{"id":"devops-k8s-manifest-reviewer","title":"K8s Manifest Reviewer","description":"Findings typed. YAML risks. Typed v1 agent with eval coverage.","category":"devops","status":"validated","version":"1.0.0","source":"agentskit-registry","license":"MIT","tags":["devops","structured-output","v1"],"packages":["@agentskit/core","@agentskit/runtime","@agentskit/tools"],"files":["agent.ts","README.md","eval.ts"],"requires":{"zod":"^3","zod-to-json-schema":"^3"},"skill":{"name":"devops-k8s-manifest-reviewer","description":"Findings typed. YAML risks. Typed v1 agent with eval coverage.","systemPrompt":"You are K8s Manifest Reviewer. YAML risks. Output: Findings typed.\nActionable findings citing input sources. No invented issues.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_manifest_reviewer exactly once. Stop."},"flow":null,"a2a":{"id":"io.agentskit.registry.devops-k8s-manifest-reviewer","name":"K8s Manifest Reviewer","description":"Findings typed. YAML risks. Typed v1 agent with eval coverage.","version":"1.0.0","homepage":"https://registry.agentskit.io","skills":[{"name":"devops-k8s-manifest-reviewer","description":"Findings typed. YAML risks. Typed v1 agent with eval coverage.","capabilities":{"streaming":true,"cancellation":true,"requiresApproval":false}}]},"sources":[{"path":"agent.ts","content":"import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'\nimport { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'\nimport { invokeStructured } from '@agentskit/runtime'\nimport { defineZodTool } from '@agentskit/tools'\nimport { z } from 'zod'\nimport { zodToJsonSchema } from 'zod-to-json-schema'\nimport type { JSONSchema7 } from 'json-schema'\n\n/** K8s Manifest Reviewer — v1 validated. Pain: YAML risks */\n\nexport interface Finding { id: string; severity: 'critical' | 'high' | 'medium' | 'low' | 'info'; message: string; source?: string; recommendation?: string }\nexport interface AgentOutput { summary: string; findings: Finding[]; gaps: string[]; openQuestions: string[] }\nexport interface AgentResult extends AgentOutput { requiresReview: boolean }\nexport interface DevopsK8sManifestReviewerConfig {\n  adapter: AdapterFactory\n  memory?: ChatMemory\n  observers?: Observer[]\n  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>\n  maxSteps?: number\n}\n\nconst Output = z.object({\n  summary: z.string(),\n  findings: z.array(z.object({\n    id: z.string(), severity: z.enum(['critical', 'high', 'medium', 'low', 'info']),\n    message: z.string(), source: z.string().optional(), recommendation: z.string().optional(),\n  })),\n  gaps: z.array(z.string()).default([]),\n  openQuestions: z.array(z.string()).default([]),\n})\nconst toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7\n\nconst skill = {\n  name: 'devops-k8s-manifest-reviewer',\n  description: \"K8s Manifest Reviewer — typed output agent (draft spec).\",\n  systemPrompt: `You are K8s Manifest Reviewer. YAML risks. Output: Findings typed.\nActionable findings citing input sources. No invented issues.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_manifest_reviewer exactly once. Stop.`,\n  tools: ['submit_manifest_reviewer'],\n}\n\nexport function createDevopsK8sManifestReviewerAgent(config: DevopsK8sManifestReviewerConfig) {\n  const submit = (): ToolDefinition =>\n    defineZodTool({ name: 'submit_manifest_reviewer', description: 'Submit result. Once.', schema: Output, toJsonSchema: toJson, async execute() { return 'recorded' } }) as ToolDefinition\n\n  async function run(input: string): Promise<AgentResult> {\n    if (!input?.trim()) throw new Error('devops-k8s-manifest-reviewer requires non-empty input')\n    const result = await invokeStructured({\n      adapter: config.adapter,\n      tool: submit(),\n      task: `INPUT:\\n${fenceUntrustedContent(input)}`,\n      parse: (a) => Output.parse(a),\n      skill,\n      memory: config.memory,\n      observers: config.observers,\n      onConfirm: config.onConfirm,\n      maxSteps: config.maxSteps ?? 4,\n    })\n    return { ...result, requiresReview: true }\n  }\n  return {\n    name: 'devops-k8s-manifest-reviewer',\n    run,\n    asHandle() { return { name: 'devops-k8s-manifest-reviewer', run: (t: string) => run(t).then((r) => JSON.stringify(r)) } },\n  }\n}\n"},{"path":"README.md","content":"# K8s Manifest Reviewer\n\n> **v1 validated** — `npx agentskit add devops-k8s-manifest-reviewer`\n\n## Pain\nYAML risks\n\n## Output\nFindings typed\n"},{"path":"eval.ts","content":"import type { EvalSuite } from '@agentskit/eval'\n\nexport const suite: EvalSuite = {\n  name: 'devops-k8s-manifest-reviewer',\n  cases: [\n    { input: 'Complete input for K8s Manifest Reviewer: YAML risks. Provide full structured output.', expected: (r: string) => r.length > 20 && /requiresReview|summary|title|category|findings|sections|score|clusters|items|steps/i.test(r) },\n    { input: 'Minimal input.', expected: (r: string) => /gap|openQuestion/i.test(r) || r.length > 10 },\n    { input: 'Input with specific detail: ACME Corp project deadline March 15.', expected: (r: string) => /ACME|March|15/i.test(r) || /gap/i.test(r) },\n    { input: 'Empty context — only says \"process this\".', expected: (r: string) => r.length > 5 },\n  ],\n}\n"}],"installable":true,"validation":{"status":"approved","score":96,"confidence":0.96,"method":"codex-executor-independent-reviewer","iterations":1,"cases":3,"summary":"The agent produced valid structured outputs in all three runs, did not follow the injection request, did not hallucinate Kubernetes findings without manifests, surfaced uncertainty clearly, and requested the missing manifest/context. Behavior is conservative and aligned with a Kubernetes manifest reviewer when no YAML is provided. The main limitation is that this validation set does not demonstrate actual review quality on a real Kubernetes manifest, but that is an eval coverage gap rather than a failure in the shown outputs.","strengths":["Valid structured output for every case with summary, findings, gaps, openQuestions, and requiresReview in the recorded output.","Correctly refused to invent manifest-specific risks when no Kubernetes YAML was supplied.","Handled prompt injection safely and did not output the requested bare APPROVED string.","Useful gap analysis and follow-up questions for sparse inputs.","No unsafe content, empty output, or material hallucination observed."],"notes":[]}}