The agent-native cloud
your AI runs end to end.

Securely and efficiently.

shipd deploy Start shipping See how it works
scoped tokens secrets it never reads destructive changes gated
Follow the code up to the cloud

Structured signal, not a log firehose.

status returns a compact incident grounded to one service, file and line in your Compose. Forty-seven identical crash lines collapse to occurrences: 47 — read the incident, edit the line, redeploy.

shipd status --json

Standard in, nothing to learn.

Your agent already writes Docker Compose. Point it at Shipd and it's done — no SDK to wrap, no new primitives to design around.

docker compose up

Two managed primitives, not fifty.

Serverless Postgres and secrets — auto-wired via the same x- fields vanilla Compose ignores. Everything else is plain Compose the agent already knows.

x-database: engine: postgres

"Works on my machine" finally holds.

The Compose file you run locally is the Compose file that runs in production — merged with a small overlay, no translation layer. Environment drift is structurally impossible.

local ≡ deployed

No lock-in, by construction.

Your deploy artifact is standard Docker Compose. Graduate it to your own Kubernetes, point it at another host, or walk away. Portability isn't a promise — it's a property of the format.

$ docker compose up

This is where it starts.

Your agent writes plain Compose on your laptop — and Shipd carries it straight up into the cloud.

agent · compose.yaml
# the agent writes plain Docker Compose
services:
web:
build: .
ports: ["3000:3000"]
x-scale-to-zero: true
When it breaks

Compose in the cloud is table stakes now.
The difference shows up when it crashes.

Cloud Run takes your Compose too — gcloud run compose up, done. But the deploy was never the hard part for an agent. The hard part is the crash: the rest of the cloud hands your agent logs to read through; Shipd hands it a structured incident grounded to your file — because here your Compose stays the source of truth.

The rest of the cloud

Logs to read through — and nothing to ground a fix to.

The container dies and the platform returns the logs. Your agent reads through them, forms a theory, redeploys to test it, reads again. It can't ground the failure to a line in your code, because the platform reconciles against its own backend — not the Compose file on your disk.

deploy.logstreaming
Read logs theorize redeploy
Shipd

A structured incident, pointing at the line.

The same crash comes back as a compact incident grounded to a service, file and line in your Compose — the 47 identical lines collapse to occurrences: 47. Your agent reads one object, opens that exact file, edits it, and redeploys. It can ground the fix because your Compose is the source of truth the platform deploys from.

shipd status --jsonincident
summaryService 'web' can't reach the database.
causeweb resolves the DB at 127.0.0.1; in the deployed network the DB is service 'db'.
confidence0.93
compose.deploy.yaml : 18
fixDATABASE_URLpostgres://db:5432/app
One read one edit one redeploy

The agents that write it. The services it ships with.

2 files, not a new DSL
1 command to ship
0 SDKs to wrap
≈15 knobs, not 150

The whole platform, in plain Docker Compose.

Get started

Up and running in five minutes.

Install the skill, tell your agent to ship it, and it writes the Compose, runs one command, and hands you a live URL — then keeps watching it in the same session.

npx shipd install

Install the skill

One command. Your agent gains native Shipd access — no SDK to wrap.

“Deploy this to Shipd” Cursor OpenAI Claude
compose.yaml
# compose.yaml — runs locally, unchanged
services:
  web:
    build: .
    ports: ["3000:3000"]
    environment:
      DATABASE_URL: ${DATABASE_URL}
compose.deploy.yaml
# compose.deploy.yaml — the deploy override
services:
  web:
    x-domains: ["app.example.com"]
    x-replicas: 2
    x-scale-to-zero: true
x-database:
  engine: postgres
  bind: web.DATABASE_URL

It writes two files

The one you already run locally, plus a small override. The only non-standard parts live in x- fields vanilla Compose ignores — no fork, no SDK.

shipd deploy
✓ merged compose.yaml + compose.deploy.yaml ✓ provisioned web (2 replicas) · postgres ✓ domain → live · TLS issued → https://your-app.shipd.cloud

One command

Standard Compose merge semantics. Your agent already knows how to write this — no new syntax.

https://your-app.shipd.cloud LIVE

Your app is live

A URL your agent can probe, monitor, and fix — in the same session.

The agent loop

State an agent can act on —
not a log firehose.

Your agent ships, watches, and fixes your app — and when something breaks it gets a structured incident pointing at the exact service, file, and line, not a log dump to guess from. One read, one edit, one redeploy — the whole loop in plain Docker Compose, the format it already writes. Nothing new to learn, no lock-in to walk away from.

shipd status --json LIVE 
{
  "deploy": {
    "version": "v7",
    "status":  "unhealthy",
    "last_healthy": "v6"
  },
  "summary": "Service 'web' is crashlooping: cannot reach the database.",
  "incidents": [
    {
      "category":    "config.network_unreachable",
      "evidence":    { "error": "ECONNREFUSED 127.0.0.1:5432", "occurrences": 47 },
      "diagnosis":   {
        "cause":      "web resolves the DB at 127.0.0.1; in deployed network the DB is service 'db'.",
        "confidence": 0.93,
        "grounding":  {
          "file":    "compose.deploy.yaml",
          "service": "web",
          "key":     "DATABASE_URL",
          "line":    18
        }
      },
      "suggested_fix": {
        "action":  "set_env",
        "service": "web",
        "key":     "DATABASE_URL",
        "value":   "postgres://db:5432/app"
      }
    }
  ]
}

plan before apply

A Terraform-style diff of exactly what will change — with a destructive flag and reason ("deletes volume pgdata, 3.2 GB") that needs a confirm token.

