feat: finalize CodeLens. production suite (Docker, CI/CD, Documentation)

- Complete 100% professional rebrand to 'CodeLens.' across all assets
- Implement multi-stage, non-root Docker builds for production security
- Establish 5-job unified GitHub Actions pipeline (Lint, Test, Validate, Docker, GHCR)
- Rewrite README.md into a professional 12-section technical manual
- Create CONTRIBUTING.md, CHANGELOG.md (v1.0 to v2.0), and MIT LICENSE
- Standardize all configuration templates (.env.example, .dockerignore)
- Add PyYAML dependency and verify with 155/155 passing tests

Author: ArshVermaGit

.DS_Store

@@ -0,0 +1,64 @@
+# Python Artifacts
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+*.egg-info/
+dist/
+build/
+*.egg
+MANIFEST
+
+# Node.js / Dashboard (Exclude sources, only keep builds)
+node_modules/
+dashboard/node_modules/
+dashboard/src/
+dashboard/public/
+dashboard/tests/
+dashboard/*.json
+dashboard/*.config.js
+dashboard/*.config.ts
+
+# Virtual Environment
+venv/
+.venv/
+env/
+
+# Testing & Coverage
+tests/
+.pytest_cache/
+coverage.xml
+.coverage
+htmlcov/
+pytest.ini
+
+# Git
+.git/
+.gitignore
+
+# Environment & Private Files
+.env
+.env.*
+*.env.local
+.history/
+Roadmap.html
+
+# Data Persistence (Ensures no local DB leaks into image)
+data/
+codelens.db
+*.sqlite3
+
+# OS Specific
+.DS_Store
+.DS_Store?
+**/._*
+**/.DS_Store
+Thumbs.db
+ehthumbs.db
+
+# IDEs
+.vscode/
+.idea/
+*.swp
+*.swo

.dockerignore

@@ -1,17 +1,25 @@
-# AgentOrg CodeReview — Environment Variables
+# CodeLens. — Configuration Template
 # Copy this file to .env and fill in your values.
 
-# API Configuration
+# API Profile
 APP_HOST=0.0.0.0
 APP_PORT=7860
 APP_ENV=development          # development | production
+APP_PORT=7860
+
+# Security (X-API-Key header)
+API_KEY=changeme             
+API_KEY_ENABLED=false
+
+# Persistence & State
+DATABASE_URL=sqlite+aiosqlite:///./data/codelens.db
+EPISODE_TTL=3600             # Auto-cleanup time in seconds (1hr)
 
-# Security
-API_KEY=changeme             # Required in production; sent as X-API-Key header
-API_KEY_ENABLED=false        # Set to true in production
+# Rate Limiting (Requests per minute)
+RATE_LIMIT_DEFAULT=60
 
 # Leaderboard
-LEADERBOARD_MAX_ENTRIES=10   # Top-N entries to keep per task
+LEADERBOARD_LIMIT=10         # Default entries per task page
 
 # Logging
 LOG_LEVEL=INFO               # DEBUG | INFO | WARNING | ERROR

.env.example

@@ -0,0 +1,122 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, develop, "feat/**", "fix/**", "test/**", "docs/**" ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  # ── Job 1: Lint ────────────────────────────────────────────────
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: pip
+      - run: pip install pylint
+      - run: pylint --fail-under=7 $(git ls-files '*.py') || true
+        # Soft fail: warn but don't block on lint score
+
+  # ── Job 2: Test ────────────────────────────────────────────────
+  test:
+    name: Test (Python ${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11"]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: pip
+      - name: Install dependencies
+        run: pip install -r requirements.txt pytest pytest-cov
+      - name: Run tests with coverage
+        run: |
+          PYTHONPATH=. python -m pytest tests/ -v \
+            --cov=codelens_env \
+            --cov=app \
+            --cov-report=xml \
+            --cov-report=term-missing \
+            --tb=short
+        env:
+          APP_ENV: test
+      - name: Upload coverage report
+        uses: codecov/codecov-action@v4
+        if: matrix.python-version == '3.11'
+        with:
+          file: ./coverage.xml
+          fail_ci_if_error: false
+
+  # ── Job 3: Validate environment ────────────────────────────────
+  validate:
+    name: Validate All Scenarios
+    runs-on: ubuntu-latest
+    needs: test
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: pip
+      - run: pip install -r requirements.txt
+      - name: Validate all scenarios reachable
+        run: PYTHONPATH=. python scripts/validate.py
+
+  # ── Job 4: Docker build ────────────────────────────────────────
+  docker-build:
+    name: Docker Build
+    runs-on: ubuntu-latest
+    needs: test
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - name: Build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          target: production
+          push: false
+          tags: codelens-env:ci-${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - name: Test container health
+        run: |
+          docker run -d --name test-container -p 7860:7860 codelens-env:ci-${{ github.sha }}
+          sleep 10
+          curl -f http://localhost:7860/health
+          docker stop test-container
+
+  # ── Job 5: Publish (on main push only) ────────────────────────
+  publish:
+    name: Publish to GHCR
+    runs-on: ubuntu-latest
+    needs: [test, docker-build]
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          target: production
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository }}:latest
+            ghcr.io/${{ github.repository }}:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/ci.yml

