[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-dc6d906c-f068-4043-aa24-cabbac5e4bca":3,"$fVR0e0wDY6oIWQxH3lX4I_jQYne5OWAAEworZ16Oel2Y":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"dc6d906c-f068-4043-aa24-cabbac5e4bca","ship-gate","> 这句话没有内容，无法进行翻译。","cat_life_career","mod_other","alirezarezvani,other","---\nname: ship-gate\ndescription: >\n  Pre-production audit that scans a codebase for security, database,\n  deployment, code quality, AI\u002FLLM, dependency, frontend, and observability\n  issues. Intercepts deploy commands and blocks until critical items pass.\n  Stack-agnostic. Use for \"run ship gate\", \"am I ready to ship\",\n  \"pre-launch audit\", \"can I deploy\", \"push to production\", \"go live\n  checklist\", \"preflight check\". Not for CI\u002FCD setup or infra provisioning.\nlicense: MIT\nmetadata:\n  author: Rajaraman Arumugam\n  version: 1.0.0\n---\n\n# Ship Gate\n\nPre-production audit that scans a codebase and reports pass\u002Ffail\u002Fmanual\nacross 8 categories before anything ships.\n\n## Intercept Behavior\n\nWhen the user says \"push to production\", \"deploy\", \"ship it\", \"go live\",\nor similar deploy-intent phrases, do NOT proceed with deployment. Instead:\n\n1. Ask: \"Have you run the ship gate? Want me to scan now?\"\n2. If yes, run the full audit below.\n3. If the user says they already ran it, ask when. If more than 24 hours\n   ago or if code changed since, recommend re-running.\n\n## How It Works\n\n### Step 1: Detect Stack\n\nRun these checks in order to identify the project stack:\n\n```\nFramework detection:\n  package.json exists        -> Node.js project\n    \"next\" in dependencies   -> Next.js\n    \"react\" in dependencies  -> React (if not Next.js)\n    \"vue\" in dependencies    -> Vue\n    \"svelte\" in dependencies -> Svelte\n    \"astro\" in dependencies  -> Astro\n    \"express\" in dependencies -> Express\n    \"fastify\" in dependencies -> Fastify\n    \"hono\" in dependencies   -> Hono\n  requirements.txt or pyproject.toml -> Python project\n    \"django\" present         -> Django\n    \"flask\" present          -> Flask\n    \"fastapi\" present        -> FastAPI\n  go.mod exists              -> Go project\n  Cargo.toml exists          -> Rust project\n\nDatabase detection:\n  \"@supabase\u002Fsupabase-js\" in package.json -> Supabase\n  supabase\u002F directory exists              -> Supabase\n  \"prisma\" in dependencies                -> Prisma (check schema for DB type)\n  \"mongoose\" in dependencies              -> MongoDB\n  \"pg\" or \"postgres\" in dependencies      -> PostgreSQL\n  firebase.json or .firebaserc exists     -> Firebase\n\nDeploy target detection:\n  vercel.json or .vercel\u002F exists          -> Vercel\n  netlify.toml exists                     -> Netlify\n  Dockerfile exists                       -> Docker\u002FVPS\n  fly.toml exists                         -> Fly.io\n  railway.json exists                     -> Railway\n  .platform\u002Fapplications.yaml            -> Platform.sh\n\nAuth detection:\n  \"@clerk\" in dependencies                -> Clerk\n  \"next-auth\" in dependencies             -> NextAuth\n  \"@supabase\u002Fauth-helpers\" in deps        -> Supabase Auth\n  \"firebase\u002Fauth\" in imports              -> Firebase Auth\n\nAI\u002FLLM detection:\n  \"openai\" in dependencies                -> OpenAI\n  \"@anthropic-ai\u002Fsdk\" in dependencies     -> Claude API\n  \"@google\u002Fgenerative-ai\" in deps         -> Gemini\n```\n\nReport detected stack before proceeding. This determines which checks\nare relevant. Checks tagged with a specific stack in `references\u002Fchecks.md`\nare skipped if that stack is not detected.\n\n### Step 2: Run Automated Checks\n\nRun categories in this order: SEC, DB, CODE, DEP, AI, DEPLOY, FE, OBS.\nSecurity and database first because they produce the most critical findings.\n\nFor each category, run every auto-scannable check from\n`references\u002Fchecks.md` using the patterns in `references\u002Fpatterns.md`.\n\nReport progress after each category completes:\n```\n[1\u002F8] Security: 3 FAIL, 12 PASS, 3 SKIP\n[2\u002F8] Database: 1 FAIL, 5 PASS, 6 SKIP\n...