v0.3.0 — 29 New Library Rules

What's New

29 new rules across 8 popular Python libraries — patterns that no existing linter (including Ruff) detects:

New Rule Sets

Library	Rules	Highlights
Pydantic	6	V1/V2 API mixing, Optional without default, validator missing return
SQLAlchemy	4	SQL injection in execute()/text(), is None in .filter(), mutable Column defaults
Celery	4	Missing bind=True, self.retry() without exc=, broad autoretry
requests/httpx	3	Missing timeout, no status check, verify=False
logging	3	f-string in logging, root logger, error without exc_info
pandas	3	Chained indexing, inplace=True assignment, NaN comparison
pytest	3	assert(x, msg) tuple bug, try/except instead of pytest.raises, float equality
numpy	3	Array equality in boolean context, builtins on array, NaN in int array

Other Improvements

• Multi-framework detection: Projects using FastAPI + Pydantic + SQLAlchemy get all rules activated automatically
• Circular import fix: No longer flags lazy imports inside functions or TYPE_CHECKING blocks
• Dead code detection: Ignore dirs synced with file discovery (.venv, node_modules, etc.)
• 60 new tests, all passing on Python 3.10–3.13
• Self-check: 100/100

Install / Upgrade

uvx pycodegate .
# or
pip install --upgrade pycodegate

v0.2.0 — Security Rules + SARIF

New Security Rules

• no-os-system — os.system() is vulnerable to shell injection
• no-subprocess-shell — subprocess.run(shell=True) is a security risk
• no-tempfile-race — tempfile.mktemp() is deprecated and vulnerable to race conditions

SARIF Output

New --sarif flag outputs findings in SARIF 2.1.0 format for GitHub Code Scanning:

pycodegate . --sarif > results.sarif

Upload to GitHub Actions with github/codeql-action/upload-sarif@v3 and get findings highlighted directly in your PR review UI.

Fixes

• CI workflow updated to use pycodegate command (was still referencing old py-gate name)
• 159 tests passing, self-score 100/100

v0.1.3 — Perfect Score + AI-First Branding

Changes

Self-Improvement Loop: 86 → 100

We ran PyCodeGate on itself and fixed everything it found:

• Replaced broad except Exception with specific types
• Broke up god functions (7 functions > 50 lines → all under limit)
• Reduced cyclomatic complexity in CLI and profile detection
• Eliminated deep nesting with early returns
• Moved lazy imports to module top level
• Fixed vulture whitelist for dead code false positives

AI-First Positioning

New tagline: "Trust, but verify. The quality gate for AI-generated Python code."

AI agents ship code fast — but fast doesn't mean safe. PyCodeGate is the trust layer between AI-generated code and your production codebase.

Install

uvx pycodegate .

v0.1.2 — Unified Branding

Changes

• Unified all branding to PyCodeGate (no more py-gate/Py Gate)
• CLI command: pycodegate (runs with uvx pycodegate .)
• Config file: pycodegate.toml
• TOML key: [tool.pycodegate]
• Dynamic version display in terminal output

v0.1.1

Fix: uvx pycodegate . now works directly (added pycodegate CLI alias alongside py-gate).

v0.1.0 — Initial Release

pycodegate v0.1.0

One command. One score. Your Python quality gate.

Install

uvx pycodegate .
pip install pycodegate

Highlights

• 40+ rules across 8 weighted categories
• Framework auto-detection (Django, FastAPI, Flask)
• Weighted scoring with per-category budgets and diminishing returns
• Project profiles (cli/web/library/script)
• --json structured output for AI agents
• --fix auto-fix via ruff
• --badge shields.io badge for README
• --pre-commit git hook installer
• --diff scan only changed files
• Dependency vulnerability scanning via pip-audit
• Circular import detection
• Per-file rule suppression

Inspired by react-doctor.