👇 Want these exact formats for your stack? Get Evidence Pack

Shipyard: delivery governance for AI changes

Delivery governance for AI changes: Spec → Verify → Evidence.

Local-first by default. Exportable evidence for handoffs and auditability (without compliance guarantees).

Spec is the contract → Verification is the gate → Evidence is the deliverable.

Get Evidence Pack GitHub

Quickstart

              $
              git clone https://github.com/wsery558/shipyard-community.git
            
              $
              cd shipyard-community && pnpm install
            
              $
              pnpm dev
              # UI on localhost:3000

🚀 Limited Time

Founding Access · Pro Beta

Founding Pilot (Design Partners) — starting at $299/mo (limited seats). Final pricing TBD.

Risk-free: Cancel anytime. No onboarding calls, no added SLA gates, no hidden fees.

What you get

Pro downloads + channel separation (stable, beta, internal)
Portable bundle (run.ps1 / run.sh / run.cmd) delivered with checksums
Evidence outputs (REPORT + SPEC/VERIFY/SHA256SUMS + artifact hashes)
License activate + status scripts for every release
Docs, quickstart, and troubleshooting guides

Self-serve experience

Self-serve product: download, run, verify, and ship at your own pace
No onboarding calls; start with the bundle and docs
Support exclusively via GitHub Issues & Discussions
No SLA or guaranteed response time

Support Policy (Beta)

GitHub Issues & Discussions only; check docs first.

No SLA or guaranteed reply window.

Get Evidence Pack Get Founding Access

Proof you can show

If it can't be demonstrated or exported, we don't claim it.

1. Spec

Define requirements as reproducible contracts

2. Verify

Gate delivery on smoke/build/lint proof

3. Deliver Evidence

Export audit trail + artifacts bundle

{"time": "2026-01-24T15:32:01Z", "actor": "agent:claude-opus", "action": "execute_spec", "result_hash": "sha256:a3f8e...", "gate": "smoke"} {"time": "2026-01-24T15:32:15Z", "actor": "gate:lint", "action": "passed", "result_hash": "sha256:7c2b1...", "errors": 0} {"time": "2026-01-24T15:32:28Z", "actor": "gate:typecheck", "action": "passed", "warnings": 2, "gate": "typecheck"} {"time": "2026-01-24T15:32:45Z", "actor": "gate:unit_tests", "action": "passed", "result_hash": "sha256:e9d4f...", "duration_ms": 2847} {"time": "2026-01-24T15:33:01Z", "actor": "gate:build", "action": "passed", "artifact_id": "build:1.2.3-rc1"} {"time": "2026-01-24T15:33:18Z", "actor": "gate:smoke_test", "action": "passed", "result_hash": "sha256:6f1a8..."} {"time": "2026-01-24T15:33:35Z", "actor": "spec_executor", "action": "all_gates_passed", "status": "approved_for_release"}

📦 artifacts/ ├── SPEC.md ├── VERIFY_REPORT.md ├── SHA256SUMS.txt ├── build_log.txt ├── shipyard-1.2.3-rc1.tar.gz ├── shipyard-1.2.3-rc1.tar.gz.sig ├── lint_report.json ├── typecheck_report.json ├── test_coverage.html ├── smoke_test_results.json └── audit_trail.ndjson

spec_version: 1.0 → 1.1
+ feature: "ai_change_governance"
+ gate.typecheck.enabled: true
+ gate.smoke_test.timeout: 30s
gate.build.cache: {"level": "standard"} → {"level": "aggressive"}
- deprecated.old_check_flag: true
+ evidence.export_format: ["ndjson", "json"]
artifact_dir: "./dist" → "./artifacts"
+ checksum: "sha256:7f3e9..."

Gates enforced

lint · typecheck · unit · smoke · build · bundle

View evidence

Portable bundle

run.ps1 · run.sh · run.cmd

View evidence

Compliance files

SPEC.md · VERIFY_REPORT.md · SHA256SUMS.txt

View evidence

✓ GATE_PASS typecheck:0 ✓ lint unit_tests:342 ✓ build:1.2.3 EXPORT:ndjson ✓ smoke_e2e sha256:a3f8e... ✓ GATE_PASS rc:check ✓ VERIFY_REPORT 2026-01-24T15:33Z ✓ GATE_PASS typecheck:0 ✓ lint unit_tests:342 ✓ build:1.2.3 EXPORT:ndjson

actor:agent:claude action:execute_spec ✓ APPROVED artifacts:dist/ time:28ms ✓ GATE_PASS gate:smoke bundle:evidence.tar.gz ✓ DELIVERED hash:sha256:7c2b1... ✓ ARCHIVED retention:365d action:execute_spec ✓ APPROVED artifacts:dist/ time:28ms ✓ GATE_PASS gate:smoke

SPEC:v1.1 ✓ checksum sha256:6f1a8... LOGS:complete ✓ SIGNED sig:rsa-2048 audit:trail ✓ SEALED 2026-01-24 version:rc1 ✓ READY checksum SPEC:v1.1 ✓ checksum sha256:6f1a8... LOGS:complete ✓ SIGNED sig:rsa-2048

📊

Activity Export

Delivery gate: all green — typecheck / lint / unit / smoke / build / rc:check

📦

Evidence Bundle

Audit evidence, end to end — redaction + retention/rotation + export (NDJSON/JSON) + UI search/export

🗂️

Spec Vault

Spec Vault is reproducible — preview → apply → export + deterministic backup, with smoke E2E

Procurement language

In regulated delivery, "run logs" are not enough. You need exportable evidence: who/when/what changed, what was verified, and what artifacts shipped.

