Gauge your codebase quality from a geometric mean of evidence-based metrics.
$ pipx install mfcqi
Working in Java or Kotlin? Meet the JVM edition ↗
The score is a geometric mean — a normalized product of independent metrics.
Estimates a quantity as a product of independent factors. If any single factor is near zero, the whole product collapses toward zero.
A geometric mean is a normalized product of the quality metrics. One weak metric pulls the whole score down — so it is non-compensatory.
Just as the Drake equation reaches its estimate by multiplying independent terms — where a single small factor dominates the outcome — MFCQI multiplies its quality metrics. A codebase can't trade a failing dimension for strong ones; every factor has to hold up.
One number in [0, 1] for overall quality — track it in CI, gate on it, badge it.
The geometric mean means a weak metric isn't offset by strong ones.
Install in one command with pipx, uv, or pip. The reference implementation of MFCQI.
Bring your own key (BYOK) for recommendations — Anthropic, OpenAI, or a local Ollama model. Scoring itself needs no key.
Wraps trusted analyzers — Bandit, Pylint, Radon, pip-audit, and detect-secrets — behind one score.
Configurable thresholds via YAML; a non-zero exit code on failure.
JSON and SARIF output, plus shields.io badges for your README.
Bandit SAST, pip-audit dependency CVEs, secret scanning, and code-smell density — in the score.
Core metrics apply everywhere; object-oriented metrics are added only when the code is object-oriented, so procedural Python isn't penalized for lacking classes.