# TODO
## ✅ Completed
- [x] Implement basic code search functionality
- [x] Add fuzzy search support
- [x] Add interactive mode
- [x] Add codebase analysis
- [x] Add refactoring suggestions
- [x] Implement MCP server support (rmcp 0.12 with 9 tools: search, list, analyze, complexity, duplicates, deadcode, circular, find_symbol, get_health)
- [x] Add comprehensive unit tests (173 tests)
- [x] Add integration tests (36 tests)
- [x] Add MCP server tests (23 tests)
- [x] Simplify CLI usage with defaults
- [x] Add semantic search enhancement
- [x] Add caching system for performance (simple cache + LRU cache)
- [x] Update README with comprehensive documentation
- [x] Create architecture documentation (ARCHITECTURE.md)
- [x] Create technical specification (SPEC.md)
- [x] Add progress indicators for long-running searches
- [x] Add export functionality (CSV, Markdown, JSON, DOT)
- [x] Add keyboard shortcuts in interactive mode
- [x] Add code complexity metrics (cyclomatic & cognitive complexity)
- [x] Add code duplication detection
- [x] Add dead code detection with enhanced capabilities:
- Unused variables and constants detection
- Unreachable code detection (after return/break/continue)
- Empty function detection (supports Python, Rust, JS, etc.)
- TODO/FIXME/HACK/XXX/BUG marker detection
- Commented-out code detection
- Unused import detection
- [x] Add comprehensive multi-language support (48 languages)
- [x] Modularize codebase into smaller maintainable modules (40+ modules)
- [x] Refactor deadcode.rs into modular structure (4 sub-modules for better maintainability)
- [x] Extract CLI definitions from main.rs to cli.rs module (reduced main.rs from 1050 to ~400 lines)
- [x] Modularize codemetrics.rs into 5 submodules (complexity, size, maintainability, helpers, mod)
- [x] Modularize designmetrics.rs into 5 submodules (types, analysis, extractors, reporting, mod)
- [x] Modularize language.rs into 4 submodules (types, definitions, utilities, mod)
- [x] Modularize search.rs into 5 submodules (core, fuzzy, semantic, utilities, mod)
- [x] Extract command handlers from main.rs to commands/ module (search, analysis, graph, util)
- [x] Remove unsubstantiated performance claims from documentation
- [x] Ensure all key capabilities are exposed to MCP (9 tools total)
- [x] Verify code maintainability and testability standards
- [x] Implement all 7 graph analysis types:
- Abstract Syntax Tree (AST)
- Control Flow Graph (CFG)
- Data Flow Graph (DFG)
- Call Graph
- Dependency Graph (enhanced)
- Program Dependency Graph (PDG)
- Unified Graph (AST + CFG + DFG)
- [x] Add unified graph analysis interface
- [x] Add CLI commands for all graph types
- [x] Add DOT format export for visualization
- [x] Add 22 unit tests for graph modules
- [x] Implement design metrics module:
- Afferent Coupling (Ca)
- Efferent Coupling (Ce)
- Instability (I)
- Abstractness (A)
- Distance from Main Sequence (D)
- Package Cohesion (LCOM)
- [x] Add CLI command for design metrics analysis
- [x] Add 6 unit tests for design metrics
- [x] Implement comprehensive code metrics module:
- Cyclomatic Complexity
- Halstead Metrics (11 sub-metrics)
- Essential Complexity
- NPath Complexity
- Lines of Code (LOC, SLOC, LLOC)
- Code Density & Comment Ratio
- Maintainability Index (MI)
- Code Churn
- Depth of Inheritance Tree (DIT)
- Coupling Between Objects (CBO)
- Lack of Cohesion in Methods (LCOM)
- [x] Add CLI command for comprehensive metrics
- [x] Add 4 unit tests for code metrics
- [x] Add health scoring with CI/CD integration (--fail-under flag)
- [x] Add symbol finding (definition, references, callers)
- [x] Add security pattern scanning (eval, exec, SQL injection)
- [x] Code quality improvements (Jan 2026):
