qgis-plugin-analyzer 1.4.0__py3-none-any.whl → 1.6.0__py3-none-any.whl

analyzer/engine.py

@@ -24,7 +24,8 @@ import os
 import pathlib
 import subprocess
 from concurrent.futures import ProcessPoolExecutor, as_completed
-from typing import Any, Dict, List, Optional
+from dataclasses import dataclass, field
+from typing import Any, Dict, List, Optional, TypedDict, cast
 
 from .reporters import (
     generate_html_report,
@@ -32,6 +33,7 @@ from .reporters import (
     save_json_context,
 )
 from .scanner import (
+    ModuleAnalysisResult,
     analyze_module_worker,
     audit_qgis_standards,
 )
@@ -39,20 +41,240 @@ from .semantic import DependencyGraph, ResourceValidator
 from .utils import (
     IgnoreMatcher,
     ProgressTracker,
+    discover_project_files,
     load_ignore_patterns,
     load_profile_config,
     logger,
-    safe_path_resolve,
     setup_logger,
 )
 from .validators import (
-    calculate_package_size,
-    scan_for_binaries,
     validate_metadata,
     validate_metadata_urls,
+    validate_package_constraints,
     validate_plugin_structure,
 )
 
+# --- Types ---
+
+
+@dataclass(frozen=True)
+class ProjectConfig:
+    """Strongly typed project configuration."""
+
+    strict: bool = False
+    generate_html: bool = True
+    fail_on_error: bool = False
+    project_type: str = "auto"
+    rules: Dict[str, Any] = field(default_factory=dict)
+    fail_on_critical: bool = False
+
+
+class QGISChecksResult(TypedDict):
+    """Result of QGIS-specific validation checks."""
+
+    compliance: Dict[str, Any]
+    structure: Dict[str, Any]
+    metadata: Dict[str, Any]
+    binaries: List[str]
+    package_size: float
+    package_constraints: Dict[str, Any]
+    url_status: Dict[str, str]
+
+
+class SemanticAnalysisResult(TypedDict):
+    """Result of semantic analysis."""
+
+    cycles: List[List[str]]
+    metrics: Dict[str, Any]
+    missing_resources: List[str]
+
+
+class ProjectScores(TypedDict):
+    """Calculated project quality scores."""
+
+    code_score: float
+    maint_score: float
+    qgis_score: float
+    security_score: float
+
+
+class FullAnalysisResult(TypedDict, total=False):
+    """Consolidated analysis result for the entire project."""
+
+    project_name: str
+    project_type: str
+    metrics: Dict[str, Any]
+    ruff_findings: List[Dict[str, Any]]
+    security: Dict[str, Any]
+    semantic: Dict[str, Any]
+    modules: List[ModuleAnalysisResult]
+    research_summary: Dict[str, Any]
+    qgis_compliance: Dict[str, Any]
+    repository_compliance: Dict[str, Any]
+
+
+class ScoringEngine:
+    """Specialized engine for calculating project quality scores."""
+
+    def __init__(self, project_type: str) -> None:
+        self.project_type = project_type
+
+    def calculate_project_scores(
+        self,
+        modules_data: List[ModuleAnalysisResult],
+        ruff_findings: List[Dict[str, Any]],
+        qgis_checks: Optional[QGISChecksResult],
+        semantic: SemanticAnalysisResult,
+    ) -> ProjectScores:
+        """Calculates project quality scores based on industry-standard formulas."""
+        if not modules_data:
+            return {
+                "code_score": 0.0,
+                "maint_score": 0.0,
+                "qgis_score": 0.0,
+                "security_score": 0.0,
+            }
+
+        module_score = self._get_mi_score(modules_data)
+        maintainability_score = self._get_maint_score(modules_data, ruff_findings)
+        modernization_bonus = self._get_modernization_bonus(modules_data)
+        maintainability_score = min(100.0, maintainability_score + modernization_bonus)
+
+        # Security context
+        security_penalty = self._get_security_penalty(modules_data)
+        security_score = max(0.0, 100.0 - security_penalty)
+
+        # Global penalties (e.g., circular dependencies)
+        cycles = semantic["cycles"]
+        penalty = len(cycles) * 10
+        module_score = max(0, module_score - penalty)
+        maintainability_score = max(0, maintainability_score - penalty)
+
+        if self.project_type == "generic" or not qgis_checks:
+            return {
+                "code_score": round(module_score, 1),
+                "maint_score": round(maintainability_score, 1),
+                "qgis_score": 0.0,
+                "security_score": round(security_score, 1),
+            }
+
+        qgis_score = self._get_qgis_score(
+            qgis_checks["compliance"],
+            qgis_checks["structure"],
+            qgis_checks["metadata"],
+            semantic["missing_resources"],
