一键导入
launch-check
Production readiness audit — 10-dimension go/no-go sweep (security, a11y, compliance, analytics, SEO, GEO, perf, monitoring, docs, behaviour-quality).
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Production readiness audit — 10-dimension go/no-go sweep (security, a11y, compliance, analytics, SEO, GEO, perf, monitoring, docs, behaviour-quality).
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Review a PR for quality, security, and standards compliance. Invokes the Code Reviewer agent (Rex).
Review a technical design / migration AgDR / feature spec for architectural soundness BEFORE the Build phase. Invokes the Solution Architect agent (Tariq) — the non-code analog of /code-review.
Score a review agent (Rex/Hakim/Tariq) against a labeled PR corpus — ground-truth defect-set overlap, never a prose rubric. Headline metric is approve-precision.
Security-focused PR review for vulnerabilities and best practices. Invokes the Security Reviewer agent (Shield).
Record per-PR design-review approval (UI merge gate). ONLY on an explicit per-PR designer "approved".
Record per-PR CEO approval and merge in one turn. ONLY on an explicit per-PR "approved" — never on umbrella "go".
| name | launch-check |
| description | Production readiness audit — 10-dimension go/no-go sweep (security, a11y, compliance, analytics, SEO, GEO, perf, monitoring, docs, behaviour-quality). |
| disable-model-invocation | false |
| argument-hint | [project-path] | trend [project-path] | --workflow [project-path] |
| effort | high |
Runs a 10-dimension sweep against a project and outputs a one-page verdict. Designed for milestone boundaries — epic completion, release cuts, launch prep — not per-PR use.
Invoke from the project's workspace directory (cd workspace/<project>/) or pass the path as an argument: /launch-check workspace/my-app.
Three modes:
/launch-check [project-path] — full audit (default). Runs all 10 dimensions serially, persists results to the per-project history store, and renders a "Trend (last 5 runs)" section when ≥ 2 prior runs exist./launch-check trend [project-path] — read-only trend report. Renders just the trend section from existing run files. Useful for "are we trending up?" without burning the audit cost. See § "Trend-only mode" below./launch-check --workflow [project-path] — opt-in parallel + adversarially-verified audit. Fans the 10 dimensions out concurrently (one agent each), independently verifies every FAIL/WARN finding before it lands in the verdict, then synthesizes the same table and persists via the same history store. Faster wall-clock and fewer false positives; costs more tokens (spawns ~10–20 agents). Same output, same trend continuity — see § "Workflow mode" below.Each dimension has a dedicated expert skill for when you need to go deeper than the one-line summary. The launch check is the overview; the expert skills are the investigation.
| Dimension | Quick check | Deep dive |
|---|---|---|
| Security | /launch-check row 1 | /threat-model — full STRIDE threat modelling exercise |
| Accessibility | /launch-check row 2 | /accessibility-audit — WCAG 2.1 AA compliance audit |
| Compliance | /launch-check row 3 | /compliance-check — GDPR + ePrivacy analysis |
| Analytics | /launch-check row 4 | /analytics-audit — event taxonomy and funnel coverage |
| SEO | /launch-check row 5 | /seo-audit — technical SEO against Google best practices |
| Generative-engine | /launch-check row 6 | /geo-audit — LLM/agent discoverability (GEO + AEO), llms.txt, AGENTS.md, AI-crawler directives, JSON-LD citation grounding |
| Performance | /launch-check row 7 | /performance-audit — bundle, images, Core Web Vitals |
| Monitoring | /launch-check row 8 | /monitoring-audit — observability and incident readiness |
| Documentation | /launch-check row 9 | /docs-audit — Diataxis framework completeness |
| Behaviour quality | /launch-check row 10 | /mutation-test — mutation-testing sensor; measures whether the test suite constrains behaviour, not just executes lines |
When a dimension shows WARN or FAIL, tell the user: "For a detailed analysis, run /threat-model" (or the relevant expert skill).
