One codebase → every store, registry, CDN, and channel. Ads on every network. Cloud infra on demand. AI agents tighten the loop.
Install the CLI
curl -fsSL https://sh1pt.com/install.sh | sh
Or: pnpm add -g @profullstack/sh1pt · aube add -g @profullstack/sh1pt · bun i -g @profullstack/sh1pt · npm i -g @profullstack/sh1pt
Dev Env
This repo uses mise as the default local environment for Node, Python, Rust, Bun, Deno, package managers, and repeatable tasks:
mise install mise run install mise run typecheck
See CLI_INTEGRATIONS.md for the CLI-backed integration backlog and install hints.
Ships to
Web / hosting
Mobile
Desktop
TV
XR / VR / AR
Console / game
Browser extensions
Package managers
CDN
Cloud infra (sh1pt deploy / sh1pt scale)
-76B900?logo=nvidia&logoColor=white)
DNS (sh1pt scale dns)
Merch / swag (sh1pt promote merch)
Investor outreach (sh1pt promote investors)
Crowdfunding (sh1pt promote crowdfund)
Organic social (sh1pt promote social)
Niche / user-supplied social (some stubs pending API docs; separate from the skills marketplace matrix below)
Outreach (sh1pt promote outreach)
Payments (sh1pt config payments)
VCS (sh1pt config vcs)
Webhook targets (sh1pt config webhooks)
Chat bridges (sh1pt promote bridge) — relay messages between networks
Document generation (sh1pt promote docs)
CAPTCHA solvers (last-resort, browser-mode fallback only)
AI agents (sh1pt iterate agents)
Chat / bot
Container registries
Promotes via
sh1pt is Expo for everywhere: web, mobile (iOS/Android), desktop (macOS/Windows/Linux/SteamOS), wearables, TV, XR, browser extensions, CLIs, SDKs, package managers, CDNs, container registries, app-hosting platforms — all driven by one manifest, one CLI, and one cloud.
Who it's for
AI agent builders generating apps at volume. Give an agent one API + one manifest, get a live listing on every store and registry without it learning 30 publishing pipelines.
Pricing
$499/year for the managed cloud — build runners (Linux + macOS + Windows), credentials vault, store submission monitoring, webhook alerts, policy linter, rate-limit protection. Self-host core is OSS.
CLI surface
Four verbs. One per word of the tagline. Everything else nests so the global namespace stays tight.
sh1pt build # compile artifacts sh1pt promote # publish (ship), run ads, print swag (merch) sh1pt scale # provision infra (deploy), DNS round-robin, rollouts, cost sh1pt iterate # observe metrics → agent proposes (agents) → ship → measure
Nested subcommand tree:
sh1pt build [--target X] [--channel C] [--cloud]
sh1pt promote (default: launch ads)
setup / status / stop / creatives ad-platform ops
ship [--target X] [--channel C] [--dry-run] publish to stores/registries
init / setup / status / rollback / lint / logs
target add|remove|list|available
merch swag — Printful / Printify
setup / create / list / publish / giveaway / orders / payout
investors angel/seed/VC outreach — CapitalReach.ai + AngelList + OpenVC
setup / pitch / search / status / schedule
crowdfund equity + reward crowdfunding
setup / launch / status
social organic cross-post to 9 social networks
setup / post / metrics
outreach cold email, podcast pitches, launch sites
podcasts / email / launch / status
sh1pt scale
up / down / auto / dns / rollout / cost / status
deploy raw cloud infra (RunPod, DO, Vultr, Hetzner, Atlantic, Railway, Cloudflare)
setup / quote / provision / list / destroy / status
sh1pt iterate
run / watch / goals / test / experiments
agents drive Claude / Codex / Qwen
list / setup / talk / run / generate
sh1pt login (auxiliary)
sh1pt secret set|get|list|rm (auxiliary — credentials vault)
sh1pt skills new|create create sh1pt.skill.json from SKILL.md
sh1pt skills publish --all [--dry-run] promote agent skills to uGig/ClawHub/etc.
sh1pt skills marketplaces list supported skill marketplaces
skills
sh1pt skills new --skill-file ./SKILL.md --source-url https://raw.example/SKILL.md --price 0 sh1pt skills publish --all --dry-run sh1pt skills publish --marketplace ugig clawhub goose sh1pt skills marketplaces
sh1pt skills new creates a sh1pt.skill.json promotion manifest from a local SKILL.md. sh1pt skills publish --all --dry-run prints the exact uGig/ClawHub/Goose/LobeHub/Kilo/Skillstore/etc. commands or manual steps so agents can register, verify credentials, and promote without guessing.
