Glob patterns to check:
  **/*.tf                    # Terraform infrastructure
  **/*.yaml, **/*.yml        # Kubernetes manifests, CI/CD configs, docker-compose
  **/Dockerfile*             # Container definitions
  **/docker-compose*         # Multi-container orchestration
  **/*.toml                  # Rust/Python config files
  **/package.json            # Node.js projects
  **/go.mod                  # Go projects
  **/requirements.txt        # Python projects
  **/Cargo.toml              # Rust projects
  **/pom.xml                 # Java/Maven projects
  **/build.gradle*           # Java/Gradle projects
  **/Gemfile                 # Ruby projects
  **/.github/workflows/*     # GitHub Actions CI/CD
  **/.gitlab-ci.yml          # GitLab CI/CD
  **/Jenkinsfile             # Jenkins pipelines
  **/Makefile                # Build automation
  **/Procfile                # Heroku-style process definitions
  **/serverless.yml          # Serverless Framework
  **/sam-template.yaml       # AWS SAM
  **/cdk.json                # AWS CDK
  **/pulumi.*                # Pulumi infrastructure
  **/ansible/**              # Ansible playbooks
  **/helm/**                 # Helm charts
  **/.env.example            # Environment variable templates

Patterns to search for:
  "healthcheck|health_check|health-check"    # Health endpoints
  "readiness|liveness|startup"               # Kubernetes probes
  "metric|prometheus|statsd|datadog"         # Metrics instrumentation
  "sentry|bugsnag|rollbar|error.track"       # Error tracking
  "redis|memcache|cache"                     # Caching layers
  "queue|worker|job|sidekiq|celery|bull"     # Background job processing
  "migrate|migration"                        # Database migrations
  "rollback|revert"                          # Rollback mechanisms
  "scale|autoscal|replica"                   # Scaling configuration
  "backup|snapshot|dump"                     # Backup procedures
  "ssl|tls|cert|certificate"                # TLS/certificate management
  "cron|schedule|periodic"                   # Scheduled tasks
  "rate.limit|throttle"                      # Rate limiting
  "circuit.break|retry|timeout"             # Resilience patterns
  "log.level|LOG_LEVEL|debug|verbose"       # Log level configuration
  "feature.flag|toggle|flipper|launchdarkly" # Feature flags
  "cdn|cloudfront|fastly|cloudflare"        # CDN configuration
  "dns|route53|domain"                       # DNS management
  "secret|vault|ssm|kms"                    # Secrets management
  "alert|alarm|notification|pagerduty"      # Alerting rules

# [System Name] Operational Runbook

**Last Updated**: [date]
**Maintained By**: [team/owner from codebase]
**On-Call Rotation**: [link or description if found]
**Escalation Contact**: [if found in config]

---

## Table of Contents

[Auto-generated TOC with all sections]

---

## 1. System Overview

### 1.1 Purpose
[What this system does, derived from README and code analysis]

### 1.2 Architecture Diagram
[ASCII or Mermaid diagram showing components and data flow]

### 1.3 Service Inventory
| Service | Language/Runtime | Port | Purpose |
|---------|-----------------|------|---------|
[Populated from discovery]

### 1.4 Dependencies
#### Internal Dependencies
[Other internal services this system depends on]

#### External Dependencies
[Third-party services, APIs, databases]

### 1.5 Data Flow
[How data moves through the system, request lifecycle]

### 1.6 Environment Matrix
| Environment | URL/Endpoint | Cluster/Region | Notes |
|-------------|-------------|----------------|-------|
[Populated from config files]

---

## 2. Access and Authentication

### 2.1 Required Access
[Cloud provider accounts, VPN, SSH keys, kubectl contexts]

### 2.2 Service Accounts
[Service account details found in config]

### 2.3 Secrets Management
[How secrets are stored and rotated -- Vault, AWS SSM, etc.]

### 2.4 Common Access Commands
[kubectl config, AWS profile switching, VPN connection]

---

## 3. Common Operations

### 3.1 Deployment

#### Standard Deployment
```bash
# Step-by-step deployment commands derived from CI/CD config

# Emergency deployment bypassing normal gates

# Commands to trigger automated rollback

# Step-by-step manual rollback procedure

# How to revert database migrations

# Commands to scale service instances

# Commands for graceful restart with zero downtime

# Commands for forced restart when graceful fails

# Migration commands

# Check active connections, kill stuck queries

# How to switch to read-only if needed

# Commands to flush cache safely

# Commands to warm cache after flush

# Commands to tail/search logs per service

# How to change log levels at runtime

# Hot-reload config without restart if supported

Subject: [P1/P2] [Service] - [Brief Description]
Status: Investigating / Identified / Monitoring / Resolved
Impact: [User-facing impact]
Current Actions: [What is being done]
Next Update: [Time of next update]

We are aware of an issue affecting [feature/service].
Our team is actively investigating.
We will provide an update by [time].

# Step-by-step database restore from backup

# Steps to rebuild the entire service from scratch

# Commands to manually trigger failover

# Commands to return to primary after failover

# Certificate renewal procedure

# Secret rotation procedure

## Writing Style Requirements

Follow these rules strictly when writing the runbook:

### Clarity
- Write for an engineer who has never seen this system before
- Every command must be copy-pasteable -- no placeholder values without clear labels
- Use `<PLACEHOLDER>` format for values the engineer must fill in
- Include expected output for diagnostic commands so engineers know what "healthy" looks like
- Number all steps sequentially -- never use ambiguous ordering

### Urgency-Appropriate
- P1 procedures go first in each section
- Mark time-sensitive steps clearly: "MUST complete within 5 minutes"
- Separate "do this now" from "do this after incident"
- Include estimated time for each major procedure

### Completeness
- Every `kubectl`, `aws`, `gcloud`, `docker`, or CLI command must include the full flags needed
- Include both the "happy path" and what to do when a step fails
- Document prerequisites for each procedure (access, tools, permissions)
- Cross-reference related sections

### Formatting
- Use tables for structured data (metrics, thresholds, contacts)
- Use code blocks for all commands with language hints for syntax highlighting
- Use bold for warnings and critical notes
- Use checklists for multi-step procedures
- Never use emojis anywhere in the document
- Keep lines under 120 characters where possible

## Output

Generate the runbook as `runbook.md` in the project root directory (or the directory the user specifies). The file MUST:

1. Be 500+ lines
2. Cover all 9 major sections from the template above
3. Contain actual commands and configuration derived from the codebase (not just generic placeholders)
4. Include at least one ASCII or Mermaid architecture diagram
5. Have a complete table of contents
6. Be immediately useful to an on-call engineer

If the codebase lacks information for certain sections (e.g., no monitoring config found), still include the section with a clear note: `[ACTION REQUIRED]: No monitoring configuration found in codebase. Complete this section with your monitoring setup.` This ensures the runbook serves as both documentation and a gap analysis.

## Important Notes

- Never fabricate infrastructure details -- only document what you can verify from the codebase
- When uncertain about a detail, mark it clearly with `[VERIFY]` so the team can confirm
- Prefer specificity over generality -- a runbook with real commands is worth ten with generic advice
- Always test that referenced file paths and scripts actually exist in the codebase
- If the system uses multiple environments (dev/staging/prod), document differences between them
- Include version numbers for all tools and dependencies where visible in config files