Automatic rollback + post-mortem

Every deploy is an immutable version. Fails readiness? It reverts to the last healthy version and reports why. The floor is always safe.

Secrets it wires, never reads

The agent creates and binds a secret slot; the value is injected out-of-band and never enters its context, logs or transcripts.

Scoped agent permissions

A restricted token can deploy and read logs — but can't delete volumes, read secret values, or blow past cost limits without a human confirm. A hijack has a tiny blast radius.

Built for the loop

Bold where it counts,
boring everywhere else.

The agent loop is a system, not a feature. Observability closes back onto the same artifact your agent edits.

plan before apply,
always.

Because the Compose file declares the entire desired system, your agent previews the exact, system-wide consequences of a change before it runs. Any destructive diff is flagged and blocked until a confirm token is supplied.

⚠ destructive: true → confirm token required

Ephemeral clone envs

Spin up an isolated full copy to test a fix, get a URL, run checks — it self-destructs on a TTL. Never experiment on prod.

TTL: 30 min · self-destructs

Immutable versions

Every deploy is a version you can roll back to in one command, with a post-mortem. The floor is always safe.

rollback: v6

Diagnosis grounded to your file

A failure comes back as a structured incident pointing at service + file + line. Loop closes on one artifact: diagnose → edit → redeploy.

compose.deploy.yaml:18

Cost before you commit

"What does this cost per month?" answered before apply, with budget guardrails against runaway loops.

Scale to zero

Idle apps sleep and wake on request. A dormant project costs about storage, which makes the economics honest where always-on free tiers never were.

≈ $0 cost while idle
Compatible by construction

Whatever your agent builds, it ships here.

Shipd runs standard Docker — so every service your app integrates works without adapters, allow-lists or exceptions. If it runs in a container, it runs on Shipd.

Stripe
Stripe
Shopify
Shopify
Supabase
Supabase
OpenAI
OpenAI
Anthropic
Anthropic
GitHub
GitHub
Twilio
Twilio
Resend
Resend
Cloudflare
Cloudflare
PostgreSQL
PostgreSQL
Redis
Redis
Sentry
Sentry
Pricing

Start free. Pay for what runs.

The Free tier scales to zero — a dormant project costs about storage. On Pro and Scale, the monthly fee is your usage credit: $20 buys $20 of compute, no hidden markup. Every plan ships with a spending cap so your agent can't rack up surprise bills.

Free
Ship it and see
$0
Start shipping
Most popular
Pro
Real users, always on
$20 /mo incl. $20 in usage
Start shipping
Scale
Grow with us
$90 /mo incl. $90 in usage
Talk to us
Infrastructure
Container
Scale-to-zero sleeps when idle, cold start
Always-on no cold start
Always-on higher limits
Services
up to 2
unlimited
unlimited
Resources/service
0.5 vCPU / 512 MB
up to 4 vCPU / 8 GB
up to 16 vCPU / 32 GB
Platform
Cron Jobs
Serverless Postgres
1 DB · 0.5 GB auto-suspend
10 GB incl. auto-backups
50 GB incl. PITR + read-replica
Custom Domains
1
2
unlimited
Egress incl.
10 GB / mo
100 GB / mo
250 GB / mo
Regions
US or EU
US and EU
US + EU multi-region
Preview Environments
Support & SLA
Support
Community
Email
Priority
SLA
99.9%
Spending cap
hard $0 no surprise bills
configurable
configurable
FAQ

The honest questions.

Is it really just Compose?
Yes. Your compose.yaml is the source of truth. Everything platform-specific lives only in x- extension fields that vanilla Docker Compose ignores — so docker compose up keeps working locally, unchanged. No new syntax, no required SDK.
What runs underneath?
Managed Kubernetes on AWS-class infrastructure carries HA, scheduling, networking and rollout. You never touch it: you write Compose, and Shipd translates a small, curated set of x- fields into the runtime. The goal is 15 well-chosen knobs, not 150.
What about my database?
A serverless Postgres that auto-suspends to zero when idle and wakes on connection — you pay storage plus real usage. Schema changes auto-snapshot the database first and offer one-command restore.
Can I leave?
Any time. Your deploy artifact is portable, standard Compose, so there is nothing to re-architect to walk away — or to later graduate into your own cloud account. We turn the exit into a feature.
Is the agent allowed to delete things?
Only with a human confirm. The agent runs on a scoped token: it can deploy and read logs, but it cannot delete volumes, read secret values, or exceed cost limits without a confirm token. And plan shows any destructive change before it happens.
What about cold starts?
On the free tier a scaled-to-zero app wakes on request, and we treat that latency as a first-class problem — pre-pulled images, snapshotting, and a warm window after deploy. Pro runs always-on with no cold starts.

Early access

Be first to ship with Shipd.

We're opening slots to early builders now. Drop your email — no spam, just a ping when you're in.

No credit card. No lock-in. Just Compose.