Skip to content

Fix dead-code reachability for framework runtime patterns#31

Merged
orenlab merged 7 commits into
mainfrom
fix/dead-code-runtime-reachability
May 19, 2026
Merged

Fix dead-code reachability for framework runtime patterns#31
orenlab merged 7 commits into
mainfrom
fix/dead-code-runtime-reachability

Conversation

@orenlab
Copy link
Copy Markdown
Owner

@orenlab orenlab commented May 19, 2026

Summary

This PR reduces false-positive dead-code findings for runtime-managed Python code by extending CodeClone’s reachability model with deterministic, evidence-based framework and dynamic-dispatch patterns.

What changed

  • Treat FastAPI/Starlette route decorators, including typed wrapper decorators over router methods, as runtime entrypoints.
  • Treat Aiogram router observer decorators as runtime handler registration.
  • Treat Starlette BaseHTTPMiddleware.dispatch, SQLAlchemy TypeDecorator hooks, Pydantic validators/computed fields, ABC/protocol contracts, public exports, lazy exports, and guarded dynamic getattr(..., "method") dispatch as reachability evidence where the pattern is explicit.
  • Exclude vendored node_modules Python files from default project scanning.
  • Keep the behavior deterministic and report-only where appropriate: this does not add broad name-only heuristics or hidden framework magic.

Validation

  • uv run pytest --cov=codeclone --cov-report=term-missing --cov-fail-under=99 --cov-report=xml
  • uv run pre-commit run --all-files
  • uv run codeclone . --ci --json .cache/codeclone/report.json

@orenlab orenlab self-assigned this May 19, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 19, 2026

CodeClone Review

✅ Passed · Health 90/100 (A) · Baseline ok · Cache miss · CodeClone 2.0.2

Review snapshot

Area Signal Review note
Clones 0 total, 0 new, 0 known no new clone debt reported
Quality CC max 20, CBO max 8, LCOM4 max 3, overloaded 11 structural metric snapshot
Dependencies avg 4.0, p95 12, max 16, cycles 0 acyclic
Coverage Join not joined no coverage.xml facts in this report
Security Surfaces 59 surfaces, 4 categories, 29 production report-only boundary inventory
API Surface 2252 symbols, 217 modules 0 breaking, 0 added
Dead code 0 high-confidence, 1 suppressed clean

Review focus

  • Treat 29 production security surface(s) as review-first boundary code when touched.
  • Review 11 overloaded module candidate(s) when they intersect this PR.

Security Surfaces are report-only capability inventory, not vulnerability claims. Generated by CodeClone

@orenlab orenlab merged commit 58b01b0 into main May 19, 2026
23 checks passed
@orenlab orenlab deleted the fix/dead-code-runtime-reachability branch May 19, 2026 11:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@orenlab orenlab

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@orenlab