# DaaS — Documentation as a Skill > Structured, agent-ready knowledge for 17 products. Each product below exposes intent-routed skills (how-to, API, troubleshooting) that AI agents can call directly. Query routing API: `POST https://www.company-skill.com/api/route` with `{"query": "..."}`. DaaS turns documentation into skills an LLM can act on. For any product, prefer the per-product page (rich, structured) and the /api/route endpoint (returns the single best skill for a query). ## Products - [AIRec](https://www.company-skill.com/p/airec): AIRec is a platform for deploying and managing AI recommendation systems on Apsara Stack. It supports end-to-end workflows including instance management, system and API deployment, network and security configuration, cer - [Alibaba Mail](https://www.company-skill.com/p/alimail): Alibaba Mail is a secure enterprise email service offering comprehensive capabilities across contact management, account and security settings, email configuration, delivery troubleshooting, composition, mailbox manageme - [Alibaba Cloud Linux](https://www.company-skill.com/p/alinux): Alibaba Cloud Linux is a Linux distribution optimized for cloud environments, offering enhanced performance, security, and integration with Alibaba Cloud services. It supports a wide range of use cases including AI/GPU w - [Bailian (Alibaba Cloud Model Studio)](https://www.company-skill.com/p/bailian): Bailian (Alibaba Cloud Model Studio) is a comprehensive AI platform providing APIs, console guides, and troubleshooting for large language models, multimodal generation, speech processing, and developer tools. - [Certificate Management Service (CAS)](https://www.company-skill.com/p/cas): Certificate Management Service (CAS) provides comprehensive capabilities for managing SSL/TLS certificates across public, private, and compliance use cases. It supports certificate lifecycle operations including creation - [EventBridge](https://www.company-skill.com/p/eb): EventBridge is a serverless event bus service that enables you to build event-driven architectures by routing events between sources and targets. It supports managing event buses, defining routing rules, delivering event - [Elastic Compute Service (ECS)](https://www.company-skill.com/p/ecs): Elastic Compute Service (ECS) provides scalable virtual servers for cloud workloads. This skill covers all ECS domains including Billing, Monitoring, Network, System Management, Cloud Assistant, Storage, Image Management - [Elasticsearch](https://www.company-skill.com/p/es): Elasticsearch is a distributed search and analytics engine capable of handling diverse workloads including full-text search, vector search, AI-powered retrieval, document ingestion, model deployment, and more. This skill - [Auto Scaling (ESS)](https://www.company-skill.com/p/ess): Auto Scaling (ESS) enables automatic adjustment of computing capacity based on demand. It supports managing scaling groups, ECS/ECI instances, scaling rules, lifecycle hooks, scheduled/event-triggered tasks, and integrat - [IDaaS (Identity as a Service)](https://www.company-skill.com/p/idaas): IDaaS (Identity as a Service) is a comprehensive identity and access management platform that enables organizations to manage users, applications, authentication flows, access control policies, federation, and more. It s - [OceanBase](https://www.company-skill.com/p/oceanbase): OceanBase is a distributed relational database that supports high availability, strong consistency, and horizontal scalability. It provides comprehensive capabilities across data loading, transaction management, SQL exec - [OpenSearch](https://www.company-skill.com/p/opensearch): OpenSearch is a powerful search and analytics platform that supports vector search, multimodal retrieval, agentic memory, knowledge base management, and AI-powered text generation. It provides comprehensive capabilities - [Object Storage Service (OSS)](https://www.company-skill.com/p/oss): Object Storage Service (OSS) provides scalable, secure, and durable cloud storage for unstructured data. It supports a wide range of capabilities including core object storage, access control, network security, image pro - [Platform for AI (PAI)](https://www.company-skill.com/p/pai): Platform for AI (PAI) is a comprehensive machine learning and AI development platform that supports end-to-end workflows including data management, model training, deployment, monitoring, and more. It offers rich capabil - [ApsaraDB RDS](https://www.company-skill.com/p/rds): ApsaraDB RDS is a fully managed relational database service supporting multiple engines including MySQL, PostgreSQL, SQL Server, and MariaDB. It provides comprehensive capabilities across instance management, backup/rest - [Apache RocketMQ](https://www.company-skill.com/p/rocketmq): Apache RocketMQ is a distributed messaging and streaming platform with low latency, high performance, and reliability. This skill covers three core domains: - [Terraform](https://www.company-skill.com/p/terraform): Terraform is an infrastructure as code (IaC) tool that enables users to safely and predictably create, change, and improve cloud infrastructure using declarative configuration files. This skill covers multiple domains in ## Capabilities - [Skill routing API](https://www.company-skill.com/api/route): POST a natural-language query, get the best-matching skill back. - [MCP servers](https://www.company-skill.com/api/mcp/): drop-in Model Context Protocol servers, one per product. - [Sitemap](https://www.company-skill.com/sitemap.xml): every citable product & intent page. - [API docs](https://www.company-skill.com/docs): full endpoint reference. ## Full skill content ### airec # AIRec Skill ## I want to... (Common User Intents) - **Deploy AIRec service (Deploy AIRec service)** — End-to-end service deployment via console or automation → `skills/airec/intent/airec-deploy-service/SKILL.md` (2 alternative paths) - **Troubleshoot AIRec deployment failures (Troubleshoot AIRec deployment failures)** — Diagnose and resolve stuck deployments or errors → `skills/airec/intent/airec-troubleshoot-failure/SKILL.md` (2 alternative paths) - **Configure network for AIRec deployment (Configure network for AIRec deployment)** — Set up IP pools, out-of-band networks, and switches → `skills/airec/intent/airec-configure-airec/SKILL.md` (2 alternative paths) - **Manage HTTPS certificates for AIRec (Manage HTTPS certificates for AIRec)** — Create, deploy, and bind certificates using custom CA → `skills/airec/intent/airec-manage-certificates/SKILL.md` (2 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |-------------------|------|-----------|-------------| | Instance Management | api | airec-instance | Register nonstandard models, invoke lifecycle operations programmatically | | Instance Management | guide | airec-instance | Deploy cloud products, configure installation info, check machine status via console | | Instance Management | troubleshooting | airec-instance | Diagnose deployment/installation failures, enforce security policies | | API Deployment | troubleshooting | airec-api | Analyze and resolve API deployment error logs | | System Management | troubleshooting | airec-system | Troubleshoot IPMI and hardware interface command errors | | Network Configuration | guide | airec-network | Configure IP pools, out-of-band networks, and verify switch auto-configuration | | System Deployment | troubleshooting | airec-deployment | Resolve general AIRec system deployment failures | | Network Security | guide | airec-security | Create and deploy HTTPS certificates for secure communication | | Certificate Management | guide | airec-cert | Issue/verify certificates using customer CA; export service mappings | | Deployment | guide | airec-deploy | Deploy AIRec service via Apsara Stack ASI console | | Post-Deployment Configuration | guide | airec-postdeploy | Configure AIRec behavior after initial deployment | | Logging and Monitoring | guide | airec-logging | Change Kibana display language and manage monitoring views | | Deployment Planning | guide | airec-planning | Perform business and infrastructure planning before deployment | | Network Device Management | guide | airec-netdevice | Create and manage network device inventories | | Cluster Management | guide | airec-cluster | Generate cluster planning files for resource allocation | | Platform Configuration | guide | airec-platform | Configure Apsara Stack Agility PaaS platform settings | ## Intent Routing Guide Route user queries based on **domain** and **skill type**: - **High-level user goals** (e.g., "How do I deploy AIRec?", "Why did my deployment fail?") → **Intent skills** (recommended starting point) - **API/SDK/code/programming/endpoint/REST/request/call/interface/method/function/integration/programmatic/client/library/invoke/execute/operation/service call/web API/HTTP request/JSON payload/response handling/authentication/authorization** → **api** skills - **console/dashboard/UI/page/wizard/form/click/control panel/management interface/web interface/navigation/menu/button/tab/section/workflow/step-by-step/setup/configuration page/monitoring view/status page/task list/deployment console/machine view/resource panel/network view/switch panel/certificate management/SSL/TLS/HTTPS setup/security policy/CA system/certificate authority/PKI/digital certificate/signature verification/trust chain/certificate mapping/service binding/service rollout/product activation/initial setup/onboarding/post-install/tuning/optimization/customization/policy setup/feature enablement/integration setup/Kibana/language settings/UI localization/monitoring tool/log viewer/analytics interface/capacity planning/business requirements/resource estimation/topology design/infrastructure blueprint/planning file/survey input/device inventory/network asset/switch list/router catalog/hardware registry/device onboarding/asset tracking/cluster planning/node assignment/resource grouping/topology file/scaling configuration/high availability setup/zone mapping/PaaS configuration/platform tuning/service mesh/runtime settings/integration points/API gateway setup** → **guide** skills - **troubleshoot/error/FAQ/diagnose/failure/issue/fix/problem/debug/resolve/symptom/root cause/log analysis/alert/exception/crash/timeout/rollback/recovery/health check/validation error/deployment stuck/service down/state mismatch/configuration error/IPMI/hardware interface/boot device/PXE/out-of-band** → **troubleshooting** skills Specific domain keywords: - **Instance Management**: machine, instance, clone, rolling task, OPS, desired state, installation tags, nonstandard model - **API Deployment**: AIRec API, endpoint deployment, API logs - **System Management**: IPMI, chassis, lan print, bootdev, PXE, out-of-band - **Network Configuration**: IP pool, switch, in-band, out-of-band network - **Deployment**: ASI console, deploy AIRec service, delivery, IDC check - **Certificate & Security**: HTTPS, SSL, CA, PKI, certificate mapping, self-signed - **Post-Deployment**: configure AIRec, tuning, policy, feature enablement - **Logging**: Kibana, language, log viewer - **Planning**: business planning, survey file, capacity - **Cluster/Device**: cluster planning file, network device list, topology - **Platform**: Apsara Stack Agility, PaaS, service mesh, API gateway ## General Information ### API Access (for api skills) - **Base URL**: Depends on deployment environment (see domain-specific docs) - **Authentication**: Typically uses API keys or OAuth tokens (configured per service) - **SDK Installation**: Install the official AIRec SDK via package manager (details in `airec-instance` api skill) ### Console Access (for guide skills) - **Console URL**: Access via Apsara Stack ASI console (URL provided during onboarding) - **Login**: Use your Apsara Stack administrator credentials - **Navigation**: Use left-side menu to access domains like Deployment, Network, Security, Instances, etc. ## Frequently Asked Questions **Q: Should I use the API or the console for deploying AIRec?** A: Use the **console** for initial setup, guided workflows, and visual monitoring. Use the **API** for automation, integration into CI/CD pipelines, or bulk operations. **Q: Where do I start if I’m new to AIRec?** A: Begin with an **intent skill** (e.g., "Deploy AIRec service")—it routes you to the right combination of guide and troubleshooting content. **Q: How do I troubleshoot a deployment that’s stuck?** A: Check **Instance Management > troubleshooting** for rolling task failures, or **System Deployment > troubleshooting** for broader issues. Also see the intent skill "Troubleshoot AIRec deployment failures". **Q: Can I use my own certificate authority (CA) with AIRec?** A: Yes—use the **Certificate Management > guide** skill to issue and verify certificates using your CA, and map them to services. **Q: What permissions do I need in the console?** A: You need **Administrator** or **Deployment Operator** roles in Apsara Stack. Specific actions may require additional granular permissions (documented in each guide skill). ### alimail # Alibaba Mail Skill ## 我想做什么 (Common User Intents) - **排查邮件未收到的问题 (Troubleshoot why an email was not received)** — Diagnose missing or undelivered inbound emails → `skills/alimail/intent/alimail-troubleshoot-received/SKILL.md` (3 alternative paths) - **解决邮件发送失败的问题 (Resolve email sending failure issues)** — Fix outbound email rejections, authorization errors, or delivery failures → `skills/alimail/intent/alimail-resolve-failure/SKILL.md` (3 alternative paths) - **恢复邮箱账户登录访问 (Recover access to mailbox login)** — Unlock accounts, reset passwords, or resolve 2FA/login blocks → `skills/alimail/intent/alimail-recover-access/SKILL.md` (3 alternative paths) - **配置安全的邮件通信 (Set up secure email communication)** — Enable S/MIME, digital signatures, and encrypted email transmission → `skills/alimail/intent/alimail-configure-communication/SKILL.md` (3 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |----------|------|----------|------| | Contact Management | guide | alimail-contacts | Manage and convert address book formats (CSV, TXT, vCard), sync contacts, and manage distribution lists. | | Account Management | guide | alimail-account | View and update account info, set time zone, configure profile, and manage login preferences including QR code login. | | Account Management | troubleshooting | alimail-account | Resolve login failures, unlock disabled accounts, recover access, and fix authentication issues. | | Security | guide | alimail-security | Configure passwords, trusted devices, S/MIME certificates, spam filters, blacklists/whitelists, and view logon logs. | | Security | troubleshooting | alimail-security | Reset passwords/security questions, disable unusual login alerts, handle spam bounces, and prevent legitimate emails from being marked as spam. | | Email Configuration | guide | alimail-configuration | Set up email clients (Outlook, Foxmail, iPhone), configure DNS records (SPF, DKIM, DMARC, MX), manage time zones, and activate domains. | | Email Configuration | troubleshooting | alimail-service | Fix client setup issues, resolve login page access problems, and recover contact info when historical emails are unavailable. | | Email Delivery | guide | alimail-compatibility | Prevent Winmail.dat attachments and ensure cross-client email rendering compatibility. | | Email Delivery | troubleshooting | alimail-email-delivery | Diagnose and fix sending/receiving failures due to SPF, MX, blacklists, size limits, frequency throttling, or policy rejections. | | Email Composition | guide | alimail-composition | Compose and send emails, use AI writing assistance, manage attachments, CC/BCC, and rich text formatting. | | Email Management | guide | alimail-email | Manage folders, rules, signatures, forwarding, vacation replies, IMAP/POP scope, nicknames, and mailbox notifications. | | Email Management | troubleshooting | alimail-email | Recover missing emails after POP3 use, fix sent-folder sync issues, and check mailbox capacity/space problems. | | Integration | guide | alimail-integration | Migrate email data (including from Exchange) and integrate with Outlook via add-ins. | | Productivity Tools | guide | alimail-calendar | Create tasks, notes, and set up calendar reminders and event notifications. | | Interface Customization | guide | alimail-customization | Change display language, skin/theme, and customize the look and feel of the mailbox interface. | ## Intent Routing Guide Use the following guidelines to route user queries to the appropriate skill type: - **High-level user intents** (e.g., "How do I recover my account?" or "Why wasn’t my email received?") → **Intent skills** (recommended starting point; see "Common User Intents" above). - **API/SDK/code/programming/endpoint/REST** → **api skills** (Note: No pure API skills exist in this product; all programmatic access is handled via DNS/email protocols covered in guide/troubleshooting skills). - **Console/UI/dashboard/page/click/settings/wizard/form** → **guide skills** - **Error/troubleshoot/FAQ/diagnose/fix/failure/issue/bounce/reject** → **troubleshooting skills** Domain-specific keyword routing: - **Contact Management**: contacts, address book, import, export, CSV, TXT, vCard, group, distribution list, sync - **Account Management**: account info, profile, time zone, QR code login, 2FA, SSO, WebAuthn, personal/business settings - **Security**: password, trusted device, S/MIME, certificate, encryption, spam filter, blacklist, whitelist, logon logs, security questions - **Email Configuration**: IMAP, POP, SMTP, Outlook, Foxmail, iPhone, DNS, MX, SPF, DKIM, DMARC, CNAME, TXT, email client, server settings - **Email Delivery**: delivery failure, bounce, 550/552/553 errors, external domain, size limit, frequency, DLP, compliance, auditor rejection - **Email Composition**: compose, send, AI writer, attachment, CC, BCC, subject, signature, HTML/plain text - **Email Management**: folder, rule, forwarding, vacation reply, out-of-office, nickname, reply-to, read receipt, IMAP scope, POP retrieval, sent folder - **Integration**: Outlook plugin, migrate, Exchange, Foxmail, third-party, data transfer - **Productivity Tools**: calendar, reminder, task, note, to-do, meeting, event - **Interface Customization**: theme, skin, language, dark mode, font, layout, appearance ## General Information ### Console Access - **Webmail URL**: Typically `https://mail.yourdomain.com` (configured during domain setup) - **Login**: Use your full email address and password. Postmaster accounts can be used for domain-level access if CNAME resolution fails. - **Navigation**: Most settings are accessible via the gear icon (⚙️) or user profile menu in the top-right corner of the web interface. ### Email Protocols & DNS - **IMAP**: `imap.mxhichina.com` (SSL/TLS on port 993) - **POP3**: `pop3.mxhichina.com` (SSL/TLS on port 995) - **SMTP**: `smtp.mxhichina.com` (SSL/TLS on port 465 or STARTTLS on 587) - **DNS Records**: Required records include MX, SPF (TXT), DKIM (CNAME/TXT), and DMARC (TXT). Use the Alibaba Mail admin console to generate exact values. ### Authentication - Password-based login is standard. - Two-factor authentication (2FA) supports TOTP, FIDO2/WebAuthn, and security keys. - QR code login is available on the webmail login page for mobile-assisted sign-in. ## Frequently Asked Questions **Q1: When should I use the console vs. troubleshoot via DNS/email protocols?