Devsecops Expert

Senior-level DevOps automation for CI/CD, IaC, Kubernetes, and production-ready GitOps pipelines.

Install
cmdop skills install agensi-devsecops-expert

Devsecops Expert is a skill that extends an AI agent with senior-level DevOps engineering knowledge covering the full software delivery lifecycle. It is designed to address deterministic builds, immutable artifacts, and GitOps-versioned infrastructure rather than producing generic one-off scripts.

For CI/CD automation, the skill enables an agent to design GitHub Actions, GitLab CI, and Jenkins pipelines that include parallel testing stages and artifact promotion workflows. On the infrastructure-as-code side, it covers modular Terraform and Pulumi templates with explicit state management and change previews before apply.

For containerization and orchestration, the skill supports authoring hardened Dockerfiles, Helm charts, and Kubernetes manifests oriented toward production readiness. It also generates operational artefacts such as incident runbooks, rollback procedures, and deployment risk assessments.

The skill enforces several constraints described as P0 Deployment Blocks: it refuses to include secrets in committed configuration, rejects mutable ‘latest’ container tags, and requires explicit approval gates before deployment steps. These constraints are built into how the skill responds, not left to the developer to add manually.

Platform coverage stated in the facts includes AWS (ECS, EKS, Lambda), GCP (Cloud Run, GKE), Azure, GitHub Actions, Terraform, Pulumi, Docker, Helm, ArgoCD, and Prometheus/Grafana. This skill is not an MCP server and exposes no callable tools; it operates as a knowledge and reasoning skill attached to an AI agent.

Use cases

  • Generate a multi-stage GitHub Actions pipeline with parallel test jobs and image promotion gates
  • Author modular Terraform modules with remote state configuration and plan previews
  • Produce hardened Dockerfiles that avoid mutable tags and strip unnecessary privileges
  • Create Helm charts and Kubernetes manifests for a production workload on EKS or GKE
  • Draft incident runbooks and rollback procedures for a deployment
  • Design an ArgoCD GitOps workflow with explicit approval gates for environment promotion

When to use it

  • When an agent needs to produce CI/CD pipeline definitions for GitHub Actions, GitLab CI, or Jenkins
  • When generating Terraform or Pulumi IaC that requires state management and change previews
  • When the task involves Kubernetes, Helm, or ArgoCD configuration for production environments
  • When operational artefacts such as rollback plans or deployment risk assessments are needed
  • When security constraints like secret exclusion and immutable artifact tags must be enforced automatically

When not to use it

  • When the requirement is runtime execution of deployment commands rather than generation of configuration and scripts
  • When the target platform is not AWS, GCP, or Azure and requires specialised tooling not covered by the stated facts
  • When a callable MCP tool interface is required, as this skill exposes no tools
  • When the task is purely application-layer code with no infrastructure or delivery pipeline concern