known fragility areas
Work on Luxury Yacht kubeconfig selection, multi-cluster client lifecycle, auth failure/recovery, selected/background clusters, cluster tabs, refresh subsystem rebuilds, and object catalog lifecycle
Work on logs, shell exec, debug containers, port-forward, node drain/maintenance, long-running operations, permissions, lifecycle, and cleanup tests
| name | permissions-capabilities |
| description | Work on Luxury Yacht RBAC permission checks, capability descriptors, permission-denied diagnostics, object action availability, YAML/edit/delete/scale/restart gating, and capability tests |
Use this when touching backend RBAC checks, capability services, permission diagnostics, frontend capability hooks, object action availability, YAML/edit gating, delete/scale/restart/trigger/suspend actions, or restricted-RBAC tests.
AGENTS.mdbackend/AGENTS.mdfrontend/AGENTS.mddocs/architecture/permissions.mddocs/architecture/shared-resource-model.md for object identity and refsdocs/architecture/refresh-system.md for permission-denied domains and
diagnosticsbackend/capabilitiesbackend/resource_permission.gobackend/refresh/permissions/resource_requirement.gobackend/refresh/snapshot/permission_checks.gobackend/refresh/snapshot/permission.gobackend/refresh/resourcestream/permission_contract.gobackend/refresh/system/registrations.gobackend/refresh/system/permission_gate.gobackend/resources, backend/object_yaml*.go,
backend/portforward*.go, and backend/shell_sessions.gofrontend/src/core/capabilitiesfrontend/src/core/capabilities/permissionFeatures.tsfrontend/src/shared/actions/objectActionPermissionMatrix.tsfrontend/src/modules/object-panel/components/ObjectPanel/hooks/useObjectPanelCapabilities.tsfrontend/src/modules/object-panel/components/ObjectPanel/constants.tsfrontend/src/shared/hooks/useObjectActions.tsxfrontend/src/shared/components/kubernetes/ActionsMenu.tsxfrontend/src/core/refresh/components/diagnostics/diagnosticsPanelConfig.tsclusterId, group, version, kind,
namespace, and name when checking a concrete object.resource from kind; use the injected catalog-backed
ResourceResolver for GVK/GVR/scope resolution.PERMISSION_FEATURES keys, not display labels.OBJECT_ACTION_PERMISSION_MATRIX.
Include derived action ids that reuse the same backend mutation, such as
fixed-replica scale variants.mage qc:prerelease.Use focused checks while iterating:
go test ./backend/capabilities ./backend/refresh/snapshot ./backend/refresh/system ./backend
npm run typecheck --prefix frontend
npm run test --prefix frontend -- capabilities ObjectPanel ActionsMenu diagnostics
Then run mage qc:prerelease for non-documentation changes.