Omen
<img src="assets/omen-logo.jpg" alt="Omen - Code Analysis CLI" width="100%">
Your AI writes code without knowing where the landmines are.
Omen gives AI assistants the context they need: complexity hotspots, hidden dependencies, defect-prone files, and self-admitted debt. One command surfaces what's invisible.
Why "Omen"? An omen is a sign of things to come - good or bad. Your codebase is full of omens: low complexity and clean architecture signal smooth sailing ahead, while high churn, technical debt, and code clones warn of trouble brewing. Omen surfaces these signals so you can act before that "temporary fix" celebrates its third anniversary in production.
</div>Features
<details> <summary><strong>Complexity Analysis</strong> - How hard your code is to understand and test</summary>There are two types of complexity:
-
Cyclomatic Complexity counts the number of different paths through your code. Every
if,for,while, orswitchcreates a new path. A function with cyclomatic complexity of 10 means there are 10 different ways to run through it. The higher the number, the more test cases you need to cover all scenarios. -
Cognitive Complexity measures how hard code is for a human to read. It penalizes deeply nested code (like an
ifinside aforinside anotherif) more than flat code. Two functions can have the same cyclomatic complexity, but the one with deeper nesting will have higher cognitive complexity because it's harder to keep track of.
Why it matters: Research shows that complex code has more bugs and takes longer to fix. McCabe's original 1976 paper found that functions with complexity over 10 are significantly harder to maintain. SonarSource's cognitive complexity builds on this by measuring what actually confuses developers.
</details> <details> <summary><strong>Self-Admitted Technical Debt (SATD)</strong> - Comments where developers admit they took shortcuts</summary>[!TIP] Keep cyclomatic complexity under 10 and cognitive complexity under 15 per function.
When developers write TODO: fix this later or HACK: this is terrible but works, they're creating technical debt and admitting it. Omen finds these comments and groups them by type:
| Category | Markers | What it means |
|---|---|---|
| Design | HACK, KLUDGE, SMELL | Architecture shortcuts that need rethinking |
| Defect | BUG, FIXME, BROKEN | Known bugs that haven't been fixed |
| Requirement | TODO, FEAT | Missing features or incomplete implementations |
| Test | FAILING, SKIP, DISABLED | Tests that are broken or turned off |
| Performance | SLOW, OPTIMIZE, PERF | Code that works but needs to be faster |
| Security | SECURITY, VULN, UNSAFE | Known security issues |
Why it matters: Potdar and Shihab's 2014 study found that SATD comments often stay in codebases for years. The longer they stay, the harder they are to fix because people forget the context. Maldonado and Shihab (2015) showed that design debt is the most common and most dangerous type.
</details> <details> <summary><strong>Dead Code Detection</strong> - Code that exists but never runs</summary>[!TIP] Review SATD weekly. If a TODO is older than 6 months, either fix it or delete it.
Dead code includes:
- Functions that are never called
- Variables that are assigned but never used
- Classes that are never instantiated
- Code after a
returnstatement that can never execute
Why it matters: Dead code isn't just clutter. It confuses new developers who think it must be important. It increases build times and binary sizes. Worst of all, it can hide bugs - if someone "fixes" dead code thinking it runs, they've wasted time. Romano et al. (2020) found that dead code is a strong predictor of other code quality problems.
</details>[!TIP] Delete dead code. Version control means you can always get it back if needed.