antigravity-ai-kit 3.5.3 → 3.7.0

package/.agent/CheatSheet.md

@@ -1,6 +1,6 @@
 # Antigravity AI Kit — CheatSheet
 
-> **Version**: v3.5.3 | **Quick Reference** for all capabilities
+> **Version**: v3.7.0 | **Quick Reference** for all capabilities
 > **Session**: Start with `/status`, end with session-end checklist
 
 ---

package/.agent/checklists/pre-commit.md

@@ -1,6 +1,6 @@
 # Pre-Commit Checklist
 
-> **Framework**: Antigravity AI Kit v3.5.3  
+> **Framework**: Antigravity AI Kit v3.7.0  
 > **Purpose**: Quality gate before committing code  
 > **Principle**: Prevention over correction
 

package/.agent/checklists/session-end.md

@@ -1,6 +1,6 @@
 # Session End Checklist
 
-> **Framework**: Antigravity AI Kit v3.5.3  
+> **Framework**: Antigravity AI Kit v3.7.0  
 > **Purpose**: Complete this checklist before ending any work session  
 > **Principle**: Context preservation for continuity
 

package/.agent/checklists/session-start.md

@@ -1,6 +1,6 @@
 # Session Start Checklist
 
-> **Framework**: Antigravity AI Kit v3.5.3  
+> **Framework**: Antigravity AI Kit v3.7.0  
 > **Purpose**: Complete this checklist at the beginning of every work session  
 > **Principle**: Full context before new work
 

package/.agent/checklists/task-complete.md

@@ -1,6 +1,6 @@
 # Task-Complete Checkpoint
 
-> **Framework**: Antigravity AI Kit v3.5.3
+> **Framework**: Antigravity AI Kit v3.7.0
 > **Purpose**: Decision gate after task completion — present options before commit/push
 > **Principle**: Human-in-the-loop governance
 
@@ -28,10 +28,11 @@ Present these options to the developer:
 | 2 | 🛡️ Retrospective Audit | `/retrospective` | Sprint-end or milestone |
 | 3 | 📋 Update Tracking | Manual | ✅ Always |
 | 4 | 📦 Commit & Push | `git commit + push` | After review passes |
-| 5 | 🔚 Session-End | Protocol | End of work session |
-| 6 | 🚀 Deploy | `/deploy` | Production-impacting changes |
-| 7 | 📝 Continue Working | Skip commit | Batching multiple changes |
-| 8 | ⏭️ Skip Checkpoint | Session flag | Rapid iteration mode |
+| 5 | 🔀 Pull Request | `/pr` | Feature branch with commits |
+| 6 | 🔚 Session-End | Protocol | End of work session |
+| 7 | 🚀 Deploy | `/deploy` | Production-impacting changes |
+| 8 | 📝 Continue Working | Skip commit | Batching multiple changes |
+| 9 | ⏭️ Skip Checkpoint | Session flag | Rapid iteration mode |
 
 **Prompt format:**
 
@@ -42,10 +43,11 @@ How should we proceed?
 2. 🛡️ /retrospective — Tier-1 audit (architecture, market benchmark, ethics)
 3. 📋 Update tracking — Sync ROADMAP.md, session-context.md, session-state.json
 4. 📦 Commit & push — Stage, commit (conventional), push to remote
-5. 🔚 Session-end protocol — Preserve context and prepare for handoff
-6. 🚀 /deploy — Production deployment with pre-flight checks
-7. 📝 Continue working — Proceed to next task without committing
-8. ⏭️ Skip checkpoint — Disable checkpoint for remainder of session
+5. 🔀 /pr — Create pull request with pre-flight checks and CI verification
+6. 🔚 Session-end protocol — Preserve context and prepare for handoff
+7. 🚀 /deploy — Production deployment with pre-flight checks
+8. 📝 Continue working — Proceed to next task without committing
+9. ⏭️ Skip checkpoint — Disable checkpoint for remainder of session
 
 > Choose options (e.g., "1, 3, 4" or "1 through 5"):
 ```
@@ -62,6 +64,7 @@ Dynamically adjust recommendations based on:
 - [ ] **File count**: If >5 files changed → recommend atomic commit review
 - [ ] **New code without tests**: Flag with ⚠️ if test coverage gap detected
 - [ ] **Security-sensitive**: If auth/crypto/token files changed → recommend `/review security`
+- [ ] **Feature branch**: If on feature branch with unpushed commits → recommend `/pr`
 
 ---
 

package/.agent/commands/help.md

@@ -11,7 +11,7 @@ Your complete guide to the Antigravity AI Kit. Type `/help` for a quick overview
 ```
 /help                  # Quick overview of all capabilities
 /help commands         # All 31 slash commands with descriptions
-/help workflows        # All 14 workflows with descriptions
+/help workflows        # All 15 workflows with descriptions
 /help agents           # All 19 AI agents with domains
 /help skills           # All 32 skill modules
 /help rules            # Governance rules
@@ -24,7 +24,7 @@ Your complete guide to the Antigravity AI Kit. Type `/help` for a quick overview
 
 ## Quick Overview
 
-**Antigravity AI Kit v3.5.3** — Trust-Grade AI Development Framework
+**Antigravity AI Kit v3.7.0** — Trust-Grade AI Development Framework
 
 | Category | Count | Description |
 |:---------|:------|:------------|

package/.agent/manifest.json

@@ -1,6 +1,6 @@
 {
   "schemaVersion": "1.0.0",
-  "kitVersion": "3.5.3",
+  "kitVersion": "3.7.0",
   "lastAuditedAt": null,
   "description": "Antigravity AI Kit — Trust-Grade AI Development Framework",
   "repository": "https://github.com/besync-labs/antigravity-ai-kit",
@@ -110,7 +110,7 @@
       "directory": "commands/"
     },
     "skills": {
-      "count": 32,
+      "count": 33,
       "items": [
         {
           "name": "api-patterns",
@@ -208,6 +208,10 @@
           "name": "plan-writing",
           "directory": "skills/plan-writing/"
         },
+        {
+          "name": "production-readiness",
+          "directory": "skills/production-readiness/"
+        },
         {
           "name": "security-practices",
           "directory": "skills/security-practices/"
@@ -243,7 +247,7 @@
       ]
     },
     "workflows": {
-      "count": 14,
+      "count": 16,
       "items": [
         {
           "name": "brainstorm",
@@ -273,6 +277,14 @@
           "name": "plan",
           "file": "workflows/plan.md"
         },
+        {
+          "name": "pr",
+          "file": "workflows/pr.md"
+        },
+        {
+          "name": "preflight",
+          "file": "workflows/preflight.md"
+        },
         {
           "name": "preview",
           "file": "workflows/preview.md"