+            qgis_checks["binaries"],
+            qgis_checks["package_size"],
+            security_penalty,
+        )
+
+        return {
+            "code_score": round(module_score, 1),
+            "maint_score": round(maintainability_score, 1),
+            "qgis_score": round(qgis_score, 1),
+            "security_score": round(security_score, 1),
+        }
+
+    def _get_mi_score(self, modules_data: List[ModuleAnalysisResult]) -> float:
+        """Calculates module stability based on Maintainability Index (MI)."""
+        mi_scores = []
+        for m in modules_data:
+            cc = m.get("complexity", 1)
+            sloc = max(1, m.get("lines", 1))
+            mi = (171 - 0.23 * cc - 16.2 * math.log(sloc)) * 100 / 171
+            mi_scores.append(max(0, mi))
+        return sum(mi_scores) / len(mi_scores) if mi_scores else 0.0
+
+    def _get_maint_score(
+        self,
+        modules_data: List[ModuleAnalysisResult],
+        ruff_findings: List[Dict[str, Any]],
+    ) -> float:
+        """Calculates maintainability based on function complexity and linting penalties."""
+        all_func_comp = []
+        for m in modules_data:
+            for f in m.get("functions", []):
+                all_func_comp.append(f["complexity"])
+
+        avg_func_comp = sum(all_func_comp) / len(all_func_comp) if all_func_comp else 1.0
+        func_score = max(0, 100 - (max(0, avg_func_comp - 10) * 5))
+
+        total_lines = sum(m.get("lines", 0) for m in modules_data)
+        errors = sum(1 for f in ruff_findings if f.get("code", "").startswith(("E", "F")))
+        others = len(ruff_findings) - errors
+
+        lint_penalty = ((5 * errors + others) / max(1, total_lines / 10)) * 10
+        lint_score = max(0, 100 - lint_penalty)
+
+        return float((func_score * 0.7) + (lint_score * 0.3))
+
+    def _get_modernization_bonus(self, modules_data: List[ModuleAnalysisResult]) -> float:
+        """Calculates modernization bonuses based on type hints and documentation styles."""
+        total_functions = 0
+        total_params = 0
+        annotated_params = 0
+        has_return_hint = 0
+        detected_styles = set()
+
+        for m in modules_data:
+            metrics = m.get("research_metrics", {})
+            t_stats = metrics.get("type_hint_stats", {})
+            total_functions += t_stats.get("total_functions", 0)
+            total_params += t_stats.get("total_parameters", 0)
+            annotated_params += t_stats.get("annotated_parameters", 0)
+            has_return_hint += t_stats.get("has_return_hint", 0)
+            detected_styles.update(metrics.get("docstring_styles", []))
+
+        bonus = 0.0
+        if total_params > 0 or total_functions > 0:
+            param_cov = annotated_params / max(1, total_params)
+            ret_cov = has_return_hint / max(1, total_functions)
+            if param_cov >= 0.8 and ret_cov >= 0.8:
+                bonus += 5.0
+
+        if detected_styles:
+            bonus += 2.0
+        return bonus
+
+    def _get_qgis_score(
+        self,
+        compliance: Dict[str, Any],
+        structure: Dict[str, Any],
+        metadata: Dict[str, Any],
+        missing_resources: List[str],
+        binaries: List[str],
+        package_size: float,
+        security_penalty: float = 0.0,
+    ) -> float:
+        """Calculates QGIS-specific compliance score."""
+        score = 100.0
+        score -= compliance.get("issues_count", 0) * 2
+        if not structure.get("is_valid", True):
+            score -= 20
+        if not metadata.get("is_valid", True):
+            score -= 10
+        score -= len(missing_resources) * 5
+        score -= len(binaries) * 50
+        if package_size > 20:
+            score -= 10
+
+        score -= security_penalty
+        return float(max(0, score))
+
+    def _get_security_penalty(self, modules_data: List[ModuleAnalysisResult]) -> float:
+        """Calculates total penalty for security vulnerabilities."""
+        penalty = 0.0
+        for m in modules_data:
+            for issue in m.get("security_issues", []):
+                sev = issue.get("severity", "medium").lower()
+                if sev == "high":
+                    penalty += 10.0
+                elif sev == "medium":
+                    penalty += 5.0
+                else:
+                    penalty += 2.0
+        return penalty
+
 
 class ProjectAnalyzer:
     def __init__(
@@ -79,47 +301,32 @@ class ProjectAnalyzer:
         self.max_workers = min(os.cpu_count() or 4, 4)
         self.max_file_size_kb = 500
 
