Shipmoor

Configuration

Shipmoor Team
June 11, 2026
3 min read

Shipmoor’s configuration lives in your repo, in plain YAML, reviewable like any other change. Three files matter: .shipmoor.yaml (the scan config), the optional intent file under .shipmoor/, and the optional verdict-policy file for the Claim Check gate.

Discovery and project roots

Shipmoor works with zero config — every file below is optional.

  • Inside a git repository, scans resolve project context from the git root, so shipmoor scan src/foo.py resolves imports the same way --changed does.
  • Outside git, Shipmoor walks upward to the nearest .shipmoor.yaml, .shipmoor.yml, pyproject.toml, package.json, requirements*.txt, or go.mod and treats that as the root.
  • Manifest discovery runs downward from the resolved root, so a monorepo’s nested backend/package.json and frontend/requirements.txt both contribute to import resolution.

Precedence: config file > command-line flag > built-in default. Pass --config <path> to use an explicit file.

.shipmoor.yaml

Generate a starter with shipmoor init (it also adds .shipmoor/ to .gitignore):

schema_version: 1
languages:
  enabled: [python, typescript, javascript, go]
ignore:
  - .shipmoor/
rules:
  disabled: []                # rule IDs to turn off entirely
  severity_overrides: {}      # rule ID → severity
thresholds:
  fail_on: high               # none | critical | high | medium
diff:
  only_introduced: true       # gate only what the change introduced
output:
  default_format: human

The rules, thresholds, and diff knobs are covered in Gating & policy.

The harness: block (preview)

The Agent Harness (preview) keeps its settings in the same file and edits only its own block, preserving everything else byte-for-byte:

harness:
  mode: feedback              # observe | feedback | block
  max_feedback_cycles: 3
  watch:
    debounce_ms: 750

Reserved Team keys

Two extension points are reserved for the upcoming Team tier and are accepted but inert today:

policy:
  mode: local
  rulesets: []
baselines:
  shared: []
  ignore_fingerprints: []

Intent files (.shipmoor/)

For Claim Check in CI or agent workflows, drop the change’s intent in the scanned directory instead of passing flags:

  • .shipmoor/intent.txt — a plain one-line goal, auto-discovered by scan as an intent source.
  • .shipmoor/intent.yaml — the structured contract the shipmoor-intent-contract skill writes (task, expected side effects, must-nots).

The .shipmoor/ directory is working state (reports, intent, watch output) and belongs in .gitignoreshipmoor init puts it there.

The verdict policy (Claim Check gate)

The gate for the claim check is configured in a separate, explicitly passed file — it is never picked up silently:

# .shipmoor/verdict-policy.yaml
gating:
  enabled: true
  min_intent_confidence: medium    # high | medium (never low)
  block_on_major_gap: true
  block_on_inadmissible: true
  require_evidence_basis: deterministic
shipmoor scan --staged --intent "…" --verdict-policy .shipmoor/verdict-policy.yaml

A policy can tighten the gate but can’t loosen its engine-level floor; unknown keys or weaker-than-floor values are validation errors. Details and the --would-block rollout path: Turning on the gate.

Next

Last updated on June 11, 2026

Was this article helpful?

Your response is saved on this device.

Related Articles