preprod-checklisted

# Pre-Prod Readiness Check Audit a project for production readiness across 14 categories. Adapt to the detected stack. Produce a **severity-grouped** report with file:line refs, then propose patches for trivial fixes (security headers, cookie flags, env schema, etc.) for user approval. This skill assumes a TypeScript/Next.js web app by default but degrades gracefully — skip categories that don't apply to the detected stack (e.g., skip "billing & credit integrity" if there's no Stripe). ## How to use this skill Run the **workflow** in order. Each step has a purpose; don't skip the discovery phase or the checks become generic. The **check catalog** at the bottom is the source of truth for what to inspect — refer to it during step 2, but report findings using the severity rubric, not by catalog category. --- ## Workflow ### Step 1 — Stack detection (parallel reads) Read these in parallel, then write a one-paragraph stack summary before doing any checks: - `package.json` — frameworks, AI SDKs, payment SDKs, ORM, auth libs - `next.config.*` / `vite.config.*` / similar — framework config - `tsconfig.json` — strict mode, path aliases - `CLAUDE.md` and `AGENTS.md` (if present) — project conventions - `.env.example` (if present) — declared env surface - `src/lib/db/schema.*` or `prisma/schema.prisma` or `drizzle.config.*` — DB shape - `src/proxy.ts` / `src/middleware.ts` / `src/auth.*` — auth wiring - `src/app/api/**` or `pages/api/**` directory listing — API surface (use Gl