Prepare CodeClone 2.0.2 release (#32)

* chore(release): prepare 2.0.2 docs and lockfile
* fix(cli): show 2.0.2 dead-code migration note

Prepare CodeClone 2.0.1 stability release (#30)

* chore(docs): update pipeline overview diagram
* chore(release): prepare 2.0.1 package metadata
* fix(vscode): align hotspot counts with report semantics
* fix(mcp): derive baseline help from contract version
* chore(docs): alignment of documentation to the current codebase
* chore(ci): updating the base image to the current tag
* chore(ci): updating versions of action
* feat(cli): add dead-code migration note
* fix(cli): refresh banner subtitle
* chore(release): update 2.0.1 changelog date

Finalize CodeClone 2.0 release surfaces (#26)

* release: stabilize v2 surfaces and GitHub Action
- move package/docs/extension/plugin metadata to stable 2.0.0 defaults
- refresh CodeClone branding across docs, HTML report, VS Code, Claude Desktop, and Codex plugin assets
- polish the composite GitHub Action install policy, helper structure, and PR review summary
- add/update tests for action defaults, extension support, and plugin metadata
* chore(docs): re-organization of badges in the README
* chore(docs): refine CodeClone wordmark assets
- adjust light/dark wordmark viewBox and text spacing
- simplify SVG text layout for cleaner rendering
* chore(docs): refine CodeClone wordmark assets
- adjust light/dark wordmark viewBox and text spacing
- simplify SVG text layout for cleaner rendering
* chore(docs): refine CodeClone wordmark assets
- adjust light/dark wordmark viewBox and text spacing
- simplify SVG text layout for cleaner rendering
* chore(docs): re-organization of badges in the README
* chore(docs): re-organization of badges in the README

fix: harden b7 packaging and extension toolchain (#25)

Constrain the MCP extra away from incompatible httpx prereleases, refresh the VS Code extension packaging toolchain to remove the vulnerable uuid chain, and keep mypy/pre-commit stable when build artifacts exist.

2.0.0b6: land the architecture split, adaptive dependency profiling, …

…and security review surfaces (#23)

* refactor(app): global and comprehensive refactoring (Stage #1).
* refactor(app): global and comprehensive refactoring (Stage #2).
* refactor(core): global cleanup of Any
* refactor(analysis,report): remove empty TYPE_CHECKING guards
* fix(cache): prune stale deleted file entries
* refactor(report,mcp): reduce import dependency chains
* test(coverage): cover validation and renderer edges
* refactor(app): global and comprehensive refactoring (Stage #1).
* docs(architecture): refresh docs for b6 layout
* fix(defaults): centralize shared runtime defaults
* fix(readme): make wordmark render on PyPI with absolute asset URLs
* chore(preview): tighten MCP docs and refresh b6 client metadata
* refactor(mcp): split session and remove duplicated CLI helper tails
* feat(cli): show one-time VS Code extension hint in interactive terminals
* refactor(report): move html template into canonical html package

* refactor(analysis,findings): move suppressions and golden fixtures to canonical modules

* fix(dependencies): align depth threshold docs and UI with health model
* feat(dependencies): switch to adaptive depth profiling and surface it in reports
- replace the fixed max-depth penalty with an adaptive dependency depth model
  based on avg_depth, p95_depth, and max_depth
- limit dependency scoring to the internal module graph and keep cycles as the
  hard dependency signal
- surface the dependency profile in HTML, text/markdown, and CLI/CI summaries
- bump report schema to 2.9 and align contracts, docs, snapshots, and tests
- refresh b6 changelog/docs for the new dependency semantics
* chore(cli,report): refine dependency visuals and runtime warnings
- keep dependency SVG aligned with longest chains and detected cycles when the graph is truncated
- switch deep dependency graphs to a wider horizontal layout with extra viewBox padding, lighter secondary labels, and more vertical breathing room
- unify CLI runtime warnings under one calmer lead/detail formatter across cache, worker, parallel fallback, coverage, and summary paths
- clarify in config docs that `coverage_xml` is the pyproject key mapped to CLI --coverage
- refresh the baseline snapshot and README health badge to the current 90(A) state
- include the current uv.lock refresh
* chore(dev): drop codegraphcontext from dev dependencies
* ci(release): add trusted publishing workflow and harden benchmark isolation
* chore(docs, licence): documentation has been updated and the recognition of codeclone license types for GitHub (dual-license model) has been improved. This change does not change the licensing model, but is of a technical nature.
* chore(docs): marking version 1.4.x as no longer supported (EOL)
* chore(release): polish b6 notes, health scoring, and PyPI license links
* fix(mcp): preserve reviewed finding summary payload
* fix(clients,docs): restore local fallback and refresh client surfaces
* fix(clients,docs): make Codex plugin install-safe and parallelize VS Code MCP hydration
* fix(runtime): complete cp314 migration and clean baseline trust UX
* fix(tests): keep provenance mismatch checks matrix-safe
* feat(report): add report-only security surfaces inventory across cache, cli, html, and mcp
* feat(vscode): add source-first Security Surfaces review flow with Coverage Join context
* docs(release): tighten b6 notes and sync report schema with MCP cache-policy contract

