Code Report

Code Report

This is an early beta of our innovation scoring engine. There are plenty of kinks to work out. This number represents an early approximation that will likely go up.
0.90
Codebase Health Score
Est. >95th percentile
among TypeScript codebases
0 0.25 0.50 0.75 1.0 0.90
How well-built is this codebase? How sustainable is it to build on?
Score Composition
Maintainability: 89/100 (weight: 9%) Testability: 96/100 (weight: 7%) Test Coverage: 94/100 (weight: 12%) Debuggability: 95/100 (weight: 7%) Adaptability: 91/100 (weight: 7%) Simplicity: 85/100 (weight: 6%) Coupling: 90/100 (weight: 5%) Program-to-Contract: 91/100 (weight: 4%) S — Single Responsibility: 86/100 (weight: 6%) Security: 88/100 (weight: 10%) Cyclomatic Complexity: 71/100 (weight: 4%) Error Handling: 90/100 (weight: 5%) Resilience: 87/100 (weight: 5%) Documentation: 98/100 (weight: 3%) Hidden Coupling: 90/100 (weight: 5%) Brittleness: 90/100 (weight: 3%) Code Hygiene: 80/100 (weight: 2%) 0.90 overall
Maintainability
Testability
Test Coverage
Debuggability
Adaptability
Simplicity
Coupling
Program-to-Contract
S — Single Responsibility
Security
Cyclomatic Complexity
Error Handling
Resilience
Documentation
Hidden Coupling
Brittleness
Code Hygiene
Language Breakdown
JSON: 682,847 lines (44.7%) Markdown: 389,165 lines (25.5%) TypeScript: 228,213 lines (14.9%) CSS: 102,290 lines (6.7%) EJS/HTML: 53,028 lines (3.5%) YAML: 21,416 lines (1.4%) Ruby (ERB): 18,111 lines (1.2%) JavaScript: 9,200 lines (0.6%) SQL: 5,902 lines (0.4%) Ruby: 4,830 lines (0.3%) Other: 12,743 lines (0.8%) 1528K lines
JSON 44.7%
Markdown 25.5%
TypeScript 14.9%
CSS 6.7%
EJS/HTML 3.5%
YAML 1.4%
Ruby (ERB) 1.2%
JavaScript 0.6%
SQL 0.4%
Ruby 0.3%
Other 0.8%
v0.0.107 · scoring engine 0.27.45 · Based on 230 facts, 50 scores across 185 runs · Report generated Mar 20, 2026 at 10:34 AM EDT

SOLID Principles

S — Single Responsibility
0.86
Measures how focused each contract is: average methods per interface, constructor dependencies, and lines per implementation.
ComponentValueScoreWeight
Avg methods/interface 4.2 methods 0.85 50%
≤3 → 0.99 · ≤5 → 0.85 · ≤7 → 0.70 · ≤10 → 0.55 · ≤15 → 0.40 · >15 → 0.25 (lower is better)
Outliers:
RaftStateService (18 methods) — raft/RaftStateService.ts
ProviderConnectionRepository (15 methods) — connector/ProviderConnectionRepository.ts
SpendingRepository (15 methods) — spending/SpendingRepository.ts
TaskRepository (15 methods) — task/TaskRepository.ts
GatheringService (14 methods) — gathering/GatheringService.ts
Exemplars:
OcmlExportService (1 methods) — whiteboard/OcmlExportService.ts
WhatsNextService (1 methods) — whatsnext/WhatsNextService.ts
VaultItemLookupRepository (1 methods) — vault/VaultItemLookupRepository.ts
Avg method size (logic only) 14.7 lines 0.80 30%
≤8 → 0.99 · ≤12 → 0.90 · ≤18 → 0.80 · ≤25 → 0.65 · ≤35 → 0.50 · >35 → 0.35 (lower is better)
Avg lines/impl 212 lines 0.95 20%
≤200 → 0.99 · ≤300 → 0.95 · ≤400 → 0.85 · ≤500 → 0.75 · ≤700 → 0.55 · >700 → 0.35 (lower is better)
O — Open/Closed
0.91
Checks that impls wire to interfaces and consumer code avoids instanceof/switch. Extending behavior should not require editing existing files.
ComponentValueScoreWeight
Fully swappable impls 295 /332 0.89 70%
0–100% scale (higher is better)
Impls with interface 321 /332 0.97 30%
0–100% scale (higher is better)
Impls with leaked consumer imports 26 count (info)
L — Liskov Substitution
0.81
Flags instanceof on concrete types, downcasts to Impl classes, and consumer files that import implementations directly.
ComponentValueScoreWeight
instanceof on concrete types 0 violations 0.99 40%
≤0 → 0.99 · ≤2 → 0.80 · ≤5 → 0.60 · ≤10 → 0.40 · >10 → 0.20 (lower is better)
Concrete downcasts (as Impl) 1 violations 0.75 30%
≤0 → 0.99 · ≤2 → 0.75 · ≤5 → 0.50 · >5 → 0.25 (lower is better)
Consumer Impl imports 5 files 0.60 30%
≤0 → 0.99 · ≤3 → 0.80 · ≤8 → 0.60 · ≤15 → 0.40 · >15 → 0.20 (lower is better)
I — Interface Segregation
0.88
Scores how lean interfaces are (median method count) and how much of each interface consumers actually use (consumer utilization via ts-morph).
ComponentValueScoreWeight
Avg methods/interface 4.2 methods 0.99 70%
bell curve μ=4.5 σ=4.6 (empirical, utilization-weighted)
Outliers:
RaftStateService (18 methods) — raft/RaftStateService.ts
ProviderConnectionRepository (15 methods) — connector/ProviderConnectionRepository.ts
SpendingRepository (15 methods) — spending/SpendingRepository.ts
TaskRepository (15 methods) — task/TaskRepository.ts
GatheringService (14 methods) — gathering/GatheringService.ts
Exemplars:
OcmlExportService (1 methods) — whiteboard/OcmlExportService.ts
WhatsNextService (1 methods) — whatsnext/WhatsNextService.ts
VaultItemLookupRepository (1 methods) — vault/VaultItemLookupRepository.ts
Consumer utilization 65.2 % 0.60 30%
≥90 → 0.99 · ≥80 → 0.90 · ≥70 → 0.75 · ≥60 → 0.60 · <60 → 0.45 (higher is better)
Offenders:
CalendarSyncServiceImpl.ts uses 10% of GoogleCalendarConnectionService
TaskController.ts uses 10% of DiscussionReplyRepository
AlbumController.ts uses 10% of DiscussionReplyRepository
ThingController.ts uses 10% of ResourceTagService
PostgresAutoStartServiceImpl.ts uses 10% of PostgresConfigurationService
Exemplars:
AbilityServiceImpl.ts uses 100% of AbilityService
AchBatchRepositoryImpl.ts uses 100% of AchBatchRepository
AchFileGenerationServiceImpl.ts uses 100% of AchFileGenerationService
Median methods/interface 4 methods (info)
Max methods (outlier) 18 methods (info)
D — Dependency Inversion
0.84
Ratio of interface imports to concrete imports across the codebase. 100% interface imports = perfect score.
ComponentValueScoreWeight
Interface imports 1799 count 0.84 100%
0–100% scale (higher is better)
Concrete imports 345 count (info)