package/.agent/session-context.md

@@ -32,7 +32,7 @@
 
 **Branch**: —  
 **Repository**: —  
-**Framework**: Antigravity AI Kit v3.5.1
+**Framework**: Antigravity AI Kit v3.7.0
 
 ### Key File Locations
 

package/.agent/skills/README.md

@@ -1,7 +1,7 @@
 # Antigravity AI Kit — Skills
 
 > **Purpose**: Workflow definitions and domain knowledge extensions
-> **Count**: 31 Skills (5 Operational + 4 Orchestration + 13 Domain + 9 Development)
+> **Count**: 32 Skills (6 Operational + 4 Orchestration + 13 Domain + 9 Development)
 
 ---
 
@@ -25,7 +25,7 @@ Skills are automatically loaded based on task context. Agents invoke relevant sk
 
 ---
 
-## Operational Skills (5)
+## Operational Skills (6)
 
 | Skill                                               | Purpose                   |
 | :-------------------------------------------------- | :------------------------ |
@@ -34,6 +34,7 @@ Skills are automatically loaded based on task context. Agents invoke relevant sk
 | [strategic-compact](strategic-compact/SKILL.md)     | Context window management |
 | [eval-harness](eval-harness/SKILL.md)               | Performance evaluation    |
 | [context-budget](context-budget/SKILL.md)           | LLM token budget mgmt    |
+| [production-readiness](production-readiness/SKILL.md) | Production readiness audits |
 
