antigravity-ai-kit 3.6.0 → 3.7.0

package/.agent/CheatSheet.md

@@ -1,6 +1,6 @@
 # Antigravity AI Kit — CheatSheet
 
-> **Version**: v3.6.0 | **Quick Reference** for all capabilities
+> **Version**: v3.7.0 | **Quick Reference** for all capabilities
 > **Session**: Start with `/status`, end with session-end checklist
 
 ---

package/.agent/checklists/pre-commit.md

@@ -1,6 +1,6 @@
 # Pre-Commit Checklist
 
-> **Framework**: Antigravity AI Kit v3.6.0  
+> **Framework**: Antigravity AI Kit v3.7.0  
 > **Purpose**: Quality gate before committing code  
 > **Principle**: Prevention over correction
 

package/.agent/checklists/session-end.md

@@ -1,6 +1,6 @@
 # Session End Checklist
 
-> **Framework**: Antigravity AI Kit v3.6.0  
+> **Framework**: Antigravity AI Kit v3.7.0  
 > **Purpose**: Complete this checklist before ending any work session  
 > **Principle**: Context preservation for continuity
 

package/.agent/checklists/session-start.md

@@ -1,6 +1,6 @@
 # Session Start Checklist
 
-> **Framework**: Antigravity AI Kit v3.6.0  
+> **Framework**: Antigravity AI Kit v3.7.0  
 > **Purpose**: Complete this checklist at the beginning of every work session  
 > **Principle**: Full context before new work
 

package/.agent/checklists/task-complete.md

@@ -1,6 +1,6 @@
 # Task-Complete Checkpoint
 
-> **Framework**: Antigravity AI Kit v3.6.0
+> **Framework**: Antigravity AI Kit v3.7.0
 > **Purpose**: Decision gate after task completion — present options before commit/push
 > **Principle**: Human-in-the-loop governance
 

package/.agent/commands/help.md

@@ -24,7 +24,7 @@ Your complete guide to the Antigravity AI Kit. Type `/help` for a quick overview
 
 ## Quick Overview
 
-**Antigravity AI Kit v3.6.0** — Trust-Grade AI Development Framework
+**Antigravity AI Kit v3.7.0** — Trust-Grade AI Development Framework
 
 | Category | Count | Description |
 |:---------|:------|:------------|

package/.agent/manifest.json

@@ -1,6 +1,6 @@
 {
   "schemaVersion": "1.0.0",
-  "kitVersion": "3.6.0",
+  "kitVersion": "3.7.0",
   "lastAuditedAt": null,
   "description": "Antigravity AI Kit — Trust-Grade AI Development Framework",
   "repository": "https://github.com/besync-labs/antigravity-ai-kit",
@@ -110,7 +110,7 @@
       "directory": "commands/"
     },
     "skills": {
-      "count": 32,
+      "count": 33,
       "items": [
         {
           "name": "api-patterns",
@@ -208,6 +208,10 @@
           "name": "plan-writing",
           "directory": "skills/plan-writing/"
         },
+        {
+          "name": "production-readiness",
+          "directory": "skills/production-readiness/"
+        },
         {
           "name": "security-practices",
           "directory": "skills/security-practices/"
@@ -243,7 +247,7 @@
       ]
     },
     "workflows": {
-      "count": 15,
+      "count": 16,
       "items": [
         {
           "name": "brainstorm",
@@ -277,6 +281,10 @@
           "name": "pr",
           "file": "workflows/pr.md"
         },
+        {
+          "name": "preflight",
+          "file": "workflows/preflight.md"
+        },
         {
           "name": "preview",
           "file": "workflows/preview.md"

package/.agent/session-context.md

@@ -32,7 +32,7 @@
 
 **Branch**: —  
 **Repository**: —  
-**Framework**: Antigravity AI Kit v3.6.0
+**Framework**: Antigravity AI Kit v3.7.0
 
 ### Key File Locations
 

package/.agent/skills/README.md

@@ -1,7 +1,7 @@
 # Antigravity AI Kit — Skills
 
 > **Purpose**: Workflow definitions and domain knowledge extensions
-> **Count**: 31 Skills (5 Operational + 4 Orchestration + 13 Domain + 9 Development)
+> **Count**: 32 Skills (6 Operational + 4 Orchestration + 13 Domain + 9 Development)
 