Ship CodeClone 2.0.0b5 with coverage-aware metrics and baseline-hones…

…t review surfaces (#21)

## Summary

Ship `2.0.0b5` as the next `v2` beta milestone.

This release expands the canonical report with adoption, API-surface, and coverage-join layers, tightens cache and baseline-aware runtime behavior, and brings the MCP/HTML/client surfaces into closer agreement with the core contracts.

## Highlights

- add canonical `coverage_adoption`, `api_surface`, and `coverage_join` metrics/report layers
- add `golden_fixture_paths` to exclude intentional fixture clone groups from health/gates while preserving them as suppressed facts
- separate measured coverage hotspots from coverage scope gaps
- surface adoption/API/coverage facts across CLI, MCP, HTML, VS Code, Claude Desktop, and Codex plugin flows
- make cache profile compatibility API-surface-aware (`Cache 2.5`) and keep warm/cold API behavior honest
- stabilize benchmark and CLI baseline-path handling
- refine HTML review surfaces, provenance badges, empty states, filters, and mobile behavior
- add compact MCP threshold context for empty design checks so agents can tell "quiet" from "just below threshold"

## Validation

- `uv run pytest --cov=codeclone --cov-report=term-missing --cov-fail-under=99 -q`
- `uv run pre-commit run --all-files`
- `uv run --with mkdocs --with mkdocs-material mkdocs build --strict`
- MCP service/server tests
- VS Code extension checks, tests, and `.vsix` packaging
- Claude Desktop bundle checks, tests, and `.mcpb` build
- Codex plugin manifest checks and tests
- benchmark workflow green with strong warm-cache speedup

## Notes

- no baseline update is included in this PR
- `coverage_join` remains a current-run external signal, not baseline truth
- `golden_fixture_paths` affects health/gates only for fully matching fixture clone groups; suppressed facts remain visible in the canonical report

Ship CodeClone 2.0.0b4 with first-class MCP, VS Code, Claude, and Cod…

…ex surfaces (#19)

* feat(mcp): add help tool for cheaper, more guided agent workflows

* feat(report): add report-only god modules and tighten MCP, health, and UX semantics

- add canonical `metrics.families.god_modules` as a report-only layer and surface it in JSON, CLI, HTML, and MCP without affecting health, gates, or findings
- tighten findings vs suggestions semantics for low-signal structural hints and keep action guidance inline where separate suggestions add no real value
- align CLI and HTML scope/inventory presentation with canonical report semantics and polish overview/God Modules rhythm
- add dedicated Health Score documentation, clarify phased health-model expansion, and document unified metrics-baseline behavior
- refresh MCP guidance/help wording and GitHub issue templates for the current b4 surface

* feat(vscode): add a publish-ready CodeClone VS Code extension and document it as a first-class surface

- add a native VS Code client over codeclone-mcp with baseline-aware, triage-first structural review and guided source-first drill-down
- stabilize extension lifecycle and setup UX with local launcher verification, fallback connection handling, review-focused hotspots, and human-readable command surfaces
- add CodeClone-native branding and marketplace-ready packaging assets, including a proper extension icon and validated .vsix packaging
- document the new VS Code interface across README, docs, contracts book, changelog, and issue-routing guidance
- update AGENTS.md to reflect the VS Code extension as a public surface and align validation/module-routing rules with the current codebase

