diff --git a/README.md b/README.md index ee4e270..6124be8 100644 --- a/README.md +++ b/README.md @@ -44,9 +44,9 @@ By default skills land under the agent's standard directory (`~/.claude/skills/` ### `excloud-cli` -Safe end-to-end control of Excloud resources through the `exc` CLI. Covers compute (create / inspect / resize / restart / terminate, delete protection, exec / scp / console), networking (subnets, public IPv4, security groups and rules/bindings), volumes and snapshots, SSH keys, Kubernetes (clusters, workers, kubeconfig fetch / merge), object storage buckets (bucket lifecycle, object copy/sync/delete/share, access keys, multipart uploads), org secrets (path-addressed encrypted store with versions, audited reveals, value-source flags, reveal output combinators), IAM (accounts, service accounts, API keys, policies), billing, quota, serial console logs, and metrics. +Safe end-to-end control of Excloud resources through the `exc` CLI. Covers compute (create / inspect / resize / restart / terminate, delete protection, exec / scp / console), networking (subnets, public IPv4, security groups and rules/bindings), volumes and snapshots, SSH keys, Kubernetes (clusters, workers, kubeconfig fetch / merge), object storage buckets (bucket lifecycle, object copy/sync/delete/share, access keys, multipart uploads), org secrets (path-addressed encrypted store with versions, audited reveals, value-source flags, reveal output combinators), IAM (accounts, service accounts, API keys, policies), billing details and pre-flight cost estimates, quota, serial console logs, and metrics. -**Use when:** the user asks to plan or run `exc` commands, provision / introspect / tear down VMs, attach a public IP, adjust a security group, pull a kubeconfig, manage buckets or S3 access keys, save / reveal / rotate an org secret, debug a stuck boot via serial logs, or exec / scp against a VM. +**Use when:** the user asks to plan or run `exc` commands, provision / introspect / tear down VMs, estimate VM costs before creation or resizing, attach a public IP, adjust a security group, pull a kubeconfig, manage buckets or S3 access keys, save / reveal / rotate an org secret, debug a stuck boot via serial logs, or exec / scp against a VM. **Key guidance the skill encodes:** diff --git a/skills/excloud-cli/SKILL.md b/skills/excloud-cli/SKILL.md index 5264b0c..b63f86c 100644 --- a/skills/excloud-cli/SKILL.md +++ b/skills/excloud-cli/SKILL.md @@ -63,6 +63,7 @@ The skill does _not_ hard-code IDs, instance type names, image IDs, subnet IDs, - `exc compute subnet list` + `exc compute subnet get --id ` — check `DISABLE_IPV4_PUBLIC_IP`: subnets with this set cannot take `--allocate_public_ipv4=true` at create time. - `exc securitygroup list` + `exc securitygroup rule list --security_group_id ` + `exc securitygroup binding list --security_group_id ` (or `--interface_id `) — confirm what a SG allows and where it's bound before relying on it. - `exc compute publicip list` / `exc compute key list` / `exc compute volume list` / `exc compute snapshot list` — authoritative inventories for each resource type. +- `exc billing estimate --help` + `exc compute instancetype list` — shape a pre-flight monthly cost estimate before creating or scaling VMs. Instance type names and pricing inputs change; verify them rather than hard-coding. - `exc buckets list` / `exc buckets get ` / `exc buckets usage` — authoritative object-storage inventory and quota checks. - `exc buckets objects list [--prefix ] [--all]` — discover keys before copy/delete/share operations. - `exc buckets keys list` and `exc buckets multipart list ` — discover S3 access keys and abandoned multipart uploads before managing them. @@ -381,6 +382,33 @@ On a TTY, `reveal` also prints a stderr note "Revealed version N of secret M (au - `exc policy binding delete --policy_id (--account_id | --service_account_id )` - `exc billing get` / `exc quota` +### Billing estimates + +Use `exc billing estimate` for a read-only pre-flight monthly cost estimate before `compute create`, cluster worker sizing, or any conversation where the user is choosing between VM sizes. Always run `exc billing estimate --help` first; the command is generated and flags may shift. + +Typical shape: + +```bash +exc billing estimate \ + --instance_type \ + --count 1 \ + --root_volume_gib 25 \ + --baseline_iops 3000 \ + --baseline_throughput_mbps 125 \ + --monthly_egress_gib 0 \ + --has_public_ipv4=false +``` + +Notes: + +- `--instance_type` is required; discover valid names with `exc compute instancetype list`. +- `--count`, `--root_volume_gib`, `--baseline_iops`, `--baseline_throughput_mbps`, and `--monthly_egress_gib` are optional numeric inputs. Omitted or zero values let the service apply its defaults where supported; pass explicit values when mirroring a planned `compute create`. +- `--monthly_egress_gib` is a floating-point flag, so decimal values are valid if the installed help shows it. +- `--has_public_ipv4` is boolean; pass `--has_public_ipv4=true` when estimating a public IPv4 allocation. +- The command uses the default zone from CLI config; there is normally no user-facing `--zone_id` flag in the generated command. +- Output is a human-readable cost table with component rows (`Instance`, optional `Storage`, optional `Network`) and `TOTAL` / hourly summary rows. It is for display and comparison, not JSON scripting. +- If the service has no price data for an instance type, the command prints `No pricing data found for instance type: `. + ## Config and misc - `exc me` / `exc version` / `exc completion ` @@ -391,7 +419,7 @@ On a TTY, `reveal` also prints a stderr note "Revealed version N of secret M (au Every command either prints a column table (or TSV) or prints JSON — no command should print raw Go-struct dumps anymore. Both shapes are machine-parseable; pick your tool accordingly. -- **Column tables / TSV** (awk / `cut` / `awk -F\t` friendly): `compute list`, `compute get`, `compute create`, `compute terminate` (TSV `vm_id\tstate`), `compute instancetype list` / `capacity`, `compute image list`, `compute subnet list`, `compute volume list`, `compute volume get`, `compute snapshot list`, `compute publicip list`, `compute key list`, `securitygroup list` / `rule list` / `binding list`, `org list`, `account list`, `apikey list`, `policy list`, `config list`, `compute seriallogs`, `buckets list`, `buckets ls`, `buckets objects list`, `buckets keys list`, `buckets multipart list`. +- **Column tables / TSV** (awk / `cut` / `awk -F\t` friendly): `compute list`, `compute get`, `compute create`, `compute terminate` (TSV `vm_id\tstate`), `compute instancetype list` / `capacity`, `compute image list`, `compute subnet list`, `compute volume list`, `compute volume get`, `compute snapshot list`, `compute publicip list`, `compute key list`, `securitygroup list` / `rule list` / `binding list`, `org list`, `account list`, `apikey list`, `policy list`, `billing estimate`, `config list`, `compute seriallogs`, `buckets list`, `buckets ls`, `buckets objects list`, `buckets keys list`, `buckets multipart list`. - **JSON** (pipe through `jq`): `me`, `quota`, `billing get`, `compute health` (`{"raw":"OK"}`), `k8s health`, `compute subnet get`, `compute publicip get`, `compute key get`, `securitygroup get`, `compute metrics`, `compute connect`, `serviceaccount list`, `compute protect`, `compute unprotect`, `compute rename`, `k8s cluster kubeconfig get` (raw kubeconfig YAML, not JSON-wrapped), `buckets get`, `buckets usage`, `buckets keys create`, multipart create/uploadpart/complete/abort, and the inline `kubeconfig` field inside the JSON response from `k8s cluster create` when `-o` is not set. Many bucket list/delete commands have explicit `--json`; use it for scripts instead of scraping tables. `buckets objects presign` intentionally prints only the URL so it can be piped to tools like `pbcopy`.