A short tour of the ideas the rest of the docs build on.
Two kinds of check
The structural scan (free). Given a change, Shipmoor checks whether the code is real and self-consistent: does every import resolve, does every called symbol exist, does a handler actually do its work? These are the high-confidence failure modes agents introduce. See Findings & rules.
The claim check (IC). Given a change and the intent behind it, Claim Check asks the question a linter can’t: did this change do what the task asked? It compares the diff to the stated intent and reports what it verified, where it found a gap, and what it couldn’t check.
Severity and findings
Each finding carries a severity (critical, high, medium, …). You decide what blocks with --fail-on, and you can ask for the reasoning behind any rule with shipmoor explain <rule>. Findings are emitted as human output, deterministic JSON, and SARIF from the same evidence — see Output formats & exit codes.
The three claim-check axes
The claim-check result carries three independent measures. Collapsing them into one number is the most common misread:
| Axis | Answers | Where it shows |
|---|---|---|
| confidence | How sure are we of the intent? | the Source: line |
| coverage | What fraction of expectations could we check here? | the badge |
| maturity | How well-checked is the claim? (verified / partial / gap_disclosed / unprobed / inferred) | the badge headline |
A weak result is allowed to look weak. “Not yet checked” is honest silence, not a pass. See Reading the verdict.
Deterministic decides; an LLM only advises
Shipmoor’s core decision rule: only deterministic, falsifiable evidence can ever block a merge, and only if you opt in. An optional LLM second opinion runs in your own coding agent (BYO-Judge), is labeled as inferred, is excluded from the score, and is structurally unable to gate. Shipmoor hosts and calls no model.
Tiers and entitlements
What the binary can do is decided by a local license. The entitlement vocabulary maps roughly one-to-one onto the paid products:
| Entitlement | Unlocks |
|---|---|
| (none) | The Community structural scan |
intent_scan | Claim Check |
agent_skills | Agent Skills |
agent_harness | The Agent Harness loop (preview) |
ide_extension_pro | The IDE extension (preview) |
repair_guidance | Repair guidance for findings |
Read your machine’s state any time with shipmoor capabilities --json. See Capabilities & entitlements.
Local-first, no source upload
Across every tier, the invariant holds: scans run on your machine or in your own CI, and no source, diff, file content, repo path, or license token is sent to Shipmoor. The account Console is a control plane for sign-in, billing, and licensing — it never receives source code. See Security & privacy.