Production Readiness — Claude Code Plugin
Like having a senior engineer + QA tester do a final review before you deploy.
A comprehensive production readiness audit for Claude Code. Run /production-readiness on any project to get a structured report covering security, visual QA, code quality, testing, error handling, build configuration, performance, and accessibility — with actionable fixes for every issue found.
Why This Exists
Deploying to production is stressful. You check one thing, forget another. Did you leave console.log in? Are there hardcoded API keys? Does the mobile layout break? Is the build even passing?
This plugin runs 60+ automated checks across 8 categories and produces a single, prioritized report. It adapts to whatever tech stack you're using — no configuration needed.
The 8 Pillars
| # | Pillar | What's Checked |
|---|
| 1 | Security | Hardcoded secrets, .env safety, dependency vulnerabilities, input validation, auth config, rate limiting, security headers, error exposure, SQL injection, XSS, CORS configuration, dependency licenses |
| 2 | Visual QA | Screenshots every page at desktop + mobile viewports, then inspects each for layout issues, spelling mistakes, responsive problems, broken UI, and visual inconsistencies |
| 3 | Code Quality | console.log / debugger statements, TODO/FIXME comments, lint errors, type errors, unused dependencies |
| 4 | Testing | Runs your test suites, reports pass/fail and coverage, flags untested critical paths (auth, payments, mutations) |
| 5 | Error Handling | Error boundaries, error tracking (Sentry etc.), health check endpoints, structured logging, sensitive data in logs |
| 6 | Config & Build | Build passes, env vars documented, source maps hidden, no dev-only leaks, HTTPS redirects, Docker security, container orchestration, platform deployment configs |
| 7 | Performance | Image optimization, bundle size, caching headers, N+1 query patterns, lazy loading, Core Web Vitals, font optimization, third-party scripts, API response size |
| 8 | Accessibility | Semantic HTML, ARIA labels, keyboard navigation, color contrast, screen reader support, automated a11y testing |
Install
claude plugin add Meghshyams/production-readiness
Or clone and use locally:
git clone https://github.com/Meghshyams/production-readiness.git
claude --plugin-dir ./production-readiness
Usage
# Full audit — all 8 pillars
/production-readiness
# Run specific pillars only
/production-readiness --only=security,testing
# Skip specific pillars
/production-readiness --skip=visual,performance
# Override dev server port
/production-readiness --port=3000
Pillar names for --only / --skip: security, visual, quality, testing, build, errors, performance, accessibility
How It Works
Phase 1: DETECT
├── Identifies your framework, package manager, test runner, lint tool, ORM
├── Finds your page/route list
├── Checks for cached results from previous runs
└── Shows summary table + cache status before proceeding
Phase 2-8: AUDIT
├── Skips phases with valid cached results (no relevant files changed)
├── Reruns phases where source files changed since last audit
├── Runs phases in parallel where possible for faster execution
├── Takes screenshots if Playwright is available (Visual QA)
├── Checks accessibility (semantic HTML, ARIA, keyboard nav, contrast)
└── Collects all findings with severity levels
Phase 9: REPORT
├── Merges fresh and cached results into a unified report
├── Labels each phase as Fresh or Cached with date
├── Verdict: READY / NEEDS FIXES / BLOCKED
└── Prioritized next steps
Phase 10: SAVE
└── Caches all results for future incremental reruns
Smart Caching (Incremental Reruns)
When you fix issues and rerun the audit, the plugin automatically skips phases where nothing changed — saving time without compromising quality.
Git-Based Change Detection
After each run, results are cached in .production-readiness/cache.json. On the next run, the plugin uses git diff to detect which files changed and only reruns the phases affected by those changes. Dependency vulnerability checks (npm audit) always run fresh regardless of cache, since new CVEs are external.
Flags
# Rerun only phases affected by your changes (default behavior)
/production-readiness
# Force a complete fresh audit (ignore cache)
/production-readiness --fresh
# View the last audit report without running anything
/production-readiness --cached
Cache Status Table
On a cached rerun, Phase 1 shows which phases will rerun and which are cached:
Meghshyams