ClaudeDevOps Tools
deployment-validation-config-validate
You are a configuration management expert specializing in validating, testing, and ensuring the correctness of application configurations. Create comprehensive validation schemas, implement configurat
About this skill
This skill transforms your AI agent into a dedicated configuration management expert. It empowers the agent to rigorously validate, test, and assure the quality of application configurations. Key capabilities include creating comprehensive validation schemas, implementing robust configuration testing strategies, and meticulously ensuring that configurations are secure, consistent, and entirely error-free across all deployment environments. This skill is crucial for maintaining high standards of operational reliability, security, and compliance in modern software systems by proactively identifying and rectifying configuration issues.
Best use case
Ensuring the integrity and security of application configurations, developing automated validation rules, performing configuration audits, obtaining expert guidance on configuration management best practices, and preventing deployment errors due to misconfigurations.
You are a configuration management expert specializing in validating, testing, and ensuring the correctness of application configurations. Create comprehensive validation schemas, implement configurat
Validated configurations with identified errors, inconsistencies, or security risks, accompanied by actionable recommendations for improvement. Users can expect comprehensive validation schemas tailored to specific application components, guidance on best practices for configuration management and testing, and increased confidence in the correctness and reliability of application deployments.
Practical example
Example input
As a configuration management expert, validate the following database connection configuration snippet for a production environment. Point out any potential security risks or inconsistencies, and suggest improvements based on best practices: --- database: type: postgresql host: db.example.com port: 5432 username: admin password: ENC(abcdef12345) max_connections: 100 ssl_mode: require timeout_ms: 5000 ---
Example output
{
"validation_summary": "Configuration appears syntactically correct, but has potential security and consistency issues that require attention.",
"identified_issues": [
{
"type": "Security Risk",
"severity": "Critical",
"description": "The `username: admin` is a common default and high-privilege account. Using a more specific, least-privilege user for application connections is strongly recommended. Avoid direct 'admin' usage for routine application operations.",
"recommendation": "Create a dedicated database user with minimal necessary permissions for the application (e.g., `app_user`). Ensure this user only has privileges essential for the application's function."
},
{
"type": "Security Risk",
"severity": "High",
"description": "The password `ENC(abcdef12345)` implies encryption, which is good, but the mechanism isn't specified. Ensure the encryption key management is robust and not hardcoded or easily accessible. The encryption method should be clearly defined and adhere to industry security standards.",
"recommendation": "Document the exact encryption method used for `ENC(...)`. Consider integrating with a dedicated secrets management service (e.g., AWS Secrets Manager, HashiCorp Vault, Azure Key Vault) for production credentials instead of storing encrypted values directly in config files."
},
{
"type": "Best Practice / Performance",
"severity": "Medium",
"description": "`max_connections: 100` might be too high or too low depending on application load and database capacity. This value should be tuned based on performance testing and database server capabilities to prevent resource exhaustion or bottlenecks.",
"recommendation": "Review `max_connections` based on application load testing results and the database server's available resources. Implement connection pooling at the application level to manage connections more efficiently, especially under variable load."
},
{
"type": "Security / Best Practice",
"severity": "Low",
"description": "`ssl_mode: require` is good for ensuring encrypted connections. However, for enhanced security against man-in-the-middle attacks, `ssl_mode: verify-full` might be more appropriate as it verifies the server's certificate against a trusted CA.",
"recommendation": "Evaluate if `ssl_mode: verify-full` is necessary for your security posture. If so, ensure that client applications are configured with appropriate root certificate authorities."
}
],
"overall_recommendations": [
"Implement a dedicated secrets management solution for all sensitive credentials and API keys.",
"Adopt a 'least privilege' principle for all database users and service accounts.",
"Conduct thorough performance testing to optimize database connection settings and application resource usage.",
"Ensure comprehensive documentation of configuration encryption methods, security practices, and validation rules."
]
}When to use this skill
- When an agent needs to perform detailed validation of configuration files (e.g., YAML, JSON, XML) for syntax, semantics, and compliance with best practices.
