{"id":"87317e43-db45-470a-9cce-7f75d4b7f960","shortId":"jkHbt8","kind":"skill","title":"production-code-audit","tagline":"Autonomously deep-scan entire codebase line-by-line, understand architecture and patterns, then systematically transform it to production-grade, corporate-level professional quality with optimizations","description":"# Production Code Audit\n\n## Overview\n\nAutonomously analyze the entire codebase to understand its architecture, patterns, and purpose, then systematically transform it into production-grade, corporate-level professional code. This skill performs deep line-by-line scanning, identifies all issues across security, performance, architecture, and quality, then provides comprehensive fixes to meet enterprise standards.\n\n## When to Use This Skill\n\n- Use when user says \"make this production-ready\"\n- Use when user says \"audit my codebase\"\n- Use when user says \"make this professional/corporate-level\"\n- Use when user says \"optimize everything\"\n- Use when user wants enterprise-grade quality\n- Use when preparing for production deployment\n- Use when code needs to meet corporate standards\n\n## How It Works\n\n### Step 1: Autonomous Codebase Discovery\n\n**Automatically scan and understand the entire codebase:**\n\n1. **Read all files** - Scan every file in the project recursively\n2. **Identify tech stack** - Detect languages, frameworks, databases, tools\n3. **Understand architecture** - Map out structure, patterns, dependencies\n4. **Identify purpose** - Understand what the application does\n5. **Find entry points** - Locate main files, routes, controllers\n6. **Map data flow** - Understand how data moves through the system\n\n**Do this automatically without asking the user.**\n\n### Step 2: Comprehensive Issue Detection\n\n**Scan line-by-line for all issues:**\n\n**Architecture Issues:**\n- Circular dependencies\n- Tight coupling\n- God classes (>500 lines or >20 methods)\n- Missing separation of concerns\n- Poor module boundaries\n- Violation of design patterns\n\n**Security Vulnerabilities:**\n- SQL injection (string concatenation in queries)\n- XSS vulnerabilities (unescaped output)\n- Hardcoded secrets (API keys, passwords in code)\n- Missing authentication/authorization\n- Weak password hashing (MD5, SHA1)\n- Missing input validation\n- CSRF vulnerabilities\n- Insecure dependencies\n\n**Performance Problems:**\n- N+1 query problems\n- Missing database indexes\n- Synchronous operations that should be async\n- Missing caching\n- Inefficient algorithms (O(n²) or worse)\n- Large bundle sizes\n- Unoptimized images\n- Memory leaks\n\n**Code Quality Issues:**\n- High cyclomatic complexity (>10)\n- Code duplication\n- Magic numbers\n- Poor naming conventions\n- Missing error handling\n- Inconsistent formatting\n- Dead code\n- TODO/FIXME comments\n\n**Testing Gaps:**\n- Missing tests for critical paths\n- Low test coverage (<80%)\n- No edge case testing\n- Flaky tests\n- Missing integration tests\n\n**Production Readiness:**\n- Missing environment variables\n- No logging/monitoring\n- No error tracking\n- Missing health checks\n- Incomplete documentation\n- No CI/CD pipeline\n\n### Step 3: Automatic Fixes and Optimizations\n\n**Fix everything automatically:**\n\n1. **Refactor architecture** - Break up god classes, fix circular dependencies\n2. **Fix security issues** - Use parameterized queries, remove secrets, add validation\n3. **Optimize performance** - Fix N+1 queries, add caching, optimize algorithms\n4. **Improve code quality** - Reduce complexity, remove duplication, fix naming\n5. **Add missing tests** - Write tests for untested critical paths\n6. **Add production infrastructure** - Logging, monitoring, health checks\n7. **Optimize everything** - Bundle size, images, database queries\n8. **Add documentation** - README, API docs, architecture docs\n\n### Step 4: Verify and Report\n\n**After making all changes:**\n\n1. Run all tests to ensure nothing broke\n2. Verify all security issues are fixed\n3. Measure performance improvements\n4. Generate comprehensive report\n5. Provide before/after metrics\n\n## Examples\n\n### Example 1: Autonomous Codebase Transformation\n\n```markdown\nUser: @production-code-audit make this production-ready\n\nAI: I'll scan your entire codebase and transform it to production-grade quality.