Architecture

Cohesion
0.99
Measures how well files within a module relate to each other via shared naming and import patterns.
ComponentValueScoreWeight
No service locator 100 % 0.99 50%
0–100% scale (higher is better)
No direct DB access 99.3 % 0.99 50%
0–100% scale (higher is better)
Service locator violations 0 files (info)
Direct DB access violations 2 files (info)
Loosely Coupled
0.90
Evaluates inter-module coupling by counting cross-module imports and fan-out per file.
ComponentValueScoreWeight
Concrete cross-module imports 2 violations 0.90 100%
0–100% scale (lower is better)
Interface cross-module imports 610 count (composition)
Avg cross-module deps 6.1 modules (info)
Modularity
0.95
Scores module count, average files per module, and whether modules are evenly sized.
ComponentValueScoreWeight
Module count 159 modules 0.90 50%
≤5 → 0.99 · ≤8 → 0.90 · ≤12 → 0.75 · ≤16 → 0.60 · ≤20 → 0.45 · >20 → 0.30 (lower is better)
Cross-module interface discipline 100 % 0.99 50%
≥95 → 0.99 · ≥90 → 0.90 · ≥80 → 0.75 · ≥70 → 0.60 · ≥50 → 0.45 · <50 → 0.30 (higher is better)
Avg files/module 7.9 files (info)
Cross-module concrete violations 0 imports (info)
Program-to-Contract
0.91
Ratio of consumer code importing interfaces vs concrete implementations.
ComponentValueScoreWeight
DI bindings with interface 308 /367 0.84 50%
0–100% scale (higher is better)
Interface imports (excl. DI) 1463 /1489 0.98 50%
0–100% scale (higher is better)
Concrete imports (excl. DI) 26 count (info)
Composition over Inheritance
0.99
Counts class-extends usage. Fewer extends = more composition, higher score.
ComponentValueScoreWeight
`implements` count 459 classes 0.99 100%
0–100% scale (higher is better)
`extends` count (non-Error) 1 classes (info)
Vertical-Agnostic
0.99
Measures what percentage of source files are vertical-agnostic (useful to any startup regardless of business domain) vs domain-specific. Only 9 modules are truly domain-specific; the rest replace SaaS subscriptions.
ComponentValueScoreWeight
Vertical-agnostic files 1163 /1256 files 0.99 60%
≥70 → 0.99 · ≥60 → 0.85 · ≥50 → 0.70 · ≥40 → 0.55 · <40 → 0.40 (higher is better)
Cross-module interfaces 168 /397 0.99 40%
≥30 → 0.99 · ≥20 → 0.85 · ≥15 → 0.70 · ≥10 → 0.55 · <10 → 0.40 (higher is better)
Agnostic ratio 92.6 % (info)
Domain-specific files 93 /1256 files (info)
Future-Proof
0.99
Combines interface coverage, DI usage, and low coupling to estimate how easily the codebase adapts to change.
ComponentValueScoreWeight
Interface coverage 100 % 0.99 30%
≥95 → 0.99 · ≥85 → 0.85 · ≥75 → 0.70 · ≥60 → 0.55 · <60 → 0.40 (higher is better)
DI container depth 3724 lines 0.99 30%
0–100% scale (higher is better)
Multi-tenancy refs 338 files 0.99 20%
≥20 → 0.99 · ≥10 → 0.80 · ≥5 → 0.60 · ≥1 → 0.40 · <1 → 0.20 (higher is better)
Feature flag refs 39 files 0.99 20%
≥15 → 0.99 · ≥10 → 0.85 · ≥5 → 0.70 · ≥2 → 0.55 · <2 → 0.40 (higher is better)

-ilities

Testability
0.96
Source-to-test ratio, modules with zero tests, assertion count, and DI usage all contribute.
ComponentValueScoreWeight
Constructor injection 94.9 % 0.95 25%
0–100% scale (higher is better)
Interface coverage 100 % 0.99 20%
0–100% scale (higher is better)
Test discipline (0 beforeAll) 0 beforeAll 0.99 20%
0–100% scale (lower is better)
State leakage (random order) 0 (3294 pass, 23 fail in random) 0.99 20%
0–100% scale (lower is better)
Test file count 317 /1573 total files 0.80 15%
≥50 → 0.99 · ≥30 → 0.80 · ≥20 → 0.65 · ≥10 → 0.50 · ≥5 → 0.35 · <5 → 0.20 (higher is better)
Test files: 317
Source files: 1256
Understandability
See: Documentation
Maintainability
0.89
Weighted combination of all SOLID and architecture scores — a meta-score for long-term health.
ComponentValueScoreWeight
Naming consistency 58.4 % 0.85 25%
≥60 → 0.99 · ≥50 → 0.85 · ≥40 → 0.70 · ≥30 → 0.55 · <30 → 0.40 (higher is better)
Single Responsibility 86 /100 0.86 25%
0–100% scale (higher is better)
Loosely Coupled 90 /100 0.90 25%
0–100% scale (higher is better)
Co-location 95.2 % 0.95 25%
0–100% scale (higher is better)
Debuggability
0.95
Scores log-method-prefix discipline, fmt() usage, logger adoption across files, and log level distribution.
ComponentValueScoreWeight
Logger presence 406 /419 files 0.97 25%
0–100% scale (higher is better)
Method prefix compliance 99.3 % 0.99 25%
0–100% scale (higher is better)
Outliers:
sysconfig/AreYouSureConfigServiceImpl.ts (0/2 prefixed)
sysconfig/DangerWillRobinsonConfigServiceImpl.ts (0/2 prefixed)
Exemplars:
task/TaskController.ts (111/111 prefixed)
principal/UserRepositoryImpl.ts (73/73 prefixed)
magiclink/MagicLinkRepositoryImpl.ts (70/70 prefixed)
fmt() usage 6513 /5640 stmts 0.99 20%
0–100% scale (higher is better)
Files with log statements 96.9 % 0.97 15%
0–100% scale (higher is better)
console.log discipline 3.5 % (lower is better) 0.75 15%
≤0 → 0.99 · ≤2 → 0.90 · ≤5 → 0.75 · ≤10 → 0.55 · ≤20 → 0.35 · >20 → 0.15 (lower is better)
Simplicity
0.85
Penalizes large files, deep nesting, high complexity functions, and excessive abstraction layers.
ComponentValueScoreWeight
Runtime dependencies 41 packages 0.70 25%
≤25 → 0.99 · ≤35 → 0.85 · ≤50 → 0.70 · ≤65 → 0.55 · >65 → 0.40 (lower is better)
Inheritance usage 1 extends 0.99 25%
≤2 → 0.99 · ≤5 → 0.85 · ≤10 → 0.70 · ≤15 → 0.55 · >15 → 0.40 (lower is better)
Avg file length 132 lines 0.85 25%
≤100 → 0.99 · ≤150 → 0.85 · ≤200 → 0.70 · ≤250 → 0.55 · >250 → 0.40 (lower is better)
Decorator count 3 decorators 0.85 25%
0–100% scale (lower is better)
Modularity(= Modularity)
0.95
Are concerns separated cleanly into well-sized modules? (Same as Architecture: Modularity)
