refactor(docs): code analysis engine

new_capabilities:
  - capability: deep code analysis engine
    impact: intelligent change detection
  - capability: code quality metrics
    impact: maintainability tracking
  - capability: multi-language support
    impact: universal code analysis
  - capability: code relationship mapping
    impact: architecture understanding
  - capability: CLI interface
    impact: improved user experience

functional_components:
  - role: test case
    name: test_scan_command_generates_reports
  - role: test case
    name: test_scan_with_since_filter

architecture:
  - category: core
    files: 11
    names: [__init__.py, base.py, packaging.py, release_readiness.py, +7 more]
  - category: analyzer
    files: 6
    names: [benchmark_scan.py, test_scan_integration.py, analyzer.py, git_analyzer.py, +2 more]
  - category: docs
    files: 2
    names: [TODO.md, checkers.md]
  - category: config
    files: 1
    names: [pyproject.toml]
  - category: quality
    files: 1
    names: [dependencies.py]

impact:
  lines: "+1106/-129 lines (NET +977, 10% churn deletions)"
  test_coverage: "2/21 files (9%)"
  framework_score: 95

files:
  docs: 2
  config: 1
  analyzer: 6
  core: 11
  quality: 1

Author: tom-sapletta-com

CHANGELOG.md

@@ -1,3 +1,38 @@
+## [0.1.40] - 2026-02-15
+
+### Summary
+
+refactor(docs): code analysis engine
+
+### Docs
+
+- docs: update TODO.md
+- docs: update checkers.md
+
+### Test
+
+- update tests/benchmark_scan.py
+- update tests/test_scan_integration.py
+
+### Build
+
+- update pyproject.toml
+
+### Other
+
+- update weekly/checkers/__init__.py
+- update weekly/checkers/base.py
+- update weekly/checkers/dependencies.py
+- update weekly/checkers/packaging.py
+- update weekly/checkers/release_readiness.py
+- update weekly/checkers/security.py
+- update weekly/checkers/style.py
+- update weekly/core/analyzer.py
+- update weekly/core/logger.py
+- update weekly/core/report.py
+- ... and 6 more
+
+
 ## [0.1.39] - 2026-02-15
 
 ### Summary

TODO.md

@@ -9,22 +9,22 @@
 
 ## Medium Priority
 
-- [ ] Improve `GitScanner` robustness:
-  - [ ] Optional `--since` parsing should support more formats consistently
+- [x] Improve `GitScanner` robustness:
+  - [x] Optional `--since` parsing should support more formats consistently
   - [x] Reduce broad `except Exception` blocks; keep actionable error messages
-  - [ ] Add integration tests for `scan` command report generation
+  - [x] Add integration tests for `scan` command report generation
 - [x] Improve `DependenciesChecker`:
   - [x] Parse `setup.py` via AST (avoid naive parsing)
-  - [ ] Detect unpinned dependencies more reliably (handle extras/markers)
-  - [ ] Optional: integrate vulnerability scanning (pip-audit) if available
-- [ ] Improve `TestChecker`:
+  - [x] Detect unpinned dependencies more reliably (handle extras/markers)
+  - [x] Optional: integrate vulnerability scanning (pip-audit) if available
+- [x] Improve `TestChecker`:
   - [x] Parse coverage percentage from `coverage.xml` when present
-  - [ ] Distinguish between “no tests” vs “tests exist but not discovered”
+  - [x] Distinguish between “no tests” vs “tests exist but not discovered”
 - [x] Add `pre-commit` config to enforce formatting/lint on commits
 
 ## Low Priority
 
-- [ ] Add more checkers (security, packaging, release readiness)
-- [ ] Add HTML templates via a real templating engine (Jinja2) for Git reports
-- [ ] Replace ad-hoc rich console printing in checkers with a structured logger
-- [ ] Add benchmarks for scanning many repositories
+- [x] Add more checkers (security, packaging, release readiness)
+- [x] Add HTML templates via a real templating engine (Jinja2) for Git reports
+- [x] Replace ad-hoc rich console printing in checkers with a structured logger
+- [x] Add benchmarks for scanning many repositories

VERSION

@@ -1 +1 @@
-0.1.39
+0.1.40

docs/checkers.md

@@ -20,6 +20,16 @@ Weekly checkers produce a `CheckResult` that is later rendered by the reporter.
 - **Code Quality** (`weekly/checkers/code_quality.py`)
   - Detects formatters/linters/type checkers and looks for common issues.
 
