Feature/new danger code

.gitignore

@@ -36,7 +36,6 @@ Cargo.toml.bak
 
 # Depending on your IDE or editor, you might want to ignore these:
 .idea/
-.vscode/
 *.iml
 *.swp
 *.swo
@@ -87,3 +86,6 @@ test_repo
 .index_cache
 htmlcov/
 .vscode-test/
+security_example/
+security_stats_report.md
+lcov.info

.typos.toml

@@ -0,0 +1,22 @@
+# typos configuration
+# See: https://github.com/crate-ci/typos
+
+[files]
+# Exclude files/directories from spell checking
+extend-exclude = [
+    "lcov.info",
+    "*.lcov",
+    "target/",
+    "node_modules/",
+    ".venv/",
+    "dist/",
+    "*.lock",
+]
+
+[default]
+# Known acceptable words that should not be flagged
+extend-ignore-identifiers-re = []
+
+[default.extend-words]
+# Add any false positives here
+# Example: "Nd" = "Nd"

.vscode/extensions.json

@@ -0,0 +1,15 @@
+{
+  "recommendations": [
+    "usernamehw.errorlens",
+    "serayuzgur.crates",
+    "tion.evenbettercomments",
+    "tamasfe.even-better-toml",
+    "rust-lang.rust-analyzer",
+    "1yib.rust-bundle",
+    "rodrigocfd.format-comment",
+    "ryanluker.vscode-coverage-gutters",
+    "vadimcn.vscode-lldb",
+    "donjayamanne.githistory",
+    "eamodio.gitlens"
+  ]
+}

.vscode/settings.json

@@ -0,0 +1,19 @@
+{
+  "rust-analyzer.cargo.extraEnv": {
+    "PYO3_PYTHON": "${workspaceFolder}/.venv/Scripts/python.exe"
+  },
+  "rust-analyzer.check.command": "clippy",
+  "rust-analyzer.check.extraArgs": [
+    "--all-features",
+    "--",
+    "-W",
+    "clippy::complexity",
+    "-W",
+    "clippy::pedantic",
+    "-W",
+    "clippy::perf"
+  ],
+  "coverage-gutters.coverageFileNames": ["lcov.info"],
+  "coverage-gutters.coverageBaseDir": ".",
+  "coverage-gutters.showLineCoverage": true
+}

CONTRIBUTING.md

@@ -53,7 +53,7 @@ Thank you for your interest in contributing to the Rust implementation of CytoSc
 2. **Create Python Virtual Environment:**
 
    ```bash
-   # Using uv (recommended)
+   # Using uv (strongly recommended)
    uv venv
    source .venv/bin/activate  # Linux/macOS
    .venv\Scripts\activate     # Windows
@@ -64,41 +64,32 @@ Thank you for your interest in contributing to the Rust implementation of CytoSc
    .venv\Scripts\activate     # Windows
    ```
 
-3. **Install Maturin:**
+3. **Install Dependencies:**
 
    ```bash
-   pip install maturin
-   ```
-
-4. **Build and Install in Development Mode:**
-
-   ```bash
-   # Build and install the Python package with Rust extension
-   maturin develop -m cytoscnpy/Cargo.toml
+   # Using uv (fast)
+   uv pip install -e ".[dev]"
 
-   # Or with release optimizations
-   maturin develop -m cytoscnpy/Cargo.toml --release
+   # Or using pip
+   pip install -e ".[dev]"
    ```
 
-5. **Verify Installation:**
+## Developing cytoscnpy-mcp
 
-   ```bash
-   # Test Python import
-   python -c "import cytoscnpy; print('Success!')"
+The MCP server implementation is located in `cytoscnpy-mcp/`. It allows CytoScnPy to be used as a tool by AI assistants.
 
-   # Test CLI command
-   cytoscnpy --help
-   ```
+### Running the MCP Server locally
 
-6. **Run Tests:**
+```bash
+cargo run --bin cytoscnpy-mcp
+```
 
-   ```bash
-   # Rust tests
-   cargo test
+### Testing the MCP Server
 
-   # Python integration tests (if available)
-   pytest
-   ```
+```bash
+# Run MCP-specific tests
+cargo test -p cytoscnpy-mcp
+```
 
