Shipmoor

Changelog

Shipmoor Team
June 11, 2026
3 min read

Notable user-facing changes per release. Install the latest with curl -fsSL https://dl.shipmoor.dev/install.sh | bash, or update in place with shipmoor upgrade.

0.4.0 — 2026-06-10

The current stable release. Additive to the shipped scan and claim-check contracts — no behavior change for existing users.

New: Agent Skills

  • shipmoor skills {list,install,uninstall,status} — installs the Shipmoor skill bundle into your coding agent’s instruction files (Claude Code, Codex, Cursor, Aider). Installs are marker-wrapped, idempotent, and content-preserving; uninstall removes only the managed block.
  • Five skills ship in the bundle: shipmoor-review, shipmoor-intent-contract, shipmoor-fix, shipmoor-agent-guard, and shipmoor-pr-preflight. Gated by the new agent_skills entitlement on the IC plan; without it, list/status show the catalog and install points at the DIY Community path.

New: BYO-Judge

  • scan --intent … --agent "<cmd>" — the claim check can hand the masked change signal to your own coding agent (e.g. a headless claude -p) for an advisory opinion on changes no deterministic probe covers. Advisory only — it can never block — with declared judge isolation (--author-model-id, --strict-judge-isolation). See BYO-Judge.

Claim Check improvements

  • Dispatch-table style webhook handlers are no longer incorrectly flagged as failing the handler-binding probe.
  • The BYO-Judge opt-in and its non-low-confidence requirement are now documented behavior — see Providing intent.

Reliability fixes

  • shipmoor upgrade works on macOS — upgrades no longer abort with “archive contains an unsafe link” (safe in-bundle symlinks are now allowed; escaping links are still blocked).
  • HTTPS is self-containedlogin, upgrade, and license refresh ship their own CA roots, so they work regardless of the host’s OpenSSL configuration.
  • scan --output now creates the parent directory on a fresh repo instead of erroring.
  • License verification hardening: a build-time guard ensures shipped binaries always carry the production signing keyset.

Also in this release

  • A staging install channel for early validation: SHIPMOOR_CHANNEL=staging curl -fsSL https://dl.shipmoor.dev/install.sh | bash.
  • The Agent Harness foundation (scanner, orchestrator, install/status, entitlement gating) landed; the harness itself is in release — preview. See Agent Harness.

0.3.0 — 2026-06-07

The first entitlement-aware release: one universal binary for every tier, with paid features unlocked by a local license. Community scan, JSON/SARIF, and exit-code behavior unchanged.

  • Sign-in and licensing — device-flow login, offline Ed25519 license verification, whoami --json and capabilities --json (the entitlement contract), and shipmoor upgrade for in-place self-update.
  • Claim Check — the canonical scan --intent (quickstart): deterministic probes, maturity & coverage, the opt-in deterministic gate, plan-drift probes, and agent-session ingestion (--session, masked on ingest).

0.2.x — 2026-05/06 · Community CLI

The free Community line: the redesigned five-second scan output (0.2.1); monorepo manifest resolution, Go phantom-import detection with subtypes, the cross-language severity policy, and finding-level remediation text (0.2.0). Launch details in the blog.

Next

Last updated on June 11, 2026

Was this article helpful?

Your response is saved on this device.

Related Articles