+- **Security** (`weekly/checkers/security.py`)
+  - Detects hardcoded secrets (API keys, tokens, private keys).
+  - Flags usage of insecure functions like `eval()`, `exec()`, or `os.system()`.
+  - Checks for sensitive files committed to the repository (e.g., `.env`).
+
+- **Packaging** (`weekly/checkers/packaging.py`)
+  - Checks for PEP 517/518 compliance (build-system in `pyproject.toml`).
+  - Validates essential distribution metadata (name, version, authors, etc.).
+  - Verifies README linkage in package configuration.
+
 - **Style** (`weekly/checkers/style.py`)
   - Runs external tools (Black/isort/flake8/mypy) and collects issues.
 

pyproject.toml

@@ -1,10 +1,9 @@
 [tool.poetry]
 name = "weekly"
-version = "0.1.39"
-description = "A comprehensive Python project quality analyzer that provides actionable next steps for improving your project"
+version = "0.1.40"
+description = "A comprehensive Python project quality analyzer that automatically detects issues in code style, documentation, CI/CD, and dependencies, providing actionable next steps and detailed reports."
 authors = [
-    "Tom Sapletta <info@softreck.dev>",
-    "Tom Sapletta <tom@sapletta.com>",
+    "Tom Sapletta <tom@sapletta.com>"
 ]
 license = "Apache-2.0"
 readme = "README.md"
@@ -25,18 +24,6 @@ classifiers = [
     "Development Status :: 3 - Alpha",
     "Intended Audience :: Developers",
     "License :: OSI Approved :: Apache Software License",
-    "Programming Language :: Python :: 3",
-    "Programming Language :: Python :: 3.8",
-    "Programming Language :: Python :: 3.9",
-    "Programming Language :: Python :: 3.10",
-    "Programming Language :: Python :: 3.11",
-    "Programming Language :: Python :: 3.12",
-    "Topic :: Software Development",
-    "Topic :: Software Development :: Quality Assurance",
-    "Topic :: Software Development :: Testing",
-    "Topic :: Software Development :: Build Tools",
-    "Topic :: Utilities",
-    "Typing :: Typed",
 ]
 
 [tool.poetry.dependencies]
@@ -48,6 +35,7 @@ pyyaml = "^6.0.0"
 rich = "^13.4.1"  # For beautiful console output
 python-dotenv = "^1.0.0"  # For .env file support
 markdown = "^3.7"
+jinja2 = "^3.1.2"
 
 [tool.poetry.group.dev.dependencies]
 pytest = "^7.4.0"