 ---
 

package/.agent/skills/production-readiness/SKILL.md

@@ -0,0 +1,272 @@
+---
+name: production-readiness
+description: Production readiness audit domains, weighted scoring criteria, and check specifications for the /preflight workflow.
+version: 1.0.0
+triggers: [pre-deploy, pre-launch, milestone, production-readiness]
+allowed-tools: Read, Grep
+---
+
+# Production Readiness
+
+> **Purpose**: Assess project readiness for production deployment across 10 audit domains
+> **Invoked by**: `/preflight` workflow
+> **Reusable by**: `/retrospective`, `/deploy`
+
+---
+
+## Overview
+
+This skill defines the audit domains, sub-check rubrics, and scoring model used by the `/preflight` workflow to generate a Production Readiness Scorecard. Each domain has weighted scoring with evidence-based pass criteria.
+
+---
+
+## Principles
+
+1. **Evidence over assertion** — every score must be backed by observable proof
+2. **Non-destructive** — all checks are read-only analysis
+3. **Fail-safe defaults** — unverifiable checks score 0 (not assumed pass)
+4. **Domain independence** — each domain is scored independently
+5. **Blocker precedence** — blocker rules override total score
+
+---
+
+## Domain Definitions
+
+### D1: Task Completeness (8 points)
+
+> Verify all planned work is complete, scope is aligned, and no undocumented features exist.
+
+**Primary Skill**: `plan-writing` · **Check Method**: Read ROADMAP.md, task files
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| ROADMAP.md or task tracker exists and is current | 2 | File exists, contains structured task list |
+| All MVP/milestone tasks marked complete | 3 | No `[ ]` items remain in milestone scope |
+| No undocumented features | 2 | Every implemented feature has a task entry |
+| Scope drift detection | 1 | No features implemented outside planned scope |
+
+---
+
+### D2: User Journey Validation (10 points)
+
+> Verify critical user flows work end-to-end and fail-safe behavior is defined.
+
+**Primary Skill**: `webapp-testing` · **Secondary Skill**: `testing-patterns` · **Check Method**: Walk critical flows, check error handling
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| Critical user flows identified | 2 | At least 3 key flows documented or testable |
+| Happy path verified | 3 | Core flows produce expected outcomes |
+| Error/edge case handling | 3 | Graceful degradation on failure paths |
+| Accessibility baseline | 2 | Basic keyboard navigation, ARIA labels on critical elements |
+
+---
+
+### D3: Implementation Correctness (10 points)
+
+> Verify features function as specified, no dead code, and test suite passes.
+
+**Primary Skill**: `verification-loop` · **Secondary Skill**: `testing-patterns` · **Check Method**: Run test suite, static analysis
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| Test suite passes | 4 | Zero test failures |
+| Test coverage adequate | 2 | Coverage ≥ project target (or ≥60% default) |
+| No dead code or unused exports | 2 | Static analysis clean |
+| Feature correctness audit | 2 | Implemented features match specifications |
+
+---
+
+### D4: Code Quality (15 points)
+
+> Verify code meets quality gates. Delegates to the `/review` workflow.
+
+**Primary Skill**: `verification-loop` · **Secondary Skill**: `clean-code` · **Check Method**: Delegate to `/review`
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| Lint passes | 3 | Zero lint errors |
+| Type check passes | 3 | Zero type errors in strict mode |
+| Build succeeds | 3 | Production build completes without errors |
+| Code style compliance | 3 | Follows project conventions (naming, structure) |
+| Dependency health | 3 | No critical/high vulnerabilities in dependencies |
+
+---
+
+### D5: Security & Privacy (18 points)
+
+> Non-negotiable security assessment. Highest weight domain.
+
+**Primary Skill**: `security-practices` · **Check Method**: OWASP check, secrets scan, dependency audit
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| No hardcoded secrets | 4 | Grep for API keys, passwords, tokens — zero matches |
+| Dependencies vulnerability scan | 3 | No critical/high CVEs in production deps |
+| Authentication/authorization audit | 3 | Auth flows follow security-practices skill standards |
+| Input validation on all endpoints | 3 | No unvalidated user input reaches business logic |
+| HTTPS/security headers configured | 3 | CSP, HSTS, X-Frame-Options present in production config |
+| Privacy compliance check | 2 | PII handling documented, consent mechanisms present |
+
+---
+
+### D6: Configuration Readiness (8 points)
+
+> Verify environment configuration is production-ready.
+
+**Primary Skill**: `deployment-procedures` · **Secondary Skill**: `shell-conventions` · **Check Method**: Env var audit, config validation
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| All required env vars documented | 2 | `.env.example` or equivalent exists with all vars |
+| No dev-only values in production config | 2 | No `localhost`, `debug=true`, dev API keys |
+| Secrets management strategy defined | 2 | Secrets via env vars or vault, not committed |
+| Environment-specific configs separated | 2 | Dev/staging/prod configs isolated |
+
+---
+
+### D7: Performance Baseline (8 points)
+
+> Verify performance meets baseline thresholds.
+
+**Primary Skill**: `performance-profiling` · **Check Method**: Bundle analysis, response time check
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| Bundle size within budget | 2 | Initial JS < 200KB gzipped (web) or reasonable for platform |
+| No obvious performance anti-patterns | 2 | No N+1 queries, unbounded loops, memory leaks |
+| Core Web Vitals baseline (web) | 2 | LCP < 2.5s, CLS < 0.1 (if applicable) |
+| API response times acceptable | 2 | p95 < 500ms for critical endpoints |
+
+---
+
+### D8: Documentation (5 points)
+
+> Verify operational documentation is adequate.
+
+**Primary Skill**: `plan-writing` · **Check Method**: File existence and content check
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| README with setup instructions | 2 | README exists, includes install + run commands |
+| API documentation (if applicable) | 1 | Endpoints documented or N/A justified |
+| Runbook or incident procedures | 1 | Basic operational guide exists or N/A justified |
+| CHANGELOG current | 1 | Recent changes documented |
+
+---
+
+### D9: Infrastructure & CI/CD (10 points)
+
+> Verify deployment pipeline and infrastructure readiness.
+
+**Primary Skill**: `deployment-procedures` · **Secondary Skill**: `docker-patterns` · **Check Method**: CI config analysis, deployment strategy
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| CI pipeline passes | 3 | All CI checks green on target branch |
+| Deployment strategy defined | 2 | Deploy method documented (manual, CD, container) |
+| Rollback capability exists | 3 | Rollback procedure tested or documented |
+| Health check endpoint (if applicable) | 2 | `/health` or equivalent returns service status |
+
+---
+
+### D10: Observability & Monitoring (8 points)
+
+> Verify incident visibility and error tracking readiness.
+
+**Primary Skill**: `deployment-procedures` · **Check Method**: Config analysis, logging audit
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| Error tracking configured | 3 | Error monitoring service connected (Sentry, etc.) or plan documented |
+| Structured logging in place | 2 | Application logs are structured (JSON) with severity levels |
+| Alerting configured for critical paths | 2 | At least downtime/error-rate alerts defined |
+| No PII in logs | 1 | Grep logs config for email/password/token patterns |
+
+---
+
+## Scoring Model
+
+### Domain Weights
+
+| Domain | Weight | Max Score |
+| :--- | :--- | :--- |
+| D1: Task Completeness | 8% | 8 |
+| D2: User Journey Validation | 10% | 10 |
+| D3: Implementation Correctness | 10% | 10 |
+| D4: Code Quality | 15% | 15 |
+| D5: Security & Privacy | 18% | 18 |
+| D6: Configuration Readiness | 8% | 8 |
+| D7: Performance Baseline | 8% | 8 |
+| D8: Documentation | 5% | 5 |
+| D9: Infrastructure & CI/CD | 10% | 10 |
+| D10: Observability & Monitoring | 8% | 8 |
+| **Total** | **100%** | **100** |
+
+---
+
+### Go/No-Go Thresholds
+
+| Score | Status | Action |
+| :--- | :--- | :--- |
+| ≥ 85/100 | 🟢 **Production Ready** | Proceed to `/pr` → `/deploy` |
+| 70-84 | 🟡 **Conditionally Ready** | Fix medium issues, re-run with `--rescan` |
+| < 70 | 🔴 **Not Ready** | Fix critical/high issues, re-run with `--rescan` |
+
+---
+
+### Blocker Rule Precedence
+
+Blocker rules **override** the total score. Even if the total score is above threshold, a blocker rule violation forces a lower verdict.
+
+**Evaluation order**: Blockers are checked BEFORE the total score is evaluated.
+
+| Rule | Condition | Override Verdict | Rationale |
+| :--- | :--- | :--- | :--- |
+| **Zero Domain** | Any domain scores 0/max | 🔴 Not Ready | A completely unchecked domain is a blind spot |
+| **Security Floor** | D5 < 50% (< 9/18) | 🔴 Not Ready | Security is non-negotiable for production |
+| **Quality Floor** | D4 < 50% (< 8/15) | 🟡 minimum | Code quality below threshold needs attention |
+
+**Precedence**: Zero Domain > Security Floor > Quality Floor > Total Score
+
+---
+
+### Evidence Requirements
+
+Every sub-check score must be supported by one of:
+
+- **File evidence**: path to file or config that proves compliance
+- **Command output**: result of a verification command (lint, test, scan)
+- **Observation**: documented observation with specific detail
+- **N/A justification**: one-line reason why the check doesn't apply
+
+Unsupported scores default to 0.
+
+---
+
+## Delta Comparison (`--rescan`)
+
+When invoked with `--rescan`, compare against the most recent previous scorecard:
+
+1. Load previous scorecard from conversation artifacts
+2. Run full D1-D10 scan with current state
+3. Generate delta table:
+
+```markdown
+| Domain | Previous | Current | Delta |
+| :--- | :--- | :--- | :--- |
+| D1: Tasks | 5/8 | 8/8 | +3 ✅ |
+| D5: Security | 6/18 | 14/18 | +8 ✅ |
+```
+
+4. Highlight regressions (negative delta) with `[!WARNING]`
+5. Summary: total improvement, remaining gaps, updated verdict
+
+---
+
+## Integration
+
+- **Primary consumer**: `/preflight` workflow (Verify phase)
+- **Reusable by**: `/retrospective` (sprint audit can reference domain definitions)
+- **Reusable by**: `/deploy` (deployment pre-flight can reference D5, D6, D9 checks)
+- **References**: 8 existing skills via the delegation map in domain definitions

package/.agent/workflows/README.md

@@ -1,7 +1,7 @@
 # Antigravity AI Kit — Workflows
 
 > **Purpose**: Process templates for common development tasks
-> **Count**: 14 Workflows
+> **Count**: 16 Workflows
 > **Standard**: Enterprise Workflow Standard (EWS) v1.0
 