-        # Load profile config
-        self.config = load_profile_config(self.project_path, profile)
+        # Load and wrap config
+        raw_config = load_profile_config(self.project_path, profile)
+        self.config = ProjectConfig(
+            strict=raw_config.get("strict", False),
+            generate_html=raw_config.get("generate_html", True),
+            fail_on_error=raw_config.get("fail_on_error", False),
+            project_type=raw_config.get("project_type", "auto"),
+            rules=raw_config.get("rules", {}),
+        )
 
         # Detect project type
-        self.project_type = self.config.get("project_type", "auto")
+        self.project_type = self.config.project_type
         if self.project_type == "auto":
             metadata_file = self.project_path / "metadata.txt"
             self.project_type = "qgis" if metadata_file.exists() else "generic"
 
         logger.info(f"📁 Project type: {self.project_type.upper()}")
 
+        # Initialize Engines
+        self.scoring = ScoringEngine(self.project_type)
+
         # Load .analyzerignore
         ignore_file = self.project_path / ".analyzerignore"
         patterns = load_ignore_patterns(ignore_file)
         self.matcher = IgnoreMatcher(self.project_path, patterns)
 
-    def get_python_files(self) -> List[pathlib.Path]:
-        """Scans Python files ignoring common folders and .analyzerignore patterns.
-
-        Returns:
-            A sorted list of pathlib.Path objects for all detected Python files.
-        """
-        python_files = []
-        for root, dirs, files in os.walk(self.project_path):
-            root_path = pathlib.Path(root)
-
-            # Filter directories
-            dirs[:] = [d for d in dirs if not self.matcher.is_ignored(root_path / d)]
-
-            for file in files:
-                file_path = root_path / file
-                if file.endswith(".py") and not self.matcher.is_ignored(file_path):
-                    # Skip very large files to avoid OOM
-                    if file_path.stat().st_size > self.max_file_size_kb * 1024:
-                        logger.warning(
-                            f"⚠️ Skipping large file: {file_path.name} (> {self.max_file_size_kb}KB)"
-                        )
-                        continue
-                    python_files.append(file_path)
-        return sorted(python_files)
-
     def run_ruff_audit(self) -> List[Dict[str, Any]]:
         """Executes Ruff linting via subprocess.
 
@@ -146,8 +353,8 @@ class ProjectAnalyzer:
             return []
 
     def _run_parallel_analysis(
-        self, files: List[pathlib.Path], rules_config: dict
-    ) -> List[Dict[str, Any]]:
+        self, files: List[pathlib.Path], rules_config: Dict[str, Any]
+    ) -> List[ModuleAnalysisResult]:
         """Runs parallel analysis on all Python files.
 
         Args:
@@ -158,7 +365,7 @@ class ProjectAnalyzer:
             A list of module analysis results.
         """
         tracker = ProgressTracker(len(files))
-        modules_data = []
+        modules_data: List[ModuleAnalysisResult] = []
 
         with ProcessPoolExecutor(max_workers=self.max_workers) as executor:
             futures = {
@@ -175,44 +382,51 @@ class ProjectAnalyzer:
         return modules_data
 
     def _run_qgis_specific_checks(
-        self, modules_data: List[Dict[str, Any]], rules_config: dict
-    ) -> tuple:
+        self,
+        modules_data: List[ModuleAnalysisResult],
+        rules_config: Dict[str, Any],
+        discovery: Dict[str, Any],
+    ) -> QGISChecksResult:
         """Runs QGIS-specific validation checks.
 
         Args:
-            modules_data: List of already analyzed module data.
-            rules_config: Rule-specific configuration overrides.
+            modules_data: Results from module analysis.
+            rules_config: Configuration for rules.
+            discovery: Discovery results from the project scanner.
 
         Returns:
-            A tuple of (compliance, structure, metadata, binaries, package_size, url_status).
+            A QGISChecksResult containing findings from all checks.
         """
-        compliance = audit_qgis_standards(
-            modules_data, self.project_path, rules_config=rules_config
-        )
-
-        # Official repository audit
-        metadata_path = safe_path_resolve(self.project_path, "metadata.txt")
+        metadata_file = self.project_path / "metadata.txt"
+        compliance = audit_qgis_standards(modules_data, self.project_path, rules_config)
         structure = validate_plugin_structure(self.project_path)
-        metadata = validate_metadata(metadata_path)
+        metadata = validate_metadata(metadata_file)
 