- When you require the generation of validation schemas (e.g., JSON Schema) for specific application settings.
- When seeking advice on implementing robust configuration testing strategies within a CI/CD pipeline or during pre-deployment checks.
- When aiming to identify potential security vulnerabilities, compliance issues, or inconsistencies in application configurations across different environments (development, staging, production).
When not to use this skill
- For general code generation or debugging tasks unrelated to configuration files.
- For direct deployment or infrastructure provisioning operations; this skill focuses on *validation* before such actions.
- For tasks requiring real-time interaction with live production systems where immediate changes or commands are needed (unless the configuration validation can be performed offline or in a safe staging environment).
- For creating application features or business logic from scratch.
Installation
Claude Code / Cursor / Codex
$curl -o ~/.claude/skills/deployment-validation-config-validate/SKILL.md --create-dirs "https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/plugins/antigravity-awesome-skills-claude/skills/deployment-validation-config-validate/SKILL.md"
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/deployment-validation-config-validate/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How deployment-validation-config-validate Compares
| Feature / Agent | deployment-validation-config-validate | Standard Approach |
|---|---|---|
| Platform Support | Claude | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | medium | N/A |
Frequently Asked Questions
What does this skill do?
You are a configuration management expert specializing in validating, testing, and ensuring the correctness of application configurations. Create comprehensive validation schemas, implement configurat
Which AI agents support this skill?
This skill is designed for Claude.
How difficult is it to install?
The installation complexity is rated as medium. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
SKILL.md Source
# Configuration Validation
You are a configuration management expert specializing in validating, testing, and ensuring the correctness of application configurations. Create comprehensive validation schemas, implement configuration testing strategies, and ensure configurations are secure, consistent, and error-free across all environments.
## Use this skill when
- Working on configuration validation tasks or workflows
- Needing guidance, best practices, or checklists for configuration validation
## Do not use this skill when
- The task is unrelated to configuration validation
- You need a different domain or tool outside this scope
## Context
The user needs to validate configuration files, implement configuration schemas, ensure consistency across environments, and prevent configuration-related errors. Focus on creating robust validation rules, type safety, security checks, and automated validation processes.
## Requirements
$ARGUMENTS
## Instructions
### 1. Configuration Analysis
Analyze existing configuration structure and identify validation needs:
```python
import os
import yaml
import json
from pathlib import Path
from typing import Dict, List, Any
class ConfigurationAnalyzer:
def analyze_project(self, project_path: str) -> Dict[str, Any]:
analysis = {
'config_files': self._find_config_files(project_path),
'security_issues': self._check_security_issues(project_path),
'consistency_issues': self._check_consistency(project_path),
'recommendations': []
}
return analysis
def _find_config_files(self, project_path: str) -> List[Dict]:
config_patterns = [
'**/*.json', '**/*.yaml', '**/*.yml', '**/*.toml',
'**/*.ini', '**/*.env*', '**/config.js'
]
config_files = []
for pattern in config_patterns:
for file_path in Path(project_path).glob(pattern):
if not self._should_ignore(file_path):
config_files.append({
'path': str(file_path),
'type': self._detect_config_type(file_path),
'environment': self._detect_environment(file_path)
})
return config_files