 ---
@@ -27,6 +27,8 @@ Invoke them using slash commands (e.g., `/brainstorm authentication system`).
 | **ui-ux-pro-max** | `/ui-ux-pro-max` | Build | Premium UI/UX design and implementation |
 | **test** | `/test` | Verify | Systematic test writing and execution |
 | **review** | `/review` | Verify | Sequential quality gate pipeline |
+| **preflight** | `/preflight` | Verify | Production readiness assessment with 10-domain scoring |
+| **pr** | `/pr` | Ship | Production-grade PR creation with pre-flight checks |
 | **deploy** | `/deploy` | Ship | Production deployment with pre-flight checks |
 | **debug** | `/debug` | Reactive | Systematic problem investigation |
 | **orchestrate** | `/orchestrate` | Reactive | Multi-agent coordination for complex tasks |
@@ -41,9 +43,9 @@ Invoke them using slash commands (e.g., `/brainstorm authentication system`).
 Discover ──► Plan ──► Build ──► Verify ──► Ship ──► Evaluate
    │           │        │         │         │          │
    ▼           ▼        ▼         ▼         ▼          ▼
-/brainstorm  /plan   /create   /test     /deploy   /retrospective
-/quality-gate        /enhance  /review
-                     /preview
+/brainstorm  /plan   /create   /test     /pr        /retrospective
+/quality-gate        /enhance  /review   /deploy
+                     /preview  /preflight
                      /ui-ux-pro-max
 
     Reactive (any phase)          Cross-cutting (any phase)

package/.agent/workflows/deploy.md

@@ -9,7 +9,7 @@ commit-types: [chore, fix]
 # /deploy — Production Deployment
 
 > **Trigger**: `/deploy [sub-command]`
-> **Lifecycle**: Ship — after `/review` gate passes
+> **Lifecycle**: Ship — after `/pr` is merged
 
 > [!CAUTION]
 > Deployment impacts production users and consumes platform credits. Every push to `production` triggers builds on hosting platforms (Vercel, Railway, etc.). Never deploy untested code. Always have a rollback plan before deploying.
@@ -189,7 +189,8 @@ Run `/deploy rollback` to restore [previous version].
 
 ## Related Resources
 
-- **Previous**: `/review` (quality gates must pass before deployment)
+- **Previous**: `/pr` (PR must be created and merged before deployment)
+- **Pre-requisite**: `/preflight` (production readiness must be verified before deployment)
 - **Next**: `/status` (post-deploy monitoring)
 - **Skill**: `.agent/skills/deployment-procedures/SKILL.md`
 - **Global Rule**: Production Merge Discipline (see global rules)