- Fixed 100+ clippy warnings across the codebase
- Removed useless comparisons in tests (>= 0 for unsigned types)
- Converted to inline format args for better readability
- Fixed never-looping for loops to use if-let patterns
- Replaced manual min/max with clamp() function
- Removed unused imports (VecDeque, Revwalk, graph types)
- Moved regex compilation outside loops for performance
- Improved code consistency and maintainability
- [x] Add trait abstractions (SearchEngine, Analyzer, GraphBuilder)
- [x] Add SearchOptions struct with builder pattern
- [x] Add custom error types (SearchError, AnalysisError, GraphError, RemoteError)
- [x] Add FileSystem trait for dependency injection
- [x] Add LRU cache wrapper with automatic eviction
- [x] Add pure functions for testing
- [x] Add property-based tests with proptest
- [x] Add integration test coverage
- [x] Add test coverage reporting with tarpaulin
## 🔄 In Progress
- None currently
## 📋 Planned
### Capability Redesign (from docs/CAPABILITY_REDESIGN.md)
**Differentiator:** "The local code lens for terminal users and AI agents"
- [x] **Phase 1: Consolidation** ✅
- [x] Add `codesearch health` (deadcode + duplicates + complexity)
- [x] Add `codesearch graph <cfg|dfg|dep|ast|pdg>` as unified entry point
- [x] Merge `metrics` into `analyze` (--metrics flag)
- [x] Deprecate `remote`, `design-metrics`, `graph-all`, `metrics`
- [x] **Phase 2: Structural Find** ✅
- [x] Implement `codesearch find <symbol>` (definition, references, callers)
- [x] Add `--type definition|callers|references`
- [x] JSON output for piping
- [x] **Phase 3: Health Scoring** ✅
- [x] Health score formula (0-100)
- [x] `--fail-under` for CI gates
- [x] Structured JSON output
- [x] **Phase 4: MCP Expansion** ✅
- [x] Add `find_symbol` MCP tool
- [x] Add `get_health` MCP tool
- [x] Update README: MCP first-class
### Maintainability Improvements (High Priority)
- [x] **Extract trait abstractions for core components** ✅ (Jan 2026)
- ✅ Created `SearchEngine` trait for different search strategies
- ✅ Created `Analyzer` trait for different analysis types
- ✅ Created `GraphBuilder` trait for graph construction
- ✅ Implemented `DefaultSearchEngine` wrapping existing search_code
- ✅ Added comprehensive documentation with examples
- ✅ Included mock implementations for testing
- Benefits: Better testability, easier to mock, clearer contracts
- [x] **Reduce function parameter counts** ✅ (Jan 2026)
- ~~`search_code()` has 13 parameters (limit: 7)~~
- ✅ Introduced `SearchOptions` struct to bundle related parameters
- ✅ Applied builder pattern with `with_*` methods
- ✅ Reduced `search_code()` from 13 parameters to 3 parameters
- ✅ Updated all 15+ call sites across the codebase
- ✅ All 232 tests pass
- [x] **Split large modules into focused sub-modules** ✅ (Jan 2026)
- ✅ Extracted command handlers from `main.rs` into `commands/` module
- ✅ Created 4 sub-modules: `search.rs`, `analysis.rs`, `graph.rs`, `util.rs`
- ✅ Reduced main.rs complexity by moving 200+ LOC to handlers
- ✅ Added comprehensive documentation to all handlers
- ✅ Included tests for each command handler
- Pattern: Follows `deadcode/`, `codemetrics/`, `search/` module structure
- [x] **Improve error handling consistency** ✅ (Jan 2026)
- ✅ Defined custom error types using `thiserror`
- ✅ Created 4 error enums: `SearchError`, `AnalysisError`, `GraphError`, `RemoteError`
- ✅ Added 8+ specific error variants per type
- ✅ Implemented error source chains for debugging
- ✅ Added automatic conversions from common error types
- ✅ Created comprehensive example in `examples/error_handling.rs`
- ✅ Documented error handling patterns with 5 examples
- Note: Full migration to custom errors is gradual (backward compatible)
