Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions .claude-plugin/marketplace.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{
"name": "agents-shipgate",
"owner": {
"name": "Three Moons Lab",
"email": "help@threemoonslab.com"
},
"description": "Agents Shipgate — the deterministic merge gate for AI-generated agent capability changes. Skill-only plugin: workflows for shipgate check, agents-shipgate verify, and shipgate audit --host; the scanner runs through the agents-shipgate CLI installed locally.",
"plugins": [
{
"name": "agents-shipgate",
"source": "./plugins/claude-code",
"description": "Run Agents Shipgate Tool-Use Readiness workflows from Claude Code: detect whether Shipgate applies, bootstrap the advisory gate, verify agent-capability PRs, and triage findings without fabricating human approval. Requires the agents-shipgate CLI (pipx install agents-shipgate, contract v10 or newer).",
"version": "0.14.0",
"author": {
"name": "Three Moons Lab",
"url": "https://threemoonslab.com/"
},
"homepage": "https://threemoonslab.com/",
"repository": "https://github.com/ThreeMoonsLab/agents-shipgate",
"license": "Apache-2.0",
"keywords": [
"agents",
"claude-code",
"tool-use-readiness",
"release-gate",
"mcp-security",
"policy-as-code"
],
"category": "security",
"strict": true
}
]
}
2 changes: 1 addition & 1 deletion .claude/commands/shipgate.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
description: Run the prominent Agents Shipgate flows: check, verify, or audit --host
description: "Run the prominent Agents Shipgate flows: check, verify, or audit --host"
---

Arguments: `$ARGUMENTS`
Expand Down
15 changes: 15 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,21 @@

## Unreleased

- **Claude Code plugin marketplace.** The repo now doubles as a Claude Code
plugin marketplace (`/plugin marketplace add ThreeMoonsLab/agents-shipgate`,
then `/plugin install agents-shipgate@agents-shipgate`) — the symmetric
counterpart of the existing Codex marketplace. The plugin is skill-only
(the auto-triggering skill + the namespaced `/agents-shipgate:shipgate`
command); the scanner stays in the separately installed CLI and hooks stay
on the explicit `install-hooks` path. Byte-identity with the canonical
skill/command sources is test-pinned. Fixed in passing (caught by
`claude plugin validate`): the canonical `SKILL.md` and `/shipgate`
command shipped YAML frontmatter with an unquoted `:` in `description`,
which Claude Code loads as silently-empty metadata — breaking
description-based skill auto-triggering for every existing install. Both
are now quoted, all byte-identical copies synced, and a regression test
parses the frontmatter.

- **Contract v10 (additive): machine-readable `verify_required` on the Codex
boundary result.** `shipgate check` already escalated to `warn` and routed
to `verify` when a diff touched a tool surface it cannot gate; that deferral
Expand Down
14 changes: 14 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,20 @@ agent mode auto-enables, so a zero-flag `agents-shipgate verify` prints the
compact agent result. Slash command, skill internals, and manual paths:
[`docs/agents/use-with-claude-code.md`](docs/agents/use-with-claude-code.md).

Prefer a plugin over a committed kit? This repo is also a Claude Code plugin
marketplace — the skill-only symmetric counterpart of the Codex plugin below
(workflows, not the scanner binary; install the CLI separately):

```bash
/plugin marketplace add ThreeMoonsLab/agents-shipgate
/plugin install agents-shipgate@agents-shipgate
```

The plugin ships the auto-triggering `agents-shipgate` skill and the
`/agents-shipgate:shipgate` command (plugin commands are namespaced). It does
not ship hooks — install those explicitly with `agents-shipgate install-hooks
--target claude-code --write`, which requires the CLI on `PATH`.