** Use the **guide skills** for UI-based tasks (e.g., setting up forwarding or changing your password). Use **troubleshooting skills** when you encounter delivery errors, login blocks, or configuration issues that require diagnostic steps (e.g., checking SPF records or mailbox capacity). **Q2: How do I recover my account if I’m locked out?** Start with the intent skill **“Recover access to mailbox login”**. This covers password resets, unlocking disabled accounts, and resolving 2FA failures. **Q3: Why are my emails being marked as spam?** This is typically due to missing or incorrect SPF/DKIM/DMARC records. Use the **Email Delivery troubleshooting skill** to validate DNS settings and request delisting if needed. **Q4: Can I access my email on mobile or desktop clients?** Yes. Use the **Email Configuration guide skill** to set up IMAP/POP on Outlook, Foxmail, or iPhone. Ensure “Save sent emails to webmail” is enabled if you want client-sent messages visible online. **Q5: How do I prevent emails from disappearing after using POP3?** By default, POP3 deletes messages from the server after download. In your email client settings, enable “Leave a copy on the server.” For existing issues, see the **Email Management troubleshooting skill**. ### alinux # Alibaba Cloud Linux Skill ## I Want To (Common User Intents) - **Deploy AI models for inference or training** — Run Qwen, DeepSeek, or PyTorch models on GPU/CPU using AC2 containers → `skills/alinux/intent/alinux-deploy-model/SKILL.md` (3 alternative paths) - **Diagnose and resolve system performance issues** — Investigate high CPU/memory, scheduling jitter, or container resource discrepancies → `skills/alinux/intent/alinux-troubleshoot-performance/SKILL.md` (3 alternative paths) - **Manage ECS instance creation, configuration, and maintenance** — Tune kernel parameters, set hostname, handle time sync, or optimize vCPU pinning → `skills/alinux/intent/alinux-manage-lifecycle/SKILL.md` (3 alternative paths) - **Configure system security policies and compliance baselines** — Apply hardening, set up MLPS 2.0 Level 3 compliance, or manage CVE notifications → `skills/alinux/intent/alinux-configure-compliance/SKILL.md` (2 alternative paths) - **Optimize network performance and connectivity** — Enable SMC, adjust TCP TIME-WAIT, or configure XPS for low-latency networking → `skills/alinux/intent/alinux-optimize-performance/SKILL.md` (3 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |-------------------|------|-----------|-------------| | Instance Management | api | alinux-instance | Programmatic control of kernel settings, memory limits, and instance features | | Instance Management | guide | alinux-instance | Create, configure, and manage ECS instances via console (e.g., hostname, migration, GPU setup) | | Instance Management | cli | alinux-instance | Execute commands for security updates, THP reclaim, hotpatching, and diagnostics | | Instance Management | troubleshooting | alinux-instance | Resolve boot failures, OOM events, package manager crashes, and time sync issues | | Networking | guide | alinux-network | Configure SMC, TCP tuning, DNS, NICs, and policy-based routing in the console | | Networking | cli | alinux-network | Use nmcli, ip, and other tools to manage interfaces and monitor SMC | | Networking | troubleshooting | alinux-network | Diagnose packet loss, SMC faults, BBR congestion, and routing problems | | AI and GPU Workloads | guide | alinux-ai | Deploy and monitor AI models (Qwen, DeepSeek) on CPU/GPU using optimized images | | AI and GPU Workloads | troubleshooting | alinux-gpu | Fix GPU driver loading, container access, and profiling issues | | Confidential Computing | guide | alinux-confidential | Run confidential containers using Inclavare Containers | | Cluster Management | guide | alinux-cluster | Manage ACK clusters, RBAC, kubeconfig, and node labeling | | Cluster Management | troubleshooting | alinux-cluster | Diagnose unhealthy nodes and cluster access problems | | System Performance | guide | alinux-system | Tune dirty pages, enable GPU profiling, and track process hotspots | | System Performance | cli | alinux-system | Clear page cache and monitor resources via command line | | System Performance | troubleshooting | alinux-system | Fix scheduling latency, memory fragmentation, and io_uring issues | | Storage and Filesystem | guide | alinux-storage | Create EROFS images, tune writeback, and monitor disk I/O latency | | Storage and Filesystem | troubleshooting | alinux-storage | Resolve ext4 "no space" errors, NFS performance, and OverlayFS permission issues | | System Monitoring and Logging | guide | alinux-monitoring | View crash logs, enable PSI, and configure alert policies | | System Monitoring and Logging | cli | alinux-monitoring | Use kdumpctl and SysAK to inspect system state | | System Monitoring and Logging | troubleshooting | alinux-monitoring | Diagnose df/du disk space reporting discrepancies | | System Diagnosis and Troubleshooting | guide | alinux-diagnosis | Run one-click diagnostics, analyze OOM events, and configure SysOM | | System Diagnosis and Troubleshooting | troubleshooting | alinux-system_diagnosis_and_troubleshooting | Fix kernel crashes, vmcore generation, and dentry leaks | | Security and Compliance | guide | alinux-security | Apply hardening, configure baseline checks, and subscribe to CVE alerts | | Security and Compliance | troubleshooting | alinux-security | Patch vulnerabilities (e.g., CVE-2021-22555) and resolve integrity errors | | Software and Kernel Management | guide | alinux-software | Install Python, curl, or Alibaba Cloud Compiler | | Software and Kernel Management | troubleshooting | alinux-software | Resolve Ansible installation and kernel hotpatch conflicts | | OS Integration | guide | alinux-integration | Submit OS adaptation certification for Alibaba Cloud compatibility | | System Support | guide | alinux-support | Access technical support services for Alibaba Cloud Linux | | Automation and Task Management | guide | alinux-automation | Define complex tasks via files and use OS Copilot for intelligent operations | ## Intent Routing Guide - **High-level user intents (e.g., "How to deploy AI models", "Diagnose slow system")** → intent skills (recommended starting point) - **API/SDK/code/programming/endpoint/REST/request** → api skills - **Console/dashboard/UI/page/settings/configuration/wizard/click/GUI/portal/web interface** → guide skills - **Command/CLI/terminal/shell/bash/script/flag/option/tool/utility** → cli skills - **Error/troubleshoot/FAQ/diagnose/failure/issue/fix/problem/solution/debug/root cause** → troubleshooting skills Domain-specific routing keywords: - **Instance Management**: instance, ECS, kernel, memory, swap, hostname, migration, CentOS, live patch, hotpatch, SysOM, OS Copilot - **Networking**: network, TCP, SMC, BBR, XPS, NIC, DNS, IPv6, NAT, VPC, firewall, ACL, latency, throughput - **AI and GPU Workloads**: AI, GPU, NVIDIA, CUDA, PyTorch, TensorFlow, Qwen, DeepSeek, LLM, inference, training, vLLM, TensorRT - **Confidential Computing**: confidential computing, Inclavare, enclave, remote attestation, SGX - **Cluster Management**: ACK, Kubernetes, cluster, RBAC, kubeconfig, namespace, pod, node label, role binding - **System Performance**: performance, CPU, memory, I/O, latency, hotspot, compaction, watermark, NUMA, cgroup, slab - **Storage and Filesystem**: storage, disk, EROFS, ext4, NFS, LVM, quota, inode, du, df, fragmentation - **System Monitoring and Logging**: monitoring, logging, kdump, crash dump, vmcore, alert, metric, health, PSI, SysAK - **Security and Compliance**: security, compliance, CVE, hardening, MLPS, baseline, audit, vulnerability, patch - **Software and Kernel Management**: software, package, DNF, YUM, Python, Ansible, compiler, dependency, repository - **OS Integration**: OS certification, adaptation, compatibility, ISV - **System Support**: support, ticket, service, assistance - **Automation and Task Management**: automation, task, workflow, OS Copilot, file-based, complex operation ## General Information ### API Access (for api skills) - **Base URL**: Not applicable — Alibaba Cloud Linux API operations are typically performed via ECS or ACK service APIs. - **Authentication**: Use Alibaba Cloud AccessKey ID and Secret with appropriate RAM permissions. - **SDK Installation**: Install the Alibaba Cloud SDK for your language (e.g., `pip install alibabacloud_ecs20140526`) and configure credentials via environment variables or config files. - **Environment Variables**: Set `ALIBABA_CLOUD_ACCESS_KEY_ID` and `ALIBABA_CLOUD_ACCESS_KEY_SECRET`. ### Console Access (for guide skills) - **Console URL**: https://ecs.console.aliyun.com/ (for instances), https://cs.console.aliyun.com/ (for ACK clusters) - **Login**: Use your Alibaba Cloud account or RAM user credentials. - **Navigation**: Most instance and OS-level configurations are found under **Instances & Images > Instances**, then select an instance and use tabs like **Security Groups**, **Disks**, or **Monitoring**. OS-specific settings may require SSH access or use of built-in tools like OS Copilot. ## Frequently Asked Questions **Q: When should I use the API vs. the console?** A: Use the **API** for automation, infrastructure-as-code (e.g., Terraform), or integrating with custom applications. Use the **console** for one-off configurations, exploratory setup, or when guided workflows (e.g., migration wizards) are available. **Q: How do I get started with troubleshooting?** A: Start with the **intent skills** if you have a clear goal (e.g., “fix slow performance”). Otherwise, use **troubleshooting** sub-skills matching your symptom (e.g., OOM, boot failure, network hang). **Q: Where do I find CLI commands for common tasks?** A: Refer to the **cli** sub-skills (e.g., `alinux-instance` for YUM/security updates, `alinux-network` for nmcli). Many guide skills also include equivalent CLI alternatives. **Q: How do I handle kernel updates without downtime?** A: Use **kernel live patching** (hotpatch) via the `livepatch-mgr` CLI tool (see `alinux-instance` cli skill) or configure it through the console (guide skill). **Q: Can I use Alibaba Cloud Linux for compliance requirements?** A: Yes — use **compliance-ready images** (e.g., MLPS 2.0 Level 3) available in the console. Configure baseline checks and audit policies via the **Security and Compliance** guide skill. ### bailian # Bailian Skill ## Common User Intents - **Fine-tune a large language or multimodal model** — Customize models with your own data → `skills/bailian/intent/bailian-fine-model/SKILL.md` (2 alternative paths) - **Deploy custom or fine-tuned AI models as endpoints** — Host models for production inference → `skills/bailian/intent/bailian-deploy-model/SKILL.md` (2 alternative paths) - **Build RAG knowledge bases and retrieval pipelines** — Create retrieval-augmented generation systems → `skills/bailian/intent/bailian-build-system/SKILL.md` (2 alternative paths) - **Transcribe, recognize, and translate speech audio** — Process audio files and real-time speech → `skills/bailian/intent/bailian-transcribe-speech/SKILL.md` (3 alternative paths) - **Integrate external tools, MCP servers, and web search into AI agents** — Connect LLMs to external data and tools → `skills/bailian/intent/bailian-integrate-mcp/SKILL.md` (2 alternative paths) - **Manage API access credentials, keys, and network security** — Secure your API access and configure VPC → `skills/bailian/intent/bailian-manage-security/SKILL.md` (2 alternative paths) - **Extract and understand information from documents and images** — Perform OCR and document data mining → `skills/bailian/intent/bailian-extract-documents/SKILL.md` (2 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |-------------------|------|-----------|-------------| | Text and Code Generation | api | bailian-text | Generate text, chat, and conduct deep research using large language models. | | Text and Code Generation | guide | bailian-llm | Console guides for LLM setup, framework integration, and prompt engineering. | | Text and Code Generation | troubleshooting | bailian-text | Diagnose and resolve text generation API errors and rate limits. | | Image, Video, and 3D Generation | api | bailian-media | Generate and edit images, videos, and 3D models via API. | | Image, Video, and 3D Generation | guide | bailian-image-gen | Console guides for image editing, prompt engineering, and API testing. | | Image, Video, and 3D Generation | troubleshooting | bailian-image | Troubleshoot image generation and editing API issues. | | Speech and Audio Processing | api | bailian-asr | Transcribe audio, perform real-time ASR, and synthesize speech. | | Speech and Audio Processing | guide | bailian-asr | Mobile SDK integration and performance optimization guides. | | Speech and Audio Processing | troubleshooting | bailian-asr | Diagnose speech recognition and synthesis errors. | | Translation and Localization | api | bailian-translation | Real-time speech translation, machine translation, and OCR. | | Multimodal Understanding and Interaction | api | bailian-multimodal | Analyze images, videos, audio, and documents using vision models. | | Search, Retrieval, and Embeddings | api | bailian-search | Web search, knowledge retrieval, and vector embeddings. | | Search, Retrieval, and Embeddings | guide | bailian-search | Configure Web Search MCP and console settings. | | Model Training and Data Management | api | bailian-model | Fine-tune, deploy, and manage models and files via API. | | Model Training and Data Management | guide | bailian-model | Console guides for model deployment, fine-tuning, and dataset management. | | Platform, Security, and Operations | api | bailian-access | Manage temporary API keys, async tasks, and RSA encryption. | | Platform, Security, and Operations | guide | bailian-access | Configure API keys, VPC, permissions, and monitoring in the console. | | Developer Tools and Support | api | bailian-integration | Connect LLMs to external tools using Model Context Protocol (MCP). | | Developer Tools and Support | guide | bailian-integration | Quick start guides and IDE integrations (Cursor, Cline, Dify). | | Developer Tools and Support | troubleshooting | bailian-ide | Troubleshoot AI coding tools, API access, and platform FAQs. | ## Intent Routing Guide **Route by Skill Type:** - "API, SDK, code, programming, endpoint, REST, WebSocket" → `api` skills - "Console, dashboard, UI, page, settings, click, wizard" → `guide` skills - "Error, troubleshoot, FAQ, fix, diagnose, exception, failure" → `troubleshooting` skills - "High-level user goals (e.g., how to deploy a model, build RAG)" → `intent` skills (recommended starting point) **Route by Domain:** - **Text and Code Generation:** LLM, Qwen, chat completions, deep research, text generation, prompt, DeepSeek, GLM. - **Image, Video, and 3D Generation:** Text-to-image, video generation, Wan, FLUX, 3D model, inpainting, FaceChain, AnimateAnyone. - **Speech and Audio Processing:** ASR, TTS, CosyVoice, Paraformer, speech recognition, voice cloning, audio transcription. - **Translation and Localization:** LiveTranslate, machine translation, speech translation, OCR, Qwen-MT. - **Multimodal Understanding:** Qwen-VL, visual reasoning, GUI automation, document analysis, Qwen-Audio. - **Search, Retrieval, and Embeddings:** RAG, web search, embeddings, rerank, knowledge retrieval, vector database. - **Model Training and Data Management:** Fine-tuning, model deployment, batch inference, dataset, LoRA, custom model. - **Platform, Security, and Operations:** API key, VPC, private link, billing, permissions, guardrails, workspace. - **Developer Tools and Support:** MCP, Cursor, Cline, Dify, IDE integration, coding plan, Cherry Studio. ## General Information ### API and SDK Configuration - **Base URL:** Use `https://dashscope.aliyuncs.com/compatible-mode/v1` for OpenAI-compatible text and multimodal endpoints. Specific endpoints are required for asynchronous tasks and WebSocket streaming. - **Authentication:** Pass your API key in the `Authorization: Bearer ` header, or set the `DASHSCOPE_API_KEY` environment variable. - **SDK Installation:** Install the native SDK via `pip install dashscope` or use the standard OpenAI SDK via `pip install openai` (configured with the Bailian base URL). ### Console and UI Operations - **Console Access:** Access the Bailian (Model Studio) console through the Alibaba Cloud portal. - **Navigation:** Use the left-hand navigation menu to switch between the Model Gallery, API Key management, Fine-tuning tasks, and Application centers. - **Workspaces:** Resources, datasets, and API keys are scoped to specific workspaces. Always verify you are operating within the correct workspace before generating keys or deploying models. ## Frequently Asked Questions 1. **How do I choose between the API and the Console?