Skip to content

Commit a8d4aac

Browse files
baijumclaude
andcommitted
docs: update spec-context skill with observability, reusable workflows, and security additions
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent a22b424 commit a8d4aac

1 file changed

Lines changed: 16 additions & 0 deletions

File tree

.claude/skills/spec-context/SKILL.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,3 +45,19 @@ Key rules from the Towlion platform specification:
4545
- All on `towlion` Docker network
4646
- Compose file: `/opt/platform/docker-compose.yml`
4747
- Per-app credentials: `/opt/platform/credentials/<app>.env` (DB_USER, DB_PASSWORD, S3_ACCESS_KEY, S3_SECRET_KEY)
48+
49+
## Observability
50+
- All apps emit structured JSON logs (python-json-logger) to stdout, collected by Promtail → Loki
51+
- Grafana has 3 dashboards: platform-overview, app-dashboard, resource-metrics
52+
- 3 alert rules: error-rate-spike, container-down, disk-usage-high
53+
- Docker event audit logging via systemd service → /var/log/docker-audit.log → Promtail → Loki
54+
55+
## Reusable Workflows (towlion/.github)
56+
- 4 reusable workflows: validate, test-python, deploy, preview
57+
- All app repos call these instead of defining their own workflow logic
58+
- Deploy/preview use `caddyfile-template` input with placeholder substitution
59+
60+
## Security Additions
61+
- Rate limiting: slowapi, 60/min per IP, `/health` exempt
62+
- Read-only container filesystem: `read_only: true` + tmpfs mounts
63+
- Docker event audit logging (job=docker-audit in Loki)

0 commit comments

Comments
 (0)