Back to Home

CodeClone 2.0: baseline code analysis in CI

CodeClone 2.0.0b1 evolves into a baseline-aware tool for monitoring Python code health. Separates legacy debt from regressions via health score, dead code and structural findings. Supports SARIF, HTML reports with deterministic CI contracts.

CodeClone 2.0b1: code health control with baseline
Advertisement 728x90

CodeClone 2.0.0b1: Baseline-Aware Python Code Health Analysis

CodeClone 2.0.0b1 evolves from a simple clone detector into a structural health monitor for Python projects in CI pipelines. The focus now centers on baseline comparison—distinguishing historical technical debt from new regressions. It supports health scoring, dead code detection, and structural findings with deterministic contracts for seamless pipeline integration.

Baseline as the Foundation of CI Contracts

In version 2.0, the baseline has matured into a validated snapshot of project state. It separates known issues from recent changes, participates in metrics gating, and behaves predictably in CI environments.

Key principles:

Google AdInline article slot
  • Schema validation with trust semantics.
  • Clear separation between known vs. new issues for clones, complexity, and other metrics.
  • Locking the current state as a baseline to prevent new regressions in main.

This enables quality gates without blocking entire projects due to legacy debt.

Health Score: A Modular Quality Metric

The new health score aggregates multiple signals:

| Metric | Description |

Google AdInline article slot

|--------------|--------------------------------------|

| Clones | Structural duplication |

| Complexity | Function cyclomatic complexity |

Google AdInline article slot

| Coupling | Module interdependence |

| Cohesion | Internal module consistency |

| Dead code | Unused code |

| Dependencies | Dependency cycles |

| Coverage | Test coverage |

The score breaks down into details: contribution from production code vs. tests, and high-risk zones. The HTML report includes gauges, KPI cards, and radar charts for quick insights.

Dead Code Detection Without Heuristics

The dead code detector accounts for Python-specific patterns: framework hooks, reflection, plugin loading. Instead of relying on implicit exclusions, it uses inline suppressions:

# codeclone: ignore[dead-code]
def handle_exception(exc: Exception) -> None:
    ...

or

class Middleware:  # codeclone: ignore[dead-code]
    ...

Suppression disables the rule locally without affecting other analyses. Elements appear in reports but don’t impact the health score.

Structural Findings Beyond Clones

A new layer detects early architectural signals:

  • duplicated_branches — repeated control flow branches.
  • clone_guard_exit_divergence — divergence in exit points of cloned blocks.
  • clone_cohort_drift — drift among families of similar constructs.

The core generates facts in canonical JSON; the UI visualizes them without additional rendering.

Reports from a Single Source

All outputs are projections of the canonical JSON:

  • HTML with Overview, Executive Summary, and Source Breakdown.
  • JSON for automation scripts.
  • Text/Markdown for logs.
  • SARIF format with baselineState, %SRCROOT%, and IDE/code-scanning artifacts.

Determinism is ensured through stable sorting and payload canonicalization.

Lowered Thresholds & Performance

Thresholds are relaxed for broader coverage:

  • --min-loc for functions: reduced from 15 to 10.
  • Softer block/segment gates.

Trade-off: increased analysis volume. Compensated by optimizations in cache and report contracts.

Contracts Under the Hood

Rigorous specifications:

  • Baseline contract: schema + semantics.
  • Cache contract: predictability.
  • Report contract: consistent formatting.
  • CLI exit codes: clear semantic meaning.

These minimize pipeline failures from hidden changes.

What Matters

  • Baseline isolates debt from regressions for real-world CI gating.
  • Health score is granular, with emphasis on production code.
  • Inline suppressions maintain transparency in dead code analysis.
  • Structural findings catch issues before clones form.
  • SARIF-ready for integration with GitHub Actions, Azure DevOps.

— Editorial Team

Advertisement 728x90

Read Next