Example dry-run shape:
$ sh1pt skills publish --marketplace ugig clawhub goose --dry-run uGig (CLI/API · live) ugig skills new --title "My Skill" --description "..." ClawHub (CLI · live) npm exec --package=clawhub@latest -- clawhub skill publish . --slug my-skill --name "My Skill" --version 1.0.0 --tags latest,automation Goose Skills (GitHub PR · manual) Add a skills/capabilities/<slug>/SKILL.md plus skill.meta.json entry to gooseworks-ai/goose-skills. next step: open the required PR/import/browser flow after preparing the assets above
skills marketplace readiness
| Marketplace / registry | Current status | Notes |
|---|---|---|
| uGig | live | concrete CLI/API publish path + dedicated adapter package |
| ClawHub | live | concrete CLI publish path |
| Goose Skills | manual | GitHub PR flow documented by the CLI |
| LobeHub | manual | GitHub PR / compatible agent entry flow |
| Kilo Marketplace | manual | helper command scaffold exists, but still requires marketplace-side submission |
| AI Skillstore | manual | GitHub PR flow documented by the CLI |
| Manus Agent Skills | manual | public GitHub import flow |
| VS Code Agent Skills | manual | GitHub PR / index submission flow |
| Moltbook | manual | issue/PR submission path |
| AgentHub | manual | account import flow |
| FreeMyGent | constrained | wallet/on-chain listing flow, not a simple API-key publish path |
| ClawMart | constrained | paid creator membership + API key required |
Use sh1pt skills publish --all --dry-run when you want the exact next-step commands without guessing. The publish output now mirrors the matrix directly: live targets print concrete commands, manual targets print the documented PR/import step, and constrained targets print the blocking requirement before publication. The current rule of thumb is:
- live = concrete command path exists today
- manual = supported via PR/import/browser steps
- constrained = blocked on paid membership, wallet flow, or platform-side requirements
Important: the matrix above is specifically about skills marketplace publishing. If a platform name also appears elsewhere in sh1pt under outreach/social surfaces, treat that as a different integration path with its own readiness level.
promote ship
sh1pt promote ship [--target X] [--channel beta|stable] [--dry-run] [--skip-lint] sh1pt ship init # scaffold sh1pt.config.ts sh1pt ship setup [--store id] [--poll] # connect store credentials sh1pt ship status [--target id] [--json] # live/pending/in-review per target sh1pt ship rollback [--target id] sh1pt ship lint [--strict] [--json] # also runs automatically pre-ship sh1pt ship logs [--target id] [-f] sh1pt ship target add|remove|list|available
sh1pt ship setup is the killer command: run once, connect every store in parallel, walk away. Human-only steps (Apple D-U-N-S, Google Play identity verification, Microsoft Partner Center review) become a tracked checklist with deep links, polled automatically.
promote
sh1pt promote [--platform X] [--budget N] [--duration 7d] [--objective install] [--dry-run] sh1pt promote setup [--platform id] [--poll] # org + ad account + funding + OAuth sh1pt promote status [--platform id] [--json] # aggregated spend / impressions / installs sh1pt promote stop [--platform id] sh1pt promote creatives
Publishing alone is table stakes. promote closes the loop — one command runs install / traffic / awareness campaigns on Reddit, Meta, TikTok, Google, YouTube, X, Apple Search, LinkedIn, and Microsoft Ads at once.
