Integrations & tooling

Run the same State Proof engine from the terminal, inside an AI editor, or as a deploy gate. No signup, no account, no API key, and no runtime dependencies for passive checks.

Command Line Interface

Perform instant audits from your terminal.

Standard scan

npx shipshape-scan https://your-app.lovable.app

JSON output

npx shipshape-scan https://your-app.lovable.app --json

Policy + proof pack

npx shipshape-scan https://your-app.lovable.app --profile paid-saas --proof-output shipshape.proof.json

Local/staging state assertions

npx shipshape-scan https://staging.example.com --config shipshape.yml --run-assertions --proof-output shipshape.proof.json

MCP Server

Give LLMs security context while they build.

Add Shipshape to your MCP config:

{
  "mcpServers": {
    "shipshape": {
      "command": "npx",
      "args": ["-y", "shipshape-scan", "--mcp"]
    }
  }
}

Tools: scan_app, explain_finding, generate_fix_prompt, explain_launch_verdict, generate_proof_pack, draft_waiver, review_critical_paths, review_sql_policy.

GitHub Action

Automated security gate for every deploy path.

Drop this in .github/workflows/shipshape.yml:

name: Shipshape
on: [push]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: Cookient16/shipshape@v0.3.0
        with:
          url: https://your-app.lovable.app
          fail_on: high
          proof: shipshape.proof.json

Use config, profile, waiver_file, proof, run_assertions, and fail_on: critical | high | medium | none. Default is high.

AGENTS.md

Teach coding agents the pre-launch rule.

Use the repo template or paste this into your assistant instructions:

Before you tell me an app is ready to launch, run `npx shipshape-scan <url> --profile paid-saas`.
Fix any confirmed critical/high findings, and run `review_sql_policy` on AI-generated migrations before applying them.

Try it now

Free passive scan, about ten seconds, no login.