From requirements to deployed, tested, secured, compliant code.
Shipwright is the harness your AI follows, the discipline layer that keeps it true to what you already decided. The full development lifecycle - orchestrated as a sequence of inspectable phases, not a black box. Run it from the CLI, manage it from the Command Center, iterate daily.
Ship right, not just fast.
The HARNESS
The harness that keeps your project true to what you already decided
Giving an AI your specs, decisions and architecture is solved. Most good tools do it now. Keeping that record true as the product changes is the hard part.
Shipwright is the harness your AI follows. On every change it checks the work back against your baseline (requirements, architecture, past decisions) and won't let through a change that silently drops a requirement or reverses a call.
COMMAND CENTER
Your AI development team needs a control room.
The Shipwright Command Center is a local web interface for your pipeline. A Kanban board where Claude moves the cards - not you. No 20 windows open. Ready for multiple projects.
Kanban Task Board
Four columns: Backlog, In Progress, In Review, Done. Cards show phase, priority, and Session UUID. You manage you work on the Board and start new tasks or iterates directly with the new button.
Global Inbox
Every question Claude asks across all projects lands in one inbox. Answer with option buttons or freetext. No more missed prompts in buried terminal sessions.
Multi-Project Dashboard
Manage multiple projects from a single board. Switch between projects or view everything cross-project. Each project gets its own phase-to-column mapping.
Project Wizard
Register a new project in four steps: name, stack profile, environment variables, confirmation. Hit start - and the full SDLC pipeline kicks off automatically.
Run it without leaving the board
Launch a pipeline or iterate from a task and the claude command runs in an embedded terminal right on the task page. The live session streams in place. The Command Center just follows the transcript; it never spawns Claude itself.
HOW IT WORKS
Start /shipwright-run and let the pipeline guide you.
Phase by phase, transparent, and learnable. Step-by-step is a feature, not a bug: you see exactly what each phase produces before the next one starts.
Specify
shipwright-project
Describe what you want to build. Shipwright interviews you - or in full-auto mode, infers everything from your description. Output: structured IREB specs ready for planning.
Design
shipwright-design
See before you build. Shipwright reads your specs, asks a few targeted questions, and generates clickable HTML mockups - directly in your browser. Brand tokens extracted automatically from your existing site. Iterate via chat. No Figma needed.
Plan
shipwright-plan
Architecture decisions are handled by your stack profile. Implementation is broken into reviewable sections, each linked to specific screens from the design phase. Every section traces back to a requirement. Optionally reviewed by Gemini and OpenAI for blind-spot detection.
Develop
shipwright-build
Test-Driven Development with adversarial code review. Skeleton first, then tests, then implementation. Design-fidelity check: implementation structure compared against the mockup HTML — UI drift caught at code level. Conventional commits on feature branches.
Test
shipwright-test
Up to 8 test layers: unit, integration against a real database, pgTAP for RLS, smoke, Playwright E2E, cross-page consistency, design-fidelity (code-level mockup vs. implementation), and performance budgets. The ones that matter gate the merge: consistency and fidelity stay advisory.
Secure
shipwright-security
OSS scanning with Semgrep, Trivy, and Gitleaks. Findings are classified; auto-fixable ones - like known-patch dependency bumps - are patched and retested, the rest go to a security-fixer subagent, up to 3 attempts each. Runs out-of-band: after test or in CI, not as a blocking pipeline phase.
Release
shipwright-changelog
Conventional Commits parsed into Keep-a-Changelog format. Automatic version bumping. PR creation with changelog summary. Every release is documented.
Deploy
shipwright-deploy
DEV deploys automatically after every push. PROD deploys manually, when you're ready. Smoke test after every deploy. Automatic rollback on failure.
Comply
shipwright-compliance
Five audit-ready reports generated from the event log: traceability matrix, test evidence, change history, SBOM with license flags. Updated after every phase - never stale.
Shipwright Iterate
From full pipeline to Quick Fix. One framework with Shipwright Iterate.
Not every change needs 10 phases. Shipwright Iterate automatically scales the SDLC to match the complexity of your change: From a 2-minute trivial fix to a structured mini-SDLC with planning, review, and full testing.
Trivial
1 requirement, 1-2 files, no risk
Spec update, build, self-review, unit test. Done in minutes.
Small
1-2 requirements, 3-5 files
Plus confirmation question, mini-plan, and conditional code review.
Medium
2-4 requirements, 5-10 files, cross-split
Plus scoping interview, external LLM review, full test suite, and E2E update.
Large
4+ requirements, 10+ files, high risk
Escape hatch - recommends full pipeline. Checkpoint commit before escalation.
8 Risk Flags enforce safety - regardless of complexity
touches_auth, touches_rls, touches_migrations, touches_billing, touches_middleware, touches_shared_infra, cross_split, touches_public_api. Each flag triggers mandatory code review, full test suite, or rollback scripts - automatically. If scope grows mid-implementation, Iterate escalates: small becomes medium, medium gets a checkpoint commit before escalating to large. No surprises.
PRODUCT
Start free. Choose your preferred environment. Master it.
WHY SHIPWRIGHT
Structure over vibes.
Spec-Driven Development
Describe what you want, AI builds it right. Shipwright follows Spec-Driven Development: requirements first, then structured specs, then planned implementation, then TDD. Every line of code traces back to a requirement.
CI failures, triaged — not buried
CI broken? Shipwright surfaces the failed run as a ready-to-run triage item — one command that launches a structured debug: reproduce, localize, root-cause, failing test. You decide when to run it; the agent does the legwork. No more "CI is red, who broke it?"
Compliance Documentation
Audit-ready artifacts (RTM, ADRs, SBOM, change history) - not audit-ready processes. Shipwright produces the evidence; your governance turns it into compliance.
Built on proven best practices
Shipwright integrates lessons from Addy Osmani's agent-skills, the Superpowers repo and the harness-engineering pattern. Not invented from scratch. Curated from what actually works in production AI agents. Initially started using the deep trilogy by Pierce Lamb.
Target Audience
For who is it relevant?
Developers
that want more than just vibe coding. A structured pipeline from day one, with a visual dashboard to stay on top.
Practitioners
who have already invested heavily in Claude Code and are looking for the next step - moving from "I can prompt it" to "I understand what else is possible with it".
Serious Founders
with enough technical background to know that more prompting won't give better quality - looking for the discipline that turns AI velocity into shippable products.
IT Allrounders
who want or need more than vibe coding: for compliance, customer reputation, or because they want to understand what is running in production.
Consultants
and smaller boutiques that deliver to clients and refuse to ship vibe-coded output with their name on it.
Business Analysts
looking to bring requirements discipline back into AI-coded projects — what to demand of specs, what to verify, what to reject.
Tech Leaders
who want to understand how the current SDLC needs to evolve into a model that is AI native.
Solution Architects
learning to recognize when AI-coded systems honor the architecture and when they quietly drift away from it.
HONEST LIMITS
What Shipwright doesn't do
Behavior correctness is still yours
Shipwright takes the supervision overhead off maintainability and architecture-fitness. Whether the thing actually does what users need stays your call.
Mechanical enforcement, not vibes
Hooks block dangerous actions deterministically. The constitution isn't advisory prose the agent can talk itself out of, it's enforced in code.
Documented
actions, not a blackbox
You stay in the loop at every phase. Shipwright structures the work and catches drift. It doesn't replace your judgment.
Ready to ship right?
Open source. Start building today.