CLI for measuring verbosity and erosion metrics in supported source codebases
Project description
scb-check
Python CLI that reports SCBench verbosity and erosion composites for supported source codebases.
-
Verbosity: fraction of SLOC flagged by clone detection, ast-grep slop rules, or structural rules. Non-Python languages currently contribute clone lines only.
-
Erosion: share of function "mass" (
complexity * sqrt(sloc)) concentrated in high-complexity functions (cyclomatic complexity > 10). -
Cognitive erosion: same mass-share calculation using cognitive complexity > 10.
Install
Requires Python 3.12+.
Run without installing (recommended):
uvx scb-check check PATH
uvx --from git+https://github.com/gabeorlanski/scb-check scb-check check PATH
Or install into the current project:
uv sync # for development in this repo
uv add scb-check # as a dependency elsewhere
For hash-checked dependency installs from this repository, use the exported lock files:
python -m pip install --require-hashes -r requirements.lock
python -m pip install --require-hashes -r requirements-dev.lock
Regenerate them after dependency changes with:
uv export --format requirements.txt --no-dev --no-emit-project --frozen --output-file requirements.lock
uv export --format requirements.txt --all-groups --no-emit-project --frozen --output-file requirements-dev.lock
scb-check runs bundled ast-grep rules by trying a global sg executable first. If global sg is missing or fails, it falls back to the ast-grep-cli executable installed with scb-check.
Usage
scb-check check PATH # human-readable flags
scb-check check PATH --output-format json # JSON report with verbosity/erosion scores
scb-check check PATH --report # shortcut for --output-format json
scb-check check PATH -v / --verbosity # add info logging
scb-check check PATH -vv # add debug logging
scb-check check PATH --config FILE # explicit config path
scb-check check PATH --include-all # include gitignored files plus ignored, lower-severity, and boundary-suppressed findings
scb-check check PATH --disable-sg # skip ast-grep subprocess findings
scb-check check PATH --min-duplicate-lines N # show duplicate groups with at least N SLOC lines
scb-check rule RULE_ID # print YAML or metadata for a specific rule
PATH may be a file or directory. Directories are walked for supported source files: Python (.py, .pyw), Rust (.rs), JavaScript (.js, .mjs, .cjs), TypeScript (.ts), Zig (.zig), Haskell (.hs), and C++ (.cpp, .cc, .cxx, .c++, .hpp, .hh, .hxx). Directory discovery respects .gitignore globs by default; use --include-all to scan gitignored supported files too.
JSON report fields
verbosity, erosion, cog_erosion, files_scanned, total_loc, verbosity_flagged_loc, clone_loc, ast_grep_flagged_loc, structural_rule_loc, structural_rule_findings, total_functions, high_cc_functions, high_cog_functions, total_mass, high_cc_mass, total_cog_mass, high_cog_mass, syntax_tree_count, syntax_node_count, and syntax_by_language.
syntax_by_language is keyed by language value and reports tree_count plus total Tree-sitter node_count for parsed files in that language.
Exit codes
scb-check check exits 0 when no findings are reported, 1 when any finding is present (clones, ast-grep hits, structural findings, or high-complexity functions), and 2 for usage errors (bad path, missing config, invalid directives).
Configuration
scb-check looks for scb-check.toml or a pyproject.toml containing [tool.scb-check], [tool.ruff], or [tool.ty.src], walking upward from the current directory until it hits a .git root.
# scb-check.toml
exclude = ["tests/fixtures/*", "vendor/**"]
context = 1
# pyproject.toml
[tool.scb-check]
exclude = ["tests/fixtures/*"]
context = 2
exclude: list of glob patterns to skip while discovering supported source files.context: number of surrounding source lines to show around human-readable ast-grep, structural rule, and erosion findings.
Configured exclude patterns still apply when --include-all is used; only .gitignore file discovery is extended.
