Shipcheck is a review crew that lives in your Telegram: correctness and security reviewers in parallel, an adversarial verifier that kills weak findings, real test runs, live CVE search — and a spoken verdict when it's done.
live numbers, straight from the production Convex backend
AI now writes a huge share of the code that lands in PRs. It made writing code nearly free — and quietly made reviewing it the most expensive thing your team does.
One engineer with an AI assistant now opens the PRs of five. Senior review attention didn't multiply with it — so reviews get shallower exactly when the code got less trustworthy, and "LGTM" becomes a rubber stamp.
Generated code compiles, reads cleanly, and looks idiomatic — while hiding an off-by-one, a missed edge case, or an injection path. Plausible-looking is the most dangerous kind of wrong, because it sails through a tired human skim.
Assistants pin package versions from stale training data — including versions with known CVEs — and invent security claims the same way. Checking each one against the live web is exactly the boring work humans skip.
So we built a crew that reviews like a skeptical senior — and reports like a colleague. It helps both sides of the new codebase:
Shipcheck is your first-pass gate. It absorbs the flood: reviews every diff, kills its own weak findings before you see them, runs the tests, and hands you a short list of confirmed problems with file, line, and a concrete fix. Your senior attention goes to judgment calls — not to spotting the boundary bug on line 888 of a 40-file PR.
Founders, PMs, and vibe-coders ship AI-written code they can't fully judge — Shipcheck is the engineer-in-the-loop. One Telegram message in; back comes a plain verdict you can act on: ready means merge, blocked means don't — with the reason spoken out loud. No CI setup, no YAML, no reading diffs.
Every run is a pipeline, and every step is recorded — agent, timing, and outcome — in a trace you can open on the dashboard.
Reads the diff, routes it — docs-only PRs skip the security pass.
Correctness + security sub-agents review in parallel.
Argues against every finding with the actual code. Weak claims die here.
Checks out the PR and runs the suite. Failing tests hard-block.
Comment on the PR, voice note in Telegram, trace in Convex.
Not a screenshot — this is the production dashboard, embedded. Every run below really happened; open any card's trace and audit the crew.
Most AI reviewers spray plausible comments. Shipcheck is designed around the opposite: fewer findings, each one defended.
A separate verifier agent gets the merged findings plus the real code around each one, and tries to knock them down. Only what survives is posted.
Dependency bumped? Shipcheck searches the live web (Linkup) and cites the actual CVE id from sourced results — never from model memory.
Exploitable findings are never posted on a public PR. They're DM'd to the maintainer; the public verdict shows only a count — and never a false ✅.
On allowlisted repos the suite actually runs against the PR head. Red tests mean a blocked verdict, no matter how clean the diff looks.
Every agent, duration, search query, and drop decision lands in a public trace — open the dashboard and audit any run.
The manager speaks the outcome (ElevenLabs) straight into Telegram: "PR seven — blocked." Know the answer before you unlock your phone.
AI review tools compete on how many comments they can leave. Shipcheck competes on how many of its findings you can act on without double-checking.
| Capability | 🚢 Shipcheck | Typical AI review bot |
|---|---|---|
| Findings adversarially verified before posting | Separate verifier argues each one against the real code | Posts whatever sounds plausible |
| Actually runs the test suite | Checks out the PR head; red tests hard-block | Never executes code |
| CVE claims backed by live web data | Live Linkup search, sources cited in the trace | CVE ids from stale training memory |
| Security findings kept off public PRs | Private DM to the maintainer; public side sees a count | Posts the vulnerability publicly |
| Auditable run trace | Every agent, timing & drop decision on a public dashboard | Black box |
| Works from chat, hands-free verdicts | One Telegram message in; a voice note out | Browser + CI config |
Today Shipcheck is a single-maintainer crew. The pipeline stays exactly the same — the next steps make it everyone's.
A GitHub webhook triggers the crew the moment a PR is opened — no message needed. The review is just… there.
"Install Shipcheck" on your repos: scoped per-repo tokens, comments posted by the Shipcheck bot identity, zero PAT sharing.
Pro becomes per-organization: each org gets its own private-repo unlock, seats, and escalation channel.
Reviewers are markdown skill files. Drop a performance-reviewer.md or your team's style contract into the crew and it's live on the next run.
The crew moves from one machine to isolated cloud sandboxes — parallel reviews, and safe test execution for any repo, not just allowlisted ones.
The runtime already speaks these platforms — your crew reports wherever your team actually talks.
Public repos are free forever. Pro unlocks reviews on your private repos.
Assembled in one day at the GrowthX buildathon.