EXTENSIONS

Google Cloud admin infrastructure models

Non-destructive PostgreSQL administration over a direct TCP connection (node-postgres). Read/audit of databases, roles, permissions, tables, connections, and extensions; plus data-safe admin DDL — create database/role, grant/revoke, rotate passwords, and an idempotent app_provision composite. Never reads or writes table rows; never DROP/TRUNCATE; no arbitrary-SQL passthrough.

Careful, non-destructive administration of a Zitadel instance over its Management API (v1 REST), authenticated with a JWT private-key service account. Read/audit of orgs, projects, applications, users and managers; idempotent provisioning of OIDC/API applications and machine (service) users; project-role and user-grant authorization (roles, grants, and the role-assertion flag that surfaces roles in tokens); rotation of client secrets, PATs, machine keys and secrets; and reversible deactivate/reactivate. Machine identities only. The only hard delete is a single, verify-first project-role removal (roles have no deactivate state); secrets are emitted once and marked sensitive.

Careful administration of a Woodpecker CI server over its REST API, authenticated with a personal access token. Onboard and configure repositories (enable, mark trusted, set timeout/visibility/approval), promote shared CI credentials to org- or repo-scoped secrets idempotently, inspect recent pipelines, and trigger runs. Mutations are additive or reversible (disable/secret-delete undo by re-running enable/set); secret values are write-only — supplied via a vault reference, sent once, and never read back or emitted.

Full igor2 cluster-manager control via the REST API, split into five models: reservations (the reservation lifecycle), hosts (power, inventory, administration, host policies), boot (distros, profiles, images, kickstarts), identity (users, groups, privilege elevation), and server (clusters/MOTD, sync, stats, config, auth-reset, dashboard).