Ast-grep slop rules, structural rules, and source directives are currently Python-only. Rust, JavaScript, TypeScript, Zig, Haskell, and C++ still participate in SLOC totals, clone detection, cyclomatic erosion, and cognitive erosion.
When using pyproject.toml, scb-check also includes excludes from:
[tool.ruff].exclude[tool.ruff].extend-exclude[tool.ty.src].exclude
Source directives
In Python files, you can suppress specific ast-grep or structural rule findings at the source line level with:
# scbc ignore[rule-id]
# scbc ignore[trivial-wrapper]
Same-line form:
value = cfg.get("a", {}).get("b", {}) # scbc ignore[chained-dict-get] Boundary normalization for legacy webhook payloads.
Standalone block form:
# scbc ignore[chained-dict-get]
# Boundary normalization for legacy webhook payloads.
value = cfg.get("a", {}).get("b", {})
Multiple rule IDs:
# scbc ignore[chained-dict-get,dict-get-empty-dict-default]
# Legacy webhook payloads are partially populated and normalized downstream.
value = cfg.get("a", {}).get("b", {})
Function-level boundary suppression is available for code that intentionally validates or normalizes external input:
def _load_toml(path: Path) -> dict[str, Any]:
# scbc boundary: reads and validates user config
...
Boundary directives must be inside the function body, after the def line. By default, ast-grep findings inside that function are hidden, and informational ast-grep rules are omitted. Use --include-all to show ignored, informational, and boundary-suppressed ast-grep findings.
Rules:
- Rule IDs inside
ignore[...]are required. - Reason text is optional.
- Same-line ignore directives apply to that same physical line.
- Standalone ignore directives apply to the next non-blank, non-comment code line.
- Boundary directives apply to the containing function body.
- Ast-grep and structural rule findings are suppressible; clone and erosion findings are not.
- Invalid directives fail the run with exit code
2unless--include-allis used.
How it works
- Tree walking: language dispatch backed by tree-sitter grammars emits language-agnostic
ModuleIRand semantic project context. - Clone detection: hashed AST blocks across the scanned set; two or more matching instances become a
CloneBlock. - Slop patterns: Python ast-grep rules in
src/scb_check/resources/slop_rules/split by category (e.g.range(len(x)),dict.get(k, None),isinstanceladders, manual min/max, defensive guards). - Structural rules: typed Python classes in
src/scb_check/rules/run over tree-walking IR.trivial-wrapperflags removable single-return pass-through functions (identity returns and calls that only forward parameters to another scanned function), while semantic keep reasons skip constant returns, external calls, decorated functions, dunder methods, and inherited API implementations. - Extra local slop patterns: set
SCB_CHECK_EXTRA_SLOP_RULESto a:-separated list of YAML paths to layer additional rules on top of the bundled set. - Complexity: per-function cyclomatic and cognitive complexity plus SLOC, combined into mass scores for erosion metrics.
Documentation
Development
uv run pytest
uv run ruff check
uv run ty check src/
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file scb_check-0.2.0.tar.gz.
File metadata
- Download URL: scb_check-0.2.0.tar.gz
- Upload date:
- Size: 153.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.8.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b1d522fb4954dc863eeef7b1876dca2f0fd0b0b443a1ea51a74479a643e209bb
|
|
| MD5 |
c1aa7054f1bb17f7372233a6af318d79
|
|
| BLAKE2b-256 |
dcd3c090d1253c56b434e6e99d4f31f17ef6787ac51592be849d06dbce7f0b88
|
File details
Details for the file scb_check-0.2.0-py3-none-any.whl.
File metadata
- Download URL: scb_check-0.2.0-py3-none-any.whl
- Upload date:
- Size: 92.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.8.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c931b75214b0b49a411964846ecb431ab125945d5036db895e34e34f936994d2
|
|
| MD5 |
fe1a7a2f56f90e126d650d25b6fe1b55
|
|
| BLAKE2b-256 |
28f9f64ac903536e3ce9a9f09e94117d0a485d68f2fb4ba25aefa01ed0f2d37c
|