Skip to main content

The Oneport pre-ship gate — one command runs every Oneport check and tells you if your code is safe to ship.

Project description

Oneport — the pre-ship gate

One command runs every Oneport check across your repo and tells you, in one verdict, whether it's safe to ship.

op ship orchestrates the whole Oneport tool suite — secret scanning, dependency vulnerabilities, migration safety, code review, API breaking changes, test gaps, and more — into a single ship-readiness verdict with a single exit code for CI.

It doesn't reimplement the tools. It runs each independent Oneport CLI, merges their findings by severity, and answers the only question that matters before a deploy: is this safe to ship, and if not, what do I fix first?

$ op ship

Ship readiness: BLOCKED — 2 blocker(s), 3 warning(s)

MUST FIX before shipping
  ✗ [secrets]  AWS Access Key ID  config.py:12
      fix: Deactivate the key in IAM, rotate it, purge git history.
  ✗ [migrate]  Drops a column with no reverse migration  0042_auto.py:8

SHOULD FIX
  ⚠ [depcheck] requests 2.19 — CVE reachable in fetch.py:42
  ⚠ [review]   SQL injection risk  users.py:8

✓ apidiff  ✓ testgap

→ Fix the 2 blocker(s), then run op ship again.

Install

pip install oneport          # the orchestrator (this package)
# plus whichever tools you want gated:
pip install oneport-secrets oneport-depcheck oneport-migrate oneport-review \
            oneport-apidiff oneport-testgap

op doctor shows which tools are installed.

Use

op init          # scaffold .oneport/oneport.yaml + guidelines.md
op ship          # run the gate on the whole repo
op ship src/     # or a subpath
op ship --format json      # machine-readable, for CI
op ship --fail-on critical # only critical findings block
op list          # show which gates will run
op usage         # token usage from the local ledger

Exit code is 1 when any gate blocks, 0 when clear — drop op ship straight into CI.

Configure — .oneport/oneport.yaml

gates:              # which gates run, in order (omit for sensible defaults)
  - secrets
  - depcheck
  - migrate
  - review
  - apidiff
  - testgap
fail_on: error      # verdict blocks on this severity or higher

Or keep the defaults and adjust with enable: / disable: lists. The same .oneport/ directory holds guidelines.md — the shared brain every Oneport tool reads.

How it fits together

  • oneport_core — the shared spine: the result contract every tool's JSON is normalised into, config loading, the tool registry, and the usage ledger.
  • oneport_cli — the op orchestrator: runs each gate as a subprocess, merges results, renders the verdict.

A tool that isn't installed is skipped; a tool that errors is surfaced (and, by default, blocks — a gate that can't run means the repo can't be certified). No tool failure ever takes down the whole run.

Privacy

Serverless by design. op runs the tools on your machine; each tool talks only to its model API on your own key. There is no Oneport server. The usage ledger (~/.oneport/usage.db) stores token counts and a one-way hash of the repo path — never your code.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

oneport-0.1.0.tar.gz (21.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

oneport-0.1.0-py3-none-any.whl (19.4 kB view details)

Uploaded Python 3

File details

Details for the file oneport-0.1.0.tar.gz.

File metadata

  • Download URL: oneport-0.1.0.tar.gz
  • Upload date:
  • Size: 21.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.0

File hashes

Hashes for oneport-0.1.0.tar.gz
Algorithm Hash digest
SHA256 a26816ee7b64a75f1baf4e8b6777213e0af5ae77037b5af6787ade0a9a93a246
MD5 5215fc91d54479cd34c3d1fb99b3ff84
BLAKE2b-256 3bff68693a2274bfd33e32d7575e3bef40292d815f50d2cc00466f7baf796625

See more details on using hashes here.

File details

Details for the file oneport-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: oneport-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 19.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.0

File hashes

Hashes for oneport-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ffa830d18385ac78b98a2192d5a288e35c3bf075dd02e1051291d56c62ed731b
MD5 44bb2980882c0f96c6719112d5e92751
BLAKE2b-256 f7f14385186da0e1703b79fe51b33fc78a6b2245922897c242d00f1011ce0e8f

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page