type: decision
status: active
timestamp: 2026-06-20
tags: [code-quality, decisions, architecture, sast, coverage, ci, oss]

Code quality — 5-tool stack (Sonarcloud + CodeRabbit + Codecov + Code Climate + DeepSource)

Five code-quality tools per public repo \ tools. Sonarcloud (SAST + smells), CodeRabbit (LLM PR review), Codecov (coverage\ \ delta), Code Climate (A \u2014 F maintainability), DeepSource (autofix). All five\ \ free for the family's public / OSS repos. Builds on the earlier 4-tool stack \u2014\ \ adds Codecov + Code Climate + DeepSource alongside the existing Dependabot + biome\ \ + CodeRabbit + Sonarcloud."

Code quality — 5-tool stack

Decision

Every public repo in the chirag127/oriz* family runs five complementary code-quality tools. All five are free for OSS / public repos — the family’s repos-work-independently posture and the user’s “all of the repositories are public. Everything is public and open source” direction keep every repo eligible for free tiers across the board.

#ToolWhat it ownsWhere it renders
1SonarcloudSAST + code smells + duplication + complexityQuality gate on main
2CodeRabbitLLM-grade design + intent reviewPR comments
3CodecovPer-PR coverage deltaPR comment + status check
4Code Climate QualityA — F maintainability grade per fileDashboard + status check
5DeepSourceStatic analysis + autofix PRsIssue list + auto-PR

This builds on (does not supersede) the earlier 4-tool stack documented in decisions/process/code-quality-stack.md: Dependabot + biome + CodeRabbit + Sonarcloud stay; Codecov + Code Climate + DeepSource are added alongside.

Why all five

Each tool catches a different failure mode and renders the result on a different surface:

The user’s direction was: “use everything … so that everything is done best.” For public-OSS repos, “everything” costs nothing. For private repos, the family would scale this back — but every family repo is public per the user’s stated posture, so no scale-back needed.

Implications

Cross-refs


Edit on GitHub · Back to index