docs: add README, AGENTS.md, SKILL.md, CI/CD, PyPI metadata

- Full README with install, config, rules reference, API docs
- AGENTS.md for AI coding agents (Claude Code, Cursor, etc.)
- Claude Code skill in skills/python-doctor/SKILL.md
- GitHub Actions CI (test matrix 3.10-3.13 + lint + dogfood)
- GitHub Actions publish workflow (trusted PyPI publishing)
- PyPI classifiers, keywords, and project URLs for uvx discovery
- MIT LICENSE
- Minor import cleanup across test files

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: themohitkhare

.github/workflows/ci.yml

@@ -0,0 +1,45 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
+
+    steps:
+      - uses: actions/checkout@v5
+      - uses: astral-sh/setup-uv@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        run: uv python install ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: uv sync --all-extras
+
+      - name: Run tests
+        run: uv run pytest --tb=short -q
+
+      - name: Run python-doctor on itself
+        run: uv run python-doctor . --fail-on error
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: astral-sh/setup-uv@v4
+
+      - name: Install dependencies
+        run: uv sync --all-extras
+
+      - name: Ruff check
+        run: uv run ruff check .
+
+      - name: Ruff format check
+        run: uv run ruff format --check .

.github/workflows/publish.yml

@@ -0,0 +1,25 @@
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  id-token: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/project/python-doctor/
+
+    steps:
+      - uses: actions/checkout@v5
+      - uses: astral-sh/setup-uv@v4
+
+      - name: Build
+        run: uv build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

.gitignore

@@ -12,3 +12,6 @@ venv/
 .ruff_cache/
 htmlcov/
 .coverage
+*.so
+.env
+.DS_Store

AGENTS.md

@@ -0,0 +1,61 @@
+## General Rules
+
+- MUST: Use `uv` for all Python operations. `uv run` to execute, `uv sync` to install.
+- MUST: Follow existing code patterns — AST-based rule checks extending `BaseRules`.
+- MUST: Keep all types in `src/python_doctor/types.py`.
+- MUST: Use dataclasses (frozen) for data containers.
+- MUST: Never comment unless absolutely necessary.
+  - If the code is a hack, prefix with `# HACK: reason`
+- MUST: Use snake_case for files and variables.
+- MUST: Use descriptive names (avoid shorthands or 1-2 character names).
+- MUST: Do not use `type: ignore` unless absolutely necessary.
+- MUST: Remove unused code and don't repeat yourself.
+- MUST: Put all magic numbers in `constants.py` using `SCREAMING_SNAKE_CASE`.
+- MUST: Put small, focused utility functions in `utils/` with one utility per file.
+- MUST: Use early returns and guard clauses to reduce nesting depth below 5.
+- MUST: Keep functions under 50 lines.
+
+## Adding Rules
+
+1. Create a new file in `src/python_doctor/rules/` extending `BaseRules`
+2. Implement `check(self, source: str, filename: str) -> list[Diagnostic]`
+3. Register in `src/python_doctor/rules/__init__.py`
+4. Add tests in `tests/rules/`
+
+## Testing
+
+Run checks before committing:
+
+```bash
+uv run pytest                # runs all tests
+uv run python-doctor . -v    # dogfood on ourselves
+```
+
+## Architecture
+
+```
+src/python_doctor/
+  cli.py          — Click CLI entry point
+  api.py          — Programmatic API (diagnose function)
+  scan.py         — Orchestrator: parallel lint + dead code
+  score.py        — Score calculation from diagnostics
+  config.py       — Config loading (python-doctor.toml / pyproject.toml)
+  discover.py     — Project detection (framework, package manager, etc.)
+  output.py       — Rich terminal output
+  types.py        — All data types (Diagnostic, Score, etc.)
+  constants.py    — Magic numbers and thresholds
+  rules/
+    base.py       — Abstract BaseRules with AST parsing
+    security.py   — eval, exec, pickle, yaml, secrets, hashes
+    performance.py — string concat, imports in functions, star imports
+    architecture.py — giant modules, nesting, god functions, too many args
+    correctness.py — mutable defaults, bare except, assert, return in init
+    django.py     — raw SQL, DEBUG, SECRET_KEY, N+1
+    fastapi.py    — sync endpoints, missing response_model
+    flask.py      — secret key, debug mode, SQL f-strings
+    dead_code.py  — Vulture integration
+  utils/
+    file_discovery.py — Python file discovery (git + fallback)
+    ast_helpers.py    — Common AST utilities
+    diff.py           — Git diff file resolution
+```