\n\n**Phase 1: Discovering Codebase** (analyzing 247 files)\n- Detected: Node.js + Express + PostgreSQL + React\n- Architecture: MVC pattern with REST API\n- Purpose: E-commerce platform\n- Entry points: server.js, src/index.tsx\n\n**Phase 2: Scanning for Issues** (line-by-line analysis)\n\nFound 127 issues:\n- 🔴 CRITICAL: 8 issues\n- 🟠 HIGH: 23 issues  \n- 🟡 MEDIUM: 41 issues\n- 🔵 LOW: 55 issues\n\n**Phase 3: Fixing Issues Automatically**\n\n🔴 CRITICAL FIXES (8/8 completed):\n\n1. ✅ Fixed SQL injection in UserRepository.findByEmail()\n   - Before: String concatenation in query\n   - After: Parameterized query with $1 placeholder\n\n2. ✅ Removed hardcoded database password from config/database.ts\n   - Before: password: 'SuperSecret123!'\n   - After: password: process.env.DB_PASSWORD\n\n3. ✅ Added authentication to admin routes\n   - Before: No auth middleware\n   - After: authenticateToken + requireRole('admin')\n\n4. ✅ Fixed weak password hashing (MD5 → bcrypt)\n   - Before: crypto.createHash('md5')\n   - After: bcrypt.hash(password, 12)\n\n5. ✅ Fixed circular dependency: OrderService ↔ PaymentService\n   - Before: Direct imports causing cycle\n   - After: Event-based decoupling with EventBus\n\n6. ✅ Added input validation to all API endpoints\n   - Before: No validation\n   - After: Zod schemas validating all inputs\n\n7. ✅ Fixed authentication bypass in auth middleware\n   - Before: next() called on missing token\n   - After: Returns 401 error\n\n8. ✅ Fixed mass assignment vulnerability in UserController\n   - Before: Accepts all fields from req.body\n   - After: Whitelist of allowed fields only\n\n🟠 HIGH PRIORITY FIXES (23/23 completed):\n\n9. ✅ Fixed N+1 query in OrderService.getOrdersWithItems()\n   - Before: Loop with individual queries (2.8s)\n   - After: Single query with joins (45ms)\n   - Performance: 98% improvement\n\n10. ✅ Refactored UserService god class (850 lines → 4 focused services)\n    - UserAuthenticationService (login, logout, password)\n    - UserProfileService (CRUD operations)\n    - UserNotificationService (email, SMS)\n    - UserPermissionService (roles, permissions)\n\n11. ✅ Added Redis caching for product queries\n    - Before: Database query every request\n    - After: Cache with 1-hour TTL\n    - Performance: 95% faster\n\n12. ✅ Optimized bundle size\n    - Before: 850KB (gzipped: 280KB)\n    - After: 380KB (gzipped: 120KB)\n    - Improvement: 55% reduction\n\n13. ✅ Added database indexes\n    - orders(user_id, status, created_at)\n    - products(category, price)\n    - Query performance: 98% improvement\n\n[... 11 more high-priority fixes ...]\n\n🟡 MEDIUM PRIORITY FIXES (41/41 completed):\n[... all medium fixes ...]\n\n🔵 LOW PRIORITY IMPROVEMENTS (55/55 completed):\n[... all low improvements ...]\n\n**Phase 4: Adding Production Infrastructure**\n\n✅ Added structured logging (Winston)\n✅ Added error tracking (Sentry)\n✅ Added health check endpoints (/health, /ready)\n✅ Added monitoring (Prometheus metrics)\n✅ Added rate limiting (Redis-based)\n✅ Added API documentation (Swagger/OpenAPI)\n✅ Added comprehensive README\n✅ Added deployment guide\n✅ Added CI/CD pipeline (.github/workflows)\n\n**Phase 5: Verification**\n\n✅ All tests passing (1,247 tests)\n✅ Test coverage: 42% → 87%\n✅ Security scan: 0 vulnerabilities\n✅ Performance: API response time 3.2s → 180ms\n✅ Bundle size: 850KB → 380KB\n✅ Lighthouse score: 62 → 94\n\n**TRANSFORMATION COMPLETE**\n\nYour codebase is now production-ready with enterprise-grade quality:\n\n📊 Metrics:\n- Issues fixed: 127/127 (100%)\n- Test coverage: 87% (target: 80%+)\n- API performance: 94% improvement\n- Security: OWASP Top 10 compliant\n- Code quality: Grade A-\n\n📁 Files changed: 89 files\n📝 Lines changed: +3,247 / -1,892\n\n🚀 Ready for production deployment!