-        # Repository Compliance Checks
-        logger.info("Running QGIS repository compliance checks...")
-        binaries = scan_for_binaries(self.project_path, self.matcher)
-        package_size = calculate_package_size(self.project_path, self.matcher)
-        url_status = {}
-        if metadata.get("is_valid") and "metadata" in metadata:
-            url_status = validate_metadata_urls(metadata["metadata"])
+        # New Repository Constraints
+        constraints = validate_package_constraints(
+            discovery["total_size_mb"], discovery["binaries"]
+        )
 
-        return compliance, structure, metadata, binaries, package_size, url_status
+        return {
+            "compliance": compliance,
+            "structure": structure,
+            "metadata": metadata,
+            "binaries": discovery["binaries"],
+            "package_size": discovery["total_size_mb"],
+            "package_constraints": constraints,
+            "url_status": validate_metadata_urls(metadata.get("metadata", {})),
+        }
 
-    def _run_semantic_analysis(self, modules_data: List[Dict[str, Any]]) -> tuple:
+    def _run_semantic_analysis(
+        self, modules_data: List[ModuleAnalysisResult]
+    ) -> SemanticAnalysisResult:
         """Runs semantic analysis including dependencies and resources.
 
         Args:
             modules_data: List of analyzed module entries.
 
         Returns:
-            A tuple of (cycles, metrics, missing_resources).
+            A dictionary containing cycles, metrics, and missing resources.
         """
         dep_graph = DependencyGraph()
         all_resource_usages = []
@@ -223,9 +437,11 @@ class ProjectAnalyzer:
             res_validator.scan_project_resources(self.matcher)
 
         for m in modules_data:
-            dep_graph.add_node(m["path"], m)
+            dep_graph.add_node(m["path"], cast(Dict[str, Any], m))
             if self.project_type == "qgis" and "resource_usages" in m:
-                all_resource_usages.extend(m["resource_usages"])
+                # Type safe usage of resource_usages from TypedDict
+                resource_usages = m.get("resource_usages", [])
+                all_resource_usages.extend(resource_usages)
 
         dep_graph.build_edges(self.project_path)
         cycles = dep_graph.detect_cycles()
@@ -235,68 +451,92 @@ class ProjectAnalyzer:
         if self.project_type == "qgis" and res_validator:
             missing_resources = res_validator.validate_usage(all_resource_usages)
 
-        return cycles, metrics, missing_resources
+        return {
+            "cycles": cycles,
+            "metrics": metrics,
+            "missing_resources": missing_resources,
+        }
 
     def _build_analysis_results(
         self,
         files: List[pathlib.Path],
-        modules_data: List[Dict[str, Any]],
+        modules_data: List[ModuleAnalysisResult],
         ruff_findings: List[Dict[str, Any]],
-        code_score: float,
-        maint_score: float,
-        qgis_score: float,
-        compliance: Dict[str, Any],
-        structure: Dict[str, Any],
-        metadata: Dict[str, Any],
-        cycles: List[List[str]],
-        metrics: Dict[str, Any],
-        missing_resources: List[str],
-        binaries: List[str],
-        package_size: float,
-        url_status: Dict[str, str],
-    ) -> Dict[str, Any]:
-        """Consolidates analysis results into a single dictionary.
+        scores: ProjectScores,
+        qgis_checks: Optional[QGISChecksResult],
+        semantic: SemanticAnalysisResult,
+    ) -> FullAnalysisResult:
+        """Consolidates analysis results into a single dictionary."""
+        analyses: FullAnalysisResult = {
+            "project_name": self.project_path.name,
+            "project_type": self.project_type,
+            "metrics": self._get_metrics_summary(files, modules_data, scores),
+            "ruff_findings": ruff_findings,
+            "security": self._get_security_summary(modules_data, scores),
+            "semantic": {
+                "circular_dependencies": semantic["cycles"],
+                "coupling_metrics": semantic["metrics"],
+            },
+            "modules": modules_data,
+            "research_summary": self._get_research_summary(modules_data),
+        }
 