* feat(vscode): harden the VS Code surface and document it as a first-class contract

- mature the preview VS Code extension into a safer, enterprise-grade MCP client with limited Restricted Mode, source-first review flow, persisted focus state, bounded transport handling, and a safer local HTML bridge
- add extension-side regression coverage with Node unit tests, local extension-host smoke, and validated preview VSIX packaging
- document the extension consistently across README, docs, the contracts book, changelog, and AGENTS with its current capabilities, design decisions, trust model, and limits

* feat(vscode): harden the VS Code client with trust-aware UX, safer launcher/runtime handling, and tested review workflows

* feat(vscode,report): rename overloaded modules canonically and harden the VS Code surface

* feat(vscode): add profile-aware review workflows and harden the VS Code extension lifecycle

- add conservative, deeper-review, and custom analysis profiles to the VS Code extension and pass them through to CodeClone MCP
- improve review UX with clearer analysis-depth affordances, conservative-first guidance, and profile-aware overview/session state
- harden extension lifecycle and resource handling with safer shutdown, single-flight MCP connection reuse, and cleanup of workspace/session state
- expand extension-side regression coverage and refresh VS Code extension docs to match the current behavior

* feat(mcp,report): harden core contracts, cleanup structural noise, and tighten MCP guidance

- implement the audit-driven cleanup across baseline/cache/report/html internals with shared JSON IO, safer normalization and path handling, and cleaner structural rendering boundaries
- remove safe non-golden structural and clone noise surfaced by stricter analysis passes without touching golden fixture debt
- strengthen MCP semantics with conservative-first threshold guidance, the new analysis_profile help topic, and tighter workflow/help wording
- refresh core docs and contract tests for baseline, report, MCP, and stricter analysis behavior

* feat(claude): make the Claude Desktop bundle

* feat(codex): add a native CodeClone plugin for Codex MCP review

* refactor(tests): split the golden v2 dummy executor into a narrower inline stub and update baseline

* feat(clients,docs): polish native client surfaces and harden the Claude bundle startup flow

* docs(clients): standardize uv installs and tighten Codex MCP-only guardrails

* feat(clients): harden MCP client surfaces and polish prerelease UX for b4

- make MCP initialize metadata report the CodeClone package version so clients can enforce runtime compatibility correctly
- harden the VS Code extension with a minimum supported CodeClone gate, uv-based setup guidance, moved-view icons, titled quick picks, and leaner editor actions aligned with current VS Code UX guidance
- improve the Claude Desktop bundle startup path and launcher handling, with refreshed tests and packaging flow
- refresh README, MCP/client docs, changelog, and related CI-facing metadata around the current VS Code, Claude, and Codex surfaces

* feat(vscode): improve launcher clarity, range-aware source reveal, and marketplace readiness

- make unsupported CodeClone runtime errors explain which launcher the extension resolved and whether it came from the workspace, explicit settings, PATH, or repo-local uv fallback
- document that auto launcher resolution prefers the current workspace virtualenv before falling back to PATH
- fix source reveal for clone review by hydrating canonical finding detail when summary locations are range-truncated, so block and segment findings reveal the full span instead of only the first line
- bump the preview VS Code extension to 0.2.1, refresh packaged metadata, and add the live Marketplace listing across the repo and extension docs

MCP server, canonical report tightening, and MPL-2.0 relicensing (#18)

This PR prepares `codeclone` `2.0.0b3`.