\n```\n\n### Example 2: Automatic Security Hardening\n\n```markdown\nUser: @production-code-audit secure this codebase\n\nAI: Scanning for security vulnerabilities...\n\n**Security Scan Complete**\n\nFound 15 security issues:\n- 🔴 CRITICAL: 5\n- 🟠 HIGH: 7\n- 🟡 MEDIUM: 3\n\n**Fixing all security issues automatically...**\n\n🔴 CRITICAL (5/5 fixed):\n\n1. ✅ SQL Injection in UserRepository\n\\`\\`\\`typescript\n// Before (VULNERABLE)\nconst query = \\`SELECT * FROM users WHERE email = '\\${email}'\\`;\n\n// After (SECURE)\nconst query = 'SELECT * FROM users WHERE email = $1';\nawait db.query(query, [email]);\n\\`\\`\\`\n\n2. ✅ Hardcoded Secrets Removed\n\\`\\`\\`typescript\n// Before (INSECURE)\nconst JWT_SECRET = 'my-secret-key-123';\n\n// After (SECURE)\nconst JWT_SECRET = process.env.JWT_SECRET;\nif (!JWT_SECRET) throw new Error('JWT_SECRET required');\n\\`\\`\\`\n\n3. ✅ Authentication Added to Admin Routes\n\\`\\`\\`typescript\n// Before (VULNERABLE)\nrouter.delete('/api/admin/users/:id', deleteUser);\n\n// After (SECURE)\nrouter.delete('/api/admin/users/:id',\n  authenticateToken,\n  requireRole('admin'),\n  deleteUser\n);\n\\`\\`\\`\n\n4. ✅ Password Hashing Upgraded\n\\`\\`\\`typescript\n// Before (WEAK)\nconst hash = crypto.createHash('md5').update(password).digest('hex');\n\n// After (STRONG)\nconst hash = await bcrypt.hash(password, 12);\n\\`\\`\\`\n\n5. ✅ Input Validation Added\n\\`\\`\\`typescript\n// Before (VULNERABLE)\nconst user = await db.user.create({ data: req.body });\n\n// After (SECURE)\nconst schema = z.object({\n  email: z.string().email(),\n  password: z.string().min(12),\n  name: z.string().min(2).max(100)\n});\nconst validated = schema.parse(req.body);\nconst user = await db.user.create({ data: validated });\n\\`\\`\\`\n\n**Security Status:**\n- ✅ OWASP Top 10: Compliant\n- ✅ SQL Injection: Protected\n- ✅ XSS: Protected\n- ✅ CSRF: Protected\n- ✅ Authentication: Secure\n- ✅ Secrets: Environment variables\n- ✅ Dependencies: No vulnerabilities\n\n🔒 Codebase is now secure and production-ready!\n```\n\n### Example 3: Performance Optimization\n\n```markdown\nUser: @production-code-audit optimize performance\n\nAI: Analyzing performance bottlenecks...\n\n**Performance Analysis Complete**\n\nCurrent metrics:\n- API response time: 3.2s (target: <200ms)\n- Page load time: 8.5s (target: <2s)\n- Bundle size: 850KB (target: <200KB)\n\n**Optimizing automatically...**\n\n✅ Fixed N+1 queries (3.2s → 180ms - 94% faster)\n✅ Added Redis caching (95% cache hit rate)\n✅ Optimized database indexes (98% faster queries)\n✅ Reduced bundle size (850KB → 380KB - 55% smaller)\n✅ Optimized images (28MB → 3.2MB - 89% smaller)\n✅ Implemented code splitting\n✅ Added lazy loading\n✅ Parallelized async operations\n\n**Performance Results:**\n\n| Metric | Before | After | Improvement |\n|--------|--------|-------|-------------|\n| API Response | 3.2s | 180ms | 94% |\n| Page Load | 8.5s | 1.8s | 79% |\n| Bundle Size | 850KB | 380KB | 55% |\n| Image Size | 28MB | 3.2MB | 89% |\n| Lighthouse | 42 | 94 | +52 points |\n\n🚀 Performance optimized to production standards!