Shipyard

Detects CI/CD platforms, deployment targets, container configs. Generates .claude/shipyard.json.

• Queries Context7 for CI/CD reference docs per detected platform

Generates production-ready CI/CD workflows from detected stack. Shows diff before overwriting existing workflows.

• Caching strategy per package manager
• Concurrency control (cancel-in-progress)
• Least-privilege permissions
• Multi-stage job dependency chains

Validates workflows using actionlint + built-in heuristic checks.

• Catches wrong Node version, wrong package manager, missing caches
• Detects deprecated action versions, missing permissions block
• Missing test steps, undocumented secrets

Generates or validates Dockerfiles with security best practices. Framework-specific multi-stage builds.

• Next.js standalone, Vite + nginx, FastAPI, Go, Rust patterns
• Non-root user, HEALTHCHECK, .dockerignore
• Validation via hadolint + built-in checks

Broader than Sentinel — includes outdated packages. Determines highest-safe-version accounting for cascading vulnerabilities.

• Integrates with Composure commit gate (blocks on Critical/High CVEs on staged files)

Production readiness checklist. Checks environment variables, health endpoints, error monitoring, CORS, rate limiting, and security headers.