// Use when creating, updating, or reviewing baseline Prometheus alert rules for a Razorpay microservice. Triggered by requests like 'add baseline alerts for X service', 'set up monitoring alerts', 'create baseline alerting for my service'.
Scores a Razorpay service repo against the Agentic SDLC Scorecard across three pillars — Context (C1–C4), Testing (T1–T4), CI/CD (D1–D4) — and outputs a band per pillar plus an aggregate score. Use when assessing how agent-ready a service is or tracking progress across teams.
Analyze alert coverage for Razorpay services by discovering multi-source monitoring (Prometheus, CloudWatch RDS, Performance Insights, Coralogix logs), scanning application metrics, and identifying missing business-critical metrics. Leverages repo skill Observability/Monitoring sections (when available) and verifies existing coverage with user before recommendations. Use when the user asks to analyze alert coverage, check for missing alerts, audit monitoring completeness, add metrics and alerts for a service, or improve observability. Only works with Razorpay repositories.
Analyzes API endpoints in Go codebases and generates comprehensive flow visualizations (both Mermaid charts and ASCII diagrams) showing the complete request execution path, including handlers, middleware, services, database queries, external HTTP APIs, cache operations, message queues, and all other components. Use when the user asks to visualize an API endpoint, see the flow of an API, understand how an API works, trace an API request, or map out API dependencies. Triggers on requests like "show me the flow for POST /users/create", "visualize the /orders endpoint", "trace the API call for account creation", or "map out what services are used by this endpoint".
Index of baseline metric families for Razorpay services. Use it to determine which standard metrics must exist for HTTP, gRPC, workers, egress, outbox, Go runtime, and relevant infra components.
Apply security best practices when writing, reviewing, or discussing code. Covers authentication, injection prevention, API security, input validation, infrastructure, and AI/LLM security for Python, Go, JS/TS, React, PHP, Node.js.
Generates ready-to-run cURL commands from any codebase (Go, Laravel, Express, Fastify, or other frameworks). Scans route definitions to auto-generate commands, or builds them from user-described endpoints. Includes proper headers, authentication, request bodies with realistic sample data, and environment support (devstack/prod). Use when users ask to "generate curl", "create curl commands", "curl examples for this API", "test this endpoint", or "generate API commands".
| name | baseline-alerting |
| description | Use when creating, updating, or reviewing baseline Prometheus alert rules for a Razorpay microservice. Triggered by requests like 'add baseline alerts for X service', 'set up monitoring alerts', 'create baseline alerting for my service'. |
Generate standardized Prometheus alert rules for a Razorpay microservice. This skill produces a complete set of baseline alerts covering pod health, ingress/egress traffic, latency SLAs, Kafka consumer lag, AWS resource monitoring, and more — then places them in the alert-rules repository as a PR.
Skill directory is referred to as ${CLAUDE_SKILL_DIR} throughout. It is the directory containing this SKILL.md file.
alert-rules repository (https://github.com/razorpay/alert-rules). Ask the user for the correct URL if unsure.promtool — install if not available:
brew install prometheusgit and gh CLI (for PR creation)Execute in 6 sequential phases. Each phase runs as a sub-agent to keep context focused. The parent agent coordinates, passing outputs between phases.
| Phase | Name | Purpose |
|---|---|---|
| 1 | Reconnaissance | Find existing alerts, determine CREATE vs UPDATE |
| 2 | Service Analysis | Detect surfaces from service code |
| 3 | Input Generation | Build or update {app_name}.input.yaml |
| 4 | Render + Dedup | Render templates, remove duplicate alerts |
| 5 | Place + Validate | Copy to final path, validate YAML/promtool |
| 6 | PR Creation | Branch, commit, push, open PR |
Goal: Inventory existing alerts for the target service. Determine if this is a CREATE or UPDATE flow.
