pre-deploy-checklist
Pre-Deploy Checklist
Generates a thorough, measurable QA checklist tailored to your actual project — not a generic template.
Two-phase flow:
- Understand the project → confirm with user
- Deep parallel domain analysis → produce docs/pre-deploy-checklist.md
Phase 1: Project Discovery
Goal: Know what the project is before generating any checklist.
Step 1.1 — Map the project structure
Use Glob and Bash to explore — exclude build artifacts:
# Exclude these patterns: node_modules/, target/, dist/, build/, .next/, out/,
# __pycache__/, .git/, vendor/, coverage/, .turbo/, .cache/
find . -maxdepth 3 -not \( -path '*/node_modules/*' -o -path '*/target/*' \
-o -path '*/dist/*' -o -path '*/.git/*' -o -path '*/__pycache__/*' \
-o -path '*/build/*' -o -path '*/.next/*' \) -type f | head -80
Then read in this priority order:
README.mdorREADME.rst→ read fully- If no README → read:
package.json/Cargo.toml/pyproject.toml/go.mod - Read 2-3 entry point files (e.g.,
src/main.rs,src/app.tsx,server.ts,main.py) - Scan for:
docker-compose.yml,.env.example,Makefile, CI configs (.github/workflows/)
Step 1.2 — Confirm understanding with user
After reading, STOP and present this confirmation block:
## Pemahaman Saya tentang Project Ini
**Tipe project:** [Web App / REST API / CLI / Mobile Backend / Library / Monorepo]
**Stack utama:** [e.g., Next.js 14 + TypeScript + PostgreSQL + Prisma]
**Fitur utama:**
- [fitur 1]
- [fitur 2]
- [fitur 3]
**Domain yang akan saya analisis:**
- [ ] Frontend (ada UI)
- [ ] Backend/API (ada server logic)
- [ ] Database (ada schema/migrations)
- [ ] Authentication (ada auth flow)
- [ ] Infrastructure (ada Docker/CI/cloud config)
- [ ] Security (selalu dianalisis)
- [ ] Performance (selalu dianalisis)
**Yang belum jelas:** [sebutkan jika ada, atau "Semua sudah cukup jelas"]
Apakah pemahaman ini sudah benar? Ada yang perlu dikoreksi atau perlu investigasi lebih lanjut?
⚠️ WAIT for user approval before proceeding to Phase 2. If user asks to investigate more, do additional reads before re-confirming.
Phase 2: Parallel Domain Analysis
Only run after user explicitly approves the understanding.
Step 2.1 — Spawn parallel subagents
Use Task tool with subagent_type: Explore for each relevant domain simultaneously.
All subagents run in parallel (not sequential).
Load prompts from: references/domain-prompts.md
Typical domains for common project types:
| Project Type | Spawn these subagents |
|---|---|
| Full-stack web | frontend, backend, database, security, performance |
| API-only | backend, database, security, performance |
| Frontend-only | frontend, state-management (if applicable), security, performance |
| CLI tool | backend, security, performance |
| Mobile app | frontend (mobile), backend, database, security |
Step 2.2 — Collect and merge reports
Wait for ALL subagents to return. Each report has:
- What the domain code does
- What it's for (business purpose)
- What MUST be tested before deploy (with reasoning)
- Red flags found during analysis
Phase 3: Generate the Checklist
Step 3.1 — Create docs/ if needed
mkdir -p docs/
Step 3.2 — Write docs/pre-deploy-checklist.md
Use the template in references/checklist-template.md.
Checklist quality standards (must meet ALL):
| Standard | Example of BAD | Example of GOOD |
|---|---|---|
| Measurable | "test login" | "Login with valid email → redirected to /dashboard in <2s" |
| Actionable | "check performance" | "Run 100 concurrent users → p95 response time <500ms" |
| Specific | "test error handling" | "Submit form with missing email field → error message shows below input" |
| Prioritized | all items same weight | 🔴 Critical / 🟡 Important / 🟢 Nice-to-have |
| Project-specific | generic items | Only items relevant to this actual stack |
Item severity guide:
- 🔴 Critical — If broken, deploy is BLOCKED (auth failure, data corruption, crashes)
- 🟡 Important — Affects significant UX/functionality (slow pages, visual bugs on main flows)
- 🟢 Nice-to-have — Polish and future improvements (minor edge cases, optimization opportunities)
For complete checklist categories by domain: references/checklist-categories.md
Output
Final file: docs/pre-deploy-checklist.md (inside the user's project, not this skill)
The file should contain:
- Project metadata (name, date, stack, domains analyzed)
- Usage instructions (how to use the checklist)
- Categorized items by domain with 🔴/🟡/🟢 priority
- Sign-off section at the bottom
Target: 30-80 checklist items (varies by project complexity). Too few = not thorough enough. Too many = not actionable.
More from rfxlamia/claude-skillkit
creative-copywriting
>
77screenwriter
>
76skillkit
>
64framework-critical-thinking
Architectural framework for building AI agents with critical thinking capabilities - structured reasoning selection (CoT/ToT/GoT), metacognitive monitoring, self-verification, and cognitive bias detection. Use when building or enhancing AI agents that require reliable, self-correcting, and transparent reasoning.
24social-media-seo
>
19red-teaming
Comprehensive red teaming methodology for both cybersecurity and AI/LLM systems. Use when conducting adversary emulation, vulnerability assessment, attack simulation, or security validation. Trigger on requests for penetration testing, threat modeling, security audits, MITRE ATT&CK operations, LLM safety testing, prompt injection attacks, or compliance validation (OWASP, NIST, TIBER, DORA, EU AI Act). Apply when users ask to "test like an attacker", "red team our system", "validate security posture", "assess LLM vulnerabilities", or "simulate cyber attacks". Includes planning frameworks, execution strategies, reporting templates, and progressive references to specialized attack techniques and tools.
17