ComponentValueScoreWeight
Module count 159 modules 0.90 50%
≤5 → 0.99 · ≤8 → 0.90 · ≤12 → 0.75 · ≤16 → 0.60 · ≤20 → 0.45 · >20 → 0.30 (lower is better)
Cross-module interface discipline 100 % 0.99 50%
≥95 → 0.99 · ≥90 → 0.90 · ≥80 → 0.75 · ≥70 → 0.60 · ≥50 → 0.45 · <50 → 0.30 (higher is better)
Avg files/module 7.9 files (info)
Cross-module concrete violations 0 imports (info)
Upgradeability
See: Simplicity + Dependency Health
Readability
See: Documentation + Simplicity
Tenability
Not measurable via static analysis
Sustainability
Not measurable via static analysis
Repeatability
See: Testability
Fixability
See: Debuggability + Testability
Pay-it-forward-ility
Not measurable via static analysis
Traceability
See: Debuggability + Greppability
Onboardability
Not measurable via static analysis
Agility
See: Adaptability
Reusability
See: Adaptability + Swappability
Maturity
Not measurable via static analysis
Extensibility(= Future-Proof)
0.99
Can you add features without rewriting? Interface coverage, DI depth, multi-tenancy. (Same as Architecture: Future-Proof)
ComponentValueScoreWeight
Interface coverage 100 % 0.99 30%
≥95 → 0.99 · ≥85 → 0.85 · ≥75 → 0.70 · ≥60 → 0.55 · <60 → 0.40 (higher is better)
DI container depth 3724 lines 0.99 30%
0–100% scale (higher is better)
Multi-tenancy refs 338 files 0.99 20%
≥20 → 0.99 · ≥10 → 0.80 · ≥5 → 0.60 · ≥1 → 0.40 · <1 → 0.20 (higher is better)
Feature flag refs 39 files 0.99 20%
≥15 → 0.99 · ≥10 → 0.85 · ≥5 → 0.70 · ≥2 → 0.55 · <2 → 0.40 (higher is better)
Dev Productivity & Enjoyability
Not measurable via static analysis
Stability(= Resilience (anti-brittleness))
0.87
Does the system behave predictably? Anti-brittleness, test safety net, observability. (Same as Resilience)
ComponentValueScoreWeight
Files under 500 lines 97.2 % 0.99 30%
≥95 → 0.99 · ≥90 → 0.85 · ≥80 → 0.70 · ≥70 → 0.55 · <70 → 0.40 (higher is better)
Outliers:
task/TaskController.ts (1963 lines)
startupcompany/StartupCompanyController.ts (1250 lines)
uptheriver/client/render/RenderServiceImpl.ts (1154 lines)
task/TaskServiceImpl.ts (1001 lines)
ai/HighLevelAiQuestionAskingServiceImpl.ts (993 lines)
Exemplars:
happening/HappeningPublishingServiceImpl.ts (3 lines)
team/GroupUserMembershipServiceImpl.ts (18 lines)
audio/AudioFileNamingServiceImpl.ts (21 lines)
Test safety net 25.2 % 0.80 25%
≥40 → 0.99 · ≥25 → 0.80 · ≥15 → 0.65 · ≥8 → 0.50 · ≥3 → 0.35 · <3 → 0.15 (higher is better)
Observability coverage 80.4 % 0.80 20%
0–100% scale (higher is better)
Fan-in × complexity risk 44 (logging/index.ts: 43.7% × CC=1) 0.99 15%
≤100 → 0.99 · ≤300 → 0.80 · ≤600 → 0.60 · ≤1000 → 0.40 · >1000 → 0.25 (lower is better)
Fan-in × volatility risk 163 (diContainer.ts: 2.0% × 274 touches) 0.60 10%
≤50 → 0.99 · ≤100 → 0.80 · ≤200 → 0.60 · ≤400 → 0.40 · >400 → 0.25 (lower is better)
Severe god objects (>1000 lines) 0 files (−10pts each, max −30)
Max fan-in concentration 43.7 % (logging/index.ts)
Max fan-in (imports of one file) 549 /1256 files
Greppability
0.98
Measures log prefix uniqueness and named-parameter patterns so log lines are easy to find with grep.
ComponentValueScoreWeight
Method prefix (GLPR) 99.3 % 0.99 30%
0–100% scale (higher is better)
Module.Class loggers 400 /419 files 0.95 25%
0–100% scale (higher is better)
Avg static prefix length 45.1 chars 0.99 25%
≥40 → 0.99 · ≥25 → 0.85 · ≥15 → 0.70 · ≥8 → 0.50 · <8 → 0.30 (higher is better)
No abbreviations 100 % 0.99 20%
0–100% scale (higher is better)
Adaptability
0.91
Combines interface coverage, low coupling, and composition patterns to score ease of modification.
ComponentValueScoreWeight
Interface coverage 100 % 0.99 40%
0–100% scale (higher is better)
Multi-impl interfaces 5 count 0.70 30%
≥15 → 0.99 · ≥10 → 0.85 · ≥5 → 0.70 · ≥3 → 0.55 · ≥1 → 0.40 · <1 → 0.25 (higher is better)
DI coverage (est.) 100 % 0.99 30%
0–100% scale (higher is better)
Swappability (info)
0.81
How easily implementations can be swapped: DI wiring, interface adherence, and concrete import avoidance.
ComponentValueScoreWeight
Swap isolation (no leaked Impl imports) 92.2 % (26 leaked) 0.85 50%
≥95 → 0.99 · ≥90 → 0.85 · ≥80 → 0.70 · ≥70 → 0.55 · <70 → 0.40 (higher is better)
Proven swaps (multi-impl interfaces) 5 interfaces 0.70 25%
≥15 → 0.99 · ≥10 → 0.85 · ≥5 → 0.70 · ≥3 → 0.55 · ≥1 → 0.40 · <1 → 0.25 (higher is better)
Constructor injection 94.9 % 0.85 25%
≥95 → 0.99 · ≥85 → 0.85 · ≥75 → 0.70 · ≥60 → 0.55 · <60 → 0.40 (higher is better)
Documentation & Knowledge (journal mode)
0.98
The Tests ARE the Documentation (behavioral spec). The README IS the Documentation (quickstart, size). The CHANGELOG IS the Documentation (release history, freshness, version match). Plus: PHILOSOPHY.md, TECHNICAL_GUIDE.md, JSDoc on interfaces, conversation-starter docs.
ComponentValueScoreWeight
Conversation-starter docs 454 files 0.99 30%
≥100 → 0.99 · ≥50 → 0.90 · ≥30 → 0.75 · ≥15 → 0.55 · ≥5 → 0.35 · <5 → 0.15 (higher is better)
The tests are the documentation 3629 lines (7d old) 0.92 20%
≥3000 → 0.99 · ≥1500 → 0.85 · ≥500 → 0.65 · ≥100 → 0.40 · <100 → 0.00 (higher is better)
PHILOSOPHY.md 1216 lines 0.99 12%
≥1000 → 0.99 · ≥500 → 0.80 · ≥200 → 0.60 · ≥50 → 0.40 · <50 → 0.20 (higher is better)
JSDoc on interfaces 99.6 % 0.99 10%
0–100% scale (higher is better)
The readme is the documentation 316 lines (has quickstart) 0.96 10%
0–100% scale (higher is better)
The CHANGELOG is the documentation 2279 lines (45 releases, 0d old, matches VERSION) 0.99 10%
0–100% scale (higher is better)
TECHNICAL_GUIDE.md 785 lines 0.99 8%
≥500 → 0.99 · ≥300 → 0.80 · ≥150 → 0.60 · ≥50 → 0.40 · <50 → 0.20 (higher is better)