Spawn a sub-agent that:
alert-rules repository.rules/prod-rules/ for existing alert rules matching the target service. Use these search patterns:
service: {app_name} in labelsnamespace="{namespace}" in PromQL expressions. Namespace is usually the app_name or some version of it.[{BU}][{appName}] in alert namesalert: field value)container_memory_working_set_bytes, http_requests_total, aws_rds_cpuutilization_maximum)baseline-monitoring-inputs/{app_name}.input.yaml exists in the alert-rules repo:
Output: Dedup inventory (list of existing alerts) + CREATE/UPDATE determination.
Goal: Detect which alert surfaces apply to this service.
Spawn a sub-agent that:
Auto-detectable surfaces (look for obvious signals in the service repo):
| Surface | Detection Signals |
|---|---|
| REST | HTTP route definitions, handler registrations, http.HandleFunc, Express routes, Spring @RequestMapping, gin.Engine, chi.Router |
| gRPC | .proto files, gRPC server initialization, grpc.NewServer(), RegisterXxxServer() |
| Kafka | Kafka consumer/producer config, topic names in config files, kafka.ConsumerGroup, @KafkaListener. Note: you can detect that Kafka is used, but exact topic names may need user confirmation. |
| Outbox | Outbox pattern imports (Go: outbox package usage), outbox worker config |
| Anomaly | Suggest for all REST services (week-over-week comparison) |
Always ask the user
| Surface | What to ask for |
|---|---|
| Traefik | Traefik service names (IngressRoute manifests live in infra repos) |
| Edge/Kong | Kong edge service name (edge config lives in separate repo) |
| ASG/Node | ASG names and k8s cluster names (terraform/infra config) |
| AWS RDS | RDS instance identifiers (terraform-managed, not in app code) |
| AWS ElastiCache | ElastiCache cluster IDs (terraform-managed) |
| AWS SQS | SQS queue names (terraform-managed) |
| StatusCake | StatusCake test ID (configured externally) |
The core philosophy being don't guess anything. If unsure, ask the user. Apply this to other unknown values too
Detected surfaces for {app_name}:
- REST: YES (found HTTP handlers in cmd/server.go)
- gRPC: NO
- Kafka: LIKELY (found kafka consumer config — confirm topic names below)
- Outbox: YES (outbox package imported in internal/worker/)
- Anomaly: SUGGESTED (REST service — week-over-week comparison recommended)
I need the following from you (resource names live in infra/terraform, not in service code):
- Traefik service names: (or "none")
- Edge/Kong service name: (or "none")
- ASG names: (or "none")
- K8s cluster names: (clusters your service runs on, or "none")
- RDS instance identifiers: (or "none")
- ElastiCache cluster IDs: (or "none")
- SQS queue names: (or "none")
- Kafka topic names: (confirm detected topics, or provide exact list)
- StatusCake test ID: (or "none")
Also provide:
- BU (Business Unit): e.g., Platform, Payments, RazorpayX, Capital
- Pod/team name: e.g., platform-engg
- Slack channel: e.g., #my-team-alerts
- Slack handle: e.g., <!subteam^SXXXXXX>
- Runbook URL
- Grafana/Vajra dashboard base URL
- Metric prefix: e.g., myapp_ (must match your instrumentation code)
- K8s namespace
- Container names
Output: Confirmed surface list + team metadata.
Goal: Produce a complete {app_name}.input.yaml config file.
Spawn a sub-agent that:
${CLAUDE_SKILL_DIR}/inputs.template.yaml as the starting point.application.interface.grpc field. If no Kafka topics, delete the infra.kafka block entirely. This keeps the config clean.baseline-monitoring-inputs/{app_name}.input.yaml.${CLAUDE_SKILL_DIR}/inputs.template.yaml (source of truth).baseline-monitoring-inputs/{app_name}.input.yaml in the alert-rules repo.Output: Path to saved input YAML.
Goal: Render alert rules from templates, then remove alerts that already exist.