For launch surfaces like Product Hunt, sh1pt can prepare the launch workflow and metadata, but the final submission still runs through browser/manual steps to stay aligned with platform rules.
scale deploy
Provision raw compute you own (distinct from promote ship, which pushes finished apps to hosted platforms).
sh1pt scale deploy setup # connect RunPod / DO / Vultr / Hetzner / Atlantic / Railway / Cloudflare sh1pt scale deploy quote --kind gpu --gpu A100 --gpu-count 2 # cheapest-first across all connected providers sh1pt scale deploy provision --provider cloud-runpod \ --kind gpu --gpu H100 --gpu-count 1 \ --max-hourly-price 4.50 # guardrail — abort if quote exceeds ceiling sh1pt scale deploy list sh1pt scale deploy destroy <instanceId>
GPU hourly rates are $3–8+. --max-hourly-price is strongly recommended for any GPU provision — a forgotten A100 overnight is a tuition-level mistake.
scale
Horizontal scale + round-robin DNS + staged rollouts + spend tracking. Under the hood it composes deploy (to buy/retire instances) with a DNS provider (to point traffic).
sh1pt scale up --instances 5 --max-hourly-price 8 # buy 5 more, abort if >$8/hr total sh1pt scale down --instances 2 sh1pt scale auto --min 2 --max 20 --target-cpu 70 # sh1pt cloud polls + scales for you sh1pt scale dns --provider dns-porkbun --domain api.example.com sh1pt scale dns --provider dns-cloudflare --domain api.example.com --proxied sh1pt scale rollout --version v0.7.0 --strategy canary --percent 5 sh1pt scale cost # hourly/monthly + rightsizing hints sh1pt scale status
iterate
The optimization loop. Pull live metrics (installs, conversion, CPI, churn, errors), hand them to an agent with your declared goals, let the agent propose a diff, ship it, measure, repeat.
sh1pt iterate goals set conversion=8% cpi=2.00 churn=5% # optimization targets sh1pt iterate run # single cycle sh1pt iterate watch --interval 3600 # daemon — cycle every hour sh1pt iterate test "pricing anchor at $99 lifts conversion" --traffic 50 sh1pt iterate experiments
promote merch
Swag — shirts, hoodies, stickers, pens, notebooks, mugs, tote bags, socks, phone cases. Sell it on Shopify/Etsy/Gumroad for revenue, or ship it free to conference attendees and community members for no-cost brand amplification.
sh1pt promote merch setup --provider merch-printful sh1pt promote merch create --design ./logo.svg --products tshirt,hoodie,sticker,pen --price 25 sh1pt promote merch publish --storefront shopify # sell mode sh1pt promote merch giveaway --sku <id...> --addresses ./list.csv # free mode — bulk ship sh1pt promote merch orders sh1pt promote merch payout
Providers: Printful (widest catalog, auto-fulfillment) and Printify (multi-supplier, often lower base cost). The --budget-cap flag on merch giveaway prevents a typo in the CSV from rattling through $5k of free hoodies.
promote bridge
Relay messages between chat networks. Slack ↔ Discord ↔ IRC ↔ Signal ↔ Matrix ↔ Mastodon ↔ Nostr ↔ Telegram. Matterbridge-style but adapter-per-network and vault-first.
sh1pt promote bridge setup --network bridge-discord bridge-matrix bridge-irc sh1pt promote bridge connect discord:123456789012 matrix:!room:example.org irc:libera.chat/#myproj sh1pt promote bridge start # foreground daemon sh1pt promote bridge status # active routes + message counts
Each relay shows "<username> [<network>]: <text>" on the destination so lurkers see who's actually talking. Filter flags (--filter no-bots no-pings no-links) drop patterns you don't want cross-posted.
promote docs
Generate pitch decks, one-pagers, press kits, whitepapers. Keep source markdown in git, regenerate on change.
# open-source, local, version-controlled (markdown → .pptx / .pdf / .html) sh1pt promote docs generate --kind pitch-deck --format pptx --markdown ./deck.md --provider docs-marp # Google Slides — copies a hosted template + substitutes {{vars}} sh1pt promote docs generate --kind pitch-deck --format pdf --provider docs-gslides --template <slides-doc-id> # upload the finished PDF to LuminPDF for a sharable viewer link sh1pt promote docs generate --kind pitch-deck --format pdf --provider docs-marp --upload-to-lumin # long-form (whitepapers, proposals) via pandoc sh1pt promote docs generate --kind whitepaper --format docx --markdown ./whitepaper.md --provider docs-pandoc
promote investors
Fundraising is just another growth channel. sh1pt wraps investor-outreach tools (starting with CapitalReach.ai) so you can run a seed round the same way you run ads — filter by stage/sector/check-size, send personalized intros with your pitch deck, track the funnel from reply to term sheet.
