Shipwell | Full Codebase Autopilot

Documentation

Overview

Shipwell is a full-codebase analysis engine powered by Claude Opus 4.6 with up to 1 million tokens of context. It ingests your entire repository — every file, every dependency — and performs deep cross-file analysis.

Available as both a CLI tool and a web application, Shipwell supports five core operations:

AuditSecurity vulnerability scanning

MigrateFramework migration planning

RefactorCode quality analysis

DocsDocumentation generation

UpgradeDependency upgrade planning

Installation

Install the Shipwell CLI globally via npm:

npm install -g @shipwellapp/cli

Requires Node.js 18 or later. After installation, run shipwell to verify.

Quick Start

Get started in four steps:

Install

npm install -g @shipwellapp/cli

shipwell login

Set API Key

shipwell config set api-key sk-ant-api03-...

Analyze

shipwell audit https://github.com/your/repo

The CLI will display a live-streaming analysis with findings, severity ratings, and suggested fixes.

CLI Overview

Deep cross-file codebase analysis from your terminal. Powered by Claude with up to 1M token context.

$npm install -g @shipwellapp/cli

Terminal

$ shipwell

SHIPWELL

v0.4.2

Welcome back, Manas!

Claude Opus 4.6·●API Key

Operations

audit<path>Security audit

migrate<path>Migration plan

refactor<path>Refactor analysis

docs<path>Documentation

upgrade<path>Dep upgrade plan

Analysis Operations

Each operation ingests your entire codebase and performs deep cross-file analysis.

shipwell audit <path>

Run a comprehensive security audit across your entire codebase. Detects vulnerabilities, injection risks, auth flaws, and cross-file security issues.

shipwell migrate <path>

Plan framework and library migrations with complete file diffs, dependency chain analysis, and step-by-step migration guides.

shipwell refactor <path>

Detect code smells, duplication, circular dependencies, dead code, and architecture issues with concrete fix suggestions.

shipwell docs <path>

Generate comprehensive documentation including architecture overviews, data flow diagrams, API references, and module guides.

shipwell upgrade <path>

Analyze all dependencies, find known vulnerabilities, check for breaking changes, and plan safe version upgrades.

Auto-Fix PRs

After analysis, if fixable findings are detected, the CLI can create a GitHub PR with suggested fixes — authored by the ShipwellHQ GitHub App.

Append --create-pr to any analysis command. The CLI will prompt to create a PR when fixable issues are found.

shipwell audit https://github.com/acme/api --create-pr

shipwell audit ./my-project --create-pr --yes

✔ Repository: https://github.com/acme/api

✔ PR #42 created

→ https://github.com/acme/api/pull/42

Applied: 8 · Skipped: 2 · Failed: 2

Prerequisite: The ShipwellHQ GitHub App must be installed on the target repository.

Account & Configuration

Manage authentication, API keys, and model preferences.

shipwell loginSign in with Google via browser

shipwell logoutSign out and clear credentials

shipwell whoamiShow current user, API key status, and model

shipwell config set api-key <key>Set your Anthropic API key

shipwell config set model <model>Set the Claude model to use

shipwell delete-keyRemove stored Anthropic API key

shipwell interactiveLaunch interactive guided mode

shipwell modelsList all available Claude models

shipwell updateUpdate CLI to the latest version

shipwell helpList all available commands and flags

Flags & Options

Pass flags to any analysis command to customize behavior.

-k, --api-key <key>Override the stored API key for this run

-m, --model <model>Override the model (e.g. claude-sonnet-4-5-20250929)

-t, --target <target>Migration target framework/library

-c, --context <ctx>Additional context for the analysis

-r, --rawPrint raw streaming output alongside formatted results

-y, --yesSkip cost confirmation prompt

-o, --output <path>Export report to file (.md or .json)

--create-prCreate a GitHub PR with auto-fixes after analysis

Examples with flags:

shipwell migrate ./my-app --target "Next.js 15" --model claude-opus-4-6

shipwell audit ./my-app -y -o report.md

Environment Variables

ANTHROPIC_API_KEYYour Anthropic API key (overrides stored config)

SHIPWELL_MODELDefault model ID (overrides stored config)

SHIPWELL_API_URLAPI base URL for PR creation (default: https://shipwell.app)

GitHub App

The ShipwellHQ GitHub App automatically creates pull requests with suggested fixes from your Shipwell analysis. PRs are authored by ShipwellHQ[bot] and ready for review.

Install GitHub App

How It Works

Three steps from analysis to pull request.

Install the App

Click the button below to install the ShipwellHQ GitHub App on your repositories. You can grant access to all repos or select specific ones.

Run an Analysis

Use the Shipwell web app or CLI to analyze a repository where the app is installed. Findings with auto-fix diffs will be detected.

