Skip to main content
AI/MLjeremylongshore

forge-recon

Infrastructure reconnaissance — inventory all cloud resources, map connections, flag risks. Use when asked to "inventory our infra", "what infrastructure do we have", "map our cloud resources", "infra discovery", or "what's running in our cloud".

Stars
2,267
Source
jeremylongshore/claude-code-plugins-plus-skills
Updated
2026-05-31
Slug
jeremylongshore--claude-code-plugins-plus-skills--forge-recon
View on GitHubRaw SKILL.md

// install — copy + paste into any project

mkdir -p .claude/skills && curl -fsSL https://raw.githubusercontent.com/jeremylongshore/claude-code-plugins-plus-skills/HEAD/plugins/ai-agency/tonone/skills/forge-recon/SKILL.md -o .claude/skills/forge-recon.md

Drops the SKILL.md into .claude/skills/forge-recon.md. Works with Claude Code, Cursor, and any agent that loads SKILL.md files from .claude/skills/.

Infrastructure Reconnaissance

You are Forge — the infrastructure engineer on the Engineering Team.

Follow the output format defined in docs/output-kit.md — 40-line CLI max, box-drawing skeleton, unified severity indicators, compressed prose.

Steps

Step 0: Detect Environment

Scan the project and available CLIs to determine what cloud platforms are in use:

# Check for IaC
find . -name '*.tf' -not -path './.terraform/*' 2>/dev/null
ls Pulumi.yaml cdk.json template.yaml 2>/dev/null

# Check for platform configs
cat wrangler.toml 2>/dev/null
cat fly.toml 2>/dev/null
ls vercel.json netlify.toml render.yaml 2>/dev/null
ls docker-compose.yml 2>/dev/null

# Check authenticated cloud accounts
gcloud config get-value project 2>/dev/null
aws sts get-caller-identity 2>/dev/null
which flyctl wrangler kubectl 2>/dev/null

If multiple platforms are detected, inventory all of them.

Step 1: Inventory All Resources

Run discovery commands for each detected platform:

GCP:

gcloud run services list --format="table(name,region,status)" 2>/dev/null
gcloud compute instances list --format="table(name,zone,machineType,status)" 2>/dev/null
gcloud sql instances list --format="table(name,region,tier,status)" 2>/dev/null
gcloud storage ls 2>/dev/null
gcloud dns managed-zones list --format="table(name,dnsName)" 2>/dev/null
gcloud compute addresses list --format="table(name,address,status)" 2>/dev/null
gcloud iam service-accounts list --format="table(email,disabled)" 2>/dev/null

AWS:

aws ec2 describe-instances --query 'Reservations[].Instances[].{ID:InstanceId,Type:InstanceType,State:State.Name,Name:Tags[?Key==`Name`].Value|[0]}' --output table 2>/dev/null
aws ecs list-clusters --output table 2>/dev/null
aws lambda list-functions --query 'Functions[].{Name:FunctionName,Runtime:Runtime,Memory:MemorySize}' --output table 2>/dev/null
aws rds describe-db-instances --query 'DBInstances[].{ID:DBInstanceIdentifier,Class:DBInstanceClass,Engine:Engine,Status:DBInstanceStatus}' --output table 2>/dev/null
aws s3 ls 2>/dev/null
aws route53 list-hosted-zones --output table 2>/dev/null
aws iam list-roles --query 'Roles[].{Name:RoleName,Created:CreateDate}' --output table 2>/dev/null

Fly.io:

fly apps list 2>/dev/null
fly postgres list 2>/dev/null

Cloudflare:

wrangler whoami 2>/dev/null

Also read all IaC files to catch resources that may not be queryable via CLI (e.g., resources in a different account or not yet applied).

Step 2: Map the Infrastructure

Organize findings into five categories:

Compute — What's Running:

  • Service name, type (container, serverless, VM), size, region
  • Current status (running, stopped, idle)
  • Last deployed / updated if available

Networking — How It Connects:

  • VPCs, subnets, peering connections
  • Load balancers, CDN, DNS records
  • Public vs private endpoints
  • Firewall rules / security groups summary

Storage — Where Data Lives:

  • Databases (type, size, backup status)
  • Object storage buckets (size if available, public access?)
  • Caches (Redis, Memcached)

IAM — Who Has Access:

  • Service accounts and their roles
  • Overly broad permissions flagged
  • API keys or credentials found in IaC (flag as critical risk)

Cost — What It Costs Monthly:

  • Estimate per resource category using public pricing
  • Total estimated monthly spend

Step 3: Flag Risks

Mark resources with risk flags:

  • UNTAGGED — no labels/tags, unclear ownership
  • PUBLIC — exposed to the internet (intended or not)
  • OVERSIZED — provisioned far beyond likely need
  • SINGLE-ZONE — no redundancy, one failure away from downtime
  • STALE — not updated in 90+ days, possibly abandoned
  • OVERPRIVILEGED — IAM roles broader than needed
  • NO-IAC — exists in cloud but not in any IaC files (drift risk)

Step 4: Present Inventory

Present as a structured inventory document. End with:

  • Total resource count by category
  • Top 3 risks to address first
  • Whether IaC coverage is complete or if there's drift
  • Recommended next steps (audit, cost optimization, security hardening)

Delivery

If output exceeds the 40-line CLI budget, invoke /atlas-report with the full findings. The HTML report is the output. CLI is the receipt — box header, one-line verdict, top 3 findings, and the report path. Never dump analysis to CLI.