Shipmoor blog
Notes from the loop between agent and merge.
Engineering posts on the detectors that catch AI failure modes, product notes on the Shipmoor surface, and perspectives on what changes when agents write most of the diff.
How an AI lab team runs Shipmoor as a CI gate on a brownfield Python monorepo
A field report: an AI lab team adopted the free Shipmoor Community CLI as a diff-scoped CI gate across eight services in a complex Python monorepo, alongside Trivy, with SARIF and stable exit codes — and what running on real agent-written code taught us.
Read post-
Shipmoor Community CLI v0.2.1: a scan output you can read in five seconds
v0.2.1 redesigns the scan output around the moment a reviewer reads it. A one-line verdict, a one-line context, findings grouped by file with blockers first, inline evidence and fixes, and a footer that tells you exactly what to type next. Plus a progressive explain view and color that means something.
Read -
After the agent, before the review: where AI code tooling misses the moment
A category argument for pre-merge integrity checks on agent-written code, and the eight-criterion proof-of-usefulness methodology we used to test our rules against three production-shape open-source projects.
Read -
Introducing Shipmoor Community CLI: verify agent work before review
A free, local, offline command-line tool that scans Python, TypeScript/JavaScript, and Go for the defects AI coding agents actually leave behind. Built around the moment between 'the agent finished' and 'I'm asking a human to review this.' Includes live runs against Flask, Zod, and Cobra.
Read -
Why AI code integrity is the new category
Linters catch syntax. SAST catches known CVEs. Neither catches the failure modes specific to AI-generated code — and that gap is where the next category lives.
Read