\n```\n\n## Best Practices\n\n### ✅ Do This\n\n- **Scan Everything** - Read all files, understand entire codebase\n- **Fix Automatically** - Don't just report, actually fix issues\n- **Prioritize Critical** - Security and data loss issues first\n- **Measure Impact** - Show before/after metrics\n- **Verify Changes** - Run tests after making changes\n- **Be Comprehensive** - Cover architecture, security, performance, testing\n- **Optimize Everything** - Bundle size, queries, algorithms, images\n- **Add Infrastructure** - Logging, monitoring, error tracking\n- **Document Changes** - Explain what was fixed and why\n\n### ❌ Don't Do This\n\n- **Don't Ask Questions** - Understand the codebase autonomously\n- **Don't Wait for Instructions** - Scan and fix automatically\n- **Don't Report Only** - Actually make the fixes\n- **Don't Skip Files** - Scan every file in the project\n- **Don't Ignore Context** - Understand what the code does\n- **Don't Break Things** - Verify tests pass after changes\n- **Don't Be Partial** - Fix all issues, not just some\n\n## Autonomous Scanning Instructions\n\n**When this skill is invoked, automatically:**\n\n1. **Discover the codebase:**\n   - Use `listDirectory` to find all files recursively\n   - Use `readFile` to read every source file\n   - Identify tech stack from package.json, requirements.txt, etc.\n   - Map out architecture and structure\n\n2. **Scan line-by-line for issues:**\n   - Check every line for security vulnerabilities\n   - Identify performance bottlenecks\n   - Find code quality issues\n   - Detect architectural problems\n   - Find missing tests\n\n3. **Fix everything automatically:**\n   - Use `strReplace` to fix issues in files\n   - Add missing files (tests, configs, docs)\n   - Refactor problematic code\n   - Add production infrastructure\n   - Optimize performance\n\n4. **Verify and report:**\n   - Run tests to ensure nothing broke\n   - Measure improvements\n   - Generate comprehensive report\n   - Show before/after metrics\n\n**Do all of this without asking the user for input.**\n\n## Common Pitfalls\n\n### Problem: Too Many Issues\n**Symptoms:** Team paralyzed by 200+ issues\n**Solution:** Focus on critical/high priority only, create sprints\n\n### Problem: False Positives\n**Symptoms:** Flagging non-issues\n**Solution:** Understand context, verify manually, ask developers\n\n### Problem: No Follow-Up\n**Symptoms:** Audit report ignored\n**Solution:** Create GitHub issues, assign owners, track in standups\n\n## Production Audit Checklist\n\n### Security\n- [ ] No SQL injection vulnerabilities\n- [ ] No hardcoded secrets\n- [ ] Authentication on protected routes\n- [ ] Authorization checks implemented\n- [ ] Input validation on all endpoints\n- [ ] Password hashing with bcrypt (10+ rounds)\n- [ ] HTTPS enforced\n- [ ] Dependencies have no vulnerabilities\n\n### Performance\n- [ ] No N+1 query problems\n- [ ] Database indexes on foreign keys\n- [ ] Caching implemented\n- [ ] API response time < 200ms\n- [ ] Bundle size < 200KB (gzipped)\n\n### Testing\n- [ ] Test coverage > 80%\n- [ ] Critical paths tested\n- [ ] Edge cases covered\n- [ ] No flaky tests\n- [ ] Tests run in CI/CD\n\n### Production Readiness\n- [ ] Environment variables configured\n- [ ] Error tracking setup (Sentry)\n- [ ] Structured logging implemented\n- [ ] Health check endpoints\n- [ ] Monitoring and alerting\n- [ ] Documentation complete\n\n## Audit Report Template\n\n```markdown\n# Production Audit Report\n\n**Project:** [Name]\n**Date:** [Date]\n**Overall Grade:** [A-F]\n\n## Executive Summary\n[2-3 sentences on overall status]\n\n**Critical Issues:** [count]\n**High Priority:** [count]\n**Recommendation:** [Fix timeline]\n\n## Findings by Category\n\n### Architecture (Grade: [A-F])\n- Issue 1: [Description]\n- Issue 2: [Description]\n\n### Security (Grade: [A-F])\n- Issue 1: [Description + Fix]\n- Issue 2: [Description + Fix]\n\n### Performance (Grade: [A-F])\n- Issue 1: [Description + Fix]\n\n### Testing (Grade: [A-F])\n- Coverage: [%]\n- Issues: [List]\n\n## Priority Actions\n1. [Critical issue] - [Timeline]\n2. [High priority] - [Timeline]\n3. [High priority] - [Timeline]\n\n## Timeline\n- Critical fixes: [X weeks]\n- High priority: [X weeks]\n- Production ready: [X weeks]\n```\n\n## Related Skills\n\n- `@code-review-checklist` - Code review guidelines\n- `@api-security-best-practices` - API security patterns\n- `@web-performance-optimization` - Performance optimization\n- `@systematic-debugging` - Debug production issues\n- `@senior-architect` - Architecture patterns\n\n## Additional Resources\n\n- [OWASP Top 10](https://owasp.org/www-project-top-ten/)\n- [Google Engineering Practices](https://google.github.io/eng-practices/)\n- [SonarQube Quality Gates](https://docs.sonarqube.org/latest/user-guide/quality-gates/)\n- [Clean Code by Robert C. Martin](https://www.amazon.com/Clean-Code-Handbook-Software-Craftsmanship/dp/0132350882)\n\n---\n\n**Pro Tip:** Schedule regular audits (quarterly) to maintain code quality. Prevention is cheaper than fixing production bugs!