Skip to main content

CLI for measuring verbosity and erosion metrics in Python codebases

Project description

scb-check

Python CLI that reports SCBench verbosity and erosion composites for a Python codebase.

  • Paper

  • Source

  • SlopCodeBench (main repo)

  • Verbosity: fraction of SLOC flagged by clone detection, ast-grep slop rules, or trivial-wrapper detection.

  • Erosion: share of function "mass" (complexity * sqrt(sloc)) concentrated in high-complexity functions (cyclomatic complexity > 10).

  • Cognitive erosion: same mass-share calculation using cognitive complexity > 10.

Install

Requires Python 3.12+.

Run without installing (recommended):

uvx scb-check check PATH
uvx --from git+https://github.com/gabeorlanski/scb-check scb-check check PATH

Or install into the current project:

uv sync              # for development in this repo
uv add scb-check     # as a dependency elsewhere

For hash-checked dependency installs from this repository, use the exported lock files:

python -m pip install --require-hashes -r requirements.lock
python -m pip install --require-hashes -r requirements-dev.lock

Regenerate them after dependency changes with:

uv export --format requirements.txt --no-dev --no-emit-project --frozen --output-file requirements.lock
uv export --format requirements.txt --all-groups --no-emit-project --frozen --output-file requirements-dev.lock

Usage

scb-check check PATH                    # human-readable flags
scb-check check PATH --output-format json  # JSON report with verbosity/erosion scores
scb-check check PATH --report           # shortcut for --output-format json
scb-check check PATH -v / --verbosity   # add info logging
scb-check check PATH -vv                # add debug logging
scb-check check PATH --config FILE      # explicit config path
scb-check check PATH --include-all      # include ignored and boundary-suppressed ast-grep findings
scb-check check PATH --disable-sg  # skip ast-grep subprocess findings
scb-check check PATH --min-duplicate-lines N  # show duplicate groups with at least N SLOC lines
scb-check rule RULE_ID                  # print YAML for a specific ast-grep rule

PATH may be a file or directory. Directories are walked for *.py files.

JSON report fields

verbosity, erosion, cog_erosion, files_scanned, total_loc, verbosity_flagged_loc, clone_loc, ast_grep_flagged_loc, trivial_wrapper_loc, trivial_wrappers, total_functions, high_cc_functions, high_cog_functions, total_mass, high_cc_mass, total_cog_mass, high_cog_mass.

Configuration

scb-check looks for scb-check.toml or a pyproject.toml containing [tool.scb-check], [tool.ruff], or [tool.ty.src], walking upward from the current directory until it hits a .git root.

# scb-check.toml
exclude = ["tests/fixtures/*", "vendor/**"]
context = 1
# pyproject.toml
[tool.scb-check]
exclude = ["tests/fixtures/*"]
context = 2
  • exclude: list of glob patterns to skip while discovering Python files.
  • context: number of surrounding source lines to show around human-readable ast-grep, trivial-wrapper, and erosion findings.

When using pyproject.toml, scb-check also includes excludes from:

  • [tool.ruff].exclude
  • [tool.ruff].extend-exclude
  • [tool.ty.src].exclude

Source directives

You can suppress specific ast-grep or trivial-wrapper findings at the source line level with:

# scbc ignore[rule-id]
# scbc ignore[trivial-wrapper]

Same-line form:

value = cfg.get("a", {}).get("b", {})  # scbc ignore[chained-dict-get] Boundary normalization for legacy webhook payloads.

Standalone block form:

# scbc ignore[chained-dict-get]
# Boundary normalization for legacy webhook payloads.
value = cfg.get("a", {}).get("b", {})

Multiple rule IDs:

# scbc ignore[chained-dict-get,dict-get-empty-dict-default]
# Legacy webhook payloads are partially populated and normalized downstream.
value = cfg.get("a", {}).get("b", {})

Function-level boundary suppression is available for code that intentionally validates or normalizes external input:

def _load_toml(path: Path) -> dict[str, Any]:
    # scbc boundary: reads and validates user config
    ...

Boundary directives must be inside the function body, after the def line. By default, ast-grep findings inside that function are hidden. Use --include-all to show ignored and boundary-suppressed ast-grep findings.

Rules:

  • Rule IDs inside ignore[...] are required.
  • Reason text is optional.
  • Same-line ignore directives apply to that same physical line.
  • Standalone ignore directives apply to the next non-blank, non-comment code line.
  • Boundary directives apply to the containing function body.
  • Ast-grep and trivial-wrapper findings are suppressible; clone and erosion findings are not.
  • Invalid directives fail the run with exit code 2 unless --include-all is used.

How it works

  • Parsing: tree-sitter-python.
  • Clone detection: hashed AST blocks across the scanned set; two or more matching instances become a CloneBlock.
  • Slop patterns: ast-grep rules in src/scb_check/resources/slop_rules/ split by category (e.g. range(len(x)), dict.get(k, None), isinstance ladders, manual min/max, defensive guards).
  • Trivial wrappers: tree-sitter detects functions whose only executable body statement is return ..., plus aliases to functions defined in scanned files. Findings include resolved usage locations within the scanned files.
  • Extra local slop patterns: set SCB_CHECK_EXTRA_SLOP_RULES to a :-separated list of YAML paths to layer additional rules on top of the bundled set.
  • Complexity: per-function cyclomatic and cognitive complexity plus SLOC, combined into mass scores for erosion metrics.

Development

uv run pytest
uv run ruff check
uv run ty check src/

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

scb_check-0.1.3.tar.gz (115.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

scb_check-0.1.3-py3-none-any.whl (67.3 kB view details)

Uploaded Python 3

File details

Details for the file scb_check-0.1.3.tar.gz.

File metadata

  • Download URL: scb_check-0.1.3.tar.gz
  • Upload date:
  • Size: 115.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.8.4

File hashes

Hashes for scb_check-0.1.3.tar.gz
Algorithm Hash digest
SHA256 4fff3cb69fc199d8aa1bef7f77c6f1d25b142757eac20b53bd1330c959beb8d2
MD5 bd4f9f0356679aa58b1a88bfa2e2ddf7
BLAKE2b-256 50868e38e3e8679c266eae5cbbb12a986a21611243bd50adea71021594d7a5c3

See more details on using hashes here.

File details

Details for the file scb_check-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: scb_check-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 67.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.8.4

File hashes

Hashes for scb_check-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 f13040c8ca8f57b8dc8137692c37e0f181fe55867691dfe6a5b8a79d2513f50f
MD5 060ca77fc9e948aa4cacac36b1896f61
BLAKE2b-256 c58fbfa0aed2b112a9f18b88dae870bb592cbb2fee5612eb1dc77235e96f00b6

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page