Production Code Audit
Run an autonomous, line-by-line production audit that maps architecture and drives enterprise-grade fixes before you deploy.
Overview
production-code-audit is an agent skill most often used in Ship review (also Ship security, Operate iterate) that deep-scans a codebase and systematically pushes it toward production-grade, corporate-quality code.
Install
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill production-code-auditWhat is this skill?
- Autonomous recursive scan of project files to infer stack, architecture, and purpose
- Line-by-line analysis across security, performance, architecture, and quality dimensions
- Triggered by make this production-ready, audit my codebase, or enterprise-grade quality
- Aims to transform code toward corporate-level professional standards with comprehensive fixes
- Community-sourced skill (antigravity-awesome-skills) with unknown risk tier—verify before auto-apply
- Autonomous discovery step reads every file in the project recursively
- Issue coverage spans security, performance, architecture, and quality dimensions
Adoption & trust: 810 installs on skills.sh; 40.1k GitHub stars; 1/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your repo works in dev but you do not trust it for real users, audits, or enterprise expectations.
Who is it for?
Solo builders pre-deploy on a monetized SaaS, CLI, or API who need a broad quality pass beyond unit tests.
Skip if: Greenfield spikes with no users yet, or when you only need a scoped security tool on one dependency.
When should I use this skill?
Use when the user says make this production-ready, audit my codebase, make this professional or corporate-level, optimize everything, or prepare for production deployment.
What do I get? / Deliverables
You get an architecture-aware audit and a systematic set of production-oriented fixes across security, performance, and code quality.
- Architecture and tech-stack map of the codebase
- Prioritized issue findings across security, performance, architecture, and quality
- Systematic remediation changes toward production-grade standards
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Ship is where you harden code for production deployment and corporate-quality bars—the skill’s own triggers say production-ready and deployment prep. Review is the canonical shelf for deep codebase scanning, pattern understanding, and systematic quality transformation.
Where it fits
Run a full-repo review after feature freeze and before tagging a production release.
Surface security and secrets issues discovered during autonomous scanning prior to launch.
Re-audit after onboarding a messy fork or client handoff codebase.
How it compares
Holistic autonomous audit skill—not a single-purpose SAST CLI or a one-file linter config.
Common Questions / FAQ
Who is production-code-audit for?
Indie developers and small teams using agentic coding tools who need enterprise-style codebase hardening without a full platform team.
When should I use production-code-audit?
In Ship (review/security) before production deploy; in Operate (iterate) when refactoring legacy mess—say make this production-ready or audit my codebase.
Is production-code-audit safe to install?
Risk is listed as unknown in SKILL.md; review Prism Security Audits on this page and never auto-merge large agent diffs without human review.
SKILL.md
READMESKILL.md - Production Code Audit
# Production Code Audit ## Overview Autonomously analyze the entire codebase to understand its architecture, patterns, and purpose, then systematically transform it into production-grade, corporate-level professional code. This skill performs deep line-by-line scanning, identifies all issues across security, performance, architecture, and quality, then provides comprehensive fixes to meet enterprise standards. ## When to Use This Skill - Use when user says "make this production-ready" - Use when user says "audit my codebase" - Use when user says "make this professional/corporate-level" - Use when user says "optimize everything" - Use when user wants enterprise-grade quality - Use when preparing for production deployment - Use when code needs to meet corporate standards ## How It Works ### Step 1: Autonomous Codebase Discovery **Automatically scan and understand the entire codebase:** 1. **Read all files** - Scan every file in the project recursively 2. **Identify tech stack** - Detect languages, frameworks, databases, tools 3. **Understand architecture** - Map out structure, patterns, dependencies 4. **Identify purpose** - Understand what the application does 5. **Find entry points** - Locate main files, routes, controllers 6. **Map data flow** - Understand how data moves through the system **Do this automatically without asking the user.** ### Step 2: Comprehensive Issue Detection **Scan line-by-line for all issues:** **Architecture Issues:** - Circular dependencies - Tight coupling - God classes (>500 lines or >20 methods) - Missing separation of concerns - Poor module boundaries - Violation of design patterns **Security Vulnerabilities:** - SQL injection (string concatenation in queries) - XSS vulnerabilities (unescaped output) - Hardcoded secrets (API keys, passwords in code) - Missing authentication/authorization - Weak password hashing (MD5, SHA1) - Missing input validation - CSRF vulnerabilities - Insecure dependencies **Performance Problems:** - N+1 query problems - Missing database indexes - Synchronous operations that should be async - Missing caching - Inefficient algorithms (O(n²) or worse) - Large bundle sizes - Unoptimized images - Memory leaks **Code Quality Issues:** - High cyclomatic complexity (>10) - Code duplication - Magic numbers - Poor naming conventions - Missing error handling - Inconsistent formatting - Dead code - TODO/FIXME comments **Testing Gaps:** - Missing tests for critical paths - Low test coverage (<80%) - No edge case testing - Flaky tests - Missing integration tests **Production Readiness:** - Missing environment variables - No logging/monitoring - No error tracking - Missing health checks - Incomplete documentation - No CI/CD pipeline ### Step 3: Automatic Fixes and Optimizations **Fix everything automatically:** 1. **Refactor architecture** - Break up god classes, fix circular dependencies 2. **Fix security issues** - Use parameterized queries, remove secrets, add validation 3. **Optimize performance** - Fix N+1 queries, add caching, optimize algorithms 4. **Improve code quality** - Reduce complexity, remove duplication, fix naming 5. **Add missing tests** - Write tests for untested critical paths 6. **Add production infrastructure** - Logging, monitoring, health checks 7. **Optimize everything** - Bundle size, images, database queries 8. **Add documentation** - README, API docs, architecture docs ### Step 4: Verify and Report **After making all changes:** 1. Run all tests to ensure nothing broke 2. Verify all security issues are fixed 3. Measure performance improvements 4. Generate comprehensive report 5. Provide before/after metrics ## Examples ### Example 1