-        Args:
-            files: List of analyzed files.
-            modules_data: Detailed analysis for each module.
-            ruff_findings: Results from Ruff linting.
-            code_score: Calculated module stability score.
-            maint_score: Calculated maintainability score.
-            qgis_score: Calculated QGIS compliance score.
-            compliance: Detailed QGIS compliance findings.
-            structure: Plugin structure validation results.
-            metadata: Metadata validation results.
-            cycles: Detected circular dependency cycles.
-            metrics: Coupling and complexity metrics.
-            missing_resources: List of missing QRC resources.
-            binaries: List of prohibited binary files.
-            package_size: Size of the plugin package in MB.
-            url_status: Status of URLs in metadata.txt.
+        if self.project_type == "qgis" and qgis_checks:
+            analyses["metrics"]["overall_score"] = round(
+                (scores["code_score"] * 0.5) + (scores["qgis_score"] * 0.5), 1
+            )
+            analyses["qgis_compliance"] = {
+                "compliance_score": round(scores["qgis_score"], 1),
+                "best_practices": qgis_checks["compliance"],
+                "repository_standards": {
+                    "structure": qgis_checks["structure"],
+                    "metadata": qgis_checks["metadata"],
+                },
+            }
+            analyses["semantic"]["missing_resources"] = semantic["missing_resources"]
+            analyses["repository_compliance"] = {
+                "binaries": qgis_checks["binaries"],
+                "package_size_mb": round(qgis_checks["package_size"], 2),
+                "url_validation": qgis_checks["url_status"],
+                "folder_name_valid": qgis_checks["structure"].get("folder_name_valid", True),
+                "constraint_errors": qgis_checks["package_constraints"].get("errors", []),
+                "is_compliant": qgis_checks["package_constraints"].get("is_valid", True)
+                and qgis_checks["structure"].get("is_valid", True),
+            }
 
-        Returns:
-            The final analysis results dictionary.
-        """
-        metrics_summary = {
+        return analyses
+
+    def _get_metrics_summary(
+        self,
+        files: List[pathlib.Path],
+        modules_data: List[ModuleAnalysisResult],
+        scores: ProjectScores,
+    ) -> Dict[str, Any]:
+        """Generates the metrics summary portion of the results."""
+        return {
             "total_files": len(files),
             "total_lines": sum(m["lines"] for m in modules_data),
-            "quality_score": round(code_score, 1),
-            "maintainability_score": round(maint_score, 1),
+            "quality_score": round(scores["code_score"], 1),
+            "maintainability_score": round(scores["maint_score"], 1),
+            "security_score": round(scores["security_score"], 1),
         }
 
-        if self.project_type == "qgis":
-            metrics_summary["overall_score"] = round((code_score * 0.5) + (qgis_score * 0.5), 1)
+    def _get_security_summary(
+        self, modules_data: List[ModuleAnalysisResult], scores: ProjectScores
+    ) -> Dict[str, Any]:
+        """Generates the security summary portion of the results."""
+        all_security_issues = []
+        for m in modules_data:
+            all_security_issues.extend(m.get("security_issues", []))
 
-        analyses = {
-            "project_name": self.project_path.name,
-            "project_type": self.project_type,
-            "metrics": metrics_summary,
-            "ruff_findings": ruff_findings,
-            "semantic": {"circular_dependencies": cycles, "coupling_metrics": metrics},
-            "modules": modules_data,
+        return {
+            "findings": all_security_issues,
+            "count": len(all_security_issues),
+            "score": round(scores["security_score"], 1),
         }
 
-        # Aggregate research metrics for summary
+    def _get_research_summary(self, modules_data: List[ModuleAnalysisResult]) -> Dict[str, Any]:
+        """Aggregates research metrics for summary."""
         total_functions = 0
         total_params = 0
         annotated_params = 0
@@ -319,7 +559,7 @@ class ProjectAnalyzer:
 
             detected_styles.update(r_metrics.get("docstring_styles", []))
 
-        analyses["research_summary"] = {
+        return {
             "type_hint_coverage": round((annotated_params / max(1, total_params)) * 100, 1)
             if total_params > 0
             else 0.0,
@@ -332,32 +572,17 @@ class ProjectAnalyzer:
             "detected_docstring_styles": list(detected_styles),
         }
 
-        if self.project_type == "qgis":
-            analyses["qgis_compliance"] = {
-                "compliance_score": round(qgis_score, 1),
-                "best_practices": compliance,
-                "repository_standards": {"structure": structure, "metadata": metadata},
-            }
-            analyses["semantic"]["missing_resources"] = missing_resources
-            analyses["repository_compliance"] = {
-                "binaries": binaries,
-                "package_size_mb": round(package_size, 2),
-                "url_validation": url_status,
-                "is_compliant": len(binaries) == 0 and package_size <= 20,
-            }
-
-        return analyses
-
-    def _save_reports(self, analyses: Dict[str, Any]) -> None:
+    def _save_reports(self, analyses: FullAnalysisResult) -> None:
         """Saves all generated analysis reports to the output directory.
 
