# Workflow for the /ship-check Command: Preparing a Shipping Packet in pm-skills

> Master the /ship-check command in phuryn/pm-skills. Learn the six-step workflow to automate shipping packet preparation for faster human review and sign-off.

- Repository: [Pawel Huryn/pm-skills](https://github.com/phuryn/pm-skills)
- Tags: how-to-guide
- Published: 2026-06-16

---

**The `/ship-check` command executes a six-step automated sequence—documenting the system, wiring agent context, auditing security and performance, deriving test coverage, and compiling a markdown shipping packet—to produce a review-ready artifact for human sign-off.**

The `phuryn/pm-skills` repository provides AI-native project management skills for "vibe-coded" repositories. The workflow for the `/ship-check` command transforms an undocumented codebase into a structured shipping packet that aggregates system documentation, security findings, performance gaps, and test coverage maps into a single hand-off document.

## The Six-Step /ship-check Workflow

According to the source code in [`pm-ai-shipping/commands/ship-check.md`](https://github.com/phuryn/pm-skills/blob/main/pm-ai-shipping/commands/ship-check.md), the command executes sequentially with each step feeding into the next. The ordering is intentional: audits depend on documented intent generated earlier, and test coverage maps are built only after gaps are identified.

### Step 1: Document the System

**`/ship-check`** first ensures core system documentation exists. It checks for architecture, flows, permissions, and environment variables against the **shipping-artifacts** skill definition found in [`pm-ai-shipping/skills/shipping-artifacts/SKILL.md`](https://github.com/phuryn/pm-skills/blob/main/pm-ai-shipping/skills/shipping-artifacts/SKILL.md).

If documentation is missing or stale, the command automatically triggers `/document-app` to generate the required artifacts. Only after this inventory is complete does the workflow proceed.

### Step 2: Wire the Agent Operating Context

The command generates or refreshes [`CLAUDE.md`](https://github.com/phuryn/pm-skills/blob/main/CLAUDE.md) (and a companion [`AGENTS.md`](https://github.com/phuryn/pm-skills/blob/main/AGENTS.md)) derived from the system documentation. These files establish the **agent operating context**—telling subsequent AI coding agents what the system is and explicitly what it may not touch.

This step ensures that downstream automated edits respect architectural boundaries defined in the documentation phase.

### Step 3: Security Audit

**`/ship-check`** runs `/security-audit-static` and applies the **intended-vs-implemented** skill to compare actual code against [`permissions.md`](https://github.com/phuryn/pm-skills/blob/main/permissions.md), [`flows.md`](https://github.com/phuryn/pm-skills/blob/main/flows.md), and [`architecture.md`](https://github.com/phuryn/pm-skills/blob/main/architecture.md). 

Only findings that survive this comparison against documented intent are retained. This filters out false positives by grounding security issues in the system's stated design.

### Step 4: Performance Audit

The command executes `/performance-audit-static` to surface specific issues like over-fetching, missing database indexes, and caching gaps. Results are summarized and included in the final packet.

### Step 5: Derive the Test-Coverage Map

Calling `/derive-tests`, the workflow transforms documented rules and audit gaps into a [`tests.md`](https://github.com/phuryn/pm-skills/blob/main/tests.md) coverage map. This artifact lists:

- Rules already covered by existing tests
- Proposed tests for identified gaps  
- Unverified rules requiring manual review

Generating this map after the audits ensures every discovered gap can be turned into a concrete regression test.

### Step 6: Compile the Shipping Packet

The final step aggregates all outputs into a single markdown **shipping packet**. As defined in [`pm-ai-shipping/commands/ship-check.md`](https://github.com/phuryn/pm-skills/blob/main/pm-ai-shipping/commands/ship-check.md), this packet includes:

- Documentation inventory status
- Agent context ([`CLAUDE.md`](https://github.com/phuryn/pm-skills/blob/main/CLAUDE.md)) validation
- Test-coverage overview from [`tests.md`](https://github.com/phuryn/pm-skills/blob/main/tests.md)
- Security and performance summaries
- Launch blockers
- Recommended next actions

This packet serves as the final hand-off artifact for human review and sign-off.

