Code Quality Report¶

Generated: 2026-04-05 07:31 UTC

Lines of Code¶

	Files	Code	Comment	Blank	Total
Source	40	5 118	1 463	618	7 199
Tests	84	12 666	1 697	2 153	16 516
Combined	124	17 784	3 160	2 771	23 715

Comment/code ratio: 29%
Test/source ratio: 247.5%

Source by module (click to expand)

Module	Files	Code	Comment	Blank
`terok_shield/`	40	5 118	1 463	618
`terok_shield/cli/`	6	1 511	207	126
`terok_shield/cli/dbus_bridge.py`	—	39	23	16
`terok_shield/cli/interactive.py`	—	604	67	24
`terok_shield/cli/main.py`	—	465	50	41
`terok_shield/cli/registry.py`	—	325	14	13
`terok_shield/cli/watch.py`	—	78	44	31
`terok_shield/common/`	5	305	203	117
`terok_shield/common/config.py`	—	115	72	49
`terok_shield/common/podman_info.py`	—	152	96	49
`terok_shield/common/util.py`	—	21	6	8
`terok_shield/common/validation.py`	—	17	21	10
`terok_shield/core/`	9	1 707	667	214
`terok_shield/core/dns.py`	—	67	46	19
`terok_shield/core/dnsmasq.py`	—	249	134	27
`terok_shield/core/hook_install.py`	—	58	57	24
`terok_shield/core/mode_hook.py`	—	519	136	15
`terok_shield/core/nft.py`	—	464	135	55
`terok_shield/core/nft_constants.py`	—	24	25	12
`terok_shield/core/run.py`	—	240	20	10
`terok_shield/core/state.py`	—	86	105	51
`terok_shield/lib/`	10	742	251	81
`terok_shield/lib/watchers/`	6	343	138	49
`terok_shield/lib/watchers/__init__.py`	—	12	14	3
`terok_shield/lib/watchers/_event.py`	—	22	10	6
`terok_shield/lib/watchers/audit_log.py`	—	41	16	9
`terok_shield/lib/watchers/dns_log.py`	—	64	26	16
`terok_shield/lib/watchers/domain_cache.py`	—	20	17	9
`terok_shield/lib/watchers/nflog.py`	—	184	55	6
`terok_shield/lib/audit.py`	—	50	36	12
`terok_shield/lib/dbus_bridge.py`	—	305	31	6
`terok_shield/lib/profiles.py`	—	44	38	13
`terok_shield/resources/`	9	538	62	39
`terok_shield/resources/dns/`	6	78	3	22
`terok_shield/resources/hook_entrypoint.py`	—	322	38	8
`terok_shield/resources/shield_probe.py`	—	138	18	8
`terok_shield/__init__.py`	—	315	73	41

Architecture¶

Module Dependency Graph¶

graph TD
    terok_shield.core.nft --> terok_shield.core.nft_constants
    terok_shield.core.dns --> terok_shield.core.run
    terok_shield.core.dnsmasq --> terok_shield.core.nft_constants
    terok_shield.core.dnsmasq --> terok_shield.core.run
    terok_shield.core.dnsmasq --> terok_shield.core.state
    terok_shield.core.mode_hook --> terok_shield.core.dnsmasq
    terok_shield.core.mode_hook --> terok_shield.core.hook_install
    terok_shield.core.mode_hook --> terok_shield.core.nft
    terok_shield.core.mode_hook --> terok_shield.core.nft_constants
    terok_shield.core.mode_hook --> terok_shield.core.run
    terok_shield.core.mode_hook --> terok_shield.core.state
    terok_shield --> terok_shield.lib.audit
    terok_shield --> terok_shield.lib.profiles
    terok_shield.cli --> terok_shield.cli.dbus_bridge
    terok_shield.common
    terok_shield.common.config
    terok_shield.common.util
    terok_shield.common.validation
    terok_shield.common.podman_info
    terok_shield.core
    terok_shield.core.nft_constants
    terok_shield.core.state
    terok_shield.core.run
    terok_shield.core.hook_install
    terok_shield.lib
    terok_shield.lib.audit
    terok_shield.lib.profiles
    terok_shield.lib.watchers
    terok_shield.lib.dbus_bridge
    terok_shield.cli.dbus_bridge

Module Boundaries¶

22 modules, 14 dependency edges — all boundaries validated.

Module Summary¶

22 modules (click to expand)

Module	Deps	Description
`terok_shield.common`	0
`terok_shield.common.config`	0
`terok_shield.common.util`	0
`terok_shield.common.validation`	0
`terok_shield.common.podman_info`	0
`terok_shield.core`	0
`terok_shield.core.nft_constants`	0	Security boundary — literals only, no dependencies
`terok_shield.core.nft`	1	Security boundary — only stdlib + nft_constants
`terok_shield.core.state`	0	Per-container state bundle layout — zero internal deps
`terok_shield.core.run`	0	Subprocess helpers — zero internal deps
`terok_shield.core.dns`	1	DNS resolution and caching
`terok_shield.core.dnsmasq`	3	dnsmasq lifecycle — config generation, launch, cleanup
`terok_shield.core.hook_install`	0	Hook file generation and installation — no same-layer deps
`terok_shield.core.mode_hook`	6	Hook mode — OCI hooks, per-container netns
`terok_shield.lib`	0
`terok_shield.lib.audit`	0	Audit logging — no internal deps
`terok_shield.lib.profiles`	0	Profile loading
`terok_shield.lib.watchers`	0	Watchers — library-level event-stream classes
`terok_shield.lib.dbus_bridge`	0	D-Bus bridge — optional, requires dbus-fast + terok-dbus
`terok_shield`	2	Package root — public API facade
`terok_shield.cli`	1
`terok_shield.cli.dbus_bridge`	0	D-Bus bridge CLI entry point

Test Coverage¶

Coverage is collected from unit tests in CI and uploaded to Codecov.

Coverage Treemap¶

Each rectangle represents a source file. Size is proportional to the number of lines; colour shows the coverage percentage (green = high, red = low).

Cognitive Complexity¶

Threshold: 15 (functions above this are listed below)

Functions analyzed: 326
Median complexity: 1.0 · Average: 2.6 · Max: 22
Within threshold (15): 100% (325/326)

    0–  3 │ ██████████████████████████████ 231 (70.9%)
    4–  6 │ ████████                        60 (18.4%)
    7–  9 │ ██                              15 ( 4.6%)
   10– 12 │ ██                              14 ( 4.3%)
   13– 15 │ █                                5 ( 1.5%) ◄ threshold
   16– 18 │                                  0 ( 0.0%)
   19– 21 │                                  0 ( 0.0%)
   22– 25 │                                  1 ( 0.3%)

1 functions exceeding threshold:

Complexity	Function	File
22	`main`	`src/terok_shield/resources/hook_entrypoint.py`

Dead Code Analysis¶

No dead code found at 80% confidence threshold.

Docstring Coverage¶

Needed: 400 - Found: 400 - Missing: 0
Total coverage: 100.0% - Grade: AMAZING! Your docstrings are truly a wonder to behold!

Generated by scc, complexipy, vulture, tach, and docstr-coverage.