Ship Workflow
Complete deployment pipeline: pre-flight → security → deploy → verify → report.
Step 1: Pre-flight Checks
Run ALL checks in parallel:
npm run typecheck # Must pass
npm run build # Must pass
npm run test # Run if available
git status --short # Warn if uncommitted changes
| Result | Action |
|---|---|
| Build fails | Stop — fix errors first |
| Typecheck fails | Stop — fix types first |
| Tests fail | Stop — fix tests first |
| Uncommitted changes | Warn user, ask if they want to commit (use git directly, do NOT invoke the commit skill) |
| All pass | Continue to Step 2 |
Step 2: Security Scan
Run before every deploy (uses security skill):
- No hardcoded API keys, tokens, or secrets in code
-
.envfiles not committed (check.gitignore) - Supabase RLS enabled on all public tables
- Input validation on all user-facing forms
- No
dangerouslySetInnerHTMLwithout sanitization - Auth checks on protected routes
If critical issues found, fix before deploying.
Step 3: Auto-detect Deploy Target
Check in order:
vercel.jsonor.vercel/exists → Vercelnetlify.tomlexists → Netlifysupabase/functions/exists → Supabase Edge Functions (deploy alongside)- User specified "ship to X" → Use X
- None found → Default to Vercel
Do not ask which platform — detect or default.
Step 4: Deploy
Vercel
# Preview first (recommended)
npx vercel --yes
# If preview looks good, promote to production
npx vercel --prod --yes
Netlify
npx netlify deploy --prod
Supabase Edge Functions
# Single function
supabase functions deploy [function-name] --project-ref [ref]
# All functions
supabase functions deploy --project-ref [ref]
Environment Variables
Before deploying, verify env vars are set on the platform:
# Vercel
vercel env ls
# Netlify
netlify env:list
# Supabase
supabase secrets list --project-ref [ref]
Missing env vars = broken deploy. Check before shipping.
Step 5: Post-Deploy Verification (MANDATORY - never skip)
A successful deploy does NOT mean the app works. Verify after deploying.
Automated Checks (agent-browser)
agent-browser open [DEPLOY_URL]
agent-browser snapshot -i
Verification Checklist
| Check | How | Pass Criteria |
|---|---|---|
| Page loads | Open deploy URL | No 404, no blank screen |
| No console errors | agent-browser snapshot | Zero errors in console |
| Auth flow | Login → protected page → logout | All transitions work |
| Critical path | Complete main user action | End-to-end success |
| API calls | Check network tab | No 500s, no CORS errors |
| Mobile layout | Resize to 375px width | Sidebar hidden, grids stacked, no overflow |
What to Test by App Type
| App Type | Critical Paths |
|---|---|
| SaaS | Sign up → onboard → core action → billing |
| E-commerce | Browse → add to cart → checkout |
| Content | Load → search → read → interact |
| API | Health endpoint → auth → CRUD operations |
If Verification Fails
- Console errors → Check browser console, fix and redeploy
- API failures → Check env vars on platform, check CORS settings
- Auth broken → Check OAuth redirect URLs match deploy URL
- Blank page → Check build output, check base path config
Step 6: Rollback (if needed)
# Vercel - instant rollback to previous
vercel rollback
# Netlify
netlify rollback
# Supabase Edge Functions - redeploy previous version
git log --oneline supabase/functions/
git checkout [prev-commit] -- supabase/functions/
supabase functions deploy --project-ref [ref]
Step 7: Report
Update prd.json and report to user:
Shipped to: [URL]
Platform: Vercel/Netlify
Build: passed
Security: passed
Verification: [pass/fail]
- Page loads: ✓
- Console errors: none
- Auth flow: ✓
- Critical path: ✓
If any verification failed, list specific failures and next steps.
Integration
| Skill | Role in Ship |
|---|---|
review | Code quality check (auto-loaded via requires) |
security | Vulnerability scan (auto-loaded via requires) |
test | Run tests before deploy (auto-loaded via requires) |
deploy | Deploy patterns and CI/CD pipeline reference |