sh1pt promote investors setup sh1pt promote investors search --stage seed --sectors ai,devtools --check-max 500 --out ./target-list.csv sh1pt promote investors pitch \ --stage seed --sectors ai,devtools \ --check-min 50 --check-max 500 \ --deck ./deck.pdf --one-pager ./one-pager.pdf \ --leads-only sh1pt promote investors status # sent / replies / meetings / term sheets sh1pt promote investors schedule # synced calendar meetings
⚠ API vs browser mode. Most investor-outreach platforms don't expose public write APIs — they'd cannibalize their own moat. sh1pt's adapters run in two modes:
api— when the vendor offers programmatic access (rare; usually enterprise-tier).browser— Playwright drives the web UI. A CAPTCHA challenge gets routed to a configured solver (captcha-2captchaorcaptcha-solver). Rate-limited by default (10 sends/hr) to stay under anti-bot thresholds. Use responsibly — respect ToS.
promote crowdfund
Equity (Wefunder, Republic, StartEngine) and reward-based (Kickstarter, Indiegogo). Legal filings (Form C for Reg CF, KYC, bank linking) must be completed manually — sh1pt automates the launch + updates + status polling around them.
sh1pt promote crowdfund setup --provider promo-wefunder sh1pt promote crowdfund launch --target 100000 --duration 30 sh1pt promote crowdfund status
promote social
Cross-post organically to X, LinkedIn, Instagram, Threads, TikTok, YouTube (Shorts + long-form), Reddit, Mastodon, and Bluesky. One Post definition adapts per platform — truncation, hashtag placement, media requirements, visibility rules are all enforced by the adapter.
sh1pt promote social setup --platform social-x social-linkedin social-bluesky sh1pt promote social post \ --body "Launched sh1pt — one CLI ships your app to every store. Early bird \$244/yr." \ --hashtags indiehackers,launch,devtools,ai \ --media ./demo.mp4 --link https://sh1pt.dev sh1pt promote social metrics
Platform quirks the adapters handle: X 280-char limit with hashtags counted, Instagram requires media, TikTok requires a video, YouTube detects Shorts from aspect + duration, Reddit doesn't do hashtags, each Mastodon instance needs its own token.
promote outreach
Every "salesy thing we can automate online" — podcast guest-pitches, cold email sequences, launch coordination.
sh1pt promote outreach podcasts --niche ai,startups,devtools --min-listeners 5000 --deck ./kit.pdf sh1pt promote outreach email --recipients ./targets.csv \ --subject "Thought you might find this useful" \ --body ./templates/pitch.md --from "You <you@yourdomain.com>" --rate 20 sh1pt promote outreach launch --site producthunt --schedule 2026-05-01T07:01:00Z --gallery ./shots/*.png sh1pt promote outreach status
Compliance reminder. Cold email is legitimate under CAN-SPAM / CASL / GDPR only with proper basis (legitimate interest), physical address in the footer, one-click unsubscribe, and immediate opt-out honoring. sh1pt enforces per-hour rate limits (default 20) and auto-suppresses bounces + unsubscribes, but the legal basis is yours to establish.
iterate agents
Drive AI coding CLIs — sh1pt wraps Claude Code, Codex, and Qwen so you can generate/iterate on a project from the same manifest.
sh1pt iterate agents list # which CLIs are installed locally sh1pt iterate agents setup --agent claude codex qwen # install + auth each one sh1pt iterate agents talk [agent] --recipe <id> # interactive session with a preloaded recipe prompt sh1pt iterate agents run <agent> "add stripe checkout to /waitlist/checkout" sh1pt iterate agents generate --recipe waitlist-crypto-investor --boilerplate next-supabase --out ./my-app
Cross-cutting utilities
sh1pt login # authenticate with sh1pt cloud (device-code flow) sh1pt secret set|get|list|rm # manage credentials vault (used by every verb) sh1pt config show # print the resolved manifest sh1pt config stack set # prompts — node / bun / python / rust / custom sh1pt config payments add # payment providers: CoinPay default, Stripe/PayPal opt-in sh1pt config vcs set # prompts — GitHub / GitLab / Gitea / local-only sh1pt config webhooks add discord # paste-URL integrations (Slack / Teams / Telegram / Discord / generic)
Secrets model: prompt, don't .env. sh1pt prompts for API keys and writes them to the credentials vault — no .env in your project is required for sh1pt-managed secrets. ctx.secret('KEY') in every adapter reads from the vault. You only need .env for build-time-inlined values like NEXT_PUBLIC_SUPABASE_URL where the framework requires it.
