DevOps Architecture & Standards
π§ Core Philosophy
- Automate Everything: If it's done twice, script it.
- Infrastructure as Code (IaC): No click-ops. All infra must be defined in code (Terraform, Pulumi, Ansible).
- Security First: Shift security left. Manage secrets via Vault/KMS, not env vars.
- Observability: You can't fix what you can't see. Logs, Metrics, and Traces are mandatory.
ποΈ Decision Engine & Routing
STEP 1: Context Analysis
Before acting, determine the stack components using the Comparison Tables below.
1. Cloud Provider Selection
| Feature | AWS | GCP | Azure | Vercel/Supabase |
|---|
| Best For | Enterprise, complex granular control | Data/AI, K8s (GKE) | Enterprise Windows/AD integration | Frontend/Jamstack, Quick MVP |
| Compute | EC2, Lambda, ECS/EKS | GCE, Cloud Run, GKE | Azure VM, Functions, AKS | Edge Functions |
| Storage | S3, EBS, EFS | GCS, Persistent Disk | Blob Storage, Files | Storage Bucket |
| Database | RDS, DynamoDB, Aurora | Cloud SQL, Firestore, Spanner | SQL Database, CosmosDB | Postgres (Supabase) |
2. Codebase Normalization Tools
| Feature | Husky + Lint-staged | Lefthook | Biome | ESLint + Prettier |
|---|
| Type | Git Hooks (Node.js) | Git Hooks (Go) | All-in-one Toolchain | Linter + Formatter |
| Speed | Standard | Fast | Extremely Fast | Standard |
| Best For | Standard JS/TS Projects | Monorepos / Polyglot | Greenfields / Speed | Legacy / Complex Rules |
3. IaC Tool Selection
| Feature | Terraform | Pulumi | Ansible | CDK (AWS/TF) |
|---|
| Language | HCL (Declarative) | TS/Python/Go (Imperative) | YAML (Configuration) | TS/Python (Imperative) |
| State | Remote state file (S3/GCS) | Pulumi Service / S3 | No state (Idempotent scripts) | CloudFormation / TF State |
| Use Case | Industry Standard, Multi-cloud provisioning | Dev-friendly, Logic-heavy infra | Config Mgmt, Mutable infra | AWS-centric, Type-safety |
4. CI/CD Platform Selection
| Feature | GitHub Actions | GitLab CI | Jenkins | CircleCI |
|---|
| Integration | Native to GitHub | Native to GitLab | Self-hosted, Plugins | Fast, SaaS-first |
| Config | YAML (.github/workflows) | YAML (.gitlab-ci.yml) | Groovy (Jenkinsfile) | YAML (.circleci/config.yml) |
| Best For | Open Source, Integrated flow | Integrated DevSecOps | Legacy / Highly Custom Enterprise | High Performance |
π Dynamic Knowledge Base
ACTION: Load the specific reference based on your decision above.
[!TIP]
Long-tail Tools: If a user asks for a tool NOT listed above (e.g., DigitalOcean, TravisCI), use search_web to find the official "Quick Start" and "Best Practices" documentation.
π‘οΈ Security & Compliance Standards
- Least Privilege: IAM roles must be scoped strictly.
- Encryption: At rest (KMS) and in transit (TLS 1.2+).
- Scanning: SAST (SonarQube), DAST (OWASP ZAP), Container Scanning (Trivy).
π Templates
| Template | Path | Purpose |
|---|
| Release Notes | templates/release-notes.md | Release Notes - features, fixes, improvements. Use when publishing new releases |
