Quick Start
ShipGuard runs locally and gates your release with deterministic exit codes. No account, no upload — install and scan in under 30 seconds. Tuned for Next.js + Supabase / Firebase apps that ship to Vercel.
Install
Or run once without installing: npx @agenticcli/shipguard scan.
Quick start
Scaffold a policy file, then run your first scan:
›
Use
--changed in CI to scan only files modified in the current PR — it keeps scans under 2 seconds.Commands
| command | what it does |
|---|---|
| shipguard init | create shipguard.policy.yml and .shipguard/ |
| shipguard scan | run all enabled checks on the repo |
| scan --changed | only scan files changed since last commit |
| scan --report | write a Markdown report to .shipguard/reports/ |
| scan --strict | exit 1 on any high / critical finding (for CI) |
| scan --json | emit machine-readable findings for agents |
Exit codes
| code | meaning | action |
|---|---|---|
| exit 0 | safe / only low findings | ship it |
| exit 1 | high / critical findings | blocked — fix and re-scan |
| exit 2 | config error | check shipguard.policy.yml |
| exit 3 | runtime error | file an issue |
CI integration
!
Without
fetch-depth: 0, git may not have enough history for --changed to compute the diff.Policy file
Optional shipguard.policy.yml at the project root controls which findings block, which warn, and which paths to ignore:
For agents
ShipGuard is agent-native: --json emits machine-readable findings, and exit codes gate autonomously. Point your agent at /llms.txt or the /agents page for the full machine-readable map and fix loop.