Add AI Agent Skills for LLM-Powered Infrastructure Development#2121
Merged
Add AI Agent Skills for LLM-Powered Infrastructure Development#2121
Conversation
Ship 9 skills covering all major Atmos subsystems at .claude/skills/ so that AI agents (Claude Code, GitHub Copilot, etc.) can provide accurate, context-aware assistance. Skills follow the Agent Skills open standard with YAML frontmatter, progressive disclosure via references/, and an AGENTS.md skill-activation router. Skills: atmos-stacks, atmos-components, atmos-vendoring, atmos-terraform, atmos-workflows, atmos-custom-commands, atmos-gitops, atmos-validation, atmos-templates (includes !aws.organization_id coverage). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…mas, design-patterns Expand from 9 to 16 skills covering all major Atmos subsystems: - atmos-helmfile: Kubernetes deployment orchestration (sync/apply/destroy/diff) - atmos-packer: Machine image building (init/build/validate/inspect/output) - atmos-ansible: Configuration management (playbook execution, variable passing) - atmos-auth: Authentication & identity (SSO/SAML/OIDC/GCP, keyring, chaining) - atmos-stores: Store backends (SSM, Azure Key Vault, GCP Secret Manager, Redis, Artifactory) - atmos-schemas: JSON Schema for stack manifests, IDE integration, schema update guide - atmos-design-patterns: Stack organization, catalogs, inheritance, version management Updated AGENTS.md skill-activation router with all 16 skills. Updated PRD to reflect completed implementation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…stic access Skills follow the Agent Skills open standard and should be discoverable by any AI tool (Claude Code, GitHub Copilot, OpenAI Codex, Gemini, Grok, etc.), not just Claude. The agent-skills/ directory at repo root follows the industry convention used by HashiCorp and Pulumi. A symlink at .claude/skills -> ../agent-skills preserves Claude Code auto-discovery at the canonical .claude/skills/<skill-name>/SKILL.md path. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Create documentation page at /integrations/ai/agent-skills with per-tool setup instructions (Claude Code, OpenAI Codex, Gemini CLI, Cursor, Windsurf, GitHub Copilot, Antigravity, JetBrains Junie, Amazon Q) - Add "AI Integrations" section to website sidebar - Create blog post announcing the 16 agent skills feature - Add "Open Standards" section referencing AGENTS.md (Linux Foundation AAIF) and Agent Skills (agentskills.io) specifications - Update roadmap with AI Agent Skills milestone in DX initiative - Fix AGENTS.md table formatting Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
aknysh
added
the
no-release
|
Warning This PR exceeds the recommended limit of 1,000 lines.Large PRs are difficult to review and may be rejected due to their size. Please verify that this PR does not address multiple issues. |
Dependency ReviewThe following issues were found:
License Issues.github/workflows/validate-agent-skills.yml
Scanned Files
|
aknysh
changed the title
Member
Author
|
@coderabbitai full review please |
Contributor
|
✅ Actions performedFull review triggered. |
Contributor
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds a new agent-skills documentation tree (agent-skills/) plus a small Claude skills pointer file (.claude/skills). Introduces ~19 SKILL.md guides, many detailed reference docs, a PRD, and a blog post — purely documentation additions; no runtime, code, or public API changes. Changes
Sequence Diagram(s)(Skipped — changes are documentation-only and do not introduce new runtime control flow.) Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Tip Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs). Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 20
🧹 Nitpick comments (6)
agent-skills/atmos-ansible/SKILL.md (1)
9-17: Add an explicit human-in-the-loop note for execution context.Given this repo’s agent usage model, add one short note that these playbook flows are intended for interactive operator sessions, not headless CI automation.
Based on learnings, in the cloudposse/atmos repository, Claude agents are used as interactive tools, not in automated/headless CI/CD contexts, so docs should explicitly assume synchronous human interaction.
Also applies to: 427-447
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-ansible/SKILL.md` around lines 9 - 17, Add a short explicit human-in-the-loop note to the Atmos Ansible SKILL.md documentation clarifying that the `atmos ansible playbook` flows are intended for interactive operator sessions (synchronous human interaction) and not for headless CI/CD automation; insert this sentence near the top of the "How Atmos Orchestrates Ansible" section (or immediately before the sequence describing `atmos ansible playbook`) so readers of SKILL.md and the related block around lines 427-447 see the guidance when learning about the playbook execution model.agent-skills/atmos-stacks/SKILL.md (1)
289-304: Add a language hint to the directory tree code fence.Line 289 uses a fenced block without a language, which triggers MD040 in this file. Use
textto keep lint clean.Suggested diff
-``` +```text stacks/ orgs/ acme/ _defaults.yaml # Organization-wide defaults plat/ _defaults.yaml # Tenant defaults dev/ _defaults.yaml # Stage defaults us-east-2.yaml # Top-level stack (deployable) us-west-2.yaml prod/ _defaults.yaml us-east-2.yaml us-west-2.yaml</details> <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against the current code and only fix it if needed.
In
@agent-skills/atmos-stacks/SKILL.mdaround lines 289 - 304, The fenced
directory-tree block in SKILL.md (the multi-line block showing "stacks/ orgs/
acme/...") lacks a language hint and triggers MD040; edit that fenced code block
(the block beginning at the directory tree) to add the language hinttext
after the opening backticks (i.e., changetotext) so the markdown linter
stops flagging it.</details> </blockquote></details> <details> <summary>agent-skills/atmos-vendoring/SKILL.md (1)</summary><blockquote> `353-360`: **Add a language hint to this fenced block.** Line 353 starts an unlabeled code fence; tagging it as `yaml` will clear MD040 and improve readability. <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against the current code and only fix it if needed.
In
@agent-skills/atmos-vendoring/SKILL.mdaround lines 353 - 360, The fenced
code block that begins with the YAML snippet (starting with "sources:" and the
"- component: "vpc"" entry) is missing a language hint; add "yaml" immediately
after the opening triple backticks (i.e., changetoyaml) so the block is
recognized as YAML and MD040 is resolved.</details> </blockquote></details> <details> <summary>agent-skills/atmos-toolchain/SKILL.md (1)</summary><blockquote> `27-33`: **Normalize unlabeled code fences to avoid MD040 warnings.** A few fenced blocks are missing language identifiers. Please tag plain snippets as `text` for consistency and lint stability. Also applies to: 43-45, 228-233 <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against the current code and only fix it if needed.
In
@agent-skills/atmos-toolchain/SKILL.mdaround lines 27 - 33, The markdown has
unlabeled fenced code blocks (e.g., the block containing "terraform
1.9.8\nopentofu 1.10.3\nkubectl 1.28.0\nhelm 3.13.0\njq 1.7.1") and other plain
snippets that trigger MD040; update each triple-backtick fence to use a language
tag of text (```text) for those plain snippets (also apply the same change to
the other unlabeled blocks referenced in the comment) so the blocks are
normalized and the linter stops warning.</details> </blockquote></details> <details> <summary>agent-skills/atmos-terraform/references/commands-reference.md (1)</summary><blockquote> `7-9`: **Add language specifier to code block.** The syntax block lacks a language specifier. Adding `shell` or `text` would improve rendering. <details> <summary>📝 Suggested fix</summary> ```diff -``` +```shell atmos terraform <subcommand> <component> -s <stack> [flags] [-- native-terraform-flags] ``` ``` </details> <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against the current code and only fix it if needed.
In
@agent-skills/atmos-terraform/references/commands-reference.mdaround lines 7
- 9, The fenced code block showing the atmos terraform usage lacks a language
tag; update the triple-backtick fence that precedes "atmos terraform
-s [flags] [-- native-terraform-flags]" to use
a language specifier (e.g., add "shell" so it becomes ```shell) so the block
renders correctly.</details> </blockquote></details> <details> <summary>agent-skills/atmos-introspection/SKILL.md (1)</summary><blockquote> `11-14`: **Redundant copyright statement.** Line 13 includes "Copyright 2026 Cloud Posse, LLC. Licensed under Apache 2.0." but the copyright is already in the YAML frontmatter metadata. Consider removing the inline copyright to reduce redundancy. <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-introspection/SKILL.md` around lines 11 - 14, Remove the redundant inline copyright line in SKILL.md (the "Copyright 2026 Cloud Posse, LLC. Licensed under Apache 2.0." text) because it is already present in the YAML frontmatter metadata; edit the SKILL.md content to keep the header "# Atmos Introspection" and delete the duplicate copyright line so only the frontmatter contains licensing information. ``` </details> </blockquote></details> </blockquote></details> <details> <summary>🤖 Prompt for all review comments with AI agents</summary>Verify each finding against the current code and only fix it if needed.
Inline comments:
In@agent-skills/AGENTS.md:
- Around line 93-94: The Toolchain list item in AGENTS.md ("Toolchain:
Declare tool versions in.tool-versions, configure registries inatmos.yaml,
runatmos toolchain installto set up the project") is missing terminal
punctuation—add a period at the end of that bullet so it reads as a complete
sentence; update the bullet text in AGENTS.md accordingly while leaving the
referenced symbols (.tool-versions,atmos.yaml,atmos toolchain install)
unchanged.In
@agent-skills/atmos-ansible/SKILL.md:
- Around line 131-132: The doc currently normalizes ANSIBLE_HOST_KEY_CHECKING:
"false" which encourages insecure SSH behavior; update the examples and
explanatory text for the ANSIBLE_HOST_KEY_CHECKING occurrences (the lines
showing ANSIBLE_HOST_KEY_CHECKING: "false") to remove the disabled default,
instead state a secure default (do not disable host key checking), explain safer
alternatives (maintain known_hosts, use proper inventory/ssh_args, or document
how to temporarily override in non-production testing), and add a brief security
note warning about MITM risks for any example that previously used
ANSIBLE_HOST_KEY_CHECKING: "false".In
@agent-skills/atmos-auth/references/commands-reference.md:
- Around line 496-510: The example uses the wrong environment variable name
(ATMOS_LOG_LEVEL) — update it to the canonical ATMOS_LOGS_LEVEL to match the
flag registry; change the example line "ATMOS_LOG_LEVEL=Debug atmos auth whoami"
to "ATMOS_LOGS_LEVEL=Debug atmos auth whoami" so it aligns with the global flag
defined in global_registry.go and will actually enable debug logging.In
@agent-skills/atmos-auth/references/providers-and-identities.md:
- Around line 419-424: The fenced code block showing the profile tree (the block
containing "profiles/ developer/auth.yaml ...") is missing a language tag;
update that fenced code block in references/providers-and-identities.md to add a
language specifier (e.g., "text") on the opening triple backticks so the block
becomes ```text and resolves MD040, leaving the block contents unchanged.- Around line 203-204: Remove the duplicate environment variable entry
ARM_SUBSCRIPTION_IDfrom the exported variables list in
providers-and-identities.md (the line that currently reads "Sets environment
variables:AZURE_SUBSCRIPTION_ID,ARM_SUBSCRIPTION_ID, AZURE_LOCATION,
ARM_SUBSCRIPTION_ID, etc."); leave a singleARM_SUBSCRIPTION_IDentry,
verify the surrounding list still contains the intended variables (e.g.,
AZURE_SUBSCRIPTION_ID,AZURE_LOCATION) and adjust commas/spacing so the
sentence reads correctly and is not misleading.- Around line 178-180: The example uses a non-standard env var name for the AWS
secret; change the secret reference under secret_access_key from !env
AWS_SECRET_KEY to !env AWS_SECRET_ACCESS_KEY so it matches AWS SDK/tooling
expectations and prevents auth failures — update the secret_access_key line in
the snippet (alongside access_key_id) to use AWS_SECRET_ACCESS_KEY.In
@agent-skills/atmos-components/SKILL.md:
- Around line 372-373: The example uses malformed !terraform.output syntax by
passing a single token like "vpc/vpc_id"; update the two occurrences (the vpc_id
and subnet_ids examples) to use two separate arguments for the component and
output name (i.e., "!terraform.output vpc vpc_id" and "!terraform.output vpc
private_subnet_ids") so the parser receives distinct component and output
parameters; locate the lines referencing vpc_id and subnet_ids in SKILL.md to
make this change.In
@agent-skills/atmos-custom-commands/SKILL.md:
- Around line 266-267: The listed field paths are
inconsistent—.ComponentConfig.componentis scoped but the rest (.backend,
.workspace,.vars,.settings,.env,.deps,.metadata) are unscoped;
update the list to use the same root prefix (e.g., change each to
.ComponentConfig.backend,.ComponentConfig.workspace,
.ComponentConfig.vars,.ComponentConfig.settings,.ComponentConfig.env,
.ComponentConfig.deps,.ComponentConfig.metadata) and ensure the surrounding
sentence still refers to the complete ComponentConfig field reference.In
@agent-skills/atmos-design-patterns/references/stack-organization.md:
- Around line 349-353: The import-chain visualization is inconsistent with the
earlier file path; update the chain so it uses dev instead of prod.