Quality

Security
0.88
Checks for parameterized queries, hardcoded secrets, dangerous eval usage, and XSS risk patterns.
ComponentValueScoreWeight
Parameterized query ratio 96 % 0.80 40%
≥99 → 0.99 · ≥95 → 0.80 · ≥90 → 0.60 · <90 → 0.30 (higher is better)
Hardcoded secrets 0 count 0.99 25%
≤0 → 0.99 · ≤1 → 0.50 · >1 → 0.20 (lower is better)
XSS risks 1 count 0.80 20%
0–100% scale (lower is better)
Dangerous evals 0 count 0.99 15%
≤0 → 0.99 · >0 → 0.40 (lower is better)
Error Handling
0.90
Scores empty catch avoidance, log-before-throw discipline, and catch-and-ignore patterns.
ComponentValueScoreWeight
Empty catch blocks 51 /1087 0.80 50%
≤0 → 0.99 · ≤5 → 0.80 · ≤10 → 0.60 · ≤20 → 0.40 · >20 → 0.20 (lower is better)
Outliers:
documentstore/MongoDocumentStoreServiceImpl.ts (12 empty catches)
documentstore/DynamoDocumentStoreServiceImpl.ts (9 empty catches)
postgres/PostgresClientManagerImpl.ts (4 empty catches)
pixel/PixelTrackController.ts (3 empty catches)
AppRunner.ts (2 empty catches)
Log-before-throw 460 /460 0.99 50%
≥80 → 0.99 · ≥60 → 0.80 · ≥40 → 0.60 · ≥20 → 0.40 · <20 → 0.25 (higher is better)
Catch-and-ignore 7 blocks (info)
Cyclomatic Complexity
0.71
Based on average cyclomatic complexity, max complexity, and count of functions over 10 or 20 complexity.
ComponentValueScoreWeight
Avg complexity 3.6 per function 0.99 40%
≤5 → 0.99 · ≤8 → 0.80 · ≤12 → 0.60 · ≤16 → 0.40 · >16 → 0.25 (lower is better)
Outliers:
cli/llmTodo.ts (max complexity 41)
pixel/PixelTrackController.ts (max complexity 39)
whiteboard/ExcalidrawConversionServiceImpl.ts (max complexity 39)
startupcompany/StartupCompanyController.ts (max complexity 38)
AppRunner.ts (max complexity 36)
Exemplars:
ach/AchReturnRepositoryImpl.ts (avg complexity 1)
ai/AiConnectivityAuditServiceNoopImpl.ts (avg complexity 1)
ai/AiResponseLedgerRepositoryNoopImpl.ts (avg complexity 1)
Functions over 20 0.9 % 0.60 35%
≤0.25 → 0.99 · ≤0.5 → 0.80 · ≤1 → 0.60 · ≤2 → 0.40 · >2 → 0.20 (lower is better)
Offenders:
cli/llmTodo.ts (complexity 41)
pixel/PixelTrackController.ts (complexity 39)
whiteboard/ExcalidrawConversionServiceImpl.ts (complexity 39)
startupcompany/StartupCompanyController.ts (complexity 38)
AppRunner.ts (complexity 36)
Max complexity 41 max 0.40 25%
≤15 → 0.99 · ≤25 → 0.80 · ≤40 → 0.60 · ≤60 → 0.40 · >60 → 0.20 (lower is better)
Offenders:
cli/llmTodo.ts (complexity 41)
pixel/PixelTrackController.ts (complexity 39)
whiteboard/ExcalidrawConversionServiceImpl.ts (complexity 39)
Functions over 10 225 functions (info)
Total functions 3981 functions (info)
Test Coverage
0.94
Source-to-test ratio, assertion density, modules with zero tests, and E2E test presence.
ComponentValueScoreWeight
Source-to-test ratio 25.2 % 0.99 50%
≥22 → 0.99 · ≥15 → 0.90 · ≥10 → 0.75 · ≥6 → 0.55 · ≥3 → 0.35 · <3 → 0.15 (higher is better)
Modules with zero tests 3 % (4/159) 0.99 40%
≤15 → 0.99 · ≤25 → 0.85 · ≤40 → 0.65 · ≤60 → 0.40 · >60 → 0.20 (lower is better)
Outliers:
emailsuppression/
genome/
outreach/
sse/
Exemplars:
addon/ (100% test ratio)
bandpass/ (100% test ratio)
clientsync/ (100% test ratio)
E2E test count 1 tests 0.35 10%
≥10 → 0.99 · ≥5 → 0.75 · ≥3 → 0.55 · ≥1 → 0.35 · <1 → 0.10 (higher is better)
Brittleness (Change Propagation Risk)
0.90
Composite of coupling, ISP, test coverage, hidden coupling, Liskov, and adaptability — how likely a change in one place breaks something elsewhere.
ComponentValueScoreWeight
Coupling (low = changes stay local) 90 /100 0.90 25%
Interface Segregation (slim = less blast radius) 88 /100 0.88 20%
Test Coverage (safety net for changes) 94 /100 0.94 20%
Hidden Coupling (surprises when changing) 90 /100 0.90 15%
Liskov Substitution (swap without breaking) 81 /100 0.81 10%
Adaptability (interface adoption maturity) 91 /100 0.91 10%
Code Hygiene
0.80
Flags functions over 50/100 lines and any-typed parameters — cosmetic code health, not structural fragility.
ComponentValueScoreWeight
God functions (>100 lines) 1.2 % 0.80 50%
≤1 → 0.99 · ≤2 → 0.80 · ≤4 → 0.60 · ≤8 → 0.40 · >8 → 0.20 (lower is better)
Outliers:
codereport/CodebaseReportFormattingServiceImpl.ts (323 lines)
spending/JewelReceiptParser.ts (216 lines)
cli/chatbot.ts (184 lines)
observation/ObservationExecutionServiceImpl.ts (167 lines)
task/TaskController.ts (166 lines)
Structural any-typed 2.3 % 0.80 50%
≤2 → 0.99 · ≤4 → 0.80 · ≤8 → 0.60 · ≤16 → 0.40 · >16 → 0.25 (lower is better)
Boundary any-typed (no penalty) 117 occurrences (info)
Functions >50 lines 330 functions (info)
Hidden Coupling
0.90
Counts type-hub files with high fan-out, hardcoded column names, and type escape hatches.
ComponentValueScoreWeight
Schema string coupling 0 column refs outside repos 0.99 50%
≤0 → 0.99 · ≤10 → 0.80 · ≤30 → 0.60 · ≤60 → 0.40 · >60 → 0.25 (lower is better)
Type escape hatches/1K lines 2.7 per 1K (total: 445) 0.80 50%
≤2 → 0.99 · ≤5 → 0.80 · ≤10 → 0.60 · ≤15 → 0.40 · >15 → 0.25 (lower is better)
Dead Code (info)
0.80
Ratio of unused exports to total exports. Fewer unused exports = higher score.
ComponentValueScoreWeight
Unused exports 148 /2470 0.80 100%
≤5 → 0.99 · ≤10 → 0.80 · ≤15 → 0.60 · ≤25 → 0.40 · >25 → 0.25 (lower is better)
Outliers:
uptheriver/protocol.ts (16 unused)
jobqueue/SolidQueueJob.ts (8 unused)
type.ts (8 unused)
vault/VaultItem.ts (8 unused)
observation/ExtractionRecipe.ts (6 unused)
Unused export % 6 % (info)
Code Duplication (info)
0.99
Based on duplicate block count, duplicate line count, and overall duplication percentage.
ComponentValueScoreWeight
Duplication 1 % 0.99 100%
≤1 → 0.99 · ≤3 → 0.80 · ≤5 → 0.65 · ≤8 → 0.50 · ≤12 → 0.35 · >12 → 0.20 (lower is better)
Duplicate blocks 130 blocks (info)
Duplicate lines 1577 lines (info)
Dependency Health (info)
0.82
Evaluates runtime dependency count, dev dependency count, and @types packages in prod deps.
ComponentValueScoreWeight
Runtime dependencies 41 packages 0.70 60%
≤25 → 0.99 · ≤35 → 0.85 · ≤50 → 0.70 · ≤65 → 0.55 · ≤80 → 0.40 · >80 → 0.25 (lower is better)
@types in prod deps 0 packages 0.99 40%
≤0 → 0.99 · >0 → 0.60 (lower is better)
Dev dependencies 38 packages (info)
Concurrency Risk
0.99
Counts threading primitives, process forks, exec calls, locks, and semaphores. Lower is better.
ComponentValueScoreWeight
Concurrency primitives per 1K lines 0 per 1K lines 0.99 100%
≤0 → 0.99 · ≤0.3 → 0.80 · ≤0.8 → 0.60 · ≤1.5 → 0.40 · >1.5 → 0.25 (lower is better)
% of files with concurrency 0 %
Developer Friction
0.82
Counts cognitive friction points: TODO/FIXME/HACK comments, deep nesting, and functions with too many parameters. Lower friction = higher score.
ComponentValueScoreWeight
Acknowledged debt/1K lines 0.3 per 1K (57 total: 47 TODO, 4 FIXME, 6 HACK) 0.99 40%
≤2 → 0.99 · ≤5 → 0.80 · ≤10 → 0.60 · ≤20 → 0.40 · >20 → 0.25 (lower is better)
Outliers:
codereport/CodeReportController.ts (6 markers)
codereport/CodebaseReportFormattingServiceImpl.ts (4 markers)
uptheriver/wsHandler.ts (4 markers)
clientconfig/ClientConfigServiceImpl.ts (3 markers)
codereport/CodebaseScoreAggregationService.ts (3 markers)
Excessive nesting (depth >= 5) 0.8 % (33/3981 functions, max depth: 7) 0.80 30%
≤0 → 0.99 · ≤1 → 0.80 · ≤3 → 0.60 · ≤5 → 0.40 · >5 → 0.25 (lower is better)
Outliers:
codereport/factgathering/DependencyFactGatheringServiceImpl.ts (depth 7)
codereport/CodebaseScoreAggregationServiceImpl.ts (depth 6)
health/HealthCheckController.ts (depth 6)
postgres/PostgresClientManagerImpl.ts (depth 6)
postgres/PostgresClientManagerImpl.ts (depth 6)
Parameter overload (5+ params) 2.1 % (84/3981 functions, max: 10) 0.60 30%
≤0 → 0.99 · ≤1 → 0.80 · ≤3 → 0.60 · ≤5 → 0.40 · >5 → 0.25 (lower is better)
Offenders:
stat/StatSvgGenerationServiceImpl.ts (10 params)
calendar/FreeTimeServiceImpl.ts (9 params)
crmlite/CrmLiteServiceImpl.ts (9 params)
justonething/JustOneThingRepositoryImpl.ts (9 params)
ai/HighLevelAiQuestionAskingServiceImpl.ts (8 params)
Avg nesting depth 1.2 depth (info)
Avg function params 1.4 params (info)
Git Discipline (not scored — commits are snapshots, not atomic units)
not scored
ComponentValue
Refactor/extract activity 1.2 % (33 refactor+extract commits)
Fix commit ratio 8.7 % (231 fixes / 2663 total)
Commit atomicity 1.6 ratio (545 single-file / 338 multi-file)
Revert commit ratio 0.2 % (6 reverts / 2663 total)
Rename commits 75 commits (info)
Infrastructure churn share 14.7 % of total touches (info)

