feat: Add Knip for unused code analysis with CI reporting

[brandon-pereira]

Summary

Adds Knip to the monorepo to detect unused files, dependencies, and exports. The goal is to reduce dead code over time and prevent new unused code from accumulating.

What's included:

• Root-level knip.json configured for all three workspaces (packages/app, packages/api, packages/common-utils)
• yarn knip and yarn knip:ci scripts for local and CI usage
• GitHub Action (.github/workflows/knip.yml) that runs on every PR to main, compares results against the base branch, and posts a summary comment showing any increase or decrease in unused code
• Removed the previous app-only packages/app/knip.json in favor of the monorepo-wide config

How the CI workflow works:

1. Runs Knip on the PR branch
2. Checks out main and runs Knip there
3. Compares issue counts per category and posts/updates a PR comment with a diff table

This is additive — Knip runs as an informational check and does not block PRs.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 78a62e5

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
hyperdx-oss	Ready	Preview, Comment	Mar 23, 2026 2:40pm

[github-actions]

Knip - Unused Code Analysis

🔴 +240 change in total issues (0 on main → 240 on PR)

Category	main	PR	Diff
Unused files	0	9	+9 🔴
Unused dependencies	0	14	+14 🔴
Unused devDependencies	0	20	+20 🔴
Unlisted dependencies	0	14	+14 🔴
Unresolved imports	0	2	+2 🔴
Unlisted binaries	0	2	+2 🔴
Unused exports	0	132	+132 🔴
Unused exported types	0	41	+41 🔴
Unused enum members	0	2	+2 🔴
Duplicate exports	0	4	+4 🔴

What is this?

Knip finds unused files, dependencies, and exports in your codebase.
This comment compares the PR branch against main to detect regressions.

Run yarn knip locally to see full details.

[github-actions]

PR Review

• ⚠️ knip:ci script is unused — The workflow calls yarn knip --reporter json directly instead of yarn knip:ci. Either use yarn knip:ci in the workflow or remove the knip:ci script from package.json.

• ⚠️ Silent knip failures give false confidence — 2>/dev/null || true suppresses stderr and forces exit 0. If knip crashes, countIssues returns { total: 0 } and the comment shows "0 issues on PR" rather than indicating a tool failure. Consider at least logging stderr: yarn knip --reporter json > /tmp/knip-pr.json 2>/tmp/knip-pr-err.json || true.

• ⚠️ Potential files category undercounting — In Knip v6 JSON output, unused files are reported at the top level (data.files: string[]), not inside data.issues[n].files. The countIssues function only iterates data.issues, so the files category count may always be 0. Verify against the actual JSON structure and add counts['files'] = (data.files || []).length if needed.

✅ Security looks fine — action versions are pinned with commit SHAs, permissions are minimal (contents: read, pull-requests: write), and no user-controlled content is unsafely interpolated into the comment body.

[github-actions]

E2E Test Results

✅ All tests passed • 92 passed • 3 skipped • 974s

Status	Count
✅ Passed	92
❌ Failed	0
⚠️ Flaky	1
⏭️ Skipped	3

Tests ran across 4 shards in parallel.

View full report →