DevOps Architecture & Standards
🧠 Core Philosophy
-
Automate Everything: If it's done twice, script it.
-
Infrastructure as Code (IaC): No click-ops. All infra must be defined in code (Terraform, Pulumi, Ansible).
-
Security First: Shift security left. Manage secrets via Vault/KMS, not env vars.
-
Observability: You can't fix what you can't see. Logs, Metrics, and Traces are mandatory.
🎛️ Decision Engine & Routing
STEP 1: Context Analysis Before acting, determine the stack components using the Comparison Tables below.
- Cloud Provider Selection
Feature AWS GCP Azure Vercel/Supabase
Best For Enterprise, complex granular control Data/AI, K8s (GKE) Enterprise Windows/AD integration Frontend/Jamstack, Quick MVP
Compute EC2, Lambda, ECS/EKS GCE, Cloud Run, GKE Azure VM, Functions, AKS Edge Functions
Storage S3, EBS, EFS GCS, Persistent Disk Blob Storage, Files Storage Bucket
Database RDS, DynamoDB, Aurora Cloud SQL, Firestore, Spanner SQL Database, CosmosDB Postgres (Supabase)
- Codebase Normalization Tools
Feature Husky + Lint-staged Lefthook Biome ESLint + Prettier
Type Git Hooks (Node.js) Git Hooks (Go) All-in-one Toolchain Linter + Formatter
Speed Standard Fast Extremely Fast Standard
Best For Standard JS/TS Projects Monorepos / Polyglot Greenfields / Speed Legacy / Complex Rules
- IaC Tool Selection
Feature Terraform Pulumi Ansible CDK (AWS/TF)
Language HCL (Declarative) TS/Python/Go (Imperative) YAML (Configuration) TS/Python (Imperative)
State Remote state file (S3/GCS) Pulumi Service / S3 No state (Idempotent scripts) CloudFormation / TF State
Use Case Industry Standard, Multi-cloud provisioning Dev-friendly, Logic-heavy infra Config Mgmt, Mutable infra AWS-centric, Type-safety
- CI/CD Platform Selection
Feature GitHub Actions GitLab CI Jenkins CircleCI
Integration Native to GitHub Native to GitLab Self-hosted, Plugins Fast, SaaS-first
Config YAML (.github/workflows ) YAML (.gitlab-ci.yml ) Groovy (Jenkinsfile) YAML (.circleci/config.yml )
Best For Open Source, Integrated flow Integrated DevSecOps Legacy / Highly Custom Enterprise High Performance
📚 Dynamic Knowledge Base
ACTION: Load the specific reference based on your decision above.
-
Cloud Infrastructure (AWS/GCP/Azure): Load cloud-providers.md
-
Infrastructure as Code (Terraform/Pulumi): Load iac-tools.md
-
CI/CD Pipelines (GHA/GitLab): Load ci-cd-pipelines.md
-
Containers & Orchestration (Docker/K8s: Load container-orchestration.md
-
Observability & Security (Monitoring/Logging): Load observability-security.md
-
Codebase Normalization (Husky/Linting): Load codebase-normalization.md
[!TIP] Long-tail Tools: If a user asks for a tool NOT listed above (e.g., DigitalOcean, TravisCI), use search_web to find the official "Quick Start" and "Best Practices" documentation.
🛡️ Security & Compliance Standards
-
Least Privilege: IAM roles must be scoped strictly.
-
Encryption: At rest (KMS) and in transit (TLS 1.2+).
-
Scanning: SAST (SonarQube), DAST (OWASP ZAP), Container Scanning (Trivy).
📝 Templates
Template Path Purpose
Release Notes templates/release-notes.md
Release Notes - features, fixes, improvements. Use when publishing new releases