Vulnerabilities & Supply Chain

Supply Chain Security (OSV)
0.91
ComponentValueScoreWeight
Severity-weighted score 0 weighted (0 critical × 3 + 0 high × 2) 0.99 30%
≤0 → 0.99 · ≤2 → 0.70 · ≤5 → 0.45 · ≤10 → 0.25 · >10 → 0.10 (lower is better)
Known vulnerabilities 1 vulns 0.80 25%
≤0 → 0.99 · ≤3 → 0.80 · ≤8 → 0.60 · ≤15 → 0.40 · ≤25 → 0.25 · >25 → 0.10 (lower is better)
Affected runtime packages 1 packages (1 total incl dev) 0.80 20%
≤0 → 0.99 · ≤2 → 0.80 · ≤5 → 0.60 · ≤10 → 0.40 · >10 → 0.20 (lower is better)
Override freshness 100 % (0/5 stale) 0.99 15%
≥100 → 0.99 · ≥75 → 0.80 · ≥50 → 0.60 · ≥25 → 0.40 · <25 → 0.20 (higher is better)
Fix availability 100 % 0.99 10%
≥95 → 0.99 · ≥80 → 0.80 · ≥60 → 0.60 · ≥40 → 0.40 · <40 → 0.20 (higher is better)
Medium vulns 1 vulns (info)
Low vulns 0 vulns (info)
npm audit total 27 vulns (info)
npm audit high+critical 0 vulns (info)
CodeRabbit PR Quality
0.96
ComponentValueScoreWeight
Unresolved findings 0 open (100% resolved, 18 critical total) 0.99 40%
0–100% scale (lower is better)
Unresolved criticals 0 open critical (185 resolved) 0.99 35%
0–100% scale (lower is better)
PRs reviewed 10 PRs 0.99 15%
≥10 → 0.99 · ≥5 → 0.85 · ≥3 → 0.65 · ≥1 → 0.45 · <1 → 0.20 (higher is better)
Clean review rate 81.6 % (792/971 files clean) 0.55 10%
≥98 → 0.99 · ≥95 → 0.90 · ≥90 → 0.75 · ≥80 → 0.55 · <80 → 0.30 (higher is better)

Compliance Readiness

SOC2 Readiness
0.93
SOC2 Trust Service Criteria: infrastructure controls (audit log, encryption, MFA, evidence automation), vulnerability management, structured logging, security posture, and test coverage.
ComponentValueScoreWeight
Compliance infrastructure (CC4.1) 4 of 4 controls implemented 0.99 30%
0–100% scale (higher is better)
Vulnerability management (CC6.1) 1 known vulns 0.80 20%
≤0 → 0.99 · ≤3 → 0.80 · ≤8 → 0.60 · ≤15 → 0.40 · >15 → 0.20 (lower is better)
Logging & monitoring (CC6.6) 99.3 % log statements with method prefix 0.99 20%
≥90 → 0.99 · ≥70 → 0.80 · ≥50 → 0.60 · ≥30 → 0.40 · <30 → 0.20 (higher is better)
Security posture (CC8.1) 88 score 0.88 15%
Change management — test coverage (CC7.1) 94 score (from Test Coverage) 0.94 15%
0–100% scale (higher is better)
PCI Readiness
0.93
PCI DSS readiness: CDE infrastructure (card vault, barrel boundary, encryption, audit), branded type discipline for compile-time boundary enforcement, SQL injection surface, and secret hygiene.
ComponentValueScoreWeight
CDE infrastructure 4 of 4 controls (vault, barrel, encryption, audit) 0.99 30%
0–100% scale (higher is better)
SQL injection surface 0 hardcoded column refs 0.99 20%
≤0 → 0.99 · ≤5 → 0.80 · ≤15 → 0.60 · ≤30 → 0.40 · >30 → 0.20 (lower is better)
Secret hygiene 0 hardcoded secrets 0.99 20%
≤0 → 0.99 · ≤1 → 0.50 · ≤3 → 0.20 · >3 → 0.10 (lower is better)
Branded type discipline 3 compile-time boundary types 0.70 15%
≥4 → 0.99 · ≥2 → 0.70 · ≥1 → 0.40 · <1 → 0.00 (higher is better)
Type escape hatches 2.7 per 1K lines (445 total) 0.80 15%
≤1 → 0.99 · ≤3 → 0.80 · ≤5 → 0.60 · ≤8 → 0.40 · >8 → 0.20 (lower is better)
PII/GDPR Readiness
0.98
GDPR readiness: infrastructure controls (consent management Art 7, ROPA Art 30, DPA tracking Art 28, audit log, evidence automation), structured audit trail, access controls, and secret hygiene.
ComponentValueScoreWeight
GDPR infrastructure 5 of 5 controls (consent, ROPA, DPA, audit, evidence) 0.99 35%
0–100% scale (higher is better)
Audit trail (structured logging) 99.3 % log statements with method prefix 0.99 25%
≥90 → 0.99 · ≥70 → 0.80 · ≥50 → 0.60 · ≥30 → 0.40 · <30 → 0.20 (higher is better)
Access control posture 88 security score 0.88 20%
Secret hygiene 0 hardcoded secrets 0.99 20%
≤0 → 0.99 · ≤1 → 0.50 · ≤3 → 0.20 · >3 → 0.10 (lower is better)
HIPAA Readiness
0.94
HIPAA readiness: PHI infrastructure (vault, encryption, MFA, audit log, barrel boundary enforcement), audit controls §164.312(b), access controls §164.312(a), and transmission security §164.312(e).
ComponentValueScoreWeight
PHI infrastructure 5 of 5 controls (vault, encryption, MFA, audit, boundary) 0.99 35%
0–100% scale (higher is better)
Audit controls §164.312(b) 99.3 % log statements with method prefix 0.99 25%
≥90 → 0.99 · ≥70 → 0.80 · ≥50 → 0.60 · ≥30 → 0.40 · <30 → 0.20 (higher is better)
Access control §164.312(a)(1) 88 security score 0.88 20%
Transmission security §164.312(e)(1) 1 known vulns 0.80 20%
≤0 → 0.99 · ≤3 → 0.80 · ≤8 → 0.60 · ≤15 → 0.40 · >15 → 0.20 (lower is better)
PCI PIN Readiness
0.99
PCI PIN readiness: PED device registry, PIN block encryption service, key management (envelope encryption), and PIN transaction audit logging.
ComponentValueScoreWeight
PED registry 1 exists 0.99 30%
0–100% scale (higher is better)
PIN block service 1 exists 0.99 30%
0–100% scale (higher is better)
Key management 1 exists 0.99 20%
0–100% scale (higher is better)
Audit logging 1 exists 0.99 20%
0–100% scale (higher is better)
NACHA/ACH Readiness
0.99
NACHA/ACH readiness: ACH origination service, return handling via audit trail, risk management through evidence collection, and NACHA-compliant record retention policy.
ComponentValueScoreWeight
ACH origination service 1 exists 0.99 25%
0–100% scale (higher is better)
Return handling (audit trail) 1 exists 0.99 25%
0–100% scale (higher is better)
Risk management (evidence) 1 exists 0.99 25%
0–100% scale (higher is better)
NACHA record retention 1 exists 0.99 25%
0–100% scale (higher is better)
PSD2/SCA Readiness
0.99
PSD2/SCA readiness: Strong Customer Authentication service, 3D Secure protocol integration, trusted beneficiary consent management, and regulatory reporting via evidence collection.
ComponentValueScoreWeight
SCA service 1 exists 0.99 30%
0–100% scale (higher is better)
3DS integration 1 exists 0.99 30%
0–100% scale (higher is better)
Trusted beneficiaries (consent) 1 exists 0.99 20%
0–100% scale (higher is better)
Regulatory reporting (evidence) 1 exists 0.99 20%
0–100% scale (higher is better)
FFIEC Readiness
0.99
FFIEC readiness: examination control mapping, risk assessment evidence, business continuity planning, and information security program (audit, encryption, MFA).
ComponentValueScoreWeight
Control mapping 1 exists 0.99 25%
0–100% scale (higher is better)
Risk assessment (evidence) 1 exists 0.99 25%
0–100% scale (higher is better)
Business continuity planning 1 exists 0.99 25%
0–100% scale (higher is better)
Information security program 3 of 3 controls (audit, encryption, MFA) 0.99 25%
0–100% scale (higher is better)
SOX Readiness
0.99
SOX readiness: Segregation of Duties enforcement, approval workflows, internal control testing, and automated evidence collection for audit.
ComponentValueScoreWeight
Segregation of Duties 1 exists 0.99 30%
0–100% scale (higher is better)
Approval workflows 1 exists 0.99 25%
0–100% scale (higher is better)
Internal control testing 1 exists 0.99 25%
0–100% scale (higher is better)
Evidence collection 1 exists 0.99 20%
0–100% scale (higher is better)

