Skip to content

Releases: integrallis/mfcqi-python

v0.0.6

Choose a tag to compare

@bsbodden bsbodden released this 02 Jul 01:51

Full Changelog: v0.0.5...v0.0.6

📦 PyPI Release

This release is now available on PyPI:

Quick Start

pip install mfcqi
mfcqi-py analyze .

What's New in v0.0.6

See the full changelog above for details.

v0.0.5

Choose a tag to compare

@bsbodden bsbodden released this 17 May 05:04

What's Changed

  • Fix badge workflow PR comment permissions by @bsbodden in #12
  • Support multiple paths in analyze command by @bsbodden in #7
  • Report pip-audit scanner status separately by @bsbodden in #8
  • Expose metric calculation status by @bsbodden in #9
  • Avoid shell usage in dependency checker by @bsbodden in #10
  • Cache dependency security scans and record timeouts by @bsbodden in #11
  • chore(release): bump version to v0.0.5 by @bsbodden in #13

New Contributors

Full Changelog: v0.0.4...v0.0.5

📦 PyPI Release

This release is now available on PyPI:

Quick Start

pip install mfcqi
mfcqi analyze .

What's New in v0.0.5

See the full changelog above for details.

v0.0.4

Choose a tag to compare

@bsbodden bsbodden released this 27 Oct 17:52

What's Changed

  • feat: single-file analysis, flexible model selection by @abrookins in #1

New Contributors

Full Changelog: v0.0.3...v0.0.4

📦 PyPI Release

This release is now available on PyPI:

Quick Start

pip install mfcqi
mfcqi analyze .

What's New in v0.0.4

See the full changelog above for details.

v0.0.3

Choose a tag to compare

@bsbodden bsbodden released this 04 Oct 21:08

MFCQI v0.0.3 - Logging, CLI Improvements & Security Fix

A maintenance release focused on improved debugging capabilities, better default CLI behavior, and a critical security fix.

What's Changed

🔍 Enhanced Debugging & Logging

Added comprehensive debug logging throughout the codebase to improve troubleshooting:

  • Added debug logging to all silent exception handlers across modules
  • Enhanced logging in calculator, code smell detection, cognitive complexity, and duplication analysis
  • Added debug logging to pyexamine subprocess exception handling
  • Improved bandit config parsing logging in security module

This makes it much easier to diagnose issues when running with --verbose or enabling debug logging.

🎯 Improved CLI Defaults

Breaking Behavioral Change: The CLI now defaults to metrics-only analysis unless LLM is explicitly requested.

  # Metrics only (new default, faster)
  mfcqi analyze .

  # With AI recommendations (explicit request)
  mfcqi analyze . --model claude-3-5-sonnet-20241022

This change improves performance for the most common use case and makes LLM usage more intentional.

🔒 Security Fix

  • Fixed: Replaced unsafe assert statement with proper RuntimeError validation for better security posture

🛠️ CI/CD Improvements

  • Improved Test PyPI install retry logic with progressive delays for more reliable CI pipelines

📝 Documentation

  • Updated README badges with latest scores
  • Corrected import ordering throughout codebase

Links


Made with ❤️ by BSB

Full Changelog: v0.0.2...v0.0.3

📦 PyPI Release

This release is now available on PyPI:

Quick Start

pip install mfcqi
mfcqi analyze .

What's New in v0.0.3

See the full changelog above for details.

v0.0.2

Choose a tag to compare

@bsbodden bsbodden released this 04 Oct 01:32

MFCQI v0.0.2 - Enhanced OO Metrics 🎯

Expanded object-oriented analysis with Coupling Between Objects (CBO) and Lack of Cohesion of Methods (LCOM) metrics, bringing total metrics to 16 with enhanced architectural quality assessment.

What's New

🆕 Enhanced OO Metric Suite

Added two critical Chidamber & Kemerer metrics for comprehensive OO code analysis:

CBO (Coupling Between Objects) - Weight: 0.65

  • Measures inter-class coupling for architectural quality
  • Evidence: r=0.42 correlation with defects (Subramanyam & Krishnan 2003)
  • Applied to STRONG_OO and MIXED_OO paradigms

LCOM (Lack of Cohesion of Methods) - Weight: 0.50

  • Evaluates method cohesion within classes
  • Weight reduced from literature (0.60) due to mixed empirical evidence
  • Signals Single Responsibility Principle violations

📊 Updated Metric Count

16 Total Metrics (up from 14):

Complexity: Cyclomatic, Cognitive, Halstead, Maintainability Index
Quality: Duplication, Documentation, Type Safety, Code Smells
Security: Bandit SAST, pip-audit SCA, detect-secrets
OO Metrics (conditional): RFC, DIT, MHF, CBO ⭐, LCOM ⭐

🔬 Evidence-Based Weights

All metric weights now include published research citations in code comments:

CBO: r=0.42 (Subramanyam & Krishnan 2003)

RFC: r=0.48 (Subramanyam & Krishnan 2003)

Cyclomatic: r=0.65 (meta-analysis)

Cognitive: r=0.57 (Correia et al. 2022)

🐛 Fixes

  • Suppressed benign sre_constants deprecation warning (Python 3.13+)

Upgrade from v0.0.1

pip install --upgrade mfcqi

No breaking changes - existing configurations and workflows remain compatible.

