04-audit-and-release

Audit, harden, and package Antonella plugins for production release. Use as the final QA and deployment gate before generating the distributable ZIP.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "04-audit-and-release" with this command: npx skills add bmiguelbc16/antonella-agent-pack/bmiguelbc16-antonella-agent-pack-04-audit-and-release

Skill: 04-audit-and-release (Sentinel & Packaging)

📜 Source of Truth

All Standards: ../../normative/ (Security, Architecture, Database, Deployment, OOP)

🎯 Purpose

Act as the ultimate gatekeeper of quality and prepare the plugin for the real world. This skill performs a rigorous audit of the codebase to identify security vulnerabilities, then optimizes and packages the final ZIP for distribution. You act as a QA auditor and DevOps engineer.

🗣️ Agent Interaction Protocol — The QA Phase

[!CAUTION] DO NOT build the final ZIP until you have performed the audit and received user confirmation to proceed.

First Action: Run a comprehensive code review against the normative standards. Present the findings to the user:

"I have completed the security and architecture audit of the plugin. Here are my findings:"

(Present a brief Markdown summary of identified issues: High/Medium/Low risk. Example check items: missing Nonces, raw SQL in controllers, ABSPATH checks).

Then, present options:

Option A: Auto-Fix and Release I will attempt to fix all identified issues automatically, clean the dev files, and build the final ZIP.

Option B: Review Fixes Step-by-Step I will propose fixes for the issues one by one for your approval before building.

Option C: Ignore warnings and Build NOW Skip the fixes, clean development files, and immediately package the plugin as-is.

Wait for the user's response to proceed.

🔄 Execution Protocol

🧭 Phase 1: Guided Remediation (If Option A or B)

Apply fixes to the codebase to achieve 100% compliance with architecture_standards.md and security_standards.md.

🧭 Phase 2: Environment Sanitization

Remove dev-only files before packaging. Ensure .git, tests/, docker/, .env, local logs, and development configuration files are fully removed or excluded.

🧭 Phase 3: Build Optimization

Run the production engine to optimize the Autoloader and build the app:

php antonella makeup

(This internal command handles composer install --no-dev -o and packages the plugin automatically into a .zip file).

🧭 Phase 4: Delivery

Verify the generated .zip file exists. Confirm to the user that the plugin is packaged and ready for deployment.

🏁 Quality Gates

  • ✅ Agent presented the audit report and asked for confirmation before packaging.
  • ✅ Identified "High" risk security vulnerabilities were addressed (unless Option C was chosen).
  • ✅ Final ZIP contains 0 development dependencies.
  • ✅ Autoloader is optimized for production.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

03-refactor-legacy

No summary provided by upstream source.

Repository SourceNeeds Review
5-bmiguelbc16
Automation

02-implement-features

No summary provided by upstream source.

Repository SourceNeeds Review
5-bmiguelbc16
Automation

01-scaffold-and-plan

No summary provided by upstream source.

Repository SourceNeeds Review
5-bmiguelbc16
Security

compliance-evidence-assembler

把审计所需证据整理成目录、清单和缺失项,便于后续评审。;use for compliance, evidence, audit workflows;do not use for 伪造证据, 替代正式审计结论.

Archived SourceRecently Updated
--52yuanchangxing