twingate-assistant

AWS-specific Twingate deployment specialist. Use this agent when the user is deploying Twingate connectors on AWS — EC2, ECS, EKS, or Fargate. Also use when generating Terraform for an AWS + Twingate deployment, configuring VPC networking for connectors, or troubleshooting connectivity in an AWS environment. For multi-cloud or general architecture questions, use twingate-se instead.

Azure-specific Twingate deployment specialist. Use this agent when the user is deploying Twingate connectors on Azure — ACI, VMs, AKS, or Azure Container Apps. Also use when generating Terraform for an Azure + Twingate deployment, configuring VNet networking for connectors, or troubleshooting connectivity in Azure. For multi-cloud or general architecture questions, use twingate-se instead.

GCP-specific Twingate deployment specialist. Use this agent when the user is deploying Twingate connectors on GCP — GCE, GKE, Cloud Run, or managed instance groups. Also use when generating Terraform for a GCP + Twingate deployment, configuring VPC firewall rules for connectors, or troubleshooting connectivity in GCP. For multi-cloud or general architecture questions, use twingate-se instead.

Twingate Identity Firewall deployment specialist. Use this agent when the user needs to deploy the Twingate Gateway for privileged access, configure Certificate Authorities (X.509 or SSH CA, local or HashiCorp Vault), implement session recording, enable identity-aware kubectl access, automate IDFW setup with Terraform or Ansible, or grant contractors time-bounded SSH access. Also trigger on 'IDFW', 'gateway', 'SSH certificates', 'short-lived certs', or 'privileged access management'.

Twingate network topology and resource design specialist. Use this agent when the user needs to plan their Twingate network structure — how many Remote Networks to create, where to place connectors, how to define resources (FQDN vs CIDR vs IP), how to structure groups and security policies, or how to map their existing network topology to Twingate's model. This agent designs plans; it does not generate deployment code (use aws-deployer, azure-deployer, gcp-deployer, or twingate-terraform skill for that).

Twingate GraphQL API, CLI tools, and automation. Load when the user wants to automate Twingate via the API, write scripts against the GraphQL endpoint, generate or manage API tokens, use the Twingate CLI tools, or build automation pipelines. Also trigger on 'GraphQL', 'X-API-KEY', 'Twingate API', 'api/graphql', 'service account key', 'connector token provisioning', 'rate limiting', or any Twingate admin API mention.

Use when the user asks how Twingate works, wants to design or evaluate a Twingate deployment, needs to understand components (Controller, Client, Connector, Relay), or is planning a ZTNA rollout. Activate for: zero trust, ZTNA, remote access architecture, network design with Twingate, VPN replacement, microsegmentation, split DNS, NAT traversal, P2P vs Relay, Remote Network topology, Resource definition strategy, or deployment sequencing.

Use when the user needs to deploy, configure, upgrade, or troubleshoot Twingate Connectors on any platform. Activate for: Docker connector, Linux connector, systemd connector, ECS connector, Azure Container Instances, GCE, Helm chart connector, connector tokens, connector HA, connector health, connector metrics, connector logging, connector upgrades, DEAD_NO_RELAYS, DEAD_NO_HEARTBEAT, or connector placement questions.

Twingate Internet Security — DNS filtering, exit networks, browser security, and DNS-over-HTTPS. Load when the user mentions DNS filtering, content filtering, internet security, exit networks, egress routing, browser security, NextDNS, DoH, DNS categories, or profile priority. Also trigger on 'Internet Security', 'DNS Security Profile', 'fixed egress IP', or 'SaaS allowlisting' in a Twingate context.

Use when the user asks about IdP integration, SCIM provisioning, security policies, device trust, groups, users, or access control in Twingate. Activate for: SAML, SCIM, Okta, Entra ID, Google Workspace, JumpCloud, OneLogin, Keycloak, device trust, device posture, MFA enforcement, groups, JIT access, ephemeral access, auto-lock, offboarding, deprovisioning, multi-IdP deployments, or security policy configuration.