`ship-spec productionalize`

Production readiness analysis across security, SOC 2, code quality, dependencies, testing, and configuration.

ship-spec productionalize --cloud-ok
ship-spec productionalize "B2B SaaS handling PII" --enable-scans --cloud-ok
ship-spec productionalize --categories security,testing --cloud-ok

Options:

Flag	Description	Default
`--enable-scans`	Run Semgrep, Gitleaks, Trivy	`false`
`--categories <list>`	Filter categories (csv)	All
`--reindex`	Force full codebase re-index	`false`
`--no-stream`	Wait for completion	`false`
`--checkpoint`	Enable session persistence	`false`
`--thread-id <id>`	Resume checkpointed session	-
`--no-save`	Print to stdout only	`false`
`--keep-outputs <n>`	Retention limit	`10`
`--cloud-ok`	Consent to cloud usage	Required
`--local-only`	Use local models only	`false`

Analysis categories:

Core: security, soc2, code-quality, dependencies, testing, configuration
Dynamic (auto-detected): container-security, infrastructure-as-code, ci-cd

Workflow:

Gather signals (stack, CI, testing, Docker, IaC)
Researcher (web search for compliance standards)
Scanner (SAST tools if enabled)
Planner (creates subtasks per category)
Workers (parallel analysis)
Aggregator (Markdown report)
Prompt Generator (agent-ready remediation tasks)

Outputs: .ship-spec/outputs/

report-<timestamp>.md
task-prompts-<timestamp>.md (agent-ready remediation tasks)
latest-report.md and latest-task-prompts.md symlinks