Claude-code-plugins-plus-skills clade-prod-checklist
install
source · Clone the upstream repo
git clone https://github.com/jeremylongshore/claude-code-plugins-plus-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/jeremylongshore/claude-code-plugins-plus-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/plugins/saas-packs/claude-pack/skills/clade-prod-checklist" ~/.claude/skills/jeremylongshore-claude-code-plugins-plus-skills-clade-prod-checklist && rm -rf "$T"
manifest:
plugins/saas-packs/claude-pack/skills/clade-prod-checklist/SKILL.mdsource content
Anthropic Production Checklist
Overview
Before going live with a Claude-powered app, verify every item below.
Authentication & Security
- API key stored in secrets manager (not in code or env file on disk)
- Key rotated — not the same one used during development
- Server-side only — no key exposed to client/browser
- Per-user rate limiting in place
- Input validation: max length, content filtering
- System prompt includes injection guardrails
Output
- All checklist items verified (authentication, error handling, streaming, cost, monitoring, reliability, content, performance)
- Production API key configured with appropriate spending limits
- Monitoring and alerting in place
- Fallback behavior tested for API outages
Error Handling
- All Anthropic API calls wrapped in try/catch
-
(429) → backoff and retryRateLimitError -
(529) → fallback model or queueOverloadedError -
(401) → alert team, don't retryAuthenticationError -
(400) → log and fix, don't retryInvalidRequestError - Network errors → retry with backoff
- Request IDs logged for every error (for support tickets)
Streaming
- Using
for user-facing responsesclient.messages.stream() - Stream errors handled (connection drops, incomplete responses)
-
checked:stop_reason
vsend_turn
(incomplete)max_tokens
Cost Controls
-
set to realistic values (not 4096 for short answers)max_tokens - Correct model for each task (Haiku for simple, Sonnet for balanced)
- Prompt caching enabled for repeated system prompts
- Usage logging in place — tracking tokens and cost per request
- Spending alerts set in Anthropic console
Monitoring
- Response latency tracked (TTFT and total)
- Token usage tracked (input/output per request)
- Error rates dashboarded (by error type)
- Anthropic status page monitored (status.anthropic.com)
Reliability
- SDK
set (default 2 is fine for most)maxRetries - Timeout configured for your use case (
option)timeout - Single client instance reused (not created per request)
- Graceful degradation if Claude is down (cached responses, fallback)
Content & Compliance
- System prompt tested against edge cases and adversarial inputs
- Output validated before showing to users (JSON parsing, length)
- Data retention settings configured in Anthropic console
- No unnecessary PII in prompts
- Usage policy compliance (Anthropic's Acceptable Use Policy)
Performance
- p95 latency acceptable for your UX
- Prompt caching for latency-sensitive paths
- Parallel requests where possible (
)Promise.all - Client-side streaming UI implemented
Examples
Each section above is a verifiable checklist. Work through Authentication & Security, Error Handling, Streaming, Cost Controls, Monitoring, Reliability, Content & Compliance, and Performance sections.
Resources
Next Steps
See
clade-observabilityPrerequisites
- All other anthropic skills reviewed
- Application feature-complete and tested locally
- Production API key created (separate from dev)
- Deployment platform selected
Instructions
Step 1: Review the patterns below
Each section contains production-ready code examples. Copy and adapt them to your use case.
Step 2: Apply to your codebase
Integrate the patterns that match your requirements. Test each change individually.
Step 3: Verify
Run your test suite to confirm the integration works correctly.