The beta line now lands as a coherent platform release:
- optional read-only MCP server for agent workflows
- canonical-report-first tightening across MCP and report projections
- changed-scope review and CI-oriented delivery surfaces
- MPL-2.0 relicensing for code, with docs kept under MIT

## Highlights

- add optional `codeclone[mcp]` with `codeclone-mcp` launcher (`stdio` and `streamable-http`)
- ship `20` MCP tools, `7` fixed resources, and `3` run-scoped URI templates
- make MCP budget-aware and triage-first: compact first-pass workflow, bounded drill-down, and explicit guidance for low-cost agent usage
- slim MCP payloads without changing canonical report truth
- harden MCP safety semantics: absolute `root` required for analysis tools, honest `compare_runs`, session-local review state only
- move threshold-aware design findings fully into the canonical report and record effective thresholds in `meta.analysis_thresholds.design_findings`
- add canonical `derived.overview.directory_hotspots` and render `Hotspots by Directory` in Overview
- bump report schema to `2.2` and cache schema to `2.3`
- fix stale cache reuse after semantic analysis changes
- fix AST normalization side effects that corrupted downstream cohesion metrics
- refresh baseline/health after analysis fixes (`85 (B)` on the repo)
- polish HTML report navigation, badges, overview rhythm, and hotspot presentation
- relicense repository code to `MPL-2.0` while keeping documentation under `MIT`

## Contracts and compatibility

- baseline schema remains `2.0`
- fingerprint version remains `1`
- report schema is now `2.2`
- cache schema is now `2.3`
- MCP remains read-only with respect to repo state and persisted artifacts

fix(html): resolve responsive report overflows and polish mobile UX (#17

)

* chore(deps): upgrade requests to 2.33.0 and refresh locked security updates and bump codeclone version
* fix(html): resolve responsive report overflows and polish provenance badges
* fix(html): polish mobile responsive layout — sticky tabs, scroll shadows, compact topbar

v2.0.0b1 (#13)

* feat: complete spec 2.0.0 architecture and UX updates

* feat(cli iu): improvements to the cli UI, adding pre-commit hooks, updating documentation

* chore(docs): update logo size

* feat(core): UI improvements, updating report schemas; adding new formats (md, sarif); multiple hot path optimizations and other improvements

* feat(core): Comprehensive benchmark for codeclone has been added, the documentation has been updated, and the crash of tests in CI has been fixed

* fix(tests): stabilize unreadable-source CLI assertion across runners by checking combined stdout/stderr output; fix README.md; fix matrics error in GAW

* fix(ci): isolate unreadable-source CLI tests with per-test cache path and run benchmark container under host uid:gid to prevent bind-mount write permission failures

* fix(tests): deflake unreadable-source CLI check by asserting JSON source_io_skipped contract instead of unstable console warning text

* chore(docs): update README.md and update package deps

* fix(perf): harden scanner root filtering and optimize report snippet/explain paths

* docs(changelog): add 1.4.4 backport section under 2.0.0b1

* feat(core): ship clone_guard_exit_divergence + clone_cohort_drift, optimize cache/report pipeline, harden deterministic contracts, and align docs/tests for 2.0.0b1

* fix(detect): treat module-level PEP 562 hooks (__getattr__/__dir__) as non-actionable dead-code candidates and update tests/docs

* feat(detect): add declaration-scoped # noqa: codeclone[dead-code] suppressions (parser, symbol binding, final filtering) with tests and docs; update html-report UI

* fix(report): propagate dead-code noqa suppressions end-to-end (detection→metrics→CLI/JSON/TXT/MD/HTML), exclude suppressed from health

* chore(docs): update docs

* refactor(domain): centralize report/pipeline taxonomies and unify coercion helpers/tests

* refactor(domain): centralize finding taxonomies across sarif/structural/ui and enforce domain-layer boundaries

* refactor(report): modularize HTML rendering, finalize codeclone suppressions, and clean dead code

* fix(suppressions): bind multiline inline ignores to decorated declaration headers consistently

* fix(suppressions): bind multiline inline ignores to decorated declaration headers consistently

* refactor(html): refresh report layouts, findings cards, and metric delta badges

* feat(cli): add browser-open HTML reports and timestamped default report paths

* test(cli): make HTML open warning assertion robust across wrapped console output

* refactor(report): materialize overview insights, streamline cache/extractor internals, and sync docs

* feat(core): improve report UX, strengthen cache/report contracts, and publish project docs

* chore(docs): update AGENTS.md

* perf(core): add lazy suppression/report fast-paths and streamline extractor binding

* chore(release): finalize beta packaging metadata, PyPI README links, and v2.0.0b1 notes