sidereal-bastion
Advanced security operations and fleet management for Sidereal. Monitor credential expiry before keys lapse, detect TCC permission drift, audit network exposure and fleet trust boundaries. Coordinate rolling upgrades across your fleet, forecast capacity constraints, and verify backup freshness — all with structured vault reports and ntfy alerting.
Skill Categories
Required Services
Data Transparency
Content
Agents 2
secops-operatoroperatorfleet-operatoroperatorSkills 9
credential-expiry-watchScan credentials and API keys for approaching expirytcc-drift-monitorDetect TCC privacy grant changes since last snapshotnetwork-exposure-scanAudit listening ports, firewall rules, and Tailscale ACLsfleet-trust-auditVerify fleet peer bearer tokens and enrollment markersdispatch-analyticsAggregate dispatch metrics across the fleetupgrade-coordinatorOrchestrate rolling self-upgrade across fleet peerscapacity-forecastTrack resource usage and project capacity constraintsmcp-lifecycleDetect unused or unhealthy MCP serversbackup-verificationVerify vault sync, snapshot, and config backup freshnessWorkflows 2
security-sweepFull security posture review — credentials, TCC, network, fleet trustfleet-healthComplete platform status — MCP lifecycle, capacity, backups, dispatch metricsScenarios
Both use vault. Obsidian vault operations via Swift MCP — read, write, search, properties, graph analysis, lens semantic tools.
Both use vault. Turnkey edge networking for Sidereal — expose services via Cloudflare Tunnels, manage DNS records, provision KV and D1 storage, and monitor tunnel health.
Both use vault. Daily and weekly productivity automation — morning digest, email triage, inbox processing, flagged email actions, effort tracking, and weekly review.
This pack covers report, review, sync. Fork it in the Forge to add skills for your specific workflow.
Install
sidereal install sidereal-bastion Requires Sidereal Pro