skills/production-audit/SKILL.md
Use this skill when the user asks whether an application is ready to ship, what could break in production, or what must be fixed before a launch. This is a maintainer-safe rewrite of the stale community production-audit idea: it keeps the useful production-readiness lens and removes unpinned external execution and third-party data sharing.
security-review first.Build the audit from local and user-authorized evidence. Do not run unpinned remote code, upload repository contents to third-party services, or call external scanners unless the user explicitly approves that specific tool and data flow.
Use this order:
Start with cheap, local signals:
git status --short --branch
git log --oneline --decorate -20
git diff --stat origin/main...HEAD
Then inspect the project-specific surface:
If a deployed URL is in scope, use browser or HTTP checks only against that URL and avoid credentialed actions unless the user supplies a safe test account.
Use scores to force prioritization, not to imply mathematical certainty.
| Band | Score | Meaning |
|---|---|---|
| Blocked | 0-49 | Do not ship until the top risks are fixed |
| Risky | 50-69 | Ship only behind a small rollout or internal beta |
| Launchable With Caveats | 70-84 | Ship if owners accept the listed risks |
| Strong | 85-100 | No obvious launch blockers from available evidence |
Cap the score at 69 if any of these are true:
Cap the score at 84 if CI is not green or the launch-critical path was not
tested end to end.
Lead with one sentence:
Production audit: 76/100, launchable with caveats, with webhook idempotency and rollback docs as the two risks to fix before public launch.
Then list:
Blockers: must-fix items before deploy.High-value fixes: next fixes if the user wants to improve the score.Evidence checked: files, commands, CI, deployed URL, or PRs inspected.Evidence missing: what would change confidence if provided.Next action: one concrete fix or verification step.Keep strengths short. The user asked for readiness, so the useful answer is the remaining risk and the next action.
User:
is this ready to ship?
Response:
Production audit: 68/100, risky, because Stripe webhooks are verified but not idempotent and there is no rollback note for the pending migration.
Blockers:
- Add idempotency for `checkout.session.completed` before fulfilling orders.
- Write and test the rollback path for `20260511_add_billing_state.sql`.
High-value fixes:
- Add a health check that verifies database and payment-provider reachability.
- Add one E2E path for upgrade, webhook fulfillment, and billing-page refresh.
Evidence checked:
- `api/stripe/webhook.ts`
- `db/migrations/20260511_add_billing_state.sql`
- GitHub Actions run for the release branch
Next action: Want me to patch webhook idempotency first?
npx <package>@latest or a remote scanner as the default audit path.security-reviewdeployment-patternse2e-testingtdd-workflowverification-loop