- [x] **Add documentation for public APIs** ✅ (Jan 2026)
- ✅ Added comprehensive rustdoc to all command handlers
- ✅ Documented FileSystem trait with usage examples
- ✅ Added module-level documentation to commands/
- ✅ Included examples in all public function docs
- ✅ Created ARCHITECTURE.md and SPEC.md
- ✅ Ready for `cargo doc` generation
- Note: Ongoing - will continue adding docs to remaining modules
### Test-Friendliness Improvements (High Priority)
- [x] **Introduce dependency injection** ✅ (Jan 2026)
- ✅ Created `FileSystem` trait with 10 operations
- ✅ Implemented `RealFileSystem` for production use
- ✅ Implemented `MockFileSystem` for testing (in-memory)
- ✅ All traits are `Send + Sync` for thread safety
- ✅ Added comprehensive documentation and examples
- ✅ Included 5 tests demonstrating mock usage
- [x] **Extract testable pure functions** ✅ (Jan 2026)
- ✅ Created `search/pure.rs` module with pure functions
- ✅ Extracted `calculate_relevance_score_pure` (no I/O)
- ✅ Added `relevance_category`, `fuzzy_match_quality`, `should_include_line`
- ✅ All functions are independently testable
- ✅ Included 8 unit tests for pure functions
- [x] **Add property-based testing** ✅ (Jan 2026)
- ✅ Added `proptest` dependency to Cargo.toml
- ✅ Created `tests/proptest_search.rs` with 7 property tests
- ✅ Tests verify: no panics, query in results, max results respected
- ✅ Tests cover: fuzzy threshold, extension filters, empty queries
- ✅ Generates random inputs to find edge cases
- [x] **Improve test isolation** ✅ (Jan 2026)
- ✅ Created `tests/fixtures/mod.rs` with reusable fixtures
- ✅ Implemented `TestWorkspace` for temporary test directories
- ✅ Added sample code snippets (Rust, Python, JavaScript)
- ✅ All tests use `tempfile` for isolation
- ✅ No shared state between tests
- ✅ Included 4 tests for fixture functionality
- [x] **Add integration test coverage** ✅ (Jan 2026)
- ✅ Created `tests/integration_e2e.rs` with 25 end-to-end tests
- ✅ Created `tests/cross_file_tests.rs` with 11 cross-file tests
- ✅ Tests cover: search→export, multi-extension, fuzzy matching
- ✅ Tests analyze→search workflow, complexity analysis
- ✅ Tests deadcode detection, ranking, exclusions
- ✅ Tests case sensitivity, nested directories, empty dirs
- ✅ All tests use fixtures for isolation
- ✅ Total: 36 integration tests
- [x] **Add test coverage reporting** ✅ (Jan 2026)
- ✅ Added `tarpaulin` to dev-dependencies
- ✅ Created `tarpaulin.toml` configuration
- ✅ Set minimum coverage threshold at 70%
- ✅ Created GitHub Actions workflow for CI/CD
- ✅ Configured HTML, LCOV, and JSON output formats
- ✅ Excludes test files from coverage metrics
- ✅ Total: 232 tests (173 unit + 36 integration + 23 MCP)
### Performance Improvements (Medium Priority)
- [x] Add incremental indexing for large codebases
- [x] Implement file watching for real-time updates
- [x] Optimize memory usage for very large files
- [x] **Optimize hot paths** ✅ (Jan 2026)
- ✅ Added `criterion` for benchmarking
- ✅ Created `benches/search_benchmark.rs` with 6 benchmarks
- ✅ Created `benches/parser_benchmarks.rs` with parser benchmarks
- ✅ Benchmarks cover: small/medium searches, relevance scoring
- ✅ Benchmarks test fuzzy matching, pure functions
- ✅ Ready for profiling with `cargo bench`
- Note: Use `cargo flamegraph` for detailed profiling
- [ ] **Improve parallel processing**
- Tune rayon thread pool size based on workload
- Use work-stealing for better load balancing
- Consider async I/O for network operations (remote search)
- [x] **Enhance caching strategy** ✅ (Jan 2026)
- ✅ Implemented `LruCacheWrapper` in `cache_lru.rs`
- ✅ Thread-safe LRU cache with automatic eviction
- ✅ Prevents unbounded memory growth
- ✅ Configurable capacity
- ✅ Included 9 tests for LRU functionality
