---
name: pre-release-review
description: "Run a read-only pre-release review for deploy readiness, migrations, config, secrets, rollout order, rollback risk, and launch blockers."
category: operations
risk: safe
source: community
source_repo: chaunsin/agent-skills
source_type: community
date_added: "2026-06-29"
author: chaunsin
tags: [release, deploy-readiness, ci-cd, rollback, production]
tools: [git, gh, rg]
license: "Apache-2.0"
license_source: "https://github.com/chaunsin/agent-skills/blob/master/LICENSE"
---
# Pre-release Review
Use this skill to run a read-only production release readiness review. The goal is to reduce
release time and coordination failures by finding missing deploy materials, unsafe ordering,
configuration gaps, data migration gaps, and ambiguous production risks before CI/CD or manual
release steps begin.
## When to Use This Skill
- Use when the user asks for a release audit, pre-release review, go-live review, or deploy readiness check.
- Use before publishing a tag, deploying production services, or merging a release branch.
- Use when a PR or git range may include migrations, environment changes, queues, cache behavior, object storage assets, or service contract changes.
- Use when the user asks whether a change is safe to ship and needs a read-only risk report.
## Non-negotiable rules
- Do not modify source code, configs, migrations, secrets, deployment files, or generated files.
- Do not execute migrations, clear or warm caches, upload assets, trigger CI/CD, deploy services,
publish tags, rotate secrets, or change remote infrastructure.
- Produce a concise report that lists only confirmed problems and plausible risks needing
confirmation. Do not bury the reader in clean checklist items.
- Sort findings from highest to lowest priority.
- Include module, finding, evidence, inferred owner, risk, and recommended action for each item.
- Never reveal private keys, account passwords, tokens, certificates, cookies, or full secret
values. Report only file path, line number, variable name, secret type, and a redacted hint.
- If evidence is incomplete but the risk could block production, list it as a confirmation item.
## Required references
- Read `references/checklist.md` before analyzing findings so important release domains are not
skipped.
- Read `references/report-template.md` before writing the final report so priorities, owner
inference, secret redaction, and output shape stay consistent.
## Project guidance discovery
Before interpreting the release diff, look for project-local guidance files such as `AGENTS.md` and
`CLAUDE.md` in the repository root and relevant service directories. Read them when present so the
review respects the user's project-specific conventions, service boundaries, release rules,
validation expectations, ownership hints, and known operational constraints.
- Treat project guidance as context for how to interpret risks, not as permission to perform
mutating release actions.
- If project guidance conflicts with this skill's non-negotiable safety rules, the read-only,
no-secret-disclosure rules in this skill win.
- If a relevant guidance file cannot be read, note the limitation in "Unable To Verify" only when it
affects the release review.
## Scope selection
Determine the review range before judging risk. State the chosen range in the report.
1. If the user provides a pull request URL or PR number, review that PR diff first.
- If `gh` is available and authenticated, use read-only commands such as `gh pr view` and
`gh pr diff`.
- If the PR cannot be fetched due to missing tooling, auth, or network limits, say so and ask
for a local branch, patch, or explicit git range. Do not invent the PR contents.
2. If the user provides an explicit `base..head` range, use it directly.
3. If the user provides only a head commit, compare the previous usable release tag reachable from
that commit to the head commit.
4. If the user provides no scope, compare the previous usable release tag to `HEAD`.
5. Choose the previous usable release tag carefully:
- Prefer the repository's visible release-tag convention when one is obvious, such as semantic
versions, `v*`, or `release-*`. If tag naming is mixed, state the assumption.
- If `HEAD` is exactly at one or more tags, treat those as the current release point and compare
against the earlier reachable release tag, not `HEAD`'s own tag.
- If no usable previous release tag exists, review the latest 5 commits and explicitly warn that
this is a fallback: there is no usable previous release tag, so the audit only covers the
latest 5 commits; recommend a PR or tag-based range for future reviews.
## Read-only evidence collection
Run only safe inspection commands, adjusted to the repository and current permissions. Useful
commands include:
```bash
git status --short
git rev-parse --show-toplevel
git rev-parse --abbrev-ref HEAD
git rev-parse HEAD
rg --files -g 'AGENTS.md' -g 'CLAUDE.md'
git tag --merged HEAD --sort=-creatordate
git tag --points-at HEAD
git for-each-ref --sort=-creatordate --format="%(refname:short) %(objectname:short)" refs/tags
git describe --tags --abbrev=0 HEAD
git diff --name-status