The One Code
The One Code is an Application Lifecycle Intelligence platform built for MSPs. Connect a client's GitHub, GitLab, or Azure DevOps organization and within minutes every repository is backed up with point-in-time recovery, documented with AI-generated architecture docs, scanned for leaked secrets and vulnerable dependencies, and scored for technical debt — all presented in a branded client-ready report you can share at your next QBR.
Who Uses The One Code
| Audience | How They Use It |
|---|---|
| MSP Owner | Add The One Code to client agreements as a managed application health service. Generate QBR reports that prove value and justify renewals. |
| MSP Technician | Connect client GitHub orgs, triage security findings, manage backup schedules, track compliance posture, and escalate issues to PSA tickets with one click. |
| End Client | Receive branded PDF reports. Share AI-generated architecture docs via secure public links. Grant auditors read-only access to compliance evidence. |
Key Capabilities
- Protect — Full GitHub, GitLab, and Azure DevOps backup with hourly, daily, or weekly schedules. Includes git mirror, issues, pull requests, wikis, releases, and workflow files. Point-in-time restore to original org or a new org.
- Understand — AI-generated documentation: architecture overviews, API references, database schemas, deployment guides, onboarding walkthroughs, data flow diagrams, and security docs. Each doc is versioned and refreshable on demand.
- Knowledge Transfer / Handoff Packages — Generate a complete handoff bundle for a repository, including all doc types plus an AI-identified list of critical files, known issues, and suggested first tasks for an incoming developer.
- Govern — Secret scanning across file contents and git history, multi-org access audits (members, teams, external collaborators, 2FA compliance, permission drift), and automated compliance evidence collection for SOC 2 and ISO 27001.
- SBOM Generation — Software Bill of Materials in CycloneDX or SPDX format, exported as JSON or CSV. Cross-repo vulnerability summary with CVE references and fix versions.
- Optimize — Technical debt scoring across seven categories (code quality, dependency health, documentation, test coverage, architecture, security, CI/CD health). Dependency intelligence with license risk detection, dead app scoring, and migration path recommendations.
- Regulatory Classification — AI-assisted classification of repositories against HIPAA, PCI-DSS, GDPR, SOX, and CMMC based on code patterns and configuration files.
- Application Portfolio — Aggregate health dashboard across all connected repositories. Filter by app type, tech stack, commit frequency, and health status. Per-client grouping for MSP reporting.
- QBR Reports — Branded, AI-written Application Review reports covering portfolio health, backup status, security posture, technical debt, compliance, and forward-looking recommendations. Schedule monthly or quarterly delivery.
- PSA Integration — Create PSA tickets directly from security findings, access audit issues, and migration recommendations without leaving The One Code.
The Four Modules
The One Code is organized into four modules that map to subscription tiers:
| Module | What It Does | Tier |
|---|---|---|
| Protect | Backup + point-in-time restore | Protect / Protect+ |
| Understand | AI documentation + handoff packages | Understand |
| Govern | Secret scanning, access audits, compliance, SBOM | Govern |
| Optimize | Tech debt, dependencies, dead apps, migration paths | Optimize |
How It Fits in The One Stack
The One Code connects to:
- Hub — All users authenticate through Hub SSO. Billing is tracked per connected repository.
- PSA — Security findings and migration projects can become PSA tickets in one click.
- CRM — Code insights can generate CRM opportunities (upsells, renewals, project work).
- CMDB — Repository metadata and application profiles can sync to CMDB asset records.
- AI Platform — Claude Sonnet powers all AI documentation and analysis via the shared AI Gateway.
- The One Bus — Events for repo discovery, backup completion, and documentation generation publish to the event mesh for cross-product workflows.
ℹ️The One Code lives at app.theonecode.app. Access it via the waffle menu under Intelligence in any One Stack product.
Prerequisites
- A Hub account with Owner or Admin role
- At least one GitHub, GitLab, or Azure DevOps organization to connect
- For GitHub: permission to install a GitHub App on the target organization
- For GitLab / Azure DevOps: an account with organization-level OAuth access
Subscription Tiers
| Tier | Repo Limit | Included Modules |
|---|---|---|
| Free | 3 repos | Protect (basic) |
| Protect | Unlimited | Protect |
| Protect+ | Unlimited | Protect (enhanced) |
| Understand | Unlimited | Protect + Understand |
| Govern | Unlimited | Protect + Understand + Govern |
| Optimize | Unlimited | All four modules |
Billing is per repository protected, reported daily to The One Books.
Next Steps
- Getting Started — Connect your first org and configure backups
- GitHub Integration — Install the GitHub App and understand the connection flow
- AI Documentation — Generate architecture docs and handoff packages
- Security Scanning — Secret detection and access audits
- Dependency Audit — SBOM, vulnerabilities, and license risk
- Compliance — SOC 2 and ISO 27001 evidence collection
- Optimization — Technical debt scoring and migration intelligence
- Reports — QBR-style branded application review reports
- Integrations — PSA, CRM, CMDB, and AI Platform connections