Point it at a Laravel project before deploy and it catches the "works locally, breaks in production" bugs — anchored to your real .env, config, route:list, and git. It never edits your project.
Local development hides a whole class of bugs. Code runs fine on your machine — no caches, APP_DEBUG=true, one server — then breaks or leaks the moment it hits production and the deploy runs php artisan config:cache / route:cache. This skill audits that gap before you ship.
env() outside config/ — returns null after config:cache, silently. No other tool audits this.php artisan route:cache at deploy..env values — APP_DEBUG=true, empty APP_KEY, QUEUE=sync, APP_URL=localhost, and more..env tracked in git, real values in .env.example..env.example; stray dd()/dump()/ray().APP_ENV first; on a dev file the value checks become 🟡 "if these are production values".php artisan route:list --json, read-only git), then hands you a plan. It never edits your .env, config, code, or .gitignore — you apply every fix yourself.
A real run, shortened. Every finding cites a real anchor — a file:line, a .env key, or a git state — with the exact fix.
## 🔴 Not safe to deploy — 4 blockers Laravel 12 · APP_ENV=production — 🔴 4 break/leak 🟡 3 review 🔵 3 hardening ✅ 5 covered ## 🔴 Fix now app/Services/PaymentGateway.php:20 env('STRIPE_SECRET') → null after config:cache fix: config('services.stripe.secret') (move env() into config/services.php) .env:3 APP_DEBUG=true on a production .env → leaks stack traces → APP_DEBUG=false .env tracked in git (git ls-files) → secrets committed → git rm --cached .env + rotate ## 🟡 Review routes/web.php:42 closure route → route:cache fails → move to a controller .env:21 QUEUE_CONNECTION=sync (fine if no async jobs)
Breaks or leaks on production right now — env() nulled by config:cache, APP_DEBUG=true, a tracked .env. Apply the fix before deploy.
Value or code wrong for prod, or depends on an assumption (is this the prod .env? a real secret?). Decide, then fix.
.env drift, debug leftovers, log level. Tidy when convenient.
| Requirement | Why |
|---|---|
A Laravel project (artisan present) | the entry point; without it the skill stops |
php artisan route:list runnable | to find closure routes (static fallback if it can't boot) |
Readable .env, .env.example, config/, code | the facts it audits |
| A git repo (recommended) | to check whether .env is tracked / ignored |
No marketplace or full library needed — drop this one folder into your project's .claude/skills/:
# grab just this skill (per-project) npx degit ArtemProshkovskiy/laravel-maintenance-skills/skills/laravel-production-readiness-review \ .claude/skills/laravel-production-readiness-review
Use ~/.claude/skills/ instead to install it globally (every project). No npx? Clone the repo and copy the skills/laravel-production-readiness-review folder into .claude/skills/. Want every skill at once? Add the plugin marketplace (optional).
Start it inside your Laravel project folder (the one with artisan).
"is this safe to deploy?", "env is null after deploy", "did I leak any secrets?" — the skill activates automatically.
You get a 🔴/🟡/🔵 plan with file:line and the exact fix. Nothing is changed for you — apply each on a branch.
.env, config, code, or .gitignore — you apply every fix;.env (real server, CI, secrets manager);It is not a deploy tool and not a security product: a clean report means "nothing found in the checks I ran", not "safe to deploy".
Full usage guide ↗ Example report ↗ SKILL.md source ↗ ← Back to library