open source · MIT license

AI agents that
fix bugs and ship code
while you sleep.

shipfleet pulls bugs from your existing tools, spawns parallel AI agents to write the fix, runs your tests, then opens a PR — reviewed by a different AI model so nothing gets rubber-stamped. You just approve and merge.

$ npm install -g shipfleet click to copy

requires Node.js 20+ · Git 2.x · Claude Code CLI

~/my-saas-app

$ shipfleet init
  shipfleet v1.0.0
  Detecting project...
  ┌─────────────────────────────────────────────┐
  │  my-saas-app                                │
  │  TypeScript / Next.js                       │
  │  pnpm · vitest · tsc · eslint               │
  │  github.com/acme/my-saas-app                │
  └─────────────────────────────────────────────┘

How it works

Watch agents work. In real time.

Every file read, code write, test run, and git commit streams live to your terminal or dashboard. You can kill, redirect, or send a message to any agent at any time. Nothing is hidden.

shipfleet — 3 agents active

$ shipfleet start
╔══════════════════════════════════════════╗
║  shipfleet v1.0.0                       ║
║  Dashboard: http://localhost:4747        ║
║  Workers:   3 active                     ║
╚══════════════════════════════════════════╝
[w1] 12:03:01 claimed  #42 fix login redirect
[w1] 12:03:02 reading  server/routes.ts
[w1] 12:03:04 reading  server/auth/callback.ts
[w1] 12:03:06 writing  server/auth/callback.ts:47
[w1] 12:03:08 running  npx vitest run auth.test.ts
[w1] 12:03:12 passed   14 tests, 0 failures
[w1] 12:03:13 running  npx tsc --noEmit
[w1] 12:03:15 passed   0 errors
[w1] 12:03:16 commit   a3f829c fix: redirect to /dashboard after OAuth
[w1] 12:03:18 PR #87   github.com/acme/my-app/pull/87
[w2] 12:03:05 claimed  #43 TypeError in billing webhook
[w2] 12:03:07 reading  server/webhooks/stripe.ts
[w2] 12:03:10 writing  server/webhooks/stripe.ts:112
[w2] 12:03:14 running  npx vitest run webhooks.test.ts
[w2] 12:03:18 passed   8 tests, 0 failures
[review] 12:03:20 PR #87 security scan starting (gemini-2.5-pro)
[review] 12:03:24 PASS security: 95/100 · quality: 92/100
[review] 12:03:25 posted review comment to PR #87

Pipeline

Five stages. Fully closed-loop.

Human enters the loop only once: to approve the PR. Everything else — from discovering the bug to verifying the fix worked — is automated.

┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ INGEST │───▶│ TRIAGE │───▶│ BUILD │───▶│ REVIEW │───▶│ VERIFY │ │ Sentry │ │ Haiku │ │ Opus │ │ Gemini │ │ re-check │ │ GitHub │ │ score │ │ worktree │ │ + GPT-5 │ │ 24h post │ │ inbox │ │ dedup │ │ PR open │ │ unbiased │ │ merge │ └──────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘ every 15m auto parallel cross-model if regressed → re-queue

01 Ingest

Auto-discover work

Polls Sentry errors, GitHub Issues (by label), inbox file, CI failures. Scores each by frequency, user impact, severity. Noise filtered out.

02 Triage

AI prioritizes

Haiku reads each item, deduplicates semantically, decides: build it, skip it, or ask a human. Outputs an actionable task with refined description.

03 Build

Claude Code in a worktree

Workers atomically claim tasks (SQLite row lock). Each spawns claude in an isolated git worktree. Runs tests, types, commits, pushes, opens PR.

04 Review

Cross-model. Unbiased.

Gemini reviews security (OWASP, injection, secrets). GPT-5 reviews bugs (logic, races, nulls). Different model families = can't rubber-stamp its own work.

05 Verify

Did the fix actually work?

24h after merge, re-checks the source. Sentry error still firing? GitHub issue still open? Regressions auto-re-queue at high priority.

You

Approve the PR

The only manual step. Review the diff, read the cross-model review comment, merge when ready. Everything else is automated.

Integrations

Plugs into what you already use.

shipfleet automatically ingests work from your existing error tracking, issue trackers, and CI — no new workflows to learn.

Sentry

Error tracking

Polls unresolved errors, ranks by frequency and user impact. High-signal bugs get fixed first.