** Use the Console (guide skills) for visual configuration, dataset management, prompt testing, and obtaining API keys. Use the API (api skills) for programmatic integration, automated workflows, and building production applications. 2. **Where do I find my API key?** Navigate to the API Key management page in the console. You can create keys scoped to specific workspaces. For programmatic short-term access, refer to the temporary API key documentation in the Platform Administration skill. 3. **Which SDK should I use for text generation?** You can use the native `dashscope` SDK or the standard `openai` SDK by pointing the base URL to the Bailian OpenAI-compatible endpoint. Both are fully supported for Qwen and third-party models. 4. **How do I handle rate limits and API errors?** Check the troubleshooting skills for specific HTTP status codes (like 429). Implement exponential backoff in your code and review your workspace quota and concurrency limits in the console dashboard. 5. **Can I use third-party models like DeepSeek or GLM?** Yes, Bailian provides OpenAI-compatible API endpoints for various third-party models. Refer to the Text and Code Generation API skill for specific model IDs, pricing, and endpoint configurations. ### cas # Certificate Management Service Skill ## I Want To (Common User Intents) - **Apply for an SSL/TLS certificate** — Request new public or private certificates → `skills/cas/intent/cas-apply-certificate/SKILL.md` (2 alternative paths) - **Deploy SSL certificate to servers or cloud resources** — Install certificates on ECS, Apache, Nginx, IIS, RDS, etc. → `skills/cas/intent/cas-deploy-certificate/SKILL.md` (4 alternative paths) - **Troubleshoot SSL/TLS certificate issues** — Fix browser warnings, handshake failures, validation errors → `skills/cas/intent/cas-troubleshoot-issues/SKILL.md` (3 alternative paths) - **Manage private CA and private certificates** — Create and administer internal CAs and issue private certs → `skills/cas/intent/cas-manage-certificates/SKILL.md` (2 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |-------------------|------|-----------|-------------| | Certificate Management | api | cas-certificate | Manage SSL/TLS certificates programmatically: create, query, deploy, renew, revoke, and manage orders, CSRs, client/server/CA certs, and tags. | | Certificate Management | guide | cas-certificate | Apply, deploy, renew, and manage certificates via console workflows, including domain validation, quota purchase, and certificate sharing. | | Certificate Management | troubleshooting | cas-certificate | Resolve certificate errors, validation failures, renewal issues, trust problems, and FAQs. | | Network Security | guide | cas-network | Configure HTTPS, TLS versions, cipher suites, and deploy certificates to web servers (Apache, Nginx, IIS, Tomcat) and cloud services (RDS, EMQX). | | Network Security | troubleshooting | cas-network | Diagnose SSL handshake failures, browser compatibility issues, server restart errors, and OCSP/CRL problems. | | Website Security | troubleshooting | cas-website | Troubleshoot domain conflicts and configuration issues with website proxy HTTPS. | | Instance Management | api | cas-instance | Manage CAS service instances: create, delete, update, list, refund, and configure access keys and quotas. | | Web Server Management | guide | cas-webserver | Install and configure IIS Manager and other web server components for certificate deployment. | ## Intent Routing Guide Use the following guidelines to route user queries to the appropriate skill type: - **High-level user goals (e.g., "How do I apply for a certificate?" or "Why is my site insecure?")** → Start with **intent skills** (recommended). - **API/SDK/code/programming/endpoint/REST** → Route to **api** skills. - **Console/UI/dashboard/page/wizard/click/configuration** → Route to **guide** skills. - **Error/troubleshoot/FAQ/fix/diagnose/failure/warning** → Route to **troubleshooting** skills. Domain-specific routing keywords: - **Certificate Management**: certificate, SSL, TLS, CA, CSR, DV, OV, EV, PCA, compliance, quota, order, renew, revoke, deploy, apply, manage, tag, client cert, server cert, root CA, sub-CA - **Network Security**: HTTPS, TLS config, cipher suite, mutual TLS, one-way TLS, Apache, Nginx, IIS, Tomcat, RDS SSL, mod_ssl, http_ssl_module, Apple ATS, EMQX, Tengine - **Website Security**: website proxy HTTPS, domain conflict, binding, duplicate domain - **Instance Management**: instance, service instance, refund instance, cloud access key, resource quota - **Web Server Management**: IIS Manager, Windows server, web administration, server component, IIS installation ## General Information ### API Access (for api skills) - **Base URL**: `https://cas..aliyuncs.com` - **Authentication**: Use AccessKey ID and Secret via standard Alibaba Cloud signature method (v1.0). - **SDK Installation**: Available via official Alibaba Cloud SDKs (Python, Java, Go, etc.). Install using package managers (e.g., `pip install alibabacloud_cas2020`). - **Environment Variables**: Set `ALIBABA_CLOUD_ACCESS_KEY_ID` and `ALIBABA_CLOUD_ACCESS_KEY_SECRET`. ### Console Access (for guide skills) - **Console URL**: https://cas.console.aliyun.com - **Login**: Use your Alibaba Cloud account credentials. - **Navigation**: Certificates are organized by region. Use left-side menu for: Certificates, Private CA, Compliance CA, Orders, Quotas, and Deployment Jobs. ## Frequently Asked Questions **Q: Should I use the API or the console?** A: Use the **console** for one-off tasks, visual workflows, or initial setup. Use the **API** for automation, integration into CI/CD, or managing large volumes of certificates. **Q: How do I get started with private CA?** A: Begin with the **"Manage private CA and private certificates"** intent skill. You’ll need to purchase a Private CA instance first via the console or API. **Q: Why is my certificate not trusted in browsers?** A: This is typically a chain or deployment issue. Check the **troubleshooting** skill for "certificate not trusted" or "incomplete chain" scenarios. **Q: Can I automate certificate renewal?** A: Yes—use the **API** to monitor expiration and trigger renewal, or enable auto-renewal in the **console** for eligible certificates. **Q: Where do I find my certificate after issuance?** A: In the **console**, go to Certificates > SSL Certificates. Via **API**, use `DescribeCertificates` or `QueryCertificate`. ### eb # EventBridge Skill ## I want to... (Common User Intents) - **Create and manage event buses** — Set up custom event buses via API or console → `skills/eb/intent/eb-create-bus/SKILL.md` (2 alternative paths) - **Route events to target services** — Send events to Function Compute, HTTP endpoints, etc. → `skills/eb/intent/eb-route-targets/SKILL.md` (2 alternative paths) - **Deliver events to external destinations (API/OSS/MQTT)** — Push events to external systems securely → `skills/eb/intent/eb-deliver-destinations/SKILL.md` (2 alternative paths) - **Manage event sources and targets** — Add, list, and configure permissions for sources/targets → `skills/eb/intent/eb-manage-targets/SKILL.md` (2 alternative paths) - **Configure real-time event streaming** — Build data pipelines from Kafka, RabbitMQ, etc. → `skills/eb/intent/eb-configure-streaming/SKILL.md` (2 alternative paths) - **Integrate external services via events (e.g., DingTalk, Lark)** — Trigger actions in SaaS apps → `skills/eb/intent/eb-integrate-events/SKILL.md` (2 alternative paths) - **Monitor event streams and set up alerts** — Receive cloud service alerts and visualize metrics → `skills/eb/intent/eb-monitor-alerts/SKILL.md` (2 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |----------|------|----------|------| | Event Bus Management | api/guide | eb-event-bus | Manage event buses including creation, deletion, listing, and updating configurations. | | Event Routing | api/guide | eb-event-routing | Configure rules and targets to route events from sources to destinations. | | Event Delivery | api/guide | eb-event-delivery | Configure and manage delivery of events to external destinations like APIs, MQTT, and OSS. | | Event Management | api/guide/troubleshooting | eb-event-management | Manage event sources, targets, and perform event queries and tracing. | | Event Streaming | api/guide | eb-event-streaming | Manage real-time event streaming configurations and operations. | | Event Processing | guide | eb-catalog | Managing data catalog for metadata organization. | | Event Tracing | api/guide | eb-event-tracing / eb-schema | Trace and monitor event flows; manage event schemas. | | Event Integration | api/guide | eb-event-integration | Integrate with external data sources like MySQL and PostgreSQL for change data capture. | | Monitoring and Alerting | api/guide | eb-monitoring | Handle events from monitoring services and route alerts through EventBridge. | | Security | api/guide | eb-security | Manage authentication, authorization, and security configurations for EventBridge. | | Event Sources | api | eb-event-source-management | Test and validate event source configurations. | | Developer Tools | guide | eb-sdk | Install and use EventBridge SDKs in various programming languages. | ## Intent Routing Guide - **Event Bus Management** - *api*: API, SDK, code, programming, CreateEventBus, DeleteEventBus, ListEventBuses, event bus, bus management, endpoint, REST - *guide*: console, UI, dashboard, create bus, delete bus, manage bus, event bus configuration, web interface, wizard - **Event Routing** - *api*: API, SDK, CreateRule, CreateTargets, event rule, event target, routing, filter, pattern, endpoint, REST - *guide*: console, UI, create rule, delete rule, route event, destination, Function Compute, HTTP endpoint, DingTalk, Lark, WeCom - **Event Delivery** - *api*: API, SDK, API destination, HTTP method, MQTT, OSS, publish event, event payload, authentication, SSL - *guide*: console, UI, API destination, webhook, publish event, quick start, delivery settings - **Event Management** - *api*: API, SDK, event source, event target, query event, trace event, list sources, manage rule - *guide*: console, UI, manage events, query events, edit connector, grant access, event filtering - *troubleshooting*: error, troubleshoot, event delivery failure, rule not matching, permission denied, API error - **Event Streaming** - *api*: API, SDK, event streaming, stream, create stream, RabbitMQ, OSS, pipeline, real-time - *guide*: console, UI, create stream, pause stream, Kafka, RabbitMQ, OSS sink, data flow, wizard - **Event Processing** - *guide*: console, UI, catalog, metadata, data organization, discovery - **Event Tracing** - *api*: API, SDK, event tracing, schema discovery, distributed tracing, event ID, correlation - *guide*: console, UI, schema, register schema, validate structure, version - **Event Integration** - *api*: API, SDK, MySQL, PostgreSQL, CDC, binlog, database integration, SQL - *guide*: console, UI, DingTalk, Lark, GitHub, Jenkins, Shopify, HTTP source, partner integration - **Monitoring and Alerting** - *api*: API, SDK, alert, monitoring, ECS, RDS, Anti-DDoS, ActionTrail, metric - *guide*: console, UI, alert rules, monitoring dashboard, real-time export, thresholds - **Security** - *api*: API, SDK, RAM, authentication, authorization, HMAC, signature, policy, STS - *guide*: console, UI, RAM, grant permission, cross-account, identity management, service linked role - **Event Sources** - *api*: API, SDK, test configuration, validation, connectivity test, diagnostic - **Developer Tools** - *guide*: console, UI, SDK, install, Go, Java, Python, JavaScript, TypeScript, setup **Routing by type**: - "API/SDK/code/programming" → **api** skills - "console/UI/dashboard/page/wizard" → **guide** skills - "error/troubleshoot/FAQ/diagnose/fix" → **troubleshooting** skills (only available for Event Management) - High-level user goals (e.g., "How to deliver events to OSS?") → **intent skills** (recommended starting point) ## General Information ### API Access - **Base URL**: Use the standard Alibaba Cloud API endpoint for your region (e.g., `eventbridge..aliyuncs.com`) - **Authentication**: Requests must be signed using AccessKey ID and Secret (HMAC-SHA1). Temporary credentials via STS are supported. - **SDK Installation**: Available for Java, Python, Go, PHP, .NET, and TypeScript. Install via language-specific package managers (e.g., `pip install alibabacloud_eventbridge` for Python). ### Console Access - **Console URL**: https://eventbridge.console.aliyun.com/ - **Login**: Requires an Alibaba Cloud account with appropriate RAM permissions. - **Navigation**: Use the left-side menu to access Event Buses, Rules, Event Streams, Connectors, Monitoring, and Settings. ## Frequently Asked Questions **Q1: When should I use the API vs. the console?** Use the **API/SDK** for automation, CI/CD integration, or programmatic management. Use the **console** for initial setup, exploration, visualization, and one-off operations. **Q2: How do I get started with custom event buses?** Begin with the intent skill “Create and manage event buses” (`eb-create-bus`). You can create buses via API (`CreateEventBus`) or through the console under **Event Buses > Custom Event Bus**. **Q3: Why is my event rule not matching events?** Check the event pattern syntax and ensure the event structure matches. Use the **Test Event Pattern Match** API or console testing tools. Refer to the **troubleshooting** section in `eb-event-management` for common issues. **Q4: How do I grant permissions for cross-account event routing?** Configure a resource-based policy on the event bus allowing the target account’s principal. Detailed steps are in the **Security** guide skill (`eb-security`) under “Cross-account Authorization”. **Q5: Can I deliver events to my own HTTP endpoint securely?