Releases: integrallis/mfcqi-python
Release list
v0.0.6
Full Changelog: v0.0.5...v0.0.6
📦 PyPI Release
This release is now available on PyPI:
- PyPI Package: https://pypi.org/project/mfcqi/0.0.6/
- Installation:
pip install mfcqi==0.0.6 - Upgrade:
pip install --upgrade mfcqi
Quick Start
pip install mfcqi
mfcqi-py analyze .What's New in v0.0.6
See the full changelog above for details.
v0.0.5
What's Changed
- Fix badge workflow PR comment permissions by @bsbodden in #12
- Support multiple paths in analyze command by @bsbodden in #7
- Report pip-audit scanner status separately by @bsbodden in #8
- Expose metric calculation status by @bsbodden in #9
- Avoid shell usage in dependency checker by @bsbodden in #10
- Cache dependency security scans and record timeouts by @bsbodden in #11
- chore(release): bump version to v0.0.5 by @bsbodden in #13
New Contributors
Full Changelog: v0.0.4...v0.0.5
📦 PyPI Release
This release is now available on PyPI:
- PyPI Package: https://pypi.org/project/mfcqi/0.0.5/
- Installation:
pip install mfcqi==0.0.5 - Upgrade:
pip install --upgrade mfcqi
Quick Start
pip install mfcqi
mfcqi analyze .What's New in v0.0.5
See the full changelog above for details.
v0.0.4
What's Changed
- feat: single-file analysis, flexible model selection by @abrookins in #1
New Contributors
- @abrookins made their first contribution in #1
Full Changelog: v0.0.3...v0.0.4
📦 PyPI Release
This release is now available on PyPI:
- PyPI Package: https://pypi.org/project/mfcqi/0.0.4/
- Installation:
pip install mfcqi==0.0.4 - Upgrade:
pip install --upgrade mfcqi
Quick Start
pip install mfcqi
mfcqi analyze .What's New in v0.0.4
See the full changelog above for details.
v0.0.3
MFCQI v0.0.3 - Logging, CLI Improvements & Security Fix
A maintenance release focused on improved debugging capabilities, better default CLI behavior, and a critical security fix.
What's Changed
🔍 Enhanced Debugging & Logging
Added comprehensive debug logging throughout the codebase to improve troubleshooting:
- Added debug logging to all silent exception handlers across modules
- Enhanced logging in calculator, code smell detection, cognitive complexity, and duplication analysis
- Added debug logging to pyexamine subprocess exception handling
- Improved bandit config parsing logging in security module
This makes it much easier to diagnose issues when running with --verbose or enabling debug logging.
🎯 Improved CLI Defaults
Breaking Behavioral Change: The CLI now defaults to metrics-only analysis unless LLM is explicitly requested.
# Metrics only (new default, faster)
mfcqi analyze .
# With AI recommendations (explicit request)
mfcqi analyze . --model claude-3-5-sonnet-20241022
This change improves performance for the most common use case and makes LLM usage more intentional.
🔒 Security Fix
- Fixed: Replaced unsafe assert statement with proper RuntimeError validation for better security posture
🛠️ CI/CD Improvements
- Improved Test PyPI install retry logic with progressive delays for more reliable CI pipelines
📝 Documentation
- Updated README badges with latest scores
- Corrected import ordering throughout codebase
Links
- 📦 PyPI: https://pypi.org/project/mfcqi/
- 📚 Documentation: https://github.com/bsbodden/mfcqi/blob/main/docs/research.md
- 🐛 Issues: https://github.com/bsbodden/mfcqi/issues
- 💬 Discussions: https://github.com/bsbodden/mfcqi/discussions
Made with ❤️ by BSB
Full Changelog: v0.0.2...v0.0.3
📦 PyPI Release
This release is now available on PyPI:
- PyPI Package: https://pypi.org/project/mfcqi/0.0.3/
- Installation:
pip install mfcqi==0.0.3 - Upgrade:
pip install --upgrade mfcqi
Quick Start
pip install mfcqi
mfcqi analyze .What's New in v0.0.3
See the full changelog above for details.
v0.0.2
MFCQI v0.0.2 - Enhanced OO Metrics 🎯
Expanded object-oriented analysis with Coupling Between Objects (CBO) and Lack of Cohesion of Methods (LCOM) metrics, bringing total metrics to 16 with enhanced architectural quality assessment.
What's New
🆕 Enhanced OO Metric Suite
Added two critical Chidamber & Kemerer metrics for comprehensive OO code analysis:
CBO (Coupling Between Objects) - Weight: 0.65
- Measures inter-class coupling for architectural quality
- Evidence: r=0.42 correlation with defects (Subramanyam & Krishnan 2003)
- Applied to STRONG_OO and MIXED_OO paradigms
LCOM (Lack of Cohesion of Methods) - Weight: 0.50
- Evaluates method cohesion within classes
- Weight reduced from literature (0.60) due to mixed empirical evidence
- Signals Single Responsibility Principle violations
📊 Updated Metric Count
16 Total Metrics (up from 14):
Complexity: Cyclomatic, Cognitive, Halstead, Maintainability Index
Quality: Duplication, Documentation, Type Safety, Code Smells
Security: Bandit SAST, pip-audit SCA, detect-secrets
OO Metrics (conditional): RFC, DIT, MHF, CBO ⭐, LCOM ⭐
🔬 Evidence-Based Weights
All metric weights now include published research citations in code comments:
CBO: r=0.42 (Subramanyam & Krishnan 2003)
RFC: r=0.48 (Subramanyam & Krishnan 2003)
Cyclomatic: r=0.65 (meta-analysis)
Cognitive: r=0.57 (Correia et al. 2022)
🐛 Fixes
- Suppressed benign sre_constants deprecation warning (Python 3.13+)
Upgrade from v0.0.1
pip install --upgrade mfcqi
No breaking changes - existing configurations and workflows remain compatible.