 ---
 
@@ -25,7 +25,7 @@ Skills are automatically loaded based on task context. Agents invoke relevant sk
 
 ---
 
-## Operational Skills (5)
+## Operational Skills (6)
 
 | Skill                                               | Purpose                   |
 | :-------------------------------------------------- | :------------------------ |
@@ -34,6 +34,7 @@ Skills are automatically loaded based on task context. Agents invoke relevant sk
 | [strategic-compact](strategic-compact/SKILL.md)     | Context window management |
 | [eval-harness](eval-harness/SKILL.md)               | Performance evaluation    |
 | [context-budget](context-budget/SKILL.md)           | LLM token budget mgmt    |
+| [production-readiness](production-readiness/SKILL.md) | Production readiness audits |
 
 ---
 

package/.agent/skills/production-readiness/SKILL.md

@@ -0,0 +1,272 @@
+---
+name: production-readiness
+description: Production readiness audit domains, weighted scoring criteria, and check specifications for the /preflight workflow.
+version: 1.0.0
+triggers: [pre-deploy, pre-launch, milestone, production-readiness]
+allowed-tools: Read, Grep
+---
+
+# Production Readiness
+
+> **Purpose**: Assess project readiness for production deployment across 10 audit domains
+> **Invoked by**: `/preflight` workflow
+> **Reusable by**: `/retrospective`, `/deploy`
+
+---
+
+## Overview
+
+This skill defines the audit domains, sub-check rubrics, and scoring model used by the `/preflight` workflow to generate a Production Readiness Scorecard. Each domain has weighted scoring with evidence-based pass criteria.
+
+---
+
+## Principles
+
+1. **Evidence over assertion** — every score must be backed by observable proof
+2. **Non-destructive** — all checks are read-only analysis
+3. **Fail-safe defaults** — unverifiable checks score 0 (not assumed pass)
+4. **Domain independence** — each domain is scored independently
+5. **Blocker precedence** — blocker rules override total score
+
+---
+
+## Domain Definitions
+
+### D1: Task Completeness (8 points)
+
+> Verify all planned work is complete, scope is aligned, and no undocumented features exist.
+
+**Primary Skill**: `plan-writing` · **Check Method**: Read ROADMAP.md, task files
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| ROADMAP.md or task tracker exists and is current | 2 | File exists, contains structured task list |
+| All MVP/milestone tasks marked complete | 3 | No `[ ]` items remain in milestone scope |
+| No undocumented features | 2 | Every implemented feature has a task entry |
+| Scope drift detection | 1 | No features implemented outside planned scope |
+
+---
+
+### D2: User Journey Validation (10 points)
+
+> Verify critical user flows work end-to-end and fail-safe behavior is defined.
+
+**Primary Skill**: `webapp-testing` · **Secondary Skill**: `testing-patterns` · **Check Method**: Walk critical flows, check error handling
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| Critical user flows identified | 2 | At least 3 key flows documented or testable |
+| Happy path verified | 3 | Core flows produce expected outcomes |
+| Error/edge case handling | 3 | Graceful degradation on failure paths |
+| Accessibility baseline | 2 | Basic keyboard navigation, ARIA labels on critical elements |
+
+---
+
+### D3: Implementation Correctness (10 points)
+
+> Verify features function as specified, no dead code, and test suite passes.
+
+**Primary Skill**: `verification-loop` · **Secondary Skill**: `testing-patterns` · **Check Method**: Run test suite, static analysis
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| Test suite passes | 4 | Zero test failures |
+| Test coverage adequate | 2 | Coverage ≥ project target (or ≥60% default) |
+| No dead code or unused exports | 2 | Static analysis clean |
+| Feature correctness audit | 2 | Implemented features match specifications |
+
+---
+
+### D4: Code Quality (15 points)
+
+> Verify code meets quality gates. Delegates to the `/review` workflow.
+
+**Primary Skill**: `verification-loop` · **Secondary Skill**: `clean-code` · **Check Method**: Delegate to `/review`
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| Lint passes | 3 | Zero lint errors |
+| Type check passes | 3 | Zero type errors in strict mode |
+| Build succeeds | 3 | Production build completes without errors |
+| Code style compliance | 3 | Follows project conventions (naming, structure) |
+| Dependency health | 3 | No critical/high vulnerabilities in dependencies |
+
+---
+
+### D5: Security & Privacy (18 points)
+
+> Non-negotiable security assessment. Highest weight domain.
+
+**Primary Skill**: `security-practices` · **Check Method**: OWASP check, secrets scan, dependency audit
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| No hardcoded secrets | 4 | Grep for API keys, passwords, tokens — zero matches |
+| Dependencies vulnerability scan | 3 | No critical/high CVEs in production deps |
+| Authentication/authorization audit | 3 | Auth flows follow security-practices skill standards |
+| Input validation on all endpoints | 3 | No unvalidated user input reaches business logic |
+| HTTPS/security headers configured | 3 | CSP, HSTS, X-Frame-Options present in production config |
+| Privacy compliance check | 2 | PII handling documented, consent mechanisms present |
+
+---
+
+### D6: Configuration Readiness (8 points)
+
+> Verify environment configuration is production-ready.
+
+**Primary Skill**: `deployment-procedures` · **Secondary Skill**: `shell-conventions` · **Check Method**: Env var audit, config validation
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| All required env vars documented | 2 | `.env.example` or equivalent exists with all vars |