Spawn a sub-agent that:
Installs dependencies and runs the render script:
pip install -r ${CLAUDE_SKILL_DIR}/scripts/requirements.txt
python ${CLAUDE_SKILL_DIR}/scripts/render.py \
--inputs {alert_rules_repo}/baseline-monitoring-inputs/{app_name}.input.yaml \
--output /tmp/baseline-{app_name}.yaml
Reads the rendered output file.
Compares each rendered alert against the dedup inventory from Phase 1. Two alerts are duplicates if ALL of these match:
expr (e.g., both use container_memory_working_set_bytes)namespace="my-service")For each duplicate found, marks it for removal.
Presents a dedup report to the user:
Baseline alerts generated: 25
Duplicates found and removed: 3
Removed (already exist in alert-rules repo):
- "Pod memory usage > 75%" -- exists in rules/prod-rules/myapp_rules.yaml:15
- "DB CPU > 80%" -- exists in rules/prod-rules/myapp_rds.yaml:8
- "Consumer lag > 1000" -- exists in rules/prod-rules/myapp_kafka.yaml:22
Final alert count: 22
When in doubt about whether two alerts overlap, ask the user rather than silently removing.
Writes the deduplicated output to /tmp/baseline-{app_name}.yaml.
Output: Deduplicated alert rules YAML + dedup report.
Goal: Place final YAML in the correct location and validate it.
Instruct the agent to:
Copy /tmp/baseline-{app_name}.yaml to rules/prod-rules/baseline-{app_name}.yaml in the alert-rules repo.
Install promtool if not already available:
which promtool || brew install prometheus # macOS
# Linux: download from https://github.com/prometheus/prometheus/releases
Run validation:
promtool check rules rules/prod-rules/baseline-{app_name}.yaml
If validation fails:
Present the final file to the user for review before proceeding to PR.
Output: Validated alert rules file at its final path.
Goal: Create a pull request in the alert-rules repo.
Create a new branch:
git checkout -b baseline-alerting/{app_name}-$(openssl rand -hex 3)
Stage both files:
git add baseline-monitoring-inputs/{app_name}.input.yaml
git add rules/prod-rules/baseline-{app_name}.yaml
Commit:
git commit -m "feat(baseline-alerting): {app_name} <meaningful commit message for the change>"
Push and create PR:
git push -u origin baseline-alerting/{app_name}
gh pr create --title "feat(baseline-alerting): {add/modify} baseline alerts for {app_name}" --body "$(cat <<'EOF'
## Baseline Alerts for {app_name}
### Surfaces covered
- [x/blank] Pod (CPU, memory, OOM, restarts, state, count)
- [x/blank] REST Ingress (RPS high/low, 5xx rate, 4xx rate, non-2xx rate)
- [x/blank] gRPC Ingress (RPS high/low, Internal error rate, InvalidArgument rate)
- [x/blank] Egress (RPS per host, 5xx/4xx/non-2xx rates, P99/P95/P90 latency)
- [x/blank] REST Latency (P99, P95, P90)
- [x/blank] gRPC Latency (P99, P95, P90)
- [x/blank] Traefik (request drop detection)
- [x/blank] Edge/Kong (request drop, throttling, auth rejections)
- [x/blank] Kafka (consumer lag, offset lag per topic)
- [x/blank] Outbox (job SLA, oldest pending job age)
- [x/blank] Uptime / StatusCake (downtime, liveliness P99)
- [x/blank] Anomaly (RPS drop vs last week, latency increase vs last week)
- [x/blank] AWS RDS (CPU, connections, write/read latency, replication lag, free space)
- [x/blank] AWS ElastiCache (CPU, connections, memory usage, free memory)
- [x/blank] AWS SQS (visible messages, message age)
- [x/blank] AWS Node (CPU, memory, min/max node count)
### Alerts added: N
### Alerts skipped (dedup): M
{list each skipped alert with the file:line where the existing alert lives}
### Input config
Stored at: `baseline-monitoring-inputs/{app_name}.input.yaml`
Generated by baseline-alerting skill v1.0
EOF
)"
Fill in the checklist based on actual surfaces. Replace [x/blank] with [x] for enabled surfaces and [ ] for those not applicable. Replace N, M, and the skipped list with actual values from Phase 4.