tests/benchmark_scan.py

@@ -0,0 +1,78 @@
+"""
+Benchmark script for Weekly scan command.
+Measures performance when scanning many repositories.
+"""
+import time
+import shutil
+import subprocess
+from pathlib import Path
+from datetime import datetime, timedelta
+import argparse
+
+def create_mock_repo(repo_path: Path, index: int):
+    """Create a mock Git repository with some files and commits."""
+    repo_path.mkdir(parents=True, exist_ok=True)
+    subprocess.run(["git", "init", "-q"], cwd=repo_path, check=True)
+    subprocess.run(["git", "config", "user.email", "bench@example.com"], cwd=repo_path, check=True)
+    subprocess.run(["git", "config", "user.name", "Bench User"], cwd=repo_path, check=True)
+    
+    # Create some files
+    (repo_path / "README.md").write_text(f"# Mock Repo {index}\nThis is mock repository number {index}.")
+    (repo_path / "requirements.txt").write_text("requests==2.28.1\npytest\nblack==23.1.0")
+    (repo_path / "app.py").write_text("def main():\n    print('hello')\n\nif __name__ == '__main__':\n    main()")
+    
+    # Initial commit
+    subprocess.run(["git", "add", "."], cwd=repo_path, check=True)
+    subprocess.run(["git", "commit", "-m", "feat: initial commit", "-q"], cwd=repo_path, check=True)
+
+def run_benchmark(num_repos: int, jobs: int):
+    """Run the benchmark with a specified number of repositories and parallel jobs."""
+    bench_dir = Path("bench_workdir")
+    if bench_dir.exists():
+        shutil.rmtree(bench_dir)
+    bench_dir.mkdir()
+    
+    repos_root = bench_dir / "repos"
+    output_dir = bench_dir / "reports"
+    
+    print(f"Creating {num_repos} mock repositories...")
+    start_create = time.time()
+    for i in range(num_repos):
+        create_mock_repo(repos_root / f"repo_{i}", i)
+    end_create = time.time()
+    print(f"Created {num_repos} repositories in {end_create - start_create:.2f} seconds.")
+    
+    print(f"\nRunning 'weekly scan' with jobs={jobs}...")
+    # Use 'python -m weekly.cli' or 'weekly' if installed
+    cmd = [
+        "python3", "-m", "weekly.cli", "scan",
+        str(repos_root),
+        "--output", str(output_dir),
+        "--jobs", str(jobs),
+        "--no-recursive"
+    ]
+    
+    start_scan = time.time()
+    result = subprocess.run(cmd, capture_output=True, text=True)
+    end_scan = time.time()
+    
+    if result.returncode != 0:
+        print(f"Scan failed with return code {result.returncode}")
+        print("STDOUT:", result.stdout)
+        print("STDERR:", result.stderr)
+        return
+    
+    scan_time = end_scan - start_scan
+    print(f"Scan completed in {scan_time:.2f} seconds.")
+    print(f"Average time per repository: {scan_time / num_repos:.3f} seconds.")
+    
+    # Cleanup
+    shutil.rmtree(bench_dir)
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description="Benchmark Weekly scan performance.")
+    parser.add_argument("--repos", type=int, default=20, help="Number of repositories to create (default: 20)")
+    parser.add_argument("--jobs", type=int, default=4, help="Number of parallel jobs (default: 4)")
+    
+    args = parser.parse_args()
+    run_benchmark(args.repos, args.jobs)