+| No dev-only values in production config | 2 | No `localhost`, `debug=true`, dev API keys |
+| Secrets management strategy defined | 2 | Secrets via env vars or vault, not committed |
+| Environment-specific configs separated | 2 | Dev/staging/prod configs isolated |
+
+---
+
+### D7: Performance Baseline (8 points)
+
+> Verify performance meets baseline thresholds.
+
+**Primary Skill**: `performance-profiling` · **Check Method**: Bundle analysis, response time check
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| Bundle size within budget | 2 | Initial JS < 200KB gzipped (web) or reasonable for platform |
+| No obvious performance anti-patterns | 2 | No N+1 queries, unbounded loops, memory leaks |
+| Core Web Vitals baseline (web) | 2 | LCP < 2.5s, CLS < 0.1 (if applicable) |
+| API response times acceptable | 2 | p95 < 500ms for critical endpoints |
+
+---
+
+### D8: Documentation (5 points)
+
+> Verify operational documentation is adequate.
+
+**Primary Skill**: `plan-writing` · **Check Method**: File existence and content check
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| README with setup instructions | 2 | README exists, includes install + run commands |
+| API documentation (if applicable) | 1 | Endpoints documented or N/A justified |
+| Runbook or incident procedures | 1 | Basic operational guide exists or N/A justified |
+| CHANGELOG current | 1 | Recent changes documented |
+
+---
+
+### D9: Infrastructure & CI/CD (10 points)
+
+> Verify deployment pipeline and infrastructure readiness.
+
+**Primary Skill**: `deployment-procedures` · **Secondary Skill**: `docker-patterns` · **Check Method**: CI config analysis, deployment strategy
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| CI pipeline passes | 3 | All CI checks green on target branch |
+| Deployment strategy defined | 2 | Deploy method documented (manual, CD, container) |
+| Rollback capability exists | 3 | Rollback procedure tested or documented |
+| Health check endpoint (if applicable) | 2 | `/health` or equivalent returns service status |
+
+---
+
+### D10: Observability & Monitoring (8 points)
+
+> Verify incident visibility and error tracking readiness.
+
+**Primary Skill**: `deployment-procedures` · **Check Method**: Config analysis, logging audit
+
+| Sub-Check | Points | Pass Criteria |
+| :--- | :--- | :--- |
+| Error tracking configured | 3 | Error monitoring service connected (Sentry, etc.) or plan documented |
+| Structured logging in place | 2 | Application logs are structured (JSON) with severity levels |
+| Alerting configured for critical paths | 2 | At least downtime/error-rate alerts defined |
+| No PII in logs | 1 | Grep logs config for email/password/token patterns |
+
+---
+
+## Scoring Model
+
+### Domain Weights
+
+| Domain | Weight | Max Score |
+| :--- | :--- | :--- |
+| D1: Task Completeness | 8% | 8 |
+| D2: User Journey Validation | 10% | 10 |
+| D3: Implementation Correctness | 10% | 10 |
+| D4: Code Quality | 15% | 15 |
+| D5: Security & Privacy | 18% | 18 |
+| D6: Configuration Readiness | 8% | 8 |
+| D7: Performance Baseline | 8% | 8 |
+| D8: Documentation | 5% | 5 |
+| D9: Infrastructure & CI/CD | 10% | 10 |
+| D10: Observability & Monitoring | 8% | 8 |
+| **Total** | **100%** | **100** |
+
+---
+
+### Go/No-Go Thresholds
+
+| Score | Status | Action |
+| :--- | :--- | :--- |
+| ≥ 85/100 | 🟢 **Production Ready** | Proceed to `/pr` → `/deploy` |
+| 70-84 | 🟡 **Conditionally Ready** | Fix medium issues, re-run with `--rescan` |
+| < 70 | 🔴 **Not Ready** | Fix critical/high issues, re-run with `--rescan` |
+
+---
+
+### Blocker Rule Precedence
+
+Blocker rules **override** the total score. Even if the total score is above threshold, a blocker rule violation forces a lower verdict.
+
+**Evaluation order**: Blockers are checked BEFORE the total score is evaluated.
+
+| Rule | Condition | Override Verdict | Rationale |
+| :--- | :--- | :--- | :--- |
+| **Zero Domain** | Any domain scores 0/max | 🔴 Not Ready | A completely unchecked domain is a blind spot |
+| **Security Floor** | D5 < 50% (< 9/18) | 🔴 Not Ready | Security is non-negotiable for production |
+| **Quality Floor** | D4 < 50% (< 8/15) | 🟡 minimum | Code quality below threshold needs attention |
+
+**Precedence**: Zero Domain > Security Floor > Quality Floor > Total Score
+
+---
+
+### Evidence Requirements
+
+Every sub-check score must be supported by one of:
+
+- **File evidence**: path to file or config that proves compliance
+- **Command output**: result of a verification command (lint, test, scan)
+- **Observation**: documented observation with specific detail
+- **N/A justification**: one-line reason why the check doesn't apply
+
+Unsupported scores default to 0.
+
+---
+
+## Delta Comparison (`--rescan`)
+
+When invoked with `--rescan`, compare against the most recent previous scorecard:
+
+1. Load previous scorecard from conversation artifacts
+2. Run full D1-D10 scan with current state
+3. Generate delta table:
+
+```markdown
+| Domain | Previous | Current | Delta |
+| :--- | :--- | :--- | :--- |
+| D1: Tasks | 5/8 | 8/8 | +3 ✅ |
+| D5: Security | 6/18 | 14/18 | +8 ✅ |
+```
+
+4. Highlight regressions (negative delta) with `[!WARNING]`
+5. Summary: total improvement, remaining gaps, updated verdict
+
+---
+
+## Integration
+
+- **Primary consumer**: `/preflight` workflow (Verify phase)
+- **Reusable by**: `/retrospective` (sprint audit can reference domain definitions)
+- **Reusable by**: `/deploy` (deployment pre-flight can reference D5, D6, D9 checks)
+- **References**: 8 existing skills via the delegation map in domain definitions