Specifically, change the second line reference from "prod/_defaults.yaml (stage:
prod)" to "dev/_defaults.yaml (stage: dev)" so the chain reads: network.yaml ->
dev/_defaults.yaml -> plat/_defaults.yaml -> acme/_defaults.yaml, keeping the
other identifiers (plat/_defaults.yaml, acme/_defaults.yaml, network.yaml)
unchanged.- Around line 421-427: The example stack import list in stacks/deploy/prod.yaml
includes layers/security which has no corresponding security.yaml in the pattern
layout; either add a security.yaml definition to the layers directory (matching
the naming used in the import) or remove layers/security from the import list in
stacks/deploy/prod.yaml so imports only reference existing layer files; update
the example so the import entries and the layer filenames (e.g., security.yaml)
are consistent.In
@agent-skills/atmos-gitops/references/github-actions.md:
- Around line 247-249: Update the S3 planfile example for the resource named
"gitops-plan-storage" to enforce encrypted uploads by setting the
allow_encrypted_uploads_only key to true (replace the current false value) so
plan artifacts require encryption in transit/storage; locate the
"gitops-plan-storage" block and change the allow_encrypted_uploads_only entry
accordingly.In
@agent-skills/atmos-packer/references/commands-reference.md:
- Around line 7-15: The global statement about
--stackis inconsistent with
theatmos packer source listdoc; update the intro sentence to accurately
reflect exceptions by changing "required for all commands exceptversion" to
"required for all commands exceptversionand thesourcesubcommands (e.g.,
source list)" or, if the intent is that onlysource listis optional, change
the latersource listsection to mark--stackas required; ensure you update
the sentence that mentions--stackand any example usages so--stack
requirements are consistent across theatmos packerdocs.In
@agent-skills/atmos-schemas/references/schema-structure.md:
- Around line 198-207: The patternProperties entry that currently uses the regex
^[/a-zA-Z0-9-_{}. ]+$ incorrectly forms a range because of the unescaped hyphen;
update the regex used in the patternProperties key (the component-name pattern)
so the hyphen is not interpreted as a range (either escape the hyphen or move it
to the start or end of the character class) and ensure the class only allows
letters, digits, hyphen, underscore, dot, space, slash, and curly braces.In
@agent-skills/atmos-stores/references/store-providers.md:
- Around line 63-338: Update unlabeled fenced code blocks in store-providers.md
by adding language tags: change the plainblocks used for path/key examples (e.g., the block starting with "/<prefix>/<stack-part-1>/..." and the Azure/GCP/Redis path normalization examples) totext, and ensure YAML
examples use ```yaml (the "Complete Example" and other YAML snippets) so MD040
is satisfied; scan for any remaining triple-backtick blocks without a language
tag and annotate them appropriately (use text for simple path/key strings and
yaml for configuration examples).In
@agent-skills/atmos-templates/references/go-templates.md:
- Around line 14-17: The YAML example contains nested double quotes in the
template expression (enabled: "{{ if eq .vars.stage "prod" }}true{{ else
}}false{{ end }}") which can break parsers; fix by either wrapping the entire
value in single quotes: enabled: '{{ if eq .vars.stage "prod" }}true{{ else
}}false{{ end }}' or escaping the inner quotes: enabled: "{{ if eq .vars.stage
"prod" }}true{{ else }}false{{ end }}", updating the example in
go-templates.md where the enabled template expression appears.In
@agent-skills/atmos-validation/SKILL.md:
- Around line 195-198: Update the SKILL.md text describing the
errorsrule to
accurately state thaterrors[message] { ... }defines a set of message strings
(not an array), noting that sets deduplicate values and have no guaranteed
order; refer to theerrorsrule name andpackage atmosso readers locate the
policy contract, and optionally suggest using an explicit array assignment
(e.g.,errors := [...]) if a stable ordered list is required.In
@agent-skills/atmos-vendoring/SKILL.md:
- Around line 362-363: Update the absolute guidance in SKILL.md that currently
says "Avoid using branch names likemainwhich point to a moving target" to
softer wording that recommends preferring immutable refs but allows branches
when necessary (e.g., "For Git sources, prefer tags or commit SHAs; use branch
refs only when pinning is impractical and the risk is accepted — if using a
branch, document the reason."). Apply this same wording change where the same
guidance appears elsewhere in the file (the other occurrence around the noted
section) and mention the practical example file
examples/demo-vendoring/vendor.d/vendor1.yaml as an instance where usingmain
may be acceptable.In
@agent-skills/atmos-workflows/references/workflow-syntax.md:
- Around line 31-41: Update the fenced code block that shows the directory
layout by adding a fence language label (e.g., change the opening ``` to"stacks/workflows/" is language-labeled; ensure the closing backticks remain and the content (deploy.yaml, destroy.yaml, networking.yaml, eks.yaml, database.yaml, maintenance/ with backup.yaml and rotate-credentials.yaml) is unchanged to satisfy markdownlint and improve rendering. In `@agent-skills/atmos-workflows/SKILL.md`: - Around line 49-59: The fenced directory listing in SKILL.md uses an untagged code block; update the fence to include a language tag (e.g., change ``` to ```text) around the directory structure so linters recognize the block as plain text — locate the code fence containing the stacks/workflows/ listing in SKILL.md and add the language identifier to the opening fence. In `@docs/prd/atmos-agent-skills.md`: - Around line 208-233: The "Skill Inventory" header currently declares "19 Skills" but the Phase 2 note later says "Updated AGENTS.md with all 16 skills"; update the Phase 2 text to match the actual count (change "16" to "19") and verify the referenced AGENTS.md reflects all 19 skills; look for the "Skill Inventory" header and the Phase 2/AGENTS.md mention to make the correction. --- Nitpick comments: In `@agent-skills/atmos-ansible/SKILL.md`: - Around line 9-17: Add a short explicit human-in-the-loop note to the Atmos Ansible SKILL.md documentation clarifying that the `atmos ansible playbook` flows are intended for interactive operator sessions (synchronous human interaction) and not for headless CI/CD automation; insert this sentence near the top of the "How Atmos Orchestrates Ansible" section (or immediately before the sequence describing `atmos ansible playbook`) so readers of SKILL.md and the related block around lines 427-447 see the guidance when learning about the playbook execution model. In `@agent-skills/atmos-introspection/SKILL.md`: - Around line 11-14: Remove the redundant inline copyright line in SKILL.md (the "Copyright 2026 Cloud Posse, LLC. Licensed under Apache 2.0." text) because it is already present in the YAML frontmatter metadata; edit the SKILL.md content to keep the header "# Atmos Introspection" and delete the duplicate copyright line so only the frontmatter contains licensing information. In `@agent-skills/atmos-stacks/SKILL.md`: - Around line 289-304: The fenced directory-tree block in SKILL.md (the multi-line block showing "stacks/ orgs/ acme/...") lacks a language hint and triggers MD040; edit that fenced code block (the block beginning at the directory tree) to add the language hint `text` after the opening backticks (i.e., change ``` to ```text) so the markdown linter stops flagging it. In `@agent-skills/atmos-terraform/references/commands-reference.md`: - Around line 7-9: The fenced code block showing the atmos terraform usage lacks a language tag; update the triple-backtick fence that precedes "atmos terraform <subcommand> <component> -s <stack> [flags] [-- native-terraform-flags]" to use a language specifier (e.g., add "shell" so it becomes ```shell) so the block renders correctly. In `@agent-skills/atmos-toolchain/SKILL.md`: - Around line 27-33: The markdown has unlabeled fenced code blocks (e.g., the block containing "terraform 1.9.8\nopentofu 1.10.3\nkubectl 1.28.0\nhelm 3.13.0\njq 1.7.1") and other plain snippets that trigger MD040; update each triple-backtick fence to use a language tag of text (```text) for those plain snippets (also apply the same change to the other unlabeled blocks referenced in the comment) so the blocks are normalized and the linter stops warning. In `@agent-skills/atmos-vendoring/SKILL.md`: - Around line 353-360: The fenced code block that begins with the YAML snippet (starting with "sources:" and the "- component: \"vpc\"" entry) is missing a language hint; add "yaml" immediately after the opening triple backticks (i.e., change ``` to ```yaml) so the block is recognized as YAML and MD040 is resolved.
ℹ️ Review info
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (53)
.claude/skillsagent-skills/AGENTS.mdagent-skills/atmos-ansible/SKILL.mdagent-skills/atmos-ansible/references/commands-reference.mdagent-skills/atmos-auth/SKILL.mdagent-skills/atmos-auth/references/commands-reference.mdagent-skills/atmos-auth/references/providers-and-identities.mdagent-skills/atmos-components/SKILL.mdagent-skills/atmos-components/references/component-types.mdagent-skills/atmos-components/references/examples.mdagent-skills/atmos-custom-commands/SKILL.mdagent-skills/atmos-custom-commands/references/command-syntax.mdagent-skills/atmos-design-patterns/SKILL.mdagent-skills/atmos-design-patterns/references/stack-organization.mdagent-skills/atmos-design-patterns/references/version-management.mdagent-skills/atmos-devcontainer/SKILL.mdagent-skills/atmos-devcontainer/references/commands-reference.mdagent-skills/atmos-gitops/SKILL.mdagent-skills/atmos-gitops/references/github-actions.mdagent-skills/atmos-gitops/references/spacelift.mdagent-skills/atmos-helmfile/SKILL.mdagent-skills/atmos-helmfile/references/commands-reference.mdagent-skills/atmos-introspection/SKILL.mdagent-skills/atmos-introspection/references/commands-reference.mdagent-skills/atmos-packer/SKILL.mdagent-skills/atmos-packer/references/commands-reference.mdagent-skills/atmos-schemas/SKILL.mdagent-skills/atmos-schemas/references/schema-structure.mdagent-skills/atmos-stacks/SKILL.mdagent-skills/atmos-stacks/references/import-patterns.mdagent-skills/atmos-stacks/references/inheritance-deep-merge.mdagent-skills/atmos-stores/SKILL.mdagent-skills/atmos-stores/references/store-providers.mdagent-skills/atmos-templates/SKILL.mdagent-skills/atmos-templates/references/go-templates.mdagent-skills/atmos-templates/references/yaml-functions-reference.mdagent-skills/atmos-terraform/SKILL.mdagent-skills/atmos-terraform/references/backend-configuration.mdagent-skills/atmos-terraform/references/commands-reference.mdagent-skills/atmos-toolchain/SKILL.mdagent-skills/atmos-toolchain/references/commands-reference.mdagent-skills/atmos-validation/SKILL.mdagent-skills/atmos-validation/references/json-schema.mdagent-skills/atmos-validation/references/opa-policies.mdagent-skills/atmos-vendoring/SKILL.mdagent-skills/atmos-vendoring/references/vendor-manifest.mdagent-skills/atmos-workflows/SKILL.mdagent-skills/atmos-workflows/references/workflow-syntax.mddocs/prd/atmos-agent-skills.mdwebsite/blog/2026-02-27-ai-agent-skills.mdxwebsite/docs/integrations/ai/agent-skills.mdxwebsite/sidebars.jswebsite/src/data/roadmap.js
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2121 +/- ##
=======================================
Coverage 76.54% 76.55%
=======================================
Files 832 832
Lines 79458 79458
=======================================
+ Hits 60822 60829 +7
+ Misses 14840 14836 -4
+ Partials 3796 3793 -3
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
Contributor
📝 WalkthroughWalkthroughAdds a comprehensive agent-skills directory containing 19 domain-specific skills for Atmos infrastructure automation. Each skill includes a primary SKILL.md reference guide and a references/ subdirectory with detailed command and configuration documentation. Also introduces AGENTS.md router, PRD documentation, and a blog post announcing the AI agent skills feature. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~35 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 5
♻️ Duplicate comments (17)
agent-skills/atmos-packer/references/commands-reference.md (1)
7-15:⚠️ Potential issue | 🟡 MinorClarify --stack flag requirements across commands.
The general syntax states
--stackis required except forversion, but thesource listcommand documents--stackas optional. This contradicts the opening statement.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-packer/references/commands-reference.md` around lines 7 - 15, The docs contradict themselves about the --stack requirement: update the opening syntax line and/or the `source list` entry so they match; either make `--stack` explicitly optional only for the `version` and `source list` commands (update the first bullet to say "`--stack` / `-s` -- The target Atmos stack (required for all commands except `version` and `source list`)") or conversely make `source list` require `--stack` and change its documentation to match the original rule; ensure you modify the top-level usage line and the `source list` description consistently so the `atmos packer <sub-command>` docs are not contradictory.agent-skills/atmos-stores/references/store-providers.md (1)
63-65:⚠️ Potential issue | 🟡 MinorAdd language tags to unlabeled fenced examples.
Line 63, Line 70, Line 142, Line 204, Line 275, and Line 337 still use unlabeled triple-backtick blocks, which keeps MD040 warnings active.
Suggested patch
-``` +```text /<prefix>/<stack-part-1>/<stack-part-2>/.../<component-parts>/<key>-
+text
/myapp/plat/ue2/prod/vpc/vpc_id-``` +```text myapp-plat-ue2-prod-vpc-network-vpc_id -> myapp-plat-ue2-prod-vpc-network-vpc-id-
+text
myapp_plat_ue2_prod_vpc_vpc_id-``` +```text <prefix>/<stack-parts>/<component-parts>/<key>-
+text
<repo_name>////Also applies to: 70-72, 142-144, 204-206, 275-277, 337-339
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-stores/references/store-providers.md` around lines 63 - 65, Several fenced code blocks are unlabeled (e.g. the blocks containing "/<prefix>/<stack-part-1>/<stack-part-2>/.../<component-parts>/<key>", "/myapp/plat/ue2/prod/vpc/vpc_id", "myapp-plat-ue2-prod-vpc-network-vpc_id -> myapp-plat-ue2-prod-vpc-network-vpc-id", "myapp_plat_ue2_prod_vpc_vpc_id", "<prefix>/<stack-parts>/<component-parts>/<key>", and "<repo_name>/<prefix>/<stack-parts>/<component-parts>/<key>"); update each triple-backtick fence for these examples to include a language tag (use text) so they become ```text ... ``` to silence MD040 warnings and maintain consistency across the examples.agent-skills/AGENTS.md (1)
93-94:⚠️ Potential issue | 🟡 MinorAdd terminal punctuation to the final Toolchain bullet.
Line 94 still ends without a period.
Suggested patch
- **Toolchain**: Declare tool versions in `.tool-versions`, configure registries in `atmos.yaml`, run - `atmos toolchain install` to set up the project + `atmos toolchain install` to set up the project.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/AGENTS.md` around lines 93 - 94, Update the Toolchain bullet in AGENTS.md so the sentence ends with terminal punctuation: add a period at the end of the line containing "**Toolchain**: Declare tool versions in `.tool-versions`, configure registries in `atmos.yaml`, run `atmos toolchain install` to set up the project" to ensure the bullet has proper punctuation.agent-skills/atmos-auth/references/providers-and-identities.md (3)
419-424:⚠️ Potential issue | 🟡 MinorAdd a language tag to the fenced profile tree block.
The block at Line 419 should be typed (e.g.,
text) to satisfy MD040 and keep lint output clean.Suggested doc fix
-``` +```text profiles/ developer/auth.yaml # SSO with standard sessions ci/auth.yaml # GitHub OIDC for pipelines platform/auth.yaml # SSO with extended sessions</details> <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against the current code and only fix it if needed.
In
@agent-skills/atmos-auth/references/providers-and-identities.mdaround lines
419 - 424, The fenced code block showing the profiles tree (the block starting
with "profiles/" and the three auth.yaml lines) lacks a language tag; update
that fenced block to include a language identifier such astext(i.e., change
the opening triple backticks to ```text) so the Markdown linter MD040 is
satisfied and lint output is clean.</details> --- `203-204`: _⚠️ Potential issue_ | _🟡 Minor_ **Remove duplicate Azure env var in the exported list.** `ARM_SUBSCRIPTION_ID` is listed twice, which makes the mapping misleading. <details> <summary>Suggested doc fix</summary> ```diff -Sets environment variables: `AZURE_SUBSCRIPTION_ID`, `ARM_SUBSCRIPTION_ID`, `AZURE_LOCATION`, -`ARM_SUBSCRIPTION_ID`, etc. +Sets environment variables: `AZURE_SUBSCRIPTION_ID`, `ARM_SUBSCRIPTION_ID`, `AZURE_LOCATION`, +`ARM_LOCATION`, etc. ``` </details> <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-auth/references/providers-and-identities.md` around lines 203 - 204, The exported environment variable list contains a duplicate entry for ARM_SUBSCRIPTION_ID; edit the list in providers-and-identities.md to remove the repeated ARM_SUBSCRIPTION_ID so each env var appears only once (ensure the remaining entries include AZURE_SUBSCRIPTION_ID, ARM_SUBSCRIPTION_ID, AZURE_LOCATION, etc.). ``` </details> --- `178-180`: _⚠️ Potential issue_ | _🟠 Major_ **Use the standard AWS secret env var name.** Line 179 should use `AWS_SECRET_ACCESS_KEY`; `AWS_SECRET_KEY` is non-standard for AWS SDK/tooling flows. <details> <summary>Suggested doc fix</summary> ```diff - secret_access_key: !env AWS_SECRET_KEY # Use !env for env var references + secret_access_key: !env AWS_SECRET_ACCESS_KEY # Use !env for env var references ``` </details> ```web What are the standard AWS CLI/SDK environment variable names for access key ID and secret key? ``` <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-auth/references/providers-and-identities.md` around lines 178 - 180, The secret env var name in the YAML snippet is non-standard: change the value used for secret_access_key from AWS_SECRET_KEY to the standard AWS_SECRET_ACCESS_KEY so tooling/SDKs pick it up; ensure the line remains using the !env operator (secret_access_key: !env AWS_SECRET_ACCESS_KEY) and keep access_key_id using AWS_ACCESS_KEY_ID as shown. ``` </details> </blockquote></details> <details> <summary>agent-skills/atmos-components/SKILL.md (1)</summary><blockquote> `372-373`: _⚠️ Potential issue_ | _🟠 Major_ **Fix malformed `!terraform.output` examples.** These examples pass a slash-delimited token instead of separate `component output` arguments, which can break parsing. <details> <summary>Suggested doc fix</summary> ```diff - vpc_id: !terraform.output vpc/vpc_id - subnet_ids: !terraform.output vpc/private_subnet_ids + vpc_id: !terraform.output vpc vpc_id + subnet_ids: !terraform.output vpc private_subnet_ids ``` </details> Based on learnings: In `internal/exec/yaml_func_terraform_output.go`, `processTagTerraformOutput` expects split positional args and rejects malformed parameter forms. <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-components/SKILL.md` around lines 372 - 373, The examples using the custom tag are malformed because they pass a slash-delimited token; update the two examples so the tag receives separate positional arguments (component then output) instead of a single "component/output" token — e.g. replace "!terraform.output vpc/vpc_id" with "!terraform.output vpc vpc_id" and "!terraform.output vpc/private_subnet_ids" with "!terraform.output vpc private_subnet_ids" so they match processTagTerraformOutput's expected split positional args. ``` </details> </blockquote></details> <details> <summary>agent-skills/atmos-ansible/SKILL.md (1)</summary><blockquote> `131-132`: _⚠️ Potential issue_ | _🟠 Major_ **Don’t normalize disabled SSH host-key checking in baseline examples.** These lines present `ANSIBLE_HOST_KEY_CHECKING: "false"` as default guidance. That weakens security posture and can enable MITM risk in real environments. <details> <summary>Suggested doc adjustment</summary> ```diff - ANSIBLE_HOST_KEY_CHECKING: "false" + # Prefer strict host key checking in production + ANSIBLE_HOST_KEY_CHECKING: "true" ``` ```diff -- **`ANSIBLE_HOST_KEY_CHECKING`** -- Disable SSH host key checking (set to `false`). +- **`ANSIBLE_HOST_KEY_CHECKING`** -- Controls SSH host key checking. Prefer `true` in production; disable only for explicitly accepted non-prod/ephemeral workflows. ``` </details> Also applies to: 169-170, 315-316, 327-328 <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-ansible/SKILL.md` around lines 131 - 132, Replace the insecure baseline examples that set ANSIBLE_HOST_KEY_CHECKING: "false" with a secure default (either remove the key so the system default is used or set to "True"/"ask" and add a short explanatory comment), and update all instances matching the exact token ANSIBLE_HOST_KEY_CHECKING: "false" (the occurrences called out in the review) so examples and docs no longer recommend disabling SSH host-key checking. ``` </details> </blockquote></details> <details> <summary>agent-skills/atmos-validation/SKILL.md (1)</summary><blockquote> `195-217`: _⚠️ Potential issue_ | _🟠 Major_ **Correct the `errors` rule contract and example semantics.** Line 197 says `errors` returns arrays, but the documented pattern `errors[message] { ... }` is set-style semantics (deduplicated/unordered), not an array contract. This is misleading and can cause invalid policy assumptions. <details> <summary>Suggested doc fix</summary> ```diff All Atmos OPA policies must: 1. Use `package atmos` -2. Define `errors` rules that return arrays of error message strings +2. Define `errors` rules that add error message strings to the `errors` set ``` ```diff -# Block public IPs in production -errors[message] { +# Block public IPs in production +errors contains message if { input.vars.stage == "prod" input.vars.map_public_ip_on_launch == true message = "Mapping public IPs on launch is not allowed in 'prod'" } ``` </details> ```web In Open Policy Agent Rego, what are the semantics of `errors[message] { ... }` versus `errors := [...]`, and what is the OPA v1-compatible syntax for partial set rules? ``` <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-validation/SKILL.md` around lines 195 - 217, Update the wording and example to say that the documented errors rule uses partial set-rule semantics (deduplicated, unordered set) not an "array"—replace "returns arrays" with "defines a set via partial set rules (errors[message] { ... })" and keep the example using errors[message] { ... } for partial sets; also document the OPA v1-compatible alternative for an array/ordered list using an assignment with a literal (e.g., errors := ["msg1","msg2"] or errors = ["msg1","msg2"]) when an ordered array is required so readers know to use errors[message] for set semantics and := (or =) with a literal for array semantics. ``` </details> </blockquote></details> <details> <summary>agent-skills/atmos-custom-commands/SKILL.md (1)</summary><blockquote> `266-267`: _⚠️ Potential issue_ | _🟡 Minor_ **Keep `ComponentConfig` field paths consistently scoped.** Lines 266-267 mix scoped and unscoped paths. The list should consistently use `.ComponentConfig.<field>`. <details> <summary>Suggested doc fix</summary> ```diff -Available fields: `.ComponentConfig.component`, `.backend`, `.workspace`, `.vars`, `.settings`, -`.env`, `.deps`, `.metadata`. For the complete field reference, see +Available fields: `.ComponentConfig.component`, `.ComponentConfig.backend`, `.ComponentConfig.workspace`, `.ComponentConfig.vars`, `.ComponentConfig.settings`, +`.ComponentConfig.env`, `.ComponentConfig.deps`, `.ComponentConfig.metadata`. For the complete field reference, see ``` </details> <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-custom-commands/SKILL.md` around lines 266 - 267, The list mixes scoped and unscoped field paths; update the entries so every field is consistently prefixed with ComponentConfig (i.e., change `.backend`, `.workspace`, `.vars`, `.settings`, `.env`, `.deps`, `.metadata` to `.ComponentConfig.backend`, `.ComponentConfig.workspace`, `.ComponentConfig.vars`, `.ComponentConfig.settings`, `.ComponentConfig.env`, `.ComponentConfig.deps`, `.ComponentConfig.metadata`) so all items follow the `.ComponentConfig.<field>` pattern and match `.ComponentConfig.component`. ``` </details> </blockquote></details> <details> <summary>agent-skills/atmos-auth/references/commands-reference.md (1)</summary><blockquote> `510-510`: _⚠️ Potential issue_ | _🟠 Major_ **Use the canonical debug env var name in the example.** Line 510 should use `ATMOS_LOGS_LEVEL`, not `ATMOS_LOG_LEVEL`; the current command won’t set the intended log level. <details> <summary>Suggested doc fix</summary> ```diff -ATMOS_LOG_LEVEL=Debug atmos auth whoami +ATMOS_LOGS_LEVEL=Debug atmos auth whoami ``` </details> <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-auth/references/commands-reference.md` at line 510, Replace the incorrect environment variable usage "ATMOS_LOG_LEVEL" with the canonical name "ATMOS_LOGS_LEVEL" in the command example (the line containing ATMOS_LOG_LEVEL=Debug atmos auth whoami) so the example actually sets the intended debug level; update the example text in commands-reference.md to use ATMOS_LOGS_LEVEL=Debug. ``` </details> </blockquote></details> <details> <summary>agent-skills/atmos-design-patterns/references/stack-organization.md (2)</summary><blockquote> `421-427`: _⚠️ Potential issue_ | _🟡 Minor_ **Undefined layer imported in the example.** The example imports `layers/security` but the layer definitions section (lines 384-388) doesn't include `security.yaml`. Either add a security layer definition or remove it from the import list. <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-design-patterns/references/stack-organization.md` around lines 421 - 427, The import list in stacks/deploy/prod.yaml references a non-existent layer ("layers/security"); either add a corresponding layer definition file named security.yaml in the layers definitions (so layers/security exists) or remove the import entry "layers/security" from the prod.yaml imports; update the stacks/deploy/prod.yaml import block or create a new layers/security (security.yaml) definition to restore consistency. ``` </details> --- `349-353`: _⚠️ Potential issue_ | _🟡 Minor_ **Align the import chain with the dev environment example.** The import chain visualization shows `prod/_defaults.yaml` but the preceding file example at line 339 is for `dev/network.yaml`. The chain should reference `dev/_defaults.yaml` for consistency. <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-design-patterns/references/stack-organization.md` around lines 349 - 353, Update the import chain so it matches the dev example: replace "prod/_defaults.yaml" with "dev/_defaults.yaml" in the code block that lists the chain (the block containing network.yaml -> prod/_defaults.yaml -> plat/_defaults.yaml -> acme/_defaults.yaml) so it reads network.yaml -> dev/_defaults.yaml -> plat/_defaults.yaml -> acme/_defaults.yaml, ensuring consistency with the preceding dev/network.yaml example. ``` </details> </blockquote></details> <details> <summary>docs/prd/atmos-agent-skills.md (1)</summary><blockquote> `390-390`: _⚠️ Potential issue_ | _🟡 Minor_ **Update the skill count in Phase 2 completion note.** Line 390 mentions "16 skills" but the inventory at line 210 correctly shows 19 skills. Update "all 16 skills" to "all 19 skills" for consistency. <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@docs/prd/atmos-agent-skills.md` at line 390, Update the Phase 2 completion note string that currently reads "all 16 skills" to "all 19 skills" so it matches the inventory count; search for the exact phrase "all 16 skills" in the docs/prd/atmos-agent-skills.md Phase 2 completion note and replace it with "all 19 skills". ``` </details> </blockquote></details> <details> <summary>agent-skills/atmos-schemas/references/schema-structure.md (1)</summary><blockquote> `198-207`: _⚠️ Potential issue_ | _🟠 Major_ **Fix the character-class range in the component-name regex.** The pattern `^[/a-zA-Z0-9-_{}. ]+$` contains `0-9-_` which creates an unintended ASCII range from '9' (57) to '_' (95), permitting extra punctuation like `:`, `;`, `<`, `=`, `>`, `?`, `@`, `[`, `\`, `]`, `^` that shouldn't be allowed according to the text at line 207. Demonstrating the issue: ```shell #!/bin/bash set -euo pipefail echo "Testing current regex pattern against various component names:" python3 - <<'PY' import re # Current pattern from line 198 pat = re.compile(r'^[/a-zA-Z0-9-_{}. ]+$') tests = [ ("valid-name", True), ("team/service", True), ("name.with.dot", True), ("bad:colon", False), # Should be rejected ("bad@at", False), # Should be rejected ("bad;semi", False), # Should be rejected ] print(f"{'Component Name':<20} {'Expected':<10} {'Actual':<10} {'Status'}") print("-" * 50) for name, expected in tests: actual = bool(pat.fullmatch(name)) status = "✓ PASS" if actual == expected else "✗ FAIL" print(f"{name:<20} {str(expected):<10} {str(actual):<10} {status}") PY ``` <details> <summary>🔧 Proposed fix</summary> Move the hyphen to the start or end of the character class, or escape it: ```diff - "^[/a-zA-Z0-9-_{}. ]+$": { "$ref": "#/definitions/terraform_component_manifest" } + "^[/a-zA-Z0-9_{}. -]+$": { "$ref": "#/definitions/terraform_component_manifest" } ``` </details> <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-schemas/references/schema-structure.md` around lines 198 - 207, The component-name regex in schema-structure.md currently uses the character class '^[/a-zA-Z0-9-_{}. ]+$' which accidentally defines a range because the hyphen is between 0 and _. Update that pattern (the value used under patternProperties) to treat the hyphen literally by either escaping the hyphen or moving it to the start or end of the character class so only the intended characters (letters, digits, underscore, hyphen, dot, space, slash, and braces) are allowed; then run the provided test cases to verify bad characters like ':' '@' and ';' are rejected. ``` </details> </blockquote></details> <details> <summary>agent-skills/atmos-templates/references/go-templates.md (1)</summary><blockquote> `14-17`: _⚠️ Potential issue_ | _🟡 Minor_ **Fix nested quote issue.** Line 16 has nested double quotes that will break YAML parsing. The inner `"prod"` conflicts with the outer quotes. <details> <summary>Suggested fix</summary> ```diff # Conditional -enabled: "{{ if eq .vars.stage "prod" }}true{{ else }}false{{ end }}" +enabled: '{{ if eq .vars.stage "prod" }}true{{ else }}false{{ end }}' ``` </details> <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-templates/references/go-templates.md` around lines 14 - 17, The YAML template has nested double quotes in the enabled line causing invalid YAML; update the template expression used in the enabled key (the {{ if eq .vars.stage "prod" }} ... {{ end }} block) to avoid double-quote nesting — e.g., use single quotes around prod or otherwise escape the inner quotes so the outer YAML string remains valid; modify the enabled template expression to use '.vars.stage' comparison with 'prod' in single quotes (or an equivalent quoting/escaping) to fix parsing. ``` </details> </blockquote></details> <details> <summary>agent-skills/atmos-gitops/references/github-actions.md (1)</summary><blockquote> `246-249`: _⚠️ Potential issue_ | _🟠 Major_ **Enable encrypted uploads for plan storage.** The example sets `allow_encrypted_uploads_only: false`, which weakens security for plan artifacts. Production examples should default to secure settings. <details> <summary>Suggested fix</summary> ```diff vars: name: gitops-plan-storage - allow_encrypted_uploads_only: false + allow_encrypted_uploads_only: true ``` </details> <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-gitops/references/github-actions.md` around lines 246 - 249, Update the example vars for the gitops-plan-storage bucket to enable encrypted uploads by changing the allow_encrypted_uploads_only setting from false to true; locate the vars block where name: gitops-plan-storage and ensure allow_encrypted_uploads_only is set to true so production examples default to secure encrypted artifact uploads. ``` </details> </blockquote></details> </blockquote></details> <details> <summary>🧹 Nitpick comments (3)</summary><blockquote> <details> <summary>agent-skills/atmos-schemas/SKILL.md (1)</summary><blockquote> `168-168`: **Add language identifier for better syntax highlighting.** The JSON code block at line 168 is missing a language identifier. Same applies to lines 347, 360-389 (multiple JSON examples). <details> <summary>💅 Proposed fix</summary> ```diff -``` +```json { "yaml.schemaStore.enable": true } ``` Apply similar fixes to the JSON examples at lines 347, 360-389. </details> <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against the current code and only fix it if needed.
In
@agent-skills/atmos-schemas/SKILL.mdat line 168, Update the Markdown JSON
code fences in SKILL.md to include the json language identifier; specifically
replace the plain triple-backtick fences around the JSON examples (for example
the block containing {"yaml.schemaStore.enable": true} and the other JSON
examples later in the file) withjson so the blocks render with proper syntax highlighting; ensure every JSON example (the blocks around the single-line JSON and the multi-line examples) begins withjson and ends with ```.</details> </blockquote></details> <details> <summary>agent-skills/atmos-design-patterns/SKILL.md (1)</summary><blockquote> `36-44`: **Consider adding language identifiers to code blocks.** Several code blocks would benefit from language identifiers for better syntax highlighting: - Line 36: Directory structure (use `plaintext`) - Line 283: YAML example (use `yaml`) - Line 322: YAML locals example (use `yaml`) - Line 395: Anti-patterns list (use `plaintext`) <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against the current code and only fix it if needed.
In
@agent-skills/atmos-design-patterns/SKILL.mdaround lines 36 - 44, Add
explicit language identifiers to the markdown code fences in SKILL.md: for the
directory structure block beginning with "stacks/ catalog/ vpc/
defaults.yaml" change the openingtoplaintext; for the YAML example and
the YAML locals example (the blocks labeled "YAML example" and "YAML locals
example") change their opening fences toyaml; and for the Anti-patterns list block change its opening fence toplaintext so code blocks get proper syntax
highlighting.</details> </blockquote></details> <details> <summary>agent-skills/atmos-gitops/SKILL.md (1)</summary><blockquote> `24-188`: **Comprehensive GitOps workflow documentation.** The change detection explanation and GitHub Actions integration details are thorough and accurate. The matrix limitation workaround pattern is particularly valuable. Optional style improvements flagged by linters (GitHub capitalization on lines 120, 359; missing punctuation on lines 167, 187) can be addressed in a documentation polish pass if desired. <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-gitops/SKILL.md` around lines 24 - 188, Minor stylistic fixes: scan the SKILL.md sections like "GitHub Actions Integration", "GitOps Workflow Pattern", and "256 Matrix Limitation" and correct inconsistent capitalization of "GitHub" where it appears lowercased, and add missing terminal punctuation (periods) to the two sentences flagged by linters (the short explanatory lines about group-by/jq usage and the final sentence in the matrix workaround paragraph); keep wording unchanged aside from capitalization and punctuation fixes. ``` </details> </blockquote></details> </blockquote></details> <details> <summary>🤖 Prompt for all review comments with AI agents</summary>Verify each finding against the current code and only fix it if needed.
Inline comments:
In@agent-skills/AGENTS.md:
- Around line 81-83: Update the docs to use the correct key name: replace the
incorrect example keymetadata.inheritwithmetadata.inheritsin the
"Component reuse" pattern so the example shows the working configuration shape;
ensure any mention ofmetadata.inheritelsewhere in the same section is also
updated tometadata.inheritsfor consistency.In
@agent-skills/atmos-stacks/SKILL.md:
- Around line 289-304: The fenced code block in SKILL.md that shows the
directory tree (the block starting around the "stacks/ orgs/ acme/ ..." example)
is missing a language tag; update the opening fence fromtotext so the
block becomes a labeled text code block (i.e., change the opening triple
backticks to ```text) to satisfy markdown linting and improve readability.In
@agent-skills/atmos-stores/SKILL.md:
- Line 401: The table row contains an unescaped pipe in the cell text "Add
| defaultfallback value to the!storecall" which breaks the Markdown table;
fix it by escaping the pipe or rendering it as inline code so the pipe is
treated literally—e.g., replace| defaultwith either "| default" or wrap it
as inline code like| defaultin the same table cell (change the cell content
in SKILL.md where the row mentioning Key not found errors / Component not yet
provisioned / Add| defaultfallback value to the!storecall appears).In
@agent-skills/atmos-toolchain/SKILL.md:
- Around line 27-33: The
.tool-versionscode fences in SKILL.md are unlabeled
and trigger MD040; update both triple-backtick fences that contain the tool
lists (the blocks showing "terraform 1.9.8..." and the second block with "#
.tool-versions ...") to use a "text" language label (changetotext) so
syntax-highlighting/linting is consistent, and ensure the second snippet retains
its comment "# .tool-versions" while being surrounded by ```text.In
@agent-skills/atmos-validation/references/json-schema.md:
- Around line 60-80: The JSON snippet for the schema contains JavaScript-style
comments (e.g., inside the "properties" of "vars" and the "required" array)
which are invalid JSON; remove those comments and replace them with valid
placeholders (e.g., an empty object for "properties" and an empty array or
example strings for "required"), or move the explanatory guidance outside the
JSON code block so the snippet remains parseable; update the schema example
around the "vars" property and its "properties" / "required" entries in
json-schema.md to use valid JSON placeholders instead of "//" comments.
Duplicate comments:
In@agent-skills/AGENTS.md:
- Around line 93-94: Update the Toolchain bullet in AGENTS.md so the sentence
ends with terminal punctuation: add a period at the end of the line containing
"Toolchain: Declare tool versions in.tool-versions, configure registries
inatmos.yaml, runatmos toolchain installto set up the project" to ensure
the bullet has proper punctuation.In
@agent-skills/atmos-ansible/SKILL.md:
- Around line 131-132: Replace the insecure baseline examples that set
ANSIBLE_HOST_KEY_CHECKING: "false" with a secure default (either remove the key
so the system default is used or set to "True"/"ask" and add a short explanatory
comment), and update all instances matching the exact token
ANSIBLE_HOST_KEY_CHECKING: "false" (the occurrences called out in the review) so
examples and docs no longer recommend disabling SSH host-key checking.In
@agent-skills/atmos-auth/references/commands-reference.md:
- Line 510: Replace the incorrect environment variable usage "ATMOS_LOG_LEVEL"
with the canonical name "ATMOS_LOGS_LEVEL" in the command example (the line
containing ATMOS_LOG_LEVEL=Debug atmos auth whoami) so the example actually sets
the intended debug level; update the example text in commands-reference.md to
use ATMOS_LOGS_LEVEL=Debug.In
@agent-skills/atmos-auth/references/providers-and-identities.md:
- Around line 419-424: The fenced code block showing the profiles tree (the
block starting with "profiles/" and the three auth.yaml lines) lacks a language
tag; update that fenced block to include a language identifier such astext
(i.e., change the opening triple backticks to ```text) so the Markdown linter
MD040 is satisfied and lint output is clean.- Around line 203-204: The exported environment variable list contains a
duplicate entry for ARM_SUBSCRIPTION_ID; edit the list in
providers-and-identities.md to remove the repeated ARM_SUBSCRIPTION_ID so each
env var appears only once (ensure the remaining entries include
AZURE_SUBSCRIPTION_ID, ARM_SUBSCRIPTION_ID, AZURE_LOCATION, etc.).- Around line 178-180: The secret env var name in the YAML snippet is
non-standard: change the value used for secret_access_key from AWS_SECRET_KEY to
the standard AWS_SECRET_ACCESS_KEY so tooling/SDKs pick it up; ensure the line
remains using the !env operator (secret_access_key: !env AWS_SECRET_ACCESS_KEY)
and keep access_key_id using AWS_ACCESS_KEY_ID as shown.In
@agent-skills/atmos-components/SKILL.md:
- Around line 372-373: The examples using the custom tag are malformed because
they pass a slash-delimited token; update the two examples so the tag receives
separate positional arguments (component then output) instead of a single
"component/output" token — e.g. replace "!terraform.output vpc/vpc_id" with
"!terraform.output vpc vpc_id" and "!terraform.output vpc/private_subnet_ids"
with "!terraform.output vpc private_subnet_ids" so they match
processTagTerraformOutput's expected split positional args.In
@agent-skills/atmos-custom-commands/SKILL.md:
- Around line 266-267: The list mixes scoped and unscoped field paths; update
the entries so every field is consistently prefixed with ComponentConfig (i.e.,
change.backend,.workspace,.vars,.settings,.env,.deps,
.metadatato.ComponentConfig.backend,.ComponentConfig.workspace,
.ComponentConfig.vars,.ComponentConfig.settings,.ComponentConfig.env,
.ComponentConfig.deps,.ComponentConfig.metadata) so all items follow the
.ComponentConfig.<field>pattern and match.ComponentConfig.component.In
@agent-skills/atmos-design-patterns/references/stack-organization.md:
- Around line 421-427: The import list in stacks/deploy/prod.yaml references a
non-existent layer ("layers/security"); either add a corresponding layer
definition file named security.yaml in the layers definitions (so
layers/security exists) or remove the import entry "layers/security" from the
prod.yaml imports; update the stacks/deploy/prod.yaml import block or create a
new layers/security (security.yaml) definition to restore consistency.- Around line 349-353: Update the import chain so it matches the dev example:
replace "prod/_defaults.yaml" with "dev/_defaults.yaml" in the code block that
lists the chain (the block containing network.yaml -> prod/_defaults.yaml ->
plat/_defaults.yaml -> acme/_defaults.yaml) so it reads network.yaml ->
dev/_defaults.yaml -> plat/_defaults.yaml -> acme/_defaults.yaml, ensuring
consistency with the preceding dev/network.yaml example.In
@agent-skills/atmos-gitops/references/github-actions.md:
- Around line 246-249: Update the example vars for the gitops-plan-storage
bucket to enable encrypted uploads by changing the allow_encrypted_uploads_only
setting from false to true; locate the vars block where name:
gitops-plan-storage and ensure allow_encrypted_uploads_only is set to true so
production examples default to secure encrypted artifact uploads.In
@agent-skills/atmos-packer/references/commands-reference.md:
- Around line 7-15: The docs contradict themselves about the --stack
requirement: update the opening syntax line and/or thesource listentry so
they match; either make--stackexplicitly optional only for theversionand
source listcommands (update the first bullet to say "--stack/-s-- The
target Atmos stack (required for all commands exceptversionandsource list)") or conversely makesource listrequire--stackand change its
documentation to match the original rule; ensure you modify the top-level usage
line and thesource listdescription consistently so theatmos packer <sub-command>docs are not contradictory.In
@agent-skills/atmos-schemas/references/schema-structure.md:
- Around line 198-207: The component-name regex in schema-structure.md currently
uses the character class '^[/a-zA-Z0-9-_{}. ]+$' which accidentally defines a
range because the hyphen is between 0 and _. Update that pattern (the value used
under patternProperties) to treat the hyphen literally by either escaping the
hyphen or moving it to the start or end of the character class so only the
intended characters (letters, digits, underscore, hyphen, dot, space, slash, and
braces) are allowed; then run the provided test cases to verify bad characters
like ':' '@' and ';' are rejected.In
@agent-skills/atmos-stores/references/store-providers.md:
- Around line 63-65: Several fenced code blocks are unlabeled (e.g. the blocks
containing
"////...//",
"/myapp/plat/ue2/prod/vpc/vpc_id", "myapp-plat-ue2-prod-vpc-network-vpc_id ->
myapp-plat-ue2-prod-vpc-network-vpc-id", "myapp_plat_ue2_prod_vpc_vpc_id",
"///", and
"<repo_name>////"); update each
triple-backtick fence for these examples to include a language tag (use text) so
they becometext ...to silence MD040 warnings and maintain consistency
across the examples.In
@agent-skills/atmos-templates/references/go-templates.md:
- Around line 14-17: The YAML template has nested double quotes in the enabled
line causing invalid YAML; update the template expression used in the enabled
key (the {{ if eq .vars.stage "prod" }} ... {{ end }} block) to avoid
double-quote nesting — e.g., use single quotes around prod or otherwise escape
the inner quotes so the outer YAML string remains valid; modify the enabled
template expression to use '.vars.stage' comparison with 'prod' in single quotes
(or an equivalent quoting/escaping) to fix parsing.In
@agent-skills/atmos-validation/SKILL.md:
- Around line 195-217: Update the wording and example to say that the documented
errors rule uses partial set-rule semantics (deduplicated, unordered set) not an
"array"—replace "returns arrays" with "defines a set via partial set rules
(errors[message] { ... })" and keep the example using errors[message] { ... }
for partial sets; also document the OPA v1-compatible alternative for an
array/ordered list using an assignment with a literal (e.g., errors :=
["msg1","msg2"] or errors = ["msg1","msg2"]) when an ordered array is required
so readers know to use errors[message] for set semantics and := (or =) with a
literal for array semantics.In
@docs/prd/atmos-agent-skills.md:
- Line 390: Update the Phase 2 completion note string that currently reads "all
16 skills" to "all 19 skills" so it matches the inventory count; search for the
exact phrase "all 16 skills" in the docs/prd/atmos-agent-skills.md Phase 2
completion note and replace it with "all 19 skills".
Nitpick comments:
In@agent-skills/atmos-design-patterns/SKILL.md:
- Around line 36-44: Add explicit language identifiers to the markdown code
fences in SKILL.md: for the directory structure block beginning with "stacks/
catalog/ vpc/ defaults.yaml" change the openingtoplaintext; for the
YAML example and the YAML locals example (the blocks labeled "YAML example" and
"YAML locals example") change their opening fences toyaml; and for the Anti-patterns list block change its opening fence toplaintext so code blocks
get proper syntax highlighting.In
@agent-skills/atmos-gitops/SKILL.md:
- Around line 24-188: Minor stylistic fixes: scan the SKILL.md sections like
"GitHub Actions Integration", "GitOps Workflow Pattern", and "256 Matrix
Limitation" and correct inconsistent capitalization of "GitHub" where it appears
lowercased, and add missing terminal punctuation (periods) to the two sentences
flagged by linters (the short explanatory lines about group-by/jq usage and the
final sentence in the matrix workaround paragraph); keep wording unchanged aside
from capitalization and punctuation fixes.In
@agent-skills/atmos-schemas/SKILL.md:
- Line 168: Update the Markdown JSON code fences in SKILL.md to include the json
language identifier; specifically replace the plain triple-backtick fences
around the JSON examples (for example the block containing
{"yaml.schemaStore.enable": true} and the other JSON examples later in the file)
withjson so the blocks render with proper syntax highlighting; ensure every JSON example (the blocks around the single-line JSON and the multi-line examples) begins withjson and ends with ```.</details> --- <details> <summary>ℹ️ Review info</summary> **Configuration used**: Path: .coderabbit.yaml **Review profile**: CHILL **Plan**: Pro **Disabled knowledge base sources:** - Linear integration is disabled > You can enable these sources in your CodeRabbit configuration. <details> <summary>📥 Commits</summary> Reviewing files that changed from the base of the PR and between 500921637cd06ee89a6b07ba596dbc3dfb383ad7 and 07e1817db5e5047d3178054c72e19c8f51f427d5. </details> <details> <summary>📒 Files selected for processing (53)</summary> * `.claude/skills` * `agent-skills/AGENTS.md` * `agent-skills/atmos-ansible/SKILL.md` * `agent-skills/atmos-ansible/references/commands-reference.md` * `agent-skills/atmos-auth/SKILL.md` * `agent-skills/atmos-auth/references/commands-reference.md` * `agent-skills/atmos-auth/references/providers-and-identities.md` * `agent-skills/atmos-components/SKILL.md` * `agent-skills/atmos-components/references/component-types.md` * `agent-skills/atmos-components/references/examples.md` * `agent-skills/atmos-custom-commands/SKILL.md` * `agent-skills/atmos-custom-commands/references/command-syntax.md` * `agent-skills/atmos-design-patterns/SKILL.md` * `agent-skills/atmos-design-patterns/references/stack-organization.md` * `agent-skills/atmos-design-patterns/references/version-management.md` * `agent-skills/atmos-devcontainer/SKILL.md` * `agent-skills/atmos-devcontainer/references/commands-reference.md` * `agent-skills/atmos-gitops/SKILL.md` * `agent-skills/atmos-gitops/references/github-actions.md` * `agent-skills/atmos-gitops/references/spacelift.md` * `agent-skills/atmos-helmfile/SKILL.md` * `agent-skills/atmos-helmfile/references/commands-reference.md` * `agent-skills/atmos-introspection/SKILL.md` * `agent-skills/atmos-introspection/references/commands-reference.md` * `agent-skills/atmos-packer/SKILL.md` * `agent-skills/atmos-packer/references/commands-reference.md` * `agent-skills/atmos-schemas/SKILL.md` * `agent-skills/atmos-schemas/references/schema-structure.md` * `agent-skills/atmos-stacks/SKILL.md` * `agent-skills/atmos-stacks/references/import-patterns.md` * `agent-skills/atmos-stacks/references/inheritance-deep-merge.md` * `agent-skills/atmos-stores/SKILL.md` * `agent-skills/atmos-stores/references/store-providers.md` * `agent-skills/atmos-templates/SKILL.md` * `agent-skills/atmos-templates/references/go-templates.md` * `agent-skills/atmos-templates/references/yaml-functions-reference.md` * `agent-skills/atmos-terraform/SKILL.md` * `agent-skills/atmos-terraform/references/backend-configuration.md` * `agent-skills/atmos-terraform/references/commands-reference.md` * `agent-skills/atmos-toolchain/SKILL.md` * `agent-skills/atmos-toolchain/references/commands-reference.md` * `agent-skills/atmos-validation/SKILL.md` * `agent-skills/atmos-validation/references/json-schema.md` * `agent-skills/atmos-validation/references/opa-policies.md` * `agent-skills/atmos-vendoring/SKILL.md` * `agent-skills/atmos-vendoring/references/vendor-manifest.md` * `agent-skills/atmos-workflows/SKILL.md` * `agent-skills/atmos-workflows/references/workflow-syntax.md` * `docs/prd/atmos-agent-skills.md` * `website/blog/2026-02-27-ai-agent-skills.mdx` * `website/docs/integrations/ai/agent-skills.mdx` * `website/sidebars.js` * `website/src/data/roadmap.js` </details> </details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
Contributor
There was a problem hiding this comment.
Actionable comments posted: 13
♻️ Duplicate comments (4)
agent-skills/atmos-stacks/SKILL.md (1)
329-329:⚠️ Potential issue | 🟠 MajorFix
!terraform.outputsyntax in YAML Functions section.The current example uses a single
<component>/<output>token, but Atmos expects positional args for component and output name.Suggested doc fix
-- `!terraform.output <component>/<output>` -- Read Terraform outputs from another component. +- `!terraform.output <component> <output>` -- Read Terraform outputs from another component.Based on learnings: in Atmos,
processTagTerraformOutputparses positional space-delimited arguments, so slash-combined examples are malformed.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-stacks/SKILL.md` at line 329, Update the YAML Functions docs to use space-separated positional args for Terraform outputs: replace the malformed example `!terraform.output <component>/<output>` with the correct form `!terraform.output <component> <output>` (reflecting how processTagTerraformOutput parses positional, space-delimited arguments); update any surrounding text or examples that reference `!terraform.output` to use two separate positional tokens (component and output) so examples match the implementation in processTagTerraformOutput.agent-skills/atmos-ansible/SKILL.md (1)
132-142:⚠️ Potential issue | 🟠 MajorAvoid normalizing
ANSIBLE_HOST_KEY_CHECKING: "false"in primary examples.Even with caution text, the repeated literal value on Line 141, Line 181, and Line 340 still teaches an insecure default. Prefer secure baseline examples and move
"false"to explicitly temporary/dev-only override snippets.Suggested doc adjustment
ansible: vars: managed_by: Atmos env: - ANSIBLE_HOST_KEY_CHECKING: "false" + ANSIBLE_HOST_KEY_CHECKING: "true"env: - ANSIBLE_HOST_KEY_CHECKING: "false" + # Temporary dev-only override with explicit risk acceptance + ANSIBLE_HOST_KEY_CHECKING: "false"Also applies to: 173-183, 334-341
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-ansible/SKILL.md` around lines 132 - 142, Update the examples so the primary/production-ready snippet does not set ANSIBLE_HOST_KEY_CHECKING: "false"; instead present a secure baseline (omit the variable or set it to a secure value) and move the insecure `"false"` assignment into clearly labeled temporary/dev-only override examples. Locate occurrences of the ANSIBLE_HOST_KEY_CHECKING variable in the document (the example blocks around the current ansible vars/env sections) and replace the insecure default with the secure baseline, then add a separate, explicit "dev-only" override example showing ANSIBLE_HOST_KEY_CHECKING: "false" with a prominent warning.agent-skills/atmos-vendoring/SKILL.md (1)
349-352:⚠️ Potential issue | 🟡 MinorAlign this heading guidance with your own exception policy.
“Always pin versions” is stricter than the nuanced guidance later in this file (Lines 362-363, 407). Recommend making this line consistent to avoid mixed signals.
Suggested edit
-Always pin versions in your vendor manifest for reproducible builds: +Pin versions by default in your vendor manifest for reproducible builds:Based on learnings, in
examples/demo-vendoring/vendor.d/vendor1.yaml, usingmainis acceptable when pinning to a specific version is not practical.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-vendoring/SKILL.md` around lines 349 - 352, Update the "## Version Pinning" heading and its first sentence to match the repo's exception policy (remove the absolutist "Always pin versions" and replace with wording like "Prefer pinning versions" or "Pin versions when practical"); also add a short clarifying sentence linking to the existing exception guidance referenced later in this file (see the discussion near lines mentioning the exception policy and examples/demo-vendoring/vendor.d/vendor1.yaml where using main is acceptable) so readers aren’t given mixed signals.agent-skills/atmos-validation/SKILL.md (1)
199-216:⚠️ Potential issue | 🟠 MajorUpdate Rego examples to OPA v1 syntax.
The documentation examples use OPA v0 syntax (
errors[message] { ... }) but Atmos runs OPA v1.14.0, which requireserrors contains message if { ... }. Users copying these examples will hit parse errors. Update lines 205, 210, and similar blocks to use the v1 syntax.Example fix:
# Old (v0) – will fail on OPA v1 errors[message] { input.vars.stage == "prod" message = "..." } # New (v1) – required errors contains message if { input.vars.stage == "prod" message = "..." }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-validation/SKILL.md` around lines 199 - 216, The Rego examples use OPA v0 rule syntax (errors[message] { ... }) which fails on OPA v1; update every errors rule to the v1 form by replacing patterns like "errors[message] { ... }" with "errors contains message if { ... }", preserving the body expressions (e.g., input.vars.stage == "prod", input.vars.map_public_ip_on_launch == true, and the name validation using re_match("^[a-zA-Z0-9]{2,20}$", input.vars.name)). Ensure the package declaration (package atmos) and imports (import future.keywords.in) remain, and apply the same transformation to all similar error blocks in this file so the rules validate under OPA v1.14.0.
🧹 Nitpick comments (5)
agent-skills/atmos-devcontainer/SKILL.md (1)
15-17: Clarify the relationship between Atmos devcontainer orchestration and Geodesic images.The text states that Atmos "replaces external tooling like Geodesic," but all configuration examples throughout the file (lines 35, 176, 195, 203) use
cloudposse/geodesic:latestas the container image. Consider clarifying that Atmos replaces Geodesic as the orchestration tool while still supporting Geodesic (or any other) container images, to avoid reader confusion.📝 Suggested clarification
Atmos provides native devcontainer management for creating standardized, reproducible development -environments. It replaces external tooling like Geodesic with a built-in system that integrates -with Atmos authentication, toolchains, and project configuration. +environments. It provides built-in orchestration that integrates with Atmos authentication, +toolchains, and project configuration, replacing the need for external orchestration tooling +like Geodesic (though Geodesic container images remain fully supported).🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-devcontainer/SKILL.md` around lines 15 - 17, The statement "replaces external tooling like Geodesic" is misleading given examples using the image tag cloudposse/geodesic:latest; update the prose in SKILL.md to say Atmos replaces Geodesic as an orchestration/management layer while still supporting Geodesic (and other) container images, and adjust or add a short note near the examples that the devcontainer image fields (e.g., cloudposse/geodesic:latest) are supported images rather than implying Geodesic is no longer usable; ensure references to "replaces" and the examples at lines showing cloudposse/geodesic:latest are reconciled so readers understand Atmos orchestrates containers and can use existing Geodesic images.agent-skills/atmos-config/references/sections-reference.md (1)
99-100: Consider varying the sentence structure.Three consecutive sentences starting with "For" creates repetition. You could consolidate the cross-references for better flow.
✨ Alternative phrasing
-For Terraform details, see the `atmos-terraform` skill. For Helmfile, see `atmos-helmfile`. -For Packer, see `atmos-packer`. For Ansible, see `atmos-ansible`. +For details on specific component types, see the `atmos-terraform`, `atmos-helmfile`, +`atmos-packer`, and `atmos-ansible` skills.Or keep them separate but vary the structure:
-For Terraform details, see the `atmos-terraform` skill. For Helmfile, see `atmos-helmfile`. -For Packer, see `atmos-packer`. For Ansible, see `atmos-ansible`. +See the `atmos-terraform` skill for Terraform details and `atmos-helmfile` for Helmfile. +Packer and Ansible configurations are covered in `atmos-packer` and `atmos-ansible` respectively.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-config/references/sections-reference.md` around lines 99 - 100, Consolidate or rephrase the three consecutive sentences that start with "For" in sections-reference.md to avoid repetition; either combine into one sentence like "See the atmos-terraform, atmos-helmfile, atmos-packer, and atmos-ansible skills for Terraform, Helmfile, Packer, and Ansible details respectively," or vary sentence openings (e.g., "Terraform details are in atmos-terraform; Helmfile is covered by atmos-helmfile; see atmos-packer for Packer and atmos-ansible for Ansible"). Update the line containing the cross-references to use the chosen consolidated/varied phrasing referencing atmos-terraform, atmos-helmfile, atmos-packer, and atmos-ansible.agent-skills/atmos-terraform/references/commands-reference.md (2)
28-28: Flag placement may confuse readers.The
--skip-initflag is documented under theinitcommand section, but the explanation says it "Does not apply to init itself, but skips auto-init for other commands." Consider moving this to a global flags section or adding a note like "Note: This flag is listed here for reference but applies to other commands that auto-run init."🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-terraform/references/commands-reference.md` at line 28, The --skip-init flag is misleading under the init section because it does not apply to init itself; either move the --skip-init entry out of the init command block into the global flags section or add a one-line clarifying note under the init section (e.g., "Note: --skip-init is documented here for reference but only affects other commands that auto-run init") so readers understand it applies to other commands, not init; update the text referencing --skip-init and the init command name to ensure the placement and note are consistent.
24-25: Clarify "can add -reconfigure".The phrase "can add
-reconfigure" is ambiguous. Does Atmos automatically add this flag in certain conditions, or are you noting that users can pass it? Consider rephrasing to "automatically adds-reconfigurewhen..." or "allows users to pass-reconfigure..." depending on the actual behavior.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-terraform/references/commands-reference.md` around lines 24 - 25, The phrase "can add `-reconfigure`" in the sentence "Atmos enhancements: cleans `.terraform/environment`, can add `-reconfigure`, supports `--init-pass-vars` for OpenTofu." is ambiguous; update the sentence to reflect the actual behavior: if Atmos automatically appends the flag, change it to "automatically adds `-reconfigure` when [condition]" (describe the condition), otherwise change it to "allows users to pass `-reconfigure`" (or "users may pass `-reconfigure`"). Keep the rest of the line intact (references to `.terraform/environment` and `--init-pass-vars`) and ensure the new wording replaces the ambiguous "can add `-reconfigure`".agent-skills/atmos-packer/references/commands-reference.md (1)
575-585: Consider noting the-fflag reuse in the summary.The
-fshort flag maps to--forceforsource pullandsource delete, but to--formatforsource list. While not a technical conflict, users might find this inconsistent. Consider adding a brief note to the summary explaining that-fhas different meanings across subcommands.💡 Optional documentation enhancement
Add a note below the table:
--- ## Common Flag Summary | Flag | Short | Applies To | Description | |------|-------|------------|-------------| | `--stack` | `-s` | All (except version, source list) | Target Atmos stack | | `--template` | `-t` | init, build, validate, inspect | Packer template file or directory | | `--query` | `-q` | output | YQ expression for manifest parsing | | `--force` | `-f` | source pull, source delete | Force operation | | `--identity` | `-i` | source pull | Authentication identity override | | `--format` | `-f` | source list | Output format (table/json/yaml/csv/tsv) | > **Note**: The `-f` short flag has different meanings depending on the subcommand: it represents `--force` for `source pull` and `source delete`, and `--format` for `source list`.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-packer/references/commands-reference.md` around lines 575 - 585, The flags table in commands-reference.md reuses the short flag `-f` for both `--force` (applies to `source pull`, `source delete`) and `--format` (applies to `source list`), which can confuse users; update the table by adding a brief clarifying note below the table (referencing the `--force`/`-f` and `--format`/`-f` entries) that explicitly states "`-f` has different meanings depending on the subcommand: `--force` for source pull/delete and `--format` for source list" so readers understand the reuse of `-f` across subcommands.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@agent-skills/atmos-auth/references/commands-reference.md`:
- Around line 504-510: The example shows an inconsistent flag: the snippet
includes "--verbose" for the command "atmos auth login" but the "login" command
does not support that flag in the reference; remove the misleading usage or
replace it with a supported flag. Update the example lines so "atmos auth login
--identity <name>" matches the documented "login" options (remove "--verbose" or
use a valid flag), and ensure "atmos auth validate --verbose" remains only for
commands that actually accept "--verbose" to keep examples consistent.
In `@agent-skills/atmos-design-patterns/references/version-management.md`:
- Line 1: The top-level heading "Version Management Patterns -- Detailed
Reference" should use an em dash instead of two hyphens and the phrase at line
158 "Two Organization Approaches" should be reworded to "Two Organizational
Approaches"; update the heading to "Version Management Patterns — Detailed
Reference" and replace the phrase "Two Organization Approaches" with "Two
Organizational Approaches" to tighten wording and improve readability.
In `@agent-skills/atmos-gitops/references/github-actions.md`:
- Around line 211-218: Update the table row for the GitHub Action named
`affected-stacks` so the column for "Atmos >= 1.63.0" lists the correct minimum
action version `v3` (instead of `v1`); locate the markdown table containing the
`affected-stacks` row and replace the current value in the Atmos >= 1.63.0
column with `v3` and optionally note the version range (e.g., v3 for Atmos >=
1.63.0, < 1.80.0) to match the README guidance.
- Line 23: Update the default value shown for the `token` parameter in the
GitHub Actions docs so it uses the correct Actions expression syntax; replace
the bare `github.token` reference with `${{ github.token }}` (or add a short
note that the value is a GitHub context and must be wrapped in `${{ }}`) so
users copying the example don't paste an invalid literal. Refer to the `token`
table entry and update the default column or add the clarifying note near that
row.
In `@agent-skills/atmos-helmfile/references/commands-reference.md`:
- Around line 351-356: Update the "Global Flags Available on All Commands" table
so it no longer states `--stack` is required for all commands; change the
`--stack` row to indicate that stack is optional or "varies by command" and add
a short parenthetical or link pointing to command-specific requirements (e.g.,
the `source list` command) so the global table doesn't conflict with command
docs like the `source list` examples that show no-stack usage.
In `@agent-skills/atmos-introspection/SKILL.md`:
- Around line 1-303: Update the Key flags documentation for the atmos describe
affected command to include the missing flags: add --ssh-key (PEM private key
path), --ssh-key-password (PEM encryption password), --clone-target-ref (target
ref to clone for comparison), --include-settings (include settings section for
each affected component), --include-spacelift-admin-stacks (include Spacelift
admin stacks), and the processing control flags --process-templates,
--process-functions (with defaults true), and --skip (skip specific YAML
functions); ensure these flags are listed alongside the existing --ref, --sha,
--include-dependents, --exclude-locked, --upload, and --repo-path entries and
that the processing flags mirror the descriptions used for atmos describe
component for consistency.
In `@agent-skills/atmos-packer/references/commands-reference.md`:
- Line 579: Update the "Applies To" column entry for the `--stack` / `-s` flag
in the commands reference table so it lists both exceptions `version` and
`source list` (not just `version`); locate the table row that contains the
`--stack` | `-s` | All (except version) | Target Atmos stack entry and change
the "All (except version)" text to "All (except version, source list)" so it
matches the earlier note about `source list`.
In `@agent-skills/atmos-schemas/SKILL.md`:
- Around line 191-203: The doc currently conflicts between "You must update all
four manifest schema files" and a later "at minimum" statement; pick one
consistent policy and make the exception path explicit: change the section in
SKILL.md to require updating all four schema files
(`website/static/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json`,
`pkg/datafetcher/schema/stacks/stack-config/1.0.json`,
`pkg/datafetcher/schema/atmos/manifest/1.0.json`,
`pkg/datafetcher/schema/config/global/1.0.json`) as the default rule, and
replace the later "at minimum" phrasing with an explicit exception clause that
states when only the website and stack-config schemas may be updated (e.g., for
cosmetic/non-structural changes), how to document the exception in the PR
description, and that an issue must be opened to track deferred updates; apply
the same clarification to the other occurrence referenced near lines 411-413.
In `@agent-skills/atmos-stores/SKILL.md`:
- Around line 223-229: Update the examples under vars to use the declared store
name prod/ssm instead of ssm: replace the two occurrences of "!store.get ssm
/myapp/prod/db/password" and "!store.get ssm /features/new-feature" so they call
"!store.get prod/ssm ..." (leave keys and the default "disabled" unchanged) and
ensure the example variable names db_password and feature_flag still reference
the updated !store.get calls.
In `@agent-skills/atmos-validation/SKILL.md`:
- Line 3: The Overview currently says "three types of native validation" but CUE
is implemented (ValidateWithCue in validate_utils.go) and listed as schema_type
'cue' in the schema properties table; update the Overview section in SKILL.md to
either include CUE explicitly in the list of validation types or rephrase to
"three core validation types plus CUE" so the narrative matches the
implementation and the schema properties table. Ensure the Overview wording
mentions CUE and stays consistent with the ValidateWithCue implementation and
the schema_type 'cue' entry.
In `@agent-skills/atmos-vendoring/references/vendor-manifest.md`:
- Line 107: Rewrite the fragment describing the version field into a complete
sentence: update the line that currently reads "Version identifier substituted
into `{{ .Version }}` placeholders in `source` and `targets`. Can be a semantic
version tag, branch name, or commit SHA." to a single grammatical sentence that
clearly states the purpose and allowed forms (for example, "The version
identifier is substituted into `{{ .Version }}` placeholders in `source` and
`targets` and may be a semantic version tag, branch name, or commit SHA.").
Target the description for the `version` field / `{{ .Version }}` placeholder in
vendor-manifest.md.
In `@agent-skills/atmos-workflows/references/workflow-syntax.md`:
- Line 237: The wording for the max_attempts field is ambiguous (says "Max
retries" but implies default 1 = no retry); update the documentation for the
max_attempts entry to clearly state whether the value represents total attempts
or the number of retries (and adjust the default explanation accordingly), e.g.,
change the description from "Max retries (default: 1, meaning no retry)" to an
explicit phrase referencing max_attempts and its semantics so readers know if
max_attempts = 1 means one total attempt or one retry; edit the line containing
the max_attempts example in workflow-syntax.md to reflect the clarified
semantics.
In `@agent-skills/atmos-workflows/SKILL.md`:
- Line 273: The docs mix two auto-step name formats (e.g., "step1" vs "step-2"),
causing copy/paste errors for flags like --from-step; standardize on the
canonical "stepN" format across the SKILL.md entries mentioned (replace
occurrences of "step-2", "step-3", etc., and any examples using "step-N" with
"step2", "step3", etc.), update the failure example and the text around lines
283-290 so all examples and CLI flags consistently use "stepN" (and ensure the
guide text still states Atmos auto-generates names as `step1`, `step2`,
`step3`).
---
Duplicate comments:
In `@agent-skills/atmos-ansible/SKILL.md`:
- Around line 132-142: Update the examples so the primary/production-ready
snippet does not set ANSIBLE_HOST_KEY_CHECKING: "false"; instead present a
secure baseline (omit the variable or set it to a secure value) and move the
insecure `"false"` assignment into clearly labeled temporary/dev-only override
examples. Locate occurrences of the ANSIBLE_HOST_KEY_CHECKING variable in the
document (the example blocks around the current ansible vars/env sections) and
replace the insecure default with the secure baseline, then add a separate,
explicit "dev-only" override example showing ANSIBLE_HOST_KEY_CHECKING: "false"
with a prominent warning.