The output should be scannable in 10 seconds. One table, one verdict, one blockers list:
LAUNCH CHECK — <project> @ <sha> (<date>)
| # | Dimension | Status | Finding |
|----|--------------------|--------|--------------------------------------|
| 1 | Security | PASS | No critical vulns, auth flow ok |
| 2 | Accessibility | WARN | 3 images missing alt text |
| 3 | Compliance | FAIL | No cookie consent banner detected |
| 4 | Analytics | PASS | GA4 configured, 12 events tracked |
| 5 | SEO | WARN | Missing og:image on 2 pages |
| 6 | Generative-engine | WARN | No llms.txt, AGENTS.md missing |
| 7 | Performance | PASS | Bundle < 200KB, LCP < 2.5s |
| 8 | Monitoring | FAIL | No health check endpoint found |
| 9 | Documentation | PASS | README updated this week |
| 10 | Behaviour quality | WARN | Mutation score 54% (threshold 60%) |
Verdict: CONDITIONAL GO (2 failures need resolution)
Blocking:
- [ ] Add cookie consent banner (compliance)
- [ ] Add /health endpoint (monitoring)
Warnings (non-blocking, address before next launch):
- [ ] Add alt text to 3 images (accessibility)
- [ ] Add og:image to landing and pricing pages (SEO)
Do NOT dump hundreds of lines. Each dimension gets ONE row in the table. Details go in follow-up messages only if the user asks "tell me more about the security findings" — not upfront.
| Condition | Verdict |
|---|---|
| All dimensions PASS | GO — ready to launch |
| Some WARN, zero FAIL | GO with warnings — launch is safe, address warnings before next milestone |
| Any FAIL | CONDITIONAL GO — resolve the blocking items before launch |
| 3+ FAIL or any critical security finding | NO-GO — significant gaps, not launch-ready |
What to check:
npm audit / pip audit / equivalent for dependency vulnerabilitiescheck-secrets.sh but against the full codebase, not just staged files)PASS if: no critical vulns, auth uses a reputable provider, no hardcoded secrets, basic OWASP surface clean. WARN if: medium vulns in dependencies, or missing security headers. FAIL if: critical vuln, hardcoded secrets found, no auth on a user-facing app, or obvious injection surface.
What to check:
<img tags without alt attributes<main>, <nav>, <header>, <footer>, heading hierarchy (h1 → h2 → h3)aria-label on interactive elements without visible textonClick handlers without corresponding onKeyDown?<html lang="..."> attributePASS if: all images have alt text, semantic HTML used, no obvious contrast issues. WARN if: a few missing alt texts, or minor semantic gaps. FAIL if: systematic missing alt text, no semantic HTML at all, or no lang attribute.
What to check:
/privacy route or privacy-policy page/terms routePASS if: cookie consent present, privacy policy exists, terms exist. WARN if: privacy policy exists but no data deletion mechanism. FAIL if: no cookie consent on a site that uses cookies, or no privacy policy on a user-facing app.
What to check:
PASS if: analytics SDK configured and events are being tracked. WARN if: SDK configured but few/no custom events (only page views). FAIL if: user-facing app with zero analytics. (Non-user-facing like CLIs/libraries: auto-PASS.)
What to check:
<title> and <meta name="description"> on key pages<meta property="og:title">, og:description, og:image (Open Graph)sitemap.xml at the expected locationrobots.txt<link rel="canonical">)PASS if: title + description + OG tags on main pages, sitemap exists, robots.txt exists. WARN if: missing OG tags on some pages, or no structured data. FAIL if: no title/description on the main page, or no robots.txt. (Non-web projects: auto-PASS.)
What to check (quick scan — full deep-dive lives in /geo-audit):
llms.txt and llms-full.txt at the site rootAGENTS.md at the repo rootrobots.txt (does it name GPTBot, ClaudeBot, PerplexityBot, etc.?)author, dateModified, datePublished, publisher)char_count / 4 — flag pages over 25K)Covers two related sub-scopes: GEO (LLM citations — ChatGPT, Claude, Perplexity, Gemini) and AEO (coding-agent consumption — Claude Code, Cursor, Aider, Cline). Both consume the same artefacts, so they share one row at the milestone-boundary level. For the bucket-by-bucket breakdown, run /geo-audit.
PASS if: llms.txt present, AGENTS.md present with sandbox + MCP sections, JSON-LD citation metadata on key pages.
WARN if: some artefacts missing (e.g. AGENTS.md exists but lacks sandbox links).
FAIL if: no llms.txt AND no AGENTS.md AND no citation JSON-LD on a content-heavy site. (Non-web projects: auto-PASS.)
What to check:
dist/, build/, .next/)loading="lazy")PASS if: bundle under 300KB gzipped, images optimized, lazy loading present. WARN if: bundle 300-500KB, or a few large images. FAIL if: bundle > 1MB, or systematically unoptimized images. (Non-web: auto-PASS.)
What to check:
/health, /healthz, /api/health)docs/runbook.md, docs/incident-response.md)PASS if: error tracking configured, health endpoint exists, some alerting in place. WARN if: error tracking but no health endpoint, or no runbook. FAIL if: no error tracking at all on a production app, or no health endpoint.