package/.agent/workflows/README.md

@@ -1,7 +1,7 @@
 # Antigravity AI Kit — Workflows
 
 > **Purpose**: Process templates for common development tasks
-> **Count**: 15 Workflows
+> **Count**: 16 Workflows
 > **Standard**: Enterprise Workflow Standard (EWS) v1.0
 
 ---
@@ -27,6 +27,7 @@ Invoke them using slash commands (e.g., `/brainstorm authentication system`).
 | **ui-ux-pro-max** | `/ui-ux-pro-max` | Build | Premium UI/UX design and implementation |
 | **test** | `/test` | Verify | Systematic test writing and execution |
 | **review** | `/review` | Verify | Sequential quality gate pipeline |
+| **preflight** | `/preflight` | Verify | Production readiness assessment with 10-domain scoring |
 | **pr** | `/pr` | Ship | Production-grade PR creation with pre-flight checks |
 | **deploy** | `/deploy` | Ship | Production deployment with pre-flight checks |
 | **debug** | `/debug` | Reactive | Systematic problem investigation |
@@ -44,7 +45,7 @@ Discover ──► Plan ──► Build ──► Verify ──► Ship ──
    ▼           ▼        ▼         ▼         ▼          ▼
 /brainstorm  /plan   /create   /test     /pr        /retrospective
 /quality-gate        /enhance  /review   /deploy
-                     /preview
+                     /preview  /preflight
                      /ui-ux-pro-max
 
