Plugin

pre-deploy-checklist

Name: pre-deploy-checklist
Author: maguire-murphy

Pre-deployment security and reliability checks for Supabase + Vercel + Next.js apps — 12 parallel subagent audits with auto-fix

npx claudepluginhub maguire-murphy/pre-deploy-checklist --plugin pre-deploy-checklist

Component Overview

Commands

Agents

Skills

Hooks

MCP Servers

Component Details

Commands (17)

Check Alerts

/check-alerts

Run the `check-alerts` agent to check for error monitoring and alerting integration. Report the results directly — do not run any other checks.

Check Auth Config

/check-auth-config

Run the `check-auth-config` agent to review Supabase auth configuration for security best practices. Report the results directly — do not run any other checks.

Check Cors

/check-cors

Run the `check-cors` agent to scan for CORS misconfigurations across the codebase. Report the results directly — do not run any other checks.

Check Dependencies

/check-dependencies

Run the `check-dependencies` agent to audit npm dependencies for known vulnerabilities and outdated core packages. Report the results directly — do not run any other checks.

Check Env

/check-env

Run the `check-env` agent to check environment variable security — git tracking, .gitignore, .env.example, and hardcoded secrets. Report the results directly — do not run any other checks.

Check Error Handling

/check-error-handling

Run the `check-error-handling` agent to audit error boundaries, loading states, and Supabase error handling. Report the results directly — do not run any other checks.

Check Indexes

/check-indexes

Run the `check-indexes` agent to audit database index coverage against actual query patterns. Report the results directly — do not run any other checks.

Check Logging

/check-logging

Run the `check-logging` agent to audit logging standards and check for sensitive data or PII in logs. Report the results directly — do not run any other checks.

Check Rate Limiting

/check-rate-limiting

Run the `check-rate-limiting` agent to check API routes for rate limiting coverage. Report the results directly — do not run any other checks.

Check Rls

/check-rls

Run the `check-rls` agent to audit Row-Level Security policies on all Supabase tables. Report the results directly — do not run any other checks.

Check Rollback

/check-rollback

Run the `check-rollback` agent to verify rollback readiness for Vercel deployments and Supabase migrations. Report the results directly — do not run any other checks.

Check Validation

/check-validation

Run the `check-validation` agent to scan API routes and server actions for missing input validation. Report the results directly — do not run any other checks.

Fix Codebase

/fix-codebase

Run the `fix-codebase` agent. Since this is a standalone run (not from /pre-deploy), the agent will do its own quick assessment of the codebase first (validation, CORS, error handling, logging, rate limiting), then generate fixes for what it finds. All fixes require user approval before applying.

Fix Database

/fix-database

Run the `fix-database` agent. Since this is a standalone run (not from /pre-deploy), the agent will do its own quick assessment of database security (RLS, indexes, auth config) first, then generate fixes for what it finds. All fixes require user approval before applying.

Fix Infra

/fix-infra

Run the `fix-infra` agent. Since this is a standalone run (not from /pre-deploy), the agent will do its own quick assessment of infrastructure readiness first (auth config, monitoring, rollback, env docs), then generate fixes for what it finds. All fixes require user approval before applying.

Phase 1 — Audit

/pre-deploy

Run the pre-deployment checklist by spawning subagents for each check. This keeps the main context clean.

Security Review

/security-review

Run the `security-reviewer` agent to do a comprehensive security review covering OWASP top risks for Supabase + Vercel apps. This is a deep review — it covers access control, input validation, secrets, network security, and auth config. Report the results directly.

Agents (16)

check-alerts

/check-alerts

Check for error monitoring and alerting integration

check-auth-config

/check-auth-config

Review Supabase auth configuration for security best practices

check-cors

/check-cors

Scan for CORS misconfigurations across the codebase

check-dependencies

/check-dependencies

Audit npm dependencies for known vulnerabilities and outdated core packages

check-env

/check-env

Check environment variable security — git tracking, .gitignore, .env.example, hardcoded secrets

check-error-handling

/check-error-handling

Audit error boundaries, loading states, and Supabase error handling

check-indexes

/check-indexes

Audit database index coverage against actual query patterns

check-logging

/check-logging

Audit logging standards and check for sensitive data in logs

check-rate-limiting

/check-rate-limiting

Check API routes for rate limiting coverage

check-rls

/check-rls

Audit Row-Level Security policies on all Supabase tables

check-rollback

/check-rollback

Verify rollback readiness for Vercel deployments and Supabase migrations

check-validation

/check-validation

Scan API routes and server actions for missing input validation

fix-codebase

/fix-codebase

Apply codebase fixes — Zod validation, CORS config, error boundaries, logging, rate limiting

fix-database

/fix-database

Generate and apply database fixes — RLS policies, indexes, auth config updates

fix-infra

/fix-infra

Apply infrastructure fixes — auth config, monitoring setup, migration templates, env documentation

security-reviewer

/security-reviewer

Run a comprehensive security review before deployment — covers OWASP top risks for Supabase + Vercel apps

Skills (4)

error-handling

/error-handling

Enforce error handling patterns in React components and API routes

logging

/logging

Enforce structured logging standards in server-side code

security

/security

Enforce security patterns across the codebase

input-validation

/validation

Enforce input validation patterns when writing API routes or server actions

Hooks (1)

Review workflow modifications before installing

Event Hooks

Bash

File writes

5 hooks across 2 events

MCP Servers (1)

Connects to external services

supabase

External

README

Pre-Deployment Checklist when Building with Claude Code

Security and reliability checks for Supabase + Vercel + Next.js apps that are powered by Claude Code subagents.

A lot of new people are attempting to build and ship with Claude Code, it is now quick and easy to build something worth using but if you don't secure your applications you are putting yourself at risk. I wanted to share the best way to secure the stack that I use the most.

So I built this. It's a pre-deployment plug-in that runs entirely inside Claude Code, using subagents to audit your app in parallel without eating your main session's context window. It checks twelve things every app should have locked down before launch, and it can auto-fix most of what it finds.

It's built for the stack that most builders are shipping with right now: Supabase + Vercel + Next.js. That's intentional — the Supabase MCP integration lets the agents query your database schema, check RLS policies, review auth configuration, and generate fix SQL directly, all from the terminal.

/pre-deploy

That's it. Twelve checks run in parallel, each in its own context window, and you get back a single pass/fail report with a SHIP IT or DO NOT SHIP verdict. If issues are found, it offers to generate and apply fixes with your approval.

Why I Built This

I'm building and shipping apps fast, and so is everyone around me. The gap isn't in features — it's in the boring stuff that sits between "it works" and "it's ready for real users." Things like:

Does every table have Row-Level Security?
Are your API routes validating input?
Is your CORS config open to the entire internet?
Do your error pages show raw stack traces?
Are your most common queries indexed?
Can you actually roll back if a deploy goes bad?

If you don't understand what to do these checks take 30-60 minutes to do manually across a codebase. Most people skip them. This automates the whole process in under two minutes using Claude Code's subagent architecture. Now, every check runs in isolation, uses only the tools it needs, and returns a short summary. Your main session stays clean.

Setup

Prerequisites

Claude Code installed (npm install -g @anthropic-ai/claude-code)
Supabase MCP connected to a dev project (never production)
Vercel CLI installed and authenticated

Install

From inside Claude Code:

/plugin marketplace add maguire-murphy/pre-deploy-checklist
/plugin install pre-deploy-checklist@pre-deploy-checklist

Then connect Supabase MCP to your dev project (never production):

claude mcp add supabase --url "https://mcp.supabase.com/mcp?project_ref=YOUR_PROJECT_REF"

Replace YOUR_PROJECT_REF with your project ID from Supabase dashboard → Project Settings → General.

Save Tokens (Recommended)

Route subagents to Sonnet instead of Opus. Add to your shell profile to persist:

# macOS / Linux — add to .zshrc or .bashrc
export CLAUDE_CODE_SUBAGENT_MODEL="claude-sonnet-4-6"

View full README on GitHub

Similar Plugins

supabase-pack

1.9k

Claude Code skill pack for Supabase (30 skills)

v1.0.0

Stats

Version1.0.0

Stars0

MaintenanceGood

AddedApr 6, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Available In

pre-deploy-checklist

Safety Signals

Caution

Executes bash commands

Hook triggers when Bash tool is used

Modifies files

Hook triggers on file write and edit operations

External network access

Connects to servers outside your machine

Help us improve

Share bugs, ideas, or general feedback.

Back to Plugins

Pre-Deployment Checklist when Building with Claude Code

Security and reliability checks for Supabase + Vercel + Next.js apps that are powered by Claude Code subagents.

/pre-deploy

Why I Built This

I'm building and shipping apps fast, and so is everyone around me. The gap isn't in features — it's in the boring stuff that sits between "it works" and "it's ready for real users." Things like:

Does every table have Row-Level Security?
Are your API routes validating input?
Is your CORS config open to the entire internet?
Do your error pages show raw stack traces?
Are your most common queries indexed?
Can you actually roll back if a deploy goes bad?

Setup

Prerequisites

Claude Code installed (npm install -g @anthropic-ai/claude-code)
Supabase MCP connected to a dev project (never production)
Vercel CLI installed and authenticated

Install

From inside Claude Code:

/plugin marketplace add maguire-murphy/pre-deploy-checklist
/plugin install pre-deploy-checklist@pre-deploy-checklist

Then connect Supabase MCP to your dev project (never production):

claude mcp add supabase --url "https://mcp.supabase.com/mcp?project_ref=YOUR_PROJECT_REF"

Replace YOUR_PROJECT_REF with your project ID from Supabase dashboard → Project Settings → General.

Save Tokens (Recommended)

Route subagents to Sonnet instead of Opus. Add to your shell profile to persist:

# macOS / Linux — add to .zshrc or .bashrc
export CLAUDE_CODE_SUBAGENT_MODEL="claude-sonnet-4-6"

pre-deploy-checklist

Component Overview

Component Details

Commands (17)

Agents (16)

Skills (4)

Hooks (1)

MCP Servers (1)

README

Pre-Deployment Checklist when Building with Claude Code

Security and reliability checks for Supabase + Vercel + Next.js apps that are powered by Claude Code subagents.

Why I Built This

Setup

Prerequisites

Install

Save Tokens (Recommended)

Similar Plugins

supabase-pack

Help us improve

Help us improve

pre-deploy-checklist

Component Overview

Component Details

Commands (17)

Agents (16)

Skills (4)

Hooks (1)

MCP Servers (1)

README

Pre-Deployment Checklist when Building with Claude Code

Security and reliability checks for Supabase + Vercel + Next.js apps that are powered by Claude Code subagents.

Why I Built This

Setup

Prerequisites

Install

Save Tokens (Recommended)

Similar Plugins

supabase-pack

Help us improve

supabase-tools

database-performance-optimizer

supabase

everything-claude-code

episodic-memory

Help us improve