What to check:
PASS if: README has setup + run + deploy instructions, and was updated recently. WARN if: README exists but is stale (> 30 days behind code changes), or API undocumented. FAIL if: no README, or README is the default GitHub template.
What to check (quick gate — full deep-dive lives in /mutation-test):
.claude/project-config.json → mutation.threshold (default 60% from .claude/project-config.defaults.json)projects/<name>/quality/mutation-<YYYY-MM-DD>.md (within the last 30 days)/mutation-test for a fresh run, but do NOT auto-run it during /launch-check. A mutation audit takes 20–40 minutes on a medium codebase — too slow to fold into the milestone-boundary sweep silently. The dimension reports WARN with the finding "no recent mutation report (run /mutation-test for a fresh number)".mutation.runner is null or the project's primary language has no recognised mutation runner installed: auto-PASS (the audit doesn't apply — same shape as SEO auto-PASS for non-web projects). Surface the gap as INFO in the finding column.PASS if: recent mutation report exists AND score ≥ threshold.
WARN if: recent mutation report exists BUT score < threshold, OR no recent report (operator should run /mutation-test).
FAIL if: never — mutation testing is advisory, not a launch blocker. See AgDR-0045 for the rationale.
Auto-PASS for projects without a mutation runner installed (or where the language has no recognised dispatch — e.g. Rust at v1).
If invoked with an argument, use that path. Otherwise, use the current working directory. Verify it's a git repo with source code (not the ops repo itself — the launch check is for managed projects, not for apexyard).
Read the project's structure to determine what checks apply:
index.html, React/Vue/Svelte/Next.js markers) → all 9 dimensionsGo through each dimension in order. For each:
Do NOT spend more than 30 seconds per dimension. The checks should be quick grepping and file scanning, not deep code review. Deep dives happen in the dedicated companion skill (/seo-audit, /geo-audit, /threat-model, etc.) — not inside the initial sweep.
Count PASS/WARN/FAIL, apply the verdict logic, format the output table.
Print the table exactly as shown in the "Output format" section above. Then continue to Step 6 to persist the run and render the trend section.
Do NOT auto-create tickets for the findings. Offer: "Want me to create tickets for the blocking items?" — but let the user decide. The launch check is advisory.
--workflow) — opt-in parallel + adversarial verifyWhen invoked as /launch-check --workflow [project-path], replace the serial Steps 3–5 with a single Workflow tool invocation that fans the 10 dimensions out concurrently and adversarially verifies the findings, then resume at Step 6 (persist) unchanged. Steps 1–2 (resolve project + detect stack) and Step 6 (persist + trend) are identical to the default path — only the evaluation of the 10 dimensions changes from serial to fanned-out.
The 10 dimensions are independent and read-only — no shared writes, no cross-dimension data dependency, no human gate. That's the canonical fan-out shape: evaluate all 10 in parallel, then have an independent skeptic try to refute each FAIL/WARN before it reaches the verdict (the false-positive killer). The trade-off is token cost — a workflow run spawns ~10–20 agents versus one serial pass — so this is opt-in, never the default. Rationale: AgDR-0055.
Prerequisite: the Workflow tool requires explicit opt-in to multi-agent orchestration. The --workflow flag is that opt-in — when the operator passes it, author and run the workflow below. Without the flag, run the serial path and do NOT invoke Workflow.
Author and run this via the Workflow tool (adapt the project name / stack-skip set from Steps 1–2). The dimension prompts reuse the exact PASS/WARN/FAIL criteria from "The 9 dimensions" / row-10 below — do not invent new criteria. Auto-PASS the not-applicable dimensions per the existing rules (e.g. SEO/GEO/perf auto-PASS for a non-web project, analytics auto-PASS for a CLI/library) by passing them as already-resolved rather than spawning an agent.
export const meta = {
name: 'launch-check',
description: 'Parallel 10-dimension production-readiness audit with adversarial verification',
phases: [
{ title: 'Evaluate', detail: 'one agent per applicable dimension' },
{ title: 'Verify', detail: 'adversarially refute each FAIL/WARN finding' },
],
}
// args = { projectPath, projectName, dimensions: [{ key, label, prompt, applicable }] }
// `prompt` carries that dimension's "What to check" + PASS/WARN/FAIL criteria verbatim
// from this SKILL. Non-applicable dimensions are pre-resolved to PASS and skipped.