- ✅ Ready to replace simple cache in search module
- [ ] Pre-compile common patterns at startup
- [ ] Use `regex::RegexSet` for multiple pattern matching
- [ ] Consider using `aho-corasick` for literal string matching
- [ ] **Reduce memory allocations**
- Use string interning for repeated strings (file paths)
- Reuse buffers in hot loops
- Use `Cow<str>` to avoid unnecessary cloning
### Features
- [x] Add AST-based code analysis (beyond regex)
- [x] Add dependency graph analysis
- [x] Add support for git history search
- [x] Add support for searching in remote repositories
### User Experience
- [ ] Add search result preview pane
### Testing
- [x] Add MCP server integration tests (23 tests)
- [x] Add performance benchmarks (criterion)
- [ ] Add fuzz testing for edge cases
- [ ] Add more complex integration test scenarios
- [x] Add test coverage reporting (tarpaulin)
### Documentation
- [x] Add API documentation (rustdoc)
- [ ] Add more usage examples
- [ ] Add architecture decision records (ADRs)
## 🐛 Known Issues
- None currently
## 💡 Ideas for Future
### Architecture Evolution
- [ ] **Workspace crate structure** (for very large projects)
- Split into `codesearch-core`, `codesearch-cli`, `codesearch-mcp`
- Share common types via `codesearch-types` crate
- Benefits: Faster compilation, better modularity
- [ ] **Plugin system**
- Allow external search strategies via dynamic loading
- Custom analyzers for domain-specific languages
- Third-party graph visualizers
### Advanced Features
- [ ] Machine learning-based code pattern recognition
- [ ] Collaborative search patterns sharing
- [ ] Code search as a service (web API)
- [ ] Integration with code review tools
- [ ] Support for searching in binary files (with limits)
- [ ] Add support for searching in database schemas
- [ ] Add support for searching in configuration files
### Quality Metrics
- [ ] Track technical debt over time
- [ ] Code health dashboard
- [ ] Automated refactoring suggestions with diffs
### New Capability Categories (High Priority)
#### Code Smell Detection
- [ ] God object detection (classes with too many methods/responsibilities)
- [ ] Feature envy detection (methods using more data from other classes)
- [ ] Long parameter list detection (> 4 parameters)
- [ ] Divergent change detection (classes changed for different reasons)
- [ ] Shotgun surgery detection (single change requires many files)
- [ ] Inappropriate intimacy detection (classes too tightly coupled)
- [ ] Data clumps detection (groups of parameters that always appear together)
- [ ] Primitive obsession detection (overuse of primitive types instead of domain objects)
#### Architecture-Level Analysis
- [ ] Layer violation detection (UI calling database directly)
- [ ] Architecture module dependency cycles
- [ ] Module stability analysis (abstractness vs instability)
- [ ] Architecture compliance checking
- [ ] Module responsibility analysis (single responsibility principle)
- [ ] Dependency direction verification (clean architecture)
- [ ] Hexagonal architecture compliance
- [ ] Onion architecture layer violations
#### Code Churn & Evolution Analysis
- [ ] Hotspot detection (frequently changed files)
- [ ] Code age analysis (when was code last modified)
- [ ] Author attribution and code ownership
- [ ] Change frequency metrics
- [ ] Risk assessment based on churn + complexity
- [ ] Code decay tracking (modules getting worse over time)
- [ ] Bug-inducing changes detection
- [ ] Refactoring frequency analysis
#### Enhanced Security Analysis
- [ ] Hardcoded secrets detection (API keys, passwords, tokens)
- [ ] Weak cryptography detection (MD5, SHA1, DES)
- [ ] Input validation missing detection
- [ ] Output encoding issues (XSS vulnerabilities)
