Skip to content

Fix dead-code false positives for framework/runtime reachability#29

Merged
orenlab merged 11 commits into
mainfrom
fix/false-positivity-in-a-dead-code
May 13, 2026
Merged

Fix dead-code false positives for framework/runtime reachability#29
orenlab merged 11 commits into
mainfrom
fix/false-positivity-in-a-dead-code

Conversation

@orenlab
Copy link
Copy Markdown
Owner

@orenlab orenlab commented May 13, 2026

Summary

This PR reduces dead-code false positives by teaching CodeClone about deterministic runtime reachability surfaces that do not appear as direct calls.

It covers FastAPI/Starlette routes and dependencies, Django URL patterns, Dependency Injector providers, Typer/Click commands, Celery tasks, top-level __all__ exports, package entry points, Pydantic validator/serializer hooks, Protocol declarations, and explicit ABC inheritance.

Details

  • Adds a reachability model for framework and packaging-driven liveness without executing user code.
  • Preserves deterministic behavior: no broad name-only heuristics, ambiguous entry-point matches are ignored, and project metadata is limited to repo-local pyproject.toml.
  • Bumps cache/report schemas to carry reachability facts consistently across cold and warm runs.
  • Updates docs and tests for the new dead-code contract.
  • Refreshes project dependencies for the current 2.0.1b1 beta line.

Validation

  • uv run pytest --cov=codeclone --cov-report=term-missing --cov-fail-under=99 --cov-report=xml
  • uv run --with mkdocs --with mkdocs-material mkdocs build --strict
  • uv run pre-commit run --all-files
  • CodeClone MCP full run and changed-scope review against main

orenlab added 11 commits May 6, 2026 19:11
@orenlab
docs(chore): clarification of wording and general reorganization of s…
821f341 
…ections
@orenlab
feat(core): bump package version to 2.0.1b1 and update project deps (…
bbbb065 
…uv.lock)
@orenlab
fix(core, ci): update package description and bump GitHub default Cod…
e06b514 
…eClone package verion to 2.0.1b1 for current beta line to fix tests errors in CI
@orenlab
fix(core): fixed the FP dead code detector for popular frameworks (Fa…
d978d48 
…stAPI/Starlette route and dependency registration, Django URL patterns, Dependency Injector providers, Typer/Click commands, and Celery tasks), as well as CI tests.
@orenlab
chore(docs): update project docs
24e552b
@orenlab
chore(docs): update project docs
f6e3cfa
@orenlab
fix(dead-code): avoid Protocol declarations as false positives
9354b6a
@orenlab
test(dead-code): cover explicit ABC inheritance liveness
c73fc0a
@orenlab
fix(dead-code): reduce framework and packaging false positives
5922ee1 
- Teach dead-code analysis about exact runtime liveness surfaces that do not appear as direct calls: FastAPI Annotated dependencies, literal __all__ exports, package entry points, and Pydantic runtime hooks.
@orenlab
chore(deps): update project deps
251c1ee
@orenlab
chore(docs): remove v1 EOL notice from README pages
644a631
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 13, 2026

CodeClone Review

✅ Passed · Health 90/100 (A) · Baseline ok · Cache miss · CodeClone 2.0.1b1

Review snapshot

Area Signal Review note
Clones 0 total, 0 new, 0 known no new clone debt reported
Quality CC max 20, CBO max 8, LCOM4 max 3, overloaded 11 structural metric snapshot
Dependencies avg 4.0, p95 12, max 16, cycles 0 acyclic
Coverage Join not joined no coverage.xml facts in this report
Security Surfaces 59 surfaces, 4 categories, 29 production report-only boundary inventory
API Surface 2232 symbols, 217 modules 0 breaking, 0 added
Dead code 0 high-confidence, 1 suppressed clean

Review focus

  • Treat 29 production security surface(s) as review-first boundary code when touched.
  • Review 11 overloaded module candidate(s) when they intersect this PR.

Security Surfaces are report-only capability inventory, not vulnerability claims. Generated by CodeClone

@orenlab orenlab merged commit 7c90e1b into main May 13, 2026
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@orenlab