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Mohit Khare
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,3 +1,199 @@
 # python-doctor
 
-Diagnose your Python project's health. Get a score, find issues, fix them.
+[![PyPI version](https://img.shields.io/pypi/v/python-doctor?style=flat&colorA=000000&colorB=000000)](https://pypi.org/project/python-doctor/)
+[![Downloads](https://img.shields.io/pypi/dm/python-doctor?style=flat&colorA=000000&colorB=000000)](https://pypi.org/project/python-doctor/)
+
+Diagnose your Python project's health. One command scans your codebase for security, performance, correctness, and architecture issues, then outputs a **0-100 score** with actionable diagnostics.
+
+Inspired by [react-doctor](https://github.com/millionco/react-doctor).
+
+## How it works
+
+Python Doctor detects your framework (Django, FastAPI, Flask), Python version, package manager (uv, poetry, pip), and test framework, then runs two analysis passes **in parallel**:
+
+1. **Lint**: Checks 30+ rules across security, performance, architecture, correctness, and framework-specific categories. Rules are toggled automatically based on your project setup.
+2. **Dead code**: Detects unused functions, classes, imports, and variables via [Vulture](https://github.com/jendrikseipp/vulture).
+
+Diagnostics are filtered through your config, then scored by severity (errors weigh more than warnings) to produce a **0-100 health score** (75+ Great, 50-74 Needs Work, <50 Critical).
+
+## Install
+
+Run instantly with uvx (no install needed):
+
+```bash
+uvx python-doctor .
+```
+
+Or install globally:
+
+```bash
+uv tool install python-doctor
+# or
+pip install python-doctor
+```
+
+Use `--verbose` to see affected files and line numbers:
+
+```bash
+python-doctor . --verbose
+```
+
+## Install for your coding agent
+
+Add the skill to your Claude Code, Cursor, or other AI coding agent:
+
+```bash
+# Claude Code
+cp skills/python-doctor/SKILL.md .claude/skills/python-doctor.md
+```
+
+Or reference the AGENTS.md in your project root — it's automatically picked up by Claude Code, Cursor, Windsurf, and others.
+
+## GitHub Actions
+
+```yaml
+- uses: actions/checkout@v5
+  with:
+    fetch-depth: 0 # required for --diff
+- uses: actions/setup-python@v5
+  with:
+    python-version: "3.12"
+- name: Run Python Doctor
+  run: |
+    pip install python-doctor
+    python-doctor . --verbose --diff main --fail-on error
+```
+
+## Options
+
+```
+Usage: python-doctor [OPTIONS] [DIRECTORY]
+
+Options:
+  -v, --version                   Show the version and exit.
+  --lint / --no-lint              Enable/disable lint checks.
+  --dead-code / --no-dead-code    Enable/disable dead code detection.
+  --verbose                       Show file details per rule.
+  --score                         Output only the numeric score.
+  --diff TEXT                     Scan only files changed vs base branch.
+  --fail-on [error|warning|none]  Exit with code 1 on this severity level.
+  -h, --help                      Show this message and exit.
+```
+
+## Configuration
+
+Create a `python-doctor.toml` in your project root:
+
+```toml
+[options]
+lint = true
+dead_code = true
+verbose = false
+fail_on = "none"
+
+[ignore]
+rules = ["no-import-in-function", "dead-code"]
+files = ["tests/fixtures/**", "migrations/**"]
+```
+
+Or use `pyproject.toml`:
+
+```toml
+[tool.python-doctor]
+lint = true
+dead_code = true
+
+[tool.python-doctor.ignore]
+rules = ["no-import-in-function"]
+files = ["tests/fixtures/**"]
+```
+
+If both exist, `python-doctor.toml` takes precedence. CLI flags always override config values.
+
+## Rules
+
+### Security
+| Rule | Severity | Description |
+|------|----------|-------------|
+| `no-eval` | Error | `eval()` executes arbitrary code |
