一键导入
kickstart-review
Review phase playbook — validate all generated deployment artifacts.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Review phase playbook — validate all generated deployment artifacts.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
ACR integration for AKS Automatic. Teaches attaching an ACR, image reference conventions (digest pinning, no :latest), and pull-secret-free authentication via the managed identity.
Writing idiomatic, safe, and reviewable Bicep templates for Azure resources.
Non-blocking cluster status peek — run at the end of Phases 3, 4, 5 to check AKS provisioning progress without hanging.
Voice, tone, and interaction patterns for Kickstart agents.
Configure Infrastructure phase playbook — launch the dedicated Kickstart cluster-setup view, which collects and creates the Azure resources (subscription, resource group, AKS Automatic cluster, ACR) and hands the results back to the chat.
Deploy phase playbook — build, push, apply with Azure CLI and kubectl.
| name | kickstart-review |
| description | Review phase playbook — validate all generated deployment artifacts. |
| disable-model-invocation | true |
Validate every artifact against security, correctness, and AKS Automatic compliance.
Dockerfile: Multi-stage build, pinned base image, non-root user, .dockerignore present. Build context + every COPY/ADD source→destination resolves to real files; CMD/ENTRYPOINT runs the actual entry point; the image builds and the entry point is present in the built image.
K8s Manifests: runAsNonRoot: true, no privileged containers, resource requests+limits, liveness/readiness probes, Gateway API HTTPRoute (not Ingress), Workload Identity labels+SA, namespace specified.
Bicep: API versions pinned, parameterized env values, secure defaults (TLS 1.2+), outputs defined.
GitHub Actions: OIDC auth, minimal permissions, environment protection for prod.
Confirm the image is real, not assumed. Present a source→destination table for each Dockerfile so the user can verify what lands where:
| Build context | COPY/ADD source | → destination | Entry point | Port |
|---|---|---|---|---|
src/order-service | package.json, src/ | /app | /app/server.js | 3000 |
Then confirm (or run) the build validation from /kickstart-generate — the image must build and ls <workdir> must show the entry point. A missing or mismatched path is a FAIL.
Run /kickstart-safeguard-checklist for the full safeguard rule set.
Run validation via run_in_terminal:
kubectl apply --dry-run=client -f k8s/
az bicep build --file infra/main.bicep
Present results as PASS ✓ / FAIL ✗ / WARN ⚠ per item.
If FAILs: use vscode_askQuestions — fix automatically (recommended), show details, or skip.
If WARNs only: confirm proceeding via vscode_askQuestions.
All checks pass. Announce: "Review complete — moving to Pre-Deploy Check."