GitHub Issues

Issue tracker

Watches labeled issues (e.g. shipfleet). Claim, build, PR — closed on merge.

GitLab

GitLab Issues

Same workflow for GitLab repos. Labeled issues become tasks, MRs opened automatically.

Jira

Ticket tracker

Polls Jira issues by label. Syncs status back. Works with Jira Cloud and Server.

Linear

Modern issues

Watches Linear issues with configurable labels. Priority and cycle position drive signal scoring.

PagerDuty

Incidents

Webhook on incident create. Urgency × service criticality drives priority. Root-cause analysis + fix.

Slack

Chat-to-fix

Mention @shipfleet in a channel or react with 🚢. Bug report becomes a PR.

CI / CD

Broken builds

GitHub Actions, CircleCI, Jenkins. Detects failures, reads logs, attempts fix, re-runs pipeline.

Datadog

Monitoring

Monitor alerts trigger tasks. Error spikes, latency regressions, anomaly detection → auto-fix.

Bugsnag / Rollbar

Error trackers

Alternative to Sentry. Same signal scoring by frequency, users affected, severity level.

New Relic

APM

Performance regressions and error spikes from New Relic alerts become tasks automatically.

Inbox file

Drop a line, get a PR

Write to .shipfleet/inbox. For quick ad-hoc tasks without leaving the terminal.

Full documentation →

Reference

Commands

Everything is a subcommand of shipfleet.

USAGE shipfleet <command> [options] SETUP init Detect project, configure, create .shipfleet/ start Launch dashboard + worker fleet on :4747 status Show fleet status, active sessions, cost WORK spawn "title" [desc] Spawn a one-off Claude Code session add "title | desc" Add a task to the inbox queue list [status] List tasks (queued, in_progress, stuck...) stuck Show tasks needing human attention ACTIONS approve <id> Approve a flagged task for building reject <id> Reject and close a task retry <id> Reset attempts, re-queue DAEMON daemon install Run 24/7 as a background service daemon stop Stop the background service daemon logs Tail daemon output

Safety

Can't run amok. 61 tests prove it.

Every autonomous action has a guard. Every guard has a test. The system is built to fail safely, not to fail silently. All security events are recorded in the audit log.

$
Cost caps — $2/task, $20/day, 25%-of-daily per hour (burst protection). Workers pause at limit.
🔑
Secrets scanning — 12 patterns: AWS keys, GitHub tokens, Stripe, JWTs, private keys, DB URLs, Sentry DSNs. Blocks push if detected in diff.
×
Protected files — user-configured + 12 always-protected patterns (.env, credentials.json, .pem, id_rsa, service accounts). Pre-flight + diff scan.
!
28 risky keywords — drop table, rm -rf, eval(), git reset --hard, rejectUnauthorized:false, ngrok, disable auth, force push, and more.
∞
Loop detection — 3+ failed attempts or 2+ regressions = escalated to human. No infinite retries.
↑
Branch protection — never pushes to main/production. Enforced in worker, not just config.
✓
Pre-merge gate — requires: cross-model review, security score ≥70, quality ≥60, no secrets in diff, no protected file changes.
👁
Output sanitization — all SSE streams strip detected secrets with [REDACTED]. Never leaks keys to the browser.
#
Session limits — enforces max_workers cap. Rejects spawn requests over the limit.
📏
Diff size limits — blocks diffs over 5,000 lines or 500KB. Prevents runaway code generation.
∅
Stale cleanup — unreviewed PRs auto-close after 7 days. No branch sprawl.
&clock;
Timeout — each session killed after 10 minutes. No runaway processes.
🔒
Localhost-only API — rejects non-localhost requests. Rate limited to 120 req/min per IP.
📋
Audit log — every block, escalation, secret detection, rate limit, and merge decision is logged to the database.

Install

Three commands to running.

install

# install globally
$ npm install -g shipfleet
# init in your project
$ cd my-project && shipfleet init
# launch
$ shipfleet start
# requirements
Node.js 20+  ·  Git 2.x  ·  Claude Code CLI
npm install -g @anthropic-ai/claude-code
# env vars (never stored in config)
ANTHROPIC_API_KEY  required  — Claude Code sessions
GITHUB_TOKEN       optional  — PR creation + issue ingestion
GOOGLE_AI_API_KEY  optional  — Gemini security review
OPENAI_API_KEY     optional  — GPT-5 bug review

AI agents thatfix bugs and ship codewhile you sleep.