Phantom import
Generated code references a package that is missing from the manifest or lockfile.
AI code integrity for agent-assisted teams
Verify agent work before review.
Shipmoor catches high-confidence defects and claim gaps in agent-generated code before they waste a reviewer's time or reach production.
Free local CLI. Shipmoor IC unlocks Pro CLI, IDE, and agent harness features from one license. No telemetry. No source upload.
- CLI
- local verification before git push
- Diffs
- scan changed, staged, diff, or patch input
- SARIF
- export standard evidence for CI
- Rules
- detect AI-specific failure patterns
Free Community CLI
Try Shipmoor in your shell
Work with shipmoor directly in your codebase. Scan agent-generated changes locally. Get findings with severity explanation, and next steps before you push.
- No login
- Always free
- No telemetry
Product demo
See it in action
Watch the Community CLI scan an agent-generated change, surface high-confidence findings, and export review-ready evidence — local, no account, no telemetry.
VS Code
JetBrains
Python
JavaScript
TypeScript
Go
GitHub
Claude
Cursor
Codex
Aider
Works with your stack Bring your tools and agents.
Bring your tools and agents.
Shipmoor adds the integrity layer.
Your IDEs, languages, platforms, and AI agents: checked locally before review, with deterministic checks, no telemetry, no source upload, and your own AI.
Works with your stack
Bring your tools and agents. Shipmoor adds the integrity layer.
Your IDEs, languages, platforms, and AI agents: checked locally before review, with deterministic checks, no telemetry, no source upload, and your own AI.
Inside your agent
Run Shipmoor where your code is written.
A trust layer between AI agents and human review.
AI agents produce code that looks plausible in review. Shipmoor is a local-first verification step that catches these mistakes while the change is still in the developer's shell, adds Claim Check for individual developers who need to know whether the agent change earned its claim, and scales into CI gates, PR signals, shared baselines, and governance when teams need control.
See how it works See how it worksLocal-first workflow
From agent output to review-ready change
Run Shipmoor after your agent finishes and before you open a PR. The scanner gives developers a short list of high-confidence risks with enough context to repair the work deliberately.
-
Scan the generated change locally
Use
shipmoor scan --changed,--staged,--diff main...HEAD, or--patch agent.patchbefore CI and before a reviewer is involved. -
Check whether the code matches the task
Shipmoor IC adds Claim Check so Shipmoor can compare the generated diff to the prompt, ticket, or agent session and flag work that looks plausible but solves the wrong problem — deterministic probes decide, an LLM never blocks.
-
Guide the repair, then review
Shipmoor explains why the risk matters and what to check next. It guides fixes with restraint instead of silently rewriting ambiguous product behavior.
Verification Manifest
Built for the moment before merge.
Shipmoor turns local AI code checks into a team workflow: Community CLI for the developer shell, Team for agent loops, CI and PR signals, and Enterprise for governance across repos, policies, audit, and self-hosted boundaries.
Compare the path Compare the path SHIPMOOR Verification Manifest
Register · 5 entries
Local-first · no telemetry · no source upload
Catch agent defects while you still have the shell
VERIFIED M-01
Run Shipmoor after your agent finishes and before you open a PR — a short list of high-confidence risks with the context to repair them.
$ shipmoor scan --changed
scanning 7 changed files · python, typescript
Critical
Hallucinated API core/aether.ts:42
Calls queue.flushPending() — no such method exists on
the symbol.
High
Phantom import core/aether.ts:3
Imports fast-retry, missing from manifest and
lockfile.
High
Stub path api/checkout.py:88
Returns success while the real persistence side
effect is missing.
5 findings · 1 critical, 2 high, 2 medium — JSON,
explain, patch and SARIF from the same evidence.
scan --changedJSON · SARIFexit codes evidence retained · SARIF ready
Check the change against its claim
VERIFIED M-02
Compares the generated diff to the prompt, ticket, or session and reports what it verified, what it found a gap in, and what it can't check yet — deterministic probes decide, an LLM only advises and never blocks.
$ shipmoor intent --diff main...HEAD
Source: ticket PAY-1042 + agent
session · confidence high
Claim:
“persist the order and charge the customer, then emit
order.paid”
gap_disclosed coverage 3 / 4
probes · deterministic
✓ satisfied order row persisted to orders
✕ unsatisfied
payment_intent captured on checkout
◦ cannot_check refund path — no probe yet
llm_inferred · BYO-Judge · advisory, never blocks
~ change may charge in a sibling service — verify
manually
1 unsatisfied probe —
deterministic decides · gate floor holds
A model can never block your merge — only falsifiable
evidence can.
intent vs diffdeterministicno false block evidence retained · SARIF ready
Harness the agents, not just the repo
VERIFIED M-03
Run Shipmoor inside Codex, Claude, and Cursor loops so checks happen where code is created — before plausible-looking work ever becomes reviewer work.