Output: PR URL.
The following Jinja2 templates in ${CLAUDE_SKILL_DIR}/templates/jinja2/modules/ generate alerts. Each is conditionally included based on the input config.
| Module | Alerts Generated | Key Metrics |
|---|---|---|
pod.yaml.j2 | Memory >75%, OOM, CPU >75%, restarts, non-ready pods, pod count min/max, memory limit failures | container_memory_working_set_bytes, container_oom_events_total, container_cpu_usage_seconds_total, kube_pod_container_status_restarts_total, kube_pod_status_phase, kube_pod_container_status_running, container_memory_failcnt |
egress.yaml.j2 | Egress RPS high/low per host, 5xx/4xx/non-2xx rates, P99/P95/P90 latency | httpclient_http_requests_count, httpclient_http_request_duration_ms_hist_bucket |
uptime.yaml.j2 | StatusCake downtime, liveliness P99 latency | statuscake_test_up, {prefix}http_durations_ms_histogram_bucket |
application.interface.rest| Module | Alerts Generated | Key Metrics |
|---|---|---|
ingress.yaml.j2 (REST section) | Max/Min RPS, 5xx >0.5%, 4xx >0.5%, non-2xx >1% | {prefix}http_requests_total, {prefix}http_responses_total |
latency.yaml.j2 (REST section) | P99 >100ms, P95 >200ms, P90 >300ms | {prefix}http_durations_ms_histogram_bucket |
application.interface.grpc| Module | Alerts Generated | Key Metrics |
|---|---|---|
ingress.yaml.j2 (gRPC section) | Max/Min RPS, Internal error >0.5%, InvalidArgument >0.5% | {prefix}server_requests_total, {prefix}grpc_server_handled_total |
latency.yaml.j2 (gRPC section) | P99 >100ms, P95 >200ms, P90 >300ms | {prefix}grpc_server_handling_seconds_bucket |
infra.traefik| Module | Alerts Generated | Key Metrics |
|---|---|---|
traefik_request_drop.yaml.j2 | Requests dropped between Traefik and app | traefik_service_requests_total vs {prefix}http_requests_total |
infra.edgeService| Module | Alerts Generated | Key Metrics |
|---|---|---|
edge.yaml.j2 | Request drop at edge, requests terminated at edge, throttling >50 RPS, AuthN/AuthZ rejections >10 RPS | kong_request_total |
metrics.anomalyOffsets| Module | Alerts Generated | Key Metrics |
|---|---|---|
anomaly.yaml.j2 | RPS drop >50% vs offset, latency increase >200ms vs offset | {prefix}http_requests_total (with offset), {prefix}http_durations_ms_histogram_bucket (with offset) |
application.utils.hasOutboxWorkers (GOLANG only)| Module | Alerts Generated | Key Metrics |
|---|---|---|
outbox.yaml.j2 | Job SLA P99 >20s, oldest pending job >10s | outbox_job_process_duration_seconds_bucket, outbox_age_of_oldest_pending_job_seconds |
infra.kafka.topics (per topic)| Module | Alerts Generated | Key Metrics |
|---|---|---|
kafka.yaml.j2 | Consumer lag >1000, offset lag per partition >15 | kafka_consumergroup_lag, kafka_cluster_partition_laststableoffsetlag |
infra.aws.rds (per instance)| Module | Alerts Generated | Key Metrics |
|---|---|---|
aws/rds.yaml.j2 | CPU >80%, connections >300, write latency >1s, read latency >1s, replication lag >10s, replica not running, free space <50GB | aws_rds_cpuutilization_maximum, aws_rds_database_connections_maximum, aws_rds_write_latency_maximum, aws_rds_read_latency_maximum, aws_rds_replica_lag_maximum, aws_rds_free_storage_space_maximum |
infra.aws.elasticCache (per cluster)| Module | Alerts Generated | Key Metrics |
|---|---|---|
