Skills Status
Current live URLs, shipped work, inventory data, AWS runtime state, and operational gaps.
Skills Status
Last updated: 2026-05-28 14:40 EDT
This is the SDMCC source of truth for what has been shipped for Skills, what is deployed, and what still needs operational attention. Current operating scope is development hosting at the SDMCC development Skills hostname with collector and recommendation schedules enabled after approved Azure DevOps PAT secret installation.
Live Links
| Environment | URL | AWS account | Current purpose |
|---|---|---|---|
| Local development | http://127.0.0.1:4173/site/ | Local machine | Run the Skills app, generated skill inventory, and fixture-backed analytics. |
| Development | https://skills.niaidcivics-dev.org/ | SDMCC development | Hosted Skills library, Cognito-protected analytics dashboard, and review scaffold. |
| Production | Reserved: https://skills.niaidcivics.org/ | SDMCC production | Not deployed until the team explicitly approves production hosting. |
Shipped Work
| Date | Change | Evidence |
|---|---|---|
| 2026-05-28 | Fixed hosted analytics hard-refresh behavior by deploying revalidating cache headers for browser entrypoint assets and bumping the analytics module URL. | PR 11408 merged to main at commit f5cc550 after node --test scripts/skills-hosted-surface.test.mjs, npm run site:check with 110 tests plus infra/Lambda/docs/fixture/inventory checks, and local Browser QA showing analytics.js?v=analytics-cache-v2, a working 30d range interaction, and no console warnings/errors. Development deploy completed with AWS_PROFILE=SDMCC-DEV-New AWS_REGION=us-east-1. Hosted headers for /analytics.html, /analytics.js?v=analytics-cache-v2, and /skills-config.js all returned Cache-Control: no-cache, max-age=0, must-revalidate with expected content types, and hosted /analytics.html references analytics.js?v=analytics-cache-v2. Protected API Gateway still returned expected unauthenticated 401; direct dashboard Lambda verification with a ScrumLead claim returned the live combined payload from DynamoDB with 8 PBIs, 36 tasks, 3.85M tokens, 44 work items, 6 recommendations, and Collector healthy; 1 parse warning. CloudFront invalidation IJ2JG6TUSS48HBRTPRJYQTNBT completed. |
| 2026-05-28 | Improved hosted analytics dashboard load reliability with a combined dashboard API payload, stale-request cancellation, visible loading state, clearer collector parse-warning text, and an exact API Gateway route for GET /v1/dashboard. | PR 11377 merged to main at commit 2ba76f7; follow-up API Gateway route PR 11379 merged to main at commit 68b17c8. Both PRs used the approved "ship it" reviewer-policy bypass after validation. npm run site:check passed with 109 tests plus infra, Lambda, docs, fixture, and inventory checks. Browser QA on local analytics passed at desktop and 390x844 mobile viewports with no console warnings/errors; refresh worked and the Sprint range stayed populated. Development deploy completed with AWS_PROFILE=SDMCC-DEV-New AWS_REGION=us-east-1; CloudFormation stack skills-sdmcc-dev reached UPDATE_COMPLETE. Hosted smoke checks returned 200 for /, /analytics.html, and /data/skills.json; protected /v1/dashboard/summary returned expected unauthenticated 401; protected /v1/dashboard?range=7d returned expected unauthenticated 401 after PR 11379 instead of the prior gateway 404; API Gateway routes include GET /v1/dashboard with JWT auth. Direct dashboard Lambda verification with an Admin claim returned the combined live payload with 8 PBIs, 36 tasks, 44 work items, 6 recommendations, and Collector healthy; 1 parse warning. CloudFront invalidation IEGQS7TKFRLMX7OIZ38EFV7FQY completed. |
| 2026-05-28 | Upgraded the development Skills Lambda runtime from deprecated nodejs20.x to nodejs24.x. | PR 11374 merged to main at commit d47363f. scripts/deploy-skills-aws.sh completed with AWS_PROFILE=SDMCC-DEV-New AWS_REGION=us-east-1 and CloudFormation stack skills-sdmcc-dev reached UPDATE_COMPLETE at 2026-05-28 08:56 EDT. Deployed dashboard, collector, and recommendation Lambda configurations all reported Runtime=nodejs24.x, State=Active, and LastUpdateStatus=Successful. Deploy validation ran npm run site:check with 107 passing tests plus infra, Lambda, docs, fixture, and inventory checks. Hosted smoke checks returned 200 for /, /analytics.html, and /data/skills.json, protected API summary returned expected unauthenticated 401, the CloudFront distribution domain returned 301 to skills.niaidcivics-dev.org, and invalidation I7X89NTM0KH8UASI4MJMGAAGXJ completed. |
| 2026-05-26 | Recovered legacy token estimates from plain Azure Boards comments in the collector and refreshed development analytics. | npm run site:check passed with 102 tests plus infra, Lambda, docs, fixture, and inventory checks. Development deploy refreshed Lambda code and static site with CollectorScheduleExpression=rate(12 hours). Safe secret readiness check returned non-placeholder. A May 1 backfill collector invocation for project SDMCC scanned 585 work items and 272 comments, extracted 48 metadata blocks, accepted 47, rejected 1, and wrote 47 normalized records. Manual recommendations regenerated 3 recommendations. Dashboard API verification returned 33 work-item rows and confirmed existing SDMCC comments still have 0 recoverable token estimates after backfill, so SDMCC token totals remain 0 until future skill metadata includes counters. |
