Skip to content

Code Metrics

Generated: 2026-06-03 21:37 UTC

Lines of Code

Files Code Comment Blank Total
Source 55 6 658 2 099 740 9 497
Tests 98 15 167 1 860 2 146 19 173
Combined 153 21 825 3 959 2 886 28 670
  • Comment/code ratio: 32%
  • Test/source ratio: 227.8%
Source by module (click to expand)
Module Files Code Comment Blank
terok_shield/ 55 6 658 2 099 740
terok_shield/cli/ 3 473 64 48
terok_shield/cli/__main__.py 8 11 2
terok_shield/cli/main.py 465 44 45
terok_shield/dns/ 4 308 197 50
terok_shield/dns/apparmor.py 31 33 4
terok_shield/dns/dnsmasq.py 209 109 26
terok_shield/dns/resolver.py 68 47 19
terok_shield/hooks/ 4 829 257 82
terok_shield/hooks/install.py 276 46 33
terok_shield/hooks/mode.py 530 184 44
terok_shield/hooks/reader_install.py 23 19 4
terok_shield/nft/ 3 544 160 53
terok_shield/nft/constants.py 28 32 12
terok_shield/nft/rules.py 516 120 40
terok_shield/podman_info/ 5 174 145 38
terok_shield/podman_info/__init__.py 20 15 3
terok_shield/podman_info/_conf.py 13 13 1
terok_shield/podman_info/hooks_dir.py 42 38 4
terok_shield/podman_info/info.py 59 55 19
terok_shield/podman_info/network.py 40 24 11
terok_shield/resources/ 13 1 910 425 175
terok_shield/resources/dns/ 7 101 3 24
terok_shield/resources/_oci_state.py 388 122 36
terok_shield/resources/nflog_reader.py 872 150 48
terok_shield/resources/nft_hook.py 141 85 35
terok_shield/resources/reader_hook.py 267 44 23
terok_shield/resources/shield_probe.py 141 18 8
terok_shield/watchers/ 6 355 146 50
terok_shield/watchers/__init__.py 12 14 3
terok_shield/watchers/_event.py 29 17 7
terok_shield/watchers/audit_log.py 41 16 9
terok_shield/watchers/dns_log.py 64 26 16
terok_shield/watchers/domain_cache.py 20 17 9
terok_shield/watchers/nflog.py 189 56 6
terok_shield/__init__.py 392 95 26
terok_shield/_hub_events.py 110 41 6
terok_shield/_wire_sanitize.py 41 23 6
terok_shield/audit.py 50 37 12
terok_shield/commands.py 341 29 9
terok_shield/config.py 154 76 31
terok_shield/container.py 86 36 5
terok_shield/paths.py 28 20 3
terok_shield/prereqs.py 29 50 16
terok_shield/profiles.py 44 39 13
terok_shield/run.py 240 21 10
terok_shield/simple_clearance.py 238 47 38
terok_shield/state.py 176 89 15
terok_shield/subprocess_env.py 15 15 2
terok_shield/util.py 21 6 8
terok_shield/validation.py 22 37 13
terok_shield/watch.py 78 44 31

Architecture

Module Dependency Graph

graph TD
    terok_shield.podman_info --> terok_shield.nft.constants
    terok_shield.state --> terok_shield.paths
    terok_shield._hub_events --> terok_shield._wire_sanitize
    terok_shield._hub_events --> terok_shield.validation
    terok_shield.dns.apparmor --> terok_shield.dns.dnsmasq
    terok_shield.hooks.install --> terok_shield.hooks.reader_install
    terok_shield.hooks.mode --> terok_shield.dns.apparmor
    terok_shield.hooks.mode --> terok_shield.dns.dnsmasq
    terok_shield.hooks.mode --> terok_shield.hooks.install
    terok_shield.hooks.mode --> terok_shield.nft.rules
    terok_shield --> terok_shield.audit
    terok_shield --> terok_shield.profiles
    terok_shield --> terok_shield.watchers
    terok_shield.config
    terok_shield.util
    terok_shield.validation
    terok_shield.paths
    terok_shield.run
    terok_shield.prereqs
    terok_shield._wire_sanitize
    terok_shield.nft
    terok_shield.nft.constants
    terok_shield.nft.rules
    terok_shield.dns
    terok_shield.dns.resolver
    terok_shield.dns.dnsmasq
    terok_shield.hooks
    terok_shield.hooks.reader_install
    terok_shield.audit
    terok_shield.profiles
    terok_shield.watchers
    terok_shield.cli

Module Boundaries

26 modules, 13 dependency edges — all boundaries validated.

Module Summary

26 modules (click to expand)
Module Deps Description
terok_shield.config 0
terok_shield.util 0
terok_shield.validation 0
terok_shield.podman_info 1
terok_shield.state 1 Per-container state bundle layout — imports host-wide path constants
terok_shield.paths 0 Host-wide filesystem paths (reader script, hook entrypoint filename)
terok_shield.run 0 Subprocess helpers — zero internal deps
terok_shield.prereqs 0 higher layers (terok-sandbox aggregator, operator diagnostics)
terok_shield._hub_events 2 Hub event emitter — stdlib-only client for the terok-clearance unix ingester
terok_shield._wire_sanitize 0 bypasses the package) can mirror the function inline.
terok_shield.nft 0 nft domain package
terok_shield.nft.constants 0 Security boundary — literals only, no dependencies
terok_shield.nft.rules 0 Security boundary — only stdlib + nft.constants
terok_shield.dns 0 dns domain package
terok_shield.dns.resolver 0 DNS resolution and caching
terok_shield.dns.dnsmasq 0 dnsmasq lifecycle — config generation, launch, cleanup
terok_shield.dns.apparmor 1 AppArmor confinement probe + dnsmasq-tier selection
terok_shield.hooks 0 hooks domain package
terok_shield.hooks.install 1 the OCI hook needs (entrypoint, both hook-JSON pairs, reader script).
terok_shield.hooks.reader_install 0 NFLOG reader resource installer
terok_shield.hooks.mode 4 Hook mode — OCI hooks, per-container netns
terok_shield.audit 0 Audit logging — no internal deps
terok_shield.profiles 0 Profile loading
terok_shield.watchers 0 Watchers — event-stream classes
terok_shield 3 Package root — public API facade
terok_shield.cli 0

Test Coverage

Overall line coverage: 99.5% (3489/3505 statements).

Each rectangle is a source file. Area is proportional to the number of statements; colour encodes the coverage percentage (green = fully covered, red = uncovered). Files are grouped by the first 3 directory levels.

Cognitive Complexity

Threshold: 15 (functions above this are listed below)

Warning

complexipy cache not found — skipping complexity report.

Dead Code Analysis

No dead code found at 80% confidence threshold.

Docstring Coverage

  • Needed: 16; Found: 14; Missing: 2; Coverage: 87.5%
  • Needed: 492 - Found: 490 - Missing: 2
  • Total coverage: 99.6% - Grade: Excellent

Generated by scc, complexipy, vulture, tach, and docstr-coverage.