aws/elastic_cache.yaml.j2 | CPU >75%, connections >100, memory >75%, free memory <5GB | aws_elasticache_cpuutilization_maximum, aws_elasticache_curr_connections_average, aws_elasticache_database_memory_usage_percentage_average, aws_elasticache_freeable_memory_average |
infra.aws.sqs (per queue)| Module | Alerts Generated | Key Metrics |
|---|---|---|
aws/sqs.yaml.j2 | Visible messages >25, oldest message age >60s | aws_sqs_approximate_number_of_messages_visible_sum, aws_sqs_approximate_age_of_oldest_message_sum |
infra.aws.asg| Module | Alerts Generated | Key Metrics |
|---|---|---|
aws/node.yaml.j2 | Node CPU >75%, node memory >75% | node_cpu_seconds_total, node_memory_MemAvailable_bytes |
infra.kubernetes.clusters| Module | Alerts Generated | Key Metrics |
|---|---|---|
aws/node.yaml.j2 (cluster section) | Min node count <2, max node count >5 | cluster_autoscaler_node_groups_count |
The source-of-truth schema lives at ${CLAUDE_SKILL_DIR}/inputs.template.yaml. Key sections:
| Section | Required | Description |
|---|---|---|
team.bu | YES | Business unit (Platform, Payments, RazorpayX, Capital, etc.) |
team.pod | YES | Pod/team name |
team.slack.channel | YES | Slack channel for alert routing |
team.slack.handle | YES | Slack mention handle |
team.runbook | YES | Runbook URL |
team.dashboardLink | YES | Vajra/Grafana base dashboard URL (templates append panel IDs) |
cmd.appName | YES | Service/application name |
metrics.prefix | YES | Metric name prefix (must match instrumentation) |
metrics.statusCake.testId | NO | StatusCake test ID |
metrics.anomalyOffsets | NO | List of Prometheus offset durations (e.g., ["1w"]) |
application.language | NO | GOLANG, JAVA, etc. (needed for outbox alerts) |
application.interface.rest | NO | true if REST endpoints exposed |
application.interface.grpc | NO | true if gRPC endpoints exposed |
application.utils.hasOutboxWorkers | NO | true if outbox workers used (GOLANG only) |
infra.kubernetes.namespace | YES | K8s namespace |
infra.kubernetes.containers | YES | List of container names |
infra.kubernetes.clusters | NO | List of cluster names (for node count alerts) |
infra.traefik.services | NO | List of Traefik service names |
infra.edgeService | NO | Kong edge service name |
infra.kafka.topics | NO | List of Kafka topic names |
infra.aws.rds | NO | List of RDS instance identifiers |
infra.aws.elasticCache | NO | List of ElastiCache cluster IDs |
infra.aws.sqs | NO | List of SQS queue names |
infra.aws.asg | NO | List of Auto Scaling Group names |
Before adding ANY baseline alert, you MUST verify no semantically equivalent alert already exists. Two alerts are duplicates if:
container_memory_working_set_bytes)When in doubt, ask the user whether an existing alert covers the same concern. Never silently add a duplicate.
| Error | Action |
|---|---|
render.py fails | Show full error output. Help user fix the input YAML. Re-run. |
promtool check rules fails | Show the specific rule and line that failed. Fix the syntax. Re-validate. |
| YAML parse error | Show the parse error with line number. Fix indentation or quoting. Re-validate. |
| Git push fails | Show error. Check branch naming conflicts. Suggest manual steps if needed. |
| Missing required field in input | Do NOT proceed. Ask the user for the value. |
${CLAUDE_SKILL_DIR}/inputs.template.yaml is the source of truth for the input schema. When this skill is updated with new alert types or surfaces, the UPDATE flow (Phase 3) handles migrating existing input files forward.