Why trust ShipGate?
One paragraph — procurement, partners, and skeptical engineers:
Local merge gate, honest scope. For Next.js App Router on GitHub,
shipgate nextruns on your CI runner. It does not require a ShipGate cloud account or upload your source to us for that command path. SHIP and NO_SHIP are defined in open docs and exit codes — not a black box score. Opt-in analytics are off by default. Everything beyond Tier‑1 (dashboard, AI scan, ISL verification) is optional and documented separately so we do not blur what the merge gate promises.
Verify the claims (canonical repo docs)
| Topic | Document |
|---|---|
npm package (@shipgate.dev/cli) vs shipgate command | package-identity.md |
| Data egress & Tier‑1 “no upload” | data-handling.md |
| Security posture | security.md · SECURITY.md |
What SHIP / NO_SHIP mean for next --strict | tier1-ship-semantics.md |
| Supported vs best-effort (matrix) | supported-matrix.md |
| Positioning guardrails (what we won’t say) | positioning-guardrails.md |
| This monorepo: what we actually enforce in CI | dogfooding-status.md |
On-site deep dives
- Reliability contract — guarantees vs best-effort in this documentation set.
- Tier-1 supported surface — CLI workflows held to contract tests.
- Exit codes (Tier-1) — machine-readable outcomes.
Adoption path
- Run
shipgate next . --strictlocally from your Next.js app root. - Add the golden-path workflow on pull requests.
- After validation, optionally mark the job as a required GitHub status check.