Stacks
Supported today (interactive pick via sh1pt config stack set):
- Node — TypeScript + React (Next.js, Expo, Tauri, Chrome ext) — default
- Bun — TypeScript on Bun runtime (Hono backend, compile-to-single-binary)
- Python — FastAPI + Supabase
- Rust — Axum + Supabase (tiny release binaries, great for Fly machines)
- Custom — bring your own, sh1pt skips scaffolding
Planned: C++ (Drogon / Crow) and .NET (ASP.NET Core).
Payments
CoinPay is the default provider — crypto early-access prepay is the killer flow for the waitlist-crypto-investor recipe. Fiat providers are opt-in stubs today:
// sh1pt.config.ts payments: { defaultProvider: 'payment-coinpay', providers: { coinpay: { use: 'payment-coinpay', enabled: true, config: { acceptedCoins: ['BTC','ETH','USDC','SOL'] } }, stripe: { use: 'payment-stripe', enabled: false, config: {} }, paypal: { use: 'payment-paypal', enabled: false, config: {} }, }, platformFeeBps: 1500, // marketplaces: 15% platform fee via Stripe Connect }
CLI shortcuts (sh1pt config payments add|remove|default|list|fee) edit this block without hand-touching the file.
VCS
Git + a remote (GitHub / GitLab / Gitea) are plumbing every verb touches. promote ship --channel stable tags a release and uploads assets. iterate run opens a PR from the branch the agent just wrote to. promote outreach launch can auto-link the public repo.
sh1pt config vcs set # prompts — GitHub / GitLab / Gitea / local-only sh1pt config vcs auth --provider vcs-github # writes GITHUB_TOKEN (or GITLAB_TOKEN / GITEA_TOKEN) to vault sh1pt config vcs release v0.7.0 --body ./RELEASE.md --asset ./dist/*.tar.gz sh1pt config vcs pr --head iterate/fix-abc --base main --title "fix checkout flow" sh1pt config vcs hook add --events push,pull_request,release
Local git stays the source of truth. The VCS provider handles remote-side operations (releases, PRs, webhooks) that can't be done with git alone.
Contract tests
Every adapter implements one of ~12 interfaces (Target, AdPlatform, CloudProvider, DnsProvider, MerchProvider, PaymentProvider, SocialPlatform, VcsProvider, WebhookTarget, AgentCLI, CaptchaSolver, Recipe). sh1pt ships generic contract-test runners in @profullstack/sh1pt-core/testing — adapters consume them with one line:
// packages/payments/coinpay/src/index.test.ts import { contractTestPayment } from '@profullstack/sh1pt-core/testing'; import payment from './index.js'; contractTestPayment(payment, { sampleConfig: { merchantId: 'm_test' }, requiredSecrets: ['COINPAY_API_KEY'], });
Each runner verifies:
- id / label / required fields present and correctly namespaced (e.g.
payment-*,cloud-*,webhook-*) connect()throws a vault-hint error when required secrets are missing — enforces the prompt-to-vault ruledry-runnever hits the network — guardrail against accidental real calls in test suites- Return shapes match the declared types
- Interface-specific guardrails — e.g. GPU cloud adapters accept
--max-hourly-price, social adapters with media requirements reject posts without media, payments parse webhooks without throwing
Run everything:
pnpm test # vitest run pnpm test:watch # vitest --watch
Full contract for representative adapters (pkg-npm, cloud-runpod, payment-coinpay, bridge-discord, docs-marp, etc.) and smoke tests for everything else (~110 adapters). Smoke is deliberately permissive — verifies the adapter exports id + label, the id follows the package-family convention, and kind / supports are declared where the interface requires them. No network calls, no sample configs. Graduates to a full contract test as real implementations land.
// smoke test — used on ~110 adapters across the repo import { smokeTest } from '@profullstack/sh1pt-core/testing'; import adapter from './index.js'; smokeTest(adapter, { idPrefix: 'social' });
Auth UX
Setup flows follow a least-friction-first ordering — prefer whichever the vendor supports:
- Webhook URL — paste once, done. No token lifecycle. (Discord, Slack incoming, Teams connector, generic HTTP.)