     Reactive (any phase)          Cross-cutting (any phase)

package/.agent/workflows/deploy.md

@@ -190,6 +190,7 @@ Run `/deploy rollback` to restore [previous version].
 ## Related Resources
 
 - **Previous**: `/pr` (PR must be created and merged before deployment)
+- **Pre-requisite**: `/preflight` (production readiness must be verified before deployment)
 - **Next**: `/status` (post-deploy monitoring)
 - **Skill**: `.agent/skills/deployment-procedures/SKILL.md`
 - **Global Rule**: Production Merge Discipline (see global rules)

package/.agent/workflows/pr.md

@@ -9,7 +9,7 @@ commit-types: [feat, fix, refactor, perf, chore, docs, test]
 # /pr — Production-Grade Pull Request Workflow
 
 > **Trigger**: `/pr [target]` (default: `main`) · `/pr --draft [target]`
-> **Lifecycle**: Ship — after `/review` gate passes, before `/deploy`
+> **Lifecycle**: Ship — after `/preflight` readiness passes, before `/deploy`
 
 > [!CAUTION]
 > PR creation pushes code to remote and triggers CI pipelines. Always run local pre-flight checks via `/review` before pushing. Never create PRs with unresolved conflicts or failing tests. Every CI run consumes pipeline credits.
@@ -283,7 +283,7 @@ git commit -m "merge: resolve conflicts with <target>"
 
 ## Related Resources
 
-- **Previous**: `/review` (quality gates must pass before PR)
+- **Previous**: `/preflight` (production readiness verified) · `/review` (code quality gates)
 - **Next**: `/deploy` (deployment after PR is merged)
 - **Skills**: `.agent/skills/git-workflow/SKILL.md` · `.agent/skills/verification-loop/SKILL.md`
 - **Global Rule**: Production Merge Discipline (see global rules)