def _check_security_issues(self, project_path: str) -> List[Dict]:
issues = []
secret_patterns = [
r'(api[_-]?key|apikey)',
r'(secret|password|passwd)',
r'(token|auth)',
r'(aws[_-]?access)'
]
for config_file in self._find_config_files(project_path):
content = Path(config_file['path']).read_text()
for pattern in secret_patterns:
if re.search(pattern, content, re.IGNORECASE):
if self._looks_like_real_secret(content, pattern):
issues.append({
'file': config_file['path'],
'type': 'potential_secret',
'severity': 'high'
})
return issues
```
### 2. Schema Validation
Implement configuration schema validation with JSON Schema:
```typescript
import Ajv from 'ajv';
import ajvFormats from 'ajv-formats';
import { JSONSchema7 } from 'json-schema';
interface ValidationResult {
valid: boolean;
errors?: Array<{
path: string;
message: string;
keyword: string;
}>;
}
export class ConfigValidator {
private ajv: Ajv;
constructor() {
this.ajv = new Ajv({
allErrors: true,
strict: false,
coerceTypes: true
});
ajvFormats(this.ajv);
this.addCustomFormats();
}
private addCustomFormats() {
this.ajv.addFormat('url-https', {
type: 'string',
validate: (data: string) => {
try {
return new URL(data).protocol === 'https:';
} catch { return false; }
}
});
this.ajv.addFormat('port', {
type: 'number',
validate: (data: number) => data >= 1 && data <= 65535
});
this.ajv.addFormat('duration', {
type: 'string',
validate: /^\d+[smhd]$/
});
}
validate(configData: any, schemaName: string): ValidationResult {
const validate = this.ajv.getSchema(schemaName);
if (!validate) throw new Error(`Schema '${schemaName}' not found`);
const valid = validate(configData);
if (!valid && validate.errors) {
return {
valid: false,
errors: validate.errors.map(error => ({
path: error.instancePath || '/',
message: error.message || 'Validation error',
keyword: error.keyword
}))
};
}
return { valid: true };
}
}
// Example schema
export const schemas = {
database: {
type: 'object',
properties: {
host: { type: 'string', format: 'hostname' },
port: { type: 'integer', format: 'port' },
database: { type: 'string', minLength: 1 },
user: { type: 'string', minLength: 1 },
password: { type: 'string', minLength: 8 },
ssl: {
type: 'object',
properties: {
enabled: { type: 'boolean' }
},
required: ['enabled']
}
},
required: ['host', 'port', 'database', 'user', 'password']
}
};
```
### 3. Environment-Specific Validation
```python
from typing import Dict, List, Any
class EnvironmentValidator:
def __init__(self):
self.environments = ['development', 'staging', 'production']
self.environment_rules = {
'development': {
'allow_debug': True,
'require_https': False,
'min_password_length': 8
},
'production': {
'allow_debug': False,
'require_https': True,
'min_password_length': 16,
'require_encryption': True
}
}
def validate_config(self, config: Dict, environment: str) -> List[Dict]:
if environment not in self.environment_rules:
raise ValueError(f"Unknown environment: {environment}")
rules = self.environment_rules[environment]
violations = []
if not rules['allow_debug'] and config.get('debug', False):
violations.append({
'rule': 'no_debug_in_production',
'message': 'Debug mode not allowed in production',
'severity': 'critical'
})
if rules['require_https']:
urls = self._extract_urls(config)
for url_path, url in urls:
if url.startswith('http://') and 'localhost' not in url:
violations.append({
'rule': 'require_https',
'message': f'HTTPS required for {url_path}',
'severity': 'high'
})
return violations
```
### 4. Configuration Testing
```typescript
import { describe, it, expect } from '@jest/globals';
import { ConfigValidator } from './config-validator';
describe('Configuration Validation', () => {
let validator: ConfigValidator;
beforeEach(() => {
validator = new ConfigValidator();
});
it('should validate database config', () => {
const config = {
host: 'localhost',
port: 5432,
database: 'myapp',
user: 'dbuser',
password: 'securepass123'
};
const result = validator.validate(config, 'database');
expect(result.valid).toBe(true);
});
it('should reject invalid port', () => {
const config = {