In `@agent-skills/atmos-stacks/SKILL.md`:
- Line 329: Update the YAML Functions docs to use space-separated positional
args for Terraform outputs: replace the malformed example `!terraform.output
<component>/<output>` with the correct form `!terraform.output <component>
<output>` (reflecting how processTagTerraformOutput parses positional,
space-delimited arguments); update any surrounding text or examples that
reference `!terraform.output` to use two separate positional tokens (component
and output) so examples match the implementation in processTagTerraformOutput.
In `@agent-skills/atmos-validation/SKILL.md`:
- Around line 199-216: The Rego examples use OPA v0 rule syntax (errors[message]
{ ... }) which fails on OPA v1; update every errors rule to the v1 form by
replacing patterns like "errors[message] { ... }" with "errors contains message
if { ... }", preserving the body expressions (e.g., input.vars.stage == "prod",
input.vars.map_public_ip_on_launch == true, and the name validation using
re_match("^[a-zA-Z0-9]{2,20}$", input.vars.name)). Ensure the package
declaration (package atmos) and imports (import future.keywords.in) remain, and
apply the same transformation to all similar error blocks in this file so the
rules validate under OPA v1.14.0.
In `@agent-skills/atmos-vendoring/SKILL.md`:
- Around line 349-352: Update the "## Version Pinning" heading and its first
sentence to match the repo's exception policy (remove the absolutist "Always pin
versions" and replace with wording like "Prefer pinning versions" or "Pin
versions when practical"); also add a short clarifying sentence linking to the
existing exception guidance referenced later in this file (see the discussion
near lines mentioning the exception policy and
examples/demo-vendoring/vendor.d/vendor1.yaml where using main is acceptable) so
readers aren’t given mixed signals.
---
Nitpick comments:
In `@agent-skills/atmos-config/references/sections-reference.md`:
- Around line 99-100: Consolidate or rephrase the three consecutive sentences
that start with "For" in sections-reference.md to avoid repetition; either
combine into one sentence like "See the atmos-terraform, atmos-helmfile,
atmos-packer, and atmos-ansible skills for Terraform, Helmfile, Packer, and
Ansible details respectively," or vary sentence openings (e.g., "Terraform
details are in atmos-terraform; Helmfile is covered by atmos-helmfile; see
atmos-packer for Packer and atmos-ansible for Ansible"). Update the line
containing the cross-references to use the chosen consolidated/varied phrasing
referencing atmos-terraform, atmos-helmfile, atmos-packer, and atmos-ansible.
In `@agent-skills/atmos-devcontainer/SKILL.md`:
- Around line 15-17: The statement "replaces external tooling like Geodesic" is
misleading given examples using the image tag cloudposse/geodesic:latest; update
the prose in SKILL.md to say Atmos replaces Geodesic as an
orchestration/management layer while still supporting Geodesic (and other)
container images, and adjust or add a short note near the examples that the
devcontainer image fields (e.g., cloudposse/geodesic:latest) are supported
images rather than implying Geodesic is no longer usable; ensure references to
"replaces" and the examples at lines showing cloudposse/geodesic:latest are
reconciled so readers understand Atmos orchestrates containers and can use
existing Geodesic images.
In `@agent-skills/atmos-packer/references/commands-reference.md`:
- Around line 575-585: The flags table in commands-reference.md reuses the short
flag `-f` for both `--force` (applies to `source pull`, `source delete`) and
`--format` (applies to `source list`), which can confuse users; update the table
by adding a brief clarifying note below the table (referencing the
`--force`/`-f` and `--format`/`-f` entries) that explicitly states "`-f` has
different meanings depending on the subcommand: `--force` for source pull/delete
and `--format` for source list" so readers understand the reuse of `-f` across
subcommands.
In `@agent-skills/atmos-terraform/references/commands-reference.md`:
- Line 28: The --skip-init flag is misleading under the init section because it
does not apply to init itself; either move the --skip-init entry out of the init
command block into the global flags section or add a one-line clarifying note
under the init section (e.g., "Note: --skip-init is documented here for
reference but only affects other commands that auto-run init") so readers
understand it applies to other commands, not init; update the text referencing
--skip-init and the init command name to ensure the placement and note are
consistent.
- Around line 24-25: The phrase "can add `-reconfigure`" in the sentence "Atmos
enhancements: cleans `.terraform/environment`, can add `-reconfigure`, supports
`--init-pass-vars` for OpenTofu." is ambiguous; update the sentence to reflect
the actual behavior: if Atmos automatically appends the flag, change it to
"automatically adds `-reconfigure` when [condition]" (describe the condition),
otherwise change it to "allows users to pass `-reconfigure`" (or "users may pass
`-reconfigure`"). Keep the rest of the line intact (references to
`.terraform/environment` and `--init-pass-vars`) and ensure the new wording
replaces the ambiguous "can add `-reconfigure`".
ℹ️ Review info
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (36)
agent-skills/AGENTS.mdagent-skills/atmos-ansible/SKILL.mdagent-skills/atmos-ansible/references/commands-reference.mdagent-skills/atmos-auth/references/commands-reference.mdagent-skills/atmos-auth/references/providers-and-identities.mdagent-skills/atmos-components/SKILL.mdagent-skills/atmos-components/references/component-types.mdagent-skills/atmos-config/SKILL.mdagent-skills/atmos-config/references/sections-reference.mdagent-skills/atmos-custom-commands/SKILL.mdagent-skills/atmos-design-patterns/SKILL.mdagent-skills/atmos-design-patterns/references/stack-organization.mdagent-skills/atmos-design-patterns/references/version-management.mdagent-skills/atmos-devcontainer/SKILL.mdagent-skills/atmos-gitops/references/github-actions.mdagent-skills/atmos-helmfile/references/commands-reference.mdagent-skills/atmos-introspection/SKILL.mdagent-skills/atmos-packer/references/commands-reference.mdagent-skills/atmos-schemas/SKILL.mdagent-skills/atmos-stacks/SKILL.mdagent-skills/atmos-stacks/references/inheritance-deep-merge.mdagent-skills/atmos-stores/SKILL.mdagent-skills/atmos-stores/references/store-providers.mdagent-skills/atmos-templates/references/go-templates.mdagent-skills/atmos-terraform/references/commands-reference.mdagent-skills/atmos-toolchain/SKILL.mdagent-skills/atmos-validation/SKILL.mdagent-skills/atmos-validation/references/json-schema.mdagent-skills/atmos-validation/references/opa-policies.mdagent-skills/atmos-vendoring/SKILL.mdagent-skills/atmos-vendoring/references/vendor-manifest.mdagent-skills/atmos-workflows/SKILL.mdagent-skills/atmos-workflows/references/workflow-syntax.mddocs/prd/atmos-agent-skills.mdwebsite/blog/2026-02-27-ai-agent-skills.mdxwebsite/docs/integrations/ai/agent-skills.mdx
✅ Files skipped from review due to trivial changes (1)
- agent-skills/atmos-config/SKILL.md
🚧 Files skipped from review as they are similar to previous changes (1)
- agent-skills/AGENTS.md
agent-skills/skills/atmos-design-patterns/references/version-management.md
Show resolved
Hide resolved
Contributor
There was a problem hiding this comment.
Actionable comments posted: 6
♻️ Duplicate comments (2)
agent-skills/atmos-stores/SKILL.md (1)
401-401:⚠️ Potential issue | 🟡 MinorFix the table formatting to prevent column count mismatch.
The escaped pipe in inline code is still causing markdown parsers to detect 4 columns instead of 3. Reword the solution to avoid the pipe character.
📝 Proposed fix
-| Key not found errors | Component not yet provisioned | Add `\| default` fallback value to the `!store` call | +| Key not found errors | Component not yet provisioned | Add a default fallback value to the `!store` call (e.g., `default "value"`) |🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-stores/SKILL.md` at line 401, The table row for "Key not found errors" contains an escaped pipe in the solution cell which is breaking the 3-column layout; edit the SKILL.md row for "Key not found errors | Component not yet provisioned" and replace the third cell text so it does not include any pipe character — e.g., reword to "Add a default fallback value to the !store call (use a default value when the key is missing)" so the table remains three columns and the meaning is preserved.agent-skills/atmos-gitops/references/github-actions.md (1)
211-217:⚠️ Potential issue | 🟠 MajorUpdate the compatibility matrix with explicit Atmos version bands—the current "or later" language omits critical action version boundaries.
The official action READMEs show that several actions have multiple major versions active across different Atmos ranges. For example,
atmos-terraform-planuses v2/v3 for Atmos1.63–1.99, v4 for1.99–1.158, and v5 for>= 1.158. Using "v2 or later" hides these boundaries and can lead to incompatible pin choices.Replace the matrix with explicit version bands:
Corrected matrix
GitHub Action Atmos < 1.63.0 Atmos >= 1.63.0 affected-stacksv2 v3–v4 (< 1.80), v5 (1.80–1.99), v6 (>= 1.99) atmos-terraform-planv1 v2–v3 (< 1.99), v4 (1.99–1.158), v5 (>= 1.158) atmos-terraform-applyv1 v2 (< 1.99), v3 (1.99–1.158), v4 (1.158–1.186), v5 (>= 1.186) atmos-terraform-drift-remediationv0 v1 or later atmos-terraform-drift-detectionv0 v1 or later 🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-gitops/references/github-actions.md` around lines 211 - 217, Replace the vague "or later" entries in the GitHub Actions compatibility matrix with explicit Atmos version bands as suggested: update rows for `affected-stacks`, `atmos-terraform-plan`, `atmos-terraform-apply` to list explicit major-version ranges (e.g., `v3–v4 (< 1.80), v5 (1.80–1.99), v6 (>= 1.99)` for `affected-stacks`; `v2–v3 (< 1.99), v4 (1.99–1.158), v5 (>= 1.158)` for `atmos-terraform-plan`; and the specified bands for `atmos-terraform-apply`), and leave `atmos-terraform-drift-remediation` and `atmos-terraform-drift-detection` as `v0 | v1 or later`; ensure the table rows use the exact action names (`affected-stacks`, `atmos-terraform-plan`, `atmos-terraform-apply`, `atmos-terraform-drift-remediation`, `atmos-terraform-drift-detection`) so readers can unambiguously pick the correct action major version for each Atmos range.
🧹 Nitpick comments (5)
agent-skills/atmos-workflows/SKILL.md (1)
143-143: Clarifymax_attemptssemantics to avoid retry-count confusion.Line 143 says “Maximum retry attempts,” but default
1implies total-attempt semantics (one run, no retry). Align wording with the syntax reference to avoid misconfiguration.Suggested doc patch
- max_attempts: 3 # Maximum retry attempts (default: 1) + max_attempts: 3 # Maximum attempts (default: 1, meaning no retry)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-workflows/SKILL.md` at line 143, The documentation for the max_attempts parameter is ambiguous about whether it denotes total attempts or retry-only attempts; update the SKILL.md entry for the max_attempts key to explicitly state the semantics (e.g., "Maximum total attempts (including the initial attempt); default: 1 means no retries" or "Maximum retry attempts (excluding the initial attempt); default: 0 means no retries") so readers won't confuse retry-count vs total-attempt semantics; ensure the explanation near the example "max_attempts: 3" clearly matches the syntax reference.agent-skills/atmos-workflows/references/workflow-syntax.md (1)
71-73: Tighten sentence clarity in field descriptions.Line 71 and Line 80 use sentence fragments (“Can be overridden…”). Converting these to full sentences improves readability and keeps tone consistent across the reference.
Suggested doc patch
-Default Atmos stack applied to all steps of type `atmos` that do not specify their own stack. -Can be overridden at the step level or on the command line with `--stack` / `-s`. +Default Atmos stack applied to all steps of type `atmos` that do not specify their own stack. +This can be overridden at the step level or on the command line with `--stack` / `-s`. -Default working directory for all steps. Can be overridden at the step level. +Default working directory for all steps. This can be overridden at the step level.Also applies to: 80-81
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-workflows/references/workflow-syntax.md` around lines 71 - 73, Replace the sentence fragments describing stack overrides with full sentences: update the line starting "Default Atmos stack applied to all steps of type `atmos`..." to read as a full sentence (e.g., "The default Atmos stack is applied to all steps of type `atmos` that do not specify their own stack.") and change the fragment "Can be overridden at the step level or on the command line with `--stack` / `-s`." to a full sentence (e.g., "It can be overridden at the step level or on the command line using `--stack` / `-s`."); make the same change for the identical fragment at lines 80-81 so both occurrences use complete sentences.agent-skills/atmos-terraform/references/commands-reference.md (2)
440-449: Avoid absolute “on all commands” wording for global flags.This heading is risky in a fast-moving CLI surface and can become inaccurate quickly. Prefer “commonly available” (or explicitly scoped) wording.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-terraform/references/commands-reference.md` around lines 440 - 449, Change the heading "## Global Flags Available on All Commands" to a safer phrasing (e.g., "## Common Global Flags" or "## Global Flags Commonly Available") and update any nearby explanatory text so it no longer asserts absolute availability; keep the same flags table (`--stack`/`-s`, `--dry-run`, `--process-templates`, `--process-functions`, `--skip`, `--identity`) but describe them as commonly available or subject to command-specific overrides rather than guaranteed on every command.
285-299: Clarify theclean --everythingconfirmation condition.Nice flag list. Add one sentence that the confirmation prompt is especially relevant when
--everythingis used without a specific component/stack and--forceis not set.