         Args:
             analyses: The consolidated analysis results dictionary.
         """
-        generate_markdown_summary(analyses, self.output_dir / "PROJECT_SUMMARY.md")
-        if self.config.get("generate_html", True):
-            generate_html_report(analyses, self.output_dir / "PROJECT_SUMMARY.html")
-        save_json_context(analyses, self.output_dir / "project_context.json")
+        data = cast(Dict[str, Any], analyses)
+        generate_markdown_summary(data, self.output_dir / "PROJECT_SUMMARY.md")
+        if self.config.generate_html:
+            generate_html_report(data, self.output_dir / "PROJECT_SUMMARY.html")
+        save_json_context(data, self.output_dir / "project_context.json")
 
     def run(self) -> bool:
         """Executes the complete analysis pipeline.
@@ -367,8 +592,16 @@ class ProjectAnalyzer:
             False if it failed due to critical system errors or strict mode violations.
         """
         logger.info(f"🔍 Analyzing: {self.project_path}")
-        files = self.get_python_files()
-        rules_config = self.config.get("rules", {})
+
+        # Unified Project Discovery
+        discovery = discover_project_files(self.project_path, self.matcher)
+        files = discovery["python_files"]
+        rules_config = self.config.rules
+
+        # Update Project Type if it was auto
+        if self.config.project_type == "auto":
+            self.project_type = "qgis" if discovery["has_metadata"] else "generic"
+            logger.info(f"📁 Project type: {self.project_type.upper()}")
 
         # Parallel analysis
         modules_data = self._run_parallel_analysis(files, rules_config)
@@ -377,59 +610,31 @@ class ProjectAnalyzer:
         ruff_findings = self.run_ruff_audit()
 
         # Initialize defaults
-        compliance: Dict[str, Any] = {"issues": [], "issues_count": 0}
-        structure: Dict[str, Any] = {"is_valid": True}
-        metadata: Dict[str, Any] = {"is_valid": True}
-        binaries: List[str] = []
-        package_size = 0
-        url_status = {}
+        qgis_checks: Optional[QGISChecksResult] = None
 
         # QGIS-specific checks
         if self.project_type == "qgis":
-            compliance, structure, metadata, binaries, package_size, url_status = (
-                self._run_qgis_specific_checks(modules_data, rules_config)
-            )
+            qgis_checks = self._run_qgis_specific_checks(modules_data, rules_config, discovery)
 
         # Semantic Analysis
-        semantic_res = self._run_semantic_analysis(modules_data)
-        cycles = semantic_res[0] if len(semantic_res) > 0 else []
-        metrics = semantic_res[1] if len(semantic_res) > 1 else {}
-        missing_resources = semantic_res[2] if len(semantic_res) > 2 else []
+        semantic = self._run_semantic_analysis(modules_data)
 
-        # Calculate scores
-        scores = self._calculate_scores(
+        # Calculate scores via ScoringEngine
+        scores = self.scoring.calculate_project_scores(
             modules_data,
             ruff_findings,
-            compliance,
-            structure,
-            metadata,
-            cycles,
-            missing_resources,
-            binaries,
-            package_size,
+            qgis_checks,
+            semantic,
         )
-        # Handle potential return length mismatches gracefully (Robustness v1.0.0+)
-        code_score = scores[0] if len(scores) > 0 else 0.0
-        maint_score = scores[1] if len(scores) > 1 else 0.0
-        qgis_score = scores[2] if len(scores) > 2 else 0.0
 
         # Build results
         analyses = self._build_analysis_results(
             files,
             modules_data,
             ruff_findings,
-            code_score,
-            maint_score,
-            qgis_score,
-            compliance,
-            structure,
-            metadata,
-            cycles,
-            metrics,
-            missing_resources,
-            binaries,
-            package_size,
-            url_status,
+            scores,
+            qgis_checks,
+            semantic,
         )
 
         # Save reports
@@ -438,11 +643,15 @@ class ProjectAnalyzer:
         logger.info(f"✅ Analysis completed. Reports in: {self.output_dir}")
 
         # Fail on error if strict mode is on
-        if self.config.get("fail_on_error") and self.project_type == "qgis":
+        if self.config.fail_on_error and self.project_type == "qgis" and qgis_checks:
+            compliance = qgis_checks["compliance"]
+            structure = qgis_checks["structure"]
+            metadata = qgis_checks["metadata"]
             if (
                 int(compliance.get("issues_count", 0)) > 0
-                or not structure["is_valid"]
-                or not metadata["is_valid"]
+                or not structure.get("is_valid", True)
+                or not metadata.get("is_valid", True)
+                or not qgis_checks["package_constraints"].get("is_valid", True)
             ):
                 logger.error(
                     "❌ Strict Mode: Critical QGIS compliance issues detected. Failing analysis."
@@ -453,77 +662,108 @@ class ProjectAnalyzer:
 
     def _calculate_scores(
         self,
-        modules_data: List[Dict[str, Any]],
+        modules_data: List[ModuleAnalysisResult],
         ruff_findings: List[Dict[str, Any]],
-        compliance: Dict[str, Any],
-        structure: Dict[str, Any],
-        metadata: Dict[str, Any],
-        cycles: List[List[str]],
-        missing_resources: List[str],
-        binaries: List[str],
-        package_size: float,
-    ) -> tuple:
+        qgis_checks: Optional[QGISChecksResult],
+        semantic: SemanticAnalysisResult,
+    ) -> ProjectScores:
         """Calculates project quality scores based on industry-standard formulas.
 
