Stats
Actions
Available In
Tags
Pre-Deployment Checklist when Building with Claude Code
Security and reliability checks for Supabase + Vercel + Next.js apps that are powered by Claude Code subagents.
A lot of new people are attempting to build and ship with Claude Code, it is now quick and easy to build something worth using but if you don't secure your applications you are putting yourself at risk. I wanted to share the best way to secure the stack that I use the most.
So I built this. It's a pre-deployment plug-in that runs entirely inside Claude Code, using subagents to audit your app in parallel without eating your main session's context window. It checks twelve things every app should have locked down before launch, and it can auto-fix most of what it finds.
It's built for the stack that most builders are shipping with right now: Supabase + Vercel + Next.js. That's intentional — the Supabase MCP integration lets the agents query your database schema, check RLS policies, review auth configuration, and generate fix SQL directly, all from the terminal.
/pre-deploy
That's it. Twelve checks run in parallel, each in its own context window, and you get back a single pass/fail report with a SHIP IT or DO NOT SHIP verdict. If issues are found, it offers to generate and apply fixes with your approval.
Why I Built This
I'm building and shipping apps fast, and so is everyone around me. The gap isn't in features — it's in the boring stuff that sits between "it works" and "it's ready for real users." Things like:
- Does every table have Row-Level Security?
- Are your API routes validating input?
- Is your CORS config open to the entire internet?
- Do your error pages show raw stack traces?
- Are your most common queries indexed?
- Can you actually roll back if a deploy goes bad?
If you don't understand what to do these checks take 30-60 minutes to do manually across a codebase. Most people skip them. This automates the whole process in under two minutes using Claude Code's subagent architecture. Now, every check runs in isolation, uses only the tools it needs, and returns a short summary. Your main session stays clean.
Setup
Prerequisites
- Claude Code installed (
npm install -g @anthropic-ai/claude-code) - Supabase MCP connected to a dev project (never production)
- Vercel CLI installed and authenticated
Install
From inside Claude Code:
/plugin marketplace add maguire-murphy/pre-deploy-checklist
/plugin install pre-deploy-checklist@pre-deploy-checklist
Then connect Supabase MCP to your dev project (never production):
claude mcp add supabase --url "https://mcp.supabase.com/mcp?project_ref=YOUR_PROJECT_REF"
Replace YOUR_PROJECT_REF with your project ID from Supabase dashboard → Project Settings → General.
Save Tokens (Recommended)
Route subagents to Sonnet instead of Opus. Add to your shell profile to persist:
# macOS / Linux — add to .zshrc or .bashrc
export CLAUDE_CODE_SUBAGENT_MODEL="claude-sonnet-4-6"