| 2026-05-26 | Expanded the analytics work-item explorer so each row can reveal the safe parsed metadata and full per-work-item event history captured from Azure Boards comments. | node --test scripts/dashboard-api-lib.test.mjs scripts/dashboard-store-adapters.test.mjs passed, and node scripts/run-dashboard-api-fixture.mjs /v1/dashboard/work-items returned row-level metadata and events while excluding raw comment bodies. Live DynamoDB inspection found all 47 development analytics event records omit usable token count fields, so the dashboard labels token counts as not captured until future metadata includes counters. |
| 2026-05-26 | Enabled SDMCC development real-data analytics collection after the Azure DevOps PAT secret was replaced with an approved non-placeholder secret. | CloudFormation update completed for skills-sdmcc-dev using the previous deployed template and artifacts with CollectorScheduleState=ENABLED, CollectorScheduleExpression=rate(12 hours), and RecommendationScheduleState=ENABLED. Safe secret readiness check returned non-placeholder. Manual collector invocation completed for project SDMCC: scanned 401 work items and 234 comments, extracted 48 metadata blocks, accepted 47, rejected 1, wrote 47 normalized DynamoDB event records, archived 47 normalized records, and wrote a collector-run health item. Manual recommendation invocation generated and wrote 3 recommendations from 47 records. DynamoDB verification returned 47 analytics events and 3 recommendation records. Dashboard API Lambda verification with an Admin claim returned 7 PBIs, 26 tasks, and the latest collector-run metadata. |
| 2026-05-24 | Restored the SDMCC development Skills custom hostname after the stack had been updated with DashboardDomainName and DashboardHostedZoneId empty, which removed the Route 53 alias records. | CloudFormation update completed for skills-sdmcc-dev using existing Lambda artifact keys and keeping collector/recommendation schedules disabled. Stack outputs again include DashboardCustomDomainName=skills.niaidcivics-dev.org and DashboardUrl=https://skills.niaidcivics-dev.org/. Route 53 has A and AAAA aliases for skills.niaidcivics-dev.org to d1hdhjhfo3ya9k.cloudfront.net; authoritative AWS nameservers and public resolvers returned CloudFront addresses. HTTPS smoke checks returned 200 for / and /analytics.html, loaded data/skills.json with 5 skills, and the CloudFront distribution domain returned 301 to the custom hostname. |
| 2026-05-22 | Moved the SDMCC development Skills dashboard behind the meaningful hostname skills.niaidcivics-dev.org; direct CloudFront distribution-domain requests now redirect to that hostname. | scripts/deploy-skills-aws.sh completed with AWS_PROFILE=SDMCC-DEV-New AWS_REGION=us-east-1 STACK_NAME=skills-sdmcc-dev ENVIRONMENT_NAME=skills-sdmcc. Stack outputs include DashboardCustomDomainName=skills.niaidcivics-dev.org and DashboardUrl=https://skills.niaidcivics-dev.org/. Smoke checks returned 200 for / and /analytics.html, loaded data/skills.json with 5 skills, redirected https://d1hdhjhfo3ya9k.cloudfront.net/index.html?host-check=1 with 301, and protected API routes returned 401 without a Cognito token. |
| 2026-05-21 | Deployed the SDMCC development Skills stack skills-sdmcc-dev with the hosted static site, Cognito auth, API Gateway, DynamoDB, S3 archive, dashboard/collector/recommendation Lambdas, and CloudFront distribution. Collector and recommendation schedules remain disabled because the deployment used the scaffold placeholder PAT secret. | PR 11291 merged to main. scripts/deploy-skills-aws.sh completed with AWS_PROFILE=SDMCC-DEV-New AWS_REGION=us-east-1. Hosted smoke checks returned 200 for / and /analytics.html, loaded data/skills.json with 5 skills, and protected API routes returned 401 without a Cognito token. |
| 2026-05-21 | Ported the shared Skills platform parity set into SDMCC: hosted/local web app, generated docs and inventory, PBI analytics contract, collector/dashboard/recommendation handlers, AWS infrastructure scaffold, skill submission and feedback APIs, and four additional experimental workflow skills. | npm run site:check passed locally. npm run analytics:azure-source -- --check-config confirmed live Azure source env values are not configured yet. |
Inventory Data
The repository publishes these skills:
| Skill | Status | Source |
|---|---|---|
| Azure DevOps PBI | Production Ready | skills/azure-devops-pbi/ |
| Meeting To Backlog Brief | Experimental | skills/meeting-to-backlog-brief/ |
| QA Test Plan Builder | Experimental | skills/qa-test-plan-builder/ |
| Release Readiness Review | Experimental | skills/release-readiness-review/ |
| Skill Review Readiness | Experimental | skills/skill-review-readiness/ |
site/data/skills.json is generated from real repository skill folders. It is safe for the public library because it contains published skill metadata, not secret values or private work-item exports.