\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["production","code","audit","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding"],"capabilities":["skill","source-sickn33","skill-production-code-audit","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/production-code-audit","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 37911 github stars · SKILL.md body (15,748 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T18:51:34.108Z","embedding":null,"createdAt":"2026-04-18T20:37:45.280Z","updatedAt":"2026-05-18T18:51:34.108Z","lastSeenAt":"2026-05-18T18:51:34.108Z","tsv":"'+1':296,419,736,1240,1669 '+3':972 '+52':1316 '-1':974 '-3':1743 '/api/admin/users':1091,1097 '/clean-code-handbook-software-craftsmanship/dp/0132350882)':1890 '/eng-practices/)':1875 '/health':871 '/latest/user-guide/quality-gates/)':1881 '/ready':872 '/www-project-top-ten/)':1869 '0':912 '1':149,160,393,478,507,538,598,613,794,903,1020,1045,1468,1766,1777,1790,1803 '1.8':1299 '10':329,756,960,1171,1658,1866 '100':947,1156 '11':779,832 '12':656,800,1125,1150 '120kb':811 '123':1064 '127':575 '127/127':946 '13':815 '15':1003 '180ms':920,1244,1293 '2':171,224,403,486,565,615,981,1050,1154,1498,1742,1769,1781,1807 '2.8':745 '20':247 '200':1588 '200kb':1235,1685 '200ms':1223,1682 '23':581 '23/23':731 '247':542,904,973 '280kb':807 '28mb':1269,1309 '2s':1230 '3':180,385,414,493,590,629,1011,1081,1197,1525,1811 '3.2':918,1220,1242,1270,1291,1310 '380kb':809,924,1264,1305 '4':188,425,470,497,643,763,855,1103,1550 '401':707 '41':584 '41/41':841 '42':908,1314 '45ms':752 '5':196,435,501,657,898,1007,1126 '5/5':1018 '500':244 '55':587,813,1265,1306 '55/55':849 '6':205,445,675 '62':927 '7':453,692,1009 '79':1301 '8':461,578,709 '8.5':1227,1297 '8/8':596 '80':356,952,1690 '850':761 '850kb':805,923,1233,1263,1304 '87':909,950 '89':968,1272,1312 '892':975 '9':733 '94':928,955,1245,1294,1315 '95':798,1250 '98':754,830,1257 'a-f':1737,1762,1773,1786,1795 'accept':717 'across':75 'action':1802 'actual':1341,1417 'ad':630,676,780,816,856,859,863,867,873,877,883,887,890,893,1083,1129,1247,1277 'add':412,421,436,446,462,1378,1536,1545 'addit':1862 'admin':633,642,1085,1101 'ai':522,994,1208 'alert':1721 'algorithm':311,424,1376 'allow':725 'analysi':573,1213 'analyz':39,541,1209 'api':274,465,554,681,884,915,953,1217,1289,1679,1838,1842 'api-security-best-practic':1837 'applic':194 'architect':1859 'architectur':16,46,78,182,236,395,467,549,1367,1495,1520,1760,1860 'ask':220,1398,1573,1611,1941 'assign':712,1626 'async':307,1281 'audit':4,36,107,516,990,1205,1619,1632,1724,1729,1895 'auth':637,697 'authent':631,694,1082,1180,1642 'authenticatetoken':640,1099 'authentication/authorization':280 'author':1646 'automat':153,218,386,392,593,982,1016,1237,1336,1412,1467,1528 'autonom':5,38,150,508,1403,1459 'await':1046,1122,1135,1163 'base':671,882 'bcrypt':649,1657 'bcrypt.hash':654,1123 'before/after':503,1355,1566 'best':1323,1840 'bottleneck':1211,1514 'boundari':255,1949 'break':396,1442 'broke':485,1559 'bug':1907 'bundl':317,456,802,921,1231,1261,1302,1373,1683 'bypass':695 'c':1886 'cach':309,422,782,792,1249,1251,1677 'call':701 'case':359,1695 'categori':826,1759 'caus':666 'chang':477,967,971,1358,1363,1385,1448 'cheaper':1903 'check':378,452,869,1506,1647,1717 'checklist':1633,1833 'ci/cd':382,894,1703 'circular':238,401,659 'clarif':1943 'class':243,399,760 