Best use case
ship is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Devloop commit and PR creation with validation for completed plan work
Teams using ship should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/ship/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How ship Compares
| Feature / Agent | ship | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Devloop commit and PR creation with validation for completed plan work
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Ship - Commit and PR
Validate and ship changes with branch-aware workflow. **You do the work directly.**
**Bash hygiene**: prefer quiet flags to minimize output (`npm install --silent`, `git status -sb`, pipe long output through `| tail -n 20`).
## Phase 1: Pre-flight Check
```bash
git status && git diff --stat && git branch --show-current
```
Read `.devloop/local.md` for preferences: `git.pr-on-complete`, `commits.style`.
| Branch | Flow |
|--------|------|
| main/master | Direct commit (caution) |
| feat/*, fix/* | Feature branch → PR |
| Other | Ask user |
```yaml
AskUserQuestion:
questions:
- question: "How would you like to ship?"
header: "Mode"
multiSelect: false
options:
- label: "Full validation"
description: "Run tests, review, then commit/PR"
- label: "Quick commit"
description: "Skip validation, just commit"
- label: "PR only"
description: "Changes already committed, create PR"
- label: "Atomic commits"
description: "One commit per completed plan task"
```
## Phase 2: Validation (if Full mode)
**Run tests:** Detect from package.json/go.mod/requirements.txt/pom.xml.
**Code review:** If `review.before-commit: always`, use `devloop:engineer` in reviewer mode.
**Safety:** No secrets, no debug code, correct branch.
## Phase 3: Smart Commit
If plan exists:
1. Find tasks marked `[x]` since last commit
2. Offer: single commit vs atomic commits
**Conventional style:**
```
<type>(<scope>): <description>
- Task 1.1: Description
- Task 1.2: Description
```
| Task Contains | Type |
|---------------|------|
| Create, Add, Implement | feat |
| Fix, Resolve | fix |
| Refactor, Clean | refactor |
| Test, Spec | test |
| Doc, README | docs |
| Other | chore |
**Issue closing:** If plan has `issue:` in frontmatter:
- `github.auto_close: always` → Auto-add `Closes #N`
- `github.auto_close: ask` → Prompt
- `github.auto_close: never` → Skip
```bash
git add -A && git commit -m "$(cat <<'EOF'
feat(scope): description
- Task 1.1: Description
- Task 1.2: Description
Closes #42
EOF
)"
```
## Phase 4: PR Creation
| Condition | Action |
|-----------|--------|
| On main/master | Skip |
| pr-on-complete: never | Skip |
| pr-on-complete: always | Auto-create |
| pr-on-complete: ask | Ask user |
Generate PR from plan:
```markdown
## Summary
[Plan title and overview]
## Changes
- [x] Task 1.1: Description
- [x] Task 1.2: Description
## Testing
- [ ] Tests pass locally
- [ ] Code reviewed
```
```bash
gh pr create --title "[Plan Title]" --body "[Description]"
```
## Phase 5: Post-Ship
1. Add PR link to plan header
2. Add Progress Log entry
3. If all tasks complete, update status to `Complete`
```bash
"${CLAUDE_PLUGIN_ROOT}/scripts/check-plan-complete.sh" .devloop/plan.md
```
**If complete:**
```yaml
AskUserQuestion:
questions:
- question: "All tasks done! What next?"
header: "Next"
multiSelect: false
options:
- label: "Archive plan"
description: "Move to archive, start fresh"
- label: "Wait for review"
description: "PR created, wait for feedback"
- label: "Done"
description: "Keep plan for reference"
```
Archive: `"${CLAUDE_PLUGIN_ROOT}/scripts/archive-plan.sh" .devloop/plan.md`
**If not complete:** Offer continue/wait/break.
## Safety Checklist
Before commit: No secrets, no debug, correct branch, tests pass.
Before PR: Good messages, PR description, correct base branch.
## Quick Reference
| Mode | Flow |
|------|------|
| Full validation | Test → Review → Commit → PR |
| Quick commit | Commit only |
| PR only | Create PR from commits |
| Atomic commits | One commit per task |Related Skills
Example Skill
Brief description of what this skill does and the domain expertise it provides.
vulnerability-patterns
Index of vulnerability detection pattern skills. Routes to core patterns (universal) and language-specific patterns for security scanning.
vuln-patterns-languages
Language-specific vulnerability detection patterns for JavaScript/TypeScript, Python, Go, Java, Ruby, and PHP. Provides regex patterns and grep commands for common security vulnerabilities.
vuln-patterns-core
Universal vulnerability detection patterns applicable across all programming languages. Includes hardcoded secrets, SQL/command injection, path traversal, and configuration file patterns.
scan
Run a security assessment using deterministic static analysis tools with LLM-powered triage
results
View the most recent security scan results without re-running the scan
remediation-library
Index of security remediation skills. Routes to specialized skills for injection, cryptography, authentication, and configuration vulnerabilities.
remediation-injection
Security fix patterns for injection vulnerabilities (SQL, Command, XSS). Provides language-specific code examples showing vulnerable and secure implementations.
remediation-crypto
Security fix patterns for cryptographic vulnerabilities (weak algorithms, insecure randomness, TLS issues). Provides language-specific secure implementations.
remediation-config
Security fix patterns for configuration and deployment vulnerabilities (path traversal, debug mode, security headers). Provides language-specific secure implementations.
remediation-auth
Security fix patterns for authentication and authorization vulnerabilities (credentials, JWT, deserialization, access control). Provides language-specific secure implementations.
fix
Fix or guide remediation for a specific security finding from the latest scan report