         Args:
             modules_data: Detailed analysis results for each module.
             ruff_findings: List of Ruff linting findings.
-            compliance: Findings from QGIS standard audit.
-            structure: Results of plugin structure validation.
-            metadata: Results of metadata.txt validation.
-            cycles: List of circular dependency cycles.
-            missing_resources: List of missing QRC resource paths.
-            binaries: List of prohibited binary files.
-            package_size: Size of the plugin package in MB.
+            qgis_checks: Results of QGIS-specific validation checks.
+            semantic: Results of semantic analysis.
 
         Returns:
-            A tuple of (module_stability, maintainability, qgis_compliance) scores out of 100.
+            A ProjectScores TypedDict containing stability, maintainability, and qgis scores.
         """
         if not modules_data:
-            return 0.0, 0.0, 0.0
+            return {
+                "code_score": 0.0,
+                "maint_score": 0.0,
+                "qgis_score": 0.0,
+                "security_score": 0.0,
+            }
+
+        module_score = self._get_mi_score(modules_data)
+        maintainability_score = self._get_maint_score(modules_data, ruff_findings)
+        modernization_bonus = self._get_modernization_bonus(modules_data)
+        maintainability_score = min(100.0, maintainability_score + modernization_bonus)
+
+        # Security context
+        security_penalty = self._get_security_penalty(modules_data)
+        security_score = max(0.0, 100.0 - security_penalty)
 
-        # 1. Module stability based on Maintainability Index (MI)
-        # Formula: MI = max(0, (171 - 0.23 * CC - 16.2 * ln(SLOC)) * 100 / 171)
+        # Global penalties (e.g., circular dependencies)
+        cycles = semantic["cycles"]
+        penalty = len(cycles) * 10
+        module_score = max(0, module_score - penalty)
+        maintainability_score = max(0, maintainability_score - penalty)
+
+        if self.project_type == "generic" or not qgis_checks:
+            return {
+                "code_score": round(module_score, 1),
+                "maint_score": round(maintainability_score, 1),
+                "qgis_score": 0.0,
+                "security_score": round(security_score, 1),
+            }
+
+        qgis_score = self._get_qgis_score(
+            qgis_checks["compliance"],
+            qgis_checks["structure"],
+            qgis_checks["metadata"],
+            semantic["missing_resources"],
+            qgis_checks["binaries"],
+            qgis_checks["package_size"],
+            security_penalty,
+        )
+
+        return {
+            "code_score": round(module_score, 1),
+            "maint_score": round(maintainability_score, 1),
+            "qgis_score": round(qgis_score, 1),
+            "security_score": round(security_score, 1),
+        }
+
+    def _get_mi_score(self, modules_data: List[ModuleAnalysisResult]) -> float:
+        """Calculates module stability based on Maintainability Index (MI)."""
         mi_scores = []
         for m in modules_data:
             cc = m.get("complexity", 1)
             sloc = max(1, m.get("lines", 1))
+            # Formula: MI = (171 - 0.23 * CC - 16.2 * ln(SLOC)) * 100 / 171
             mi = (171 - 0.23 * cc - 16.2 * math.log(sloc)) * 100 / 171
             mi_scores.append(max(0, mi))
+        return sum(mi_scores) / len(mi_scores) if mi_scores else 0.0
 
-        module_score = sum(mi_scores) / len(mi_scores) if mi_scores else 0.0
-
-        # 2. Maintainability based on Function Complexity
+    def _get_maint_score(
+        self,
+        modules_data: List[ModuleAnalysisResult],
+        ruff_findings: List[Dict[str, Any]],
+    ) -> float:
+        """Calculates maintainability based on function complexity and linting penalties."""
+        # 1. Function Complexity Score
         all_func_comp = []
         for m in modules_data:
             for f in m.get("functions", []):
                 all_func_comp.append(f["complexity"])
 
         avg_func_comp = sum(all_func_comp) / len(all_func_comp) if all_func_comp else 1.0
-        # Function complexity score: 100 is perfect, -5 per point over 10
         func_score = max(0, 100 - (max(0, avg_func_comp - 10) * 5))
 