const DIM_SCHEMA = {
type: 'object',
required: ['key', 'status', 'score', 'finding'],
properties: {
key: { type: 'string' },
status: { enum: ['PASS', 'WARN', 'FAIL'] },
score: { type: 'integer' }, // 0-100, same scale render-trend.sh plots
finding: { type: 'string' }, // one-line, fits the verdict-table cell
evidence:{ type: 'string' }, // file:line or command output backing the status
},
}
const VERDICT_SCHEMA = {
type: 'object',
required: ['key', 'upheld', 'reason'],
properties: {
key: { type: 'string' },
upheld: { type: 'boolean' }, // false = the skeptic refuted the WARN/FAIL
reason: { type: 'string' },
},
}
const applicable = args.dimensions.filter(d => d.applicable)
const preResolved = args.dimensions.filter(d => !d.applicable)
.map(d => ({ key: d.key, status: 'PASS', score: 100, finding: 'N/A for this project type' }))
// Phase 1+2 pipelined: each dimension verifies as soon as its evaluation returns,
// rather than waiting for the slowest dimension (no barrier).
const evaluated = await pipeline(
applicable,
d => agent(d.prompt, { label: `eval:${d.key}`, phase: 'Evaluate', schema: DIM_SCHEMA, agentType: d.agentType }),
(res, d) => {
if (!res) return null
if (res.status === 'PASS') return res // nothing to refute
// Adversarially verify only WARN/FAIL — the findings that move the verdict.
return agent(
`Adversarially REFUTE this ${d.label} finding for ${args.projectName}: "${res.finding}" ` +
`(evidence: ${res.evidence || 'none'}). Default upheld=false if you cannot independently confirm it. ` +
`Re-check the codebase yourself.`,
{ label: `verify:${d.key}`, phase: 'Verify', schema: VERDICT_SCHEMA },
).then(v => {
// A refuted FAIL/WARN is downgraded to PASS (the false-positive cut).
if (v && v.upheld === false) return { ...res, status: 'PASS', finding: `${res.finding} (refuted on verify: ${v.reason})` }
return res
})
},
)
return { results: [...preResolved, ...evaluated.filter(Boolean)] }
results[] (one row per dimension, each with status / score / finding).scores{} from each row's score, findings[] from the WARN/FAIL rows), call audit_run_persist, then audit_render_trend. The history store, schema, and render-trend.sh chart are identical to a serial run, so trend continuity is preserved across serial↔workflow runs.If the Workflow tool is unavailable in the current Claude Code installation, say so in one line and fall back to the serial Steps 3–5. The audit must still complete — --workflow is an optimisation, not a hard dependency.
After the verdict table, persist this run to the project's history store via the shared audit-history lib and append a trend section if there are ≥ 2 prior runs.
This step was refactored as part of #218 to consume _lib-audit-history.sh (the same lib that powers /threat-model, /security-review, and the other audit skills). Behaviour is preserved: the JSON schema is the same superset shape, the chart is rendered by the same render-trend.sh (dispatched from inside the lib), and adopters' existing run-history at the legacy path is still picked up by the trend renderer.
<project-name> is the project's registered name in apexyard.projects.yaml. If the project isn't registered (e.g. someone runs /launch-check on a directory that's never been onboarded), use the basename of the project path; tell the operator to /handover it for cross-machine trend continuity.
The headline score is the unweighted mean of scores.*, rounded to int. The verdict is one of go / go-with-warnings / conditional-go / no-go (launch-check-specific four-state vocabulary, preserved from the existing skill).
The lib's audit_run_persist accepts arbitrary stdin JSON and augments it with top-level ts / dimension / verdict / score fields, then writes both a JSON file and an MD file. For launch-check the JSON payload is a SUPERSET — it includes the legacy scores{} map (for render-trend.sh to plot) AND a derived findings[] array (for the canonical schema):
source "$(git rev-parse --show-toplevel)/.claude/hooks/_lib-audit-history.sh"
# Map each scored dimension to a Finding for the canonical schema.
# Severity from score: ≥85 info, 70-84 low, 55-69 medium, 40-54 high, <40 critical.
payload=$(mktemp); cat > "$payload" <<'EOF'
{
"schema_version": 1,
"branch": "main",
"commit": "abc1234",
"scores": {
"security": 88, "accessibility": 94, "compliance": 76,
"analytics": 90, "seo": 87, "generative_engine": 64,
"performance": 68, "monitoring": 83, "docs": 91
},
"top_risks": ["No cookie consent banner", "Missing /health endpoint"],
"findings": [
{"id": "compliance", "severity": "low", "status": "open", "summary": "compliance score 76 — cookie consent banner missing"},
{"id": "performance", "severity": "medium", "status": "open", "summary": "performance score 68 — bundle > 250KB"}
]
}
EOF
# Body: the human-readable per-run summary launch-check already produces.
body=$(mktemp); cat > "$body" <<'EOF'
## Launch-check verdict: conditional-go
| Dimension | Score | Status |
|-----------------|-------|--------|
| Security | 88 | PASS |
| Accessibility | 94 | PASS |
| Compliance | 76 | WARN |
| ... | ... | ... |
## Top risks
1. No cookie consent banner
2. Missing /health endpoint
## Recommendations
(...)