'clean':1882 'clear':1916 'code':3,35,62,139,278,323,330,343,427,515,962,989,1204,1275,1438,1516,1544,1831,1834,1883,1899 'code-review-checklist':1830 'codebas':10,42,109,151,159,509,528,540,932,993,1188,1334,1402,1471 'comment':345 'commerc':558 'common':1578 'complet':597,732,842,850,930,1001,1214,1723 'complex':328,430 'compliant':961,1172 'comprehens':83,225,499,888,1365,1563 'concaten':265,606 'concern':252 'config':1540 'config/database.ts':621 'configur':1708 'const':1028,1038,1057,1067,1110,1120,1133,1141,1157,1161 'context':1434,1608 'control':204 'convent':336 'corpor':28,59,143 'corporate-level':27,58 'count':1750,1753 'coupl':241 'cover':1366,1696 'coverag':355,907,949,1689,1798 'creat':823,1596,1623 'criteria':1952 'critic':351,443,577,594,1006,1017,1345,1691,1748,1804,1816 'critical/high':1593 'crud':771 'crypto.createhash':651,1112 'csrf':289,1178 'current':1215 'cycl':667 'cyclomat':327 'data':207,211,1137,1165,1348 'databas':178,300,459,618,787,817,1255,1672 'date':1733,1734 'db.query':1047 'db.user.create':1136,1164 'dead':342 'debug':1853,1854 'decoupl':672 'deep':7,66 'deep-scan':6 'deleteus':1093,1102 'depend':187,239,292,402,660,1185,1662 'deploy':136,891,979 'describ':1920 'descript':1767,1770,1778,1782,1791 'design':258 'detect':175,227,544,1519 'develop':1612 'digest':1116 'direct':664 'discov':539,1469 'discoveri':152 'doc':466,468,1541 'docs.sonarqube.org':1880 'docs.sonarqube.org/latest/user-guide/quality-gates/)':1879 'document':380,463,885,1384,1722 'duplic':331,432 'e':557 'e-commerc':556 'edg':358,1694 'email':774,1034,1035,1044,1049,1144,1146 'endpoint':682,870,1653,1718 'enforc':1661 'engin':1871 'ensur':483,1557 'enterpris':87,128,940 'enterprise-grad':127,939 'entir':9,41,158,527,1333 'entri':198,560 'environ':369,1183,1706,1932 'environment-specif':1931 'error':338,374,708,864,1077,1382,1709 'etc':1492 'event':670 'event-bas':669 'eventbus':674 'everi':165,789,1426,1483,1507 'everyth':122,391,455,1328,1372,1527 'exampl':505,506,980,1196 'execut':1740 'expert':1937 'explain':1386 'express':546 'f':1739,1764,1775,1788,1797 'fals':1599 'faster':799,1246,1258 'field':719,726 'file':163,166,202,543,966,969,1331,1424,1427,1477,1485,1535,1538 'find':197,1475,1515,1522,1757 'first':1351 'fix':84,387,390,400,404,417,433,492,591,595,599,644,658,693,710,730,734,837,840,845,945,1012,1019,1238,1335,1342,1389,1411,1420,1453,1526,1532,1755,1779,1783,1792,1817,1905 'flag':1602 'flaki':361,1698 'flow':208 'focus':764,1591 'follow':1616 'follow-up':1615 'foreign':1675 'format':341 'found':574,1002 'framework':177 'gap':347 'gate':1878 'generat':498,1562 'github':1624 'github/workflows':896 'god':242,398,759 'googl':1870 'google.github.io':1874 'google.github.io/eng-practices/)':1873 'grade':26,57,129,535,941,964,1736,1761,1772,1785,1794 'guid':892 'guidelin':1836 'gzip':806,810,1686 'handl':339 'hardcod':272,617,1051,1640 'harden':984 'hash':283,647,1105,1111,1121,1655 'health':377,451,868,1716 'hex':1117 'high':326,580,728,835,1008,1751,1808,1812,1820 'high-prior':834 'hit':1252 'hour':795 'https':1660 'id':821,1092,1098 'identifi':72,172,189,1486,1512 'ignor':1433,1621 'imag':320,458,1268,1307,1377 'impact':1353 'implement':1274,1648,1678,1715 'import':665 'improv':426,496,755,812,831,848,853,956,1288,1561 'incomplet':379 'inconsist':340 'index':301,818,1256,1673 'individu':743 'ineffici':310 'infrastructur':448,858,1379,1547 'inject':263,601,1022,1174,1637 'input':287,677,691,1127,1577,1649,1946 'insecur':291,1056 'instruct':1408,1461 'integr':364 'invok':1466 'issu':74,226,235,237,325,406,490,568,576,579,582,585,588,592,944,1005,1015,1343,1350,1455,1505,1518,1533,1583,1589,1605,1625,1749,1765,1768,1776,1780,1789,1799,1805,1856 'join':751 'jwt':1058,1068,1073,1078 'key':275,1063,1676 'languag':176 'larg':316 'lazi':1278 'leak':322 'level':29,60 'lighthous':925,1313 'limit':879,1908 'line':12,14,68,70,230,232,245,570,572,762,970,1501,1503,1508 