Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From disconnected-readiness-scorer
Score a repository's readiness for disconnected / air-gapped OpenShift deployments. Scans for image manifest completeness, digest enforcement, runtime egress, and Python dependency validation. Use when asked to check disconnected readiness, air-gap compliance, or image mirroring coverage for an RHOAI component repo.
How this skill is triggered — by the user, by Claude, or both
Slash command
/disconnected-readiness-scorer:disconnected-scoreThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Score a repository's readiness for deployment in disconnected / air-gapped OpenShift environments.
Score a repository's readiness for deployment in disconnected / air-gapped OpenShift environments.
Scans a repository for common patterns that break disconnected deployments:
RELATED_IMAGE_* env vars (used by the opendatahub-operator) and static CSV relatedImages lists.RELATED_IMAGE_* env vars across 18 components). This is the source of truth for what images must be mirrorable.@sha256: digests, not mutable tags.All rules exclude test files (*_test.go, test/, testdata/), CI config (.github/, .tekton/), and linting rules (semgrep.yaml) from blocker-level findings.
make install-arch-analyzer in the repo root)The scorer uses arch-analyzer to extract production code scope and kustomize overlay mappings. This replaces fragile Dockerfile parsing and provides accurate production vs non-production file classification.
claude plugin install disconnected-readiness-scorer@opendatahub-skills
Then from the root of any RHOAI component repo:
/disconnected-score
--rules all (default) — run all rules--rules csv,tags — run only specified rules--fix — attempt auto-remediation for supported rules (e.g., replace image tags with digests)--report markdown — output a markdown report (default)--report json — output machine-readable JSONDisconnected Readiness Score: NOT READY
FAIL image-manifest-complete 2 blocker(s)
PASS no-image-tags All checks passed
PASS no-runtime-egress All checks passed
PASS python-imports-bundled All checks passed
Blockers: 2 | Passed: 3
| Score | Meaning |
|---|---|
| READY | All rules pass — no blocker findings |
| NOT READY | One or more blocker-level findings |
Parses Dockerfiles, Helm charts, kustomize overlays, Go/Python source, and YAML manifests for container image references. Compares against:
spec.relatedImages in the ClusterServiceVersion (CSV)Any image found in code but missing from both lists is a blocker.
Scans all image references for tag-based refs (:latest, :v1.2.3). Tags cannot be reliably mirrored — only digest refs (@sha256:...) are guaranteed to resolve in a disconnected registry.
Production manifests with tags: blocker. Test/dev manifests with tags: warning.
Scans Go, Python, and TypeScript source for patterns indicating outbound network calls:
http.Get, http.Post, http.NewRequest, net.Dialrequests.get, urllib.request, httpx, aiohttpfetch(, axios, http.requestcurl, wget in scripts executed at runtimeBuild-time usage (Dockerfiles, Makefiles, CI scripts) is excluded. Runtime usage where the URL is configurable/mirrorable is info; hardcoded external URLs are a blocker.
For Python projects, checks:
requirements.txt, setup.py, pyproject.toml for packages not in the known-mirrors catalogpip install or subprocess calls that fetch from PyPI/GitHubgit+https:// dependencies in any requirements fileUnbundled runtime dependencies: blocker. Unbundled dev/test dependencies: warning.
config/config.yaml)Exception rules applied to all scanned repos.
exceptions:
- rule: "*"
paths:
- "**/test/**"
reason: "Test directory — not deployed in production"
- rule: no-runtime-egress
repo: opendatahub-io/odh-dashboard
paths:
- "frontend/src/utilities/fetch.ts"
reason: "Uses cluster-internal API proxy, not external egress"
- rule: "*"
images:
- "*/REPLACE_IMAGE:*"
- "*:replace"
reason: "Kustomize/template placeholder images"
.disconnected-readiness/config.yaml)Optional config in the target repo for repo-specific exclusions.
exceptions:
- rule: no-runtime-egress
paths:
- "internal/client.go"
reason: "Calls cluster-internal Kubernetes API"
Offers UI/UX design guidance for web and mobile with 50+ styles, 161 color palettes, 57 font pairings, and 99 UX guidelines across 10 stacks. Use for designing pages, components, color systems, or reviewing UI code.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.
npx claudepluginhub opendatahub-io/skills-registry --plugin disconnected-readiness-scorer