← knowledge.oriz.in

Code quality — 5-tool stack (Sonarcloud + CodeRabbit + Codecov + Code Climate + DeepSource)

decision code-qualitydecisionsarchitecturesastcoveragecioss

Code quality — 5-tool stack

Decision

Every public repo in the chirag127/oriz* family runs five complementary code-quality tools. All five are free for OSS / public repos — the family's repos-work-independently posture and the user's "all of the repositories are public. Everything is public and open source" direction keep every repo eligible for free tiers across the board.

# Tool What it owns Where it renders
1 Sonarcloud SAST + code smells + duplication + complexity Quality gate on main
2 CodeRabbit LLM-grade design + intent review PR comments
3 Codecov Per-PR coverage delta PR comment + status check
4 Code Climate Quality A — F maintainability grade per file Dashboard + status check
5 DeepSource Static analysis + autofix PRs Issue list + auto-PR

This builds on (does not supersede) the earlier 4-tool stack documented in decisions/process/code-quality-stack.md: Dependabot + biome + CodeRabbit + Sonarcloud stay; Codecov + Code Climate + DeepSource are added alongside.

Why all five

Each tool catches a different failure mode and renders the result on a different surface:

The user's direction was: "use everything … so that everything is done best." For public-OSS repos, "everything" costs nothing. For private repos, the family would scale this back — but every family repo is public per the user's stated posture, so no scale-back needed.

Implications

Cross-refs