-
Notifications
You must be signed in to change notification settings - Fork 0
Home
The deterministic merge gate for AI-generated agent capability changes.
When a coding agent (Claude Code, Codex, Cursor) or a human changes what an AI agent can do, Agents Shipgate turns that diff into a deterministic merge verdict — before the agent gets production-like permissions. This open-source CLI and GitHub Action statically reviews the tools an agent can call: it reads a shipgate.yaml manifest, normalizes tools from MCP, OpenAPI, and SDK sources, and produces a deterministic Tool-Use Readiness Report (Markdown, JSON, SARIF).
Static by default. No agent execution. No tool calls. No LLM calls. No MCP connections. No network. No telemetry.
pipx install agents-shipgate
agents-shipgate init --workspace . --write
agents-shipgate scan -c shipgate.yaml| If you want to… | Read |
|---|---|
| Get a finding in 60 seconds | Quickstart |
| Understand the model | Concepts |
| See it on real public APIs | Real-World Examples |
Write a shipgate.yaml
|
Manifest Reference |
| Browse the 80+ check catalog | Check Catalog |
| Wire it into your CI | CI Recipes |
| Track findings over time | Baseline Workflow |
| Understand the trust posture | Trust Model |
| Write a custom check | Plugin Authoring |
| Debug an error | Troubleshooting |
| Compare against eval/observability | FAQ |
| Read the internals | Architecture |
A scan against DigitalOcean's public OpenAPI (~600 endpoints) surfaces hundreds of findings — most flagging missing approval policies on destructive operations. Against the Twilio Messaging API configured with a read-only declared purpose, it flags every Delete* operation as a scope contradiction. Against the canonical OpenAI Agents SDK customer_service example, it picks up update_seat as a write tool from name alone — without importing the file. Against the Anthropic cookbook customer service agent, it flags cancel_order as a critical missing-approval finding before the pattern reaches production.
| Not evals | Evals test behavior. Shipgate reviews release artifacts. |
| Not observability | Observability records runtime. Shipgate runs before promotion. |
| Not a gateway | Gateways enforce access. Shipgate produces review evidence. |
See FAQ for the longer comparison.
- Source: github.com/ThreeMoonsLab/agents-shipgate
- Marketplace: GitHub Action
-
PyPI:
agents-shipgate - License: Apache-2.0
- Security: see SECURITY.md
Agents Shipgate · Apache-2.0 · maintained by Three Moons Lab · Report a false positive
Getting started
Reference
Workflows
Extending
Project