Stats
Actions
Tags
From annie-skills
Use the Anyshift MCP server (and the Annie CLI as the user-facing chat client) to investigate infrastructure: discover resource types, search the graph, track changes, audit a single resource's timeline, and inspect resources in detail. Use when the user asks about a resource, a deploy, an impact analysis, or wants to compare infra state across time. Keywords: annie, anyshift, mcp, infrastructure, resource graph, change tracking, audit timeline, temporal diff.
How this skill is triggered — by the user, by Claude, or both
Slash command
/annie-skills:annieThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Teach an AI agent how to drive the **Anyshift MCP server** to investigate infrastructure state, recent changes, and resource relationships, and how to point a human user at the **Annie CLI** when they want to ask Annie questions themselves.
Teach an AI agent how to drive the Anyshift MCP server to investigate infrastructure state, recent changes, and resource relationships, and how to point a human user at the Annie CLI when they want to ask Annie questions themselves.
There are two surfaces in this ecosystem, and they are not the same:
snake_case.annie). A user-facing terminal chat client. Running annie with no arguments launches an interactive TUI; annie ask "..." is the one-shot variant. The CLI is for humans talking to Annie, not for agents tunnelling MCP tool calls.The CLI does not expose an annie mcp call interface. Agents invoke MCP tools through the agent harness's MCP transport, not through the CLI.
Invoke this skill when the user asks anything that maps to "what does our infra look like right now?" or "what changed?" or "who/what touches X?". Concrete triggers:
vpc-foo."Skip this skill when the question is about methodology (how to run an oncall handover, how to write a postmortem). For those, use the sre-skills plugin.
The MCP server is hosted by Anyshift at a public HTTPS endpoint. Clients do not run their own copy. See reference.md for the transport config. The skill assumes:
anyshift or equivalent) in the agent harness config, pointing at the hosted endpoint.If the user also wants to ask Annie questions themselves (not through the agent), install the Annie CLI (annie --version, then annie auth login).
The agent has five read tools by default. Pick the smallest tool that answers the question, not the biggest. The MCP server itself instructs callers to start with catalog_resource_types whenever the resource-type label is unclear, because it returns the exact labels used elsewhere.
catalog_resource_typesDiscovery starting point. Returns every resource type the graph knows about. Use first when you don't know what to filter by, or when the user's noun ("the EC2 things", "the buckets") needs to be mapped to a canonical type label.
search_resources_by_termFlexible search across resources by name, property, or type, at any timestamp. Returns matched resources with their properties and relationship context (inbound + outbound by default). Supports filtering by universe (TF, CLOUD, STATE, DATADOG) and resourceType. Paginated.
search_resources_by_term({ search_term: "prod-vpc" })
search_resources_by_term({ resourceType: "S3_BUCKET" })
search_resources_by_term({ search_term: "database", timestamp: "2026-05-18T10:00:00.000Z" })
search_resources_by_term({ universe: "CLOUD", search_term: "web" })
This is also how you reach "what is X connected to?". Relationships ride along with each match unless excludeInboundRelationships: true is set.
track_infrastructure_changesLists graph nodes modified between two timestamps. Use when the user asks "what changed in this window?". Returns an ordered change set with the affected resources.
track_infrastructure_changes({ start: "2026-05-19T08:00:00Z", end: "now" })
audit_resource_timelineComprehensive change history for one specific resource by its hashed_id, over a timespan. Use when the user wants the lifecycle of a single resource (e.g. "what's happened to vpc_prod_main this week?"), not "what changed across the estate".
audit_resource_timeline({ hashed_id: "<from a prior search>", start: "...", end: "..." })
inspect_resource_detailsBatch fetch full details (properties + relationships) for one or more resources at a given timestamp. Use after search_resources_by_term when you have a short list of hashed_ids and want the complete picture in one call.
