{ "schemaVersion": "1.0", "item": { "slug": "production-readiness", "name": "Production Readiness", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/wpank/production-readiness", "canonicalUrl": "https://clawhub.ai/wpank/production-readiness", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/production-readiness", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=production-readiness", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/production-readiness" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/production-readiness", "agentPageUrl": "https://openagent3.xyz/skills/production-readiness/agent", "manifestUrl": "https://openagent3.xyz/skills/production-readiness/agent.json", "briefUrl": "https://openagent3.xyz/skills/production-readiness/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Production Readiness (Meta-Skill)", "body": "Coordinates all operational concerns into a single readiness review. Instead of duplicating domain expertise, this skill routes to specialized skills and agents for each area, then synthesizes results into a unified go/no-go assessment." }, { "title": "OpenClaw / Moltbot / Clawbot", "body": "npx clawhub@latest install production-readiness" }, { "title": "Purpose", "body": "Ensure a service is production-ready by systematically checking every operational concern — logging, error handling, performance, security, deployment, testing, and documentation — before traffic hits it.\n\nA production-ready service:\n\nFails gracefully under load and partial outages\nObserves itself with structured logs, metrics, and traces\nRecovers automatically from transient failures\nCommunicates health to orchestrators and operators\nDocuments operations so on-call engineers can respond without tribal knowledge" }, { "title": "When to Use", "body": "TriggerContextBefore first deployNew service going to production for the first timeBefore major releaseSignificant feature or architectural change shippingQuarterly production reviewScheduled audit of existing servicesAfter incidentPost-incident hardening to prevent recurrenceDependency upgradeMajor framework, runtime, or infrastructure changeTeam handoffTransferring ownership of a service to another team" }, { "title": "Orchestration Flow", "body": "Run each area sequentially or in parallel. Each step delegates to a specialized skill or agent — this skill does not re-implement their logic.\n\n┌─────────────────────────────────────────────────┐\n│ Production Readiness Review │\n├─────────────────────────────────────────────────┤\n│ │\n│ 1. Logging & Observability ──► logging-observability skill\n│ 2. Error Handling ───────────► error-handling-patterns skill\n│ 3. Performance ──────────────► performance-agent\n│ 4. Security ─────────────────► security-review meta-skill\n│ 5. Deployment ───────────────► deployment-agent + docker-expert skill\n│ 6. Testing ──────────────────► testing-workflow meta-skill\n│ 7. Documentation ────────────► /generate-docs command\n│ │\n│ ──► Synthesize results into go/no-go report │\n└─────────────────────────────────────────────────┘" }, { "title": "Step Details", "body": "Logging & Observability — Structured logging, log levels, correlation IDs, metrics endpoints, distributed tracing, alerting rules\nError Handling — Global error boundaries, retry policies, dead-letter queues, error classification, user-facing error messages\nPerformance — Load testing results, P95/P99 latency baselines, memory/CPU profiling, database query analysis, caching strategy\nSecurity — Auth/authz verification, input validation, dependency audit, secrets management, OWASP top-10 review\nDeployment — Container hardening, rollback strategy, blue-green/canary configuration, infrastructure-as-code review\nTesting — Unit/integration/e2e coverage, contract tests, chaos/failure injection, smoke tests in staging\nDocumentation — API docs, runbooks, architecture diagrams, on-call playbooks, ADRs for key decisions" }, { "title": "Skill Routing Table", "body": "ConcernSkill / AgentPathLogging & Observabilitylogging-observabilityai/skills/tools/logging-observability/SKILL.mdError Handlingerror-handling-patternsai/skills/backend/error-handling-patterns/SKILL.mdPerformanceperformance-agentai/agents/performance/Securitysecurity-reviewai/skills/meta/security-review/SKILL.mdDeployment (containers)docker-expertai/skills/devops/docker/SKILL.mdDeployment (pipelines)deployment-agentai/agents/deployment/Testingtesting-workflowai/skills/testing/testing-workflow/SKILL.mdRate Limitingrate-limiting-patternsai/skills/backend/rate-limiting-patterns/SKILL.mdDocumentation/generate-docsai/commands/documentation/\n\nRouting