production-review
Production Review
A senior-engineer-level code review focused exclusively on production readiness. This skill systematically evaluates code against a battle-tested checklist covering security, error handling, logging, configuration, performance, and operational concerns. It produces a severity-classified report with actionable fixes.
This is not a style review. It does not care about naming conventions or line length. It cares about the things that page you at 3 AM.
Review Workflow
Follow these steps in order. Do not skip steps.
Step 1: Identify the Stack
Before reviewing, determine:
- Language and version (Python 3.11, Node 20, Go 1.22, Java 21)
- Framework (FastAPI, Django, Flask, Express, Fastify, Gin, Spring Boot)
- Database (PostgreSQL, MySQL, MongoDB, Redis)
- Infrastructure (Docker, Kubernetes, serverless, bare VM)
- Dependencies — scan
requirements.txt,pyproject.toml,package.json,go.mod, orpom.xml
More from vstorm-co/production-stack-skills
production
Main orchestrator for the production-stack-skills pack. Routes /production subcommands to specialized skills. Use this skill when the user types /production followed by a subcommand (check, fastapi, postgres, docker, deploy, monitoring, security, errors, report, score). Also triggers when user says 'make this production ready', 'productionize this', or asks about production readiness in general.
1production-check
Full production readiness audit with 0-100 score — scans the entire project across security, error handling, observability, deployment readiness, database patterns, and container hygiene. Launches parallel analysis, classifies findings by severity, and produces a prioritized action plan. Use this skill when user says /production check, /production score, asks 'is this production ready', 'audit this project', 'how production ready is this', or wants a comprehensive codebase health check.
1production-fastapi
Production-grade FastAPI patterns — structured logging, health checks, graceful shutdown, middleware, Pydantic v2, async patterns, error handling, and security hardening. Use this skill when the user is building or modifying a FastAPI application, working with Pydantic models, configuring Starlette middleware, setting up Uvicorn/Gunicorn, or asks about FastAPI best practices. Triggers when importing fastapi, starlette, pydantic, or uvicorn. Also trigger when user says /production fastapi. DO NOT trigger for Django or Flask unless explicitly asked.
1production-monitoring
Production observability — OpenTelemetry traces, structured logging, metrics, alerting, health endpoints, and SLO definition. Use this skill when the user mentions monitoring, observability, logging, metrics, traces, alerts, SLOs, or says /production monitoring. Triggers on observability discussions, OTEL setup, structured logging configuration, Prometheus/Grafana setup, or alerting rules.
1production-docker
Docker production hardening — multi-stage builds, non-root users, distroless images, BuildKit secrets, layer optimization, security scanning, and compose best practices. Use this skill when the user is creating or modifying Dockerfiles, docker-compose files, .dockerignore, or containerizing applications. Triggers on any Dockerfile, docker-compose.yml, .dockerignore, or when user mentions Docker, containers, or images. Also trigger when user says /production docker.
1production-postgres
PostgreSQL production patterns — safe migrations, indexing strategies, connection pooling, schema design, and query optimization. Use this skill when the user is working with PostgreSQL, writing database migrations (Alembic, Django migrations, raw SQL), designing database schemas, optimizing queries, setting up connection pooling (PgBouncer, asyncpg), or asks about database best practices. Triggers on SQL files, migration files, SQLAlchemy models, Django models, or Prisma schemas that target PostgreSQL.
1