Skip to main content

AI-powered code review for teams without a senior engineer

Project description

Oneport Review

AI-powered code review for teams without a senior engineer.

PyPI version VS Code Marketplace CI License: MIT

Oneport reviews your pull requests and code files like a senior engineer — catching logic errors, security vulnerabilities, performance issues, and bad patterns — and returns detailed comments in plain English.


Features

  • Full PR review — not just inline autocomplete. Understands context across the entire diff.
  • Security scanning — SQL injection, hardcoded secrets, insecure deserialization, SSRF, and more.
  • Performance analysis — N+1 queries, unbounded loops, missing indexes, memory leaks.
  • Logic errors — off-by-one, race conditions, missing null checks, incorrect error handling.
  • Bad patterns — God objects, missing abstractions, copy-paste code, broken SOLID principles.
  • Plain English output — every comment explains what the issue is, why it matters, and how to fix it.
  • Zero config to start — works out of the box. Customize with .oneportrc when you need to.

Installation

pip install oneport-review

Set your Anthropic API key:

export ANTHROPIC_API_KEY=sk-ant-...

Quick Start

Review a file

oneport review path/to/file.py

Review a GitHub pull request

oneport review https://github.com/org/repo/pull/42

Review staged changes

oneport review --staged

Review last commit

oneport review --head

VS Code Extension

Install from the marketplace:

ext install oneport.oneport-review

Or search "Oneport Review" in the VS Code Extensions panel.

Once installed:

  • Open the Command Palette (Cmd+Shift+P / Ctrl+Shift+P)
  • Run Oneport: Review Current File or Oneport: Review Pull Request
  • Issues appear as red squiggles with hover explanations and quick-fix suggestions

CI Integration (GitHub Actions)

Add to .github/workflows/ci.yml:

- name: Oneport Code Review
  uses: oneport/oneport-review@v1
  with:
    github-token: ${{ secrets.GITHUB_TOKEN }}
    anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}

Oneport will post review comments directly on the pull request.

See docs/ci-integration.md for GitLab CI, Bitbucket Pipelines, and Jenkins.


Configuration

Create a .oneportrc file in your project root:

model: claude-sonnet-4-20250514
max_tokens: 4096

rules:
  ignore:
    - OPR001  # disable a specific rule
  severity:
    OPR042: warning  # downgrade a rule

ignore_paths:
  - "migrations/**"
  - "**/*.generated.py"
  - "vendor/**"

output:
  format: inline   # inline | json | github | sarif
  min_severity: warning  # info | warning | error | critical

See docs/custom-rules.md for writing your own rules.


Output Formats

Format Use case
inline Terminal — human-readable, coloured output
json Scripting, custom tooling
github GitHub Checks API / PR comment format
sarif VS Code Problems panel, GitHub Code Scanning
oneport review file.py --format json | jq '.issues[] | select(.severity == "critical")'

Programmatic API

from oneport import review

result = review("path/to/file.py")

for issue in result.issues:
    print(f"[{issue.severity}] Line {issue.line}: {issue.message}")
    print(f"  Fix: {issue.suggestion}")

See docs/api-reference.md for the full API.


Privacy

  • Your code is sent to Anthropic's API for analysis. Review Anthropic's privacy policy.
  • API keys are stored in your OS keychain (VS Code) or environment variables (CLI). Never written to disk.
  • Set ONEPORT_TELEMETRY=off to disable all usage analytics.

Contributing

git clone https://github.com/oneport/oneport-review
cd oneport-review
pip install -e ".[dev]"
make test

See CONTRIBUTING.md for guidelines.


License

MIT © Oneport

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

oneport_review-1.0.0.tar.gz (27.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

oneport_review-1.0.0-py3-none-any.whl (33.3 kB view details)

Uploaded Python 3

File details

Details for the file oneport_review-1.0.0.tar.gz.

File metadata

  • Download URL: oneport_review-1.0.0.tar.gz
  • Upload date:
  • Size: 27.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.0

File hashes

Hashes for oneport_review-1.0.0.tar.gz
Algorithm Hash digest
SHA256 51e78013f23adbe9323350f11fa6df32bbaa7e45c684f1bfa9618279b543cb63
MD5 8b7e158f9d7201b0a52633d3b5df8c37
BLAKE2b-256 e23990c2485f2bb1b18fe4f8b7fbb268b55d39d201203575d208770cfa9b10ef

See more details on using hashes here.

File details

Details for the file oneport_review-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: oneport_review-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 33.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.0

File hashes

Hashes for oneport_review-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 47a4a281b16201d6e856d01fe888456887cc9e9e60842d36e5566b1467d64e49
MD5 0f4046b8a811e5c70dc2dd9f947d6d74
BLAKE2b-256 e44a42c925eadc3ee4086ecaa2d96476784c8a1834d2d2fabd7fe115cd1a13c9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page