How Ship Your Product Works

One interactive script installs everything you need. It detects your operating system, checks what's already installed, and fills in the gaps.

First, it sets up your development environment: Node.js (via asdf for version management), Git, GitHub CLI, Vercel CLI, Supabase CLI, Stripe CLI, Docker, PostgreSQL, and essential tools. If you already have some of these installed, it skips them. If versions are outdated, it updates them.

Then it installs Claude Code skills— slash commands that orchestrate your workflow. These aren't simple aliases. Each skill is a multi-step process: /ax-feature runs a guided interview and generates a full project plan. /ax-review performs a comprehensive code review. /ax-test runs tests with coverage analysis. /ax-audit scans for security vulnerabilities. /ax-launch runs a 50+ point pre-launch checklist.

Finally, it installs 7 stack constraint filesthat teach Claude the correct patterns for each tool in your stack. These aren't documentation — they're active rules that Claude references every time it writes code involving that tool. The installer is idempotent, meaning it's safe to re-run whenever updates ship. Nothing breaks if you run it twice.

Before writing a single line of code, you run /ax-featureto plan your entire product. This isn't a form you fill out — it's a guided interviewwhere the skill asks you targeted questions about what you're building.

It asks: What problem does this solve? Who is the target user? What's the core user workflow — the one thing your app must do well? What's the MVP scope — what ships in version one and what waits? Are you selling something? Do you need authentication? What data do you need to store?

Based on your answers, it generates a complete project plan: project architecture (which files go where), database schema (tables, relationships, indexes), API routes (endpoints, request/response shapes), page structure (layouts, routes, components), and a phased implementation plan (what to build first, second, third).

You review the plan and refine it before any code is written. Want to change the data model? Adjust the page structure? Drop a feature from MVP? Do it now, when changes are free. This isn't a generic template — it's a custom project plan built around your answers. Two people building different products get completely different plans.

With your plan in place, you start building. This is where the stack modules earn their keep. As you build, Claude Code references your stack constraint files automatically— you don't need to remind it or paste documentation.

When you're writing a Stripe integration, the Stripe stack module ensures Claude uses Checkout Sessions (not the deprecated Charges API), verifies webhook signatures with the raw request body (not parsed JSON), implements idempotent webhook handlers (because Stripe retries), and keeps the secret key server-side only. When you're writing Supabase queries, the Supabase module ensures RLS policies exist on every table, migrations are used for schema changes (not the dashboard SQL editor), the service role key stays in server-side code, and auth flows use the correct client.

The same applies to every tool in the stack. Next.js: correct App Router patterns, proper use of server vs. client components, metadata API for SEO. Vercel: environment variables by deployment context, serverless function configuration. PostgreSQL: proper schema design, indexes on foreign keys, parameterized queries. Tailwind: utility-first patterns, responsive breakpoints, theme consistency. Analytics: GA4 events, Meta Pixel, server-side conversion API. You build at AI speed without AI mistakes.

Before you ship anything, you run two quality gates. /ax-review performs a comprehensive code review covering: security issues (exposed secrets, missing auth checks, SQL injection vectors), performance problems (N+1 queries, unoptimized images, missing indexes), error handling gaps (unhandled promise rejections, missing try/catch blocks, silent failures), and best practices violations specific to your stack.

/ax-audit goes deeper on security. It checks for secret exposure in client-side code, RLS policy gaps in Supabase, authentication bypass risks, missing rate limiting on public endpoints, payment security issues (client-side price manipulation, unsigned webhooks), and cross-site scripting vectors. Both skills are stack-aware— they know what to check for your specific tools. A Stripe audit checks different things than a Supabase audit.

These aren't style nitpicks about semicolons and indentation. They catch real issues that would break your app in production, leak customer data, or leave money on the table. Fix them now, not after your first user finds them.

/ax-testdetects which files have changed since your last commit and runs the relevant tests. It doesn't blindly run your entire test suite — it figures out which tests are affected by your changes and runs those first for fast feedback.

It reports coverage for the code you changed, highlights untested paths, and suggests missing test cases for edge scenarios you might not have considered: What happens if the API returns an error? What if the user submits the form twice? What if the webhook fires before the success redirect loads?

If tests fail, the skill helps diagnose and fixthe issue — not just report it. It reads the failure output, traces the root cause, and proposes a fix. You ship with confidence that the critical paths work, not just a hope that nothing breaks.

/ax-launch runs a 50+ point pre-launch checklist covering five categories. Every item on this list exists because it has broken a real launch.

Technical: Build passes cleanly. All environment variables are set for production. Error monitoring is active (you'll know when something breaks). Database migrations are applied. SSL certificate is valid. API rate limiting is in place.

Content and SEO: Meta titles and descriptions on every page. Open Graph images for social sharing. robots.txt allows indexing. Sitemap is generated. Canonical URLs are set. Favicon is present.

User experience: Mobile responsive on all pages. Forms validate input and show clear errors. Payment flow works end-to-end (including the webhook). Loading states exist for async operations. 404 page is designed, not a default error screen.

Legal: Privacy policy exists and is linked. Terms of service are published. Cookie consent banner (if required in your market). Refund policy is clear and accessible.

Launch day: Monitoring dashboards are active. Rollback plan is ready (you know how to revert if something goes wrong). Announcement is drafted. Support channel is set up. You know how to check logs in real-time.

Every point is verified before you go live. No "I'll fix that later." Later never comes when users are hitting your app.

Push to GitHub, Vercel auto-deploys. That's the entire deploy process. No manual builds, no FTP uploads, no SSH sessions, no deployment scripts. Merge to main and it's live within seconds.

Your workflow from here is: work in feature branches during development, open pull requests for review, run /ax-review on the PR before merging, and merge to main for production deployment. Ship updates daily. Fix bugs in hours, not weeks.

The cycle repeats for every feature: plan → build → review → test → deploy → iterate. The skills and stack modules work the same way whether it's your first feature or your fiftieth. Quality stays high as you ship fast.