Infrastructure Portability

Cloud Lock-In
0.84
ComponentValueScoreWeight
Services behind interfaces 83 % (5/6 services) 0.85 70%
≥100 → 0.99 · ≥75 → 0.85 · ≥50 → 0.70 · ≥25 → 0.50 · <25 → 0.30 (higher is better)
Frontend framework deps 2 packages 0.80 30%
≤0 → 0.99 · ≤2 → 0.80 · ≤5 → 0.65 · ≤10 → 0.50 · >10 → 0.35 (lower is better)
Cloud SDK files 22 files (info)
Infrastructure Portability
0.87
ComponentValueScoreWeight
Cloud services behind interfaces 83 % (5/6) 0.85 40%
≥100 → 0.99 · ≥75 → 0.85 · ≥50 → 0.70 · ≥25 → 0.50 · <25 → 0.30 (higher is better)
External services for local dev 2 services 0.85 30%
≤1 → 0.99 · ≤2 → 0.85 · ≤3 → 0.70 · ≤5 → 0.55 · >5 → 0.35 (lower is better)
Class inheritance count 1 extends 0.90 30%
≤0 → 0.99 · ≤3 → 0.90 · ≤8 → 0.75 · ≤15 → 0.60 · ≤30 → 0.45 · >30 → 0.30 (lower is better)

Resilience

Resilience (anti-brittleness)
0.87
Composite score across error handling, test coverage, security, and operational readiness.
ComponentValueScoreWeight
Files under 500 lines 97.2 % 0.99 30%
≥95 → 0.99 · ≥90 → 0.85 · ≥80 → 0.70 · ≥70 → 0.55 · <70 → 0.40 (higher is better)
Outliers:
task/TaskController.ts (1963 lines)
startupcompany/StartupCompanyController.ts (1250 lines)
uptheriver/client/render/RenderServiceImpl.ts (1154 lines)
task/TaskServiceImpl.ts (1001 lines)
ai/HighLevelAiQuestionAskingServiceImpl.ts (993 lines)
Exemplars:
happening/HappeningPublishingServiceImpl.ts (3 lines)
team/GroupUserMembershipServiceImpl.ts (18 lines)
audio/AudioFileNamingServiceImpl.ts (21 lines)
Test safety net 25.2 % 0.80 25%
≥40 → 0.99 · ≥25 → 0.80 · ≥15 → 0.65 · ≥8 → 0.50 · ≥3 → 0.35 · <3 → 0.15 (higher is better)
Observability coverage 80.4 % 0.80 20%
0–100% scale (higher is better)
Fan-in × complexity risk 44 (logging/index.ts: 43.7% × CC=1) 0.99 15%
≤100 → 0.99 · ≤300 → 0.80 · ≤600 → 0.60 · ≤1000 → 0.40 · >1000 → 0.25 (lower is better)
Fan-in × volatility risk 163 (diContainer.ts: 2.0% × 274 touches) 0.60 10%
≤50 → 0.99 · ≤100 → 0.80 · ≤200 → 0.60 · ≤400 → 0.40 · >400 → 0.25 (lower is better)
Severe god objects (>1000 lines) 0 files (−10pts each, max −30)
Max fan-in concentration 43.7 % (logging/index.ts)
Max fan-in (imports of one file) 549 /1256 files

Objective Facts

Codebase Size

Total Source Files 1,256 count
Total number of TypeScript source files (excluding tests, scripts, and generated code).
Total Source Lines 165,239 lines
Total lines of TypeScript source code.
Avg Lines Per File 132 lines
Average lines per source file. Lower means more focused, single-purpose files.
Avg Lines Per Impl 212 lines
Average lines per implementation class. Measures how bloated implementations get.
Files Over500 Lines 40 count
Source files exceeding 500 lines — candidates for splitting.
40 out of 1,256 source files
Files Over1000 Lines 4 count
Source files exceeding 1,000 lines — strong candidates for refactoring.
4 out of 1,256 source files

Module Structure

Module Count 159 count
Number of distinct modules (top-level directories under src/).
Avg Files Per Module 7.90 count
Average source files per module. Very high counts suggest a module is doing too much.
Service Interface Count 256 count
Number of service interface files (contracts without implementation).
Service Impl Count 223 count
Number of service implementation files.
Repository Interface Count 141 count
Number of repository interface files (data-access contracts).
Repository Impl Count 109 count
Number of repository implementation files.
Controller Count 87 count
Number of controller files (HTTP endpoint handlers).
Avg Methods Per Interface 4.20 count
Average methods per service interface. Lower means leaner, more focused contracts (Interface Segregation).
Avg Constructor Deps 2.30 count
Average constructor dependencies per implementation. High counts in orchestrator services are a sign of good composition.
Di Binding Count 367 count
Total const bindings in diContainer.ts (excluding controllers, LOG, container, and non-service values).
Di Bindings With Interface 308 count
DI bindings with an explicit interface type annotation. These are programmed to a contract.
308 out of 367 bindings
Di Contract Percent 83.90 percent
Percentage of DI bindings that are typed to an interface rather than inferred as concrete. The DI container is the source of truth: if a class is injected as a dependency, it should be behind a contract.

ISP Consumer Utilization

Isp Consumer Utilization 65.20 percent
Average percentage of interface methods actually used by each consumer. Higher means consumers depend on what they use (good ISP).
Isp Consumer Pairs 1,389 count
Total consumer-interface pairs analyzed for ISP utilization.
Isp Interfaces With Zero Consumers 3 count
Interfaces with no consumers found — skipped in utilization calculation.

Testing

Test File Count 317 count
Total number of test files.
Unit Test File Count 301 count
Test files that run without a database.
Integration Test File Count 16 count
Test files requiring a live database.
E2e Test Count 1 count
End-to-end test specs (Playwright).
Source To Test Ratio 25.20 percent
Ratio of test files to source files, expressed as a percentage. Analogous to code coverage breadth.
Lines Per Test 521 lines
Average source lines per test file. Lower means more granular test coverage.
1 test file for every 521 source lines
Modules With Zero Tests 4 count
Modules with no test files at all — blind spots in the test suite.
4 out of 159 modules
Assertion Count 6,390 count
Total number of assertions (expect/assert calls) across all tests.
Test Natural Order Passing 3,294 count
Test Natural Order Failing 23 count
Test Random Order Passing 3,294 count
Test Random Order Failing 23 count
Test State Leakage Detected 0 count

Security

Raw Sql Concatenations 40 count
SQL queries built with string concatenation — SQL injection risk.
Parameterized Query Count 954 count
SQL queries using parameterized placeholders ($1, $2). Safe by design.
Hardcoded Secret Count 0 count
Potential hardcoded secrets (API keys, passwords) found in source code.
Dangerous Eval Count 0 count
Dynamic code execution (code injection risk).
Xss Risk Count 1 count
Pattern-matched XSS risk indicators (direct DOM writes and unescaped request data in responses). Review individually — many are legitimate client-side rendering.
1 pattern matches across 1,256 source files

Complexity & Code Hygiene

Max Cyclomatic Complexity 41 complexity
Highest cyclomatic complexity in any single function. Lower means simpler branching.
Avg Cyclomatic Complexity 3.60 complexity
Average cyclomatic complexity across all functions.
Functions Over10 Complexity 225 count
Functions with cyclomatic complexity above 10 — worth reviewing for simplification.
225 out of 3,981 functions
Functions Over20 Complexity 36 count
Functions with cyclomatic complexity above 20 — strong refactoring candidates.
36 out of 3,981 functions
Total Function Count 3,981 count
Total number of functions and methods in the codebase.
Avg Method Lines 22.20 lines
Average lines per method across all implementation files (raw, including comments and logging).
Avg Method Lines Logic Only 14.70 lines
Average lines per method after stripping comments and LOG statements. Measures pure logic density without penalizing good practices.
Functions Over100 Lines 47 count
Functions exceeding 100 lines — hard to test and reason about.
47 out of 3,981 functions
Functions Over50 Lines 330 count
Functions exceeding 50 lines — worth reviewing for extraction.
330 out of 3,981 functions
Any Typed Parameters 210 count
Total `: any` occurrences (boundary + structural). Legacy aggregate — see breakdown below.
210 total any-typed occurrences
Any Typed Structural 93 count
Structural `: any` — developer chose `any` over a real type. These are the ones that matter for code hygiene.
93 structural any-typed occurrences
Any Typed Boundary 117 count
Boundary `: any` — pg driver rows, catch blocks, AsyncLocalStorage, external API responses. Pragmatic and not penalized.
117 boundary any-typed (no penalty)