package/.agent/workflows/preflight.md

@@ -0,0 +1,225 @@
+---
+description: Production readiness assessment with weighted scoring across 10 audit domains.
+version: 1.0.0
+sdlc-phase: verify
+skills: [production-readiness, verification-loop, security-practices]
+commit-types: [feat, fix, refactor, perf]
+---
+
+# /preflight — Production Readiness Assessment
+
+> **Trigger**: `/preflight [domain|flag]`
+> **Lifecycle**: Verify — after `/review`, before `/pr`
+
+> [!CAUTION]
+> Production readiness gate. All critical domains must pass before proceeding
+> to `/pr` → `/deploy`. A failing preflight blocks the shipping pipeline.
+
+> [!TIP]
+> This workflow leverages the **production-readiness**, **verification-loop**, and
+> **security-practices** skills. Read `.agent/skills/production-readiness/SKILL.md`
+> for domain specifications and scoring criteria.
+
+---
+
+## Critical Rules
+
+1. **Evidence-backed scoring** — every domain score must cite observable proof (file, command output, observation)
+2. **Never bypass blockers** — blocker rule violations override total score (see skill for precedence)
+3. **Human approval required** — Go/No-Go recommendation requires explicit user decision
+4. **Non-destructive** — all checks are read-only analysis; no files modified, no commands with side effects
+5. **Skill-mediated delegation** — domain checks reference existing skills, never duplicate their logic
+6. **Fail-safe defaults** — unverifiable checks score 0, not assumed pass
+
+---
+
+## Argument Parsing
+
+| Command | Action |
+| :--- | :--- |
+| `/preflight` | Full scan — all 10 domains (D1-D10), standard scorecard |
+| `/preflight [domain]` | Single domain focus (e.g., `/preflight security`, `/preflight tasks`) |
+| `/preflight --quick` | Quick scan — D4 (Code) + D5 (Security) + D6 (Config) + D9 (CI/CD) |
+| `/preflight --full` | Deep scan — all D1-D10 + market benchmark comparison |
+| `/preflight --rescan` | Re-scan — all D1-D10 with delta comparison against previous scorecard |
+
+### Domain Name Aliases
+
+| Domain | Aliases |
+| :--- | :--- |
+| D1: Task Completeness | `tasks`, `roadmap`, `scope` |
+| D2: User Journey Validation | `journeys`, `ux`, `flows` |
+| D3: Implementation Correctness | `implementation`, `correctness`, `tests` |
+| D4: Code Quality | `code`, `quality`, `lint` |
+| D5: Security & Privacy | `security`, `sec`, `privacy` |
+| D6: Configuration Readiness | `config`, `configuration`, `env` |
+| D7: Performance Baseline | `performance`, `perf`, `speed` |
+| D8: Documentation | `docs`, `documentation` |
+| D9: Infrastructure & CI/CD | `infra`, `ci`, `cicd`, `pipeline` |
+| D10: Observability & Monitoring | `observability`, `monitoring`, `logs` |
+
+---
+
+## Steps
+
+// turbo
+1. **Project Detection & Inventory**
+   - Detect project type (web, mobile, API, library, monorepo)
+   - Identify tech stack (language, framework, build tool)
+   - Locate key files: ROADMAP.md, package.json/pubspec.yaml, CI config, .env files
+   - Identify the target deployment platform
+   - Determine which domains are applicable (not all domains apply to every project type)
+   - Load the `production-readiness` skill for domain definitions
+
+// turbo
+2. **Domain Scanning**
+   - For each applicable domain (D1-D10):
+     - Load the primary skill referenced in the domain definition
+     - Execute each sub-check per the rubric in the `production-readiness` skill
+     - Record evidence for each sub-check (file path, command output, observation)
+     - Calculate domain score based on sub-check results
+     - Classify findings by severity:
+       - 🔴 **Critical**: Blocks production, must fix
+       - 🟠 **High**: Significant risk, should fix before ship
+       - 🟡 **Medium**: Improvement recommended, can ship with plan
+       - 🟢 **Low**: Minor suggestion, no blocking impact
+   - For `--quick` mode: execute only D4, D5, D6, D9
+   - For single domain: execute only the specified domain
+
+// turbo
+3. **Scoring & Classification**
+   - Calculate per-domain scores from sub-check results
+   - Apply Blocker Rule Precedence (see `production-readiness` skill):
+     1. Check: Any domain = 0? → 🔴 Not Ready
+     2. Check: D5 < 50%? → 🔴 Not Ready
+     3. Check: D4 < 50%? → 🟡 minimum
+   - Calculate total score (sum of all domain scores)
+   - Determine Go/No-Go status from thresholds:
+     - ≥ 85: 🟢 Production Ready
+     - 70-84: 🟡 Conditionally Ready
+     - < 70: 🔴 Not Ready
+   - For `--rescan`: generate delta comparison table
+   - For `--full`: add market benchmark comparison section
+
+4. **Go/No-Go Recommendation**
+   - Present the Production Readiness Scorecard to the user
+   - Highlight critical/high findings with remediation guidance
+   - Recommend next actions based on verdict
+   - **Wait for explicit user decision** — never auto-proceed
+
+---
+
+## Output Template
+
+```markdown
+# 🚀 Production Readiness Scorecard
+
+> Project: [project name] · Date: [date] · Mode: [default|quick|full|rescan]
+
+## Overall Verdict
+
+| Score | Status | Decision |
+| :--- | :--- | :--- |
+| [XX/100] | [🟢/🟡/🔴] [Status] | [Recommendation] |
+
+## Domain Scores
+
+| Domain | Score | Status | Key Finding |
+| :--- | :--- | :--- | :--- |
+| D1: Task Completeness | X/8 | [emoji] | [summary] |
+| D2: User Journeys | X/10 | [emoji] | [summary] |
+| D3: Implementation | X/10 | [emoji] | [summary] |
+| D4: Code Quality | X/15 | [emoji] | [summary] |
+| D5: Security & Privacy | X/18 | [emoji] | [summary] |
+| D6: Configuration | X/8 | [emoji] | [summary] |
+| D7: Performance | X/8 | [emoji] | [summary] |
+| D8: Documentation | X/5 | [emoji] | [summary] |
+| D9: Infrastructure | X/10 | [emoji] | [summary] |
+| D10: Observability | X/8 | [emoji] | [summary] |
+
+## Blocker Check
+
+| Rule | Condition | Result |
+| :--- | :--- | :--- |
+| Zero Domain | Any domain = 0 | [PASS/FAIL] |
+| Security Floor | D5 ≥ 50% | [PASS/FAIL] |
+| Quality Floor | D4 ≥ 50% | [PASS/FAIL] |
+
+## Findings
+
+### 🔴 Critical
+- [finding with evidence and remediation]
+
+### 🟠 High
+- [finding with evidence and remediation]
+
+### 🟡 Medium
+- [finding with evidence and remediation]
+
+## Recommended Next Actions
+
+1. [action based on verdict]
+2. [action based on top findings]
+
+---
+
+Verdict: [🟢/🟡/🔴] [score]/100 — [status text]
+Run `/preflight --rescan` after fixes to verify improvement.
+```
+
+---
+
+## Governance
+
+**PROHIBITED:**
+- Auto-deploying based on a passing score — human decision always required
+- Skipping blocker rule evaluation
+- Fabricating evidence for sub-check scores
+- Modifying project files during analysis
+- Proceeding to `/pr` without presenting the scorecard
+
+**REQUIRED:**
+- Evidence citation for every scored sub-check
+- Blocker rule evaluation before total score
+- Human approval for Go/No-Go decision
+- Skill reference for each domain scan
+- Finding classification by severity (🔴/🟠/🟡/🟢)
+
+---
+
+## Completion Criteria
+
+- [ ] Project type and tech stack detected
+- [ ] Applicable domains identified
+- [ ] All applicable domain sub-checks executed with evidence
+- [ ] Blocker rules evaluated
+- [ ] Per-domain scores calculated
+- [ ] Total score and Go/No-Go status determined
+- [ ] Findings classified by severity
+- [ ] Scorecard presented to user
+- [ ] User has made explicit Go/No-Go decision
+- [ ] After approval: proceed to `/pr` for PR creation
+
+---
+
+## Scope Filter
+
+| Commit Type | Preflight Required? | Rationale |
+| :--- | :--- | :--- |
+| `feat()` | ✅ Required | New features need readiness validation |
+| `fix()` | ⚠️ Optional | Critical fixes may need quick deploy path |
+| `refactor()` | ✅ Required | Structural changes need validation |
+| `perf()` | ✅ Required | Performance changes need baseline verification |
+| `docs()` | ❌ Skip | No production impact |
+| `chore()` | ❌ Skip | No production impact |
+| `test()` | ❌ Skip | No production impact |
+| Pre-launch | ✅ Required | Major releases always require preflight |
+
+---
+
+## Related Resources
+
+- **Previous**: `/review` (code quality gates must pass before preflight)
+- **Next**: `/pr` (create pull request after readiness verified)
+- **Skills**: `.agent/skills/production-readiness/SKILL.md` · `.agent/skills/verification-loop/SKILL.md` · `.agent/skills/security-practices/SKILL.md`
+- **Related**: `/deploy` (deployment after PR merged) · `/retrospective` (sprint-level audit)

package/.agent/workflows/review.md

@@ -183,6 +183,6 @@ Re-run: `/review` or `/review {gate}`
 ## Related Resources
 
 - **Previous**: `/test` (tests must pass before review)
-- **Next**: `/pr` (create pull request after all gates pass)
+- **Next**: `/preflight` (production readiness assessment) · `/pr` (create pull request)
 - **Skill**: `.agent/skills/verification-loop/SKILL.md`
 - **Related**: `/quality-gate` (pre-task research) · `/retrospective` (sprint-level audit)

package/README.md

@@ -1,11 +1,11 @@
 # 🚀 Antigravity AI Kit
 
-![version](https://img.shields.io/badge/version-3.6.0-blue)
+![version](https://img.shields.io/badge/version-3.7.0-blue)
 ![license](https://img.shields.io/badge/license-MIT-green)
 ![AI Agents](https://img.shields.io/badge/AI%20Agents-19-purple)
-![Skills](https://img.shields.io/badge/Skills-32-orange)
+![Skills](https://img.shields.io/badge/Skills-33-orange)
 ![Commands](https://img.shields.io/badge/Commands-31-red)
-![Workflows](https://img.shields.io/badge/Workflows-15-teal)
+![Workflows](https://img.shields.io/badge/Workflows-16-teal)
 ![Runtime Modules](https://img.shields.io/badge/Runtime%20Modules-29-blueviolet)
 ![Tests](https://img.shields.io/badge/Tests-341%20passing-brightgreen)
 ![Checklists](https://img.shields.io/badge/Checklists-4-yellow)
@@ -15,7 +15,7 @@
 </p>
 
