Provides a delivery closeout workflow that audits pre-ship readiness, detects CI/CD configuration, and either executes the merge/deploy/canary flow when the project is adapted, or generates detailed advisory commands when not. The skill includes explicit compliance anchors, checklist steps, and exception handling for branch protection and canary failures.
Use this skill when preparing a release after code review and QA are complete (or partially complete). It should be invoked as the final automated step before release, particularly when projects expose test/deploy commands and the agent has permission to run them. In other projects it runs in advisory mode and provides the exact commands to run manually.
Designed for agents with shell/CI access (tmux/CLI-capable agents or server-side automation). Works best where the agent can run detected test and deploy commands or generate advisory output for human operators.
ks-ship is a delivery closeout skill from the KeyStore framework that runs pre-ship checks, detects CI/CD config, executes or advises merge/deploy/canary flows, and produces a structured ship report. It has no bundled scripts — all logic is inline bash in the SKILL.md. Security concerns include use of eval on detected commands (test_cmd, deploy_cmd) which introduces shell injection risk, and telemetry writing to local .keystone/ directory. The skill is well-structured with clear modes (advisory vs project-adapted), exception handling, and a decision contract, but relies on a custom 'keystone' CLI that most projects won't have.
Well-architected skill with clear mode separation and compliance anchors. The eval usage on detected commands is the main security concern (-12 for shell injection risk). The keystone CLI dependency limits broad usefulness. Telemetry is local-only so minor deduction (-5). No curl|bash, no hardcoded creds, no destructive commands without guards. The git merge --abort on conflict is a good safety measure.