Agent-Skills.md

Agent Skills: Adobe Production Checklist

|

UncategorizedID: jeremylongshore/claude-code-plugins-plus-skills/adobe-prod-checklist

Repository

jeremylongshore/claude-code-plugins-plus-skills
jeremylongshoreLicense: NOASSERTION
1,723221

Install this agent skill to your local

pnpm dlx add-skill https://github.com/jeremylongshore/claude-code-plugins-plus-skills/tree/HEAD/plugins/saas-packs/adobe-pack/skills/adobe-prod-checklist

Skill Files

Browse the full folder contents for adobe-prod-checklist.

Download Skill

Loading file tree…

plugins/saas-packs/adobe-pack/skills/adobe-prod-checklist/SKILL.md

Skill Metadata

Name
adobe-prod-checklist
Description
'Execute Adobe production deployment checklist covering credential management,

Adobe Production Checklist

Overview

Complete checklist for deploying Adobe API integrations to production, covering credential security, health monitoring, graceful degradation, and rollback procedures.

Prerequisites

  • Staging environment tested and verified
  • Production OAuth credentials created in Developer Console
  • Deployment pipeline with secret injection
  • Monitoring and alerting infrastructure ready

Instructions

Pre-Deployment: Credentials & Configuration

  • [ ] Production OAuth Server-to-Server credentials created (separate from staging)
  • [ ] ADOBE_CLIENT_ID and ADOBE_CLIENT_SECRET stored in secret manager (not env files)
  • [ ] Scopes are minimal: only APIs actually used in production
  • [ ] Token caching implemented (avoid re-generating per request)
  • [ ] I/O Events webhook endpoints use HTTPS with valid TLS cert
  • [ ] Webhook challenge response handler implemented (for registration)

Pre-Deployment: Code Quality

  • [ ] All tests passing (npm test)
  • [ ] No hardcoded credentials (grep for p8_ prefix patterns)
  • [ ] Error handling covers: 401, 403, 429, 500, 503
  • [ ] Rate limiting/backoff with Retry-After header support
  • [ ] Webhook signature verification using RSA-SHA256
  • [ ] Logging redacts credentials and PII
  • [ ] API response validation (Zod or equivalent)

Pre-Deployment: Infrastructure

  • [ ] Health check endpoint verifies Adobe IMS token generation:
// api/health.ts
export async function adobeHealthCheck() {
  const start = Date.now();
  try {
    // Test token generation (validates credentials are still valid)
    const token = await getAccessToken();
    return {
      status: 'healthy',
      latencyMs: Date.now() - start,
      tokenValid: !!token,
    };
  } catch (error: any) {
    return {
      status: 'unhealthy',
      latencyMs: Date.now() - start,
      error: error.message,
    };
  }
}
  • [ ] Circuit breaker configured for Adobe API calls
  • [ ] Graceful degradation: app works (degraded) if Adobe is down
  • [ ] PDF Services monthly quota tracking (if on free tier)

Deploy: Gradual Rollout

# 1. Pre-flight checks
curl -sf https://staging.example.com/health | jq '.services.adobe'
curl -s https://status.adobe.com | head -5

# 2. Verify production credentials work
curl -s -o /dev/null -w "%{http_code}" -X POST \
  'https://ims-na1.adobelogin.com/ims/token/v3' \
  -d "client_id=${ADOBE_CLIENT_ID}&client_secret=${ADOBE_CLIENT_SECRET}&grant_type=client_credentials&scope=${ADOBE_SCOPES}"
# Expected: 200

# 3. Deploy canary (10%)
kubectl set image deployment/app app=image:new-version
kubectl rollout pause deployment/app

# 4. Monitor for 10 minutes — check error rates
# Watch for 401 (credential issues), 429 (rate limits), 500 (server errors)

# 5. If healthy, complete rollout
kubectl rollout resume deployment/app
kubectl rollout status deployment/app

Post-Deployment Verification

  • [ ] Health check endpoint returns healthy for Adobe
  • [ ] Test a real API call (e.g., Firefly image generation, PDF extraction)
  • [ ] Webhook delivery confirmed (check I/O Events dashboard)
  • [ ] Error rate baseline established in monitoring
  • [ ] On-call team has adobe-incident-runbook accessible

Rollback Procedure

# Immediate rollback
kubectl rollout undo deployment/app
kubectl rollout status deployment/app

# Verify old version is healthy
curl -sf https://production.example.com/health | jq '.services.adobe'

Alert Configuration

| Alert | Condition | Severity | |-------|-----------|----------| | Adobe Auth Failure | Any 401 errors | P1 — credential issue | | Adobe Rate Limited | 429 errors > 5/min | P2 — reduce throughput | | Adobe API Down | 503 errors > 10/min | P2 — enable fallback | | Adobe High Latency | p99 > 10s | P3 — investigate | | PDF Quota Low | < 50 transactions remaining | P3 — upgrade or throttle |

Error Handling

| Issue | Cause | Solution | |-------|-------|----------| | 401 after deploy | Wrong credentials for environment | Verify secret manager path | | 429 spike | Traffic increase from new feature | Add rate limiting queue | | Health check flapping | Token caching not working | Check cache TTL logic | | Webhook delivery stopped | Challenge response broken | Test webhook registration |

Resources

Next Steps

For version upgrades, see adobe-upgrade-migration.