Impact on Scores
OO-heavy codebases will now see:
- More comprehensive architectural assessment
- Lower scores if high coupling/low cohesion detected
- Better alignment with design quality principles
MFCQI self-score: 0.88 (validated)
Development
All changes implemented using strict Test-Driven Development:
- 3 new passing tests for CBO/LCOM integration
- 100% test coverage maintained
- Research-validated implementations
Documentation
- Research: https://github.com/bsbodden/mfcqi/blob/main/docs/research.md - Updated with CBO/LCOM evidence
- README: Updated OO metrics section
Links
- 📦 https://pypi.org/project/mfcqi/
- 📚 https://github.com/bsbodden/mfcqi/blob/main/docs/research.md
- 🔄 v0.0.1...v0.0.2
- 🐛 https://github.com/bsbodden/mfcqi/issues
Made with ❤️ by https://github.com/bsbodden
Full Changelog: v0.0.1...v0.0.2
📦 PyPI Release
This release is now available on PyPI:
- PyPI Package: https://pypi.org/project/mfcqi/0.0.2/
- Installation:
pip install mfcqi==0.0.2 - Upgrade:
pip install --upgrade mfcqi
Quick Start
pip install mfcqi
mfcqi analyze .What's New in v0.0.2
See the full changelog above for details.
v0.0.1
MFCQI v0.0.1 - Initial Release 🎉
The first public release of MFCQI (Multi-Factor Code Quality Index), an evidence-based Python code quality analysis tool that produces a single quality score (0.0-1.0) from 14 research-backed metrics.
Quick Start
pip install mfcqi
mfcqi analyze .Requirements: Python 3.10+
Highlights
✅ Single Quality Score: One number (0.0-1.0) combining 14 metrics via geometric mean
✅ Empirically Validated: Calibrated against reference libraries (requests: 0.874, click: 0.779)
✅ Python-Specific: Multi-paradigm aware, doesn't penalize Pythonic patterns
✅ Defense-in-Depth Security: 3 independent metrics (SAST, SCA, secrets detection)
✅ CI/CD Ready: SARIF 2.1.0 output, quality gates, badge generation
✅ Research-Backed: 40+ academic sources, transparent methodology
Metrics Analyzed (14 Total)
Complexity: Cyclomatic, Cognitive, Halstead, Maintainability Index
Quality: Duplication, Documentation, Type Safety, Code Smells
Security: Bandit SAST, pip-audit SCA, detect-secrets
OO Metrics (conditional): RFC, DIT, MHF, LCOM, CBO
Key Features
Python-Specific Calibrations
Unlike tools calibrated for Java/C++, MFCQI was empirically validated for Python through controlled experiments:
- Halstead Volume: Recalibrated for libraries (HV 2000-4000 normal)
- Maintainability Index: Adjusted thresholds (70/50/30/20 vs 85/65/45)
- RFC: Library-aware (high RFC acceptable for frameworks)
- DIT: Multi-paradigm aware (procedural DIT=0 is valid)
Defense-in-Depth Security
- Bandit SAST (0.70): Code vulnerabilities, CVSS-weighted
- pip-audit (0.75): Dependency CVEs
- detect-secrets (0.85): Credential exposure
Coverage: OWASP Top 10, CWE/SANS Top 25
CI/CD Integration
# SARIF output for GitHub/GitLab
mfcqi analyze --format sarif --output results.sarif
# Quality gate
mfcqi analyze --threshold 0.75 --exit-code
# Badge generation
mfcqi badge . -f json -o .github/badges/mfcqi.jsonValidation
Reference Library Scores (calculated by MFCQI):
- requests: 0.874 ✅
- click: 0.779 ✅
- mfcqi itself: 0.854 ✅
Documentation
- Research:
docs/research.md- 888 lines, all metrics, calibrations, evidence - README: Full guide
- Validation:
mfcqi_validation/reports/- Empirical studies
Academic Foundation
Based on decades of research:
- McCabe (1976), Campbell (2018), Coleman et al. (1994), Chidamber & Kemerer (1994)
- Python-specific: Papamichail et al. (2022), Tempero et al. (2015), Prykhodko et al. (2021)
- Security: OWASP Top 10 (2021), CWE/SANS Top 25
See docs/research.md for complete 40+ source bibliography.
Links
- 📦 PyPI
- 📚 Research Documentation
- 🐛 Issues
Made with ❤️ by BSB
Full Changelog: https://github.com/bsbodden/mfcqi/commits/v0.0.1
📦 PyPI Release
This release is now available on PyPI:
- PyPI Package: https://pypi.org/project/mfcqi/0.0.1/
- Installation:
pip install mfcqi==0.0.1 - Upgrade:
pip install --upgrade mfcqi
Quick Start
pip install mfcqi
mfcqi analyze .What's New in v0.0.1
See the full changelog above for details.