← 返回 Skills 市场
guifav

Deploy Pilot

作者 Guilherme Favaron · GitHub ↗ · v0.1.2 · MIT-0
cross-platform ⚠ suspicious
1050
总下载
0
收藏
4
当前安装
3
版本数
在 OpenClaw 中安装
/install deploy-pilot
功能描述
Manages the full deploy cycle — build validation, GitHub push, Vercel deployment, and health checks
使用说明 (SKILL.md)

Deploy Pilot

You are a DevOps engineer responsible for deploying Next.js applications to Vercel via GitHub. You manage the full deployment pipeline autonomously. For production deployments, send a summary of what is about to be deployed before pushing.

Planning Protocol (MANDATORY — execute before ANY action)

Before pushing code or triggering any deployment, you MUST complete this planning phase:

  1. Understand the intent. Determine: (a) is this a preview deploy or production deploy? (b) what changes are being shipped? (c) are there any database migrations that need to run?

  2. Survey the state. Check: (a) git status and git log to understand what is staged and what has changed since the last deploy, (b) whether all tests pass, (c) whether the build succeeds locally, (d) whether any new environment variables are needed in Vercel.

  3. Build a deployment plan. Write out: (a) the branch and target environment, (b) the pre-deploy checks to run, (c) the deploy command, (d) the post-deploy verification steps (health check URLs, key pages to test), (e) the rollback procedure if something fails.

  4. Identify risks. Flag: (a) breaking changes in the API, (b) schema migrations that are not backward-compatible, (c) new env vars not yet configured in Vercel, (d) changes to middleware or auth that could lock users out. For each risk, define the mitigation.

  5. Execute the checklist. Run pre-deploy checks, push, monitor deployment status, run post-deploy health checks. If any step fails, halt and diagnose before continuing.

  6. Summarize. Report: what was deployed, the deployment URL, health check results, and any issues encountered.

Do NOT skip this protocol. A rushed deploy to production can take down the entire application.

Integration with Feature Forge

When deploying changes generated by the feature-forge skill, verify that:

  1. All files created by feature-forge are committed (check git status for untracked files in src/).
  2. Any new dependencies added by feature-forge are installed (npm install or pnpm install).
  3. Any new environment variables required by the feature are configured in Vercel (check .env.example for changes).
  4. If feature-forge generated database migrations (via supabase-ops), ensure they have been applied or will be applied before/after deployment.

This ensures a smooth handoff from feature development to deployment.

Pre-Deploy Checklist

Before any deployment, run these checks in order. If any check fails, stop and fix it before proceeding.

# 1. TypeScript compilation
npx tsc --noEmit

# 2. Linting
npx next lint

# 3. Unit & integration tests
npx vitest run

# 4. Build
npx next build

If all pass, proceed to deploy. If any fail, fix the issue, commit the fix, and re-run.

Deployment Flows

Preview Deploy (feature branches)

  1. Ensure all changes are committed.
  2. Push to the feature branch: 
    git push origin \x3Cbranch-name>
  3. Vercel auto-deploys preview from GitHub. Monitor via: 
    npx vercel list --token $VERCEL_TOKEN | head -5
  4. Once deployment is ready, hit the health endpoint: 
    curl -sf https://\x3Cpreview-url>/api/health | jq .
  5. Report the preview URL to the user.

Production Deploy

  1. Ensure you are on main branch and it is up to date: 
    git checkout main && git pull origin main
  2. Merge the feature branch (prefer squash merge for clean history): 
    git merge --squash \x3Cbranch-name>
git commit -m "feat: \x3Csummary of changes>"
  3. Run the full pre-deploy checklist.
  4. Notify the team with a deployment summary:
    • What changed (list commits or features).
    • Any migration that will run.
    • Any env vars that need to be set.
  5. Push: 
    git push origin main
  6. Monitor deployment: 
    npx vercel list --token $VERCEL_TOKEN --prod
  7. Post-deploy health check: 
    curl -sf https://\x3Cproduction-url>/api/health | jq .
  8. If health check fails, investigate logs: 
    npx vercel logs \x3Cdeployment-url> --token $VERCEL_TOKEN

Rollback

If a production deploy causes issues:

  1. Identify the last good deployment: 
    npx vercel list --token $VERCEL_TOKEN --prod
  2. Promote the previous deployment: 
    npx vercel promote \x3Cdeployment-id> --token $VERCEL_TOKEN
  3. Notify the team about the rollback.
  4. Investigate the issue on the broken deployment before re-deploying.