Impact on Scores

OO-heavy codebases will now see:

  • More comprehensive architectural assessment
  • Lower scores if high coupling/low cohesion detected
  • Better alignment with design quality principles

MFCQI self-score: 0.88 (validated)

Development

All changes implemented using strict Test-Driven Development:

  • 3 new passing tests for CBO/LCOM integration
  • 100% test coverage maintained
  • Research-validated implementations

Documentation

Links


Made with ❤️ by https://github.com/bsbodden

Full Changelog: v0.0.1...v0.0.2

📦 PyPI Release

This release is now available on PyPI:

Quick Start

pip install mfcqi
mfcqi analyze .

What's New in v0.0.2

See the full changelog above for details.

v0.0.1

Choose a tag to compare

@bsbodden bsbodden released this 03 Oct 20:22

MFCQI v0.0.1 - Initial Release 🎉

The first public release of MFCQI (Multi-Factor Code Quality Index), an evidence-based Python code quality analysis tool that produces a single quality score (0.0-1.0) from 14 research-backed metrics.

Quick Start

pip install mfcqi
mfcqi analyze .

Requirements: Python 3.10+

Highlights

Single Quality Score: One number (0.0-1.0) combining 14 metrics via geometric mean
Empirically Validated: Calibrated against reference libraries (requests: 0.874, click: 0.779)
Python-Specific: Multi-paradigm aware, doesn't penalize Pythonic patterns
Defense-in-Depth Security: 3 independent metrics (SAST, SCA, secrets detection)
CI/CD Ready: SARIF 2.1.0 output, quality gates, badge generation
Research-Backed: 40+ academic sources, transparent methodology

Metrics Analyzed (14 Total)

Complexity: Cyclomatic, Cognitive, Halstead, Maintainability Index
Quality: Duplication, Documentation, Type Safety, Code Smells
Security: Bandit SAST, pip-audit SCA, detect-secrets
OO Metrics (conditional): RFC, DIT, MHF, LCOM, CBO

Key Features

Python-Specific Calibrations

Unlike tools calibrated for Java/C++, MFCQI was empirically validated for Python through controlled experiments:

  • Halstead Volume: Recalibrated for libraries (HV 2000-4000 normal)
  • Maintainability Index: Adjusted thresholds (70/50/30/20 vs 85/65/45)
  • RFC: Library-aware (high RFC acceptable for frameworks)
  • DIT: Multi-paradigm aware (procedural DIT=0 is valid)

Defense-in-Depth Security

  • Bandit SAST (0.70): Code vulnerabilities, CVSS-weighted
  • pip-audit (0.75): Dependency CVEs
  • detect-secrets (0.85): Credential exposure

Coverage: OWASP Top 10, CWE/SANS Top 25

CI/CD Integration

# SARIF output for GitHub/GitLab
mfcqi analyze --format sarif --output results.sarif

# Quality gate
mfcqi analyze --threshold 0.75 --exit-code

# Badge generation
mfcqi badge . -f json -o .github/badges/mfcqi.json

Validation

Reference Library Scores (calculated by MFCQI):

  • requests: 0.874 ✅
  • click: 0.779 ✅
  • mfcqi itself: 0.854 ✅

Documentation

  • Research: docs/research.md - 888 lines, all metrics, calibrations, evidence
  • README: Full guide
  • Validation: mfcqi_validation/reports/ - Empirical studies

Academic Foundation

Based on decades of research:

  • McCabe (1976), Campbell (2018), Coleman et al. (1994), Chidamber & Kemerer (1994)
  • Python-specific: Papamichail et al. (2022), Tempero et al. (2015), Prykhodko et al. (2021)
  • Security: OWASP Top 10 (2021), CWE/SANS Top 25

See docs/research.md for complete 40+ source bibliography.

Links


Made with ❤️ by BSB

Full Changelog: https://github.com/bsbodden/mfcqi/commits/v0.0.1

📦 PyPI Release

This release is now available on PyPI:

Quick Start

pip install mfcqi
mfcqi analyze .

What's New in v0.0.1

See the full changelog above for details.