Menu
Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness.
| name | codebase-audit-pre-push |
| description | Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness. |
| category | development |
| risk | safe |
| source | community |
| date_added | 2026-03-05 |
As a senior engineer, you're doing the final review before pushing this code to GitHub. Check everything carefully and fix problems as you find them.
Review the entire codebase file by file. Read the code carefully. Fix issues right away. Don't just note problems—make the necessary changes.
Start by looking for files that shouldn't be on GitHub:
Delete these immediately:
.DS_Store, Thumbs.db, desktop.ini*.log, npm-debug.log*, yarn-error.log**.tmp, *.temp, *.cache, *.swpdist/, build/, .next/, out/, .cache/node_modules/, vendor/, __pycache__/, *.pyc.idea/, .vscode/ (ask user first), *.iml, .project*.bak, *_old.*, *_backup.*, *_copy.*coverage/, .nyc_output/, test-results/TODO.txt, NOTES.txt, scratch.*, test123.*Critical - Check for secrets:
.env files (should never be committed)password, api_key, token, secret, private_key*.pem, *.key, *.cert, credentials.json, serviceAccountKey.jsonIf you find secrets in the code, mark it as a CRITICAL BLOCKER.
Check if the .gitignore file exists and is thorough. If it’s missing or not complete, update it to include all junk file patterns above. Ensure that .env.example exists with keys but no values.
Look through each code file and check:
Dead Code (remove immediately):
return, inside if (false))Code Quality (fix issues as you go):
data, info, temp, thing → rename to be descriptiveif (status === 3) → extract to named constantconsole.log, print(), debuggerany: add proper types or explain why any is used=== instead of == in JavaScriptLogic Issues (critical):
.catch() or try/catchdefault in switch statementsSecrets: Search for hardcoded passwords, API keys, and tokens. They must be in environment variables.
Injection vulnerabilities:
exec() with user-provided inputinnerHTML or dangerouslySetInnerHTML with user dataAuth/Authorization:
Data exposure:
Dependencies:
npm audit or an equivalent toolDatabase:
SELECT *: specify columnsAPI Design:
Code:
Organization:
Separation of concerns:
Reusability:
Backend:
Frontend (if applicable):
README.md must include:
Code comments:
test.only or fdescribe should remain in the codetest.skip without an explanationAfter making all changes, run the app. Ensure nothing is broken. Check that:
After auditing, provide a report:
CODEBASE AUDIT COMPLETE
FILES REMOVED:
- node_modules/ (build artifact)
- .env (contained secrets)
- old_backup.js (unused duplicate)
CODE CHANGES:
[src/api/users.js]
✂ Removed unused import: lodash
✂ Removed dead function: formatOldWay()
🔧 Renamed 'data' → 'userData' for clarity
🛡 Added try/catch around API call (line 47)
[src/db/queries.js]
⚡ Fixed N+1 query: now uses JOIN instead of loop
SECURITY ISSUES:
🚨 CRITICAL: Hardcoded API key in config.js (line 12) → moved to .env
⚠️ HIGH: SQL injection risk in search.js (line 34) → fixed with parameterized query
SCALABILITY:
⚡ Added pagination to /api/users endpoint
⚡ Added index on users.email column
FINAL STATUS:
✅ CLEAN - Ready to push to GitHub
Scores:
Security: 9/10 (one minor header missing)
Code Quality: 10/10
Scalability: 9/10
Overall: 9/10
@security-auditor - Deeper security review@systematic-debugging - Investigate specific issues@git-pushing - Push code after auditAI-powered presentation generation via the 2slides API — create slides from text, match a reference image style, summarize documents into decks, add AI voice narration, and export pages/audio. Use for any "make slides", "create a deck", or "slides from this document" request.
Diff a live page's accessibility violations against a baseline — by default compares uncommitted changes (stash-based), or pass --branch [<name>] to diff against a branch. Reports only new violations introduced, violations fixed, and pre-existing count. Use `scan` for a full audit with no diffing.
Use the Hugging Face Hub CLI (`hf`) to download, upload, and manage models, datasets, and Spaces.
Plan, orchestrate, and adversarially verify parallel AI coding agents with a dynamic multi-agent workflow engine.
Manage opencode permissions: review always-allow lists, suggest safe read-only commands, configure permission patterns
Generate AI images, videos, and music/audio from agents using the RunAPI CLI.