feat: add 5 new specialized agents with 20 skills

Add domain expert agents with comprehensive skill sets:
- service-mesh-expert (cloud-infrastructure): Istio/Linkerd patterns, mTLS, observability
- event-sourcing-architect (backend-development): CQRS, event stores, projections, sagas
- vector-database-engineer (llm-application-dev): embeddings, similarity search, hybrid search
- monorepo-architect (developer-essentials): Nx, Turborepo, Bazel, pnpm workspaces
- threat-modeling-expert (security-scanning): STRIDE, attack trees, security requirements

Update all documentation to reflect correct counts:
- 67 plugins, 99 agents, 107 skills, 71 commands

plugins/cloud-infrastructure/skills/istio-traffic-management/SKILL.md

@@ -0,0 +1,325 @@
+---
+name: istio-traffic-management
+description: Configure Istio traffic management including routing, load balancing, circuit breakers, and canary deployments. Use when implementing service mesh traffic policies, progressive delivery, or resilience patterns.
+---
+
+# Istio Traffic Management
+
+Comprehensive guide to Istio traffic management for production service mesh deployments.
+
+## When to Use This Skill
+
+- Configuring service-to-service routing
+- Implementing canary or blue-green deployments
+- Setting up circuit breakers and retries
+- Load balancing configuration
+- Traffic mirroring for testing
+- Fault injection for chaos engineering
+
+## Core Concepts
+
+### 1. Traffic Management Resources
+
+| Resource | Purpose | Scope |
+|----------|---------|-------|
+| **VirtualService** | Route traffic to destinations | Host-based |
+| **DestinationRule** | Define policies after routing | Service-based |
+| **Gateway** | Configure ingress/egress | Cluster edge |
+| **ServiceEntry** | Add external services | Mesh-wide |
+
+### 2. Traffic Flow
+
+```
+Client → Gateway → VirtualService → DestinationRule → Service
+                   (routing)        (policies)        (pods)
+```
+
+## Templates
+
+### Template 1: Basic Routing
+
+```yaml
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: reviews-route
+  namespace: bookinfo
+spec:
+  hosts:
+    - reviews
+  http:
+    - match:
+        - headers:
+            end-user:
+              exact: jason
+      route:
+        - destination:
+            host: reviews
+            subset: v2
+    - route:
+        - destination:
+            host: reviews
+            subset: v1
+---
+apiVersion: networking.istio.io/v1beta1
+kind: DestinationRule
+metadata:
+  name: reviews-destination
+  namespace: bookinfo
+spec:
+  host: reviews
+  subsets:
+    - name: v1
+      labels:
+        version: v1
+    - name: v2
+      labels:
+        version: v2
+    - name: v3
+      labels:
+        version: v3
+```
+
+### Template 2: Canary Deployment
+
+```yaml
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: my-service-canary
+spec:
+  hosts:
+    - my-service
+  http:
+    - route:
+        - destination:
+            host: my-service
+            subset: stable
+          weight: 90
+        - destination:
+            host: my-service
+            subset: canary
+          weight: 10
+---
+apiVersion: networking.istio.io/v1beta1
+kind: DestinationRule
+metadata:
+  name: my-service-dr
+spec:
+  host: my-service
+  trafficPolicy:
+    connectionPool:
+      tcp:
+        maxConnections: 100
+      http:
+        h2UpgradePolicy: UPGRADE
+        http1MaxPendingRequests: 100
+        http2MaxRequests: 1000
+  subsets:
+    - name: stable
+      labels:
+        version: stable
+    - name: canary
+      labels:
+        version: canary
+```
+
+### Template 3: Circuit Breaker
+
+```yaml
+apiVersion: networking.istio.io/v1beta1
+kind: DestinationRule
+metadata:
+  name: circuit-breaker
+spec:
+  host: my-service
+  trafficPolicy:
+    connectionPool:
+      tcp:
+        maxConnections: 100
+      http:
+        http1MaxPendingRequests: 100
+        http2MaxRequests: 1000