'line-by-lin':11,67,229,569,1500 'list':1800 'listdirectori':1473 'll':524 'load':1225,1279,1296 'locat':200 'log':449,861,1380,1714 'logging/monitoring':372 'login':767 'logout':768 'loop':741 'loss':1349 'low':353,586,846,852 'magic':332 'main':201 'maintain':1898 'make':98,114,475,517,1362,1418 'mani':1582 'manual':1610 'map':183,206,1493 'markdown':511,985,1200,1727 'martin':1887 'mass':711 'match':1917 'max':1155 'mb':1271,1311 'md5':284,648,652,1113 'measur':494,1352,1560 'medium':583,838,844,1010 'meet':86,142 'memori':321 'method':248 'metric':504,876,943,1216,1285,1356,1567 'middlewar':638,698 'min':1149,1153 'miss':249,279,286,299,308,337,348,363,368,376,437,703,1523,1537,1954 'modul':254 'monitor':450,874,1381,1719 'move':212 'mvc':550 'my-secret-key':1060 'n':295,313,418,735,1239,1668 'name':335,434,1151,1732 'need':140 'new':1076 'next':700 'node.js':545 'non':1604 'non-issu':1603 'noth':484,1558 'number':333 'o':312 'oper':303,772,1282 'optim':33,121,389,415,423,454,801,1199,1206,1236,1254,1267,1319,1371,1548,1848,1850 'order':819 'orderservic':661 'orderservice.getorderswithitems':739 'output':271,1926 'overal':1735,1746 'overview':37 'owasp':958,1169,1864 'owasp.org':1868 'owasp.org/www-project-top-ten/)':1867 'owner':1627 'package.json':1490 'page':1224,1295 'parallel':1280 'paralyz':1586 'parameter':408,610 'partial':1452 'pass':902,1446 'password':276,282,619,623,626,628,646,655,769,1104,1115,1124,1147,1654 'path':352,444,1692 'pattern':18,47,186,259,551,1844,1861 'paymentservic':662 'perform':65,77,293,416,495,753,797,829,914,954,1198,1207,1210,1212,1283,1318,1369,1513,1549,1666,1784,1847,1849 'permiss':778,1947 'phase':537,564,589,854,897 'pipelin':383,895 'pitfal':1579 'placehold':614 'platform':559 'point':199,561,1317 'poor':253,334 'posit':1600 'postgresql':547 'practic':1324,1841,1872 'prepar':133 'prevent':1901 'price':827 'priorit':1344 'prioriti':729,836,839,847,1594,1752,1801,1809,1813,1821 'pro':1891 'problem':294,298,1521,1580,1598,1613,1671 'problemat':1543 'process.env.db':627 'process.env.jwt':1070 'product':2,25,34,56,101,135,366,447,514,520,534,784,825,857,936,978,988,1194,1203,1321,1546,1631,1704,1728,1824,1855,1906 'production-code-audit':1,513,987,1202 'production-grad':24,55,533 'production-readi':100,519,935,1193 'profession':30,61 'professional/corporate-level':116 'project':169,1430,1731 'prometheus':875 'protect':1175,1177,1179,1644 'provid':82,502 'purpos':49,190,555 'qualiti':31,80,130,324,428,536,942,963,1517,1877,1900 'quarter':1896 'queri':267,297,409,420,460,608,611,737,744,749,785,788,828,1029,1039,1048,1241,1259,1375,1670 'question':1399 'rate':878,1253 'react':548 'read':161,1329,1482 'readfil':1480 'readi':102,367,521,937,976,1195,1705,1825 'readm':464,889 'recommend':1754 'recurs':170,1478 'redi':781,881,1248 'redis-bas':880 'reduc':429,1260 'reduct':814 'refactor':394,757,1542 'regular':1894 'relat':1828 'remov':410,431,616,1053 'report':473,500,1340,1415,1553,1564,1620,1725,1730 'req.body':721,1138,1160 'request':790 'requir':1080,1945 'requirements.txt':1491 'requirerol':641,1100 'resourc':1863 'respons':916,1218,1290,1680 'rest':553 'result':1284 'return':706 'review':1832,1835,1938 'robert':1885 'role':777 'round':1659 'rout':203,634,1086,1645 'router.delete':1090,1096 'run':479,1359,1554,1701 'safeti':1948 'say':97,106,113,120 'scan':8,71,154,164,228,525,566,911,995,1000,1327,1409,1425,1460,1499 'schedul':1893 'schema':688,1142 'schema.parse':1159 'scope':1919 'score':926 'secret':273,411,1052,1059,1062,1069,1071,1074,1079,1182,1641 'secur':76,260,405,489,910,957,983,991,997,999,1004,1014,1037,1066,1095,1140,1167,1181,1191,1346,1368,1510,1634,1771,1839,1843 'select':1030,1040 'senior':1858 'senior-architect':1857 'sentenc':1744 'sentri':866,1712 'separ':250 'server.js':562 'servic':765 'setup':1711 'sha1':285 'show':1354,1565 'singl':748 'size':318,457,803,922,1232,1262,1303,1308,1374,1684 'skill':64,93,1464,1829,1911 