package/.agent/workflows/pr.md

@@ -0,0 +1,291 @@
+---
+description: Production-grade PR creation with pre-flight checks, branch sync, and CI verification.
+version: 2.1.0
+sdlc-phase: ship
+skills: [git-workflow, verification-loop]
+commit-types: [feat, fix, refactor, perf, chore, docs, test]
+---
+
+# /pr — Production-Grade Pull Request Workflow
+
+> **Trigger**: `/pr [target]` (default: `main`) · `/pr --draft [target]`
+> **Lifecycle**: Ship — after `/preflight` readiness passes, before `/deploy`
+
+> [!CAUTION]
+> PR creation pushes code to remote and triggers CI pipelines. Always run local pre-flight checks via `/review` before pushing. Never create PRs with unresolved conflicts or failing tests. Every CI run consumes pipeline credits.
+
+> [!TIP]
+> This workflow leverages the **git-workflow** skill. Read `.agent/skills/git-workflow/SKILL.md` for extended guidance on branching, conventional commits, and PR templates.
+
+---
+
+## Scope Filter
+
+| Commit Type | PR Mode | Gates Skipped |
+| :---------- | :------ | :------------ |
+| `feat()` — new features | ✅ Full (8 steps) | None |
+| `fix()` — bug fixes | ✅ Full (8 steps) | None |
+| `refactor()` — structural | ✅ Full (8 steps) | None |
+| `perf()` — performance | ✅ Full (8 steps) | None |
+| `chore()` — maintenance | ⚠️ Lightweight | Step 3 (pre-flight) |
+| `docs()` — documentation | ⚠️ Lightweight | Steps 3, 7 (pre-flight, CI) |
+| `test()` — test additions | ⚠️ Lightweight | Step 3 runs test gate only |
+
+---
+
+## Critical Rules
+
+1. **ALWAYS** sync with target branch before creating PR — prevents merge conflicts
+2. **ALWAYS** run pre-flight `/review` locally before pushing — catches issues pre-CI
+3. **NEVER** create a PR from `main` or `production` branches
+4. **NEVER** create a PR with known conflicts — resolve first
+5. **NEVER** merge without all CI checks passing
+6. **ATOMIC** PRs — one logical unit of work per PR, not multi-sprint kitchen sinks
+7. **CONVENTIONAL** titles — `type(scope): description` format
+
+---
+
+## Argument Parsing
+
+| Command | Action |
+| :---------------------- | :--------------------------------------------------- |
+| `/pr` | Create PR targeting default branch (`main`) |
+| `/pr [target]` | Create PR targeting specified branch (e.g., `/pr dev`) |
+| `/pr --draft` | Create PR as draft (may not trigger CI) |
+| `/pr --draft [target]` | Create draft PR targeting specified branch |
+
+---
+
+## Steps
+
+Execute IN ORDER. Stop at first failure.
+
+### Step 1: Verify Branch State
+
+// turbo
+
+```powershell
+git branch --show-current
+git status --porcelain
+```
+
+- If on `main` or `production` → **STOP**, instruct user to create feature branch
+- If working tree dirty → prompt to commit or stash
+
+### Step 2: Sync with Target Branch
+
+// turbo
+
+```powershell
+git fetch origin <target>
+git merge origin/<target> --no-edit
+```
+
+- If conflicts detected → invoke **Conflict Resolution Protocol** (see below)
+- If clean merge → proceed to Step 3
+
+> [!WARNING]
+> If the branch has diverged significantly from the target, expect conflicts in shared files like `.gitignore`, `package.json`, or lock files. Always check `git diff --name-only origin/<target>..HEAD` before creating the PR.
+
+### Step 3: Run Pre-Flight Checks
+
+Delegate to `/review` pipeline (Gates 1-5: lint, type-check, test, security, build).
+
+- Scope filter applies:
+  - `docs()` → skip all gates
+  - `chore()` → skip test + build gates
+  - `test()` → run test gate only
+  - All others → full pipeline
+- If any gate fails → stop, fix, re-run
+
+> [!CAUTION]
+> If ANY pre-flight check fails, fix it BEFORE proceeding. Do NOT rely on CI to catch issues — that wastes pipeline credits and delays the team.
+
+### Step 4: Push to Remote
+
+```powershell
+git push origin HEAD
+```
+
+- If rejected (upstream diverged) → re-run Step 2, then retry push
+- If authentication error → guide user to configure credentials
+
+### Step 5: Generate PR Title & Body
+
+// turbo
+
+**Title generation:**
+- Parse branch name: `feature/ABC-123-add-user-auth` → `feat(auth): add user auth`
+- Fallback: use first commit message subject line
+- Format: `type(scope): description` (conventional commits)
+
+**Body generation:**
+- Populate from `git log origin/<target>..HEAD --oneline` and `git diff --stat origin/<target>..HEAD`
+- Use **PR Body Template** (see below)
+
+### Step 6: Create PR
+
+**Pre-check:** Query existing PRs for current branch. If open PR exists → offer to update title/body instead of creating new.
+
+**MCP-first 3-tier fallback:**
+1. Attempt `mcp_github-mcp-server_create_pull_request` with title, body, `is_draft`, base, head
+2. If MCP fails → attempt `gh pr create --title "<title>" --body "<body>" --base <target> [--draft]`
+3. If `gh` fails → provide pre-formatted title + body for manual browser copy-paste
+
+### Step 7: Verify CI Pipeline
+
+- Poll via `mcp_github-mcp-server_pull_request_read` (method: `get_status`)
+- Report each check as it resolves
+- If draft PR → note: "Draft PRs may not trigger CI on some repositories. Convert to ready-for-review via MCP `update_pull_request` if CI doesn't appear."
+
+> [!NOTE]
+> If CI checks do NOT appear, check:
+> 1. **Merge conflicts** — `mergeable_state: dirty` blocks CI entirely
+> 2. **Workflow file** — `.github/workflows/` must contain CI config on the target branch
+> 3. **Branch targeting** — CI may only trigger on PRs targeting specific branches
+
+### Step 8: Handle Results
+
+- ✅ All green → offer to assign reviewers via `update_pull_request`, link issues with `Closes #N`
+- ❌ Any fail → read failure logs, suggest fix, re-run from Step 3
+- ⏳ Timeout → provide manual check instructions
+
+---
+
+## PR Body Template
+
+```markdown
+## Summary
+[One-line description derived from branch name and commits]
+
+## Changes
+
+### [Category — derived from commit types]
+- [Change description from commit messages]
+
+## Test Plan
+- [x] Pre-flight `/review` passed locally (lint, type-check, test, security, build)
+- [x] Branch synced with `{target}` — no conflicts
+- [x] No secrets or PII in diff
+
+## Breaking Changes
+[None / List any breaking changes — derived from `BREAKING CHANGE:` commit footers]
+
+## Related Issues
+[Closes #N — derived from commit messages or branch name pattern]
+```
+
+---
+
+## Conflict Resolution Protocol
+
+When merge conflicts are detected in Step 2:
+
+```powershell
+# 1. Check conflicted files
+git diff --name-only --diff-filter=U
+
+# 2. Resolve each conflict manually
+#    - .gitignore: combine both versions, prefer more restrictive
+#    - Package manifests (package.json, pubspec.yaml): merge dependencies carefully
+#    - Source files: understand both changes, merge logically
+
+# 3. Mark resolved and commit
+git add <resolved-files>
+git commit -m "merge: resolve conflicts with <target>"
+
+# 4. Re-run pre-flight checks (Step 3)
+# Invoke /review to verify merge didn't break anything
+
+# 5. Resume from Step 4 (Push)
+```
+
+---
+
+## Output Template
+
+### ✅ PR Created Successfully
+
+```markdown
+## ✅ PR Created Successfully
+
+| Field | Value |
+| :--- | :--- |
+| PR | #[N] |
+| Title | [type(scope): description] |
+| Branch | [source] → [target] |
+| Status | [draft / ready for review] |
+| URL | [link] |
+
+### CI Status
+| Check | Status |
+| :--- | :--- |
+| [name] | ✅ Pass / ⏳ Pending / ❌ Fail |
+
+**Next**: Wait for CI → `/deploy` when ready.
+```
+
+### ❌ PR Creation Failed
+
+```markdown
+## ❌ PR Creation Failed at Step [N]
+
+### Error
+[Error description]
+
+### Resolution
+1. [Fix steps]
+2. Re-run: `/pr [target]`
+
+### Fallback
+[Manual instructions if MCP + CLI both failed]
+```
+
+---
+
+## Governance
+
+**PROHIBITED:**
+- Creating PRs from `main` or `production` branches
+- Creating PRs with unresolved merge conflicts
+- Pushing without local pre-flight `/review` passing
+- Merging PRs with failing CI checks
+- Including generated files, PII, secrets, or `.env` in diff
+- Multi-sprint mega-PRs — keep PRs focused and reviewable
+- Using `// turbo` on state-mutating steps (push, create, merge)
+- Skipping failed steps · proceeding without resolution
+
+**REQUIRED:**
+- Branch sync with target before every PR
+- Local pre-flight via `/review` before push
+- Conventional commit PR title format
+- Structured PR body using template
+- CI verification after PR creation
+- Human approval before push and PR creation (non-turbo)
+- MCP-first with graceful fallback strategy
+- Conflict resolution before push
+
+---
+
+## Completion Criteria
+
+- [ ] On feature branch (not `main`/`production`)
+- [ ] Working tree clean (committed or stashed)
+- [ ] Target branch synced (no conflicts)
+- [ ] Pre-flight `/review` passes (scope-filtered)
+- [ ] Pushed to remote
+- [ ] PR created with conventional title and structured body
+- [ ] CI checks monitored and passed (or draft acknowledged)
+- [ ] Review requested (if applicable)
+- [ ] After CI passes: proceed to `/deploy` when ready
+
+---
+
+## Related Resources
+
+- **Previous**: `/preflight` (production readiness verified) · `/review` (code quality gates)
+- **Next**: `/deploy` (deployment after PR is merged)
+- **Skills**: `.agent/skills/git-workflow/SKILL.md` · `.agent/skills/verification-loop/SKILL.md`
+- **Global Rule**: Production Merge Discipline (see global rules)
+- **Related**: `/status` (check PR and CI status)
+- **Note**: PR body template supersedes the basic template in `git-workflow` skill

