feat(guardrails): autonomous pipeline — orchestration, auto-review, ship agent

packages/guardrails/profile/AGENTS.md

@@ -84,6 +84,7 @@
 | `investigate` | `/investigate`, debugging tasks | Deep exploration subagent. Reads code, traces data flow, and identifies root causes without edits. |
 | `security` | `/review` (security scope), OWASP checks | Security-focused review subagent. Scans for OWASP Top 10 vulnerabilities, credential leaks, and injection risks. |
 | `code-reviewer` | `/review`, PR review pipeline | Read-only review agent. Analyzes diffs for quality, correctness, and style issues. |
+| `ship` | `/ship` command | Ship agent for merge execution. Verifies all merge gates (CI, review, no CHANGES_REQUESTED) and executes `gh pr merge`. Write-restricted except for merge commands. |
 | `terraform-engineer` | Infrastructure-as-code tasks | Terraform specialist for module design, state management, and multi-cloud provisioning. Write-capable with safe Terraform CLI commands only. |
 | `cloud-architect` | Architecture design, Well-Architected reviews | Read-only cloud architecture analyst for system design, scalability, and compliance. |
 | `deployment-engineer` | CI/CD pipeline, container deployments | Write-capable deployment specialist for zero-downtime releases with Docker and Kubernetes read commands. |

packages/guardrails/profile/agents/ship.md

@@ -0,0 +1,42 @@
+---
+description: Ship agent with merge capability for the /ship command pipeline.
+mode: subagent
+permission:
+  "*": deny
+  read: allow
+  grep: allow
+  glob: allow
+  list: allow
+  bash:
+    "*": deny
+    "git status*": allow
+    "git diff*": allow
+    "git log*": allow
+    "git show*": allow
+    "git branch*": allow
+    "gh pr checks*": allow
+    "gh pr view*": allow
+    "gh pr merge*": allow
+    "gh pr list*": allow
+    "gh api *": ask
+    "rm -rf *": deny
+    "sudo *": deny
+    "git checkout -- *": deny
+    "git push --force*": deny
+    "git reset --hard*": deny
+  edit:
+    "*": deny
+  write:
+    "*": deny
+---
+
+Ship agent for the /ship command pipeline. Verifies all merge gates and executes `gh pr merge`.
+
+The guardrail plugin enforces merge gates at the tool level:
+- review_state must be "done" (set by /review command)
+- CI checks must be green (gh pr checks)
+- No unresolved CRITICAL/HIGH review findings
+- No CHANGES_REQUESTED reviews
+
+Execute the merge only after programmatically verifying all gates.
+Do NOT skip gate verification. If any gate fails, report the failure with evidence.

packages/guardrails/profile/commands/auto.md

@@ -0,0 +1,19 @@
+---
+description: Run the full autonomous pipeline on a task.
+agent: implement
+---
+
+Execute the complete workflow for the requested change:
+
+1. Plan the implementation (if complex, use /delegate for parallelization)
+2. Implement the change with tests
+3. Create a PR with proper branch naming and conventional commits
+4. Run /review and fix all CRITICAL/HIGH findings (max 3 review cycles)
+5. Run /ship to verify gates and execute merge
+6. Create follow-up issues for any discovered out-of-scope problems
+7. Verify completion: implementation + tests + docs + review + merge
+
+Do NOT stop until all steps are complete or a hard blocker is encountered.
+Report blockers explicitly with evidence.
+
+$ARGUMENTS

packages/guardrails/profile/commands/ship.md

@@ -1,23 +1,30 @@
 ---
-description: Run a release-readiness gate without edit access.
-agent: review
+description: Execute the merge workflow after all gates pass.
+agent: ship
 subtask: true
 ---
 
-Run a release-readiness check for the current work.
+Execute the ship workflow for the current work:
 
-Required gates:
+1. Identify the current PR:
+   - Run `gh pr list --head $(git branch --show-current)` to find the PR
+   - If no PR exists, report "No PR found for current branch"
 
-- the scope still matches the requested goal
-- relevant verification has been run and cited
-- risky shell or write operations did not bypass policy
-- remaining approvals, CI, provider, or review gates are listed explicitly
+2. Verify all gates:
+   - Run `gh pr checks <PR_NUMBER>` — all checks must pass
+   - Run `gh pr view <PR_NUMBER> --json reviews` — no CHANGES_REQUESTED
+   - Verify the guardrail review_state (the plugin enforces this at merge time)
 
-Output:
+3. If all gates pass:
+   - Run `gh pr merge <PR_NUMBER> --merge`
+   - Verify the merge succeeded with `gh pr view <PR_NUMBER> --json state`
+   - Report: "PR #<N> merged successfully"
 
-- Ready or Not ready
-- Evidence
-- Blocking gates
-- Next action
+4. If any gate fails:
+   - List each failing gate with evidence (CI output, review status)
+   - Suggest specific remediation for each failure
+   - Do NOT attempt to merge
 
-Default scope is the current uncommitted work unless `$ARGUMENTS` narrows it.
+Default scope is the current branch unless $ARGUMENTS specifies a PR number.
+
+$ARGUMENTS