This is the pre-launch checklist you run before shipping, rewritten to stay local instead of piping your repo to a third-party scanner. It walks auth boundaries, payment webhooks, migrations, rollback paths, and the deployment surface, then gives you a scored readiness report with concrete blockers. The scoring bands force prioritization: blocked, risky, launchable with caveats, or strong. It caps your score at 69 if secrets are exposed or webhooks aren't idempotent, and at 84 if CI is red or you skipped end-to-end tests. Use it when CI is green but you want to know what breaks in prod, not just what passes in test. It won't replace a compliance audit, but it catches the operational gaps that only surface at 2am.
npx skills add https://github.com/affaan-m/everything-claude-code --skill production-audit