Codex apply patch agent.patch
Shipmoor scan --patch agent.patch
Skill
repair guidance returned to agent
Claude re-applies fix for stub path
Shipmoor
re-scan clean against baseline
Cursor opens review-ready change
CodexClaudeCursor evidence retained · SARIF ready
Turn local findings into review signals
VERIFIED M-04
Promote the same checks into managed CI gates, PR comments, and shared baselines — without changing the review process developers already use.
●
shipmoor / scan
●
shipmoor / claim-check
●
shipmoor / baseline
shipmoor
bot · commented
Blocking: api/checkout.py:88 returns success
but never captures payment. Gate holds until the
claim is earned or waived in policy.
CI gatesPR commentsbaselines evidence retained · SARIF ready
Govern AI coding without moving source
VERIFIED M-05
Central policy, audit logs, SSO, SARIF aggregation, and self-hosted runners — evidence platform and security teams can trust, inside your boundary.
Policy
block new critical integrity findings
SSO GitHub · WorkOS
Runners private · in-boundary
Audit
SARIF aggregated across 38 repos
Residency
source never leaves environment
policyaudit · SSOself-hosted evidence retained · SARIF ready
Catch agent failure modes before merge.
Given a code change and the intent behind it, Shipmoor checks whether the change is real, grounded, dependency-safe, and review-ready.
Harness the agents, not just the repo.
Shipmoor belongs in the loop where code is created: Codex tasks, Claude sessions, Cursor edits, local patches, CI checks, and pull requests.
Govern AI coding without moving source code.
Enterprise keeps checks inside your boundary and gives platform and security teams policy, audit trails, self-hosted runners, and evidence they can trust.
Preflight checks
Agent-assisted code
Local-first scanning
Review-ready changes
Start local. Upgrade when you need more control.
Free local scans for everyone. Pro features for individuals. Team enforcement, governance, and self-hosted runners when you need them.
Community
Free local scans for agent-generated code.
Free
/ developer
Get The Shipmoor CLI Get The Shipmoor CLI
- Shipmoor CLI, local-only
- Changed, staged, diff, and patch input
- Human, JSON, and SARIF output
- Stable CI exit codes
- No account, telemetry, or source upload
Shipmoor IC
For individual developers using AI tools every day.
$19
/ month
or $190 / year — two months free
Start now Start now- Everything in Community
- Claim Check for agent changes
- Agent Skills for AI coding tools
- Agent harness for Codex, Claude, Cursor
- Pro CLI and IDE extension features
Team
For teams that want PR gates, shared policy, and a feedback loop.
$29
/ per dev / month
Request early access Request early access
- Everything in IC
- Managed CI gates and PR comments
- Shared baselines and team policy
- False-positive feedback loop
- Jira, Slack, and SARIF integrations
Enterprise
For organizations with governance, audit, and compliance needs.
Custom
Request early access Request early access
- Everything in Team
- Org admin console and policy
- SSO (GitHub, WorkOS) and audit logs
- Private or self-hosted runners
- Data residency
Questions teams ask first FAQs
Short answers for developers, security, platform, and engineering leaders.
Install the Community CLI and run `shipmoor scan --changed` after your agent finishes. It is designed to be useful before CI, before PR review, and before any account or hosted setup.
Python, TypeScript, JavaScript, and Go today. More languages are planned.
Linters catch syntax, style, and some generic correctness issues. Shipmoor focuses on agent failure modes: phantom imports, hallucinated local APIs, stub paths, placeholder implementations, swallowed errors, and suspicious tests that do not prove the requested side effect.
SAST catches known security patterns. Shipmoor catches generated-code integrity risks that can make AI-assisted work look complete while it is missing a dependency, symbol, side effect, or meaningful test.
AI PR reviewers usually comment after a PR exists. Shipmoor starts locally, before a human reviewer is pulled in, so developers can repair high-confidence agent mistakes while the work is still in their shell.
Claim Check compares the generated change to the prompt, ticket, or agent session that produced it, and tells you whether the change earned the claim that it did the task — using deterministic probes, with an LLM only ever advising and never blocking. It catches plausible-looking code that skipped the real side effect, implemented the wrong workflow, or solved a neighboring problem, and says so honestly where it has no probe to check. Community starts with local preflight checks; Shipmoor IC adds the Claim Check loop.
Yes. Community gives you local scans, deterministic JSON, SARIF, and CI-friendly exit codes. Team adds CI gates, PR comments, shared baselines, repair prompts, and team policy.
No. Shipmoor is a preflight layer before review. It catches the AI-specific mistakes traditional tools tend to miss, then gives reviewers a cleaner change to evaluate.
No. The Community CLI runs where the code already lives and does not upload source code. Team and Enterprise workflows can export findings, hashes, severity, policy results, JSON, and SARIF while keeping source inside your environment.
Community proves the local habit. Individual developers upgrade to Shipmoor IC for Claim Check, Agent Skills, and the agent harness across Codex, Claude, and Cursor. Teams upgrade to Team for managed CI gates, PR comments, shared baselines, repair prompts, and team policy. Enterprise adds governance, audit logs, SSO, self-hosted runners, and data residency.