package/.agent/workflows/preflight.md

@@ -0,0 +1,225 @@
+---
+description: Production readiness assessment with weighted scoring across 10 audit domains.
+version: 1.0.0
+sdlc-phase: verify
+skills: [production-readiness, verification-loop, security-practices]
+commit-types: [feat, fix, refactor, perf]
+---
+
+# /preflight — Production Readiness Assessment
+
+> **Trigger**: `/preflight [domain|flag]`
+> **Lifecycle**: Verify — after `/review`, before `/pr`
+
+> [!CAUTION]
+> Production readiness gate. All critical domains must pass before proceeding
+> to `/pr` → `/deploy`. A failing preflight blocks the shipping pipeline.
+
+> [!TIP]
+> This workflow leverages the **production-readiness**, **verification-loop**, and
+> **security-practices** skills. Read `.agent/skills/production-readiness/SKILL.md`
+> for domain specifications and scoring criteria.
+
+---
+
+## Critical Rules
+
+1. **Evidence-backed scoring** — every domain score must cite observable proof (file, command output, observation)
+2. **Never bypass blockers** — blocker rule violations override total score (see skill for precedence)
+3. **Human approval required** — Go/No-Go recommendation requires explicit user decision
+4. **Non-destructive** — all checks are read-only analysis; no files modified, no commands with side effects
+5. **Skill-mediated delegation** — domain checks reference existing skills, never duplicate their logic
+6. **Fail-safe defaults** — unverifiable checks score 0, not assumed pass
+
+---
+
+## Argument Parsing
+
+| Command | Action |
+| :--- | :--- |
+| `/preflight` | Full scan — all 10 domains (D1-D10), standard scorecard |
+| `/preflight [domain]` | Single domain focus (e.g., `/preflight security`, `/preflight tasks`) |
+| `/preflight --quick` | Quick scan — D4 (Code) + D5 (Security) + D6 (Config) + D9 (CI/CD) |
+| `/preflight --full` | Deep scan — all D1-D10 + market benchmark comparison |
+| `/preflight --rescan` | Re-scan — all D1-D10 with delta comparison against previous scorecard |
+
+### Domain Name Aliases
+
+| Domain | Aliases |
+| :--- | :--- |
+| D1: Task Completeness | `tasks`, `roadmap`, `scope` |
+| D2: User Journey Validation | `journeys`, `ux`, `flows` |
+| D3: Implementation Correctness | `implementation`, `correctness`, `tests` |
+| D4: Code Quality | `code`, `quality`, `lint` |
+| D5: Security & Privacy | `security`, `sec`, `privacy` |
+| D6: Configuration Readiness | `config`, `configuration`, `env` |
+| D7: Performance Baseline | `performance`, `perf`, `speed` |
+| D8: Documentation | `docs`, `documentation` |
+| D9: Infrastructure & CI/CD | `infra`, `ci`, `cicd`, `pipeline` |
+| D10: Observability & Monitoring | `observability`, `monitoring`, `logs` |
+
+---
+
+## Steps
+
+// turbo
+1. **Project Detection & Inventory**
+   - Detect project type (web, mobile, API, library, monorepo)
+   - Identify tech stack (language, framework, build tool)
+   - Locate key files: ROADMAP.md, package.json/pubspec.yaml, CI config, .env files
+   - Identify the target deployment platform
+   - Determine which domains are applicable (not all domains apply to every project type)
+   - Load the `production-readiness` skill for domain definitions
+
+// turbo
+2. **Domain Scanning**
+   - For each applicable domain (D1-D10):
+     - Load the primary skill referenced in the domain definition
+     - Execute each sub-check per the rubric in the `production-readiness` skill
+     - Record evidence for each sub-check (file path, command output, observation)
+     - Calculate domain score based on sub-check results
+     - Classify findings by severity:
+       - 🔴 **Critical**: Blocks production, must fix
+       - 🟠 **High**: Significant risk, should fix before ship
+       - 🟡 **Medium**: Improvement recommended, can ship with plan
+       - 🟢 **Low**: Minor suggestion, no blocking impact
+   - For `--quick` mode: execute only D4, D5, D6, D9
+   - For single domain: execute only the specified domain
+
+// turbo
+3. **Scoring & Classification**
+   - Calculate per-domain scores from sub-check results
+   - Apply Blocker Rule Precedence (see `production-readiness` skill):
+     1. Check: Any domain = 0? → 🔴 Not Ready
+     2. Check: D5 < 50%? → 🔴 Not Ready
+     3. Check: D4 < 50%? → 🟡 minimum
+   - Calculate total score (sum of all domain scores)
+   - Determine Go/No-Go status from thresholds:
+     - ≥ 85: 🟢 Production Ready
+     - 70-84: 🟡 Conditionally Ready
+     - < 70: 🔴 Not Ready
+   - For `--rescan`: generate delta comparison table
+   - For `--full`: add market benchmark comparison section
+
+4. **Go/No-Go Recommendation**
+   - Present the Production Readiness Scorecard to the user
+   - Highlight critical/high findings with remediation guidance
+   - Recommend next actions based on verdict
+   - **Wait for explicit user decision** — never auto-proceed
+
+---
+
+## Output Template
+
+```markdown
+# 🚀 Production Readiness Scorecard
+
+> Project: [project name] · Date: [date] · Mode: [default|quick|full|rescan]
+
+## Overall Verdict
+
+| Score | Status | Decision |
+| :--- | :--- | :--- |
+| [XX/100] | [🟢/🟡/🔴] [Status] | [Recommendation] |
+
+## Domain Scores
+
+| Domain | Score | Status | Key Finding |
+| :--- | :--- | :--- | :--- |
+| D1: Task Completeness | X/8 | [emoji] | [summary] |
+| D2: User Journeys | X/10 | [emoji] | [summary] |
+| D3: Implementation | X/10 | [emoji] | [summary] |
+| D4: Code Quality | X/15 | [emoji] | [summary] |
+| D5: Security & Privacy | X/18 | [emoji] | [summary] |
+| D6: Configuration | X/8 | [emoji] | [summary] |
+| D7: Performance | X/8 | [emoji] | [summary] |
+| D8: Documentation | X/5 | [emoji] | [summary] |
+| D9: Infrastructure | X/10 | [emoji] | [summary] |
+| D10: Observability | X/8 | [emoji] | [summary] |
+
+## Blocker Check
+
+| Rule | Condition | Result |
+| :--- | :--- | :--- |
+| Zero Domain | Any domain = 0 | [PASS/FAIL] |
+| Security Floor | D5 ≥ 50% | [PASS/FAIL] |
+| Quality Floor | D4 ≥ 50% | [PASS/FAIL] |
+
+## Findings
+
+### 🔴 Critical
+- [finding with evidence and remediation]
+
+### 🟠 High
+- [finding with evidence and remediation]
+
+### 🟡 Medium
+- [finding with evidence and remediation]
+
+## Recommended Next Actions
+
+1. [action based on verdict]
+2. [action based on top findings]
+
+---
+
+Verdict: [🟢/🟡/🔴] [score]/100 — [status text]
+Run `/preflight --rescan` after fixes to verify improvement.
+```
+
+---
+
+## Governance
+
+**PROHIBITED:**
+- Auto-deploying based on a passing score — human decision always required
+- Skipping blocker rule evaluation
+- Fabricating evidence for sub-check scores
+- Modifying project files during analysis
+- Proceeding to `/pr` without presenting the scorecard
+
+**REQUIRED:**
+- Evidence citation for every scored sub-check
+- Blocker rule evaluation before total score
+- Human approval for Go/No-Go decision
+- Skill reference for each domain scan
+- Finding classification by severity (🔴/🟠/🟡/🟢)
+
+---
+
+## Completion Criteria
+
+- [ ] Project type and tech stack detected
+- [ ] Applicable domains identified
+- [ ] All applicable domain sub-checks executed with evidence
+- [ ] Blocker rules evaluated
+- [ ] Per-domain scores calculated
+- [ ] Total score and Go/No-Go status determined
+- [ ] Findings classified by severity
+- [ ] Scorecard presented to user
+- [ ] User has made explicit Go/No-Go decision
+- [ ] After approval: proceed to `/pr` for PR creation
+
+---
+
+## Scope Filter
+
+| Commit Type | Preflight Required? | Rationale |
+| :--- | :--- | :--- |
+| `feat()` | ✅ Required | New features need readiness validation |
+| `fix()` | ⚠️ Optional | Critical fixes may need quick deploy path |
+| `refactor()` | ✅ Required | Structural changes need validation |
+| `perf()` | ✅ Required | Performance changes need baseline verification |
+| `docs()` | ❌ Skip | No production impact |
+| `chore()` | ❌ Skip | No production impact |
+| `test()` | ❌ Skip | No production impact |
+| Pre-launch | ✅ Required | Major releases always require preflight |
+
+---
+
+## Related Resources
+
+- **Previous**: `/review` (code quality gates must pass before preflight)
+- **Next**: `/pr` (create pull request after readiness verified)
+- **Skills**: `.agent/skills/production-readiness/SKILL.md` · `.agent/skills/verification-loop/SKILL.md` · `.agent/skills/security-practices/SKILL.md`
+- **Related**: `/deploy` (deployment after PR merged) · `/retrospective` (sprint-level audit)