AWS Runtime State
| Environment | Dashboard URL | API URL | Lambda runtime | Collector schedule | Recommendation schedule | Azure DevOps PAT readiness |
|---|---|---|---|---|---|---|
| Development | https://skills.niaidcivics-dev.org/ | https://omfvlnfxkl.execute-api.us-east-1.amazonaws.com | nodejs24.x | Enabled, rate(12 hours) | Enabled, rate(1 day) | Secret exists and is not the scaffold placeholder. |
| Production | Not deployed | Not deployed | Not deployed | Disabled | Disabled | Not configured. |
Do not print or commit secret values. Secret readiness must be checked only by comparing safe metadata and placeholder shape.
Latest Real-Data Check
| Date | Environment | Result |
|---|---|---|
| 2026-05-28 08:58 EDT | Development collector | Post-runtime-upgrade manual collector invocation completed against Azure Boards project SDMCC; scanned 438 work items, scanned 263 comments, extracted 60 metadata blocks, accepted 59 blocks, rejected 1 block, wrote 59 normalized records, archived 59 normalized records, and wrote collector-run health. |
| 2026-05-28 08:59 EDT | Development recommendations | Completed from 59 normalized records across 44 work items and wrote 3 deterministic recommendations; token availability was 1 available and 58 unavailable with 3,849,845 total captured tokens from available records. |
| 2026-05-26 20:32 EDT | Development collector | May 1 backfill completed against Azure Boards project SDMCC; scanned 585 work items, scanned 272 comments, extracted 48 metadata blocks, accepted 47 blocks, rejected 1 block, wrote 47 normalized records, archived 47 normalized records, and wrote collector-run health. |
| 2026-05-26 20:33 EDT | Development recommendations | Completed from 47 normalized records across 33 work items and wrote 3 deterministic recommendations; token availability remains 0 available and 47 unavailable because no recoverable token estimates were present in stored SDMCC comments. |
| 2026-05-26 15:11 EDT | Development collector | Completed against Azure Boards project SDMCC; scanned 401 work items, scanned 234 comments, extracted 48 metadata blocks, accepted 47 blocks, rejected 1 block, wrote 47 normalized records, archived 47 normalized records, and wrote collector-run health. |
| 2026-05-26 15:12 EDT | Development recommendations | Completed from 47 normalized records across 33 work items and wrote 3 deterministic recommendations. |
Remaining Operational Gaps
| Gap | Disposition |
|---|---|
| Development AWS account and operator profile | Development deploy completed with SDMCC-DEV-New. |
| Public dashboard hostname and Route 53 hosted zone | Development configured at skills.niaidcivics-dev.org in the niaidcivics-dev.org public hosted zone. Production is reserved as skills.niaidcivics.org but not deployed. |
| Azure DevOps PAT secret | Configured in SDMCC development Secrets Manager and confirmed non-placeholder on 2026-05-26. Never commit or print the PAT. |
| Dashboard user authorization | Brian's development Cognito user is confirmed, email-verified, and assigned to the Admin group as of 2026-05-26. Users must sign out and back in after role changes so Cognito issues a token containing the new group claim. |
| First hosted deploy and smoke check | Completed for development on 2026-05-21. Full Cognito sign-in was not exercised; protected routes were checked for expected unauthenticated 401 responses. |
| First manual collector and recommendation run | Completed for development on 2026-05-26; safe collector and recommendation counts are recorded above. |
| Hosted user administration | Assign Cognito users to the appropriate Skills groups before expecting protected APIs to authorize them. |
| Hosted submission notification email | Configure SES sender/recipient only after the team chooses the review mailbox. |
Update Discipline
Update this file in the same PR whenever Skills auth, inventory, data collection, admin controls, hostnames, or deployment state changes. Include exact dates, environment names, and verification commands or PR numbers so the next agent does not have to reconstruct history from chat.