- API key / static token — one copy-paste. Long-lived credentials, no expiry dance.
- OAuth — browser redirect + callback. Automated but multi-step.
- Manual URL + written instructions — last resort. Print a deep link to the vendor's developer page with "go here, do this, paste the result."
Never "set an env var from the shell." When an adapter's connect() throws "KEY not in vault" the CLI launches the right flow automatically.
Webhooks — the minimum viable integration
Sometimes all you need is a webhook URL. Create one in the destination (Discord channel → Webhooks, Slack app → Incoming Webhooks, Teams channel → Connectors, Telegram bot from BotFather), paste it once:
sh1pt config webhooks add discord # prompts for the URL, stores in vault sh1pt config webhooks add slack --events ship.published,scale.alarm.tripped sh1pt config webhooks add telegram # bot token + chat_id sh1pt config webhooks add teams sh1pt config webhooks add generic # any HTTP URL; body is HMAC-signed sh1pt config webhooks test discord --event ship.published # fire a stub event
Sh1pt fires every configured target on the events you subscribe it to — ship.published, promote.campaign.started, promote.merch.order.placed, scale.alarm.tripped, payments.checkout.completed, iterate.cycle.completed, etc. Or use * to get everything.
Customer-direction subscriptions (sh1pt → your server):
sh1pt config webhooks sub add https://yoursite.com/api/sh1pt --events ship.published,payments.checkout.completed # prints the signing secret ONCE — store it; sh1pt only keeps a hash. # Verify the X-Sh1pt-Signature header with HMAC-SHA256(body, secret).
Recipes — sell the features, then build them
A recipe is a composed app type. Declare one in sh1pt.config.ts and sh1pt scaffolds a product shape — including pricing tiers, payment flows, waitlist capture, and an investor pitch page — that ships the marketing side across every channel immediately. Then an agent fills in the actual product on demand the waitlist proves.
The flagship recipe — waitlist-crypto-investor:
- Landing page + tiered pricing (default: $244/yr early-bird vs $499/yr standard)
- Prepaid waitlist (email + handle), early-bird tier sends signups straight to checkout
- Crypto payment via CoinPay / Solana Pay / Coinbase Commerce + Stripe for cards
- Investor page with pitch deck viewer, team, traction, contact
- Referral program — $50 credit per invite, tiered bonuses (3 → +$150, 10 → +$600, 25 → +$2000)
- Supabase auth + postgres + RLS (Row-Level Security) for every table
Every boilerplate (next-supabase, expo-supabase, tauri-supabase, chrome-ext-react, bun-hono-supabase) declares this recipe by default. Override any field in recipeConfig, or swap recipes entirely.
// sh1pt.config.ts export default defineConfig({ name: 'my-app', version: '0.1.0', recipe: 'waitlist-crypto-investor', recipeConfig: { pricing: [ { id: 'early', label: 'Founder tier', amount: 99, currency: 'USD', cadence: 'yearly' }, { id: 'standard', label: 'Pro', amount: 299, currency: 'USD', cadence: 'yearly' }, ], referral: { rewardAmount: 25 }, }, targets: { /* ... */ }, });
Combined flow:
sh1pt agents generate --recipe waitlist-crypto-investor --boilerplate next-supabase sh1pt ship --channel beta # deploy the waitlist + investor page everywhere sh1pt supports sh1pt promote --budget 100/day # run ads across Reddit / Meta / TikTok / Google / YouTube # … collect prepaid signups. build what pays.
Install
curl -fsSL https://sh1pt.com/install.sh | sh
The installer picks whichever JS runtime/package manager it finds (bun -> pnpm -> aube -> npm -> deno) and installs @profullstack/sh1pt globally. Or pick your own:
pnpm add -g @profullstack/sh1pt # or aube add -g @profullstack/sh1pt # or bun install -g @profullstack/sh1pt # or npm install -g @profullstack/sh1pt # or deno install -g -A -f -n sh1pt npm:@profullstack/sh1pt
The CLI runs on Node (22+), Bun (1.1+), and Deno (2.0+).
Future: bun build --compile will produce a standalone binary for brew install sh1pt, winget install sh1pt, etc. — no JS runtime required on the user's machine.