package/.agent/workflows/review.md

@@ -9,7 +9,7 @@ commit-types: [fix, refactor]
 # /review — Code Review Quality Gate
 
 > **Trigger**: `/review` (full) · `/review lint` · `/review tests` · `/review security` · `/review build`
-> **Lifecycle**: After implementation, before `/retrospective`
+> **Lifecycle**: After implementation, before `/pr`
 
 > [!CAUTION]
 > Sequential gate pipeline — each step must pass before proceeding. Failed gates block merge. No overrides.
@@ -183,6 +183,6 @@ Re-run: `/review` or `/review {gate}`
 ## Related Resources
 
 - **Previous**: `/test` (tests must pass before review)
-- **Next**: `/deploy` (deployment after all gates pass)
+- **Next**: `/preflight` (production readiness assessment) · `/pr` (create pull request)
 - **Skill**: `.agent/skills/verification-loop/SKILL.md`
 - **Related**: `/quality-gate` (pre-task research) · `/retrospective` (sprint-level audit)

package/README.md

@@ -1,11 +1,11 @@
 # 🚀 Antigravity AI Kit
 
-![version](https://img.shields.io/badge/version-3.5.3-blue)
+![version](https://img.shields.io/badge/version-3.7.0-blue)
 ![license](https://img.shields.io/badge/license-MIT-green)
 ![AI Agents](https://img.shields.io/badge/AI%20Agents-19-purple)
-![Skills](https://img.shields.io/badge/Skills-32-orange)
+![Skills](https://img.shields.io/badge/Skills-33-orange)
 ![Commands](https://img.shields.io/badge/Commands-31-red)
-![Workflows](https://img.shields.io/badge/Workflows-14-teal)
+![Workflows](https://img.shields.io/badge/Workflows-16-teal)
 ![Runtime Modules](https://img.shields.io/badge/Runtime%20Modules-29-blueviolet)
 ![Tests](https://img.shields.io/badge/Tests-341%20passing-brightgreen)
 ![Checklists](https://img.shields.io/badge/Checklists-4-yellow)
@@ -15,7 +15,7 @@
 </p>
 
