Overview
/silver:devops is the Silver Bullet orchestrator for infrastructure, CI/CD, pipelines, Terraform, IaC, Kubernetes, containers, cloud, and ops work.
silver:devops uses composable flows architecture — it selects from the 18-flow catalog and composes a chain suited to infrastructure work. Typical paths: FLOW 0 (BOOTSTRAP) → FLOW 1 (ORIENT) → FLOW 5 (PLAN) → FLOW 7 (EXECUTE) → FLOW 9 (REVIEW) → FLOW 10 (SECURE) → FLOW 11 (VERIFY) → FLOW 12 (QUALITY GATE) → FLOW 13 (SHIP). Blast-radius analysis is inserted between ORIENT and PLAN instead of brainstorming paths. See Composable Flows for the full catalog.
Key design principles:
- No brainstorming phase — infrastructure changes are driven by operational requirements established upstream (in
silver:featureorsilver:research). Blast-radius analysis replaces the product/engineering brainstorm. - 7 IaC quality dimensions instead of the product 8 core dimensions plus conditional gates — at both pre-plan and pre-ship gates. Usability and AI/LLM safety are excluded when they do not apply; infrastructure-specific concerns such as observability and change-safety are emphasized.
- TDD explicitly skipped — infrastructure and configuration work is declarative; there is no red-green-refactor cycle that applies to IaC resources.
When to use
Entry trigger signals for /silver:devops:
- "infra" / "CI/CD" / "deploy" / "pipeline"
- "terraform" / "IaC" / "kubernetes" / "container"
- "cloud" / "ops" / "infrastructure" / "GitHub Actions"
7 IaC quality dimensions
These replace the standard product/software quality gate for all infra work. Applied at both pre-plan (Step 3) and pre-ship (Step 10) gates:
- Reliability — failure modes, retry logic, health checks
- Security — secrets handling, IAM boundaries, network exposure
- Scalability — resource limits, auto-scaling, capacity planning
- Modularity — reusable modules, clear boundaries, minimal coupling
- Testability — infrastructure can be validated without production deployment
- Observability — logging, metrics, alerting, tracing integration
- Change-safety — idempotency, drift prevention, rollback plan
Workflow steps
Pre-flight
Silver Bullet reads silver-bullet.md §10 to load user workflow preferences before any step executes.
Step 0 — Codebase and infrastructure orientation
Invoke gsd-scan to understand current infra topology before blast-radius analysis. If deeper mapping is needed, invoke /gsd:map-codebase.
Step 1 — Blast radius analysis
Invoke /silver:blast-radius. Purpose: map change scope, downstream dependencies, failure modes, and rollback plan. This step replaces the product/engineering brainstorm for devops workflows. Produces a LOW/MEDIUM/HIGH/CRITICAL rating (see table below).
Step 2 — DevOps skill router
Invoke /devops-skill-router. Purpose: route to the right IaC/cloud skill — Terraform, Pulumi, AWS CDK, k8s, or other tooling appropriate for the change.
Step 3 — Pre-plan DevOps quality gates (7 IaC dimensions)
Invoke /devops-quality-gates. All 7 IaC-adapted dimensions run as the pre-plan gate. Not the standard product/software /silver:quality-gates — the devops workflow uses /devops-quality-gates exclusively at both quality gate positions.
Step 3b — Infrastructure security (mandatory, non-skippable)
Review the security findings from /devops-quality-gates before planning. Secrets, IAM permissions, network exposure, and data handling must be addressed as design requirements before gsd:plan-phase runs.
Step 4 — Discuss phase
Invoke gsd:discuss-phase. DevOps phase context → CONTEXT.md with locked decisions for the planner.
Step 5 — Plan phase
Invoke gsd:plan-phase. Produces PLAN.md for the infrastructure change.
Step 6 — Execute phase (TDD skipped)
Invoke gsd:execute-phase (Interactive) or gsd:autonomous (Autonomous §10e).
TDD is explicitly skipped for infra plans — not applicable. Infrastructure and configuration work is declarative; there is no red-green-refactor cycle that applies to IaC resources. No tdd invocation.
Step 7 — Code review (IaC review)
Run review sequence: /requesting-code-review → gsd:code-review → [if issues: gsd:code-review-fix] → [for arch-significant infra: gsd:review --all] → /receiving-code-review.
Step 8 — IaC security and secrets verification
Invoke gsd:secure-phase. Confirms no credentials in code, correct IAM boundaries, secure defaults.
Step 9 — Deployment verification
Invoke gsd:verify-work. Deployment verification and UAT. Non-skippable gate.
Step 10 — Pre-ship DevOps quality gates (7 IaC dimensions)
Invoke /devops-quality-gates again. Final 7-dimension sweep before deploy — same gate as Step 3, applied post-implementation. Non-skippable gate.
Step 11 — Ship / deploy
Invoke gsd:ship. Push branch, deploy, create PR.
Blast radius levels
The blast radius assessment in Step 1 produces one of four ratings. The rating informs the scope of change-safety review and approval requirements:
| Level | Description | Typical examples |
|---|---|---|
| LOW | Change is isolated, no downstream impact, easy rollback | Adding a new CI job, updating a single env var, adding a monitoring alert |
| MEDIUM | Change affects 2–3 systems, rollback requires coordination | New IAM role, updating deployment pipeline, adding a new service |
| HIGH | Change affects production paths or cross-cutting infra, significant blast if rolled back | Database migration, network topology change, certificate rotation |
| CRITICAL | Core infra, affects all systems, rollback may cause outage | Cloud account-level changes, DNS/CDN changes, VPC or subnet modifications |
Non-skippable gates
- Security dimension inside
/devops-quality-gates(Step 3b) /devops-quality-gatespre-ship (Step 10)gsd:verify-work(Step 9)
Example invocation
Silver Bullet routes to devops workflow. Intel → blast-radius (likely LOW/MEDIUM) → devops-skill-router selects GitHub Actions tooling → 7 IaC quality gates → discuss → plan → execute (no TDD) → IaC code review → secrets verification → deployment verification → pre-ship quality gates → ship.