firefrost-gaming/antigravity-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Mohammad Faiz
2026-01-23 20:49:11 +05:30
committed by GitHub
parent ebdc51708c
commit 831d87605a
1 changed files with 314 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

314
skills/production-code-audit/SKILL.md Normal file
View File

@@ -0,0 +1,314 @@
---
name: production-code-audit
description: "Systematically audit codebase for production readiness covering architecture, security, performance, testing, and enterprise-level quality standards"
---
# Production Code Audit
## Overview
Conduct systematic codebase audits to ensure production-grade quality meeting enterprise standards. This skill provides a structured approach to evaluate code architecture, security, performance, testing coverage, and deployment readiness.
## When to Use This Skill
- Use when preparing codebase for production deployment
- Use when conducting enterprise-level quality audits
- Use when evaluating technical debt
- Use when performing pre-acquisition due diligence
- Use when transitioning from prototype to production
- Use when establishing quality baselines
- Use when ensuring corporate coding standards compliance
## How It Works
### Step 1: Architecture Review
Examine overall structure:
- Project organization and modularity
- Separation of concerns
- Design pattern usage
- Dependency management
- Circular dependency detection
### Step 2: Code Quality Analysis
Assess code maintainability:
- Function complexity (cyclomatic complexity < 10)
- Code duplication (DRY principle)
- Naming conventions consistency
- SOLID principles adherence
- Error handling patterns
### Step 3: Security Audit
Check for vulnerabilities:
- SQL injection risks
- XSS vulnerabilities
- Authentication/authorization issues
- Hardcoded secrets
- Input validation gaps
- OWASP Top 10 compliance
### Step 4: Performance Check
Identify bottlenecks:
- N+1 query problems
- Missing database indexes
- Inefficient algorithms
- Large bundle sizes
- Missing caching strategies
### Step 5: Testing Assessment
Evaluate test quality:
- Test coverage percentage
- Critical path testing
- Edge case coverage
- Flaky test identification
- CI/CD pipeline status
### Step 6: Production Readiness
Verify deployment preparedness:
- Environment configuration
- Logging and monitoring setup
- Error tracking integration
- Health check endpoints
- Documentation completeness
## Examples
### Example 1: Quick Audit Checklist
```markdown
## Production Readiness Audit
### Architecture (Grade: B+)
- ✅ Clean separation of concerns
- ✅ Proper dependency injection
- ❌ CRITICAL: Circular dependency in OrderService ↔ PaymentService
- ⚠️ HIGH: UserService has 35 methods (god class)
### Security (Grade: C)
- ❌ CRITICAL: SQL injection in UserRepository.findByEmail()
- ❌ CRITICAL: Hardcoded database password in config
- ❌ HIGH: Admin routes missing authentication
- ⚠️ MEDIUM: Weak password hashing (MD5)
### Performance (Grade: B-)
- ❌ HIGH: N+1 query in OrderService.getOrdersWithItems()
- ⚠️ MEDIUM: Missing Redis caching
- ⚠️ MEDIUM: Bundle size 850KB (target: <200KB)
### Testing (Grade: C+)
- ⚠️ Coverage: 42% (target: 80%+)
- ❌ Payment processing: 0% coverage
- ❌ Authentication: 35% coverage
### Recommendations:
1. Fix critical security issues (1 week)
2. Add authentication to admin routes (2 days)
3. Fix N+1 queries (3 days)
4. Increase test coverage (2 weeks)
```
### Example 2: Security Issue Report
```markdown
## Critical Security Issue
**Severity:** CRITICAL
**File:** `src/repositories/UserRepository.ts`
**Line:** 78
**Issue:** SQL Injection Vulnerability
**Vulnerable Code:**
\`\`\`typescript
// ❌ DANGEROUS
async findByEmail(email: string) {
const query = \`SELECT * FROM users WHERE email = '\${email}'\`;
return await this.db.query(query);
}
\`\`\`
**Fix:**
\`\`\`typescript
// ✅ SAFE
async findByEmail(email: string) {
const query = 'SELECT * FROM users WHERE email = $1';
return await this.db.query(query, [email]);
}
\`\`\`
**Impact:** Database compromise, data breach
**Priority:** Fix immediately before production
```
### Example 3: Performance Optimization
```markdown
## Performance Issue
**File:** `src/services/DashboardService.ts`
**Impact:** 3.2s response time (target: <200ms)
**Problem:**
\`\`\`typescript
// ❌ Sequential queries (3.2s)
async getDashboard(userId: string) {
