Deep-scans entire codebase line-by-line to detect architecture, security, performance, quality, testing, and production issues, then transforms to enterprise-grade code with fixes.
From antigravity-awesome-skillsnpx claudepluginhub sickn33/antigravity-awesome-skills --plugin antigravity-awesome-skillsThis skill uses the workspace's default tool permissions.
Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.
Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
Autonomously analyze the entire codebase to understand its architecture, patterns, and purpose, then systematically transform it into production-grade, corporate-level professional code. This skill performs deep line-by-line scanning, identifies all issues across security, performance, architecture, and quality, then provides comprehensive fixes to meet enterprise standards.
Automatically scan and understand the entire codebase:
Do this automatically without asking the user.
Scan line-by-line for all issues:
Architecture Issues:
Security Vulnerabilities:
Performance Problems:
Code Quality Issues:
Testing Gaps:
Production Readiness:
Fix everything automatically:
After making all changes:
User: @production-code-audit make this production-ready
AI: I'll scan your entire codebase and transform it to production-grade quality.
**Phase 1: Discovering Codebase** (analyzing 247 files)
- Detected: Node.js + Express + PostgreSQL + React
- Architecture: MVC pattern with REST API
- Purpose: E-commerce platform
- Entry points: server.js, src/index.tsx
**Phase 2: Scanning for Issues** (line-by-line analysis)
Found 127 issues:
- š“ CRITICAL: 8 issues
- š HIGH: 23 issues
- š” MEDIUM: 41 issues
- šµ LOW: 55 issues
**Phase 3: Fixing Issues Automatically**
š“ CRITICAL FIXES (8/8 completed):
1. ā
Fixed SQL injection in UserRepository.findByEmail()
- Before: String concatenation in query
- After: Parameterized query with $1 placeholder
2. ā
Removed hardcoded database password from config/database.ts
- Before: password: 'SuperSecret123!'
- After: password: process.env.DB_PASSWORD
3. ā
Added authentication to admin routes
- Before: No auth middleware
- After: authenticateToken + requireRole('admin')
4. ā
Fixed weak password hashing (MD5 ā bcrypt)
- Before: crypto.createHash('md5')
- After: bcrypt.hash(password, 12)
5. ā
Fixed circular dependency: OrderService ā PaymentService
- Before: Direct imports causing cycle
- After: Event-based decoupling with EventBus
6. ā
Added input validation to all API endpoints
- Before: No validation
- After: Zod schemas validating all inputs
7. ā
Fixed authentication bypass in auth middleware
- Before: next() called on missing token
- After: Returns 401 error
8. ā
Fixed mass assignment vulnerability in UserController
- Before: Accepts all fields from req.body
- After: Whitelist of allowed fields only
š HIGH PRIORITY FIXES (23/23 completed):
9. ā
Fixed N+1 query in OrderService.getOrdersWithItems()
- Before: Loop with individual queries (2.8s)
- After: Single query with joins (45ms)
- Performance: 98% improvement
10. ā
Refactored UserService god class (850 lines ā 4 focused services)
- UserAuthenticationService (login, logout, password)
- UserProfileService (CRUD operations)
- UserNotificationService (email, SMS)
- UserPermissionService (roles, permissions)
11. ā
Added Redis caching for product queries
- Before: Database query every request
- After: Cache with 1-hour TTL
- Performance: 95% faster
12. ā
Optimized bundle size
- Before: 850KB (gzipped: 280KB)
- After: 380KB (gzipped: 120KB)
- Improvement: 55% reduction
13. ā
Added database indexes
- orders(user_id, status, created_at)
- products(category, price)
- Query performance: 98% improvement
[... 11 more high-priority fixes ...]
š” MEDIUM PRIORITY FIXES (41/41 completed):
[... all medium fixes ...]
šµ LOW PRIORITY IMPROVEMENTS (55/55 completed):
[... all low improvements ...]
**Phase 4: Adding Production Infrastructure**
ā
Added structured logging (Winston)
ā
Added error tracking (Sentry)
ā
Added health check endpoints (/health, /ready)
ā
Added monitoring (Prometheus metrics)
ā
Added rate limiting (Redis-based)
ā
Added API documentation (Swagger/OpenAPI)
ā
Added comprehensive README
ā
Added deployment guide
ā
Added CI/CD pipeline (.github/workflows)
**Phase 5: Verification**
ā
All tests passing (1,247 tests)
ā
Test coverage: 42% ā 87%
ā
Security scan: 0 vulnerabilities
ā
Performance: API response time 3.2s ā 180ms
ā
Bundle size: 850KB ā 380KB
ā
Lighthouse score: 62 ā 94
**TRANSFORMATION COMPLETE**
Your codebase is now production-ready with enterprise-grade quality:
š Metrics:
- Issues fixed: 127/127 (100%)
- Test coverage: 87% (target: 80%+)
- API performance: 94% improvement
- Security: OWASP Top 10 compliant
- Code quality: Grade A-
š Files changed: 89 files
š Lines changed: +3,247 / -1,892
š Ready for production deployment!
User: @production-code-audit secure this codebase
AI: Scanning for security vulnerabilities...
**Security Scan Complete**
Found 15 security issues:
- š“ CRITICAL: 5
- š HIGH: 7
- š” MEDIUM: 3
**Fixing all security issues automatically...**
š“ CRITICAL (5/5 fixed):
1. ā
SQL Injection in UserRepository
\`\`\`typescript
// Before (VULNERABLE)
const query = \`SELECT * FROM users WHERE email = '\${email}'\`;
// After (SECURE)
const query = 'SELECT * FROM users WHERE email = $1';
await db.query(query, [email]);
\`\`\`
2. ā
Hardcoded Secrets Removed
\`\`\`typescript
// Before (INSECURE)
const JWT_SECRET = 'my-secret-key-123';
// After (SECURE)
const JWT_SECRET = process.env.JWT_SECRET;
if (!JWT_SECRET) throw new Error('JWT_SECRET required');
\`\`\`
3. ā
Authentication Added to Admin Routes
\`\`\`typescript
// Before (VULNERABLE)
router.delete('/api/admin/users/:id', deleteUser);
// After (SECURE)
router.delete('/api/admin/users/:id',
authenticateToken,
requireRole('admin'),
deleteUser
);
\`\`\`
4. ā
Password Hashing Upgraded
\`\`\`typescript
// Before (WEAK)
const hash = crypto.createHash('md5').update(password).digest('hex');
// After (STRONG)
const hash = await bcrypt.hash(password, 12);
\`\`\`
5. ā
Input Validation Added
\`\`\`typescript
// Before (VULNERABLE)
const user = await db.user.create({ data: req.body });
// After (SECURE)
const schema = z.object({
email: z.string().email(),
password: z.string().min(12),
name: z.string().min(2).max(100)
});
const validated = schema.parse(req.body);
const user = await db.user.create({ data: validated });
\`\`\`
**Security Status:**
- ā
OWASP Top 10: Compliant
- ā
SQL Injection: Protected
- ā
XSS: Protected
- ā
CSRF: Protected
- ā
Authentication: Secure
- ā
Secrets: Environment variables
- ā
Dependencies: No vulnerabilities
š Codebase is now secure and production-ready!
User: @production-code-audit optimize performance
AI: Analyzing performance bottlenecks...
**Performance Analysis Complete**
Current metrics:
- API response time: 3.2s (target: <200ms)
- Page load time: 8.5s (target: <2s)
- Bundle size: 850KB (target: <200KB)
**Optimizing automatically...**
ā
Fixed N+1 queries (3.2s ā 180ms - 94% faster)
ā
Added Redis caching (95% cache hit rate)
ā
Optimized database indexes (98% faster queries)
ā
Reduced bundle size (850KB ā 380KB - 55% smaller)
ā
Optimized images (28MB ā 3.2MB - 89% smaller)
ā
Implemented code splitting
ā
Added lazy loading
ā
Parallelized async operations
**Performance Results:**
| Metric | Before | After | Improvement |
|--------|--------|-------|-------------|
| API Response | 3.2s | 180ms | 94% |
| Page Load | 8.5s | 1.8s | 79% |
| Bundle Size | 850KB | 380KB | 55% |
| Image Size | 28MB | 3.2MB | 89% |
| Lighthouse | 42 | 94 | +52 points |
š Performance optimized to production standards!
When this skill is invoked, automatically:
Discover the codebase:
listDirectory to find all files recursivelyreadFile to read every source fileScan line-by-line for issues:
Fix everything automatically:
strReplace to fix issues in filesVerify and report:
Do all of this without asking the user for input.
Symptoms: Team paralyzed by 200+ issues Solution: Focus on critical/high priority only, create sprints
Symptoms: Flagging non-issues Solution: Understand context, verify manually, ask developers
Symptoms: Audit report ignored Solution: Create GitHub issues, assign owners, track in standups
# Production Audit Report
**Project:** [Name]
**Date:** [Date]
**Overall Grade:** [A-F]
## Executive Summary
[2-3 sentences on overall status]
**Critical Issues:** [count]
**High Priority:** [count]
**Recommendation:** [Fix timeline]
## Findings by Category
### Architecture (Grade: [A-F])
- Issue 1: [Description]
- Issue 2: [Description]
### Security (Grade: [A-F])
- Issue 1: [Description + Fix]
- Issue 2: [Description + Fix]
### Performance (Grade: [A-F])
- Issue 1: [Description + Fix]
### Testing (Grade: [A-F])
- Coverage: [%]
- Issues: [List]
## Priority Actions
1. [Critical issue] - [Timeline]
2. [High priority] - [Timeline]
3. [High priority] - [Timeline]
## Timeline
- Critical fixes: [X weeks]
- High priority: [X weeks]
- Production ready: [X weeks]
@code-review-checklist - Code review guidelines@api-security-best-practices - API security patterns@web-performance-optimization - Performance optimization@systematic-debugging - Debug production issues@senior-architect - Architecture patternsPro Tip: Schedule regular audits (quarterly) to maintain code quality. Prevention is cheaper than fixing production bugs!