-        # 3. Lint Scoring (Pylint style)
-        # 10 - ((5*E + W + R + C) / statements) * 10
+        # 2. Lint Scoring (Pylint style)
         total_lines = sum(m.get("lines", 0) for m in modules_data)
-        errors = 0
-        others = 0
-        for find in ruff_findings:
-            code = find.get("code", "")
-            if code.startswith(("E", "F")):
-                errors += 1
-            else:
-                others += 1
+        errors = sum(1 for f in ruff_findings if f.get("code", "").startswith(("E", "F")))
+        others = len(ruff_findings) - errors
 
         lint_penalty = ((5 * errors + others) / max(1, total_lines / 10)) * 10
         lint_score = max(0, 100 - lint_penalty)
 
-        # Composite Maintainability Score
-        maintainability_score = (func_score * 0.7) + (lint_score * 0.3)
+        return float((func_score * 0.7) + (lint_score * 0.3))
 
-        # 4. Research-based Bonuses & Modernization
-        total_public_items = 0
-        has_docstring_count = 0
+    def _get_modernization_bonus(self, modules_data: List[ModuleAnalysisResult]) -> float:
+        """Calculates modernization bonuses based on type hints and documentation styles."""
         total_functions = 0
         total_params = 0
         annotated_params = 0
@@ -532,55 +772,61 @@ class ProjectAnalyzer:
 
         for m in modules_data:
             metrics = m.get("research_metrics", {})
-            d_stats = metrics.get("docstring_stats", {})
-            total_public_items += d_stats.get("total_public_items", 0)
-            has_docstring_count += d_stats.get("has_docstring", 0)
-
             t_stats = metrics.get("type_hint_stats", {})
             total_functions += t_stats.get("total_functions", 0)
             total_params += t_stats.get("total_parameters", 0)
             annotated_params += t_stats.get("annotated_parameters", 0)
             has_return_hint += t_stats.get("has_return_hint", 0)
-
             detected_styles.update(metrics.get("docstring_styles", []))
 
-        # Bonuses
-        modernization_bonus = 0.0
-        # Type Hint Bonus: > 80% coverage on params and returns
+        bonus = 0.0
         if total_params > 0 or total_functions > 0:
             param_cov = annotated_params / max(1, total_params)
             ret_cov = has_return_hint / max(1, total_functions)
             if param_cov >= 0.8 and ret_cov >= 0.8:
-                modernization_bonus += 5.0
+                bonus += 5.0
 
-        # Docstring Style Bonus: Standardized formats (Google/NumPy)
         if detected_styles:
-            modernization_bonus += 2.0
-
-        maintainability_score = min(100.0, maintainability_score + modernization_bonus)
-
-        # Global penalties
-        penalty = len(cycles) * 10
-        module_score = max(0, module_score - penalty)
-        maintainability_score = max(0, maintainability_score - penalty)
+            bonus += 2.0
+        return bonus
 
-        if self.project_type == "generic":
-            return round(module_score, 1), round(maintainability_score, 1), 0.0
-
-        # ... (qgis_score logic remains same) ...
-        qgis_score = 100.0
-        qgis_score -= compliance.get("issues_count", 0) * 2
+    def _get_qgis_score(
+        self,
+        compliance: Dict[str, Any],
+        structure: Dict[str, Any],
+        metadata: Dict[str, Any],
+        missing_resources: List[str],
+        binaries: List[str],
+        package_size: float,
+        security_penalty: float = 0.0,
+    ) -> float:
+        """Calculates QGIS-specific compliance score."""
+        score = 100.0
+        score -= compliance.get("issues_count", 0) * 2
         if not structure.get("is_valid", True):
-            qgis_score -= 20
+            score -= 20
         if not metadata.get("is_valid", True):
-            qgis_score -= 10
-        qgis_score -= len(missing_resources) * 5
-        qgis_score -= len(binaries) * 50
+            score -= 10
+        score -= len(missing_resources) * 5
+        score -= len(binaries) * 50
         if package_size > 20:
-            qgis_score -= 10
+            score -= 10
 
-        return (
-            round(module_score, 1),
-            round(maintainability_score, 1),
-            round(max(0, qgis_score), 1),
-        )
+        # Security penalty
+        score -= security_penalty
+
+        return float(max(0, score))
+
+    def _get_security_penalty(self, modules_data: List[ModuleAnalysisResult]) -> float:
+        """Calculates total penalty for security vulnerabilities."""
+        penalty = 0.0
+        for m in modules_data:
+            for issue in m.get("security_issues", []):
+                sev = issue.get("severity", "medium").lower()
+                if sev == "high":
+                    penalty += 10.0
+                elif sev == "medium":
+                    penalty += 5.0
+                else:
+                    penalty += 2.0
+        return penalty