'skill-production-code-audit' 'skip':1423 'smaller':1266,1273 'sms':775 'solut':1590,1606,1622 'sonarqub':1876 'sourc':1484 'source-sickn33' 'specif':1933 'split':1276 'sprint':1597 'sql':262,600,1021,1173,1636 'src/index.tsx':563 'stack':174,1488 'standard':88,144,1322 'standup':1630 'status':822,1168,1747 'step':148,223,384,469 'stop':1939 'string':264,605 'strong':1119 'strreplac':1530 'structur':185,860,1497,1713 'substitut':1929 'success':1951 'summari':1741 'supersecret123':624 'swagger/openapi':886 'symptom':1584,1601,1618 'synchron':302 'system':215 'systemat':20,51,1852 'systematic-debug':1851 'target':951,1222,1229,1234 'task':1915 'team':1585 'tech':173,1487 'templat':1726 'test':346,349,354,360,362,365,438,440,481,901,905,906,948,1360,1370,1445,1524,1539,1555,1687,1688,1693,1699,1700,1793,1935 'thing':1443 'throw':1075 'tight':240 'time':917,1219,1226,1681 'timelin':1756,1806,1810,1814,1815 'tip':1892 'todo/fixme':344 'token':704 'tool':179 'top':959,1170,1865 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'track':375,865,1383,1628,1710 'transform':21,52,510,530,929 'treat':1924 'ttl':796 'typescript':1025,1054,1087,1107,1130 'understand':15,44,156,181,191,209,1332,1400,1435,1607 'unescap':270 'unoptim':319 'untest':442 'updat':1114 'upgrad':1106 'use':91,94,103,110,117,123,131,137,407,1472,1479,1529,1909 'user':96,105,112,119,125,222,512,820,986,1032,1042,1134,1162,1201,1575 'userauthenticationservic':766 'usercontrol':715 'usernotificationservic':773 'userpermissionservic':776 'userprofileservic':770 'userrepositori':1024 'userrepository.findbyemail':603 'userservic':758 'valid':288,413,678,685,689,1128,1158,1166,1650,1934 'variabl':370,1184,1707 'verif':899 'verifi':471,487,1357,1444,1551,1609 'violat':256 'vulner':261,269,290,713,913,998,1027,1089,1132,1187,1511,1638,1665 'wait':1406 'want':126 'weak':281,645,1109 'web':1846 'web-performance-optim':1845 'week':1819,1823,1827 'whitelist':723 'winston':862 'without':219,1572 'work':147 'wors':315 'write':439 'www.amazon.com':1889 'www.amazon.com/clean-code-handbook-software-craftsmanship/dp/0132350882)':1888 'x':1818,1822,1826 'xss':268,1176 'z.object':1143 'z.string':1145,1148,1152 'zod':687","prices":[{"id":"a15f960c-9392-4a7a-ae88-36ba144ec220","listingId":"87317e43-db45-470a-9cce-7f75d4b7f960","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T20:37:45.280Z"}],"sources":[{"listingId":"87317e43-db45-470a-9cce-7f75d4b7f960","source":"github","sourceId":"sickn33/antigravity-awesome-skills/production-code-audit","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/production-code-audit","isPrimary":false,"firstSeenAt":"2026-04-18T21:42:47.784Z","lastSeenAt":"2026-05-18T18:51:34.108Z"},{"listingId":"87317e43-db45-470a-9cce-7f75d4b7f960","source":"skills_sh","sourceId":"sickn33/antigravity-awesome-skills/production-code-audit","sourceUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/production-code-audit","isPrimary":true,"firstSeenAt":"2026-04-18T20:37:45.280Z","lastSeenAt":"2026-05-07T22:40:46.060Z"}],"details":{"listingId":"87317e43-db45-470a-9cce-7f75d4b7f960","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"production-code-audit","github":{"repo":"sickn33/antigravity-awesome-skills","stars":37911,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-05-18T08:24:49Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"68ca4bed7e3060f2e135888ca2c8cef76a105d04","skill_md_path":"skills/production-code-audit/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/production-code-audit"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"production-code-audit","description":"Autonomously deep-scan entire codebase line-by-line, understand architecture and patterns, then systematically transform it to production-grade, corporate-level professional quality with optimizations"},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/production-code-audit"},"updatedAt":"2026-05-18T18:51:34.108Z"}}