+| `no-exec` | Error | `exec()` executes arbitrary code |
+| `no-pickle-load` | Error | `pickle.load()` can execute arbitrary code |
+| `no-unsafe-yaml-load` | Error | `yaml.load()` without Loader is unsafe |
+| `no-hardcoded-secret` | Error | Hardcoded secrets in source code |
+| `no-weak-hash` | Warning | MD5/SHA1 are cryptographically weak |
+
+### Performance
+| Rule | Severity | Description |
+|------|----------|-------------|
+| `no-string-concat-in-loop` | Warning | O(n^2) string concatenation |
+| `no-import-in-function` | Warning | Import re-executed on every call |
+| `no-star-import` | Warning | Pollutes namespace |
+
+### Architecture
+| Rule | Severity | Description |
+|------|----------|-------------|
+| `no-giant-module` | Warning | Module exceeds 500 lines |
+| `no-deep-nesting` | Warning | Nesting depth exceeds 5 |
+| `no-god-function` | Warning | Function exceeds 50 lines |
+| `no-too-many-args` | Warning | Function has more than 7 arguments |
+
+### Correctness
+| Rule | Severity | Description |
+|------|----------|-------------|
+| `no-mutable-default` | Error | Mutable default argument shared across calls |
+| `no-bare-except` | Warning | Catches SystemExit and KeyboardInterrupt |
+| `no-broad-except` | Warning | Catches overly broad Exception |
+| `no-assert-in-production` | Warning | Assert statements stripped with -O |
+| `no-return-in-init` | Warning | Return value in `__init__` |
+
+### Django
+| Rule | Severity | Description |
+|------|----------|-------------|
+| `no-raw-sql-injection` | Error | SQL built with string concatenation |
+| `no-debug-true` | Error | DEBUG = True hardcoded in settings |
+| `no-secret-key-in-source` | Error | SECRET_KEY hardcoded |
+| `no-n-plus-one-query` | Warning | Related object access in loop |
+
+### FastAPI
+| Rule | Severity | Description |
+|------|----------|-------------|
+| `no-sync-endpoint` | Warning | Sync def blocks the event loop |
+| `no-missing-response-model` | Warning | Endpoint missing response_model |
+
+### Flask
+| Rule | Severity | Description |
+|------|----------|-------------|
+| `no-flask-secret-in-source` | Error | Secret key hardcoded |
+| `no-flask-debug-mode` | Error | Debug mode in production |
+| `no-sql-string-format` | Error | SQL built with f-strings |
+
+### Dead Code
+| Rule | Severity | Description |
+|------|----------|-------------|
+| `dead-code` | Warning | Unused function, class, import, or variable |
+
+## Python API
+
+```python
+from python_doctor.api import diagnose
+
+result = diagnose("./path/to/your/project")
+
+print(result.score)        # Score(value=82, label="Great")
+print(result.diagnostics)  # List of Diagnostic objects
+print(result.project)      # Detected framework, Python version, etc.
+```
+
+## Contributing
+
+```bash
+git clone https://github.com/themohitkhare/pythondoctor
+cd pythondoctor
+uv sync --all-extras
+uv run pytest
+uv run python-doctor .  # dogfood it
+```
+
+## License
+
+MIT

pyproject.toml

@@ -6,12 +6,32 @@ readme = "README.md"
 requires-python = ">=3.10"
 license = "MIT"
 authors = [{ name = "Mohit Khare" }]
+keywords = ["linter", "health", "diagnostics", "security", "architecture", "dead-code", "python"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Environment :: Console",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Software Development :: Quality Assurance",
+    "Topic :: Software Development :: Testing",
+    "Typing :: Typed",
+]
 dependencies = [
     "click>=8.1",
     "rich>=13.0",
     "vulture>=2.11",
 ]
 
+[project.urls]
+Homepage = "https://github.com/themohitkhare/pythondoctor"
+Repository = "https://github.com/themohitkhare/pythondoctor"
+Issues = "https://github.com/themohitkhare/pythondoctor/issues"
+
 [project.optional-dependencies]
 dev = [
     "pytest>=8.0",