+        maxRequestsPerConnection: 10
+        maxRetries: 3
+    outlierDetection:
+      consecutive5xxErrors: 5
+      interval: 30s
+      baseEjectionTime: 30s
+      maxEjectionPercent: 50
+      minHealthPercent: 30
+```
+
+### Template 4: Retry and Timeout
+
+```yaml
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: ratings-retry
+spec:
+  hosts:
+    - ratings
+  http:
+    - route:
+        - destination:
+            host: ratings
+      timeout: 10s
+      retries:
+        attempts: 3
+        perTryTimeout: 3s
+        retryOn: connect-failure,refused-stream,unavailable,cancelled,retriable-4xx,503
+        retryRemoteLocalities: true
+```
+
+### Template 5: Traffic Mirroring
+
+```yaml
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: mirror-traffic
+spec:
+  hosts:
+    - my-service
+  http:
+    - route:
+        - destination:
+            host: my-service
+            subset: v1
+      mirror:
+        host: my-service
+        subset: v2
+      mirrorPercentage:
+        value: 100.0
+```
+
+### Template 6: Fault Injection
+
+```yaml
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: fault-injection
+spec:
+  hosts:
+    - ratings
+  http:
+    - fault:
+        delay:
+          percentage:
+            value: 10
+          fixedDelay: 5s
+        abort:
+          percentage:
+            value: 5
+          httpStatus: 503
+      route:
+        - destination:
+            host: ratings
+```
+
+### Template 7: Ingress Gateway
+
+```yaml
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: my-gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - port:
+        number: 443
+        name: https
+        protocol: HTTPS
+      tls:
+        mode: SIMPLE
+        credentialName: my-tls-secret
+      hosts:
+        - "*.example.com"
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: my-vs
+spec:
+  hosts:
+    - "api.example.com"
+  gateways:
+    - my-gateway
+  http:
+    - match:
+        - uri:
+            prefix: /api/v1
+      route:
+        - destination:
+            host: api-service
+            port:
+              number: 8080
+```
+
+## Load Balancing Strategies
+
+```yaml
+apiVersion: networking.istio.io/v1beta1
+kind: DestinationRule
+metadata:
+  name: load-balancing
+spec:
+  host: my-service
+  trafficPolicy:
+    loadBalancer:
+      simple: ROUND_ROBIN  # or LEAST_CONN, RANDOM, PASSTHROUGH
+---
+# Consistent hashing for sticky sessions
+apiVersion: networking.istio.io/v1beta1
+kind: DestinationRule
+metadata:
+  name: sticky-sessions
+spec:
+  host: my-service
+  trafficPolicy:
+    loadBalancer:
+      consistentHash:
+        httpHeaderName: x-user-id
+        # or: httpCookie, useSourceIp, httpQueryParameterName
+```
+
+## Best Practices
+
+### Do's
+- **Start simple** - Add complexity incrementally
+- **Use subsets** - Version your services clearly
+- **Set timeouts** - Always configure reasonable timeouts
+- **Enable retries** - But with backoff and limits
+- **Monitor** - Use Kiali and Jaeger for visibility
+
+### Don'ts
+- **Don't over-retry** - Can cause cascading failures
+- **Don't ignore outlier detection** - Enable circuit breakers
+- **Don't mirror to production** - Mirror to test environments
+- **Don't skip canary** - Test with small traffic percentage first
+
+## Debugging Commands
+
+```bash
+# Check VirtualService configuration
+istioctl analyze
+
+# View effective routes
+istioctl proxy-config routes deploy/my-app -o json
+
+# Check endpoint discovery
+istioctl proxy-config endpoints deploy/my-app
+
+# Debug traffic
+istioctl proxy-config log deploy/my-app --level debug
+```
+
+## Resources
+
+- [Istio Traffic Management](https://istio.io/latest/docs/concepts/traffic-management/)
+- [Virtual Service Reference](https://istio.io/latest/docs/reference/config/networking/virtual-service/)
+- [Destination Rule Reference](https://istio.io/latest/docs/reference/config/networking/destination-rule/)