- [ ] Authentication/authorization pattern analysis
- [ ] SQL injection vulnerability detection beyond simple patterns
- [ ] Command injection detection
- [ ] Path traversal detection
- [ ] Insecure random number generation
- [ ] TLS/SSL misconfiguration detection
#### Refactoring Automation
- [ ] Automated refactoring script generation
- [ ] Safe rename operations with cross-file references
- [ ] Extract method suggestions with diff preview
- [ ] Inline variable detection and suggestions
- [ ] Replace magic numbers with constants
- [ ] Introduce parameter object suggestions
- [ ] Decompose conditional suggestions
- [ ] Consolidate duplicate conditional fragments
#### Test Coverage & Quality
- [ ] Test coverage integration (external tools coverage data)
- [ ] Untested code identification and prioritization
- [ ] Test smell detection (brittle, slow, fragile tests)
- [ ] Code-to-test ratio tracking
- [ ] Test duplication detection
- [ ] Missing test case suggestions (based on branches)
- [ ] Test isolation issues detection
- [ ] Mock overuse detection
#### Documentation Quality
- [ ] Missing documentation detection (public APIs without docs)
- [ ] Outdated doc comment detection (code changed but docs not)
- [ ] Documentation coverage metrics
- [ ] Inline code comment analysis (too many vs too few)
- [ ] Documentation consistency checking
- [ ] Example code in docs verification
- [ ] API documentation completeness
#### Performance Profiling
- [ ] Hot path identification in code
- [ ] Algorithm complexity analysis (Big-O estimation)
- [ ] Memory usage pattern detection
- [ ] I/O operation bottleneck detection
- [ ] N+1 query pattern detection
- [ ] Inefficient loop detection
- [ ] Unnecessary allocations detection
- [ ] String concatenation in loops detection
- [ ] Database query optimization suggestions
#### Advanced Code Similarity
- [ ] Semantic similarity detection (same logic, different implementation)
- [ ] Structural pattern matching (code shape similarity)
- [ ] Code clone variant detection (Type III/IV clones)
- [ ] Refactoring pattern recognition
- [ ] Cross-language code similarity
- [ ] Idiomatic vs non-idiomatic code detection
#### Dependency Management
- [ ] Outdated dependency detection (Cargo.toml, package.json, requirements.txt)
- [ ] Security vulnerability scanning in dependencies
- [ ] Unused dependency identification
- [ ] Dependency version conflict analysis
- [ ] License compliance checking
- [ ] Dependency tree visualization
- [ ] Dependency update impact analysis
#### API Contract Analysis
- [ ] API contract verification (interface compliance)
- [ ] Breaking change detection in public APIs
- [ ] API version compatibility checking
- [ ] Interface usage pattern analysis
- [ ] API deprecation tracking and warnings
- [ ] REST API compliance (RESTful principles)
- [ ] GraphQL schema analysis
- [ ] OpenAPI/Swagger validation
#### Concurrency & Async Analysis
- [ ] Deadlock risk detection in concurrent code
- [ ] Race condition vulnerability analysis
- [ ] Async/await pattern evaluation
- [ ] Thread safety verification
- [ ] Concurrency design pattern detection
- [ ] Lock ordering analysis
- [ ] Async cancellation safety checking
- [ ] Actor model pattern detection
#### Configuration & Infrastructure Analysis
- [ ] Configuration file validation (YAML, TOML, JSON, INI)
- [ ] Environment variable usage analysis
- [ ] Configuration drift detection
- [ ] Dockerfile best practices checking
- [ ] Kubernetes configuration analysis
- [ ] CI/CD pipeline analysis
- [ ] Infrastructure as code validation
- [ ] Secret management verification
#### Database & Data Analysis
- [ ] Database schema search (table definitions, relationships)