EOF
ts=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
audit_run_persist "<project-name>" "launch-check" "$ts" "conditional-go" 84 "$body" < "$payload"
rm -f "$payload" "$body"
audit_run_persist writes:
projects/<name>/audits/launch-check/runs/<ts>.json — JSON with everything the lib added on top of the payload (top-level ts, dimension: launch-check, verdict, score, schema_version) AND everything in the original payload (scores{}, branch, commit, top_risks[], findings[], derived stats{})projects/<name>/audits/launch-check/<ts>.md — frontmatter + the body aboveprojects/<name>/audits/launch-check/.gitignore — driven by the per-dim .audit-history-tracked marker presenceJSON schema is a SUPERSET. The canonical fields (ts, dimension, verdict, score, findings[], stats{}, schema_version) coexist with the launch-check-specific fields (scores{}, branch, commit, top_risks[]). The legacy render-trend.sh reads ts / scores / verdict and works unchanged. The new generic audit_render_trend reads ts / score / verdict and works for the rest of the audit family.
audit_render_trend "<project-name>" "launch-check" 5
render-trend.sh for the launch-check dimension — byte-equal output to the pre-#218 chart (mean of scores.* on Y-axis, score-delta notes, ASCII chart).audit_run_list merges JSON from the canonical path (projects/<name>/audits/launch-check/runs/) AND the legacy path (projects/<name>/launch-check/runs/) — so adopters' existing history continues to render across the migration. No mv required.The per-dimension marker (.audit-history-tracked) sits inside the dimension's audit dir and controls whether runs/*.json files are gitignored:
# Opt in to commit launch-check history
touch projects/<name>/audits/launch-check/.audit-history-tracked
The lib re-evaluates the marker on every persist; toggling is free. The MD artefact at <dim_dir>/<ts>.md is committed regardless — that's the durable human-readable artefact.
Migration note for adopters with existing history: the legacy marker at projects/<name>/launch-check/.launch-check-history-tracked continues to apply to that path's runs/. To consolidate trees, mv projects/<name>/launch-check/* projects/<name>/audits/launch-check/ after backing up; the lib's renderer will read the consolidated tree on the next run. Consolidation is optional — the read-merge happens transparently if you leave both trees in place.
/launch-check trend [project-path]Read-only mode that produces just the trend section (no full audit, no per-dimension grep). Useful for "are we trending up?" without re-running the costly sweep.
Process:
_lib-audit-history.sh (same as Step 6).audit_render_trend "<project-name>" "launch-check" 5. The lib reads both the canonical path AND the legacy path; if the merged set has < 2 runs the call is silent and you tell the operator there's no trend yet.Do NOT run the 9-dimension sweep in this mode. Do NOT write any new JSON. This mode is purely for reviewing existing history.
workspace/<project>/, not the ops repo.audit_run_persist, regardless of opt-in commit state. The .audit-history-tracked marker only controls whether the JSON files are committed; the MD artefacts are committed unconditionally and persistence happens on every run.audit_resolve_dir (inside _lib-audit-history.sh) calls portfolio_projects_dir for you — the SKILL doesn't need to source the portfolio helper directly any more.Persistence + trend logic ships as a shared shell helper that all audit skills consume:
| File | Purpose |
|---|---|
.claude/hooks/_lib-audit-history.sh | Audit-history library shared with /threat-model, /security-review, etc. (4 functions: audit_resolve_dir, audit_run_persist, audit_run_list, audit_render_trend) |
render-trend.sh (this skill's dir) | Legacy chart renderer for the launch-check dimension; the lib's audit_render_trend dispatches to it when the dimension is launch-check so the chart shape stays byte-equal across the #218 refactor |
Design rationale:
docs/agdr/AgDR-0014-launch-check-trend-tracking.mddocs/agdr/AgDR-0019-audit-artefact-persistence.md and docs/technical-designs/audit-artefact-persistence.mdPart of ApexYard — multi-project SDLC framework for Claude Code · MIT.