rule: Read the target skill first, follow its instructions, then return results here for synthesis." }, { "title": "Health & Lifecycle", "body": "Health check endpoint (/healthz or /health) returns dependency status\n Readiness probe distinguishes \"starting\" from \"ready to serve\"\n Liveness probe detects deadlocks and unrecoverable states\n Graceful shutdown drains in-flight requests before exit\n Startup probe allows for slow initialization without false restarts" }, { "title": "Resilience", "body": "Circuit breakers on all external service calls\n Retry with exponential backoff and jitter on transient failures\n Rate limiting configured per endpoint and per client\n Backpressure mechanisms prevent cascade failures under load\n Timeouts set on every outbound call (HTTP, DB, queue)\n Bulkhead isolation separates critical from non-critical paths" }, { "title": "Configuration & Secrets", "body": "All configuration externalized (env vars, config service, or feature flags)\n No secrets in code, images, or environment variable defaults\n Secrets loaded from a vault (e.g., AWS Secrets Manager, HashiCorp Vault)\n Configuration changes do not require redeployment\n Feature flags in place for high-risk changes" }, { "title": "Data Safety", "body": "Backup strategy defined and tested (RPO/RTO documented)\n Restore procedure verified in a non-production environment\n Database migrations are backward-compatible and reversible\n Data retention policies implemented and enforced" }, { "title": "Operational Readiness", "body": "Runbooks exist for top 5 most likely failure scenarios\n SLOs defined (availability, latency, error rate) with error budgets\n SLAs communicated to dependent teams or customers\n On-call rotation staffed and escalation path documented\n Dashboards show golden signals (latency, traffic, errors, saturation)\n Alerting rules configured with appropriate thresholds and severity" }, { "title": "Maturity Levels", "body": "LevelNameRequirementsL1MVPHealth check, basic logging, error handling, manual deploy, unit tests, READMEL2StableStructured logging, metrics, graceful shutdown, CI/CD pipeline, integration tests, runbooksL3ResilientDistributed tracing, circuit breakers, auto-scaling, chaos testing, SLOs, on-call rotationL4OptimizedAdaptive rate limiting, predictive alerting, canary deploys, full observability, error budgets, postmortem culture" }, { "title": "Progression Guidance", "body": "L1 → L2: Add structured logging, metrics endpoint, and a CI/CD pipeline. Write runbooks for known failure modes.\nL2 → L3: Instrument distributed tracing. Add circuit breakers to external calls. Define SLOs and set up on-call.\nL3 → L4: Implement canary deployments. Adopt error budgets. Run regular game days. Build predictive alerting." }, { "title": "On-Call Rotation", "body": "Minimum two engineers per rotation (primary + secondary)\nHandoff includes review of recent deploys, open issues, and known risks\nEscalation targets defined: primary → secondary → engineering lead → VP Eng" }, { "title": "Escalation Matrix", "body": "SeverityResponse TimeEscalation AfterStakeholder NotificationSEV-1 (outage)15 min30 minImmediate — exec + customersSEV-2 (degraded)30 min1 hourWithin 1 hour — eng leadSEV-3 (minor)4 hoursNext business dayDaily standupSEV-4 (cosmetic)Next sprintN/ABacklog" }, { "title": "Postmortem Template", "body": "## Incident: [Title]\n**Date:** YYYY-MM-DD | **Duration:** X hours | **Severity:** SEV-N\n\n### Summary\nOne-paragraph description of what happened and impact.\n\n### Timeline\n- HH:MM — First alert fired\n- HH:MM — Engineer paged, investigation started\n- HH:MM — Root cause identified\n- HH:MM — Mitigation applied\n- HH:MM — Full resolution confirmed\n\n### Root Cause\nWhat broke and why. Link to code/config change if applicable.\n\n### Impact\n- Users affected: N\n- Revenue impact: $X (if applicable)\n- SLO budget consumed: X%\n\n### Action Items\n| Action | Owner | Due Date | Status |\n|--------|-------|----------|--------|\n| Fix X | @eng | YYYY-MM-DD | Open |\n\n### Lessons Learned\n- What went well\n- What went poorly\n- Where we got lucky" }, { "title": "NEVER Do", "body": "NEVER skip health checks — every service must expose health endpoints; no exceptions for \"simple\" services\nNEVER store secrets in code or container images — use a secrets manager; never default env vars with real values\nNEVER deploy without a rollback plan — if you cannot roll back in under 5 minutes, you are not ready to deploy\nNEVER ignore error budget violations — when the error budget is exhausted, freeze feature work and fix reliability\nNEVER treat logging as optional — a service without structured logging is a service you cannot debug at 3 AM\nNEVER go to production without runbooks — if on-call cannot resolve the top 5 failure modes without the original author, the service is not production-ready" } ], "body": "Production Readiness (Meta-Skill)\n\nCoordinates all operational concerns into a single readiness review. Instead of duplicating domain expertise, this skill routes to specialized skills and agents for each area, then synthesizes results into a unified go/no-go assessment.