Based on learnings Ininternal/exec/terraform.go,atmos terraform clean --everythingwithout component and without--forceshould prompt for confirmation.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-terraform/references/commands-reference.md` around lines 285 - 299, Update the "clean" command docs to clarify the confirmation behavior: state that when running "atmos terraform clean --everything" without specifying a component/stack and without the `--force`/`-f` flag, the CLI will prompt for confirmation (matching the behavior implemented in internal/exec/terraform.go), so users know the prompt is especially relevant in that global `--everything` case; reference the `--force`, `--everything`, and `--dry-run` flags in the sentence for clarity.agent-skills/atmos-vendoring/SKILL.md (1)
392-392: Add closing punctuation.The paragraph ends without a period after "via
metadata.component".Minor grammar fix
-Multiple versions coexist. Stacks reference specific versions via `metadata.component` +Multiple versions coexist. Stacks reference specific versions via `metadata.component`.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@agent-skills/atmos-vendoring/SKILL.md` at line 392, The paragraph under the "### Major.Minor Versioning" heading is missing terminal punctuation; edit the sentence that ends with "via `metadata.component`" in SKILL.md and add a period so it reads "... via `metadata.component`." ensuring the closing punctuation is present.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@agent-skills/atmos-auth/references/commands-reference.md`:
- Line 336: The text uses “signin tokens” which violates the standard CLI/docs
term; update the occurrence of the string "signin tokens" to "sign-in tokens"
(preserving surrounding sentence structure) in the document where the line reads
"AWS console signin tokens are valid for 15 minutes (to click the link). Console
session duration is separate." to ensure consistent terminology across the docs.
In `@agent-skills/atmos-devcontainer/SKILL.md`:
- Line 20: Add explicit experimental prerequisites immediately before the
commands section for the devcontainer feature: expand the existing experimental
Note about the devcontainer feature to list the minimum Atmos version required,
the exact feature flag or environment variable name to enable it, and its
default (off/on) state so users won't encounter unknown-command errors; update
the SKILL.md “devcontainer” note and the command block preface (the commands
section) to include these three items and a short example of how to export the
flag/env var if needed.
In `@agent-skills/atmos-helmfile/references/commands-reference.md`:
- Around line 5-12: Rename the top-level "## Command Syntax" header to "##
Single-component command syntax" and update the example and nearby text to
clarify that the shown pattern (atmos helmfile <subcommand> <component> -s
<stack> [flags] [-- native-helmfile-flags]) applies only to single-component
operations; add a short note calling out that listing/discovery subcommands such
as the "source list" subcommand allow no component and may accept an optional
--stack, and therefore follow a different argument shape. Ensure the updated
paragraph references the example syntax and explicitly names "source list" so
readers know the exception.
In `@agent-skills/atmos-packer/references/commands-reference.md`:
- Around line 532-547: Change the blanket statement "All packer commands support
using filesystem paths..." to restrict path-resolution to only component-scoped
commands: replace the opening sentence with something like "Packer commands that
accept a component argument support using filesystem paths" and add a short
clarifying note that commands which do not take a component (for example atmos
packer version) are not in scope for filesystem path resolution; update the
section heading/intro and requirements accordingly so references to "--stack"
and "Must be inside a component directory" apply only to component-accepting
packer commands.
In `@agent-skills/atmos-stores/SKILL.md`:
- Line 228: The YAML uses an escaped pipe sequence `\|` in the feature_flag
expression which is invalid; edit the line containing the `feature_flag:
!store.get prod/ssm /features/new-feature \| default "disabled"` entry (look for
the `feature_flag` key and the `!store.get prod/ssm /features/new-feature \|
default "disabled"` string) and remove the backslash so the pipe is unescaped
(i.e., use `|` for the default operator) to produce a valid YAML expression.
In `@agent-skills/atmos-terraform/references/commands-reference.md`:
- Around line 11-13: The rule about requiring a <component> argument and --stack
/ -s for all single-component operations conflicts with commands like source
pull, source describe, and source delete which are single-component but
documented without a stack; update the wording in commands-reference.md
(mentions of "component" and "--stack / -s") to soften the requirement—change
the absolute language to say "<component> is required for single-component
operations; some commands (e.g., source pull, source describe, source delete)
accept a component alone while others require --stack / -s to target a specific
stack" and mirror this clarification for the other affected section (lines
~408-430) so the guidance consistently notes exceptions rather than asserting a
blanket requirement.
---
Duplicate comments:
In `@agent-skills/atmos-gitops/references/github-actions.md`:
- Around line 211-217: Replace the vague "or later" entries in the GitHub
Actions compatibility matrix with explicit Atmos version bands as suggested:
update rows for `affected-stacks`, `atmos-terraform-plan`,
`atmos-terraform-apply` to list explicit major-version ranges (e.g., `v3–v4 (<
1.80), v5 (1.80–1.99), v6 (>= 1.99)` for `affected-stacks`; `v2–v3 (< 1.99), v4
(1.99–1.158), v5 (>= 1.158)` for `atmos-terraform-plan`; and the specified bands
for `atmos-terraform-apply`), and leave `atmos-terraform-drift-remediation` and
`atmos-terraform-drift-detection` as `v0 | v1 or later`; ensure the table rows
use the exact action names (`affected-stacks`, `atmos-terraform-plan`,
`atmos-terraform-apply`, `atmos-terraform-drift-remediation`,
`atmos-terraform-drift-detection`) so readers can unambiguously pick the correct
action major version for each Atmos range.
In `@agent-skills/atmos-stores/SKILL.md`:
- Line 401: The table row for "Key not found errors" contains an escaped pipe in
the solution cell which is breaking the 3-column layout; edit the SKILL.md row
for "Key not found errors | Component not yet provisioned" and replace the third
cell text so it does not include any pipe character — e.g., reword to "Add a
default fallback value to the !store call (use a default value when the key is
missing)" so the table remains three columns and the meaning is preserved.
---
Nitpick comments:
In `@agent-skills/atmos-terraform/references/commands-reference.md`:
- Around line 440-449: Change the heading "## Global Flags Available on All
Commands" to a safer phrasing (e.g., "## Common Global Flags" or "## Global
Flags Commonly Available") and update any nearby explanatory text so it no
longer asserts absolute availability; keep the same flags table (`--stack`/`-s`,
`--dry-run`, `--process-templates`, `--process-functions`, `--skip`,
`--identity`) but describe them as commonly available or subject to
command-specific overrides rather than guaranteed on every command.
- Around line 285-299: Update the "clean" command docs to clarify the
confirmation behavior: state that when running "atmos terraform clean
--everything" without specifying a component/stack and without the
`--force`/`-f` flag, the CLI will prompt for confirmation (matching the behavior
implemented in internal/exec/terraform.go), so users know the prompt is
especially relevant in that global `--everything` case; reference the `--force`,
`--everything`, and `--dry-run` flags in the sentence for clarity.
In `@agent-skills/atmos-vendoring/SKILL.md`:
- Line 392: The paragraph under the "### Major.Minor Versioning" heading is
missing terminal punctuation; edit the sentence that ends with "via
`metadata.component`" in SKILL.md and add a period so it reads "... via
`metadata.component`." ensuring the closing punctuation is present.
In `@agent-skills/atmos-workflows/references/workflow-syntax.md`:
- Around line 71-73: Replace the sentence fragments describing stack overrides
with full sentences: update the line starting "Default Atmos stack applied to
all steps of type `atmos`..." to read as a full sentence (e.g., "The default
Atmos stack is applied to all steps of type `atmos` that do not specify their
own stack.") and change the fragment "Can be overridden at the step level or on
the command line with `--stack` / `-s`." to a full sentence (e.g., "It can be
overridden at the step level or on the command line using `--stack` / `-s`.");
make the same change for the identical fragment at lines 80-81 so both
occurrences use complete sentences.
In `@agent-skills/atmos-workflows/SKILL.md`:
- Line 143: The documentation for the max_attempts parameter is ambiguous about
whether it denotes total attempts or retry-only attempts; update the SKILL.md
entry for the max_attempts key to explicitly state the semantics (e.g., "Maximum
total attempts (including the initial attempt); default: 1 means no retries" or
"Maximum retry attempts (excluding the initial attempt); default: 0 means no
retries") so readers won't confuse retry-count vs total-attempt semantics;
ensure the explanation near the example "max_attempts: 3" clearly matches the
syntax reference.
ℹ️ Review info
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (17)
agent-skills/atmos-auth/references/commands-reference.mdagent-skills/atmos-config/references/sections-reference.mdagent-skills/atmos-design-patterns/references/version-management.mdagent-skills/atmos-devcontainer/SKILL.mdagent-skills/atmos-gitops/references/github-actions.mdagent-skills/atmos-helmfile/references/commands-reference.mdagent-skills/atmos-introspection/SKILL.mdagent-skills/atmos-packer/references/commands-reference.mdagent-skills/atmos-schemas/SKILL.mdagent-skills/atmos-stacks/SKILL.mdagent-skills/atmos-stores/SKILL.mdagent-skills/atmos-terraform/references/commands-reference.mdagent-skills/atmos-validation/SKILL.mdagent-skills/atmos-vendoring/SKILL.mdagent-skills/atmos-vendoring/references/vendor-manifest.mdagent-skills/atmos-workflows/SKILL.mdagent-skills/atmos-workflows/references/workflow-syntax.md
🚧 Files skipped from review as they are similar to previous changes (1)
- agent-skills/atmos-config/references/sections-reference.md
- Move tool-specific configuration (Claude Code, Cursor, Windsurf, Copilot, Gemini, Codex) from agent-skills page to new setup-editor subpage - Convert setup-editor.mdx to category directory with AI Assistants subpage - Trim agent-skills page to focus on what skills are, linking out for setup - Update marketplace.json email to opensource@cloudposse.com Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Member
Author
|
Please analyze the following docs and folders:
Review the following:
|
Contributor
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chainI'll analyze all the specified documentation and folders to verify correctness, validity, and completeness of the Atmos AI agent skills implementation. 🏁 Script executed: Length of output: 76601 🏁 Script executed: Length of output: 14920 🏁 Script executed: Length of output: 9113 🏁 Script executed: Length of output: 8131 I need to verify a few details about the actual structure and check for any discrepancies. Let me run additional verification scripts. 🏁 Script executed: Length of output: 3786 🏁 Script executed: Length of output: 5778 🏁 Script executed: Length of output: 1494
✅ Structure & ImplementationPlugin Architecture
Skill Completeness
✅ Feature CoverageEvery major Atmos subsystem is covered:
✅ Documentation AccuracyPRD (
Blog Post (
Website Documentation (
Editor Setup Doc (
✅ AI Tool Integration InstructionsAll major AI coding tools are properly documented: Claude Code
OpenAI Codex
Gemini CLI
Cursor
Windsurf
GitHub Copilot
Other Tools
✅ Standards ComplianceAgent Skills Specification
AGENTS.md Standard
Linux Foundation AAIF
✅ Sample Content QualityVerified
Content demonstrates deep knowledge of Atmos internals and accurate representation of features. ✅ Validation InfrastructureCI Workflow (
✅ Installation ExperienceFor Claude Code Users
For Other Tool Users
🎯 Key Strengths
📋 RecommendationAll documentation is correct and valid. The implementation accurately represents Atmos features, provides clear installation paths for all major AI tools, and follows open standards for cross-tool interoperability. The plugin architecture is sound, the validation infrastructure is comprehensive, and the content quality is high. Approve and merge. This is production-ready work that will significantly improve the Atmos developer experience with AI coding assistants. 🧠 Learnings used |
osterman
approved these changes
Mar 3, 2026
|
These changes were released in v1.208.0. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
what
atmos@cloudposse) -- one install command, all 21 skills.claude-plugin/marketplace.json) and plugin manifest (agent-skills/.claude-plugin/plugin.json)AGENTS.mdskill-activation router for cross-tool compatibility (Codex, Gemini, Cursor, Windsurf, Copilot).claude/skills/symlinks for contributor auto-discovery when working in the Atmos repowebsite/docs/integrations/ai/agent-skills.mdx(skill reference) andwebsite/docs/projects/setup-editor/ai-assistants.mdx(tool setup)website/blog/2026-02-27-ai-agent-skills.mdxdocs/prd/atmos-agent-skills.md.github/workflows/validate-agent-skills.yml) to validate skill structure, size limits, frontmatter, and code fence tagsSkills (21 total, 1 plugin)
Each skill follows a 3-tier progressive disclosure pattern:
AGENTS.mdrouter →SKILL.mdinstructions →references/*.mddeep dives.All 21 skills live in a flat
agent-skills/skills/directory:atmos-ansible,atmos-auth,atmos-components,atmos-config,atmos-custom-commands,atmos-design-patterns,atmos-devcontainer,atmos-gitops,atmos-helmfile,atmos-introspection,atmos-packer,atmos-schemas,atmos-stacks,atmos-stores,atmos-templates,atmos-terraform,atmos-toolchain,atmos-validation,atmos-vendoring,atmos-workflows,atmos-yaml-functionsClaude Code Plugin Marketplace
Install with two commands:
Team auto-discovery via
.claude/settings.json:{ "enabledPlugins": { "atmos@cloudposse": true } }Other AI Tools
For Gemini CLI, OpenAI Codex, Cursor, Windsurf, and GitHub Copilot, use Atmos vendoring:
Open Standards
Built on two open standards:
why
AI coding assistants need domain-specific context to generate correct Atmos configurations. Without skills, they guess at YAML format, use wrong CLI flags, and miss Atmos patterns like deep merging, abstract components, and YAML functions. Skills provide structured, up-to-date knowledge directly in the repository so AI tools generate accurate guidance.
references
docs/prd/atmos-agent-skills.md