Agents Shipgate

Agents Shipgate

Deterministic merge verdicts for AI-generated agent capability changes.

87/100Safe BetFreeFree

Agents Shipgate fills a genuine gap: PR-time static analysis for agent tool surfaces. Its local-first, zero-telemetry stance and broad SDK coverage are rare. But it's early-stage—most value comes from consistent CI adoption, and it explicitly doesn't replace runtime guardrails or evals.

Best for
  • AI engineers shipping tool-using agents who need PR-time feedback on capability changes
  • Platform engineers building agent CI/CD pipelines with deterministic merge gates
  • Security and GRC teams reviewing AI agent releases needing audit trails without running agents
  • Teams using multiple agent frameworks wanting a unified pre-merge check
Not ideal for
  • Teams that want runtime guardrails or call-time policy enforcement (use a runtime guardrail instead)
  • Projects without AI-generated agent code or tool surface changes in PRs
  • Users who need LLM evaluation or evals frameworks (Agents Shipgate is static analysis, not evals)
Visit Website

IntermediateCLINo public APIVerified 13d ago
Pricing
Free
FreeFree tier
Learning curve
Intermediate
Runs on
CLI
No public API · 12 integrations
Integrates with
GitHub ActionsMCP (Model Context Protocol)OpenAPIOpenAI Agents SDKAnthropic Messages APIGoogle ADK+6 more
Live sentiment
Is Agents Shipgate actually worth it?

We scan live Reddit threads, YouTube comments, X posts, G2 reviews and other communities — and hand you an honest verdict in under a minute.

  • Honest verdict, not marketing
  • Real pros & cons from real users
  • Attributed quotes with receipts
Run a free scan

3 free scans · no card needed

In short

Agents Shipgate — Deterministic merge verdicts for AI-generated agent capability changes. Best for AI engineers shipping tool-using agents who need PR-time feedback on capability changes, Platform engineers building agent CI/CD pipelines with deterministic merge gates, Security and GRC teams reviewing AI agent releases needing audit trails without running agents. Free to use.

What's new in Agents Shipgate

Checked 13 days ago

Across the latest 10 updates: 9 feature updates and 1 changelog entry.

ChangelogBlog·14 days agoNewest

Agents Shipgate v0.13.0 released

v0.13.0 released with new features for agent PR merge verdicts and trust-root protection.

FeatureBlog·May 25

AI agent CI/CD: add a release gate to your GitHub Actions pipeline

Tutorial on adding agents-shipgate to GitHub Actions in four stages: advisory, baseline, strict, governance.

FeatureBlog·May 25

AI agent deployment checklist: 18 checks before production

Pre-flight checklist for shipping AI agents covering inventory, schemas, scopes, approvals, side effects, idempotency, and blast radius.

FeatureBlog·May 25

How to security-review MCP tools before production

Guidance on reviewing MCP tool surfaces for wildcard exposure, scope creep, missing approval policies, and schema strictness.

FeatureBlog·Apr 27

Your AI agent has a tool surface. It needs a release gate.

Tools are release artifacts. Tool surfaces need deterministic checks before promotion, not just evals.

FeatureBlog·Apr 27

Adding a release gate to an OpenAI Agents SDK project

agents-shipgate statically reads @function_tool decorators and produces release-readiness findings.

FeatureBlog·Apr 27

Adding a release gate to an Anthropic Claude tool-use agent

agents-shipgate scans Claude's JSON tools array and system prompt for release-readiness findings on every PR.

FeatureBlog·Apr 27

How to add Agents Shipgate to GitHub Actions in 5 minutes

Drop a workflow into .github/workflows/ for structured tool-surface review with severity counts.

FeatureBlog·Apr 27

MCP tool surfaces need release review

MCP tools expose dozens of surfaces; review wildcards, scopes, and undocumented actions before promotion.

FeatureBlog·Apr 27

Agents Shipgate vs runtime guardrails: where each one fits

Runtime guardrails enforce at call time; agents-shipgate enforces at PR time. Both are necessary.

Viability Score

87/100
Safe Bet

How likely is Agents Shipgate to still be operational in 12 months? Based on 4 signals — momentum (how recently it shipped), wrapper dependency, revenue model, and web presence.

momentum
100
funding runway
40
website health
90
wrapper dependency
100

Last calculated: July 2026

How we score →

Key Features

  • Deterministic merge verdict: mergeable, human review, insufficient evidence, blocked
  • Static analysis of MCP exports, OpenAPI 3.x, and SDK tool declarations
  • Supports OpenAI Agents SDK, Anthropic Messages API, Google ADK, LangChain, LangGraph, CrewAI, Codex, n8n
  • Capability lock and diff artifacts (capabilities.lock.json, capability-lock-diff.json/.md)
  • Release report JSON with findings and severity counts
  • Agent-native contract (agent_result_v1) for coding agents (Codex, Claude Code, Cursor)
  • Content-addressed local release attestation (attestation.json)
  • SARIF output for GitHub code-scanning integrations
  • Local-first: no verifier network calls by default, no LLM calls, no MCP server connections
  • Zero telemetry by default (opt-in only)
  • GitHub Action with advisory, baseline, strict, and governance modes
  • Semantic capability diff summary in PR comments
  • PR-time analysis, not runtime guardrails
  • Open source under Apache-2.0
  • Agent-native merge contract with eight protocols

