Read-only MongoDB discovery for Dockerized autoTRADER environments. Use when inspecting Mongo containers, reading auth_source from system.cfg, verifying mongosh authentication, or compiling a MongoDB findings report.
Use this skill when you need to inspect a MongoDB Docker deployment, derive the correct authentication database from config, run safe mongosh read queries, or compile a read-only findings report.
You MUST run commands through the shared structured-command helper. Raw shell strings are not allowed.
The helper enforces both an approved test-host allow-list and a read-only command allow-list for MongoDB discovery.
Example: inspect containers on an approved test host:
python3 .github/skills/remote-experiment-execution/execute_structured_command.py '{"operation": "remote_readonly_command", "target_server": "<approved_test_host>", "argv": ["docker", "ps", "--format", "{{.Names}}"]}'
Example: read the [autotrader_mongo] config section:
python3 .github/skills/remote-experiment-execution/execute_structured_command.py '{"operation": "remote_readonly_command", "target_server": "<approved_test_host>", "argv": ["sed", "-n", "/^\\[autotrader_mongo\\]/,/^\\[/p", "/home/visotech/myconfig/system.cfg"]}'
Optional timeout override, capped at 900 seconds:
python3 .github/skills/remote-experiment-execution/execute_structured_command.py '{"operation": "remote_readonly_command", "target_server": "<approved_test_host>", "argv": ["docker", "inspect", "<container_name>"], "timeout_seconds": 120}'
Allowed remote commands are limited to read-only reconnaissance such as:
ssh root@<target> "docker ps ..."ssh root@<target> "docker inspect ..."ssh root@<target> "docker port ..."ssh root@<target> "docker exec <container> mongod --version"ssh root@<target> "docker exec <container> mongosh --quiet --eval '...'"ssh root@<target> "sed -n '/^\[autotrader_mongo\]/,/^\[/p' /home/visotech/myconfig/system.cfg"Forbidden actions:
rm, mv, cp, chmod, chown, sed -iWhen the target looks like a standard autoTRADER Mongo deployment:
[autotrader_mongo] section from /home/visotech/myconfig/system.cfg.auth_source to mongosh --authenticationDatabase.username and password only as needed to validate a read-only query.db.getMongo().getDBNames() or a targeted db.runCommand({ connectionStatus: 1 }) read.When asked for a report, include:
Do not include full credential files in the report. Only include the minimum auth details necessary for the requested outcome.