Each skill is a written behavior contract your agent follows, and each one drives a specific CLI loop. The skill never re-implements detection — the shipmoor binary stays the source of truth, and the skill tells the agent when to run it, how to read the result, and what it’s allowed to claim.
| Skill | Purpose |
|---|---|
shipmoor-review | Run the scan, triage findings, explain blockers, and report a review-readiness verdict. |
shipmoor-fix | Repair findings introduced by the current change and re-scan until the gate passes. |
shipmoor-intent-contract | Compare implementation changes against declared intent and surface drift before review. |
shipmoor-agent-guard | Inject compact pre-edit guardrails that prevent common AI coding defects before review. |
shipmoor-pr-preflight | Run the final PR-readiness path: diff scan, structural gate, runtime verification, and a copyable PR note. |
shipmoor-review
The everyday loop. When you ask the agent to check review readiness, it runs the scan, triages what came back, and explains blockers:
shipmoor scan --changed --fail-on highThe skill’s completion rule is deliberately strict: done = structural gate passed + runtime verification passed. A clean scan with no test run is reported as structurally clean, runtime unverified — the skill forbids the agent from claiming Shipmoor proved runtime correctness, because it doesn’t.
shipmoor-fix
The repair loop, bounded and measured (default: 2 repair cycles, so it never spins):
shipmoor scan --changed --json --output .shipmoor/report.json— establish the baseline.- For each blocking finding:
shipmoor explain <id> --from .shipmoor/report.json. - Patch only the affected code; re-scan; report the before → after delta.
Its safety rules are part of the contract: fix introduced findings first, never rewrite unrelated files, and never pass the gate by suppressing findings, lowering thresholds, or disabling rules. Without the repair_guidance entitlement it falls back to review-only behavior instead of pretending repair is active.
shipmoor-intent-contract
Write the contract before coding, check the diff against it after:
shipmoor_intent:
task: "Add Stripe refund webhook"
expected_side_effects:
- "verify Stripe signature"
- "persist refund event"
- "return non-2xx on invalid signature"A deterministic static layer marks each item satisfied, unproven, or violated — it’s the only layer that can mark anything violated. An opt-in second layer escalates unproven items to an isolated judge sub-agent in your own coding tool (BYO-Judge); that opinion is labeled inferred and never blocks. Needs intent_scan — this is Claim Check driven from inside the agent.
shipmoor-agent-guard
The only skill that acts before the edit. It’s a compact pre-edit policy the agent loads: inspect manifests before adding imports; don’t invent packages, APIs, env vars, or local functions; never return success for a path whose real side effect isn’t implemented; never silence type errors just to pass checks. It prevents the defects the scanner would otherwise catch — then hands off to shipmoor-review as the verification step.
shipmoor-pr-preflight
The “am I ready to open this PR?” path:
shipmoor scan --diff main...HEAD --fail-on high \
--markdown-summary pr-note.mdIt scans the merge-base diff, runs the structural gate, requires runtime verification before declaring ready, and produces a copyable PR note. It reports the resolved base/head refs so you can confirm the scope, and it never silently rewrites a range you gave it.
How they compose
A typical task flows through all five: agent-guard shapes the edit, review checks it, fix repairs what review found, intent-contract checks the change did what the task asked, and pr-preflight packages the evidence. Install them as one bundle — see Installing skills.
Next
- Using skills with your agent — what the loop looks like in Claude, Codex, Cursor, and Aider.
- Claim Check — the engine behind
shipmoor-intent-contract. - Findings & rules — what review and fix are triaging.