@@ -0,0 +1,58 @@
+# Changelog
+
+All notable changes to this project are documented here.
+Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
+
+## [2.0.0] - 2026-04-05
+
+### Added
+- **Models**: Complete Pydantic v2 models (`TaskId`, `Action`, `Scenario`, `EpisodeResult`, etc.)
+- **Scenarios**: 30 synthetic PR scenarios (10 per task) with realistic Python diffs
+- **Env**: Full episode state machine with noise budget, reward calculation, and history tracking
+- **Graders**: 
+  - `bug_grader.py`: Coverage + precision + severity-weighted scoring
+  - `security_grader.py`: Severity-accuracy-weighted scoring (CRITICAL misclassification penalized)
+  - `arch_grader.py`: Binary issue detection + verdict scoring + detail quality bonus
+- **Config**: Pydantic-settings config with all options documented in `.env.example`
+- **Database**: SQLModel persistence (`EpisodeRecord`, `LeaderboardRecord`, helpers)
+- **API Endpoints**:
+  - `GET /stats`: Aggregate metrics across all recorded episodes
+  - `GET /episodes/{id}/replay`: Full action-by-action replay for completed episodes
+  - `GET /episodes`: List active episodes with metadata
+  - `GET /dashboard`: Web dashboard (dark theme, live leaderboard, WebSocket event feed, stats cards)
+- **Security**:
+  - Rate limiting via `slowapi`: 60 req/min per IP (configurable)
+  - API key authentication: optional, off by default, enabled via `API_KEY_ENABLED=true`
+- **Episode Lifecycle**: Auto-cleanup of expired episodes every 5 minutes (default 1hr)
+- **Leaderboard**: Paginated `/leaderboard?limit=N&offset=M&task_id=X`
+- **Baseline Agent**: Full rewrite with argparse CLI, `KeywordAgent` (35 rules), `LLMAgent` (Claude)
+- **Evaluation**: `scripts/evaluate.py` for batch evaluation of all 30 scenarios with summary report and progress bars
+- **Database Utility**: `scripts/migrate.py` for database init/reset commands
+- **Testing**: 
+  - `tests/conftest.py`: Shared fixtures with in-memory DB override
+  - `tests/test_scenarios.py`: 30 parametrized scenario validation tests
+  - `tests/test_database.py`: Persistence layer unit tests
+- **Dockerization**: Multi-stage `builder` + `production` builds with non-root user security
+- **CI/CD**: Unified 5-job pipeline (`lint`, `test`, `validate`, `docker-build`, `publish` to GHCR)
+- **Branding**: Full rebrand to **CodeLens.**, including signature typography and SVG iconography
+
+### Fixed
+- **CLI**: Port mismatch in `baseline.py` (8000 → 7860) and added `--url`, `--task`, `--seed` CLI flags
+- **Crash Fixes**: Leaderboard submit crash after list slicing (captured rank before slice)
+- **WebSocket**: Disconnect now handled with typed `WebSocketDisconnect` and `clients.discard()`
+- **Metadata**: Incoherent weight structure in `codelens.yaml` replaced with named, accurate pairs
+
+### Changed
+- **Response Format**: `/leaderboard` response format: each task now `{"entries": [...], "total": N}` (was bare list)
+- **Startup**: `app.py` startup initializes DB and logs confirmation message
+
+## [1.0.0] - Original Fork Baseline
+
+### Added
+- FastAPI skeleton with /reset, /step, /result, /leaderboard, /submit endpoints
+- In-memory episode storage
+- WebSocket event broadcasting at /ws/events
+- Basic Dockerfile
+- Pylint-only GitHub Actions workflow
+- codelens.yaml placeholder
+- README with roadmap