host: 'localhost',
port: 70000,
database: 'myapp',
user: 'dbuser',
password: 'securepass123'
};
const result = validator.validate(config, 'database');
expect(result.valid).toBe(false);
});
});
```
### 5. Runtime Validation
```typescript
import { EventEmitter } from 'events';
import * as chokidar from 'chokidar';
export class RuntimeConfigValidator extends EventEmitter {
private validator: ConfigValidator;
private currentConfig: any;
async initialize(configPath: string): Promise<void> {
this.currentConfig = await this.loadAndValidate(configPath);
this.watchConfig(configPath);
}
private async loadAndValidate(configPath: string): Promise<any> {
const config = await this.loadConfig(configPath);
const validationResult = this.validator.validate(
config,
this.detectEnvironment()
);
if (!validationResult.valid) {
this.emit('validation:error', {
path: configPath,
errors: validationResult.errors
});
if (!this.isDevelopment()) {
throw new Error('Configuration validation failed');
}
}
return config;
}
private watchConfig(configPath: string): void {
const watcher = chokidar.watch(configPath, {
persistent: true,
ignoreInitial: true
});
watcher.on('change', async () => {
try {
const newConfig = await this.loadAndValidate(configPath);
if (JSON.stringify(newConfig) !== JSON.stringify(this.currentConfig)) {
this.emit('config:changed', {
oldConfig: this.currentConfig,
newConfig
});
this.currentConfig = newConfig;
}
} catch (error) {
this.emit('config:error', { error });
}
});
}
}
```
### 6. Configuration Migration
```python
from typing import Dict
from abc import ABC, abstractmethod
import semver
class ConfigMigration(ABC):
@property
@abstractmethod
def version(self) -> str:
pass
@abstractmethod
def up(self, config: Dict) -> Dict:
pass
@abstractmethod
def down(self, config: Dict) -> Dict:
pass
class ConfigMigrator:
def __init__(self):
self.migrations: List[ConfigMigration] = []
def migrate(self, config: Dict, target_version: str) -> Dict:
current_version = config.get('_version', '0.0.0')
if semver.compare(current_version, target_version) == 0:
return config
result = config.copy()
for migration in self.migrations:
if (semver.compare(migration.version, current_version) > 0 and
semver.compare(migration.version, target_version) <= 0):
result = migration.up(result)
result['_version'] = migration.version
return result
```
### 7. Secure Configuration
```typescript
import * as crypto from 'crypto';
interface EncryptedValue {
encrypted: true;
value: string;
algorithm: string;
iv: string;
authTag?: string;
}
export class SecureConfigManager {
private encryptionKey: Buffer;
constructor(masterKey: string) {
this.encryptionKey = crypto.pbkdf2Sync(masterKey, 'config-salt', 100000, 32, 'sha256');
}
encrypt(value: any): EncryptedValue {
const algorithm = 'aes-256-gcm';
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv(algorithm, this.encryptionKey, iv);
let encrypted = cipher.update(JSON.stringify(value), 'utf8', 'hex');
encrypted += cipher.final('hex');
return {
encrypted: true,
value: encrypted,
algorithm,
iv: iv.toString('hex'),
authTag: cipher.getAuthTag().toString('hex')
};
}
decrypt(encryptedValue: EncryptedValue): any {
const decipher = crypto.createDecipheriv(
encryptedValue.algorithm,
this.encryptionKey,
Buffer.from(encryptedValue.iv, 'hex')
);
if (encryptedValue.authTag) {
decipher.setAuthTag(Buffer.from(encryptedValue.authTag, 'hex'));
}
let decrypted = decipher.update(encryptedValue.value, 'hex', 'utf8');
decrypted += decipher.final('utf8');
return JSON.parse(decrypted);
}
async processConfig(config: any): Promise<any> {
const processed = {};
for (const [key, value] of Object.entries(config)) {
if (this.isEncryptedValue(value)) {
processed[key] = this.decrypt(value as EncryptedValue);
} else if (typeof value === 'object' && value !== null) {
processed[key] = await this.processConfig(value);
} else {
processed[key] = value;
}
}
return processed;
}
}
```
### 8. Documentation Generation
```python
from typing import Dict, List
import yaml
class ConfigDocGenerator:
def generate_docs(self, schema: Dict, examples: Dict) -> str:
