multi-agent code review

Ship the PR,
or block it — with receipts.

Shipcheck is a review crew that lives in your Telegram: correctness and security reviewers in parallel, an adversarial verifier that kills weak findings, real test runs, live CVE search — and a spoken verdict when it's done.

tarun@telegram %
🔊 Shipcheck verdict: PR 7 — blocked. Vulnerable dependency.
reviews run
confirmed / dropped
PRs blocked pre-merge
avg full review

live numbers, straight from the production Convex backend

01

Why Shipcheck exists

AI now writes a huge share of the code that lands in PRs. It made writing code nearly free — and quietly made reviewing it the most expensive thing your team does.

🌊

The volume flipped

One engineer with an AI assistant now opens the PRs of five. Senior review attention didn't multiply with it — so reviews get shallower exactly when the code got less trustworthy, and "LGTM" becomes a rubber stamp.

🎭

AI code lies confidently

Generated code compiles, reads cleanly, and looks idiomatic — while hiding an off-by-one, a missed edge case, or an injection path. Plausible-looking is the most dangerous kind of wrong, because it sails through a tired human skim.

📦

Dependencies from memory

Assistants pin package versions from stale training data — including versions with known CVEs — and invent security claims the same way. Checking each one against the live web is exactly the boring work humans skip.

So we built a crew that reviews like a skeptical senior — and reports like a colleague. It helps both sides of the new codebase:

👩‍💻

For the core developer

Shipcheck is your first-pass gate. It absorbs the flood: reviews every diff, kills its own weak findings before you see them, runs the tests, and hands you a short list of confirmed problems with file, line, and a concrete fix. Your senior attention goes to judgment calls — not to spotting the boundary bug on line 888 of a 40-file PR.

🧑‍🚀

For the non-engineer

Founders, PMs, and vibe-coders ship AI-written code they can't fully judge — Shipcheck is the engineer-in-the-loop. One Telegram message in; back comes a plain verdict you can act on: ready means merge, blocked means don't — with the reason spoken out loud. No CI setup, no YAML, no reading diffs.

02

Five agents. One verdict.

Every run is a pipeline, and every step is recorded — agent, timing, and outcome — in a trace you can open on the dashboard.

01

Manager

Reads the diff, routes it — docs-only PRs skip the security pass.

02

Reviewers

Correctness + security sub-agents review in parallel.

03

Verifier

Argues against every finding with the actual code. Weak claims die here.

04

Test run

Checks out the PR and runs the suite. Failing tests hard-block.

05

Verdict

Comment on the PR, voice note in Telegram, trace in Convex.

ready changes held — private review blocked
03

The dashboard, live right now

Not a screenshot — this is the production dashboard, embedded. Every run below really happened; open any card's trace and audit the crew.

shipcheck.pages.dev
04

Built so you can trust the verdict

Most AI reviewers spray plausible comments. Shipcheck is designed around the opposite: fewer findings, each one defended.

⚔️

Adversarial verification

A separate verifier agent gets the merged findings plus the real code around each one, and tries to knock them down. Only what survives is posted.

🌐

Live CVE search

Dependency bumped? Shipcheck searches the live web (Linkup) and cites the actual CVE id from sourced results — never from model memory.

🤫

Security stays private

Exploitable findings are never posted on a public PR. They're DM'd to the maintainer; the public verdict shows only a count — and never a false ✅.

🧪

Real test execution

On allowlisted repos the suite actually runs against the PR head. Red tests mean a blocked verdict, no matter how clean the diff looks.

📊

Full observability

Every agent, duration, search query, and drop decision lands in a public trace — open the dashboard and audit any run.

🔊

Verdicts you can hear

The manager speaks the outcome (ElevenLabs) straight into Telegram: "PR seven — blocked." Know the answer before you unlock your phone.

05

Different by design

AI review tools compete on how many comments they can leave. Shipcheck competes on how many of its findings you can act on without double-checking.

Capability🚢 ShipcheckTypical AI review bot
Findings adversarially verified before postingSeparate verifier argues each one against the real codePosts whatever sounds plausible
Actually runs the test suiteChecks out the PR head; red tests hard-blockNever executes code
CVE claims backed by live web dataLive Linkup search, sources cited in the traceCVE ids from stale training memory
Security findings kept off public PRsPrivate DM to the maintainer; public side sees a countPosts the vulnerability publicly
Auditable run traceEvery agent, timing & drop decision on a public dashboardBlack box
Works from chat, hands-free verdictsOne Telegram message in; a voice note outBrowser + CI config
06

What's coming

Today Shipcheck is a single-maintainer crew. The pipeline stays exactly the same — the next steps make it everyone's.

Next

Auto-review on PR open

A GitHub webhook triggers the crew the moment a PR is opened — no message needed. The review is just… there.

Next

GitHub App install

"Install Shipcheck" on your repos: scoped per-repo tokens, comments posted by the Shipcheck bot identity, zero PAT sharing.

Planned

Teams & per-org billing

Pro becomes per-organization: each org gets its own private-repo unlock, seats, and escalation channel.

Planned

Bring your own reviewer

Reviewers are markdown skill files. Drop a performance-reviewer.md or your team's style contract into the crew and it's live on the next run.

Planned

Hosted runners

The crew moves from one machine to isolated cloud sandboxes — parallel reviews, and safe test execution for any repo, not just allowlisted ones.

Planned

Slack, Discord & WhatsApp

The runtime already speaks these platforms — your crew reports wherever your team actually talks.

07

Pricing

Public repos are free forever. Pro unlocks reviews on your private repos.

Free

$0
no signup, no limits
  • Any public repo
  • Full agent pipeline
  • Voiced verdicts
  • Public run traces
Watch it work

Pro

$1
one-time · test mode
  • Everything in Free
  • Private repositories
  • Private escalation DMs
  • Instant unlock via webhook
Connect a private repo → Pro
08

The stack

Assembled in one day at the GrowthX buildathon.

OpenRouter · agent brain Hermes · agent runtime + Telegram Convex · registry & traces Cloudflare Pages · this site + dashboard Linkup · live CVE search ElevenLabs · spoken verdicts Dodo Payments · Pro checkout