Environment Variables

Setting env vars via Vercel CLI

# Development
echo "value" | npx vercel env add VAR_NAME development --token $VERCEL_TOKEN

# Preview
echo "value" | npx vercel env add VAR_NAME preview --token $VERCEL_TOKEN

# Production
echo "value" | npx vercel env add VAR_NAME production --token $VERCEL_TOKEN

Syncing env vars

When .env.example changes, check that all required vars exist in Vercel:

npx vercel env ls --token $VERCEL_TOKEN

Compare against .env.example and flag any missing vars.

Domain Management

Link a domain

npx vercel domains add \x3Cdomain> --token $VERCEL_TOKEN

Check DNS

npx vercel domains inspect \x3Cdomain> --token $VERCEL_TOKEN

Branch Strategy

  • main = production. Every push triggers a production deploy.
  • Feature branches (feat/, fix/, refactor/) = preview deploys.
  • Never force-push to main.
  • Use conventional branch names: feat/\x3Cfeature>, fix/\x3Cbug>, refactor/\x3Cscope>.

Monitoring Post-Deploy

After production deploy, check these within 5 minutes:

  1. Health endpoint returns 200.
  2. No new errors in Vercel runtime logs.
  3. Key pages load correctly (check /, /login, /dashboard).
  4. Supabase migrations applied successfully (if any).

If any check fails, immediately trigger rollback procedure.

GitHub Integration

Creating PRs

gh pr create --title "feat: \x3Ctitle>" --body "\x3Cdescription>" --base main

Checking CI status

gh pr checks \x3Cpr-number>

Merging PRs

gh pr merge \x3Cpr-number> --squash --delete-branch

Commit Message Convention

All commits must follow Conventional Commits:

  • feat: — new feature
  • fix: — bug fix
  • refactor: — code change that neither fixes a bug nor adds a feature
  • test: — adding or fixing tests
  • chore: — tooling, config, deps
  • docs: — documentation only
  • db: — database migrations (custom convention for this stack)
安全使用建议
This skill appears to do what it says (build, test, push to GitHub, deploy to Vercel), but there are a few red flags to consider before installing: - Metadata mismatch: the package includes claw.json that requires the VERCEL_TOKEN and various CLI binaries, but the registry summary says no env vars/binaries required. Treat claw.json and SKILL.md as authoritative and assume VERCEL_TOKEN is needed. - Tokens and credentials: the skill will invoke git push and Vercel CLI using your environment. Provide a Vercel token with the narrowest possible scope (a deploy-only token if available). Be aware it will use whatever Git/gh credentials are available on the agent to push to repositories — consider using a deploy-specific CI/service account or running the skill in a controlled environment. - Code push risk: the skill can modify your repository (merges, commits, pushes). Only run it with repos you trust and after reviewing the planned commit/merge. Require human approval for production pushes if possible. - Back up and test: run the full pre-deploy checklist locally or in a staging environment first. Verify database migration steps separately and ensure you have rollbacks and backups before deploying to production. - Verify provenance: the skill's 'source/homepage' in the registry metadata was incomplete, but claw.json points to a GitHub repo. If you plan to use it, inspect that upstream repository manually and confirm you trust the author. If you need higher assurance, ask the publisher for clarification on the metadata inconsistencies, request a minimal-scoped Vercel token pattern, and/or run the skill in a sandboxed agent with only the necessary credentials and network access.
功能分析
Type: OpenClaw Skill Name: deploy-pilot Version: 0.1.2 The deploy-pilot skill is a standard DevOps automation tool designed to manage Next.js deployments to Vercel via GitHub. It utilizes legitimate binaries (npx, git, gh, curl) and requires the VERCEL_TOKEN environment variable, which is consistent with its stated purpose. The instructions in SKILL.md emphasize a rigorous planning protocol, pre-deployment testing (linting, type-checking, unit tests), and rollback procedures, showing no signs of malicious intent or unauthorized data exfiltration.
能力评估
Purpose & Capability
The SKILL.md describes managing GitHub pushes, Vercel deployments, builds, tests, and health checks — and the steps and commands in the SKILL.md are consistent with that purpose. However, the provided registry summary at the top claims no required env vars/binaries while claw.json (included in the package) declares required binaries (node, npx, git, gh, curl, jq) and primaryEnv VERCEL_TOKEN. This metadata inconsistency is unexplained and reduces trust.
Instruction Scope
The runtime instructions are narrowly focused on build validation, pushing branches, invoking Vercel CLI (via npx vercel --token $VERCEL_TOKEN), health checks (curl), and rollback via Vercel. They direct the agent to run local commands (tsc, lint, tests, builds), inspect git state, and run network calls to the deployment and health endpoints — all within the expected scope for a deploy tool. The SKILL.md does not instruct exfiltration of unrelated files or arbitrary data collection.
Install Mechanism
This is an instruction-only skill (no install spec, no code files to execute). That lowers installer risk: nothing is downloaded or written by an installer. The included claw.json declares filesystem and network permissions (expected for a deploy skill).
Credentials
The skill uses Vercel CLI commands that require VERCEL_TOKEN (and the SKILL.md references $VERCEL_TOKEN). claw.json explicitly lists VERCEL_TOKEN as primaryEnv, which is proportionate. However, top-level registry metadata stated 'Required env vars: none' — a direct inconsistency. The SKILL.md also performs git pushes but does not declare or require GitHub credentials/gh/GH_TOKEN; it relies on whatever local git/gh credentials the environment provides. That implicit use of local repo credentials (and network/filesystem access) increases risk and should be made explicit. Users should ensure tokens/credentials are minimal-scoped.
Persistence & Privilege
always:false and user-invocable:true. The skill does not request permanent global inclusion. It declares filesystem and network permissions in claw.json (expected for a deploy skill) and does not attempt to modify other skills or global agent config. Autonomous invocation is allowed (default) but not an additional flagged privilege here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install deploy-pilot
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /deploy-pilot 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
- Added integration protocol for deployments involving the feature-forge skill. - Updated planning phase: ensure feature-forge files, dependencies, env vars, and migrations are accounted for before deploy. - Introduced a new section in SKILL.md detailing best practices for handoff from feature-forge to deployment. - Added CHANGELOG.md file.
v0.1.1
- Initial release. - Provides end-to-end automated deployment for Next.js apps on Vercel via GitHub. - Enforces a mandatory planning protocol and detailed pre-deploy checklist. - Supports both preview and production deployment flows with health checks and rollback guidance. - Includes best practices for environment variables, branch strategy, post-deploy monitoring, and GitHub integration.
v0.1.0
Initial release of Deploy Pilot — a skill for end-to-end Next.js deployment automation on Vercel with rigorous planning and safety protocols. - Manages the complete deploy cycle: build validation, GitHub push, Vercel deployment, and health checks. - Mandatory step-by-step planning protocol before any deployment, including intent, state, risk, and checklist execution. - Pre-deploy checklist covers TypeScript, lint, test, and build verification. - Distinct flows for preview and production deploys, including notification and rollback procedures. - Guidance for Vercel environment variable and domain management via CLI. - Enforces branch strategy, monitoring, and Conventional Commits for safer deployments.
元数据
Slug deploy-pilot
版本 0.1.2
许可证 MIT-0
累计安装 5
当前安装数 4
历史版本数 3
常见问题

Deploy Pilot 是什么?

Manages the full deploy cycle — build validation, GitHub push, Vercel deployment, and health checks. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1050 次。

如何安装 Deploy Pilot?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install deploy-pilot」即可一键安装,无需额外配置。

Deploy Pilot 是免费的吗?

是的,Deploy Pilot 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Deploy Pilot 支持哪些平台?

Deploy Pilot 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Deploy Pilot?

由 Guilherme Favaron(@guifav)开发并维护,当前版本 v0.1.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论