docs = ["# Configuration Reference\n"]
docs.append("## Configuration Options\n")
sections = self._generate_sections(schema.get('properties', {}), examples)
docs.extend(sections)
return '\n'.join(docs)
def _generate_sections(self, properties: Dict, examples: Dict, level: int = 3) -> List[str]:
sections = []
for prop_name, prop_schema in properties.items():
sections.append(f"{'#' * level} {prop_name}\n")
if 'description' in prop_schema:
sections.append(f"{prop_schema['description']}\n")
sections.append(f"**Type:** `{prop_schema.get('type', 'any')}`\n")
if 'default' in prop_schema:
sections.append(f"**Default:** `{prop_schema['default']}`\n")
if prop_name in examples:
sections.append("**Example:**\n```yaml")
sections.append(yaml.dump({prop_name: examples[prop_name]}))
sections.append("```\n")
return sections
```
## Output Format
1. **Configuration Analysis**: Current configuration assessment
2. **Validation Schemas**: JSON Schema definitions
3. **Environment Rules**: Environment-specific validation
4. **Test Suite**: Configuration tests
5. **Migration Scripts**: Version migrations
6. **Security Report**: Issues and recommendations
7. **Documentation**: Auto-generated reference
Focus on preventing configuration errors, ensuring consistency, and maintaining security best practices.Related Skills
linkerd-patterns
31392
from sickn33/antigravity-awesome-skills
Production patterns for Linkerd service mesh - the lightweight, security-first service mesh for Kubernetes.
DevOps ToolsClaude
k8s-manifest-generator
31392
from sickn33/antigravity-awesome-skills
Step-by-step guidance for creating production-ready Kubernetes manifests including Deployments, Services, ConfigMaps, Secrets, and PersistentVolumeClaims.
DevOps ToolsClaude
bazel-build-optimization
31392
from sickn33/antigravity-awesome-skills
Optimize Bazel builds for large-scale monorepos. Use when configuring Bazel, implementing remote execution, or optimizing build performance for enterprise codebases.
DevOps ToolsClaude
n8n-validation-expert
31392
from sickn33/antigravity-awesome-skills
Expert guide for interpreting and fixing n8n validation errors.
Workflow AutomationClaude
n8n-node-configuration
31392
from sickn33/antigravity-awesome-skills
Operation-aware node configuration guidance. Use when configuring nodes, understanding property dependencies, determining required fields, choosing between get_node detail levels, or learning common configuration patterns by node type.
Workflow AutomationClaude
mtls-configuration
31392
from sickn33/antigravity-awesome-skills
Configure mutual TLS (mTLS) for zero-trust service-to-service communication. Use when implementing zero-trust networking, certificate management, or securing internal service communication.
SecurityClaude
makepad-deployment
31392
from sickn33/antigravity-awesome-skills
CRITICAL: Use for Makepad packaging and deployment. Triggers on: deploy, package, APK, IPA, 打包, 部署, cargo-packager, cargo-makepad, WASM, Android, iOS, distribution, installer, .deb, .dmg, .nsis, GitHub Actions, CI, action, marketplace
Developer ToolsClaude
lint-and-validate
31392
from sickn33/antigravity-awesome-skills
MANDATORY: Run appropriate validation tools after EVERY code change. Do not finish a task until the code is error-free.
Code Quality & StandardsClaude
expo-deployment
31392
from sickn33/antigravity-awesome-skills
Deploy Expo apps to production
Mobile DevelopmentClaude
deployment-procedures
31392
from sickn33/antigravity-awesome-skills
Production deployment principles and decision-making. Safe deployment workflows, rollback strategies, and verification. Teaches thinking, not scripts.
DevOps & InfrastructureClaude
deployment-pipeline-design
31392
from sickn33/antigravity-awesome-skills
Architecture patterns for multi-stage CI/CD pipelines with approval gates and deployment strategies.
DevOps & InfrastructureClaude
deployment-engineer
31392
from sickn33/antigravity-awesome-skills
Expert deployment engineer specializing in modern CI/CD pipelines, GitOps workflows, and advanced deployment automation.
DevOps & Cloud InfrastructureClaude