## Running the /ship-check Command

Execute the full workflow against your entire repository or target specific services.

```bash

# Run the complete shipping sequence on the entire repo

/ship-check

# Run the sequence for a specific service or directory

/ship-check payments-service
/ship-check supabase/functions

```

The command accepts a path argument to scope the analysis, making it suitable for microservice repositories or monorepos with distinct deployment units.

## Specialist Commands and Dependencies

You can invoke individual steps directly if you need only a subset of the workflow:

- **`/document-app`** – Generates or updates core system docs (architecture, flows, permissions)
- **`/security-audit-static`** – Runs static security analysis against intended-vs-implemented rules
- **`/performance-audit-static`** – Surfaces performance anti-patterns and optimization gaps  
- **`/derive-tests`** – Builds the [`tests.md`](https://github.com/phuryn/pm-skills/blob/main/tests.md) coverage map from documented rules

These commands are orchestrated automatically by `/ship-check`, but running them independently is useful for iterative development or CI/CD pipelines.

## Summary

- **`/ship-check`** automates a six-step workflow defined in [`pm-ai-shipping/commands/ship-check.md`](https://github.com/phuryn/pm-skills/blob/main/pm-ai-shipping/commands/ship-check.md) to prepare codebases for review.
- The sequence depends on the **shipping-artifacts** skill in [`pm-ai-shipping/skills/shipping-artifacts/SKILL.md`](https://github.com/phuryn/pm-skills/blob/main/pm-ai-shipping/skills/shipping-artifacts/SKILL.md) to define required documentation.
- It generates [`CLAUDE.md`](https://github.com/phuryn/pm-skills/blob/main/CLAUDE.md) and [`AGENTS.md`](https://github.com/phuryn/pm-skills/blob/main/AGENTS.md) to establish agent operating context before running audits.
- Security and performance audits are executed statically, with findings filtered against documented intent.
- The **test-coverage map** ([`tests.md`](https://github.com/phuryn/pm-skills/blob/main/tests.md)) is derived after audits to ensure gaps become regression tests.
- The final **shipping packet** is a markdown compilation of documentation, audits, coverage maps, and action items.

## Frequently Asked Questions

### What is a shipping packet in the pm-skills workflow?

A **shipping packet** is a single markdown document compiled by the `/ship-check` command that aggregates documentation inventory, agent context status, security and performance audit summaries, test coverage maps, and recommended next actions. It serves as the definitive hand-off artifact that human reviewers evaluate before signing off on a deployment.

### How does `/ship-check` differ from running the individual specialist commands manually?

While you can run `/document-app`, `/security-audit-static`, `/performance-audit-static`, and `/derive-tests` independently, **`/ship-check`** enforces a specific dependency chain: it ensures documentation exists before auditing, generates agent context before security checks, and derives tests only after gaps are identified. It also compiles all outputs into the unified shipping packet format that individual commands do not produce.

### What files must exist for `/ship-check` to complete successfully?

The command requires the **shipping-artifacts** skill definition found in [`pm-ai-shipping/skills/shipping-artifacts/SKILL.md`](https://github.com/phuryn/pm-skills/blob/main/pm-ai-shipping/skills/shipping-artifacts/SKILL.md). If core documentation (architecture, flows, permissions, variables) is missing, the command automatically triggers `/document-app` to create it. The workflow then produces [`CLAUDE.md`](https://github.com/phuryn/pm-skills/blob/main/CLAUDE.md), [`AGENTS.md`](https://github.com/phuryn/pm-skills/blob/main/AGENTS.md), and [`tests.md`](https://github.com/phuryn/pm-skills/blob/main/tests.md) as intermediate artifacts before finalizing the shipping packet.

### Can `/ship-check` analyze specific parts of a repository?

Yes. The command accepts a path argument to scope the analysis to specific directories or services. For example, `/ship-check payments-service` or `/ship-check supabase/functions` will run the six-step workflow against only those paths, making it suitable for partial deployments or microservice updates.