Installation

One gate, four entry points.

Use the Node CLI for a zero-Python audit, the Python package for Python-native workflows, the Action for CI, or the skill folder for agent-led release review.

Node CLI

Node 18 or newer is required. The Node audit engine does not call Python.

npx github:omarkhandji-commits/shipvitals audit .

Initialize a project context file so the same promise, destination, critical flows, commands, and exclusions are used on every run.

npx github:omarkhandji-commits/shipvitals init .

Python CLI

Use Python 3.10 or newer. A virtual environment keeps the audit tool isolated from the project.

python -m venv .venv
python -m pip install "git+https://github.com/omarkhandji-commits/shipvitals.git"
shipvitals audit .

GitHub Action

- uses: actions/checkout@v4
- id: shipvitals
  uses: omarkhandji-commits/shipvitals@v1
  with:
    path: .
    mode: deep
    ci-proof: "GitHub Actions run"

The Action exposes a verdict output. The complete reasoning remains in .shipvitals-evidence/report.json.

Agent skill

Copy the repository folder skills/shipvitals/ into the skills directory used by Codex, Claude Code, or another compatible agent. The skill instructs the agent to gather evidence before changing the verdict.

Attach observed proof

shipvitals audit . \
  --runtime-proof "artifacts/runtime.shipvitals-evidence.json" \
  --visual-proof "artifacts/visual.shipvitals-evidence.json" \
  --ci-proof "artifacts/ci.shipvitals-evidence.json" \
  --independent-review "artifacts/independent_review.shipvitals-evidence.json"

Proof flags require typed evidence manifests with artifact hashes and commit binding. Arbitrary files and free-form URLs are rejected.