Error Handling

Total Catch Blocks 1,087 count
Total try/catch blocks in the codebase.
Empty Catch Blocks 51 count
Catch blocks with no body — silently swallowing errors.
51 empty out of 1,087 catch blocks
Empty Catch Percent 4.70 percent
Percentage of catch blocks that are empty.
Catch And Ignore Blocks 7 count
Catch blocks that catch an error but never log, rethrow, or use it.
7 ignored out of 1,087 catch blocks
Log Before Throw Blocks 460 count
Throw statements preceded by a LOG call — good diagnostic discipline.
Log Before Throw Percent 100 percent
Percentage of throw statements that are preceded by logging.

Logging

Files With Logger 406 count
Source files that instantiate a named logger via getLogger().
406 out of 1,256 source files
Total Log Statements 5,640 count
Total LOG.* calls across the codebase.
Log Statements With Method Prefix 5,602 count
Log statements that include a method-name prefix (e.g. "processRequest(): ...").
5,602 out of 5,640 log statements
Log Method Prefix Percent 99.30 percent
Percentage of log statements with method-name prefix. Per GLPR, this should be high.
Log Statements With Fmt 6,513 count
Log statements using fmt() for safe object serialization.
6,513 out of 5,640 log statements
Avg Log Static Prefix Length 45.10 chars
Average characters of static text before the first interpolation in LOG statements. Longer prefixes are easier to grep.
Median Log Static Prefix Length 44 chars
Median characters of static text before the first interpolation in LOG statements.
Log Trace Count 760 count
Number of LOG.trace() calls.
Log Debug Count 1,953 count
Number of LOG.debug() calls.
Log Info Count 1,409 count
Number of LOG.info() calls.
Log Notice Count 192 count
Number of LOG.notice() calls.
Log Warn Count 177 count
Number of LOG.warn() calls.
Log Error Count 1,019 count
Number of LOG.error() calls.
Log Fatal Count 127 count
Number of LOG.fatal() calls.

Duplication & Dead Code

Duplicate Block Count 130 count
Number of detected duplicate code blocks.
Duplicate Line Count 1,577 lines
Total lines of duplicated code.
1,577 duplicated out of 165,239 source lines
Duplication Percent 1 percent
Percentage of source code that is duplicated.
Total Export Count 2,470 count
Total number of exported symbols (functions, classes, constants).
Unused Export Count 148 count
Exported symbols not imported anywhere — potential dead code.
148 unused out of 2,470 exports
Unused Export Percent 6 percent
Percentage of exports that are unused.

Dependencies

Runtime Dependency Count 41 count
Number of production npm dependencies. Fewer means less attack surface and smaller bundles.
Dev Dependency Count 38 count
Number of dev-only npm dependencies.
Types In Prod Deps 0 count
@types packages listed in dependencies instead of devDependencies.

Supply Chain Security (OSV Scanner + npm audit)

Osv Vulnerability Count 1 count
Total known vulnerabilities across all npm dependencies (via osv-scanner).
Osv Critical Count 0 count
Vulnerabilities with CVSS score >= 9.0. Require immediate attention.
Osv High Count 0 count
Vulnerabilities with CVSS score >= 7.0.
Osv Medium Count 1 count
Vulnerabilities with CVSS score >= 4.0.
Osv Low Count 0 count
Vulnerabilities with CVSS score < 4.0.
Osv Affected Package Count 1 count
Distinct npm packages with at least one known vulnerability.
Osv Affected Runtime Package Count 1 count
Vulnerable packages in production dependencies (not devDependencies). These ship to users.
Osv Fix Available Count 1 count
Vulnerabilities where an upstream fix version exists.
Osv Fix Available Percent 100 percent
Percentage of vulnerabilities with a fix available. Higher means easier to remediate.
Npm Audit Total 27 count
Total vulnerabilities reported by npm audit.
Npm Audit High 0 count
High severity vulnerabilities from npm audit.
Npm Audit Critical 0 count
Critical severity vulnerabilities from npm audit.
Npm Override Count 5 count
Total npm version overrides defined in package.json to force-fix transitive vulnerabilities.
Npm Override Stale Count 0 count
Overrides pinning a version older than what is currently published on npm. Stale overrides indicate deferred maintenance.
Npm Override Freshness Percent 100 percent
Percentage of npm overrides that are current (installed version matches or exceeds latest). 100% means all overrides are up to date.

CodeRabbit PR Review Quality

Code Rabbit Prs Reviewed 10 count
Number of recent PRs reviewed by CodeRabbit AI reviewer.
Code Rabbit Total Files Reviewed 971 count
Total files examined by CodeRabbit across recent PRs.
Code Rabbit Actionable Comments 179 count
Total actionable findings posted by CodeRabbit. Lower means cleaner PRs at submission time.
Code Rabbit Outside Diff Comments 16 count
Suggestions on code outside the PR diff — proactive code quality catches.
Code Rabbit Critical Comments 18 count
Critical-severity findings (security, data corruption, logic errors). Target: 0.
Code Rabbit Clean Review Percent 81.60 percent
Percentage of reviewed files with no actionable findings. Higher means cleaner code at PR time.
Code Rabbit Resolved Comments 185 count
Code Rabbit Unresolved Comments 0 count
Code Rabbit Unresolved Critical Comments 0 count
Code Rabbit Baseline Pr 45 count
Code Rabbit All Time Prs Reviewed 14 count
Code Rabbit All Time Total Files Reviewed 1,052 count
Code Rabbit All Time Actionable Comments 293 count
Code Rabbit All Time Outside Diff Comments 34 count
Code Rabbit All Time Critical Comments 49 count
Code Rabbit All Time Clean Review Percent 72.10 percent
Code Rabbit All Time Resolved Comments 243 count
Code Rabbit All Time Unresolved Comments 55 count
Code Rabbit All Time Unresolved Critical Comments 11 count

Coupling

Type Hub Files 2 count
Files that re-export many types, creating implicit coupling across modules.
Type Hub Max Fan Out 483 count
Highest number of imports from a single type-hub file.
Hardcoded Column Names 0 count
SQL column names hardcoded as string literals in non-repository files.
Type Escape Hatches 445 count
Uses of "as any", "as unknown", or @ts-ignore — bypassing the type system.
445 escape hatches across 165,239 source lines

Liskov & Substitutability

Instanceof On Concrete Types 0 count
Uses of instanceof on concrete types — violates Liskov Substitution Principle.
Concrete Downcasts 1 count
Downcasts to Impl classes (e.g. "as FooImpl") — tight coupling to implementations.
Consumer Impl Imports 5 count
Consumer files importing implementation classes directly instead of interfaces.

Documentation

Philosophy Md Lines 1,216 lines
Lines in PHILOSOPHY.md — the project's design rationale document.
Technical Guide Md Lines 785 lines
Lines in TECHNICAL_GUIDE.md — the project's technical reference.
Conversation Starter Count 454 count
Files in doc/conversation-starter/ — design discussions and research preserved as artifacts.
Interfaces With Js Doc 255 count
Service interfaces with JSDoc comments on the class or its methods.
255 out of 256 service interfaces
Behavioral Spec Lines 3,629 lines
Lines in BEHAVIORAL_SPEC.txt — auto-generated from test suite output via make bdd. The tests ARE the documentation.
Behavioral Spec Age Days 7 days
Days since BEHAVIORAL_SPEC.txt was last regenerated. Fresher = more trustworthy.
Readme Lines 316 lines
Lines in README.md — the front door to the project.
Readme Has Quickstart 1 count
Whether README.md contains a Quick Start section. New developers need this.
Readme Quickstart Steps 5 count
Number of steps in the quickstart section. Fewer steps = lower barrier to entry.
Changelog Matches Version 1 count
Whether CHANGELOG.md header version matches the VERSION file. Stale changelog = stale documentation.
Changelog Lines 2,279 lines
Total lines in CHANGELOG.md. A substantial changelog shows disciplined release documentation.
Changelog Version Sections 45 count
Number of ## Version headers in CHANGELOG.md. Each section = one documented release.
Changelog Age Days 0 days
Days since CHANGELOG.md was last modified. Fresh changelog = active release documentation.

