Workflow for the /ship-check Command: Preparing a Shipping Packet in pm-skills

The /ship-check command executes a six-step automated sequence—documenting the system, wiring agent context, auditing security and performance, deriving test coverage, and compiling a markdown shipping packet—to produce a review-ready artifact for human sign-off.

The phuryn/pm-skills repository provides AI-native project management skills for "vibe-coded" repositories. The workflow for the /ship-check command transforms an undocumented codebase into a structured shipping packet that aggregates system documentation, security findings, performance gaps, and test coverage maps into a single hand-off document.

The Six-Step /ship-check Workflow

According to the source code in pm-ai-shipping/commands/ship-check.md, the command executes sequentially with each step feeding into the next. The ordering is intentional: audits depend on documented intent generated earlier, and test coverage maps are built only after gaps are identified.

Step 1: Document the System

/ship-check first ensures core system documentation exists. It checks for architecture, flows, permissions, and environment variables against the shipping-artifacts skill definition found in pm-ai-shipping/skills/shipping-artifacts/SKILL.md.

If documentation is missing or stale, the command automatically triggers /document-app to generate the required artifacts. Only after this inventory is complete does the workflow proceed.

Step 2: Wire the Agent Operating Context

The command generates or refreshes CLAUDE.md (and a companion AGENTS.md) derived from the system documentation. These files establish the agent operating context—telling subsequent AI coding agents what the system is and explicitly what it may not touch.

This step ensures that downstream automated edits respect architectural boundaries defined in the documentation phase.

Step 3: Security Audit

/ship-check runs /security-audit-static and applies the intended-vs-implemented skill to compare actual code against permissions.md, flows.md, and architecture.md.

Only findings that survive this comparison against documented intent are retained. This filters out false positives by grounding security issues in the system's stated design.

Step 4: Performance Audit

The command executes /performance-audit-static to surface specific issues like over-fetching, missing database indexes, and caching gaps. Results are summarized and included in the final packet.

Step 5: Derive the Test-Coverage Map

Calling /derive-tests, the workflow transforms documented rules and audit gaps into a tests.md coverage map. This artifact lists:

  • Rules already covered by existing tests
  • Proposed tests for identified gaps
  • Unverified rules requiring manual review

Generating this map after the audits ensures every discovered gap can be turned into a concrete regression test.

Step 6: Compile the Shipping Packet

The final step aggregates all outputs into a single markdown shipping packet. As defined in pm-ai-shipping/commands/ship-check.md, this packet includes:

  • Documentation inventory status
  • Agent context (CLAUDE.md) validation
  • Test-coverage overview from tests.md
  • Security and performance summaries
  • Launch blockers
  • Recommended next actions

This packet serves as the final hand-off artifact for human review and sign-off.

Running the /ship-check Command

Execute the full workflow against your entire repository or target specific services.


# Run the complete shipping sequence on the entire repo

/ship-check

# Run the sequence for a specific service or directory

/ship-check payments-service
/ship-check supabase/functions

The command accepts a path argument to scope the analysis, making it suitable for microservice repositories or monorepos with distinct deployment units.

Specialist Commands and Dependencies

You can invoke individual steps directly if you need only a subset of the workflow:

  • /document-app – Generates or updates core system docs (architecture, flows, permissions)
  • /security-audit-static – Runs static security analysis against intended-vs-implemented rules
  • /performance-audit-static – Surfaces performance anti-patterns and optimization gaps
  • /derive-tests – Builds the tests.md coverage map from documented rules

These commands are orchestrated automatically by /ship-check, but running them independently is useful for iterative development or CI/CD pipelines.

Summary

  • /ship-check automates a six-step workflow defined in pm-ai-shipping/commands/ship-check.md to prepare codebases for review.
  • The sequence depends on the shipping-artifacts skill in pm-ai-shipping/skills/shipping-artifacts/SKILL.md to define required documentation.
  • It generates CLAUDE.md and AGENTS.md to establish agent operating context before running audits.
  • Security and performance audits are executed statically, with findings filtered against documented intent.
  • The test-coverage map (tests.md) is derived after audits to ensure gaps become regression tests.
  • The final shipping packet is a markdown compilation of documentation, audits, coverage maps, and action items.

Frequently Asked Questions

What is a shipping packet in the pm-skills workflow?

A shipping packet is a single markdown document compiled by the /ship-check command that aggregates documentation inventory, agent context status, security and performance audit summaries, test coverage maps, and recommended next actions. It serves as the definitive hand-off artifact that human reviewers evaluate before signing off on a deployment.

How does /ship-check differ from running the individual specialist commands manually?

While you can run /document-app, /security-audit-static, /performance-audit-static, and /derive-tests independently, /ship-check enforces a specific dependency chain: it ensures documentation exists before auditing, generates agent context before security checks, and derives tests only after gaps are identified. It also compiles all outputs into the unified shipping packet format that individual commands do not produce.

What files must exist for /ship-check to complete successfully?

The command requires the shipping-artifacts skill definition found in pm-ai-shipping/skills/shipping-artifacts/SKILL.md. If core documentation (architecture, flows, permissions, variables) is missing, the command automatically triggers /document-app to create it. The workflow then produces CLAUDE.md, AGENTS.md, and tests.md as intermediate artifacts before finalizing the shipping packet.

Can /ship-check analyze specific parts of a repository?

Yes. The command accepts a path argument to scope the analysis to specific directories or services. For example, /ship-check payments-service or /ship-check supabase/functions will run the six-step workflow against only those paths, making it suitable for partial deployments or microservice updates.

Have a question about this repo?

These articles cover the highlights, but your codebase questions are specific. Give your agent direct access to the source. Share this with your agent to get started:

Share the following with your agent to get started:
curl -s "https://instagit.com/install.md"

Works with
Claude Codex Cursor VS Code OpenClaw Any MCP Client

Maintain an open-source project? Get it listed too →