AutoShip keeps your project shippable from the command line — clean, verify, commit, and upload without sending source code to the cloud.
Official site: ms33834.github.io/autoship-cli
Opt-in enterprise features, all default-off and fully backward-compatible:
SSO binds CLI invocations and audit records to a corporate identity. The
builtin stub provider reads from a local token cache or env vars, and
real SAML/OIDC providers plug in via autoship-sdk.SsoProvider. On top of
that, RBAC ships 4 builtin roles (viewer / developer / maintainer / admin)
and 15 granular permissions; sensitive commands (upload, audit cleanup,
registry sync, config telemetry) are gated and denials are audit-logged.
SCIM syncs users and groups from a SCIM source for group-based role
bindings — stub mode reads a local JSON, real SCIM servers plug in via
autoship-sdk.ScimClient. Once SSO is on, every audit record (and SIEM
bundle export) carries user / role / sso_subject / sso_provider
fields, so the audit trail doubles as SOC2 evidence.
See docs/commands/team.md (team sso / team scim /
team role) and docs/configuration.md ([sso] /
[rbac] / [scim] sections).
AutoShip is local-first: code never leaves your machine unless you
explicitly configure an external model or upload target. The pluggy-based
plugin system chains clean → verify → commit → upload into one command,
with AI-generated Conventional Commits messages from local models (Ollama,
LM Studio) — no API keys needed to start.
Where AutoShip fits (see the full comparison):
| Need | AutoShip | husky | pre-commit | GitHub Actions | commitizen |
|---|---|---|---|---|---|
| Local AI commit messages | ✅ | ❌ | ❌ | ❌ | |
| One-command clean → ship | ✅ | ❌ | ❌ | ❌ | |
| Built-in security scan | ✅ | ❌ | ❌ | ||
| Offline by default | ✅ | ✅ | ❌ | ✅ | |
| Trilingual docs (zh/en/ja) | ✅ | ❌ | ❌ | ❌ |
AutoShip does not replace your CI — it complements it. Run AutoShip locally to ship clean commits; let GitHub Actions handle the cloud side.
pipx install autoshippip install autoshipgit clone https://github.com/MS33834/autoship-cli.git
cd autoship-cli
uv sync --all-extras --dev
uv run autoship --helpPre-built binaries for all platforms are available from GitHub Releases:
Binaries are published automatically by CI.
# Initialize project configuration
autoship init
# Clean and format code
autoship clean
# Generate commit message and commit
autoship commit
# Run verification (pytest example)
autoship verify pytest
# Upload artifacts (example: Docker image)
autoship upload --target docker --image myapp --tag latest- Local-first: Uses local AI models and local toolchains by default; code does not leave your machine.
- Plugin system: Hook-based architecture powered by pluggy for extending clean, verify, upload, and other phases.
- Plugin development SDK:
autoship-sdkprovides base classes, hook decorators, and testing helpers. - Model tiers: Automatically routes tasks across different model tiers based on hardware and task type.
- Security scanning: Runs dependency vulnerability and code security scans before commit.
- Audit logging: Records command execution, model calls, and configuration changes with structured export and auto cleanup.
- Environment diagnostics:
autoship doctorchecks Python, Git, model backends, toolchains, and directory permissions in one command. - Multi-language CLI: Built-in English, Chinese, and Japanese support via
--lang zh|en|jaor thelocaleconfig option. - Telemetry off by default: Anonymous usage data is only reported after explicit opt-in.
- Enterprise-ready (opt-in): SSO identity, SCIM group sync, and role-based access control (
team sso/team scim/team role) gate sensitive commands and stamp every audit record with the actor identity for SOC2 evidence.
- Full docs: ms33834.github.io/autoship-cli/docs
- Local docs: docs/
- Command reference: docs/commands/index.md
- Configuration: docs/configuration.md
- Plugin development: docs/plugin-development.md
No. All core processing runs locally by default; only when you explicitly configure an external model or upload target (such as Docker Registry or PyPI) will necessary data be sent to those services.
Core commands (init, clean, commit, verify) can run offline. upload and features that depend on web search or external models require internet access.
Telemetry is disabled by default, so no extra action is needed. To enable it, set telemetry.enabled = true in .autoship.toml.
For telemetry fields and endpoint security rules, see docs/telemetry.md. For the full privacy policy and user rights, see docs/privacy.md.
See docs/plugin-development.md and the example plugin at examples/custom-plugin/.
No, not without prior written permission from the author. This project is released under the Custom Non-Commercial License (CNCL) v1.0. See LICENSE.
- Contributing guide: CONTRIBUTING.md
- Security report: SECURITY.md
This repository is primarily hosted on GitHub. A read-only mirror is available on GitCode. Please open Issues and PRs on GitHub.
CNCL