원클릭으로
break-glass
Emergency IAM elevation for oncall/debugging. Discovers GCP projects and guides through granting/revoking permissions.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Emergency IAM elevation for oncall/debugging. Discovers GCP projects and guides through granting/revoking permissions.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
Review a unit of work (a PR, a Linear ticket, or a path) and explain it so it sticks — composing structural context (mache/seams), team ownership (CODEOWNERS), and intent (the ticket) into a taught synthesis rather than a bare findings list. Emphasis shifts by authorship: work you own gets domain-onboarding (so you can defend it in a meeting); a peer's gets findings-teaching (so you learn to spot it yourself). Reads your situated context from native user rules + auto-memory when present and degrades gracefully without it. Local/explain only — posts nothing, edits nothing.
Wire repo validation so local == CI by construction - every check is a Taskfile target, and CI + git hooks INVOKE those targets rather than re-implementing the commands. Use when adding a test/lint/format/validation gate, when CI and local disagree, when a pre-commit/pre-push hook duplicates a command, or when asked to make validation 1:1 with CI, add a Taskfile target, or stop CI failing first. Covers includes-vs-composition, the non-mutating task ci gate, and the pre-push hook pattern.
Use when you ask "how are my PRs?", "did I address Mark's review?", "what's new on the PRs I opened?", or "anything waiting on me?" — the recurring authored-PR status question. Answers it lectio-first via memory_authored_activity (reviews/comments by OTHERS on PRs you authored, your own replies excluded), refreshes the gh source if it's stale, joins each PR to your local worktrees + notes, and prints a board of what needs you. Falls back to gh only for coverage gaps. Read-only; posts nothing.
Find internal docs (not for external consumers), review against code reality, bead real items, archive stale files. Converts markdown debt into tracked beads.
Decompose an aspiration into a lattice of dispatchable bead specs using 5-whys descent + a 7-property dispatchability rubric. Outputs a problem-statement doc (matching TEMPLATE.md), a list of bead specs ready to file via rosary:note, and an honest queue of non-leaves that need further design. Use when starting a new platform / capability / migration / refactor where work needs to be broken down before agents can ship it. Use also to audit an existing backlog for orphan-dispatchable beads that don't trace to a real aspiration.
Restructure a README for both human skimmers and LLM ingestion. Diagnoses information architecture, identifies frontloaded internals, proposes a reordered structure that lands the value prop in the first 200 tokens, then generates a diff for review. Preserves content; changes order and disclosure. Modular sub-skill of repo-seo-curator.
SOC 직업 분류 기준
| name | break-glass |
| description | Emergency IAM elevation for oncall/debugging. Discovers GCP projects and guides through granting/revoking permissions. |
Help the user temporarily elevate their IAM permissions for oncall/emergency access to GCP projects.
$ARGUMENTS
gcloud config get-value account
If user provided a project hint (like "staging", "dev", "prod"), search for matching projects:
gcloud projects list --format="value(projectId)" --filter="projectId~HINT OR name~HINT"
Or list all accessible projects to help them choose:
gcloud projects list --format="table(projectId,name)" --limit=20
Always confirm the exact project ID with the user before proceeding.
Ask user to confirm:
Parse from arguments or ask. Map shortcuts:
storage -> roles/storage.adminrun -> roles/run.adminlogs -> roles/logging.viewerpubsub -> roles/pubsub.adminbigquery -> roles/bigquery.adminowner or nothing specified -> roles/ownergcloud projects add-iam-policy-binding PROJECT_ID \
--member='user:USER_EMAIL' \
--role='ROLE'
If prompted about conditions when ADDING:
Immediately after granting, give the exact revoke command:
gcloud projects remove-iam-policy-binding PROJECT_ID \
--member='user:USER_EMAIL' \
--role='ROLE'
If prompted about conditions when REMOVING:
Tell user to:
/break-glass staging - find projects matching "staging", grant owner/break-glass dev storage - find projects matching "dev", grant storage.admin/break-glass my-exact-project-id - use exact project ID/break-glass - list projects and ask what they need