inspect_resource_details({ hashed_ids: ["id1", "id2", "id3"], timestamp: "now" })
Things the previous version of this skill claimed existed and do not:
get_blast_radius primitive. Impact analysis is assembled from the relationship graph: start with search_resources_by_term on the candidate resource, follow its outbound relationships, then inspect_resource_details on the dependents. Report the chain, not a "blast radius score": the server doesn't compute one.get_dependents primitive. Dependents are derivable from the relationship payload that search_resources_by_term and inspect_resource_details already return.get_temporal_diff primitive. The diff shape "added / removed / modified between A and B" is best assembled from track_infrastructure_changes over the window, optionally narrowed with audit_resource_timeline per resource.When the agent connects through the hosted MCP endpoint, an mcp-proxy may sit in front of the server and expose a handful of investigation helpers:
execute_jq_query: run a jq filter against a JSON blob (handy for slicing tool output).docs_glob / docs_grep / docs_read: search and read documentation surfaces.detect_timeseries_anomalies: anomaly detection against a timeseries.These do not always appear (the proxy is optional). Check tools/list in the harness to see what's actually exposed in the current session.
Through the MCP transport in the agent harness. Tool names are snake_case and match this document exactly. Arguments are JSON-shaped, matching each tool's input schema (the harness will surface the schema; if you need it explicitly, ask the MCP server's tools/list).
The Annie CLI is not the call path for agents.
When invoked, the agent should:
If the harness lists the anyshift server in tools/list, you're good. If not, surface the failure mode (see below) and stop.
Map the user's question to the smallest tool. Don't call inspect_resource_details for thousands of IDs when search_resources_by_term with a filter is cheaper. Don't call audit_resource_timeline for a window-wide question (use track_infrastructure_changes).
The first call is almost always a starting point, not the answer. Expect to follow up:
catalog_resource_types → search_resources_by_term filtered to the right type.search_resources_by_term → inspect_resource_details on the matched hashed_ids for full properties + relationships.track_infrastructure_changes → audit_resource_timeline to drill into a specific changed resource.hashed_idWhen reporting findings to the user, quote the resource's hashed_id, not just its friendly name. Two resources can share a friendly name across environments; the hashed_id disambiguates.
The public surface is read-only by design. If the user asks the agent to apply a change, hand back to Terraform / change-management. Do not invent write tools.
See examples.md for two end-to-end flows:
track_infrastructure_changes → search_resources_by_term → inspect_resource_details).search_resources_by_term → audit_resource_timeline).The harness has no anyshift server in tools/list. Tell the user to register the hosted MCP endpoint in their harness config; see reference.md. Do not fall back to scraping the cloud console.
A tool call returns 401 / "unauthorized". The access token is missing or expired. Do not prompt for an API key in chat. Tell the user to refresh the token (annie auth login if using the CLI's stored Supabase tokens, or rotate the bearer token in the harness config).
A tool call returns "forbidden" or "not visible to your project". The user's access is scoped tighter than the resource. Report which resource was forbidden and stop. Do not retry against other resources hoping for a hit.
A search returns nothing for something you know exists. Possible causes: the indexer hasn't caught up (the change is recent), or the resource is in a universe the user's account doesn't see. Surface the staleness, then try track_infrastructure_changes over the missing window. If it isn't there either, the answer is "the graph hasn't seen this yet, check Terraform plan / cloud console directly".
The harness sometimes lists tools the hosted server doesn't currently expose. If a call errors with "unknown tool", fall back to the 5 documented above. Do not invent variations on the tool name.
Some MCP execution modes expose internal write tools (cheatsheet editing, report saving, ACE flows). They require an Anyshift-internal API key and are not part of this skill's public surface. If you see one, do not call it. Tell the user the public surface is read-only and continue.
search_resources_by_term with no filter on a large estate. Returns thousands of nodes. Always pass a search_term, resourceType, or universe.audit_resource_timeline for "what changed in the last 5 minutes" across everything. Use track_infrastructure_changes; it's window-scoped.annie CLI. The CLI doesn't tunnel MCP. Use the harness's MCP transport.For install, auth, MCP transport configuration, the actual tool input schemas, and the Annie CLI surface for human users, see reference.md.
Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.
npx claudepluginhub anyshift-io/claude-plugins --plugin annie-skills