Declare creatives, budget, and targeting in sh1pt.config.ts:
promo: { platforms: { reddit: { use: 'promo-reddit', config: { businessId: '...', accountId: '...' } }, meta: { use: 'promo-meta', config: { adAccountId: '...', pageId: '...' } }, tiktok: { use: 'promo-tiktok', config: { advertiserId: '...' } }, google: { use: 'promo-google', config: { customerId: '...', campaignType: 'app-install' } }, youtube: { use: 'promo-youtube', config: { customerId: '...', formats: ['bumper-6s', 'shorts'] } }, }, defaultBudget: { amount: 50, currency: 'USD', cadence: 'daily' }, creatives: [{ headline: '...', description: '...', image: './assets/ad1.jpg' }], targeting: { geo: ['US','CA','GB'], languages: ['en'] }, }
One campaign definition fans out to every platform sh1pt understands how to talk to — same model as targets.
Layout
sh1pt/
├── sh1pt.config.ts This repo ships ONE thing — the CLI — to every package manager.
│ This config dogfoods sh1pt to publish itself.
├── packages/ Workspace members — what this repo actually produces.
│ ├── core/ Target plugin interface, manifest schema, registry
│ ├── cli/ `sh1pt` CLI (the single user-facing artifact)
│ ├── sdk/ Programmatic JS/TS SDK
│ ├── api/ SaaS backend (Hono) — projects, releases, builds, credentials, agents
│ ├── policy/ Store-policy linter (runs before every ship)
│ ├── promo/ Ad-platform adapters (reddit, meta, tiktok, google, youtube, x, apple-search, linkedin, microsoft)
│ ├── cloud/ Cloud-infra adapters (runpod, digitalocean, vultr, hetzner, atlantic, railway, cloudflare, fly, supabase, firebase)
│ ├── dns/ DNS adapters (porkbun, cloudflare)
│ ├── agents/ AI CLI adapters (claude, codex, qwen)
│ ├── secrets/ Secret-provider CLI adapters (doppler, dotenvx, onepassword)
│ ├── observability/ Release/telemetry CLI adapters (sentry)
│ ├── security/ Security scanner CLI adapters (snyk)
│ ├── recipes/ App-type recipes (waitlist-crypto-investor, …)
│ ├── merch/ Print-on-demand adapters (printful, printify)
│ ├── captcha/ Captcha-solver adapters (2captcha, captcha-solver) — browser-mode fallback only
│ ├── social/ Organic-social adapters (x, linkedin, instagram, threads, tiktok, youtube, reddit, mastodon, bluesky)
│ ├── outreach/ Outreach adapters (listennotes, resend, producthunt)
│ ├── payments/ Payment providers (coinpay default; stripe, paypal, worldremit)
│ ├── vcs/ VCS providers (github, gitlab, gitea)
│ ├── webhooks/ Paste-URL webhook targets (discord, slack, telegram, teams, generic)
│ ├── bridges/ Chat-network bridges (discord, slack, irc, signal, matrix, mastodon, nostr, telegram)
│ ├── docs/ Document generators (marp, gslides, pandoc, lumin)
│ ├── web/ Dashboard (stub)
│ └── targets/ One adapter per distribution surface
│ ├── pkg-npm/
│ ├── pkg-aube/
│ ├── pkg-homebrew/
│ ├── mobile-ios/
│ ├── mobile-expo/
│ ├── desktop-mac/
│ ├── desktop-win/
│ ├── desktop-linux/
│ ├── desktop-steamos/ Steam Deck Desktop Mode (Flatpak, bypasses Steam)
│ ├── browser-chrome/
│ ├── web-static/
│ ├── tv-tvos/ Apple TV
│ ├── tv-firetv/ Fire TV / Firestick
│ ├── tv-roku/ Roku (⚠ BrightScript, not JS/React)
│ ├── tv-androidtv/ Android TV
│ ├── tv-webos/ LG webOS
│ ├── xr-webxr/ WebXR (universal)
│ ├── xr-meta-quest/ Meta Horizon Store (Quest)
│ ├── xr-sidequest/ SideQuest (Quest sideload)
│ ├── xr-visionos/ Apple Vision Pro
│ ├── xr-pico/ Pico Store (ByteDance)
│ ├── xr-steamvr/ SteamVR (PCVR / OpenXR)
│ ├── console-steam/ Steam (incl. Deck Gaming Mode via Steamworks)