Common governance asks: SOC 2 / ISO 27001 / NIST (auditability, change control, retention)

Healthcare add-on: HIPAA (access control + audit trail for ePHI-related workflows)

Life sciences add-on: 21 CFR Part 11 (traceability + verification records you can present)

Compliance needs evidence — not vibes.

If AI touches production code, you still own the liability. These industries and frameworks often require traceable changes, retention, and exportable evidence bundles.

Industries that care most

Finance / FinTech
Healthcare / MedTech
Pharma & GxP manufacturing
Government / Public sector
Defense & critical infrastructure
Energy / utilities
Automotive / aviation / safety-critical
Enterprise SaaS (vendor security reviews)

Common standards / frameworks

SOC 2 (auditability, change management)
ISO 27001 / 27002 (security controls)
NIST 800-53 / NIST CSF (governance controls)
PCI DSS (payments)
HIPAA (US healthcare)
GDPR (data governance)
FedRAMP (US government cloud)
21 CFR Part 11 / GxP (regulated records)
ISO 26262 / IEC 61508 / DO-178C (safety-critical)

(*Examples only; actual requirements vary by company and scope.)

Shipyard Pro = Liability Shield

Provenance + evidence bundle export + retention you can show to auditors & clients.

RC-2 Evidence Links

For consultants & agencies: keep AI work billable.

Clients don't pay for surprises — they pay for predictable delivery. Shipyard turns "agent output" into a shippable, reviewable delivery flow.

How agencies buy

Needs transparent usage for client billing
Prefers non-interruption (rate limits = deadlines slip)
Wants evidence to reduce disputes & rework
Often asks: invoice / yearly plan / team access

Pricing bands (hypothesis)

Solo consultant: $49–$99 / month
Small agency (2–10): $199–$499 / month
Multi-client / heavy usage: $999+ / month
Plus usage-based costs with task-level breakdown

We'll validate this via the waitlist data.

Pain language (use on sales deck)

"I can't prove what the agent changed."
"It passed locally but failed in CI — again."
"We burned hours re-running & debugging."
"Costs are a black box — clients push back."
"One limit/timeout and the whole delivery stalls."

Shipyard Pro = Transparent Cost + QoS

Task-level cost ledger + budget pause + predictable runs.

Community vs Pro

Start with Community (open-source). Upgrade to Pro when you need audit-friendly evidence export and retention.

Feature	Community (Open Source)	Pro (Paid)
Local delivery workflow	✅ Full	✅ Full
Spec Vault + preview	✅ Full	✅ Full
Smoke tests + gates	✅ Full	✅ Full
Evidence export (NDJSON/JSON)	⚠️ Basic	✅ Advanced with redaction
Audit retention + rotation	❌	✅
Cost ledger (task-level)	❌	✅
Team governance + roles	❌	✅
Priority support	❌	✅

501 by design

Commercial release is protected — validators & fences to prevent accidental public release.

Who it's for

Shipyard serves teams that need delivery governance, not just CI/CD automation.

💼

Consulting / Agency delivery teams

Need non-stop delivery, billable cost clarity, and a "receipt" they can hand to clients.

🔒

Compliance / Security / GRC

Need audit-ready exports, retention, and a clear responsibility boundary.

🏗️

Staff / Architects

Need policy gates to prevent drift and keep systems shippable over time.

How it works

1) Spec

Write what "done" means. Keep it versioned and reviewable.

2) Verify

Run smoke tests and gates locally. Capture deterministic logs.

3) Evidence

Export an Evidence Pack: activity log, artifacts tree, and checksums.

Who it's for

Consultant / Agency

You worry about: disputes, approvals, rework, scope ambiguity.

Shipyard gives: an exportable handoff package your client can verify.

Join waitlist

Compliance / GRC

You worry about: missing evidence and unverifiable changes.

Shipyard gives: a trace of what ran, what changed, and checksums.

Join waitlist

Staff / Architect

You worry about: drift, regressions, "works on my machine".

Shipyard gives: repeatable gates + evidence you can review later.

Join waitlist

Founding Pilot (Design Partners)

Limited seats. Pricing is finalized with pilot partners (no compliance/SLA promises).

What you get

Evidence Pack template + checksum conventions
Recommended gates setup guide (smoke, activity log, bundle)
Sample exports you can use in real handoffs

Apply for pilot Trust Center

Community vs Pro

Capability	Community	Pro
Run locally	✅	✅
Smoke + basic gates	✅	✅
Evidence Pack export	✅	✅
Team roles / approvals	—	🟡 planned
Hosted retention / SaaS	—	🟡 planned

Roadmap items are explicitly labeled as planned/in progress.

Ready to make AI changes shippable?

Start with the demo, join the waitlist, or explore the open-source Community edition on GitHub.

Run the demo Join waitlist GitHub