** Yes. Use **API Destinations** with HTTPS, authentication (OAuth, API key, or basic auth), and optional SSL certificate validation. Setup is available in both API (`CreateApiDestination`) and console (`Event Delivery > API Destinations`). ### ecs # ECS Skill ## I want to... (Common User Intents) - **Configure networking for ECS instances** — Attach ENIs, configure security groups, assign IPs → `skills/ecs/intent/ecs-configure-instance/SKILL.md` (3 alternative paths) - **Manage data protection and recovery for ECS** — Set up auto-snapshots, restore from snapshots → `skills/ecs/intent/ecs-manage-recovery/SKILL.md` (3 alternative paths) - **Troubleshoot system-level issues on ECS instances** — Fix GNOME panel, sysctl errors, kernel issues → `skills/ecs/intent/ecs-troubleshoot-issues/SKILL.md` (2 alternative paths) - **Manage custom images for ECS instances** — Create from instance, import from OSS, share images → `skills/ecs/intent/ecs-manage-images/SKILL.md` (3 alternative paths) - **Execute remote commands on ECS instances** — Run batch commands, install Cloud Assistant → `skills/ecs/intent/ecs-execute-instances/SKILL.md` (2 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |----------|------|----------|------| | Billing | troubleshooting | ecs-billing | Handle billing, financial management, and cost-related issues for ECS resources. | | Monitoring | guide | ecs-monitoring | Monitor ECS instance performance metrics and configure alert thresholds via console. | | Monitoring | api | ecs-monitoring-api | Programmatically query disk, EIP, and instance monitoring data. | | Monitoring | troubleshooting | ecs-monitoring-troubleshooting | Diagnose and resolve performance monitoring issues. | | Network | guide | ecs-network | Manage ENIs, security groups, IPv6, and VPC settings via UI. | | Network | api | ecs-network-api | Automate VPC, ENI, EIP, NAT gateway, and security group operations via API. | | Network | troubleshooting | ecs-network-troubleshooting | Resolve connectivity, IP, firewall, and packet loss issues. | | System Management | guide | ecs-system | Configure system settings like privacy prompts and account policies via console. | | System Management | troubleshooting | ecs-system_management | Fix IPv6, GNOME, and OS-specific configuration errors. | | Cloud Assistant | guide | ecs-cloud-assistant | Use Cloud Assistant for remote command execution, disk management, and instance operations via UI. | | Cloud Assistant | api | ecs-instance | Programmatically manage instances, disks, launch templates, and Cloud Assistant via API. | | Cloud Assistant | troubleshooting | ecs-cloud_assistant | Resolve SSH/RDP/VNC connectivity, disk, billing, and OS issues. | | Storage | guide | ecs-snapshot | Manage snapshots, auto-policies, and consistent groups via console. | | Storage | api | ecs-storage | Automate disk, snapshot, SCU, and disaster recovery operations via API. | | Storage | troubleshooting | ecs-storage-troubleshooting | Troubleshoot disk capacity, snapshot, and backup issues. | | Image Management | guide | ecs-image | Create, share, import, and export custom images via UI; configure FTP. | | Image Management | api | ecs-image-api | Programmatically manage image pipelines, sharing, and import/export. | | Image Management | troubleshooting | ecs-image-troubleshooting | Resolve image creation, visibility, and compatibility problems. | | Security | guide | ecs-security | Assign and manage RAM roles for secure service access via console. | | AI Applications | guide | ecs-text | Build text generation applications using prompt engineering techniques. | | Database | troubleshooting | ecs-database | Fix MySQL deployment, permission, and configuration issues. | ## Intent Routing Guide Route user queries based on both domain and interaction type: - **High-level user intents (e.g., "how to deploy", "configure networking")** → intent skills (recommended starting point) - **API/SDK/code/programming/endpoint/REST** → api skills - **Console/UI/dashboard/page/wizard/click** → guide skills - **Error/troubleshoot/FAQ/fix/diagnose/debug** → troubleshooting skills Domain-specific trigger keywords: - **Billing**: billing, invoice, refund, renewal, account balance, cost - **Monitoring**: CPU usage, memory usage, CloudMonitor, alert thresholds, metrics, dashboard - **Network**: ENI, security group, VPC, IPv6, firewall, connectivity, bandwidth - **System Management**: privacy setup, account lockout, kernel parameters, sysctl - **Cloud Assistant**: remote command, batch execution, Cloud Assistant client, automation - **Storage**: snapshot, disk, backup, SCU, encryption, capacity - **Image Management**: custom image, import image, share image, vsftpd, AMI - **Security**: RAM role, temporary credentials, STS token, permissions policy - **AI Applications**: prompt engineering, text generation, LLM application - **Database**: MySQL, root password, data directory, permission denied ## General Information ### API & SDK Access - **Base URL**: `https://ecs.aliyuncs.com` - **Authentication**: Use AccessKey ID and Secret with request signing (v3 signature). - **SDK Installation**: Install official SDKs via package managers (e.g., `pip install aliyun-python-sdk-ecs`). - **Internal Endpoint**: For calls from within Alibaba Cloud, use internal endpoints for lower latency and no public bandwidth charges. ### Console Access - **Console URL**: https://ecs.console.aliyun.com - **Login**: Use your Alibaba Cloud account or RAM user credentials. - **Navigation**: Use the left-side menu to access Instances, Disks, Images, Snapshots, Networks, etc. - **Permissions**: Ensure your RAM user has appropriate policies attached (e.g., `AliyunECSFullAccess` for full control). ## Common Questions **Q: When should I use the API vs. the console?** A: Use the console for one-off tasks, exploration, or when you prefer GUIs. Use the API/SDK for automation, integration into scripts/apps, or managing large numbers of resources. **Q: How do I get started with Cloud Assistant?** A: First install the Cloud Assistant client on your instance (Linux/Windows), then use the console or API to create and run commands remotely. **Q: Why can’t I ping my ECS instance’s public IP?** A: Check security group rules (must allow ICMP), instance firewall settings, and whether the instance is running. See Network > troubleshooting for detailed diagnostics. **Q: How do I reset a forgotten instance password?** A: Stop the instance, then use the console (Instances > More > Reset Password) or API (`ModifyInstanceAttribute`) to set a new password. **Q: What’s the difference between a system disk and data disk?** A: The system disk contains the OS and is required. Data disks are optional, used for application data, and can be detached independently. Both support snapshots and encryption. ### es # Elasticsearch Skill ## I Want To (Common User Intents) - **Optimize search result relevance (Optimize search result relevance)** — Improve ranking quality using rerankers, intervention dictionaries, or fine-sort expressions → `skills/es/intent/es-optimize-results/SKILL.md` (3 alternative paths) - **Run A/B tests for search algorithms (Run A/B tests for search algorithms)** — Evaluate different ranking strategies through controlled experiments → `skills/es/intent/es-run-search/SKILL.md` (2 alternative paths) - **Manage access control and security settings (Manage access control and security settings)** — Secure your instance with API keys, RAM policies, or STS tokens → `skills/es/intent/es-manage-access/SKILL.md` (3 alternative paths) - **Ingest and manage document data in Elasticsearch (Ingest and manage document data in Elasticsearch)** — Upload, batch-push, or stage documents into indices → `skills/es/intent/es-ingest-documents/SKILL.md` (3 alternative paths) - **Deploy a Retrieval-Augmented Generation (RAG) AI application (Deploy a Retrieval-Augmented Generation (RAG) AI application)** — Build knowledge-base Q&A systems or enterprise chatbots → `skills/es/intent/es-deploy-application/SKILL.md` (3 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |-------------------|------|-----------|-------------| | Memory Management | api | es-memory | Store, retrieve, and manage persistent memory for agentic applications. | | Memory Management | guide | es-memory | Configure agentic memory settings in the console for persistent context. | | Vector Search | guide | es-vector-search | Execute vector-based similarity searches and manage vector data through the OpenSearch console. | | Vector Search | api | es-vector | Perform vector search queries via REST API or SDK. | | Security | api | es-security | Implement secure authentication (API keys, STS, OAuth) for API calls. | | Security | guide | es-security | Generate and manage API credentials through the console. | | Model Deployment | guide | es-model-deployment | Publish custom models as API endpoints through the console. | | A/B Testing | api | es-ab-test | Create and manage A/B test experiments, groups, and scenes programmatically. | | Index Management | api | es-index | List, create, delete, modify, and control Elasticsearch index tables and versions. | | Index Management | guide | es-index | Perform range queries and manage indexes via the console interface. | | Data Query | api | es-data-query | Retrieve information about merged tables from data sources. | | Search | api | es-search | Execute and configure complex search queries with filters, sorts, aggregations, and result handling. | | Search | guide | es-search | Implement search features, integrate SDKs, and manage clusters via UI guides. | | Text Processing | api | es-text | Create custom analyzers, manage dictionaries, and parse documents programmatically. | | Text Processing | guide | es-text_analysis | Configure analyzers and intervention dictionaries (NER, synonyms, etc.) in the console. | | Embedding | api | es-text-embedding | Generate dense or sparse vector embeddings from text using supported models. | | Embedding | guide | es-model-customization | Fine-tune or adapt embedding models for domain-specific needs via the console. | | Relevance Optimization | api | es-search-relevance | Rerank results, manage query processors, and configure fine-sort parameters via API. | | Relevance Optimization | guide | es-search-relevance | Set up reranking, NL2SQL, and tailored retrieval models in the console. | | Instance and Resource Management | api | es-instance | Create, update, delete, and manage Elasticsearch instances, clusters, quotas, and resources. | | Instance and Resource Management | guide | es-instance | Launch instances, manage RAM users, adjust billing, and view specs via the console. | | Data Ingestion and Management | api | es-document | Push, stage, commit, and manage documents in Elasticsearch indices. | | Data Ingestion and Management | guide | es-document | Guide for batch document pushes and SDK integrations via UI examples. | | AI and RAG | api | es-text-generation | Generate text using LLMs, with or without live/web-augmented search. | | AI and RAG | guide | es-text-generation | Build RAG Q&A systems, knowledge bases, and enterprise chatbots via the console. | | Multimodal Processing | api | es-image | Extract text (OCR), detect objects, transcribe audio/video, and analyze visual content. | | Monitoring and Troubleshooting | troubleshooting | es-troubleshooting | Diagnose and resolve common errors, timeouts, authentication failures, and API issues. | | Monitoring and Troubleshooting | api | es-analytics | Retrieve log statistics, manage slow query analysis, and monitor performance via API. | ## Intent Routing Guide Use the following guidelines to route user queries to the appropriate skill type: - **High-level user goals (e.g., “How do I deploy a RAG app?” or “Optimize search relevance”)** → **Intent skills** (recommended starting point; see "I Want To" section above). - **API/SDK/code/programming/endpoint/REST/request** → **api** skills - **Console/dashboard/UI/page/wizard/form/click/control panel/management console/web interface** → **guide** skills - **Error/troubleshoot/FAQ/diagnose/fix/problem/debug/exception/status code** → **troubleshooting** skills Domain-specific trigger keywords: - **Memory Management**: memory storage, agentic memory, persistent memory, recall memory, memory API - **Vector Search**: vector search, embedding, similarity search, dense vector, sparse vector - **Security**: API key, AccessKey, STS, RAM policy, authentication, authorization, secure access - **Model Deployment**: deploy model, model service, custom model, inference endpoint - **A/B Testing**: A/B test, experiment, group, scene, testing strategy - **Index Management**: index, table, partition, version, rebuild, online strategy - **Data Query**: merged table, data source, query metadata - **Search**: search query, filter, sort, paginate, scroll, aggregate, highlight, suggest - **Text Processing**: custom analyzer, dictionary, NER, stop words, synonyms, term weight, text analysis - **Embedding**: text embedding, vectorize, sentence embedding, encode text, embedding service - **Relevance Optimization**: rerank, fine sort, second rank, intervention dictionary, query processor - **Instance and Resource Management**: instance, cluster, quota, RAM user, billing, tag, public URL - **Data Ingestion and Management**: push documents, bulk upload, stage data, commit, data collection - **AI and RAG**: RAG, LLM, text generation, knowledge base, chatbot, prompt, streaming response - **Multimodal Processing**: OCR, object detection, video transcription, image analysis, ASR, VLM - **Monitoring and Troubleshooting**: slow query, timeout, connection pool, error code, debug logs ## General Information ### API & SDK Basics - **Base URL**: Service endpoints are instance-specific. Retrieve your endpoint from the console under *Instance Details*. - **Authentication**: Most APIs require signed requests using AccessKey/SecretKey or STS tokens. Use official SDKs for automatic signature handling. - **SDK Installation**: Available for Python, Java, TypeScript, PHP, C#, and more. Install via package managers (e.g., `pip install opensearch-py`). - **Environment Setup**: Configure `ACCESS_KEY_ID`, `ACCESS_KEY_SECRET`, and `ENDPOINT` as environment variables or in client initialization. ### Console Access - **Console URL**: Log in to the Elasticsearch/OpenSearch management console via your cloud provider’s portal. - **Navigation**: Use the left-side menu to access *Instances*, *Applications*, *Security*, *Search*, *Models*, and *Monitoring*. - **Permissions**: Ensure your RAM user has appropriate policies (e.g., `AliyunOpenSearchFullAccess`) to perform operations. ## Frequently Asked Questions **Q: Should I use the API or the console for managing my Elasticsearch instance?** A: Use the **console** for initial setup, visual configuration, and one-off tasks. Use the **API/SDK** for automation, integration into applications, or bulk operations. **Q: How do I get started with secure API access?** A: First, create an AccessKey in the console (`es-security` guide). Then initialize your SDK client with the key and secret. For enhanced security, use STS temporary tokens (`es-security` API). **Q: My search results aren’t relevant—where should I start?** A: Begin with the intent skill **“Optimize search result relevance”**, which routes you to relevance tuning via reranking, intervention dictionaries, or fine-sort expressions. **Q: I’m getting a 403 error when calling the API—what’s wrong?** A: This usually indicates missing or incorrect permissions. Check your RAM user policies and ensure your AccessKey has the required actions. See `es-troubleshooting` for detailed error diagnostics. **Q: Can I deploy a RAG chatbot without writing code?** A: Yes—the **AI and RAG guide** (`es-text-generation`) includes step-by-step instructions to build knowledge-base Q&A systems and deploy chatbots in DingTalk/Lark via the console. ### ess # Auto Scaling Skill ## I Want To (Common User Intents) - **Create an Auto Scaling group (Create an Auto Scaling group)** — Set up a new scaling group via console or API → `skills/ess/intent/ess-create-group/SKILL.md` (2 alternative paths) - **Configure scaling triggers (scheduled or event-based) (Configure scaling triggers (scheduled or event-based))** — Define when and how scaling occurs based on time or metrics → `skills/ess/intent/ess-configure-triggers/SKILL.md` (3 alternative paths) - **Manage instances within a scaling group (Manage instances within a scaling group)** — Control instance states like standby, protection, or manual attachment → `skills/ess/intent/ess-manage-instances/SKILL.md` (3 alternative paths) - **Integrate Auto Scaling with external services (SLB, RDS, etc.) (Integrate Auto Scaling with external services (SLB, RDS, etc.))