-
Notifications
You must be signed in to change notification settings - Fork 0
cleanup opportunities
Douwe de Vries edited this page Jul 1, 2026
·
1 revision
This section summarizes cleanup findings already present in repository review documents and source measurements. It does not invent new feature work.
Active contributors: Douwe de Vries
| Area | Finding | Source |
|---|---|---|
| Complexity hotspots | Several source files are large enough to slow review and increase reason-to-change risk |
Complexity hotspots, docs/code-quality-assessment-2026-07-01.md
|
| Product policy duplication | Auto-selection policy is duplicated between the CLI and Tauri paths, though the current copies match | docs/code-quality-assessment-2026-07-01.md |
| Frontend workflow repetition | CSV, paste, and quick workflows repeat column-selection and Local AI blocking patterns | docs/code-quality-assessment-2026-07-01.md |
| Selectable-column abstraction |
frontend/src/utils/columns.ts currently has an isSelectableColumn abstraction that always returns true |
docs/code-quality-assessment-2026-07-01.md |
| Test fixture duplication | Broad DTO fixtures such as ColumnMetadata and PrivacyReport are copied across frontend tests |
docs/code-quality-assessment-2026-07-01.md |
| Broad DTO surface |
crates/csv-anonymizer-core/src/types.rs and frontend/src/types.ts centralize many public contracts |
docs/code-quality-assessment-2026-07-01.md, Data models
|
| Release and CI shell complexity | Release workflow signing, staging, upload, and prebuilt frontend checks are powerful but hard to maintain inline |
docs/code-quality-assessment-2026-07-01.md, Deployment
|
| Shallow contract validation |
scripts/check-contracts.mjs catches names and fields, but not full optionality, nested typing, or runtime serialization semantics |
docs/code-quality-assessment-2026-07-01.md |
| Dependency freshness |
cargo audit reports zero vulnerabilities, but informational warnings and future major/API upgrades remain |
Dependency freshness, docs/dependency-audit-followups.md
|
docs/codebase-review-2026-06-29.md records several earlier issues as implemented. Do not treat those as active cleanup work unless new evidence shows a regression.
Resolved examples include Local AI download cancellation hardening, direct paste and quick settings-load gating, signed checksum sidecars for Linux direct downloads, session-only seed handling, output suffix validation, CSV Local AI button blocking, and CLI help for deterministic seeds.
- Use Complexity hotspots when deciding whether a refactor belongs in a separate PR.
- Use Dependency freshness before dependency update work.
- Use Testing to choose verification for any cleanup change.
- Use Patterns and conventions to avoid simplifying away privacy-sensitive guards.