| #!/usr/bin/env zsh | |
| # extract_key — pull a single key from a JSON-producing command | |
| # | |
| # Generic pattern: run any command that outputs JSON, extract one key via jq. | |
| # The last argument is always the key; everything before it becomes the command arguments. | |
| # | |
| # Usage: | |
| # extract_key <command> [args...] <json_key> | |
| # | |
| # Examples: |
| #!/usr/bin/env python3 | |
| """ | |
| Claude Code PostToolUse hook: log Bash commands to atuin + wakatime. | |
| Every command Claude runs via the Bash tool gets: | |
| - Recorded in atuin so it appears in your shell history (`atuin history list`) | |
| - Sent to WakaTime as a heartbeat so AI-assisted coding shows up in your dashboard | |
| Fire-and-forget — never blocks Claude on logging failures. |
| #!/usr/bin/env bash | |
| # jira-status — structured JSON status reader for go-jira | |
| # | |
| # Returns a clean JSON object with key ticket fields instead of | |
| # parsing go-jira's freeform text output. Ideal for scripting | |
| # and AI agent consumption. | |
| # | |
| # Usage: | |
| # jira-status NA-393 | |
| # jira-status NA-393 | jq -r .status |
| #!/usr/bin/env bash | |
| # jira-comment — pipe-safe comment wrapper for go-jira | |
| # | |
| # Accepts comment body via stdin so you never need to shell-escape | |
| # quotes, backticks, URLs, or Atlassian [~accountid:] mentions. | |
| # | |
| # Usage: | |
| # echo "looks good, merging" | jira-comment NA-393 | |
| # jira-comment NA-393 <<'EOF' | |
| # Multi-line comment with "quotes" and `backticks` |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| # kwhy: explain object lineage, writers, likely reconcilers, inputs, and revert risk. | |
| # MVP: kubectl + jq only, no cluster-side components required. | |
| usage() { | |
| cat <<'EOF' | |
| Usage: | |
| kwhy explain <kind> <name> -n <namespace> [--context <ctx>] [--format text|json] |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| # kubeflow-rbac-smoke.sh — RBAC smoke checks via kubectl auth can-i | |
| # | |
| # Usage: | |
| # ./kubeflow-rbac-smoke.sh <kube-context> | |
| # ./kubeflow-rbac-smoke.sh mlinfra-prod | |
| # ./kubeflow-rbac-smoke.sh mlinfra-29 | |
| # |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| # kubeflow-version-snapshot.sh — quick Kubeflow/KFP runtime version inventory | |
| # | |
| # Usage: | |
| # ./kubeflow-version-snapshot.sh <kube-context> [namespace] | |
| # ./kubeflow-version-snapshot.sh mlinfra-prod kubeflow | |
| # ./kubeflow-version-snapshot.sh mlinfra-29 kubeflow | |
| # |
Date: February 27, 2026
Clusters: mlinfra-prod, mlinfra-29
Three things broke, all fixed now. Both clusters are stable.
workflow-controller and kserve-controller-manager were in CrashLoopBackOff on prod.
| #!/usr/bin/env bash | |
| # dns-parity.sh — compare Route53 and Cloudflare zones side by side | |
| # Usage: R53_ZONE_ID=Z0XXX CFLARE_ZONE_ID=xxx CFLARE_API_TOKEN=xxx ./dns-parity.sh | |
| set -euo pipefail | |
| r53=$(aws route53 list-resource-record-sets \ | |
| --hosted-zone-id "$R53_ZONE_ID" --output json) | |
| cflare=$(curl -s -H "Authorization: Bearer $CFLARE_API_TOKEN" \ |
| # ============================================================================ | |
| # WorkSpaces Monitoring Bootstrap — UAC Elevation Wrapper | |
| # ============================================================================ | |
| # | |
| # This script solves the UAC split token problem for AD logon scripts. | |
| # | |
| # THE PROBLEM: | |
| # Even when a WorkSpaces user is in the Domain Admins group, Windows gives | |
| # them a "filtered" (non-elevated) token at logon. Installing services, | |
| # writing to Program Files, and registering SSM agents all need an |