菜单
Use when the user wants to set, remove, or inspect a TTL or auto-reconcile policy on a stack — e.g. 'expire X in 20 minutes', 'reject out-of-band changes on Y', 'auto-reconcile production every 5 minutes', 'remove the TTL on dev', 'what policies are on lifeline?'
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
Use when the user wants to add support for a new resource type to an existing formae plugin
Use when the user wants to check for infrastructure drift, see what changed out-of-band, or absorb/overwrite out-of-band changes into their IaC codebase
Use when the user wants to bring unmanaged/discovered resources under formae management, import resources into their IaC codebase, or absorb cloud resources into existing forma files
Use when the user wants to rename a managed resource, relabel a resource, change a resource's label, or give a discovery-named resource a readable name — a rename on its own never destroys or recreates the cloud object
Use when the user wants to deploy infrastructure, apply a forma file, reconcile a stack, update a stack, or make planned infrastructure changes
Use when the user wants to start authoring formae infrastructure or deploy something NEW with formae — e.g. 'I want to deploy X with formae', 'build a k8s app with formae', 'set up infrastructure for Y', 'create a new forma file for my service', 'write formae IaC for Z'. The front door that triages where the work happens, sets up plugin schema deps, and dispatches to focused authoring skills. NOT for applying an existing forma file (use formae-apply) or operating existing infra.
| name | formae-policy |
| description | Use when the user wants to set, remove, or inspect a TTL or auto-reconcile policy on a stack — e.g. 'expire X in 20 minutes', 'reject out-of-band changes on Y', 'auto-reconcile production every 5 minutes', 'remove the TTL on dev', 'what policies are on lifeline?' |
Use this skill to manage formae stack policies via natural language. Two policy types are supported:
TTLPolicy).AutoReconcilePolicy).forma { } and referenced from one or more stacks via PolicyResolvable. Use when the same policy governs multiple stacks (e.g. a shared 1-hour ephemeral TTL applied to lifeline, dev, and staging).When the user mentions attaching the same policy to more than one stack, or explicitly says "reusable" or "shared", default to standalone. Otherwise default to inline.
A stack should not carry both an inline and a standalone policy of the same type. The tooling does NOT enforce this for you — before adding a policy, check existing policies with list_policies and list_stacks and make sure you're not creating a duplicate of the same type on the stack.
onDependents defaults to "abort". Override with "cascade" if the user says "cascade", "destroy dependents too", or similar.interval defaults to 5 minutes (300 seconds) when the user does not specify one.Always state the chosen defaults to the user before applying.
User says something like "expire lifeline in 20 minutes" or "auto-reconcile production every 10 minutes".
20m → 1200, 4h → 14400, 1d → 86400).list_stacks and find a matching label. If no match, present the available labels and ask the user which one they meant.onDependents = "abort" by default) to the lifeline stack."create_inline_policy with operation: "set", the resolved policy_type, and the relevant duration field (ttl_seconds or interval_seconds). The tool returns:
file_path — the PKL file declaring the stack.operation — "create" or "update".pkl_snippet — the text to insert.insertion_anchor_start / insertion_anchor_end — the line range; for create they are equal (insert before that line); for update they cover the existing block (replace those lines).existing_policy_snippet — only for update; show this as the "before" in the diff.imports_to_add — add each entry near the top of the file if missing.create insert the snippet before the anchor line; for update replace the lines covered by the anchor range. Add any missing imports near the top of the file. Indent the snippet to match the surrounding context (the snippet is emitted unindented).reconcile (simulate first)?" If the user declines, stop — the file edit stands and the policy will activate on the next manual apply.apply_forma with mode: "reconcile", simulate: true, force: true, file_path: <returned file_path>.apply_forma with simulate: false. Then poll get_command_status every 5 seconds (with sleep 5); only report state transitions.User says "don't expire lifeline anymore", "stop auto-reconciling production", etc.
Same shape as set, but call create_inline_policy with operation: "remove". The tool returns:
operation: "remove" — apply the deletion at the anchor lines.operation: "noop" — no policy of that type was attached. Tell the user there's nothing to remove and stop.For remove, delete the lines covered by the anchor range. The existing_policy_snippet shows what's being removed; surface it in the diff.
If notes mentions "removed empty policies block", explain to the user that the stack's policies = new Listing { ... } wrapper was also removed because that was the last policy.