About Agents Shipgate

FreeIntermediateNo APICLI

Agents Shipgate is an open-source, local-first CLI and GitHub Action that verifies AI-generated agent capability changes—such as MCP tools, OpenAPI operations, SDK tool declarations, and permission scopes—and returns a deterministic merge verdict before agent code lands. It reads a checked-in shipgate.yaml manifest plus local tool sources and PR diffs, then produces verifier artifacts: a merge verdict (mergeable, human review required, insufficient evidence, or blocked), a compact semantic capability diff, a release report, and an agent-native contract for coding agents to act on autonomously. The tool is built for AI engineers, platform engineers, and security/GRC teams who need pre-merge evidence without running agents or importing user code. Unlike runtime guardrails that enforce policy at call time, Agents Shipgate enforces it at PR time: it performs static analysis on tool surfaces, finds missing approval policies, wildcard exposures, scope creep, schema strictness issues, and side effects, and surfaces them as structured findings. It does not call LLMs, connect to MCP servers, or make network calls by default—verifier telemetry is completely opt-in and defaults off. The company behind Agents Shipgate is Three Moons Lab, which frames this as the first instalment in a broader thesis called 'healthcare for agents': a portfolio of pre-deployment and ongoing health checks for tool-using AI agents. Beyond release readiness, ships baseline snapshots, with capability audits and policy drift detection in design. The package, CLI, repository, and GitHub Action are all named agents-shipgate. It is licensed under Apache-2.0 and published at v0.13.0 as of July 2026.

Behind the Verdict

Agents Shipgate carves out a previously unnamed slot in the AI agent stack: deterministic release readiness for tool-surface changes. If your team ships agents that touch MCP servers, OpenAPI specs, or framework tool declarations, this tool will catch wildcard exposures, missing approval policies, and scope creep before they hit production. The local-first, zero-telemetry design is a honest differentiator—no data leaves your CI runner unless you opt in. That said, the tool is early-stage (v0.13.0). The documentation is clear, but you'll need to invest in CI integration and initial shipgate.yaml setup. It doesn't evaluate outputs or runtime behavior—that's not its job. Pair it with evals and runtime guardrails for full coverage. Compared to alternatives like runtime guardrails (e.g., Helicone, Portkey), Agents Shipgate is complementary: it checks at merge time, not call time. There's no direct competitor for PR-time static analysis of agent capabilities. In practice, we'd reach for this when we trust our agent code generation but want a deterministic gate before merging into main. Teams without agent-generated code or complex tool surfaces will find little use for it. It's best for platform teams shipping agents across multiple frameworks who want one unified check.

Researching Agents Shipgate? Get your full AI stack in 60 seconds.

Free, no signup — tell us your goal and get tools matched to your budget & existing stack.

Use Cases

Limitations

  • Agents Shipgate does not import or execute user code by default; static analysis may miss dynamic tool registrations or runtime-derived schemas.
  • It requires a checked-in shipgate.yaml manifest and explicit tool source declarations.
  • The tool is not an LLM evals framework and does not measure agent behavior or output quality.

12-month cost

Project the real annual outlay, including the implied monthly cost when only an annual tier is published.

Annual total
Free
Over 12 months
Effective monthly

Vendor list price only. Add-on usage, seat overages, and contract minimums are surfaced under Hidden costs & gotchas.

Integrations

GitHub ActionsMCP (Model Context Protocol)OpenAPIOpenAI Agents SDKAnthropic Messages APIGoogle ADKLangChainLangGraphCrewAICodexn8nGitHub Code Scanning (SARIF)

Resources & Guides

Official links

Tools that pair well with Agents Shipgate

Common stack mates teams adopt alongside Agents Shipgate, with the specific reason each pairing earns its keep.

Featured Head-to-Head Comparisons

Alternatives to Agents Shipgate

View all
Poolside AI

Poolside AI

Enterprise open-weight foundation models and agents for high-consequence software engineering.

Contact SalesTry
Replit Agent

Replit Agent

Build and deploy full-stack apps from natural language with Replit Agent.

FreemiumTry
Zhipu GLM

Zhipu GLM

Chinese LLM platform for enterprise agents, MaaS, and open-source models

FreemiumTry

Frequently Asked Questions

Used Agents Shipgate? Help shape our editorial sentiment research.