shipyard

On-demand security audit — OWASP, secrets, dependencies, IaC security

Explore requirements through Socratic dialogue and capture project definition

Execute plans using fresh subagents with review gates

Pause in-progress work with a checkpoint

Investigate bugs and failures with systematic root-cause analysis

Use this agent when creating roadmaps, decomposing plans into tasks, making architecture decisions, or breaking down requirements into executable work. Examples: <example>Context: The user is initializing a new project and needs a roadmap. user: "Create a roadmap for building this application" assistant: "I'll dispatch the architect agent to decompose the requirements into phased milestones with dependency ordering and success criteria." <commentary>The architect agent creates roadmaps during /shipyard:init, ordering phases by dependency and risk.</commentary></example> <example>Context: The user needs to plan a specific development phase. user: "Plan the database layer phase" assistant: "I'll dispatch the architect agent to decompose this phase into a structured plan with tasks, verification commands, and success criteria." <commentary>The architect agent creates plans during /shipyard:plan, breaking phases into bite-sized tasks with clear TDD steps and verification.</commentary></example> <example>Context: The user wants a quick, simplified plan for a small feature. user: "Quick add a health check endpoint" assistant: "I'll dispatch the architect agent in simplified mode to produce a lightweight plan for this small feature." <commentary>During /shipyard:quick, the architect produces a simplified plan suitable for small, self-contained changes.</commentary></example>

Use this agent for comprehensive security and compliance analysis across all changes in a phase or milestone. Covers OWASP Top 10, secrets detection, dependency vulnerabilities, IaC security, and supply chain risks. Examples: <example>Context: A phase build is complete and needs security review before proceeding. user: "Run a security audit on the authentication phase" assistant: "I'll dispatch the auditor agent to perform a comprehensive security scan across all files changed in this phase, checking for OWASP vulnerabilities, secrets, dependency issues, and IaC misconfigurations." <commentary>The auditor agent runs after phase verification during /shipyard:build and before delivery during /shipyard:ship, analyzing cross-cutting security concerns that per-task reviews can't catch.</commentary></example> <example>Context: The project is ready to ship and needs a final security gate. user: "Ship it" assistant: "Before shipping, I'll dispatch the auditor agent for a comprehensive security audit across all milestone changes to ensure nothing was missed by individual task reviews." <commentary>During /shipyard:ship, the auditor provides the final security gate. Critical findings block delivery.</commentary></example>

Use this agent when executing plans, implementing features, building tasks from a PLAN.md, or running TDD implementation cycles. This is the primary implementation agent. Examples: <example>Context: A plan has been created and is ready for execution. user: "Build the authentication phase" assistant: "I'll dispatch the builder agent to execute the plan tasks sequentially, following TDD protocol where specified and creating atomic commits for each task." <commentary>The builder agent executes structured plans, following the task protocol strictly including TDD, verification, and atomic commits.</commentary></example> <example>Context: The /shipyard:quick command needs to execute a simplified plan. user: "Quick add a health check endpoint" assistant: "I'll dispatch the builder agent to implement the planned tasks for this quick feature." <commentary>The builder agent handles both full plans from /shipyard:build and simplified plans from /shipyard:quick.</commentary></example> <example>Context: A build was paused and needs to resume. user: "Continue building from where we left off" assistant: "I'll dispatch the builder agent to read the checkpoint and resume execution from the last completed task." <commentary>The builder agent respects checkpoints and can resume from where a previous execution stopped.</commentary></example>

Use this agent for root-cause analysis of bugs, test failures, and unexpected behavior. Follows the 5 Whys protocol and produces ROOT-CAUSE.md with evidence chain and remediation plan. Examples: <example>Context: A test suite is failing after a recent commit and the cause is unclear. user: "Figure out why the tests are failing" assistant: "I'll dispatch the debugger agent to perform systematic root-cause analysis using the 5 Whys protocol." <commentary>The debugger agent investigates before proposing any fix — it produces ROOT-CAUSE.md for the builder to act on.</commentary></example> <example>Context: A builder agent failed a task and produced structured failure documentation. user: "The builder couldn't complete task 3, debug it" assistant: "I'll dispatch the debugger agent with the builder's failure report to trace the root cause." <commentary>The debugger consumes the builder's failure documentation (task, error, files touched, hypothesis) as a starting point for investigation.</commentary></example> <example>Context: A build pipeline is failing with an obscure error. user: "The CI pipeline is broken and I don't know why" assistant: "I'll dispatch the debugger agent to read the error output carefully, check recent changes, and apply 5 Whys to find the systemic cause." <commentary>The debugger reads stack traces completely, gathers evidence at component boundaries, and follows one causal chain to a fixable root cause.</commentary></example>

Use this agent for documentation generation across all changes in a phase or milestone. Generates API docs, architecture updates, and user-facing documentation. Examples: <example>Context: A phase build is complete and needs documentation updated. user: "Generate documentation for the completed phase" assistant: "I'll dispatch the documenter agent to analyze all changes in this phase and generate API docs, architecture updates, and user-facing documentation." <commentary>The documenter agent runs after the simplifier during /shipyard:build, generating documentation that covers cumulative changes across all tasks in the phase.</commentary></example> <example>Context: The project is ready to ship and needs comprehensive documentation. user: "Ship it" assistant: "Before shipping, I'll dispatch the documenter agent to generate comprehensive project documentation including API reference, architecture overview, and user guides." <commentary>During /shipyard:ship, the documenter produces complete documentation in the docs/ directory for external users and future maintainers.</commentary></example>

Use after implementing features, before claiming a phase is complete, when reviewing AI-generated code, or when code feels overly complex. Also use when you notice repeated patterns across files, a function exceeds 40 lines, nesting exceeds 3 levels, or an abstraction has only one implementation. Covers duplication, dead code, over-engineering, and AI-specific bloat patterns like verbose error handling and redundant type checks.

Use when shipping features with public interfaces that lack docs, generating documentation, updating README files, writing API docs, creating architecture documentation, or when documentation is incomplete or outdated. Also use when adding breaking changes, implementing complex algorithms, or before shipping any phase — if a public function lacks a docstring, this skill applies.

Use when starting feature work that needs a branch, creating worktrees for isolation, making atomic commits during development, or completing a development branch via merge, PR, preserve, or discard. Also use when the user says "set up worktree", "create PR", "finish this branch", "start feature", or when you need an isolated workspace for implementation.

Import a handwritten spec document into Shipyard, replacing brainstorming. Use when a freeform spec, requirements, or design document exists.

Import a spec-kit feature spec into Shipyard, replacing brainstorming. Use when a spec-kit feature directory exists with spec.md.

5 hooks across 4 events