** — Connect scaling groups to load balancers, databases, and other services → `skills/ess/intent/ess-integrate-services/SKILL.md` (3 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |-------------------|------|-----------|-------------| | Instance Management | api | ess-instance | Programmatic management of scaling groups, instances, rules, configurations, lifecycle hooks, and more via APIs/SDKs | | Instance Management | guide | ess-instance | Console-based creation, modification, and monitoring of scaling resources through step-by-step workflows | | Instance Management | troubleshooting | ess-instance | Diagnose and resolve errors related to scaling activities, API failures, billing, permissions, and integrations | | Network Security | guide | ess-network | Configure firewall rules for Windows instances in scaling groups via the console | | Container Service | guide | ess-container | Deploy and manage containerized applications using Auto Scaling with Apsara DevOps | | User Management | troubleshooting | ess-user | Troubleshoot login and authentication issues for Auto Scaling users | | Event Notification | guide | ess-notification | Modify event notification settings for scaling activities in the console | | Monitoring | guide | ess-monitoring | Report and use custom metrics to drive event-triggered scaling actions | ## Intent Routing Guide Route user queries based on both **domain** and **skill type**: - **API/SDK/code/programming/endpoint/REST/script** → **api** skills (e.g., `ess-instance` api) - **Console/UI/dashboard/page/wizard/click/settings/how to/step by step** → **guide** skills (e.g., `ess-instance`, `ess-network`, etc.) - **Error/troubleshoot/FAQ/fix/diagnose/failed/issue/why not working** → **troubleshooting** skills (e.g., `ess-instance`, `ess-user`) - **High-level user intents (e.g., "how to deploy", "create scaling group")** → **intent skills** (recommended starting point) Domain-specific routing keywords: - **Instance Management**: scaling group, ECS instance, scaling rule, lifecycle hook, scheduled task, event-triggered task, instance refresh, attach load balancer, query activity - **Network Security**: firewall, Windows instance, security rule - **Container Service**: container, DevOps, Apsara DevOps, deployment pipeline - **User Management**: login, password, authentication, account access - **Event Notification**: notification, alert, message, event type, CloudMonitor alert - **Monitoring**: custom metric, application metric, CloudMonitor, scaling trigger metric ## General Information ### API Access (for api skills) - **Base URL**: `https://ess.aliyuncs.com` - **Authentication**: Use AccessKey ID and AccessKey Secret with Signature Version 1.0 (HMAC-SHA1) - **SDK Installation**: Available for Python, Java, Go, Node.js, .NET, and PHP via official Alibaba Cloud SDK repositories - **Environment Variables**: Set `ALIBABA_CLOUD_ACCESS_KEY_ID` and `ALIBABA_CLOUD_ACCESS_KEY_SECRET` ### Console Access (for guide skills) - **Console URL**: [Auto Scaling Console](https://ess.console.aliyun.com/) - **Login**: Use your Alibaba Cloud account or RAM user credentials - **Navigation**: Access scaling groups under **Elastic Compute Service > Auto Scaling**, then use left-side menus for instances, rules, configurations, etc. ## Frequently Asked Questions **Q: Should I use the API or the console for Auto Scaling?** A: Use the **console** for initial setup, visual monitoring, and one-off operations. Use the **API/SDK** for automation, CI/CD integration, or managing multiple environments programmatically. **Q: How do I authenticate API calls?** A: Provide your AccessKey pair and sign requests using the standard Alibaba Cloud signature method. Never hardcode keys—use environment variables or secure credential managers. **Q: Why can’t I see my scaling group in the console?** A: Verify you’re in the correct region, have sufficient RAM permissions (e.g., `ess:DescribeScalingGroups`), and that the group wasn’t deleted. Check the **Resource Group** filter if enabled. **Q: What causes “Insufficient Data” in alarm-triggered scaling?** A: This typically means CloudMonitor hasn’t collected enough metric data yet. Ensure the metric exists, has recent values, and the alarm rule uses a valid comparison operator. **Q: Can I use Auto Scaling with both ECS and ECI?** A: Yes—scaling configurations support either ECS instances (with launch templates) or ECI containers. Choose during scaling group creation; mixing types in one group is not supported. ### idaas # IDaaS Skill ## I want to... (Common User Intents) - **Configure user authentication methods** — Set up login methods like SMS, 2FA, or social login → `skills/idaas/intent/idaas-configure-authentication/SKILL.md` (2 alternative paths) - **Manage application access permissions** — Grant or revoke app access for users/groups, assign roles → `skills/idaas/intent/idaas-manage-access/SKILL.md` (2 alternative paths) - **Integrate SSO for an application** — Configure SAML, OIDC, or custom SSO for your app → `skills/idaas/intent/idaas-integrate-application/SKILL.md` (2 alternative paths) - **Provision users from external identity provider** — Sync users from AD, Okta, or other IdPs via SCIM or event callbacks → `skills/idaas/intent/idaas-provision-idp/SKILL.md` (3 alternative paths) - **Set up secure machine-to-machine (M2M) access** — Enable AK-free access to cloud resources or AI models using M2M tokens → `skills/idaas/intent/idaas-secure-access/SKILL.md` (3 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |-------------------|------|-----------|-------------| | Organization Management | guide | idaas-org | Manage organizational structures, create organizations, and associate accounts. | | Identity Management | api | idaas-identity | Manage users, groups, cloud accounts, applications, brands, custom fields, and more via API. | | Identity Management | guide | idaas-identity | Perform identity operations in the console: user onboarding, app setup, branding, etc. | | Identity Management | troubleshooting | idaas-identity | Resolve issues like sync failures, login errors, and account deletion problems. | | Authentication | api | idaas-auth | Authenticate users, acquire tokens, register WebAuthn devices, and handle 2FA via API. | | Authentication | guide | idaas-auth | Configure authentication policies, MFA, social login, risk control, and IP rules in UI. | | Access Control | api | idaas-access | Manage authorization rules, resource servers, OAuth tokens, JWT, and M2M access via API. | | Access Control | guide | idaas-access | Set up RBAC/ABAC, M2M apps, OIDC providers, and SSO integrations in console. | | Access Control | troubleshooting | idaas-access | Diagnose access denied errors, SSO failures, token exchange issues, and role mapping problems. | | Federation and Single Sign-On | guide | idaas-federation | Configure trust with external IdPs (ADFS, Google Workspace, Entra ID), SAML/OIDC, and SLO. | | Instance and Network Management | api | idaas-instance | Create, delete, and configure IDaaS instances, licenses, regions, and network endpoints. | | Instance and Network Management | guide | idaas-instance | Manage custom domains, legacy migrations, and cloud integrations (ECS, ACK, Bastionhost). | | Notifications | guide | idaas-email | Configure SMTP, SMS gateways, email templates, and delivery settings. | | User Lifecycle and Synchronization | api | idaas-appdev | Develop integrations using SCIM, event callbacks, and provisioning APIs. | | User Lifecycle and Synchronization | troubleshooting | idaas-sync | Troubleshoot sync delays, status mismatches, and SCIM errors from AD/Okta. | | Reporting | guide | idaas-reports | View user activity, audit logs, and system metrics in the dashboard. | | Quotas and Limits | api | idaas-service | Retrieve service-level quotas, usage limits, and capacity information. | | Compliance | guide | idaas-privacy | Manage privacy clauses and ensure GDPR/data protection compliance. | | Data Import | guide | idaas-file | Bulk import user or configuration data via CSV/Excel in the console. | | Secure AI Access | guide | idaas-model | Enable keyless, token-based access to Model Studio and AI inference endpoints. | | Gateway Integration | guide | idaas-gateway | Secure MSE cloud-native gateways with OIDC, JWT validation, and zero-trust auth. | ## Intent Routing Guide Use the following guidelines to route user queries to the correct skill type: - **High-level user goals** (e.g., "How do I set up SSO?" or "How to sync AD users?") → **Intent skills** (recommended starting point). - **API/SDK/code/programming/endpoint/REST** → **api** skills. - **Console/dashboard/UI/page/settings/wizard/click/form** → **guide** skills. - **Error/troubleshoot/FAQ/fix/diagnose/failure/issue** → **troubleshooting** skills. Domain-specific routing keywords: - **Organization Management**: organization, OU, hierarchy, structure, account association - **Identity Management**: user, group, application, brand, cloud account, profile, custom field, client secret, token, role, provisioning, SSO, SCIM - **Authentication**: login, password, 2FA, TOTP, WebAuthn, social login, recovery, authenticate, MFA, risk control, IP whitelist - **Access Control**: authorization, policy, RBAC, ABAC, scope, resource server, M2M, OIDC provider, permission, grant, STS token - **Federation and SSO**: SAML, OIDC, IdP, ADFS, Entra ID, Google Workspace, trust, federation metadata, SLO, attribute mapping - **Instance and Network Management**: instance, region, license, trial, network zone, endpoint, custom domain, upgrade, migration - **Notifications**: email, SMS, SMTP, template, gateway, delivery, bounce, sender - **User Lifecycle and Synchronization**: sync, SCIM, provisioning, AD, Okta, Entra ID, event callback, user status - **Reporting**: reports, analytics, logs, audit, metrics, user activity - **Quotas and Limits**: quota, limit, capacity, usage, billing, resource limit - **Compliance**: privacy, GDPR, clause, consent, data protection, policy - **Data Import**: import, upload, CSV, Excel, bulk, file, template - **Secure AI Access**: Model Studio, AI Gateway, keyless, M2M authentication, token-based access - **Gateway Integration**: MSE gateway, cloud-native gateway, OIDC authentication, JWT validation, API security ## General Information ### API Access (for api skills) - **Base URL**: `https://idaas..aliyuncs.com` - **Authentication**: Use OAuth 2.0 client credentials flow or M2M tokens. Obtain `client_id` and `client_secret` from the application settings in the console. - **Environment Variables**: Set `IDAAS_REGION`, `CLIENT_ID`, and `CLIENT_SECRET` for SDK usage. - **SDK Installation**: Available via official Alibaba Cloud SDKs (Python, Java, Go, etc.). Install using package managers (e.g., `pip install alibabacloud_idaas-doraemon20210526`). ### Console Access (for guide skills) - **Console URL**: https://idaas.console.aliyun.com - **Login**: Use your Alibaba Cloud account or federated identity (if SSO is configured). - **Navigation**: Main sections include **Users**, **Applications**, **Authentication**, **Access Control**, **Federation**, **Settings**, and **Reports**. - **Permissions**: Ensure your RAM user has appropriate IDaaS permissions (e.g., `IdaasDoraemon:*`). ## Frequently Asked Questions **Q1: When should I use the API vs. the console?** A: Use the **console** for one-off administrative tasks, initial setup, or visual workflows. Use the **API** for automation, integration into CI/CD pipelines, or managing large-scale operations programmatically. **Q2: How do I get started with IDaaS APIs?** A: First, create an application in the console to obtain `client_id` and `client_secret`. Then, use these credentials to request an access token via the OAuth 2.0 token endpoint. Refer to the `idaas-identity` or `idaas-auth` API skills for specific endpoints. **Q3: Why can’t I see certain features in the console?** A: Feature visibility depends on your IDaaS instance type (CIAM vs. EIAM), license tier, and RAM permissions. Contact support if you believe a feature should be available. **Q4: My SSO integration isn’t working—where do I start troubleshooting?** A: Check the **troubleshooting** skill for your domain (e.g., `idaas-federation` or `idaas-access`). Common issues include misconfigured redirect URIs, certificate mismatches, or incorrect attribute mappings. **Q5: Can I automate user provisioning from my HR system?** A: Yes. Use SCIM (via `idaas-appdev` API) or event-based callbacks (`idaas-sync`) to synchronize users. Pre-built connectors exist for AD, Okta, and DingTalk. ### oceanbase # OceanBase Skill ## I Want To (Common User Intents) - **Optimize a slow-running SQL query (Optimize a slow-running SQL query)** — Improve query performance and reduce execution time → `skills/oceanbase/intent/oceanbase-optimize-query/SKILL.md` (4 alternative paths) - **Import or export data to/from OceanBase (Import or export data to/from OceanBase)** — Move data between OceanBase and external systems → `skills/oceanbase/intent/oceanbase-import-data/SKILL.md` (3 alternative paths) - **Manage distributed database transactions (Manage distributed database transactions)** — Use XA protocols for ACID-compliant distributed transactions → `skills/oceanbase/intent/oceanbase-manage-transactions/SKILL.md` (3 alternative paths) - **Secure database access and protect data (Secure database access and protect data)** — Configure access control, encryption, and compliance settings → `skills/oceanbase/intent/oceanbase-secure-access/SKILL.md` (3 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |-------------------|------|-----------|-------------| | Data Loading | api | oceanbase-data | Load data into OceanBase Database from external files. | | Transaction Management | api | oceanbase-transaction | Manage distributed transactions using XA protocols. | | Database Access | api | oceanbase-access | Connect to OceanBase Database using drivers (JDBC/ODBC). | | Database Error Handling | guide | oceanbase-errorhandling | Understand and handle database exception types via console. | | Database Configuration | guide | oceanbase-config | View and manage NLS and system configuration parameters. | | Database Management | guide | oceanbase-cluster | Manage cluster operations including failover scenarios. | | Database Management | api | oceanbase-database_management | Access cluster event history and topology via APIs. | | Data Management | api | oceanbase-data_management | Manage data types, conversions, and LOB operations. | | SQL Execution and Querying | api | oceanbase-sql | Execute dynamic SQL and perform advanced querying programmatically. | | SQL Optimization and Performance | api | oceanbase-sql_optimization | Optimize SQL using outlines, hints, and execution plan analysis. | | SQL Optimization and Performance | guide | oceanbase-query | Analyze and visualize query plans through the console. | | SQL Optimization and Performance | troubleshooting | oceanbase-sqlperf | Diagnose and resolve slow queries and performance issues. | | Monitoring and Auditing | api | oceanbase-monitoring | Monitor session/system statistics, QPS, and SQL audit data. | | PL/SQL Development and Debugging | api | oceanbase-plsql | Display output and debug PL/SQL programs using DBMS_* packages. | | Security and Data Protection | api | oceanbase-security | Manage privileges, encryption (TDE), and password policies. | | Backup, Recovery, and Migration | guide | oceanbase-backup | Perform backup, restore, and migration tasks via console (NFS, OMS, DataX). | | Backup, Recovery, and Migration | api | oceanbase-recovery | Use flashback queries and DataX plugins for programmatic data movement. | | Database Utility Operations | api | oceanbase-operations | Perform datetime formatting, random generation, and utility functions. | | Database Utility Operations | troubleshooting | oceanbase-database | Handle general database exceptions and errors. | ## Intent Routing Guide Route user queries based on both **domain** and **interaction type**: - **API/SDK/code/programming/endpoint/REST/request** → use **api** sub-skills - **Console/UI/dashboard/page/click/form/wizard** → use **guide** sub-skills - **Error/troubleshoot/FAQ/diagnose/fix/issue/failure** → use **troubleshooting** sub-skills - **High-level user goals (e.g., “How to optimize slow SQL?”)** → start with **intent skills** (recommended) Domain-specific routing keywords: - **Data Loading**: load, import, bulk insert, ETL, data ingestion, file upload, migration, dataset, batch, streaming - **Transaction Management**: XA, distributed transaction, commit, rollback, prepare, in-doubt, two-phase commit, ACID, global transaction - **Database Access**: connect, connection, driver, JDBC, ODBC, client, session, SSL, authentication, pool, timeout - **Database Error Handling**: exception, error types, handle errors (console context) - **Database Configuration**: NLS, parameters, locale, language, date format, charset, collation, settings, preferences - **Database Management**: cluster, failover, primary, node, server, replica, switchover, high availability - **Data Management**: LOB, BLOB, CLOB, data type, conversion, timestamp, timezone, raw, hex, encode, decode, FLOAT - **SQL Execution and Querying**: dynamic SQL, DBMS_SQL, SELECT, GROUP BY, EXISTS, IN, DISTINCT, cursor, bind variable, parallel query - **SQL Optimization and Performance**: EXPLAIN, execution plan, outline, hint, SQL tuning, slow query, plan cache, v$sql_plan, TOP N - **Monitoring and Auditing**: gv$session_wait, gv$sql_audit, QPS, CPU, I/O, wait events, metrics, system statistics, SQL monitor - **PL/SQL Development and Debugging**: DBMS_OUTPUT, DBMS_DEBUG, breakpoint, step into, variable inspection, debug session - **Security and Data Protection**: GRANT, privileges, TDE, encryption, DBMS_CRYPTO, password policy, GDPR, HIPAA, PCI DSS - **Backup, Recovery, and Migration**: backup, restore, recovery point, NFS, OMS, DataX, incremental, full backup, retention, CDC - **Database Utility Operations**: DBMS_RANDOM, DBMS_LOB, datetime arithmetic, CURRENT_DATE, VSIZE, WM_CONCAT, window functions ## General Information ### API Access (for api skills) - **Authentication**: Use standard database credentials (username/password) with supported drivers. - **Drivers**: JDBC and ODBC drivers are available for programmatic access. - **Endpoints**: Direct database connections; no HTTP REST gateway is used—interact via SQL or PL/SQL APIs. - **Environment**: Ensure network connectivity to OceanBase cluster nodes; configure SSL if required. ### Console Access (for guide skills) - **Console URL**: Access via the OceanBase Cloud Platform or on-premises management console. - **Login**: Use your tenant account credentials; ensure appropriate role-based permissions. - **Navigation**: Use left-side menus to access clusters, databases, SQL diagnostics, backup jobs, and configuration panels. ## Frequently Asked Questions **Q: Should I use the API or the console for a task?** A: Use the **console** for one-off operations, visual diagnostics, or guided workflows (e.g., backup setup). Use the **API** for automation, integration into applications, or programmatic control (e.g., loading data from code). **Q: How do I connect to OceanBase programmatically?** A: Use JDBC or ODBC drivers with standard connection strings. Refer to the *Database Access* API skill for details on drivers and connection parameters. **Q: Where can I diagnose a slow SQL query?** A: Start with the **intent skill** “Optimize a slow-running SQL query.” For programmatic analysis, use the *SQL Optimization* API skill; for visual exploration, use the *SQL Optimization* guide skill in the console. **Q: How do I handle an “in-doubt” transaction?** A: Use the *Transaction Management* API skill to recover or synchronize in-doubt XA transactions via DBMS_XA or DIST_TXN_SYNC. **Q: Can I encrypt sensitive data in OceanBase?** A: Yes—use TDE (Transparent Data Encryption) for tables/tablespaces or DBMS_CRYPTO for application-level encryption. See the *Security* API skill for implementation. ### opensearch # OpenSearch Skill ## I want to... (Common User Intents) - **Build a Retrieval-Augmented Generation (RAG) solution** — Implement RAG systems using OpenSearch vector and AI capabilities → `skills/opensearch/intent/opensearch-build-solution/SKILL.md` (3 alternative paths) - **Deploy embedding model for inference** — Host and serve custom or built-in embedding models → `skills/opensearch/intent/opensearch-deploy-model/SKILL.md` (2 alternative paths) - **Manage data sources for ingestion** — Connect external data sources like OSS or MaxCompute → `skills/opensearch/intent/opensearch-manage-sources/SKILL.md` (2 alternative paths) - **Configure security and access control** — Set up API keys, RAM users, and VPC access → `skills/opensearch/intent/opensearch-configure-access/SKILL.md` (2 alternative paths) - **Optimize search relevance and ranking** — Improve result quality with custom ranking, reranking, and query analysis → `skills/opensearch/intent/opensearch-optimize-relevance/SKILL.md` (3 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |----------|------|----------|------| | Memory Management | api | opensearch-memory | Store, retrieve, and manage memory data for agentic applications. | | Memory Management | guide | opensearch-memory | Configure long-term memory for intelligent agents via console. | | Vector Search | api | opensearch-vector | Perform vector similarity searches and manage embeddings programmatically. | | Vector Search | guide | opensearch-vector | Create and configure vector indexes and image search engines via UI. | | Query Execution | api | opensearch-search | Interpret and execute search query results in various formats (JSON, ProtoBuf, etc.). | | Knowledge Base Management | guide | opensearch-knowledge | Create and manage knowledge bases for Q&A systems through the console. | | Multimodal Search | api | opensearch-multimodal | Score relevance between multimodal queries and documents. | | Data Query | api | opensearch-data | Query merged tables, child tables, and key-value data using SQL-like syntax. | | Search Service | api | opensearch-search_service | Retrieve domain and service information for OpenSearch instances. | | Algorithm Management | api | opensearch-algorithm | List and manage deployed algorithm and machine learning resources. | | Model Management | api | opensearch-model | Get details and reports on deployed ML models. | | Model Management | troubleshooting | opensearch-model | Diagnose and resolve model deployment and inference errors. | | Data Aggregation | api | opensearch-aggregation | Perform statistical aggregations and group analytics on search data. | | Custom Sorting Model Configuration | guide | opensearch-custom-sort | Configure feature attributes for custom sorting models in the console. | | Code Execution | guide | opensearch-code | Implement conditional logic in Cava scripts via the management interface. | | SQL Development | guide | opensearch-sql | Create SQL instances and run queries through the console. | | Document Retrieval | api | opensearch-document | Fetch documents by primary key and retrieve summaries. | | Scripting Extension | guide | opensearch-scripting | Upload and manage Cava scripts to extend functionality. | | Text Relevance Ranking | guide | opensearch-ranking | Configure pack indexes with text fields and relevance scoring. | | Script Management | api | opensearch-script | Manage custom sort scripts and script files programmatically. | | Search Algorithm | guide | opensearch-algorithm | Customize core search algorithms including tailored retrieval and NER. | | Search | api | opensearch-search-api | Execute search queries, configure parameters, and handle results via API. | | Search | guide | opensearch-search | Implement search features, configure clients, and test queries in the console. | | Search | troubleshooting | opensearch-search | Diagnose and fix common API and connection errors. | | Embedding | api | opensearch-text | Generate dense and sparse vector embeddings from text and multimodal inputs. | | Data Ingestion and Processing | api | opensearch-data_ingestion_and_processing | Parse and split documents into chunks for processing and vectorization. | | Data Ingestion and Processing | guide | opensearch-document | Configure data pipelines and ingestion from OSS, MaxCompute, or APIs. | | Model and AI Services | api | opensearch-model_and_ai_services | Generate text using LLMs with or without web-augmented context. | | Model and AI Services | guide | opensearch-text | Activate and configure AI search services, deploy models, and build chatbots. | | Index and Data Management | api | opensearch-index | Create, modify, and manage indexes, versions, and document data. | | Index and Data Management | guide | opensearch-index | Configure index schemas, subdocuments, and bulk upload via UI. | | Instance and Resource Management | api | opensearch-instance | Create, configure, and manage OpenSearch instances and clusters. | | Instance and Resource Management | guide | opensearch-instance | Scale, monitor, and manage instances through the console. | | Instance and Resource Management | troubleshooting | opensearch-monitoring | Resolve monitoring access and permission issues. | | Text and Query Analysis | api | opensearch-text_and_query_analysis | Create and manage custom analyzers, dictionaries, and query processors. | | Text and Query Analysis | guide | opensearch-text_and_query_analysis | Configure stop words, synonyms, NER, and fuzzy analysis in the console. | | Text and Query Analysis | troubleshooting | opensearch-error | Diagnose API errors and Cava runtime exceptions. | | Multimodal Content Processing | api | opensearch-image | Extract text from images, detect objects, and process video/audio content. | | Security and Access Control | api | opensearch-security | Authenticate API requests using access keys or STS tokens. | | Security and Access Control | guide | opensearch-security | Manage API keys, RAM users, and VPC/CEN network access. | | A/B Testing and Evaluation | api | opensearch-abtest | Create and manage A/B test experiments, groups, and scenes. | ## Intent Routing Guide - **High-level user intents (e.g., "how to deploy a model", "build RAG")** → intent skills (recommended starting point) - **API/SDK/code/programming/endpoint/REST/client/request** → api skills - **Console/dashboard/UI/page/wizard/form/click/settings** → guide skills - **Error/troubleshoot/FAQ/fix/diagnose/exception/failure** → troubleshooting skills Domain-specific routing keywords: - **Memory Management**: memory, agentic_memory, recall, forget, store_memory, delete_memory - **Vector Search**: vector, embedding, ANN, semantic search, RAG, similarity, dense vector, sparse vector - **Query Execution**: query_execution, interpret results, JSON, ProtoBuf, kvpair, SQL execution - **Knowledge Base Management**: knowledge_base, Q&A system, create_knowledge_base - **Multimodal Search**: multimodal_search, relevance_scoring, image+text - **Data Query**: merged table, Pkey-Skey, child table, SELECT, WHERE, UNION - **Search Service**: domain, service info, OpenSearch instance metadata - **Algorithm Management**: algorithm, ML, AI, function resource, model deployment - **Model Management**: model, inference, prediction, accuracy, timeout, validation - **Data Aggregation**: GROUP BY, aggregate, statistics, metrics, analytics - **Custom Sorting**: custom sort, feature configuration, ranking model - **Code Execution**: Cava, conditional logic, branch, if-else - **SQL Development**: SQL instance, query development, execute SQL - **Document Retrieval**: fetch document, primary key, summary, document content - **Scripting Extension**: Cava script, upload script, extension - **Text Relevance Ranking**: pack index, text fields, relevance scoring, ranking - **Script Management**: sort script, custom script, upload/delete/list scripts - **Search Algorithm**: tailored retrieval, NER, spelling correction, category prediction - **Search**: search query, filter, sort, paginate, rerank, BM25, dropdown suggestions - **Embedding**: text_embedding, sparse_vector, multimodal embedding, dimensionality reduction - **Data Ingestion and Processing**: document parsing, PDF, OCR, chunking, TVF, MaxCompute, OSS - **Model and AI Services**: generate_text, LLM, chat, web search, OpenAI-compatible, NL2SQL - **Index and Data Management**: index, schema, push documents, bulk update, version, inverted index - **Instance and Resource Management**: instance, cluster, app group, quota, RAM, billing, VPC - **Text and Query Analysis**: analyzer, tokenizer, stop words, synonyms, NER, query understanding - **Multimodal Content Processing**: OCR, image analysis, object detection, video segmentation, ASR - **Security and Access Control**: API_key, access_key, RAM, STS token, VPC, authentication - **A/B Testing and Evaluation**: A/B test, experiment, variant, scene, group, metrics ## General Information ### API / SDK Setup - **Base URL**: Constructed per instance; typically `https://{instance-id}.{region}.opensearch.aliyuncs.com` - **Authentication**: Use AccessKey ID and Secret, or temporary STS tokens for secure API calls. - **SDK Installation**: Available for Java, Python, Go, PHP, and Node.js. Install via package managers (e.g., `pip install opensearch-py`, `npm install @opensearch-project/opensearch`). - **Client Initialization**: Requires endpoint, credentials, and region. Refer to language-specific SDK guides. ### Console Access - **Console URL**: https://opensearch.console.aliyun.com/ - **Login**: Use your Alibaba Cloud account or RAM user with appropriate permissions. - **Navigation**: Access domains via left-side menu: Instances, Applications, Data Sources, Models, etc. - **Common Patterns**: Most operations follow a wizard or form-based flow (e.g., Create Instance → Configure → Deploy). ## Frequently Asked Questions **Q: When should I use the API vs. the console?** A: Use the **console** for initial setup, testing, and one-off tasks. Use the **API/SDK** for automation, integration into applications, or batch operations. **Q: How do I get started with vector search?** A: Start with the **Vector Search** guide to create an index via console, then use the **vector API** to insert and query embeddings. For RAG, see the "Build RAG solution" intent skill. **Q: Where do I find my API credentials?** A: Create and manage **AccessKeys** in the Alibaba Cloud console under Identity Management > Users. Assign OpenSearch permissions via RAM policies. **Q: My search results aren’t relevant—how do I improve them?** A: Use the **Text and Query Analysis** and **Search Algorithm** guide skills to configure analyzers, synonyms, and reranking. Also explore the "Optimize search relevance" intent. **Q: How do I troubleshoot a 403 or connection timeout error?** A: Check **Security and Access Control** settings (IP allowlist, VPC, credentials). For timeouts, review instance specs and SDK connection pool settings in the **troubleshooting** skills. ### oss # Object Storage Service Skill ## I Want To (Common User Intents) - **Manage storage objects (upload, download, copy, etc.)** — Perform basic and advanced object operations across API, CLI, or console → `skills/oss/intent/oss-manage-objects/SKILL.md` (3 alternative paths) - **Configure bucket-level security policies** — Set up access controls, block public access, configure CORS, and manage policies → `skills/oss/intent/oss-configure-security/SKILL.md` (4 alternative paths) - **Manage vector data and indexes** — Store, index, and query vector embeddings for AI applications → `skills/oss/intent/oss-manage-data/SKILL.md` (2 alternative paths) - **Process media files (e.g., HLS streaming)** — Build live or on-demand video streaming solutions using OSS → `skills/oss/intent/oss-process-files/SKILL.md` (2 alternative paths) - **Configure storage access logging and monitoring** — Enable, customize, and analyze access logs for auditing and observability → `skills/oss/intent/oss-configure-monitoring/SKILL.md` (3 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |-------------------|------|-----------|-------------| | Storage | api | oss-storage | Core bucket/object operations, lifecycle, encryption, replication, metadata, and more via API/SDK | | Storage | guide | oss-storage-guide | Console-based management of buckets, objects, permissions, and configurations | | Storage | cli | oss-storage-cli | Full object/bucket management using ossutil CLI commands | | Storage | troubleshooting | oss-storage-troubleshooting | Resolve common errors in CLI, API, and console usage | | Access Control | api | oss-access-control | Manage access points and their policies programmatically | | Access Control | cli | oss-access | Configure access points, CNAMEs, and public access blocks via CLI | | Network Security | api | oss-network-security | Configure Anti-DDoS, CORS, HTTPS, and requester QoS via API | | Network Security | guide | oss-network_security | Set up hotlink protection, CORS, and security rules in console | | Network Security | cli | oss-network | Test connectivity, manage Anti-DDoS, and configure TLS via CLI | | Image Processing | api | oss-image-processing | Define and apply image transformation styles via API | | Image Processing | cli | oss-image | Create and manage image styles using ossutil | | Streaming | api | oss-live | Manage live channels, RTMP ingest, and VOD playlists via API | | Streaming | guide | oss-video | Build HLS streams through the console interface | | Streaming | troubleshooting | oss-streaming | Diagnose and fix stream ingestion, latency, and auth issues | | Logging | cli | oss-logging | Configure bucket access logging and custom log fields via CLI | | Logging | guide | oss-logging-guide | View and analyze access logs in the console | | Vector Storage | api | oss-vector | Manage vector buckets, indexes, and perform similarity search via API | | Vector Storage | cli | oss-vector_storage | Operate vector storage using CLI commands | | Structured Storage | api | oss-table | Manage table buckets, namespaces, and tables via API | | Structured Storage | cli | oss-structured_storage | Create and configure table storage using ossutil | | Data Protection | api | oss-instance | Configure resource pool QoS and instance-level settings via API | | Data Protection | cli | oss-protection | Enforce WORM retention policies and manage compliance via CLI | ## Intent Routing Guide Route user queries based on both **domain** and **interaction type**: - **High-level user intents (e.g., "How do I upload files?" or "How to secure my bucket?")** → Start with intent skills (recommended entry point) - **API/SDK/code/programming/endpoint/REST/request** → Route to **api** sub-skills - **Console/dashboard/UI/page/wizard/click/settings** → Route to **guide** sub-skills - **CLI/command/terminal/flag/option/ossutil/shell** → Route to **cli** sub-skills - **Error/troubleshoot/FAQ/fix/diagnose/failure/debug** → Route to **troubleshooting** sub-skills Domain-specific keyword guidance: - **Storage**: bucket, object, upload, download, copy, delete, list, lifecycle, versioning, encryption, replication, tagging, metadata, ACL - **Access Control**: access point, policy, VPC, private endpoint, IAM, permission, role, ARN, security - **Network Security**: Anti-DDoS, DDoS, CORS, hotlink, referer, HTTPS, TLS, SSL, protection, origin, preflight - **Image Processing**: image, style, transformation, resize, crop, rotate, watermark, format, quality, thumbnail, filter - **Streaming**: HLS, RTMP, live channel, ingest, stream, playlist, VOD, playback, encoder, latency - **Logging**: log, logging, access log, audit, custom field, track, monitor, record - **Vector Storage**: vector, embedding, similarity search, ANN, k-NN, FAISS, HNSW, semantic search, retrieval - **Structured Storage**: table, namespace, Iceberg, schema, partition, metadata, NoSQL, DDL, DML - **Data Protection**: WORM, retention policy, legal hold, immutable, compliance, governance, bucket lock ## General Information ### API & SDK Basics - **Base URL**: `https://..aliyuncs.com` (path-style also supported) - **Authentication**: Signature-based (AccessKey ID/Secret) or STS tokens for temporary credentials - **SDKs**: Available for Python, Java, Go, Node.js, .NET, PHP, and more - **Environment Variables**: `OSS_ACCESS_KEY_ID`, `OSS_ACCESS_KEY_SECRET`, `OSS_ENDPOINT` - **Installation**: Use package managers (e.g., `pip install oss2` for Python) ### Console Access - **Console URL**: https://oss.console.aliyun.com - **Login**: Requires Alibaba Cloud account with appropriate RAM permissions - **Navigation**: Select region → choose bucket → use left-side menu for features (Objects, Permissions, Data Management, etc.) - **Common Patterns**: Most operations follow "Bucket → Feature → Configure/Apply" flow ## Common Questions **Q: Should I use the API or the console for managing buckets?