Skip to content

Repo cleanup consolidation: Repomix, Knip, generated drift, Supabase linked lint #772

Description

@njrini99-code

Summary

Package the current HelmV3 cleanup work into one fix-ready tracking issue. This combines findings from the repo freshness audit, the follow-up agent handoff, and the latest Codex session work.

The repo is buildable/testable, but not yet a clean maintenance baseline. Work should proceed as small PRs, not one mega cleanup.

Hard guardrails

  • Do not mutate linked Supabase during discovery/planning.
  • Do not close GitHub issues/PRs automatically from this issue.
  • Do not delete source files from the first Knip pass.
  • Do not run npm audit fix or npm audit fix --force.
  • Do not run broad destructive cleanup like git clean -Xdf.
  • Do not treat npm run db:types:check as read-only; it runs npm run db:types first and can rewrite src/lib/types/database.ts.
  • Keep generated-file/audit-output cleanup separate from app behavior changes.

Repomix status

Fresh context generation was run successfully on 2026-07-03:

npm run fresh:context

Generated packs, all gitignored under .repomix/:

  • .repomix/helmv3-compressed.xml — 4,377 files, 5,202,055 tokens, security check passed
  • .repomix/changed-files-context.xml — 24 changed files, 69,150 tokens, includes diffs/logs, security check passed
  • .repomix/helmv3-db-context.xml — 218 DB/schema files, 1,018,810 tokens, security check passed

Repomix wrapper/config/docs are present locally:

  • repomix.config.json
  • scripts/context/repomix.sh
  • docs/operations/REPOMIX_CONTEXT_PACKS.md
  • docs/prompts/repomix/repo-cleanup.md
  • docs/prompts/repomix/db-audit.md
  • docs/prompts/repomix/changed-files-review.md

Use these prompts with the packs above when assigning the fix work.

Local work already prepared

A prior Codex session created/updated these cleanup docs and helpers:

  • docs/audits/REPO_FRESHNESS_BASELINE_2026-07-03.md
  • docs/audits/CLEANUP_PR_SEQUENCE_2026-07-03.md
  • docs/audits/SUPABASE_LINKED_LINT_FIX_PLAN_2026-07-03.md
  • docs/audits/KNIP_TRIAGE_2026-07-03.md
  • docs/audits/AGENT_HANDOFF_CLEANUP_KNIP_SUPABASE_2026-07-03.md
  • scripts/git/audit.sh
  • scripts/git/clean-dry.sh
  • scripts/git/stash-audit.sh
  • package scripts: git:audit, git:clean:dry, git:stash:audit, knip:*, ctx:*, fresh:context, arch helpers

Latest Codex tuning updated knip.json so that:

  • CRM migration scripts are modeled as Knip entrypoints, so postgres is no longer a false unused-devDependency finding.
  • native Capacitor packages are ignored because iOS SPM references them under ios/App/CapApp-SPM/Package.swift.
  • admin security/test fixture files are ignored as intentional fixtures.
  • the redundant next.config.mjs Knip entry pattern was removed.

Current local repo state to be aware of

Working tree was already dirty before this issue packaging. Current notable local changes include:

  • generated drift: next-env.d.ts, public/sw.js
  • cleanup/config docs: audit docs, Repomix docs/prompts/config, Git helper scripts
  • package/package-lock changes adding tooling/scripts already present locally
  • .gitignore, .repomixignore, .dependency-cruiser.cjs, .github/workflows/repomix-context.yml, CLAUDE.md

Do not blindly revert unrelated dirty files; split intentional work into small PRs.

Findings to track

1. Generated file drift

  • next-env.d.ts changed route types import from ./.next/dev/types/routes.d.ts to ./.next/types/routes.d.ts.
  • public/sw.js cache version changed from golfhelm-v48d739cec to golfhelm-v8b9986e1a.
  • public/sw.js is stamped by scripts/stamp-sw.mjs during prebuild.

Decision needed:

  • commit these generated outputs in a narrow generated-file PR, or
  • stop tracking one/both and generate reliably in CI/deploy.

2. db:types:check audit correction

The freshness baseline must not say npm run db:types:check passed. It was skipped/deferred because it regenerates src/lib/types/database.ts before diffing it.

Read-only drift check is npm run check:types-drift, but it requires SUPABASE_ACCESS_TOKEN.

3. Local Git hygiene

Freshness baseline found:

  • local git fsck --full failed due to commit-graph parse failures, likely local metadata
  • 24 stashes
  • 6 merged local non-main branches tracking gone upstreams
  • large ignored artifact set

Safe prepared helpers:

npm run git:audit
npm run git:clean:dry
npm run git:stash:audit

Do not run broad destructive cleanup. Branch deletions, if approved, should use git branch -d, not -D.