\n\nInstallation\nOpenClaw / Moltbot / Clawbot\nnpx clawhub@latest install production-readiness\n\nPurpose\n\nEnsure a service is production-ready by systematically checking every operational concern — logging, error handling, performance, security, deployment, testing, and documentation — before traffic hits it.\n\nA production-ready service:\n\nFails gracefully under load and partial outages\nObserves itself with structured logs, metrics, and traces\nRecovers automatically from transient failures\nCommunicates health to orchestrators and operators\nDocuments operations so on-call engineers can respond without tribal knowledge\nWhen to Use\nTrigger\tContext\nBefore first deploy\tNew service going to production for the first time\nBefore major release\tSignificant feature or architectural change shipping\nQuarterly production review\tScheduled audit of existing services\nAfter incident\tPost-incident hardening to prevent recurrence\nDependency upgrade\tMajor framework, runtime, or infrastructure change\nTeam handoff\tTransferring ownership of a service to another team\nOrchestration Flow\n\nRun each area sequentially or in parallel. Each step delegates to a specialized skill or agent — this skill does not re-implement their logic.\n\n┌─────────────────────────────────────────────────┐\n│ Production Readiness Review │\n├─────────────────────────────────────────────────┤\n│ │\n│ 1. Logging & Observability ──► logging-observability skill\n│ 2. Error Handling ───────────► error-handling-patterns skill\n│ 3. Performance ──────────────► performance-agent\n│ 4. Security ─────────────────► security-review meta-skill\n│ 5. Deployment ───────────────► deployment-agent + docker-expert skill\n│ 6. Testing ──────────────────► testing-workflow meta-skill\n│ 7. Documentation ────────────► /generate-docs command\n│ │\n│ ──► Synthesize results into go/no-go report │\n└─────────────────────────────────────────────────┘\n\nStep Details\nLogging & Observability — Structured logging, log levels, correlation IDs, metrics endpoints, distributed tracing, alerting rules\nError Handling — Global error boundaries, retry policies, dead-letter queues, error classification, user-facing error messages\nPerformance — Load testing results, P95/P99 latency baselines, memory/CPU profiling, database query analysis, caching strategy\nSecurity — Auth/authz verification, input validation, dependency audit, secrets management, OWASP top-10 review\nDeployment — Container hardening, rollback strategy, blue-green/canary configuration, infrastructure-as-code review\nTesting — Unit/integration/e2e coverage, contract tests, chaos/failure injection, smoke tests in staging\nDocumentation — API docs, runbooks, architecture diagrams, on-call playbooks, ADRs for key decisions\nSkill Routing Table\nConcern\tSkill / Agent\tPath\nLogging & Observability\tlogging-observability\tai/skills/tools/logging-observability/SKILL.md\nError Handling\terror-handling-patterns\tai/skills/backend/error-handling-patterns/SKILL.md\nPerformance\tperformance-agent\tai/agents/performance/\nSecurity\tsecurity-review\tai/skills/meta/security-review/SKILL.md\nDeployment (containers)\tdocker-expert\tai/skills/devops/docker/SKILL.md\nDeployment (pipelines)\tdeployment-agent\tai/agents/deployment/\nTesting\ttesting-workflow\tai/skills/testing/testing-workflow/SKILL.md\nRate Limiting\trate-limiting-patterns\tai/skills/backend/rate-limiting-patterns/SKILL.md\nDocumentation\t/generate-docs\tai/commands/documentation/\n\nRouting rule: Read the target skill first, follow its instructions, then return results here for synthesis.\n\nProduction Readiness Checklist\nHealth & Lifecycle\n Health check endpoint (/healthz or /health) returns dependency status\n Readiness probe distinguishes \"starting\" from \"ready to serve\"\n Liveness probe detects deadlocks and unrecoverable states\n Graceful shutdown drains in-flight requests before exit\n Startup probe allows for slow initialization without false restarts\nResilience\n Circuit breakers on all external service calls\n Retry with exponential backoff and jitter on transient failures\n Rate limiting configured per endpoint and per client\n Backpressure mechanisms prevent cascade failures under load\n Timeouts set on every outbound call (HTTP, DB, queue)\n Bulkhead isolation separates critical from non-critical paths\nConfiguration & Secrets\n All configuration externalized (env vars, config service, or feature flags)\n No secrets in code, images, or environment variable defaults\n Secrets loaded from a vault (e.g., AWS Secrets Manager, HashiCorp Vault)\n Configuration changes do not require redeployment\n Feature flags in place for high-risk changes\nData Safety\n Backup strategy defined and tested (RPO/RTO documented)\n Restore procedure verified in a non-production environment\n Database migrations are backward-compatible and reversible\n Data retention policies implemented and enforced\nOperational Readiness\n Runbooks exist for top 5 most likely failure scenarios\n SLOs defined (availability, latency, error rate) with error budgets\n SLAs communicated to dependent teams or customers\n On-call rotation staffed and escalation path documented\n Dashboards show golden signals (latency, traffic, errors, saturation)\n Alerting rules configured with appropriate thresholds and severity\nMaturity Levels\nLevel\tName\tRequirements\nL1\tMVP\tHealth check, basic logging, error handling, manual deploy, unit tests, README\nL2\tStable\tStructured logging, metrics, graceful shutdown, CI/CD pipeline, integration tests, runbooks\nL3\tResilient\tDistributed tracing, circuit breakers, auto-scaling, chaos testing, SLOs, on-call rotation\nL4\tOptimized\tAdaptive rate limiting, predictive alerting, canary deploys, full observability, error budgets, postmortem culture\nProgression Guidance\nL1 → L2: Add structured logging, metrics endpoint, and a CI/CD pipeline. Write runbooks for known failure modes.\nL2 → L3: Instrument distributed tracing. Add circuit breakers to external calls. Define SLOs and set up on-call.\nL3 → L4: Implement canary deployments. Adopt error budgets. Run regular game days. Build predictive alerting.\nIncident Response\nOn-Call Rotation\nMinimum two engineers per rotation (primary + secondary)\nHandoff includes review of recent deploys, open issues, and known risks\nEscalation targets defined: primary → secondary → engineering lead → VP Eng\nEscalation Matrix\nSeverity\tResponse Time\tEscalation After\tStakeholder Notification\nSEV-1 (outage)\t15 min\t30 min\tImmediate — exec + customers\nSEV-2 (degraded)\t30 min\t1 hour\tWithin 1 hour — eng lead\nSEV-3 (minor)\t4 hours\tNext business day\tDaily standup\nSEV-4 (cosmetic)\tNext sprint\tN/A\tBacklog\nPostmortem Template\n## Incident: [Title]\n**Date:** YYYY-MM-DD | **Duration:** X hours | **Severity:** SEV-N\n\n### Summary\nOne-paragraph description of what happened and impact.\n\n### Timeline\n- HH:MM — First alert fired\n- HH:MM — Engineer paged, investigation started\n- HH:MM — Root cause identified\n- HH:MM — Mitigation applied\n- HH:MM — Full resolution confirmed\n\n### Root Cause\nWhat broke and why. Link to code/config change if applicable.\n\n### Impact\n- Users affected: N\n- Revenue impact: $X (if applicable)\n- SLO budget consumed: X%\n\n### Action Items\n| Action | Owner | Due Date | Status |\n|--------|-------|----------|--------|\n| Fix X | @eng | YYYY-MM-DD | Open |\n\n### Lessons Learned\n- What went well\n- What went poorly\n- Where we got lucky\n\nNEVER Do\nNEVER skip health checks — every service must expose health endpoints; no exceptions for \"simple\" services\nNEVER store secrets in code or container images — use a secrets manager; never default env vars with real values\nNEVER deploy without a rollback plan — if you cannot roll back in under 5 minutes, you are not ready to deploy\nNEVER ignore error budget violations — when the error budget is exhausted, freeze feature work and fix reliability\nNEVER treat logging as optional — a service without structured logging is a service you cannot debug at 3 AM\nNEVER go to production without runbooks — if on-call cannot resolve the top 5 failure modes without the original author, the service is not production-ready" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/wpank/production-readiness", "publisherUrl": "https://clawhub.ai/wpank/production-readiness", "owner": "wpank", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/production-readiness", "downloadUrl": "https://openagent3.xyz/downloads/production-readiness", "agentUrl": "https://openagent3.xyz/skills/production-readiness/agent", "manifestUrl": "https://openagent3.xyz/skills/production-readiness/agent.json", "briefUrl": "https://openagent3.xyz/skills/production-readiness/agent.md" } }