- [ ] SQL query analysis (performance, anti-patterns)
- [ ] ORM usage patterns (N+1 queries, eager/lazy loading)
- [ ] Database migration analysis
- [ ] Data model consistency checking
- [ ] Index usage optimization suggestions
- [ ] Database connection pool analysis
#### Developer Experience
- [ ] Interactive TUI mode with keyboard navigation
- [ ] Search result preview with syntax highlighting
- [ ] Code navigation (jump to definition)
- [ ] Multi-file search result aggregation
- [ ] Search history and favorites
- [ ] Custom search presets/saved searches
- [ ] Integration with popular editors (VS Code, Vim, Emacs)
- [ ] Desktop notification support
#### AI & ML Integration
- [ ] Natural language code search (describe what you want)
- [ ] Code summarization (generate summaries of functions/files)
- [ ] Bug prediction based on code patterns
- [ ] Code review automation suggestions
- [ ] Documentation generation from code
- [ ] Test case generation suggestions
- [ ] Refactoring recommendation ranking by impact
#### Codebase Intelligence
- [ ] Knowledge graph generation (entities, relationships)
- [ ] Impact analysis (what breaks if I change this?)
- [ ] Root cause analysis suggestions
- [ ] Code pattern library and detection
- [ ] Domain-specific pattern recognition
- [ ] Business logic extraction
- [ ] Entity relationship mapping
#### Compliance & Standards
- [ ] Code style enforcement beyond linting
- [ ] Naming convention checking
- [ ] Error handling pattern verification
- [ ] Logging best practices checking
- [ ] Security compliance (OWASP, SOC2 patterns)
- [ ] Accessibility patterns (for frontend code)
- [ ] GDPR/privacy compliance checking
#### Monitoring & Observability
- [ ] Logging statement analysis (coverage, quality)
- [ ] Metrics collection verification
- [ ] Distributed tracing setup detection
- [ ] Error handling observability
- [ ] Health check endpoint verification
- [ ] Performance monitoring integration
#### Legacy Code Analysis
- [ ] Legacy code identification criteria
- [ ] Refactoring priority scoring
- [ ] Test coverage gaps in legacy code
- [ ] Complexity hotspots in legacy systems
- [ ] Dead code in legacy modules
- [ ] Modernization suggestions
### Medium Priority Implementations
#### Code Visualization
- [ ] Interactive code graph visualization (web UI)
- [ ] Heatmap visualization for code complexity
- [ ] Treemap for codebase size distribution
- [ ] Dependency graph interactive exploration
- [ ] Code churn timeline visualization
- [ ] Contributor activity graphs
#### Search Enhancements
- [ ] Context-aware search (search in specific scopes)
- [ ] Type-aware search (search by type signatures)
- [ ] Behavioral search (search by what code does)
- [ ] Time-based search (code changed in date range)
- [ ] Author-based search (find all code by author)
- [ ] Semantic code search (find similar logic, not just text)
#### Export & Integration
- [ ] Export to JIRA (create issues from findings)
- [ ] Export to SonarQube format
- [ ] Export to CodeClimate format
- - Export to GitHub Code Scanning (SARIF)
- [ ] Integration with GitHub Actions workflows
- [ ] Integration with GitLab CI/CD
- [ ] Integration with Jenkins pipelines
- [ ] Slack/Teams notifications for findings
### Low Priority / Future Research
- [ ] Machine learning-based anomaly detection
- [ ] Collaborative search patterns sharing platform
- [ ] Code search as a SaaS web API
- [ ] Browser-based code search UI
- [ ] Mobile app for code review on-the-go
- [ ] Integration with code review tools (GitHub PR, GitLab MR)
- [ ] Support for searching in compiled binaries (decompilation)
- [ ] Database schema reverse engineering
- [ ] Real-time collaborative code analysis
- [ ] Blockchain-based code provenance tracking