│ ├── pkg-fdroid/ F-Droid (FOSS Android repo)
│ ├── pkg-cdn/ jsDelivr / unpkg / esm.sh / cdnjs / Skypack / JSPM
│ ├── pkg-jsr/ JSR (TS-native registry)
│ ├── pkg-deno/ deno.land/x (git-tag based)
│ ├── pkg-ghpackages/ GitHub Packages (npm)
│ ├── pkg-docker/ OCI images — Docker Hub / GHCR / Quay / ECR / GCR / ACR
│ ├── deploy-denodeploy/ Deno Deploy
│ ├── deploy-workers/ Cloudflare Workers
│ ├── deploy-fly/ Fly.io
│ ├── deploy-railway/ Railway
│ ├── deploy-vercel/ Vercel
│ ├── deploy-netlify/ Netlify
│ ├── deploy-render/ Render
│ ├── deploy-firebase/ Firebase Hosting / Functions
│ ├── chat-telegram/ Telegram Bot API
│ ├── chat-slack/ Slack App Directory
│ ├── chat-signal/ Signal (signal-cli / signald, ⚠ no official bot platform)
│ ├── chat-discord/ Discord App Directory
│ └── chat-whatsapp/ WhatsApp Business Cloud API
├── sites/ sh1pt's own live properties (dogfood).
│ └── sh1pt.com/ Marketing + waitlist + investor page
├── boilerplates/ Standalone starter projects (NOT workspace members).
│ ├── hello-world/ Bare manifest — no framework
│ ├── next-supabase/ Next.js 15 + React 19 + Supabase (web/PWA)
│ ├── expo-supabase/ Expo + Supabase (iOS + Android + F-Droid)
│ ├── tauri-supabase/ Tauri 2 + React + Supabase (desktop)
│ ├── chrome-ext-react/ React + Vite + Supabase (Chrome MV3)
│ ├── bun-hono-supabase/ Bun + Hono + Supabase (backend API, compiled binary)
│ ├── fastapi-supabase/ FastAPI + Supabase (Python backend)
│ ├── axum-supabase/ Axum + Supabase (Rust backend, tiny release binaries)
│ └── next-plugin-store/ Plugin marketplace — publishers list, users buy, Stripe Connect payouts
│ (all boilerplates ship a LICENSE, logo.svg, favicon.svg, and default to
│ the waitlist-crypto-investor recipe)
└── TARGETS.md Full matrix of ~40 planned surfaces, stores, and registries
What this repo publishes
Just the CLI. sh1pt.config.ts at the root uses sh1pt itself to fan the CLI out to every package manager — npm install -g @profullstack/sh1pt, brew install sh1pt, winget install sh1pt, scoop install sh1pt, etc. Lib packages (@profullstack/sh1pt-core, @profullstack/sh1pt-sdk, @profullstack/sh1pt-policy, target adapters) ride along on npm so sh1pt init and target plugins can pull them at runtime.
Concepts
- Manifest (
sh1pt.config.ts): declares a project and which targets it ships to. - Target: a plugin that knows how to
build,ship,status, androllbackfor one surface. - Release: a versioned build destined for one or more targets on a given channel (
stable/beta/canary). - Channel → store track mapping:
betaroutes to TestFlight on iOS, Play internal track on Android, Chrome Web Store testing, etc.stablepromotes to production. - Policy linter (
@profullstack/sh1pt-policy): runs before every ship. Catches duplicate titles, banned keywords, bad bundle ids, and spammy submission rate before the store rejects you (or flags the account). - Cloud: projects, secrets vault, build queue with per-OS runners, release history, live status dashboards, inbound webhooks from store APIs, outbound webhooks to your systems.
Agent-first API
For programmatic use from LLM agents, one call publishes everywhere:
POST /v1/agents/publish { "name": "...", "version": "...", "targets": [{ "use": "mobile-ios", "config": {...} }, ...], "secrets": { "NPM_TOKEN": "..." }, "channel": "beta" }
Also POST /v1/agents/bulk-publish for fan-out across many projects, and GET /v1/agents/quota for the $499 plan limits.
See TARGETS.md for the full surface matrix.