A Claude Code skill that turns markdown DevOps notes (runbooks) into tested, parameterized automation scripts — bash, python, or ansible — without ever touching real infrastructure.
- Solid: scripts are parameterized, fail-fast, idempotent where possible, and proven repeatable by executing them twice in a sandbox.
- Safe: dry-run by default (
--applyto mutate), secrets externalized and scanned for (in the note and the generated artifact), all execution in throwaway Docker containers with--network none, OpenStack calls intercepted by a mock CLI. The human runs the real thing themselves. - Feasible: gaps in the note become batched questions with recommendations, not silent guesses; four approval gates (selection, review, plan, results).
SKILL.md— the skill workflow (phases + gates)references/— extraction criteria, codegen patterns, testing matrixscripts/check_tools.sh— prerequisite gatescripts/scan_secrets.py— plaintext secret scanner (notes + artifacts)scripts/run_checks.sh— layered test harness (L0 secrets, L1 static, L2 dry-run, L3 sandboxed execution)scripts/openstack-mock— fakeopenstackCLI: canned/fixture reads, logged-never-executed mutationsevals/— eval prompts + sample notes