const user = await db.user.findUnique({ where: { id: userId } }); // 200ms
const orders = await db.order.findMany({ where: { userId } }); // 800ms
const products = await db.product.findMany({ where: { userId } }); // 1200ms
return { user, orders, products };
}
\`\`\`
**Solution:**
\`\`\`typescript
// ✅ Parallel queries (1.2s - 62% faster)
async getDashboard(userId: string) {
const [user, orders, products] = await Promise.all([
db.user.findUnique({ where: { id: userId } }),
db.order.findMany({ where: { userId } }),
db.product.findMany({ where: { userId } })
]);
return { user, orders, products };
}
\`\`\`
**Result:** 3.2s → 1.2s (62% improvement)
```
## Best Practices
### ✅ Do This
- **Prioritize Issues** - Critical → High → Medium → Low
- **Provide Solutions** - Show how to fix, not just what's wrong
- **Measure Impact** - Quantify improvements with metrics
- **Grade Components** - Use A-F grades for clarity
- **Set Timelines** - Realistic estimates for fixes
- **Focus on Critical** - Security and data loss issues first
- **Document Findings** - Create clear audit reports
- **Verify Fixes** - Re-audit after changes
### ❌ Don't Do This
- **Don't Overwhelm** - Prioritize, don't dump 500 issues
- **Don't Be Vague** - Show specific code examples
- **Don't Skip Context** - Consider project stage and requirements
- **Don't Ignore Security** - Security issues are always critical
- **Don't Forget Testing** - Untested code isn't production-ready
- **Don't Skip Documentation** - Code without docs isn't maintainable
## Common Pitfalls
### Problem: Too Many Issues
**Symptoms:** Team paralyzed by 200+ issues
**Solution:** Focus on critical/high priority only, create sprints
### Problem: False Positives
**Symptoms:** Flagging non-issues
**Solution:** Understand context, verify manually, ask developers
### Problem: No Follow-Up
**Symptoms:** Audit report ignored
**Solution:** Create GitHub issues, assign owners, track in standups
## Production Audit Checklist
### Security
- [ ] No SQL injection vulnerabilities
- [ ] No hardcoded secrets
- [ ] Authentication on protected routes
- [ ] Authorization checks implemented
- [ ] Input validation on all endpoints
- [ ] Password hashing with bcrypt (10+ rounds)
- [ ] HTTPS enforced
- [ ] Dependencies have no vulnerabilities
### Performance
- [ ] No N+1 query problems
- [ ] Database indexes on foreign keys
- [ ] Caching implemented
- [ ] API response time < 200ms
- [ ] Bundle size < 200KB (gzipped)
### Testing
- [ ] Test coverage > 80%
- [ ] Critical paths tested
- [ ] Edge cases covered
- [ ] No flaky tests
- [ ] Tests run in CI/CD
### Production Readiness
- [ ] Environment variables configured
- [ ] Error tracking setup (Sentry)
- [ ] Structured logging implemented
- [ ] Health check endpoints
- [ ] Monitoring and alerting
- [ ] Documentation complete
## Audit Report Template
```markdown
# Production Audit Report
**Project:** [Name]
**Date:** [Date]
**Overall Grade:** [A-F]
## Executive Summary
[2-3 sentences on overall status]
**Critical Issues:** [count]
**High Priority:** [count]
**Recommendation:** [Fix timeline]
## Findings by Category
### Architecture (Grade: [A-F])
- Issue 1: [Description]
- Issue 2: [Description]
### Security (Grade: [A-F])
- Issue 1: [Description + Fix]
- Issue 2: [Description + Fix]
### Performance (Grade: [A-F])
- Issue 1: [Description + Fix]
### Testing (Grade: [A-F])
- Coverage: [%]
- Issues: [List]
## Priority Actions
1. [Critical issue] - [Timeline]
2. [High priority] - [Timeline]
3. [High priority] - [Timeline]
## Timeline
- Critical fixes: [X weeks]
- High priority: [X weeks]
- Production ready: [X weeks]
```
## Related Skills
- `@code-review-checklist` - Code review guidelines
- `@api-security-best-practices` - API security patterns
- `@web-performance-optimization` - Performance optimization
- `@systematic-debugging` - Debug production issues
- `@senior-architect` - Architecture patterns
## Additional Resources
- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
- [Google Engineering Practices](https://google.github.io/eng-practices/)
- [SonarQube Quality Gates](https://docs.sonarqube.org/latest/user-guide/quality-gates/)
- [Clean Code by Robert C. Martin](https://www.amazon.com/Clean-Code-Handbook-Software-Craftsmanship/dp/0132350882)
---
**Pro Tip:** Schedule regular audits (quarterly) to maintain code quality. Prevention is cheaper than fixing production bugs!