\n```\n\nReport results as:\n- PASS: check passed\n- FAIL: issue found (with file path and line number)\n- SKIP: not applicable to this stack\n\n### Step 3: Manual Confirmation\n\nFor checks that cannot be automated (backup restore tested, rollback plan\nexists, staging test passed), present them as a checklist and ask the user\nto confirm each one.\n\n### Step 4: Verdict\n\nClassify results into three severities:\n- CRITICAL: must fix before shipping (secrets exposed, no auth on routes,\n  no HTTPS, SQL injection vectors, no RLS on Supabase tables)\n- HIGH: should fix before shipping (no error boundaries, no rate limiting,\n  console.logs in production, no pagination)\n- ADVISORY: recommended but not blocking (no OG tags, no custom 404,\n  no analytics, no SBOM)\n\nFinal output:\n\n```\nSHIP GATE REPORT\n================\nStack: Next.js + Supabase + Vercel\nScan time: 12s\n\nCRITICAL (3 items, must fix)\n  FAIL  [SEC-01] API key found in src\u002Flib\u002Fapi.ts:14\n  FAIL  [DB-07] RLS not enabled on \"profiles\" table\n  FAIL  [SEC-05] No CSRF protection on \u002Fapi\u002Fcheckout\n\nHIGH (5 items, should fix)\n  FAIL  [CODE-01] 12 console.log statements in production code\n  FAIL  [CODE-03] Empty catch block in src\u002Futils\u002Fauth.ts:45\n  FAIL  [DEP-04] 3 critical npm audit vulnerabilities\n  FAIL  [DEPLOY-05] No rollback plan documented\n  MANUAL [DEPLOY-06] Staging test not confirmed\n\nADVISORY (4 items, recommended)\n  FAIL  [FE-01] Missing OG meta tags\n  FAIL  [FE-03] No custom 404 page\n  PASS  [OBS-01] Error monitoring configured\n  SKIP  [AI-01] No AI\u002FLLM usage detected\n\nVERDICT: DO NOT SHIP (3 critical issues)\nFix critical items and re-run.\n```\n\nIf zero critical items remain, verdict is: CLEAR TO SHIP.\nIf only high items remain, verdict is: SHIP WITH CAUTION (acknowledge risks).\n\n## Categories\n\nEight categories, each with a code prefix. Full check details in\n`references\u002Fchecks.md`.\n\n| Prefix | Category | Auto | Manual | Tool |\n|--------|----------|------|--------|------|\n| SEC | Security | 15 | 3 | 0 |\n| DB | Database | 7 | 5 | 0 |\n| DEPLOY | Deployment | 3 | 8 | 0 |\n| CODE | Code Quality | 11 | 0 | 1 |\n| AI | AI\u002FLLM Security | 5 | 3 | 0 |\n| DEP | Dependencies | 5 | 0 | 1 |\n| FE | Frontend Quality | 7 | 3 | 0 |\n| OBS | Observability | 2 | 5 | 0 |\n\n## Scope\n\nThis skill audits. It does not fix. When it finds issues, it reports\nthem with file locations and remediation guidance. The user or another\nskill (systematic-debugging, backend-patterns, shadcn-stack) handles\nthe fix.\n\nThis skill does not:\n- Set up CI\u002FCD pipelines\n- Provision infrastructure\n- Configure monitoring tools\n- Run after deployment (it is pre-deploy only)\n\n## Integration Points\n\n- **karpathy-coder**: run ship-gate after karpathy-check passes — simplicity first, then production readiness\n- **adversarial-reviewer**: deep security review for items ship-gate flags as critical\n- **security-pen-testing**: penetration testing methodology for SEC-category findings\n- **code-reviewer**: general code quality review complements ship-gate's automated checks\n","","imported","https:\u002F\u002Fgithub.com\u002Falirezarezvani\u002Fclaude-skills","user_system_seed","SkillOPIC",true,235,303,"2026-05-16 13:55:12",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"其他","other","mdi-page-next-outline","其他类型Skill",5,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"职场发展","career","mdi-briefcase-outline","面试准备、简历优化、职业规划",4,575,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"9358d0d5-c6fd-4355-8516-795721ce979d","1.0.0","ship-gate.zip",27645,"uploads\u002Fskills\u002Fdc6d906c-f068-4043-aa24-cabbac5e4bca\u002Fship-gate.zip","88819f69172b4e147a9742f927e9898a0f0dfbc39d95895271427c9209e8a012","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":6606},{\"path\":\"references\u002Fchecks.md\",\"isDirectory\":false,\"size\":19088},{\"path\":\"references\u002Fpatterns.md\",\"isDirectory\":false,\"size\":16780},{\"path\":\"scripts\u002Fship_gate_scanner.py\",\"isDirectory\":false,\"size\":50439}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]