Security & Trust

Built so an AI agent can’t hurt you.

Specship runs an autonomous agent against your code and tickets. That only works if the permission model, the credential model, and the cost model all give you a kill switch. Here’s how each of those works.

Composio is the credential custodian.

Every third-party OAuth token (GitHub, ClickUp, Linear, Slack…) is held by Composio. Specship never stores raw OAuth tokens on our infrastructure. We hold a reference; Composio holds the secret.

GitHub · ClickUp · Linear · Jira · Slack · Notion

Subscription billing, no surprise tokens.

The agent runs on your Claude Code OAuth subscription, not metered API tokens. You pay a flat monthly fee; there is no per-ticket API line item to be shocked by at month end.

Daily budget cap · hard pause · token telemetry per project

Tested by another agent before merge.

Every PR is reviewed by Gemini Code Assist and CodeRabbit by default. The Specship agent then addresses each comment individually with per-comment fixed / won't-fix replies before the PR can merge.

Gemini · CodeRabbit · your reviewers

The receipts

What we ship today.

No badges we haven’t earned yet. Where something’s in progress, we say so.

Control	Detail	Status
Encrypted env vault	AES-256-GCM at rest with a per-record IV. Master key held outside the database; per-org KMS planned for Enterprise. Decrypted only inside the worker process at job time.	Live
Zero raw OAuth tokens stored	All third-party tokens held by Composio. Specship retains references only.	Live
Audit log on every action	Every ticket pickup, commit, branch push, comment, and merge writes an immutable audit record.	Live
OAuth scope manifest	Each integration declares its minimum scopes in code (lib/composio/auth-configs.ts). A deploy-time audit script reconciles live Composio authConfigs against the manifest and flags drift.	Live
Daily budget cap + hard pause	Per-project daily token spend cap. Hits the threshold → all in-flight jobs pause and you get a Slack/email ping. No surprise bills.	Live
Founder Mode escalate globs	Per-repo path globs that force human review before merge — auto-merge is disabled on any diff that touches them. Defaults: payments, billing, auth, migrations, .env*.	Live
Human override everywhere	Pause a run, reroute a ticket, request changes, or take over the branch. The agent is autonomous only inside the policies you set.	Live
Per-comment PR reply trail	When Gemini / CodeRabbit / a human reviews a PR, each comment gets its own structured fixed / won't-fix reply with a code ref. Auditable.	Live
Branch protection respected	The agent only commits to shipd/ prefixed branches. Default branches stay write-protected for the bot account.	Live
SOC 2 Type II	Working with a Type II auditor. We will not claim compliance until the report lands.	In progress
Third-party pen test	Scoped engagement booked for after public beta. Report will be shared with paying customers under NDA.	Planned
Self-hosted runners	Bring the worker into your VPC. Code never leaves your perimeter. Enterprise tier.	In progress
Data deletion on request	Email security@specship.dev. Workspace + audit logs + secrets purged within 30 days.	Live

Honest disclaimer. Specship is in private beta. We don’t carry a SOC 2 Type II report yet, no signed pen-test letter, and no SLA past best-effort. If those are blockers for your team, email security@specship.dev and we’ll loop you into the compliance roadmap.

Now in private beta

Stop writing tickets nobody picks up.Start shipping.

Join the waitlist — we’re onboarding a few teams a week. Builders only, no procurement decks.

No credit card · We’ll email you when you’re in · Unsubscribe any time