** A: Use the **console** for one-off setup, exploration, or visual workflows. Use the **API/CLI** for automation, scripting, or integration into applications. **Q: How do I authenticate API requests?** A: Provide your AccessKey ID and Secret via SDK configuration, environment variables, or request signing. For enhanced security, use RAM roles or STS tokens. **Q: Where can I find CLI (ossutil) documentation?** A: All CLI operations are covered in **cli**-type sub-skills. Install ossutil from the official repository and configure it using `ossutil config`. **Q: My API call returns "AccessDenied"—what should I check?** A: Verify your AccessKey permissions, bucket policy, RAM user policies, and whether the resource (bucket/object) exists. Also confirm correct region and endpoint usage. **Q: Can I combine API and console usage?** A: Yes—changes made via API are reflected in the console and vice versa. However, avoid concurrent modifications to the same resource to prevent conflicts. ### pai # Platform for AI (PAI) Skill ## I want to... (Common User Intents) - **Deploy a model for online inference** — Deploy trained models as scalable APIs or real-time services → `skills/pai/intent/pai-deploy-inference/SKILL.md` (3 alternative paths) - **Train a machine learning model** — Train models for vision, language, GANs, pose estimation, etc. → `skills/pai/intent/pai-train-model/SKILL.md` (4 alternative paths) - **Manage and process training datasets** — Create, version, preprocess, and analyze datasets → `skills/pai/intent/pai-manage-data/SKILL.md` (2 alternative paths) - **Monitor and debug AI jobs** — Access logs, metrics, and error diagnostics for running/failing jobs → `skills/pai/intent/pai-monitor-jobs/SKILL.md` (2 alternative paths) - **Manage platform access and permissions** — Configure workspace roles, RAM policies, and resource access controls → `skills/pai/intent/pai-manage-permissions/SKILL.md` (2 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |----------|------|----------|------| | Algorithm Management | api | pai-algorithm | Manage algorithms and their versions used in PAI training and inference workflows. | | Workload Management | api | pai-workload | Manage and retrieve information about workloads running in PAI. | | Dataset Acceleration | api | pai-dataset | Manage dataset acceleration endpoints, slots, and their lifecycle and status. | | Snapshot Management | api | pai-snapshot | Create, manage, and restore snapshots of AI resources. | | Image Management | api | pai-image | Manage custom and base images used for PAI instances and jobs. | | Event Integration | api | pai-event | Handle integration events from external systems like DataWorks. | | Code Management | api | pai-code | Manage code sources and their publication lifecycle. | | Storage | api | pai-storage | Manage dynamic storage mounting and file operations in PAI instances. | | Benchmarking | api | pai-benchmark | Run and analyze benchmark tasks for AI models and services in PAI. | | Campaign Management | api | pai-campaign | Create, manage, and track marketing or user engagement campaigns. | | Audience Management | api | pai-audience | Define and manage audience groups for targeted campaigns. | | User Engagement | api | pai-engagement | Schedule and manage user engagement activities. | | Schedule Management | api | pai-schedule | Manage delivery and execution schedules for various platform operations. | | Instance Management | api | pai-instance | Manage compute instances, resource groups, quotas, nodes, and related infrastructure resources in PAI. | | Instance Management | guide | pai-instance_management | Perform instance setup, configuration, and management via console UI. | | Experiment Management | api | pai-experiment | Create, manage, and analyze machine learning experiments and experiment plans in PAI. | | Experiment Management | guide | pai-feature | Use visual tools for feature engineering, correlation, and transformation. | | Training Job Management | api | pai-training-job | Monitor, debug, and manage the lifecycle of training jobs including logs, metrics, and events. | | Training Job Management | guide | pai-training | Configure and run model training workflows through the console. | | Model Management | api | pai-model | Create, manage, and deploy machine learning models and their versions. | | Model Management | guide | pai-model_management | Deploy, evaluate, export, and govern models using UI workflows. | | Dataset Management | api | pai-dataset_management | Create, manage, and process datasets and their versions, files, and associated jobs. | | Dataset Management | guide | pai-processing | Perform data cleaning, transformation, visualization, and statistical analysis via UI. | | Network Management | api | pai-network | Configure network settings and VPC forwarding for secure PAI resource access. | | Monitoring & Observability | api | pai-monitor | Access user and system metrics for monitoring PAI resource usage and performance. | | Monitoring & Observability | guide | pai-notification | Configure event notifications and alerting rules in the console. | | Workspace & Identity Management | api | pai-workspace | Manage workspace specifications and identifiers for organizing PAI projects. | | Workspace & Identity Management | guide | pai-workspace_management | Create workspaces and configure role-based access via UI. | | Pipeline & Workflow Management | api | pai-pipeline | Create, manage, and monitor ML pipelines and their execution runs. | | Pipeline & Workflow Management | guide | pai-pipeline_management | Design, schedule, and run ML workflows using ML Designer. | | Pipeline & Workflow Management | troubleshooting | pai-designer | Troubleshoot common issues in the Machine Learning Designer interface. | | Feature Store | api | pai-feature_store | Manage feature store entities including datasources, feature views, and label tables. | | Knowledge Management | api | pai-knowledge | Create, manage, and retrieve knowledge bases and their associated jobs and chunks. | | API & Service Management | api | pai-api-catalog | Browse and access the catalog of available AI service endpoints in PAI. | | AI Workloads | api | pai-text | Generate text using PAI's text generation APIs and access service endpoints. | | AI Workloads | guide | pai-ai_workloads | Train and deploy vision, recommendation, graph, and generative models via UI. | | Image Label Management | api | pai-image_label_management | Manage labels associated with images for organization and discovery. | ## Intent Routing Guide - **High-level user intents (e.g., "How do I deploy a model?" or "Train an image classifier")** → intent skills (recommended starting point) - **API/SDK/code/programming/endpoint/REST/request** → api skills - **Console/dashboard/UI/page/wizard/click/form** → guide skills - **Error/troubleshoot/FAQ/fix/diagnose/failure/debug** → troubleshooting skills (currently only for ML Designer) Domain-specific routing keywords: - **Algorithm Management**: algorithm, algorithm version, hyperparameter, recipe, framework - **Workload Management**: workload, workload info, job status - **Dataset Acceleration**: dataset acceleration, slot, endpoint, lifecycle, metrics - **Snapshot Management**: snapshot, backup, restore, create snapshot - **Image Management**: image, container, Docker, base image, custom image, AMI - **Event Integration**: event, webhook, DataWorks, integration, callback - **Code Management**: code source, Git, repository, publish code - **Storage**: storage, mount, volume, file transfer, bucket, object - **Benchmarking**: benchmark, performance test, latency, throughput, report - **Campaign/Audience/Engagement/Schedule**: campaign, audience, user engagement, schedule, cron, delivery - **Instance Management**: instance, node, cluster, quota, resource group, ECS, RAM, VSC, tensorboard, terminal - **Experiment Management**: experiment, HPO, AutoFE, trial, run, metric logging - **Training Job Management**: training job, logs, metrics, error info, TensorBoard, job template - **Model Management**: model, version, deploy, EAS, registry, evaluation, fairness - **Dataset Management**: dataset, version, file, ETL, DataJuicer, lineage, statistics - **Network Management**: VPC, ENI, subnet, gateway, peering, ACL, CIDR, forwarding - **Monitoring & Observability**: metrics, logs, diagnostic, XTrace, alert, event log - **Workspace & Identity**: workspace, role, RBAC, RAM policy, member, permission - **Pipeline & Workflow**: pipeline, workflow, ML Designer, run, node, manifest - **Feature Store**: feature view, feature entity, label table, datasource - **Knowledge Management**: knowledge base, chunk, retrieval, upload file - **API & Service Management**: API catalog, service endpoint, DNS, custom domain - **AI Workloads**: text generation, video generation, recommendation, time series, LLM, embedding - **Image Label Management**: image label, tag, metadata, categorize ## General Information ### API Access (for api skills) - **Base URL**: All PAI APIs are accessed via regional endpoints (e.g., `pai-eas.${region}.aliyuncs.com`). The exact endpoint depends on the service and region. - **Authentication**: Use Alibaba Cloud AccessKey ID and Secret with standard Signature Version 4 signing. - **SDK Installation**: Install the official Alibaba Cloud SDK for your language (Python, Java, Go, etc.) from [Alibaba Cloud SDK](https://www.alibabacloud.com/help/en/sdk). - **Environment Variables**: Set `ALIBABA_CLOUD_ACCESS_KEY_ID` and `ALIBABA_CLOUD_ACCESS_KEY_SECRET` for local development. ### Console Access (for guide skills) - **Console URL**: https://pai.console.aliyun.com/ - **Login**: Use your Alibaba Cloud account credentials. - **Navigation**: After login, select your region and workspace. Key sections include Experiments, Models, Datasets, Jobs, Instances, and Pipelines. - **Permissions**: Ensure your RAM user has appropriate permissions (e.g., `AliyunPAIFullAccess` or custom policies) to perform actions. ## Frequently Asked Questions **Q1: Should I use the API or the console for my task?** A: Use the **console (guide skills)** for one-off tasks, exploration, or visual workflows (e.g., building a pipeline in ML Designer). Use the **API (api skills)** for automation, integration into CI/CD, or programmatic control at scale. **Q2: How do I authenticate API calls to PAI?** A: Use your Alibaba Cloud AccessKey pair. Sign requests using Signature Version 4. For enhanced security, use RAM roles or temporary tokens when running inside Alibaba Cloud environments (e.g., ECS). **Q3: I can’t see my resources in the console—what’s wrong?** A: Verify: (1) you’re in the correct region, (2) your workspace is selected, and (3) your RAM user has permissions to view the resource type (e.g., `pai:DescribeModels`). **Q4: My training job failed—how do I debug it?** A: First, check the **training job logs and error info** via the API (`GetTrainingJobErrorInfo`, `GetTrainingJobLogs`) or in the console under the job’s “Logs” tab. Common causes include insufficient quota, invalid image, or code errors. **Q5: How do I grant team members access to my PAI workspace?** A: In the **Workspace & Identity Management** section (console), add members and assign roles (e.g., Admin, Developer, Viewer). For fine-grained control, attach custom RAM policies to their accounts. ### rds # ApsaraDB RDS Skill ## I want to (Common User Intents) - **Manage database instance lifecycle and configuration (管理数据库实例)** — Create, modify, and manage RDS instances → `skills/rds/intent/rds-manage-instance/SKILL.md` (2 alternative paths) - **Backup and restore database data (备份与恢复数据库)** — Perform backup operations and restore from backups → `skills/rds/intent/rds-backup-database/SKILL.md` (2 alternative paths) - **Manage database accounts and permissions (管理数据库账号与权限)** — Create accounts and assign permissions → `skills/rds/intent/rds-manage-accounts/SKILL.md` (2 alternative paths) - **Migrate database data to or between RDS instances (迁移数据库数据)** — Transfer data from self-managed or between RDS instances → `skills/rds/intent/rds-migrate-data/SKILL.md` (3 alternative paths) - **Monitor and analyze database performance metrics (监控数据库性能)** — Track metrics and analyze performance data → `skills/rds/intent/rds-monitor-performance/SKILL.md` (3 alternative paths) - **Optimize database performance using diagnostic tools (优化数据库性能)** — Identify and fix performance bottlenecks → `skills/rds/intent/rds-optimize-performance/SKILL.md` (3 alternative paths) - **Configure database security settings and access control (配置数据库安全)** — Set up security configurations and access controls → `skills/rds/intent/rds-configure-security/SKILL.md` (2 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |----------|------|----------|------| | Instance Management | api/guide/troubleshooting | rds-instance | Manage RDS instances including creation, configuration, lifecycle operations, and general instance-level settings. | | Backup and Restore | api/guide/troubleshooting | rds-backup | Manage backup configurations, create and query backup files, and restore data from backups including cross-region scenarios. | | Account Management | api/guide | rds-account | Manage database accounts, permissions, passwords, and access control for RDS instances. | | Data Migration | api/guide/troubleshooting | rds-migration | Migrate data between instances, perform cloud migration assessments, and switch workloads during migration processes. | | Security | api/guide/troubleshooting | rds-security-general | Manage access permissions and security configurations for RDS instances. | | Monitoring and Alerts | api/guide/troubleshooting | rds-monitoring | Monitor and configure enhanced monitoring metrics and performance data for RDS instances. | | Performance Optimization | guide/troubleshooting | rds-performance | Analyze and optimize database performance through SQL statement management. | | Database Proxy | api/troubleshooting | rds-proxy | Configure and manage database proxy endpoints, SSL encryption, and proxy settings for RDS instances. | | Read/Write Splitting | api | rds-rwsplit | Configure and manage read/write splitting endpoints, read weights, and latency thresholds. | | Storage Management | api/guide | rds-storage | Manage storage resources including disks, file systems, and storage analysis for RDS instances. | | Event Management | api/guide | rds-events | Enable, disable, and query historical events for RDS instances. | | Disaster Recovery | api/guide | rds-dr | Manage disaster recovery instances including switching between primary and disaster recovery roles. | | Database Connectivity | troubleshooting | rds-connectivity | Resolve connectivity issues related to IP whitelisting and network configuration. | | Log Management | api/guide | rds-logs | Manage and query various types of logs including SQL audit logs, error logs, and slow query logs. | | Data Restoration | guide | rds-restoration | Restore data from RDS to self-managed PostgreSQL instances using various file formats. | | Data Synchronization and Integration | api/guide/troubleshooting | rds-sync | Configure and manage real-time data synchronization between databases and other services. | | Spatial Data Processing | api/guide | rds-spatial | Convert, transform, and process spatial grid and geometry data using specialized functions. | | AI Assistant and Conversational AI | api/guide | rds-ai | Manage AI assistant configurations, model operators, and related orders. | | Text and Vector Search | api/guide/troubleshooting | rds-text | Enable advanced text search capabilities including fuzzy matching and RUM indexing. | | Advanced Database Features | api/guide | rds-ml | Integrate machine learning capabilities with RDS using SQLFlow and XGBoost. | | Billing and Cost Management | api/guide | rds-billing | Manage RDS billing, savings plans, and view cost details. | | Data Export and Import | guide | rds-export | Export data from RDS instances to various formats including SQL, CSV, and Excel. | | Troubleshooting | troubleshooting | rds-troubleshoot | Diagnose and resolve API errors and client-side issues. | ## Intent Routing Guide - **High-level user intents (e.g., how to deploy, manage database instance)** → intent skills (recommended starting point) - **API/SDK/code/programming/endpoint/REST/request** → api skills - **Console/dashboard/UI/page/settings/click/wizard/form** → guide skills - **Troubleshoot/error/FAQ/diagnose/failure/issue/fix/debug/resolve** → troubleshooting skills Specific domain routing: - **Instance Management**: instance, create instance, modify instance, restart instance, delete instance, instance lifecycle - **Backup and Restore**: backup, restore, PITR, snapshot, cross-region backup, backup policy - **Account Management**: account, create account, grant permission, reset password, lock account - **Data Migration**: migrate, cloud migration, DTS, data transfer, import, export - **Security**: IP whitelist, SSL, TDE, security group, encryption, access control - **Monitoring and Alerts**: monitor, alert, metrics, CPU usage, memory usage, disk usage, logs - **Performance Optimization**: slow query, SQL optimization, index optimization, performance tuning - **Database Proxy**: database proxy, proxy endpoint, SSL encryption, read/write splitting, connection pool - **Read/Write Splitting**: read/write splitting, read weights, latency threshold, splitting endpoint - **Storage Management**: storage, disk, file system, CPFS, HDFS, MinIO, NAS, NFS, OSS - **Event Management**: event history, historical events, instance events, audit trail - **Disaster Recovery**: disaster recovery, DR instance, failover, primary instance, switchover - **Database Connectivity**: IP not in whitelist, ECS connection, internal network, connectivity issue - **Log Management**: SQL audit, error logs, slow query logs, log retention, log download - **Data Restoration**: restore to self-managed, CSV restore, SQL restore, data transfer - **Data Synchronization**: sync, data synchronization, CDC, real-time sync, foreign table, FDW - **Spatial Data Processing**: spatial, GIS, GPS, trajectory, raster, geometry, PostGIS, Ganos - **AI Assistant**: AI assistant, Copilot, chat, conversation, model operator, long-term memory - **Text and Vector Search**: full-text search, fuzzy match, RUM, pgvector, embedding, similarity - **Advanced Database Features**: ML, SQLFlow, XGBoost, MADlib, TimescaleDB, RDKit, RAG - **Billing and Cost Management**: billing, cost, savings plan, subscription, pay-as-you-go, invoice - **Data Export and Import**: export data, import data, CSV, SQL, Excel, DMS ## General Information ### API Information - **Base URL**: API endpoints follow the standard Alibaba Cloud API format: `https://rds.aliyuncs.com/` - **Authentication**: APIs use AccessKey ID and AccessKey Secret for authentication. These credentials can be obtained from the Alibaba Cloud Console under your account security settings. - **SDK Installation**: Official SDKs are available for multiple languages including Python, Java, Go, Node.js, and .NET. Install via standard package managers (pip, Maven, go get, npm, etc.) using the Alibaba Cloud SDK packages. ### Console Information - **Console URL**: https://rdsnext.console.aliyun.com/ - **Login Instructions**: Access requires an Alibaba Cloud account. Navigate to the RDS section from the main console dashboard. - **Common Navigation Patterns**: - Instance list view shows all RDS instances with status indicators - Click on any instance name to access its detailed management page - Left navigation panel provides access to all management categories (Basic Information, Accounts, Databases, Backup, Monitoring, etc.) - Action buttons at the top right of instance pages provide common operations (Restart, Delete, Modify Configuration, etc.) ## Common Questions **Q: How do I choose between API and console for my task?** A: Use the console for one-time setup, visual monitoring, and interactive operations. Use APIs/SDKs for automation, integration with applications, and repetitive tasks that need programmatic control. **Q: What should I do if I encounter API authentication errors?** A: Verify your AccessKey ID and Secret are correct and have appropriate RAM permissions for RDS operations. Ensure your system clock is synchronized as API requests include timestamps that expire quickly. **Q: How can I access the RDS console if I don't see my instances?** A: Check that you're in the correct region (instances are region-specific) and that your account has the necessary permissions. If you recently created instances, refresh the page as there might be a brief delay in display. **Q: When should I use Database Proxy versus direct instance connections?** A: Use Database Proxy for production workloads requiring high availability, read/write splitting, connection pooling, or SSL termination. Direct connections are suitable for development, testing, or simple applications without these requirements. **Q: What's the difference between troubleshooting guides and regular documentation?** A: Troubleshooting guides specifically address error conditions, failure scenarios, and diagnostic procedures. Regular documentation covers standard operational procedures and feature configurations under normal conditions. ### rocketmq # RocketMQ Skill ## I Want To Do (Common User Intents) - **Send messages with delivery guarantees (ordered, transactional, etc.)** — Send messages that require strict ordering, transactional consistency, or delayed delivery → `skills/rocketmq/intent/rocketmq-send-guarantees/SKILL.md` (4 alternative paths) - **Consume and process incoming messages** — Receive messages from topics and handle success, failure, or retry logic → `skills/rocketmq/intent/rocketmq-consume-logic/SKILL.md` (3 alternative paths) - **Configure message metadata and custom attributes** — Set tags, keys, timestamps, or user-defined properties on messages → `skills/rocketmq/intent/rocketmq-configure-attributes/SKILL.md` (3 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |-------------------------|------|-------------------------|-----------------------------------------------------------------------------| | Message Delivery | api | rocketmq-message | Sending and managing messages through RocketMQ, including transactional, ordered, and delayed message delivery. | | Message Queue Management| api | rocketmq-queue | Managing producers, consumers, and message processing lifecycle in RocketMQ. | | Message Consumption | api | rocketmq-consumption | Handling and processing consumed messages, including result actions and consumption logic. | ## Intent Routing Guide All skills are of type **api**, so route based on functional domain using these keywords: - **Message Delivery** — Keywords: `send`, `message`, `delivery`, `publish`, `topic`, `tag`, `key`, `transaction`, `ordered`, `delayed`, `async`, `oneway`, `producer` - **Message Queue Management** — Keywords: `producer`, `consumer`, `start`, `shutdown`, `subscribe`, `unsubscribe`, `client`, `instance`, `listener`, `batch`, `configure`, `metadata`, `exception`, `enum` - **Message Consumption** — Keywords: `consume`, `processing`, `action`, `result`, `acknowledge`, `retry`, `reject`, `callback` Also recognize high-level user intents (e.g., "How to send ordered messages?") and route to intent skills first—they provide goal-oriented entry points. ## General Information ### API Base URL and Authentication RocketMQ clients connect directly to broker endpoints; there is no central REST API gateway. Connection details (namesrvAddr) are configured via client settings. ### SDK Installation Use the official Apache RocketMQ client SDKs: - **Java**: Available via Maven Central (`org.apache.rocketmq:rocketmq-client`) - **Other languages**: Refer to [Apache RocketMQ official site](https://rocketmq.apache.org/) for supported clients (Go, Python, C++, etc.) Authentication and authorization (ACL) are configured at the broker level and enforced via access keys passed during client initialization. ## Frequently Asked Questions **Q: How do I choose between Message Delivery and Message Queue Management?** A: Use *Message Delivery* when sending messages. Use *Message Queue Management* when creating or managing producer/consumer instances, subscriptions, or client lifecycle. **Q: Where should I start if I want to consume messages?** A: Begin with the intent skill “Consume and process incoming messages” or the *Message Queue Management* domain to set up a consumer, then use *Message Consumption* to define processing logic. **Q: Do I need separate credentials for API access?** A: Yes—when ACL is enabled on the broker, you must provide an access key and secret during client configuration. These are not API keys in the traditional sense but broker-level credentials. **Q: Can I send delayed messages?** A: Yes—use the *Message Delivery* domain and set delay time via message properties (supported in specific delay levels, e.g., 1s to 2h). **Q: Is there a console or UI for RocketMQ?** A: Apache RocketMQ itself does not include a built-in web console. Some cloud-managed versions (e.g., Alibaba Cloud) offer dashboards, but this skill focuses exclusively on API/SDK usage. ### terraform # Terraform Skill ## 我想做什么 (Common User Intents) - **Deploy cloud infrastructure (compute, network, storage) (Provision cloud infrastructure (compute, network, storage))** — End-to-end deployment of VPCs, ECS instances, and networking → `skills/terraform/intent/terraform-provision-infrastructure/SKILL.md` (3 alternative paths) - **Configure Terraform authentication with cloud provider (Configure Terraform authentication with cloud provider)** — Set up secure AccessKey, RAM roles, or OIDC for API access → `skills/terraform/intent/terraform-manage-authentication/SKILL.md` (3 alternative paths) - **Bring existing cloud resources under Terraform management (Bring existing cloud resources under Terraform management)** — Import manually created resources like ECS or OSS into Terraform state → `skills/terraform/intent/terraform-import-resources/SKILL.md` (2 alternative paths) - **Automate Terraform execution via CI/CD pipelines (Automate Terraform execution via CI/CD pipelines)** — Integrate Terraform with GitLab CI/CD or CMP for automated provisioning → `skills/terraform/intent/terraform-automate-cd/SKILL.md` (2 alternative paths) ## Platform Overview | Capability Domain | Type | Sub Skill | Description | |-------------------|------|-----------|-------------| | Instance Management | guide | terraform-instance | Manage compute instances, clusters, applications (ECS, OpenShift, Flask), and import existing resources via console/UI workflows. | | Instance Management | cli | terraform-instance | Use Terraform CLI commands (`init`, `apply`, `import`, etc.) to manage infrastructure from terminal. | | Network Security | guide | terraform-network | Configure VPCs, load balancers (SLB), Express Connect, CEN, IPsec-VPN, and hybrid cloud networks through UI. | | Infrastructure as Code | guide | terraform-iac | Core Terraform concepts: project setup, state management, modules, variables, CI/CD, and best practices via console. | | Infrastructure as Code | api | terraform-iac | Use Terraform providers and HCL to programmatically manage cloud resources via API/SDK patterns. | | Infrastructure as Code | cli | terraform-iac | Install Terraform locally and use CLI for development, plugin management, and execution. | | Infrastructure as Code | troubleshooting | terraform-iac | Diagnose and resolve common issues: state conflicts, auth failures, syntax errors, drift, and dependency cycles. | | Identity Authentication | api | terraform-auth | Configure secure authentication (AccessKey, RAM roles, STS, OIDC) for Terraform providers via code. | | Identity Management | guide | terraform-identity | Manage AccessKeys, credentials, and least-privilege policies across multi-account environments in console. | | Code Generation | troubleshooting | terraform-codegen | Troubleshoot AI-generated Terraform code from tools like Terraform RDS Copilot (syntax, hallucination, accuracy). | | Security Monitoring | guide | terraform-security | View security posture, compliance reports, vulnerabilities, and remediation recommendations in dashboard. | ## Intent Routing Guide Route user queries based on **intent type** and **keywords**: - **High-level user goals (e.g., "How do I deploy a VPC and ECS?", "Import existing bucket")** → **Intent skills** (recommended starting point) - **API/SDK/code/programming/HCL/REST/provider/resource/data source** → **api** skills - **Console/dashboard/UI/page/wizard/click/settings** → **guide** skills - **Command/CLI/terminal/flag/option/shell/terraform init/apply/plan** → **cli** skills - **Error/troubleshoot/FAQ/diagnose/failure/fix/problem/debug/log** → **troubleshooting** skills Domain-specific routing keywords: - **Instance Management**: deploy, create, manage, configure, setup, initialize, provision, automate, cluster, application, web, ECS, OpenShift, Flask, distributed, account, baseline, import, existing, resources - **Network Security**: VPC, load balancer, SLB, Express Connect, CEN, IPsec, VPN, SD-WAN, hybrid, multicloud, cross-region, branch, connectivity, network, security, architecture, topology, gateway, route, subnet, ACL, firewall - **Infrastructure as Code**: Terraform, IaC, infrastructure, code, best practices, automation, project, initialize, setup, configuration, state, module, variable, output, dependency, lifecycle, versioning, collaboration, CI/CD, pipeline, workflow, debug, Explorer - **Identity Authentication**: authentication, identity, credential, AccessKey, SecretKey, RAM, STS, role, assume role, OIDC, token, signature, security, permission, policy, authorization, provider config, profile, environment variable, credential file, chain, fallback, multi-account, federation - **Identity Management**: AccessKey, credential, rotation, management, multi-account, automation, security, least privilege, RAM, user, group, policy, role, STS, temporary token, secret, vault, key management, audit, compliance, governance, centralized, delegation - **Code Generation**: Copilot, AI, generation, code suggestion, prompt, LLM, RDS, database, template, syntax error, invalid resource, unsupported attribute, model limitation, output format, debug generation, retry, context window, accuracy, hallucination - **Security Monitoring**: security, monitoring, status, compliance, vulnerability, risk, assessment, scan, report, alert, incident, threat, posture, configuration, hardening, benchmark, CIS, audit, log, SIEM, SOC, remediation, recommendation ## General Information ### API / SDK Information - **Authentication**: Use AccessKey pairs, RAM roles, STS tokens, or OIDC federation. Credentials can be provided via environment variables (`ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`), shared credential files, or provider blocks in HCL. - **Providers**: Terraform interacts with cloud services via official or community providers (e.g., `alicloud` provider for Alibaba Cloud). - **State Backend**: Remote state can be stored in Alibaba Cloud OSS with locking via Table Store (OTS). - **HCL Syntax**: Infrastructure is defined in HashiCorp Configuration Language (HCL) using `resource`, `data`, `variable`, and `output` blocks. ### Console / UI Information - **Access**: Log in to the cloud console to navigate Terraform-related services (e.g., Resource Orchestration Service, Security Center, VPC console). - **Workflows**: Use wizards, forms, and dashboards to deploy templates, view security status, manage identities, or monitor infrastructure. - **Terraform Explorer**: A built-in tool for debugging and validating configurations directly in the console. ## Frequently Asked Questions **Q1: When should I use the API/cli vs. the console (guide)?** Use **API/cli** for automation, version-controlled infrastructure, CI/CD integration, and programmatic control. Use the **console/guide** for initial exploration, one-off tasks, visual debugging (Terraform Explorer), or managing security/compliance dashboards. **Q2: How do I authenticate Terraform with Alibaba Cloud?** You can use AccessKey pairs (for development), RAM roles (for ECS instances), or OIDC (for CI/CD). Store credentials securely—avoid hardcoding. See `skills/terraform/api/terraform-auth/SKILL.md` for details. **Q3: What if I get a “state lock” or “drift detected” error?** These are common state issues. Use `terraform refresh` to reconcile drift, and ensure only one process modifies state at a time. For persistent locks, check backend (OSS+OTS) configuration. See troubleshooting skill for resolution steps. **Q4: Can I import resources I created manually into Terraform?** Yes. Use `terraform import` (CLI) or the “Import Existing Resources” guide in the console. Supported for most resource types (ECS, OSS, VPC, etc.). **Q5: Why is my AI-generated Terraform code not working?** AI tools like Copilot may produce syntactically valid but logically incorrect HCL. Validate against provider documentation, check attribute names, and test in non-production environments. See `skills/terraform/troubleshooting/terraform-codegen/SKILL.md`.