**Codex** — install the skill-only plugin from this repo's marketplace, or
write the repo-scoped kit directly:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@
"398e88622bf73b524f91405ffc5dbccde651c6a9cb7c2df035ab01d39a964e4f",
"9860b9246057289450b425daa212f248be8082327101f2a5e6a355a266f779c1",
"5062b30ee84b3871c6532ce0e6c7ad41ac0203a1bd29be51ac3342e01fcd09cb",
"6031a900efa636677786ceda881af0aa4630500683ee1845f4dd1439fdbe2e70"
"6031a900efa636677786ceda881af0aa4630500683ee1845f4dd1439fdbe2e70",
"1b4470b625110acdc6f1e3930b7e6e6f43653c493e9a44c7ccde0dd9c88b09bb"
],
"prompts/add-shipgate-to-repo.md": [
"ea3c37cfbbd42c40d164abfe21d468a3a5550d5384125f94a53c947dea6b4b2a",
Expand Down
2 changes: 1 addition & 1 deletion adoption-kits/claude-code-skill/SKILL.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
name: agents-shipgate
description: Run prominent Agents Shipgate flows when a change touches what an AI agent can do: `shipgate check`, `agents-shipgate verify`, or `shipgate audit --host`. Use after adding or modifying MCP servers or tools, tool/function definitions (@tool, @function_tool), OpenAPI specs that describe agent tools, agent prompts, permission scopes, approval or confirmation policies, agent CI workflows, or shipgate.yaml — and before creating a PR for any such change. Also use to verify agent-related PRs, fix or triage Shipgate findings, add Shipgate to CI, or interpret Shipgate verifier/report artifacts. Triggers on phrases like "add shipgate", "verify this agent PR", "merge verdict", "release readiness for my agent", "tool-use readiness", "shipgate check", "agents-shipgate verify", "audit host grants", "shipgate.yaml", "agents-shipgate-reports/verifier.json", "agents-shipgate-reports/report.json", "fix shipgate finding".
description: 'Run prominent Agents Shipgate flows when a change touches what an AI agent can do: `shipgate check`, `agents-shipgate verify`, or `shipgate audit --host`. Use after adding or modifying MCP servers or tools, tool/function definitions (@tool, @function_tool), OpenAPI specs that describe agent tools, agent prompts, permission scopes, approval or confirmation policies, agent CI workflows, or shipgate.yaml — and before creating a PR for any such change. Also use to verify agent-related PRs, fix or triage Shipgate findings, add Shipgate to CI, or interpret Shipgate verifier/report artifacts. Triggers on phrases like "add shipgate", "verify this agent PR", "merge verdict", "release readiness for my agent", "tool-use readiness", "shipgate check", "agents-shipgate verify", "audit host grants", "shipgate.yaml", "agents-shipgate-reports/verifier.json", "agents-shipgate-reports/report.json", "fix shipgate finding".'
---

# agents-shipgate skill
Expand Down
21 changes: 21 additions & 0 deletions docs/agents/use-with-claude-code.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,27 @@ when those files exist:
agents-shipgate init --workspace . --write --claude-code
```

### Plugin marketplace (no committed files)

Prefer not to commit skill files into the repo? This repository is a Claude
Code plugin marketplace; the plugin is **skill-only** — it supplies the same
auto-triggering skill plus the slash command, and updates with `/plugin
update` instead of re-running `init`:

```text
/plugin marketplace add ThreeMoonsLab/agents-shipgate
/plugin install agents-shipgate@agents-shipgate
```

Plugin commands are namespaced: the command installs as
`/agents-shipgate:shipgate` (the committed-kit path keeps plain `/shipgate`).
The plugin does not ship hooks or the scanner — install the CLI (`pipx
install agents-shipgate`, contract v10 or newer) and add hooks explicitly
with `agents-shipgate install-hooks --target claude-code --write`. To
pre-provision the marketplace for a whole team, add it to
`.claude/settings.json` under `extraKnownMarketplaces` and enable
`"agents-shipgate@agents-shipgate"` in `enabledPlugins`.

To install the surfaces manually (no CLI), from the root of the project where
you want `/shipgate` and the skill available:

Expand Down
21 changes: 21 additions & 0 deletions plugins/claude-code/.claude-plugin/plugin.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"name": "agents-shipgate",
"version": "0.14.0",
"description": "Run Agents Shipgate Tool-Use Readiness workflows from Claude Code. Skill-only: the plugin supplies the agents-shipgate skill and the /agents-shipgate:shipgate command; the scanner runs through the agents-shipgate CLI installed in the local environment (pipx install agents-shipgate, contract v10 or newer). For the deterministic hooks (trigger check after edits, full verify at Stop), run: agents-shipgate install-hooks --target claude-code --write.",
"author": {
"name": "Three Moons Lab",
"email": "help@threemoonslab.com",
"url": "https://threemoonslab.com/"
},
"homepage": "https://threemoonslab.com/",
"repository": "https://github.com/ThreeMoonsLab/agents-shipgate",
"license": "Apache-2.0",
"keywords": [
"agents",
"claude-code",
"tool-use-readiness",
"release-gate",
"mcp-security",
"policy-as-code"
]
}
81 changes: 81 additions & 0 deletions plugins/claude-code/commands/shipgate.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
---
description: "Run the prominent Agents Shipgate flows: check, verify, or audit --host"
---

Arguments: `$ARGUMENTS`

Agents Shipgate is the deterministic merge gate for AI-generated agent
capability changes.

If the arguments include `audit`, run the host-grant audit flow. If they include
`check`, run the local boundary check. Otherwise run the verifier flow. The
supporting adoption and scan commands remain available, but this slash command
should lead with only the prominent flows: `shipgate check`, `agents-shipgate verify`,
and `shipgate audit --host`.

The canonical, self-contained verifier instructions live in the bundled prompt
files. For verifier runs, read `prompts/verify-agent-diff.md`. Try these paths
in order; use the first that exists:

1. `.claude/skills/agents-shipgate/prompts/<recipe>.md` — bundled with the `agents-shipgate` skill if installed in this project.
2. `prompts/<recipe>.md` — present when this repo is a clone of `agents-shipgate` itself.
3. `https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/prompts/<recipe>.md` — last-resort fetch.

Prominent commands:

```bash
AGENTS_SHIPGATE_AGENT_MODE=1 shipgate check \
--agent claude-code --workspace . --format codex-boundary-json
AGENTS_SHIPGATE_AGENT_MODE=1 agents-shipgate verify \
--workspace . --config shipgate.yaml \
--base origin/main --head HEAD \
--ci-mode advisory --format json
AGENTS_SHIPGATE_AGENT_MODE=1 shipgate audit --host \
--json --out agents-shipgate-reports/host-grants.json
```

For local uncommitted work, omit `--base`/`--head` so uncommitted edits are
scanned. For committed PR/CI refs, make the base ref available first because
`verify` never fetches.

Required behavior (do not skip):

1. Set `AGENTS_SHIPGATE_AGENT_MODE=1` for every CLI call so errors emit a `next_action` JSON line on stderr.
2. Run `agents-shipgate contract --json` when available and use it to verify the installed CLI's schema versions and gating signal.
3. For verifier runs, parse `agents-shipgate-reports/agent-handoff.json` first,
then `verifier.json`, `verify-run.json`, and
`report.json.release_decision.decision` as the release gate.
4. For check runs, parse stdout as `shipgate.codex_boundary_result/v1` and
switch on `decision`, `completion_allowed`, `must_stop`, `first_next_action`,
`human_review`, and `repair`.
5. For host audits, parse `agents-shipgate-reports/host-grants.json` when
`--out` is used, or stdout when running JSON-only.
6. Do **not** bypass the verifier by suppressing findings, lowering severity,
expanding baselines or waivers, removing Shipgate CI, or weakening agent
instructions. Verify-mode `SHIP-VERIFY-*` checks route those trust-root edits
to human review.
7. Add `agents-shipgate-reports/` to `.gitignore` if it is not already.

Report back: `release_decision.decision` and `reason`, `merge_verdict`,
`can_merge_without_human`, blocker / review-item counts, top 3 active findings
by severity, `verifier_summary` trust-root flags when present, capability
change highlights, and one suggested next step.

## Ongoing PRs

For an ongoing PR that changes agent tools, MCP exports, OpenAPI specs, prompts,
permissions, policies, CI gates, or `shipgate.yaml`, run the verifier:

```bash
agents-shipgate verify --base origin/main --head HEAD --json
```

Read `agents-shipgate-reports/agent-handoff.json` first and lead with
`gate.merge_verdict` (a deterministic projection of `release_decision.decision`,
which remains the gate in `report.json`), then the authoritative substrate
`agents-shipgate-reports/verifier.json` and supporting/provisional
`capability_review.top_changes[]`. Do not claim completion when
`merge_verdict` is `blocked`, `insufficient_evidence`, or
`human_review_required` unless the user accepted the human-review requirement, and
never weaken `shipgate.yaml`, Shipgate CI, `AGENTS.md`, policies, baselines, or
waivers to make Shipgate pass.
Loading