Shipmoor is a code-integrity layer for the agent era. It runs after your coding agent finishes and before a human reviews the change, and it catches the failure modes agents introduce — hallucinated dependencies, calls to APIs that don’t exist, handlers that return success without doing the work — plus, on a license, whether the change actually did what it was asked to do.
Everything runs locally. No source code ever leaves your machine, and there is no Shipmoor cloud in the path of a scan.
The problem Shipmoor solves
A coding agent produces a diff that looks plausible. It lints clean, it type-checks, the tests it wrote pass — and it still did the wrong thing: wired the wrong event, edited a sibling service, or “handled” a case by quietly swallowing it. Reviewing agent output at volume is exhausting, so confident-looking changes get rubber-stamped. The gap between what the agent said it did and what the diff actually does is where defects now hide.
Shipmoor closes that gap at the moment before merge — while the change is still in the developer’s shell.
One binary, decided by your license
You install a single shipmoor binary. What it can do is decided by a local license, not by which installer you ran:
- Community (free, no login): the structural scan engine.
- Shipmoor IC (paid, local-first): adds Claim Check, Agent Skills, the Agent Harness, the Pro CI gate, and the IDE extension — each unlocked by an entitlement read from a local, signed license.
- Team / Enterprise: coming soon — org scope, shared baselines, managed CI.
See Plans & tiers for what each unlocks.
What you can do with Shipmoor
| You want to… | Start here |
|---|---|
| Scan an agent’s change locally before you push | Quickstart · Scanning your code |
| Check whether the change did what the task asked | Claim Check |
| Run the Shipmoor loop inside Claude, Codex, Cursor, or Aider | Agent Skills |
| Have the agent self-correct as it edits (preview) | Agent Harness |
| See findings as diagnostics in your editor (preview) | IDE Extension |
| Gate a pull request in CI with SARIF | CI & Automation |
| Manage your license and billing | Account & Billing |
What makes Shipmoor different
Deterministic evidence decides; an LLM only advises. Where competitors put a probabilistic model in the critical path — “AI reviews your AI” — Shipmoor’s stance is the opposite and is enforced in code: a model can never block your merge. Only falsifiable, deterministic checks can, and only if you opt in. The optional LLM second opinion runs in your own agent (BYO-Judge), so Shipmoor hosts and calls no model.
Honest about what it can’t check. When Shipmoor has no probe for something, it says “couldn’t check” rather than implying a pass. That honesty is the point — it’s what makes the checks it does make trustworthy.
Next steps
- Quickstart — install and run your first scan in five minutes.
- Installation — channels,
PATH, and upgrades. - Core concepts — the scan, the claim check, severity, and tiers.