Audit and harden software projects to commercial release standard.
A Agent Skills skill that transforms prototype-grade codebases into production-ready products. Combines an automated scanner with a structured 4-phase execution protocol, progressive reference docs, and CI-ready JSON output.
- Automated scanner — Detects TODOs, debug statements, secrets, placeholder text, empty catches, test focus directives, commented-out code, and oversized files
- Four operating modes — Quick scan, audit-only, full protocol, execute-only (decision rules)
- 10 quality gates — From design system to release artifacts, with skippability guide per project type
- Tech stack auto-detection — Stack-specific tool chains in stack audit guides
- CI integration — JSON output, severity thresholds, exit codes; GitHub Actions example
.release-audit-ignore— Whitelist known-acceptable findings (example)- Deploy checklist — Pre/post-deploy verification (deploy-checklist.md)
- Output templates — Consistent audit reports and sign-off (audit-templates.md)
git clone https://github.com/ohms/sendit.git ~/.cursor/skills/sendit
# or
git clone https://github.com/ohms/sendit.git ~/.pi/agent/skills/senditpython scripts/release_audit_scanner.py <project-root>Trigger with phrases like:
- "ship it" / "make this production-ready"
- "release audit" / "quick scan"
- "harden this" / "pre-deploy check"
- "audit only" / "fix the audit findings"
| Mode | Trigger | Behavior |
|---|---|---|
| Quick scan | "quick scan", "fast audit" | Scanner only, P0/P1 summary |
| Audit only | "audit only", "don't fix yet" | Full audit report, no execution |
| Full protocol | "ship it", "harden this" | Audit → approval → execute → verify |
| Execute only | "fix the findings" | Execute on existing audit |
sendit/
├── SKILL.md # Core protocol (load on trigger)
├── scripts/
│ └── release_audit_scanner.py # Python audit scanner
├── references/
│ ├── decision-rules.md # Mode selection, scope, evidence rules
│ ├── audit-templates.md # Report, status, sign-off templates
│ ├── stack-audit-guides.md # Per-stack tool commands
│ ├── deploy-checklist.md # Pre/post-deploy verification
│ ├── quality-gates.md # 10 mandatory quality gates
│ └── execution-protocol.md # Step-by-step execution guide
└── assets/
├── .release-audit-ignore.example # Whitelist pattern examples
└── github-actions-release-audit.yml.example
# Full scan
python scripts/release_audit_scanner.py ./my-project
# CI mode — skip slow checks
python scripts/release_audit_scanner.py ./my-project --quick --format json
# Only show blockers
python scripts/release_audit_scanner.py ./my-project --severity-threshold P0
# Exclude generated files
python scripts/release_audit_scanner.py ./my-project --exclude 'vendor/**,*.generated.*'
# Ignore whitelist file
python scripts/release_audit_scanner.py ./my-project --no-audit-ignoreExit code 1 when P0 blockers are found — suitable for CI gates.
SKILL.md stays focused on the core workflow. Detailed content loads on demand:
- Choosing a mode →
references/decision-rules.md - Formatting output →
references/audit-templates.md - Stack-specific tools →
references/stack-audit-guides.md - Execution details →
references/execution-protocol.md - Quality criteria →
references/quality-gates.md - Deploying →
references/deploy-checklist.md
MIT