AI Adoption

Ai Assisted Commits 2,023 count
Git commits with a Co-Authored-By: Claude header.
2,023 out of 2,663 total commits
Total Commits 2,663 count
Total git commits in the repository.
Ai Commit Percent 76 percent
Percentage of commits that were AI-assisted.

Git Discipline

Git Fix Commit Count 231 count
Commits whose message starts with "Fix" — corrective work rather than new development.
Git Fix Ratio 8.70 percent
Percentage of commits whose message contains "fix". Info only — commit messages are not atomic, so this is context, not a quality signal.
Git Rename Commit Count 75 count
Commits that rename code. Active renaming shows naming discipline — zero renames is a smell.
Git Refactor Commit Count 33 count
Commits that refactor, extract, or decompose code. Proactive maintenance activity.
Git Refactor Ratio 1.20 percent
Percentage of commits that are refactoring/extraction work.
Git Single File Commits 545 count
Commits touching exactly 1 file — atomic, focused changes.
Git Multi File Commits 338 count
Commits touching 10+ files — cross-cutting changes or shotgun surgery.
Git Commit Atomicity Ratio 1.60 ratio
Ratio of single-file to multi-file commits. Tracked as context, not scored — commits are snapshots, PRs are the atomic unit.
Git Infra Churn Percent 14.70 percent
Percentage of all file touches on wiring files (DI, routes, types, migration). Higher means churn is in expected places.
Git Active Session Count 214 count
Work sessions >= 30 min, grouped by 45-min gaps between commits.
Git Active Hours 359.30 hours
Total hours spent in active coding sessions (based on commit timestamps).
Git Lines Inserted Per Hour 1,977 lines/hr
Weighted lines inserted per hour across active sessions. 500-1,000 is steady building; 2K+ is bulk operations.
Git Net Lines Per Hour 1,656 lines/hr
Net lines per hour (insertions minus deletions) across active sessions.

Git Workflow & Team

Git Contributor Count 1 count
Git Active Contributor Count 1 count
Git Bus Factor 1 count
Git Top Contributor Percent 100 percent
Git Merge Commit Count 84 count
Git Merge Commit Ratio 3.20 percent
Git Pr Reference Count 24 count
Git Pr Workflow Detected 1 boolean
Git Repo Age Days 161 days
Git Days Since Last Commit 0 days
Git Commit Streak Max Days 22 days
Git Weekend Commit Percent 16.30 percent
Git Net Growth Ratio 0.85 ratio
Git Any Ai Commit Count 2,023 count
Git Any Ai Commit Percent 76 percent

Compliance Infrastructure

Compliance Service Count 29 count
Compliance Impl Count 29 count
Compliance Branded Type Count 3 count
Compliance Barrel Export Exists 1 count
Compliance Audit Log Table Exists 1 count
Compliance Envelope Encryption Exists 1 count
Compliance Mfa Service Exists 1 count
Compliance Consent Service Exists 1 count
Compliance Phi Vault Exists 1 count
Compliance Cde Vault Exists 1 count
Compliance Ropa Service Exists 1 count
Compliance Dpa Service Exists 1 count
Compliance Evidence Service Exists 1 count
Compliance Pin Device Registry Exists 1 count
Compliance Ach Service Exists 1 count
Compliance Sca Service Exists 1 count
Compliance Ffiec Service Exists 1 count
Compliance Sox Service Exists 1 count
Compliance Nacha Retention Exists 1 count
Compliance Sod Service Exists 1 count

Concurrency

Concurrency Primitive Count 0 count
Total occurrences of shared-state concurrency primitives (threading, shared memory, locks). Child processes are excluded — they have isolated memory.
Concurrency File Count 0 count
Number of source files containing at least one concurrency primitive.

Developer Friction

Todo Comment Count 47 count
TODO comments in source code — acknowledged work that has not been done.
Fixme Comment Count 4 count
FIXME comments — acknowledged bugs or fragile code.
Hack Comment Count 6 count
HACK comments — acknowledged shortcuts or workarounds.
Max Nesting Depth 7 count
Maximum brace nesting depth across all functions. Deep nesting is hard to follow.
Avg Nesting Depth 1.20 count
Average max nesting depth per function.
Functions With Excessive Nesting 33 count
Functions with nesting depth >= 5. Each one is a cognitive burden.
Max Function Params 10 count
Maximum parameter count across all functions. Functions with many params are mentally expensive.
Avg Function Params 1.40 count
Average parameter count per function.
Functions With Excessive Params 84 count
Functions with 5+ parameters — each one demands the caller hold more context.

Latency & SLO

Latency Avg Ms 0 ms
Average response time across all monitored endpoints (last 24h).
Latency P50 Ms 0 ms
Median (p50) response time across endpoints (last 24h).
Latency P99 Ms 0 ms
99th percentile response time across endpoints (last 24h). True P99 from raw readings via Postgres percentile_cont().
Latency Max Ms 0 ms
Worst single response time across all endpoints (last 24h).
Latency Endpoint Count 0 count
Number of monitored endpoints with response time data in the last 24h.
Latency Reading Count 0 count
Total response time readings across all endpoints (last 24h).
Slo P99 Target Ms 500 ms
SLO target: P99 response time must be under this value (in ms).
Slo P99 Compliance Percent 0 percent
Percentage of endpoints where P99 response time is under the SLO target.

DORA Metrics

Dora Deployments Total 41 count
Total version tags (deploys) in repository history.
Dora Deployments Last30 Days 41 count
Deploys in the last 30 days. Higher = more frequent shipping.
Dora Deployments Last7 Days 38 count
Deploys in the last 7 days.
Dora Avg Deploys Per Week 35.88 deploys/week
Average deploys per week over repository lifetime. DORA Elite = multiple per day.
Dora Repo Age Days 8 days
Days since earliest version tag (deploy history span).
Dora Avg Lead Time Hours 4.40 hours
Average hours between consecutive deploys (tag-to-tag intervals).
Dora P50 Lead Time Hours 2 hours
Median inter-deploy interval in hours. DORA Elite = less than 1 hour.
Dora P90 Lead Time Hours 16.80 hours
90th percentile inter-deploy interval in hours. Shows worst-case deploy cadence.
Dora Change Failure Rate Percent 0 percent
Percentage of deploys followed by a hotfix within 1 hour. DORA Elite = 0-15%.
Dora Hotfix Count 0 count
Number of hotfix deploys detected (version bump with "fix" in message within 1 hour of prior deploy).

Vendor Lock-In & Portability

Cloud Sdk Import Count 22 count
Source files importing cloud-specific SDKs (aws-sdk, @aws-sdk/*, @google-cloud/*, @azure/*). Each import is a portability risk.
Cloud Service Count 6 count
Distinct cloud services used in the codebase (S3, Bedrock, SQS, DynamoDB, etc.).
Cloud Services Abstracted 5 count
Cloud services consumed through an interface (ISP-compliant). Abstracted services are easier to swap.
Frontend Framework Deps 2 count
Frontend framework packages (React, Vue, Angular, Svelte, etc.) in dependencies. Zero means server-rendered, portable UI.
Class Inheritance Count 1 count
Class extends clauses (excluding Error subclasses). High inheritance = brittle coupling. Prefer composition.
External Services For Local Dev 2 count
External services required for npm start (Postgres, Redis, Kafka, etc.). Fewer = faster onboarding.

Other

Catch Blocks That Throw 460 count
Files Over1000 Percent 0.30 percent
Files Over500 Percent 3.20 percent
Files With Logger Percent 96.90 percent
Git Avg Commits Per Active Day 21 commits/day
Git Avg Message Length 53 chars
Git Conventional Commit Ratio 0.50 percent
Git Revert Commit Count 6 count
Git Revert Ratio 0.20 percent
Git Wip Commit Count 4 count

Methodology Notes

Code Mass Treemap

View full page