 ## Project Structure
 
@@ -112,57 +103,20 @@ CytoScnPy/
 │       ├── __init__.py        # Imports Rust `run` function
 │       └── cli.py             # CLI wrapper calling Rust
 │
-├── cytoscnpy/                 # Rust library with PyO3 bindings
-│   ├── Cargo.toml             # Library + cdylib configuration
-│   ├── tests/                 # Rust integration tests
+├── cytoscnpy/                 # Core Rust library with PyO3 bindings
+│   ├── Cargo.toml
 │   └── src/
-│       ├── lib.rs             # Crate root + #[pymodule]
-│       ├── main.rs            # Binary entry point (cytoscnpy-bin)
-│       ├── python_bindings.rs # PyO3 implementation (modular)
-│       ├── entry_point.rs     # Core CLI logic
-│       ├── config.rs          # Configuration (.cytoscnpy.toml)
-│       ├── cli.rs             # Command-line argument parsing
-│       ├── commands.rs        # Radon-compatible commands
-│       ├── output.rs          # Rich CLI output
-│       ├── linter.rs          # Rule-based linting engine
-│       ├── constants.rs       # Shared constants
-│       ├── analyzer/          # Main analysis engine
-│       │   ├── mod.rs         # Module exports
-│       │   ├── types.rs       # AnalysisResult, ParseError types
-│       │   ├── heuristics.rs  # Penalty and heuristic logic
-│       │   └── processing.rs  # Core processing methods
-│       ├── visitor.rs         # AST traversal
-│       ├── framework.rs       # Framework-aware patterns
-│       ├── test_utils.rs      # Test file detection
-│       ├── utils.rs           # Utilities
-│       ├── ipynb.rs           # Jupyter notebook support
-│       ├── metrics.rs         # Metrics types
-│       ├── complexity.rs      # Cyclomatic complexity
-│       ├── halstead.rs        # Halstead metrics
-│       ├── raw_metrics.rs     # LOC, SLOC metrics
-│       ├── rules/             # Security & quality rules
-│       │   ├── mod.rs         # Rules module
-│       │   ├── secrets.rs     # Secrets scanning + entropy
-│       │   ├── danger.rs      # Dangerous code detection
-│       │   ├── danger/        # Danger rule helpers
-│       │   └── quality.rs     # Code quality checks
-│       └── taint/             # Taint analysis module
-│           ├── mod.rs         # Module exports
-│           ├── types.rs       # TaintFinding, TaintInfo, VulnType
-│           ├── analyzer.rs    # Main taint analyzer
-│           ├── sources.rs     # Source detection (input, request.*)
-│           ├── sinks.rs       # Sink detection (eval, subprocess, SQL)
-│           ├── propagation.rs # Taint state tracking
-│           ├── intraprocedural.rs  # Statement-level analysis
-│           ├── interprocedural.rs  # Cross-function analysis
-│           ├── crossfile.rs   # Cross-module analysis
-│           ├── call_graph.rs  # Function call graph
-│           └── summaries.rs   # Function summaries
+│       └── ...
 │
-├── cytoscnpy-cli/             # Standalone Rust binary (optional)
+├── cytoscnpy-cli/             # Standalone Rust binary
 │   ├── Cargo.toml
 │   └── src/
-│       └── main.rs            # Calls cytoscnpy::entry_point
+│       └── main.rs
+│
+├── cytoscnpy-mcp/             # MCP Server implementation
+│   ├── Cargo.toml
+│   ├── src/                   # Rust implementation
+│   └── tests/                 # MCP-specific tests
 │
 ├── benchmark/                 # 135-item ground truth suite
 └── target/                    # Build artifacts (gitignored)

Cargo.toml

@@ -3,7 +3,7 @@ members = ["cytoscnpy", "cytoscnpy-cli", "cytoscnpy-mcp"]
 resolver = "2"
 
 [workspace.package]
-version = "1.2.6"
+version = "1.2.7"
 edition = "2021"
 license = "Apache-2.0"
 

README.md

@@ -6,9 +6,9 @@
 [![Security Audit](https://github.com/djinn09/CytoScnPy/actions/workflows/security.yml/badge.svg)](https://github.com/djinn09/CytoScnPy/actions/workflows/security.yml)
 [![Docs](https://github.com/djinn09/CytoScnPy/actions/workflows/docs.yml/badge.svg)](https://github.com/djinn09/CytoScnPy/actions/workflows/docs.yml)
 [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
-[![Version](https://img.shields.io/badge/version-1.2.5-green.svg)](https://github.com/djinn09/CytoScnPy)
+[![Version](https://img.shields.io/badge/version-1.2.7-green.svg)](https://github.com/djinn09/CytoScnPy)
 
-A fast static analysis tool for Python codebases, powered by Rust with hybrid Python integration. Detects dead code, security vulnerabilities (including taint analysis), and code quality issues with extreme speed. Code quality metrics are also provided.
+A fast, lightweight static analyzer for Python codebase. It’s built in Rust with Python integration and detection of dead code, security issues, and code quality issue, along with useful quality metrics.
 
 ## Why CytoScnPy?
 

benchmark/README.md

@@ -41,7 +41,7 @@ This benchmark evaluates **11 dead code detection tools** against a curated Pyth
 
 ## Running the Benchmark
 
-```bash
+````bash
 # Activate environment
 .\.venv\Scripts\activate  # Windows
 source .venv/bin/activate  # Linux/Mac
@@ -59,8 +59,11 @@ python benchmark/benchmark_and_verify.py --compare-json benchmark/baseline_win32
 python benchmark/benchmark_and_verify.py --compare-json benchmark/baseline_linux.json
 
 # Update Baseline (Save current results)
+
 # Windows:
+
 python benchmark/benchmark_and_verify.py --save-json benchmark/baseline_win32.json
+
 # Linux:
 python benchmark/benchmark_and_verify.py --save-json benchmark/baseline_linux.json
 ```
@@ -409,6 +412,7 @@ The tools were selected to represent the full spectrum of dead code detection ap
 **F1 Score balances precision and recall**, which is critical for dead code detection:
 
 ```
+
 F1 = 2 × (Precision × Recall) / (Precision + Recall)
 ```
 
@@ -557,7 +561,7 @@ Dead code detection is a **fundamentally hard problem** due to:
    ```python
    getattr(obj, func_name)()  # Which function is called?
    globals()[var_name]        # Which variable is accessed?
-   ```
+```
 
 2. **Framework Magic**
 
@@ -621,3 +625,4 @@ Memory is measured as **Peak Resident Set Size (RSS)** during tool execution:
 ---
 
 _Last updated: 2025-12-28 (135 total ground truth items, 11 tools benchmarked)_
+````