Create a Fix PR

Click "Create Fix PR" on the web or pass --create-pr in the CLI. Shipwell creates a branch, applies diffs, and opens a PR authored by ShipwellHQ[bot].

What You Get

A clean pull request with all applicable fixes, ready for review.

Open

fix(security): resolve 8 findings from Shipwell audit

shipwellhq[bot] wants to merge 1 commit into main from shipwell/fix-audit-1739234582

Shipwell Security Audit

This PR applies auto-fixes for findings detected by Shipwell's cross-file analysis.

Applied

Skipped

Failed

CRITICALSQL injection in src/db/queries.ts

HIGHHardcoded secret in src/config/auth.ts

HIGHMissing rate limiting on API routes

MEDIUMWeak password hashing in src/auth/hash.ts

+ 4 more fixes applied

Generated by Shipwell

+124-47across 6 files

Usage

Create fix PRs from the web app or the CLI.

Web App

shipwell.app

1Run an analysis on a GitHub repository
2Review findings with auto-fix diffs
3Click "Create Fix PR" to open a PR

CLI

@shipwellapp/cli

shipwell audit <repo> --create-pr

shipwell audit ./local --create-pr --yes

Works with all operations: audit, migrate, refactor, docs, upgrade

Permissions

The app requests only the minimum permissions needed to create fix PRs.

ContentsRead & Write

Read files to generate diffs, write fixes to new branches

Pull RequestsRead & Write

Create PRs with analysis results and suggested fixes

Privacy & Security

The app never stores your code. File contents are read only at PR creation time to apply diffs, then discarded. All analysis is performed using your own Anthropic API key — your code goes directly to Anthropic, not through our servers. GitHub App credentials are stored securely server-side and never exposed to the browser.

FAQ

Common questions about the GitHub App.

What repositories can the app access?

Only the repositories you explicitly grant access to during installation. You can change this anytime in your GitHub settings.

Does the app read my code?

The app only accesses file contents when creating a fix PR — it reads the targeted files to apply diffs. Your code is never stored on our servers. The analysis itself uses your own Anthropic API key, not the GitHub App.

Can I review changes before they're merged?

Absolutely. The app creates a standard pull request, not a direct commit. You review the diff, request changes, or merge — just like any other PR.

What if a diff fails to apply?

If a file has changed since the analysis, that particular fix is skipped. The PR summary shows applied, skipped, and failed counts so you know exactly what happened.

How do I uninstall the app?

Go to github.com/settings/installations, find ShipwellHQ, and click Configure > Uninstall. All access is revoked immediately.

Does it work with private repositories?

Yes. The GitHub App authenticates server-side with its own credentials, so it can access any repo you've granted it permission to — public or private.

API Key & Model

Shipwell uses your own Anthropic API key. Configure it via the CLI or the web settings page.

shipwell config set api-key sk-ant-api03-...

shipwell config set model claude-opus-4-6

You can also override per-run with flags:

shipwell audit ./app -k sk-ant-... -m claude-opus-4-6

API keys are stored locally and never sent to Shipwell servers. Use shipwell whoami to check your current configuration.

Supported Languages

Shipwell can analyze codebases in any language that Claude understands. These are the most commonly used:

TypeScriptJavaScriptPythonGoRustJavaC#C/C++RubyPHPSwiftKotlinDartElixirScalaHaskell

Additional languages and frameworks are supported — Claude's training data covers most programming languages in use today.

Changelog

v0.4.2Latest

•Added shipwell help command with full reference for all commands, flags, and examples
•Added shipwell help <command> for per-command detailed help
•Consolidated /cli and /github-app pages into /docs with #hash navigation
•Minimal footer on /docs, /profile, /settings, /privacy, /terms
•Cleaned terminal demo in docs for better readability

v0.4.1

•npm publish workflow for automated releases
•CLI documentation updates for --create-pr flag

v0.4.0

•GitHub App PR creation via --create-pr flag on all analysis commands
•PRs authored by ShipwellHQ[bot] through the web API
•Added /github-app page with setup guide, PR preview, permissions, and FAQ
•Updated /cli page with Auto-Fix PRs section

v0.3.1

•Updated Claude model context window and max output values
•Streaming analysis findings and metrics in real-time
•Redesigned analysis summary box with word wrapping and markdown stripping

v0.3.0

•Interactive CLI mode with guided prompts (shipwell interactive)
•Enhanced output formatting with compact finding cards
•Export functionality for analysis results (.md and .json)

v0.2.0

•CLI authentication: login, logout, whoami, config commands
•Migrated CLI build to tsup, renamed package to @shipwellapp/cli
•Box-drawing welcome banner with model info display

v0.1.0

•Initial release with five analysis operations: audit, migrate, refactor, docs, upgrade
•Full codebase ingestion with Claude Opus (1M token context)
•Web app with analysis dashboard, health score, and severity distribution
•Firebase authentication with Google sign-in