 <p align="center">
-  Antigravity AI Kit is a <b>Trust-Grade AI development framework</b> with a <b>29-module runtime engine</b>, <b>19 specialized agents</b>, <b>31 commands</b>, <b>32 skills</b>, and <b>14 workflows</b> — all backed by <b>341 tests</b> and governance-first principles.
+  Antigravity AI Kit is a <b>Trust-Grade AI development framework</b> with a <b>29-module runtime engine</b>, <b>19 specialized agents</b>, <b>31 commands</b>, <b>33 skills</b>, and <b>16 workflows</b> — all backed by <b>341 tests</b> and governance-first principles.
 </p>
 
 <p align="center">
@@ -40,7 +40,7 @@
 - [Commands](#%EF%B8%8F-commands-31)
 - [Skills](#%EF%B8%8F-skills-32)
 - [Runtime Engine](#%EF%B8%8F-runtime-engine-29-modules)
-- [Workflows](#-workflows-14)
+- [Workflows](#-workflows-15)
 - [Operating Constraints](#%EF%B8%8F-operating-constraints)
 - [Session Management](#-session-management)
 - [How to Extend](#-how-to-extend)
@@ -56,9 +56,9 @@
 | Feature           | Count | Description                                                            |
 | :---------------- | :---- | :--------------------------------------------------------------------- |
 | 🤖 **AI Agents**  | 19    | Specialized roles (Mobile, DevOps, Database, Security, Performance...) |
-| 🛠️ **Skills**     | 32    | Domain knowledge modules (API, Testing, MCP, Architecture, Docker...) |
+| 🛠️ **Skills**     | 33    | Domain knowledge modules (API, Testing, MCP, Architecture, Docker...) |
 | ⌨️ **Commands**   | 31    | Slash commands for every development workflow                          |
-| 🔄 **Workflows**  | 14    | Process templates (/create, /debug, /deploy, /test...)                 |
+| 🔄 **Workflows**  | 16    | Process templates (/create, /debug, /deploy, /pr, /test...)            |
 | ⚙️ **Runtime**    | 29    | Runtime engine modules (governance, reputation, self-healing...)       |
 | ✅ **Checklists** | 4     | Quality gates (session-start, session-end, pre-commit, task-complete)  |
 | ⚖️ **Rules**      | 8     | Modular governance constraints (coding, security, testing, git, docs, sprint)  |
@@ -149,7 +149,7 @@ Antigravity AI Kit is designed to **never touch your project files**. All operat
 ┌─────────────────────────────────────────────────────────────────────┐
 │                    USER INTERFACE LAYER                              │
 │  ┌─────────────────────────┐  ┌─────────────────────────┐          │
-│  │  Slash Commands (31)    │  │  Workflows (14)         │          │
+│  │  Slash Commands (31)    │  │  Workflows (15)         │          │
 │  └────────────┬────────────┘  └────────────┬────────────┘          │
 ├───────────────┼────────────────────────────┼────────────────────────┤
 │               ▼         INTELLIGENCE LAYER ▼                        │
@@ -320,12 +320,13 @@ EXPLORE → PLAN → IMPLEMENT → VERIFY → CHECKPOINT → REVIEW → DEPLOY
 
 ---
 
-## 🛠️ Skills (32)
+## 🛠️ Skills (33)
 
-### Operational Skills (5)
+### Operational Skills (6)
 
 | Skill                 | Purpose                   |
 | :-------------------- | :------------------------ |
+| `production-readiness`| Production readiness audits |
 | `verification-loop`   | Continuous quality gates  |
 | `continuous-learning` | Pattern extraction (PAAL) |
 | `strategic-compact`   | Context window management |
@@ -423,7 +424,7 @@ Antigravity AI Kit v3.2.0 includes a **full runtime engine** built across 4 phas
 
 ---
 
-## 🔄 Workflows (14)
+## 🔄 Workflows (16)
 
 | Workflow          | Description              | Command          |
 | :---------------- | :----------------------- | :--------------- |
@@ -434,6 +435,8 @@ Antigravity AI Kit v3.2.0 includes a **full runtime engine** built across 4 phas
 | **enhance**       | Improve existing code    | `/enhance`       |
 | **orchestrate**   | Multi-agent coordination | `/orchestrate`   |
 | **plan**          | Implementation planning  | `/plan`          |
+| **pr**            | Production-grade PR creation | `/pr`        |
+| **preflight**     | Production readiness assessment | `/preflight`    |
 | **preview**       | Preview changes          | `/preview`       |
 | **quality-gate**  | Pre-task validation      | `/quality-gate`  |
 | **retrospective** | Sprint audit & review    | `/retrospective` |
@@ -634,7 +637,7 @@ antigravity-ai-kit/
 │   ├── agents/               # 19 specialized agents
 │   ├── commands/             # 31 slash commands
 │   ├── skills/               # 32 capability modules
-│   ├── workflows/            # 14 process templates
+│   ├── workflows/            # 15 process templates
 │   ├── engine/               # Autonomy Engine (state machine, loading rules, configs)
 │   ├── hooks/                # 8 event hooks (runtime + git-hook)
 │   ├── rules/                # 8 modular governance rules

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "antigravity-ai-kit",
-  "version": "3.5.3",
-  "description": "🚀 Trust-Grade AI development framework with a 29-module runtime engine — 19 Agents, 32 Skills, 31 Commands, 14 Workflows, 8 Rules, 341 Tests. Workflow enforcement, task governance, agent reputation, self-healing, and skill marketplace.",
+  "version": "3.7.0",
+  "description": "🚀 Trust-Grade AI development framework with a 29-module runtime engine — 19 Agents, 33 Skills, 31 Commands, 16 Workflows, 8 Rules, 341 Tests. Workflow enforcement, task governance, agent reputation, self-healing, and skill marketplace.",
   "main": "bin/ag-kit.js",
   "bin": {
     "ag-kit": "./bin/ag-kit.js"