 <p align="center">
-  Antigravity AI Kit is a <b>Trust-Grade AI development framework</b> with a <b>29-module runtime engine</b>, <b>19 specialized agents</b>, <b>31 commands</b>, <b>32 skills</b>, and <b>15 workflows</b> — all backed by <b>341 tests</b> and governance-first principles.
+  Antigravity AI Kit is a <b>Trust-Grade AI development framework</b> with a <b>29-module runtime engine</b>, <b>19 specialized agents</b>, <b>31 commands</b>, <b>33 skills</b>, and <b>16 workflows</b> — all backed by <b>341 tests</b> and governance-first principles.
 </p>
 
 <p align="center">
@@ -56,9 +56,9 @@
 | Feature           | Count | Description                                                            |
 | :---------------- | :---- | :--------------------------------------------------------------------- |
 | 🤖 **AI Agents**  | 19    | Specialized roles (Mobile, DevOps, Database, Security, Performance...) |
-| 🛠️ **Skills**     | 32    | Domain knowledge modules (API, Testing, MCP, Architecture, Docker...) |
+| 🛠️ **Skills**     | 33    | Domain knowledge modules (API, Testing, MCP, Architecture, Docker...) |
 | ⌨️ **Commands**   | 31    | Slash commands for every development workflow                          |
-| 🔄 **Workflows**  | 15    | Process templates (/create, /debug, /deploy, /pr, /test...)            |
+| 🔄 **Workflows**  | 16    | Process templates (/create, /debug, /deploy, /pr, /test...)            |
 | ⚙️ **Runtime**    | 29    | Runtime engine modules (governance, reputation, self-healing...)       |
 | ✅ **Checklists** | 4     | Quality gates (session-start, session-end, pre-commit, task-complete)  |
 | ⚖️ **Rules**      | 8     | Modular governance constraints (coding, security, testing, git, docs, sprint)  |
@@ -320,12 +320,13 @@ EXPLORE → PLAN → IMPLEMENT → VERIFY → CHECKPOINT → REVIEW → DEPLOY
 
 ---
 
-## 🛠️ Skills (32)
+## 🛠️ Skills (33)
 
-### Operational Skills (5)
+### Operational Skills (6)
 
 | Skill                 | Purpose                   |
 | :-------------------- | :------------------------ |
+| `production-readiness`| Production readiness audits |
 | `verification-loop`   | Continuous quality gates  |
 | `continuous-learning` | Pattern extraction (PAAL) |
 | `strategic-compact`   | Context window management |
@@ -423,7 +424,7 @@ Antigravity AI Kit v3.2.0 includes a **full runtime engine** built across 4 phas
 
 ---
 
-## 🔄 Workflows (15)
+## 🔄 Workflows (16)
 
 | Workflow          | Description              | Command          |
 | :---------------- | :----------------------- | :--------------- |
@@ -435,6 +436,7 @@ Antigravity AI Kit v3.2.0 includes a **full runtime engine** built across 4 phas
 | **orchestrate**   | Multi-agent coordination | `/orchestrate`   |
 | **plan**          | Implementation planning  | `/plan`          |
 | **pr**            | Production-grade PR creation | `/pr`        |
+| **preflight**     | Production readiness assessment | `/preflight`    |
 | **preview**       | Preview changes          | `/preview`       |
 | **quality-gate**  | Pre-task validation      | `/quality-gate`  |
 | **retrospective** | Sprint audit & review    | `/retrospective` |

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "antigravity-ai-kit",
-  "version": "3.6.0",
-  "description": "🚀 Trust-Grade AI development framework with a 29-module runtime engine — 19 Agents, 32 Skills, 31 Commands, 15 Workflows, 8 Rules, 341 Tests. Workflow enforcement, task governance, agent reputation, self-healing, and skill marketplace.",
+  "version": "3.7.0",
+  "description": "🚀 Trust-Grade AI development framework with a 29-module runtime engine — 19 Agents, 33 Skills, 31 Commands, 16 Workflows, 8 Rules, 341 Tests. Workflow enforcement, task governance, agent reputation, self-healing, and skill marketplace.",
   "main": "bin/ag-kit.js",
   "bin": {
     "ag-kit": "./bin/ag-kit.js"