Availability: The
create_standalone_policy/attach_standalone_policy/detach_standalone_policy/delete_standalone_policyMCP tools described below are part of a planned feature and may not be present on the connected MCP server. Before using any of them, confirm the tool is actually available. If these tools are NOT available, do standalone policies manually instead (see "Manual fallback" below) — and only if the connected agent supports standalone policies at all; if unsure, tell the user standalone-policy support may not be available yet and offer an inline policy instead.
A standalone policy is declared once at the top level of the main forma file (forma { } block, not inside any stack) and attached to stacks via PolicyResolvable references.
forma {
// Standalone policy declaration (top level, outside any stack)
new formae.TTLPolicy {
label = "ephemeral-1h"
ttl = 1.h
onDependents = "abort"
}
// (Auto-reconcile variant)
new formae.AutoReconcilePolicy {
label = "reconcile-5m"
interval = 5.min
}
// Stacks reference it via PolicyResolvable
new formae.Stack {
label = "lifeline"
// ...resources...
policies = new Listing {
new formae.PolicyResolvable { label = "ephemeral-1h" }
}
}
}
When the standalone MCP tools are NOT available, you can still create and attach a standalone policy by editing the PKL file directly:
forma { } block with the most stacks.forma { } block (not inside any stack), using the PKL shape shown above (e.g. new formae.TTLPolicy { label=...; ttl=... } or new formae.AutoReconcilePolicy { label=...; interval=... }).PolicyResolvable reference — for each target stack, add (or extend) a policies = new Listing { ... } block containing new formae.PolicyResolvable { label = "<policy-label>" }.apply_forma with mode: "reconcile", simulate: true, force: true, file_path: <file>. Show the simulation result and ask for explicit confirmation.apply_forma with simulate: false. Poll get_command_status every 5 seconds; only report state transitions.Note: this manual path still depends on the connected formae agent supporting standalone policies. If the agent does not recognise them, the apply will fail. In that case, fall back to an inline policy instead.
Use this workflow when the standalone MCP tools are available (see Availability note above).
User says something like "create a 1-hour ephemeral policy and attach it to lifeline and dev".
create_standalone_policy with label, policy_type, duration fields, and optionally a forma_file override. The tool identifies the main forma file (the PKL file with the most stacks) and returns file_path, pkl_snippet, insertion_anchor, and imports_to_add. If the tool returns an ambiguity error, present the candidate files to the user and ask which to use (cache the choice for the session).} of the forma { } block), add any missing imports.attach_standalone_policy(stack, policy_label). The tool returns a PolicyResolvable snippet and an insertion anchor inside the stack's policies block (or creates the block if absent). Apply the edit. If the tool returns noop, inform the user and continue.apply_forma with mode: "reconcile", simulate: true, force: true. If edits span multiple files, simulate each file.get_command_status every 5 seconds; report state transitions.Use this workflow when the standalone MCP tools are available (see Availability note above).
User says "attach ephemeral-1h to staging".
attach_standalone_policy(stack, policy_label). On conflict (inline policy of same type exists), the tool errors — surface the message and suggest removing the inline policy first. On noop, tell the user it's already attached.Use this workflow when the standalone MCP tools are available (see Availability note above).
User says "detach ephemeral-1h from lifeline".
detach_standalone_policy(stack, policy_label). Returns the line range to delete. On noop (not attached), inform the user and stop.notes mentions "removed empty policies block", explain to the user that the wrapper block was also removed.apply_forma reconcile. Confirm → apply → poll.Use this workflow when the standalone MCP tools are available (see Availability note above).
User says "delete the ephemeral-1h policy".
delete_standalone_policy(label). If the policy is still attached to stacks the tool refuses and lists the offending stacks — surface this and suggest detaching first.file_path + source_anchor (lines to delete), existing_policy_snippet (show as "before"), and destroy_forma_pkl (a complete PKL forma for the destroy step).source_anchor, show the diff.destroy_forma_pkl to a temp file. Call destroy_forma(simulate=true), show the simulation, confirm.destroy_forma(simulate=false), poll. Clean up the temp file.Skip with ReferencingStacks (race condition), surface this clearly: the source PKL has been edited but the policy still exists in the agent; name the attaching stacks so the user can detach and retry.User asks "what policies are on lifeline?".
list_stacks, locate the stack, surface its inline Policies.list_policies, filter to entries whose AttachedStacks includes the target stack label.pkl eval — ALWAYS use formae eval --output-consumer machine. Forma files use formae-specific extensions.