Shipmoor’s security posture rests on one invariant that holds across every tier: no source upload, ever — there is no Shipmoor cloud in the analysis path. Everything else on this page follows from it.
The local-first architecture
- All analysis is local. The scan engine, the Claim Check probes, and the gate run inside the
shipmoorbinary on your machine or your own CI runner. There is no hosted scanner to send code to. - License verification is offline. The signed license token is verified against public keys embedded in the binary (Ed25519). No network sits in the critical path of any scan — air-gapped machines and locked-down runners work identically. See Sign in & licensing.
- The Console is a control plane, not a source plane. accounts.shipmoor.dev handles sign-up, billing, and license issuance. It never receives source code, diffs, file contents, repo paths, or scan results.
- No model calls by Shipmoor. The only LLM in the product is the one you opt into: BYO-Judge runs your own agent command under your existing provider relationship, on a masked change signal. Shipmoor hosts and selects no model.
Network surface, exhaustively
The binary’s outbound calls, in full:
| Call | When | Disable |
|---|---|---|
| Package-registry lookup | Optional check behind the hallucinated_package subtype | SHIPMOOR_OFFLINE=1 |
| Your own agent command | Only when you opt into BYO-Judge | SHIPMOOR_OFFLINE=1 (or don’t opt in) |
login / license refresh | When you invoke it | Don’t sign in (Community needs no account) |
upgrade / install | When you invoke it | Pin versions; mirror artifacts |
SHIPMOOR_OFFLINE=1 is the global kill switch and always wins.
Data handled with source-level care
- Intent text (tickets, prompts, session turns) is treated as being as sensitive as source: masked by a secret scanner before any use, never transmitted, never stored raw. Session ingestion is explicitly opt-in.
- The optional probe-coverage telemetry is local-only, opt-in, off by default, and redaction-safe by construction — masked term frequencies and a salted fingerprint, never intent text or model rationales. Nothing is transmitted. Details: Privacy & telemetry.
- Contract payloads are redacted.
whoami/capabilitiesJSON never includes raw tokens or filesystem paths.
Supply-chain posture
- Installs and
shipmoor upgradeverify artifact SHA-256 checksums against the channel manifest before anything is extracted or replaced; replacement is atomic, and a failed upgrade leaves the original install intact. - The installer writes only to user-owned paths (no
sudo) and never edits your shell profile silently. - Pin a version (
SHIPMOOR_VERSION=0.4.0) for reproducible CI installs.
Governance: live vs. roadmap
Live today: the local-first guarantees above, offline license verification, SSO sign-in to the Console (GitHub / WorkOS), and Stripe-managed billing.
On the roadmap, not yet available — and not implied: RBAC and org-level policy controls, SOC 2 / ISO compliance evidence, and the customer-installable GitHub App. If your security review needs these, they’re tracked for the Team/Enterprise tiers; contact us via the Console rather than assuming.
Until then, the honest pitch to your security team is structural: the tool can’t leak what it never sends, and the architecture — not a policy document — is what enforces that.
Next
- Privacy & telemetry — the Claim Check data flows in detail.
- Sign in & licensing — the offline license model.
- Plans & tiers — where Team/Enterprise governance will land.