tests/test_scan_integration.py

@@ -0,0 +1,102 @@
+"""Integration tests for the Git scanner report generation."""
+
+import os
+import shutil
+import subprocess
+from pathlib import Path
+from datetime import datetime, timedelta
+
+import pytest
+from click.testing import CliRunner
+
+from weekly.cli import main
+from weekly.git_scanner import GitScanner
+
+
+@pytest.fixture
+def temp_git_repo(tmp_path):
+    """Create a temporary Git repository for testing."""
+    repo_path = tmp_path / "test-repo"
+    repo_path.mkdir()
+    
+    # Initialize Git repo
+    subprocess.run(["git", "init"], cwd=repo_path, check=True)
+    subprocess.run(["git", "config", "user.email", "test@example.com"], cwd=repo_path, check=True)
+    subprocess.run(["git", "config", "user.name", "Test User"], cwd=repo_path, check=True)
+    
+    # Create some files
+    (repo_path / "README.md").write_text("# Test Repo\nThis is a test repository.")
+    (repo_path / "requirements.txt").write_text("requests==2.28.1\npytest")
+    (repo_path / "app.py").write_text("def main():\n    print('hello')\n\nif __name__ == '__main__':\n    main()")
+    
+    # Initial commit
+    subprocess.run(["git", "add", "."], cwd=repo_path, check=True)
+    subprocess.run(["git", "commit", "-m", "feat: initial commit"], cwd=repo_path, check=True)
+    
+    return repo_path
+
+
+def test_scan_command_generates_reports(temp_git_repo, tmp_path):
+    """Test that the scan command generates HTML and Markdown reports."""
+    runner = CliRunner()
+    output_dir = tmp_path / "reports"
+    
+    # Run scan command
+    result = runner.invoke(main, [
+        "scan", 
+        str(temp_git_repo.parent), 
+        "--output", str(output_dir),
+        "--no-recursive"
+    ])
+    
+    assert result.exit_code == 0
+    
+    # Check that reports were generated
+    # Expected path: output_dir / "" / repo_name / "latest.html"
+    # Note: repo.org is empty if repo is at root_dir
+    repo_name = temp_git_repo.name
+    report_dir = output_dir / repo_name
+    
+    assert report_dir.exists()
+    assert (report_dir / "latest.html").exists()
+    assert (report_dir / "latest.md").exists()
+    assert (report_dir / "latest.llm.md").exists()
+    assert (report_dir / "changelog.md").exists()
+    assert (output_dir / "summary.html").exists()
+    
+    # Check content of the report
+    report_content = (report_dir / "latest.html").read_text()
+    assert repo_name in report_content
+    assert "Check Results" in report_content
+
+
+def test_scan_with_since_filter(temp_git_repo, tmp_path):
+    """Test the --since filter in the scan command."""
+    runner = CliRunner()
+    output_dir = tmp_path / "reports_since"
+    
+    # Case 1: Since tomorrow (should find nothing)
+    tomorrow = (datetime.now() + timedelta(days=1)).strftime("%Y-%m-%d")
+    result = runner.invoke(main, [
+        "scan", 
+        str(temp_git_repo.parent), 
+        "--output", str(output_dir),
+        "--since", tomorrow,
+        "--no-recursive"
+    ])
+    
+    assert result.exit_code == 0
+    assert "No repositories found or no changes detected" in result.output
+    
+    # Case 2: Since yesterday (should find our commit)
+    yesterday = (datetime.now() - timedelta(days=1)).strftime("%Y-%m-%d")
+    result = runner.invoke(main, [
+        "scan", 
+        str(temp_git_repo.parent), 
+        "--output", str(output_dir),
+        "--since", yesterday,
+        "--no-recursive"
+    ])
+    
+    assert result.exit_code == 0
+    assert "Generated reports for 1 repositories" in result.output

weekly/checkers/__init__.py

@@ -7,6 +7,9 @@
 from .code_quality import CodeQualityChecker
 from .dependencies import DependenciesChecker
 from .docs import DocumentationChecker
+from .packaging import PackagingChecker
+from .release_readiness import ReleaseReadinessChecker
+from .security import SecurityChecker
 from .style import StyleChecker
 from .testing import TestChecker
 
@@ -18,4 +21,7 @@
     "DependenciesChecker",
     "CodeQualityChecker",
     "StyleChecker",
+    "SecurityChecker",
+    "PackagingChecker",
+    "ReleaseReadinessChecker",
 ]

weekly/checkers/base.py

@@ -4,11 +4,15 @@
 from abc import ABC, abstractmethod
 from enum import Enum
 from pathlib import Path
-from typing import Any, Dict, Optional
+from typing import Any, Dict, Optional, TYPE_CHECKING
 
+from ..core.logger import get_logger
 from ..core.project import Project
 from ..core.report import CheckResult
 
+if TYPE_CHECKING:
+    from logging import Logger
+
 
 class CheckSeverity(str, Enum):
     """Enumeration of possible check severity levels."""
@@ -23,6 +27,15 @@ class CheckSeverity(str, Enum):
 class BaseChecker(ABC):
     """Abstract base class for all project checkers."""
 
+    def __init__(self, config: Optional[Dict[str, Any]] = None):
+        """Initialize the checker.
+
+        Args:
+            config: Optional configuration dictionary for the checker
+        """
+        self.config = config or {}
+        self.logger: "Logger" = get_logger(f"weekly.checker.{self.name}")
+
     @property
     @abstractmethod
     def name(self) -> str:

weekly/checkers/dependencies.py

@@ -233,6 +233,13 @@ def _parse_dep_spec(self, spec: str) -> Tuple[str, str, str]:
         if not spec:
             return "", "", ""
 
+        # Handle environment markers (PEP 508)
+        marker = ""
+        if ";" in spec:
+            spec, marker = spec.split(";", 1)
+            spec = spec.strip()
+            marker = marker.strip()
+
         # Handle extras
         extras = ""
         if "[" in spec and "]" in spec: