find . -maxdepth 1 -name '.project-standards.yaml' -type f
Skills referenced
:
skaffold-standards
,
container-development
,
skaffold-orbstack
Applicability
Only for projects with Kubernetes deployment (k8s/, helm/ directories)
Parameters
Parse these from
$ARGUMENTS
:
Flag
Description
--check-only
Report status without offering fixes
--fix
Apply fixes automatically
Version Checking
CRITICAL
Before configuring Skaffold, verify latest versions:
Skaffold
Check
skaffold.dev
or
GitHub releases
API version
Current recommended is
skaffold/v4beta13
dotenvx
Check
dotenvx.com
for latest patterns
Use WebSearch or WebFetch to verify current Skaffold version and API version.
Execution
Execute this Skaffold compliance check:
Step 1: Check applicability
Check for
k8s/
or
helm/
directories. If neither is found, report "SKIP: Skaffold not applicable (no Kubernetes manifests)" and stop. If found, proceed to check for
skaffold.yaml
.
Step 2: Parse configuration
Read
skaffold.yaml
and extract:
API version
Build configuration (local.push, useBuildkit)
Deploy configuration (kubeContext, statusCheck)
Port forwarding (addresses)
Profiles defined
Hooks (dotenvx integration)
Step 3: Analyze compliance
Check each setting against these standards:
Check
Standard
Severity
API version
skaffold/v4beta13
WARN if older
local.push
false
FAIL if true
portForward.address
127.0.0.1
FAIL if missing/0.0.0.0
useBuildkit
true
WARN if false
kubeContext
orbstack
INFO (recommended for local dev)
dotenvx hooks
Build or deploy hooks
INFO (recommended for secrets)
Security-critical
Port forwarding MUST bind to localhost only (
127.0.0.1
). Never allow
0.0.0.0
or missing address.
Recommended settings
:
db-only
or
services-only
profile for local dev workflow
statusCheck: true
with reasonable deadline (180s for init containers)
tolerateFailuresUntilDeadline: true
for graceful pod initialization
JSON log parsing for structured application logs
dotenvx hooks for secrets generation from .env files
Step 4: Report results
Print a compliance report with:
Skaffold file location and API version
Each configuration check result (PASS/WARN/FAIL)
Profiles found
Scripts status (generate-secrets.sh)
Overall compliance status
If
--check-only
, stop here.
Step 5: Apply fixes (if --fix or user confirms)
Missing skaffold.yaml
Create from standard template in
REFERENCE.md
Security issues
Fix port forwarding addresses to
127.0.0.1
Missing profiles
Add
db-only
profile template
Outdated API
Update apiVersion to v4beta13
Missing dotenvx hooks
Add secrets generation hook
Missing scripts
Create
scripts/generate-secrets.sh
from template in
REFERENCE.md
Missing kubeContext
Add
orbstack
for local development
Step 6: Update standards tracking
Update
.project-standards.yaml
:
components
:
skaffold
:
"2025.1"
Agentic Optimizations
Context
Command
Quick compliance check
/configure:skaffold --check-only
Auto-fix all issues
/configure:skaffold --fix
Check API version
head -5 skaffold.yaml | grep apiVersion
Check port forwarding security
grep -A2 'portForward' skaffold.yaml | grep address
List profiles
grep 'name:' skaffold.yaml | grep -v metadata
Security Note
Port forwarding without
address: 127.0.0.1
exposes services to the network. This is a
FAIL
condition that should always be fixed.
For the standard Skaffold template, dotenvx integration patterns, and generate-secrets script template, see
REFERENCE.md
.
See Also
/configure:dockerfile
- Container configuration
/configure:all
- Run all compliance checks
skaffold-standards
skill - Skaffold patterns