4. Knip tuned baseline

After latest tuning:

npm run knip:files

reports 6 unused-file candidates:

  • src/components/baseball/dashboard/dashboard-types.ts
  • src/components/baseball/recruiting-philosophy/MatchScoreBadge.tsx
  • src/components/products/golf-mockups/index.tsx
  • src/lib/mapbox/client.ts
  • src/lib/recruiting/match-calculator.ts
  • src/lib/types/table.ts
npm run knip:deps

reports 5 unlisted direct imports:

  • postcss-load-config from postcss.config.mjs
  • @radix-ui/react-compose-refs from src/components/fairway/controls/tabs.tsx
  • fflate from src/lib/baseball/__tests__/import-formats.test.ts
  • fflate from src/lib/baseball/adapters/pdf-reader.ts
  • fflate from src/lib/baseball/adapters/xlsx-reader.ts

npm run knip still exits 1 because it includes the 6 files, 5 unlisted deps, and 695 unused exports. Do not act on the 695 export findings in bulk.

5. Supabase linked lint follow-up

Linked lint reported two real public-function errors:

  • public.can_manage_baseball_lift_group references missing relation public.baseball_strength_groups.
  • public.baseball_accept_staff_invite references missing record field v_invitation.invitee_email.

Plan only until live definitions are fetched.

For can_manage_baseball_lift_group:

  • local migration 20260624000050_baseball_rls_helpers_and_policies.sql defines can_manage_baseball_lift_group(p_team_id uuid, p_player_id uuid) without baseball_strength_groups
  • likely production has an older function body while legacy Lift Lab tables were moved to graveyard
  • do not restore public.baseball_strength_groups

For baseball_accept_staff_invite:

  • local superseding migration 20260624000081_baseball_staff_roles_scope_audit.sql uses v_invite.email, not v_invitation.invitee_email
  • likely production has an older/manual function body or stale table column reference
  • do not add invitee_email without confirming current writers/product intent

Read-only discovery needed:

select pg_get_functiondef('public.can_manage_baseball_lift_group(uuid, uuid)'::regprocedure);
select pg_get_functiondef('public.baseball_accept_staff_invite(text)'::regprocedure);
select column_name, data_type
from information_schema.columns
where table_schema = 'public'
  and table_name = 'baseball_staff_invitations'
order by ordinal_position;

6. Dependency/security cleanup

Open Dependabot PR set was dependency-only. Recommended order from audit:

  1. #735 tar 7.5.19
  2. #741 Anthropic SDK
  3. then grouped Actions/dev/prod dependency PRs separately

Do not run npm audit fix --force. Security audit needs small dependency buckets.

7. Issue cleanup ledger

Open issue cleanup should be evidence-backed. Do not bulk close. Create/update an issue ledger with each issue classified as:

  • still valid
  • fixed but needs evidence comment
  • duplicate/superseded
  • blocked by DB/admin access
  • backlog/product decision

Recommended PR sequence

  1. Audit correction + generated-file policy
  2. Repomix/context tooling + local Git hygiene helpers
  3. Knip config/tuning baseline
  4. Add direct dependencies or refactor imports for postcss-load-config, @radix-ui/react-compose-refs, fflate
  5. Dead-file deletion batch 1, only after per-file source/route/test review
  6. Supabase linked lint live-definition discovery doc, no mutation
  7. Supabase additive migration fix for the two confirmed lint errors
  8. Small dependency security PRs, starting with tar
  9. Issue cleanup ledger
  10. Evidence-comment/close issues in batches after human review

Validation already run successfully

From local Codex work:

npm run typecheck
npm run lint:ratchet
npm run test:run
npm run docs:check
npm run knowledge:check
npm run fresh:context

npm run test:run result from prior pass: 4,398 passed, 39 skipped.

Knip commands intentionally exit 1 with the tuned baseline findings above.

Acceptance criteria for this tracking issue

  • One PR lands the docs/generated-file policy and audit correction.
  • One PR lands Repomix/context + Git hygiene helpers or confirms they should be kept local only.
  • One PR lands Knip tuning and documents the current 6-file / 5-dep baseline.
  • One PR resolves the 5 unlisted direct dependencies or removes the direct imports.
  • One PR handles the first safe dead-file deletion batch with tests.
  • Supabase live function bodies and invitation columns are captured read-only.
  • Supabase lint errors are fixed by an additive reviewed migration.
  • Dependency security patches are handled in small PRs, not by npm audit fix --force.
  • Issue ledger is created/updated before any bulk issue comments or closures.

Metadata

Metadata

Assignees

No one assigned

    Labels

    agent:readyReady for Claude / Codex agentdatabaseSchema, migrations, indexes, SQLdependenciesPull requests that update a dependency filedocumentationImprovements or additions to documentationplan-meTrigger CodeRabbit automatic issue planningrisk:mediumMedium risk — localized feature changerlsSupabase RLS policies/testssource:claudeIdentified by Claude / Codexsurface:databaseDatabase schema / Supabasesurface:docsDocumentationtech-debtTech debt to address later

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions