AgentSkillsCN

codebase-health-analysis

分析 Go、TypeScript/JS、Python、Rust 和 Java 等多种语言的代码库健康状况——包括圈复杂度、依赖项更新频率、死代码检测以及架构边界违规等问题。在被问及代码质量、技术债务、代码健康度、复杂度分析或依赖管理时,可运用此技能进行解答。

SKILL.md
--- frontmatter
name: codebase-health-analysis
description: "Analyze codebase health across Go, TypeScript/JS, Python, Rust, and Java — including cyclomatic complexity, dependency freshness, dead code detection, and architectural boundary violations. Use this skill when asked about code quality, tech debt, code health, complexity analysis, or dependency management."

Codebase Health Analysis

When analyzing codebase health, drift auto-detects the language from manifest files and applies the appropriate analysis strategy.

Language Detection

Check for manifest files in this order:

  1. go.mod → Go (full AST analysis)
  2. package.json → TypeScript/JavaScript (heuristic regex)
  3. pyproject.toml or requirements.txt → Python (indentation-aware heuristic)
  4. Cargo.toml → Rust (heuristic regex)
  5. pom.xml or build.gradle → Java (heuristic regex)

1. Cyclomatic Complexity Analysis

Calculate cyclomatic complexity for each function by counting decision points:

Base complexity: 1 per function, then +1 for each decision point.

Go (AST-based)

  • +1 for each: if, for, range, select, switch (type switch)
  • +1 for each case clause (except default)
  • +1 for each && or || binary operator
  • Do NOT recurse into function literals

TypeScript/JavaScript (regex-based)

  • +1 for: if(, else if, for(, while(, do{, case X:, catch(
  • +1 for: &&, ||, ??, ?.

Python (indentation-aware)

  • +1 for: if, elif, for, while, except, with
  • +1 for: and, or, inline if...else
  • Function boundaries determined by indentation level

Rust

  • +1 for: if, else if, for, while, loop, match, => {
  • +1 for: &&, ||, ?

Java

  • +1 for: if(, else if, for(, while(, do{, case X:, catch(
  • +1 for: &&, ||, ternary ? :

Severity thresholds:

  • 1-10: Good (green) — easy to understand and test
  • 11-20: Warning (yellow) — consider refactoring
  • 21+: Critical (red) — should be refactored immediately

2. Dependency Freshness

Check the language-specific manifest against its registry:

LanguageManifestRegistry
Gogo.modhttps://proxy.golang.org/{mod}/@latest
TypeScript/JSpackage.jsonhttps://registry.npmjs.org/{pkg}/latest
Pythonrequirements.txt / pyproject.tomlhttps://pypi.org/pypi/{pkg}/json
RustCargo.tomlhttps://crates.io/api/v1/crates/{crate}
Javapom.xml / build.gradlehttps://search.maven.org/solrsearch/select

Staleness classification:

  • Current: version matches latest
  • Stale (30-90 days): behind latest
  • Outdated (90+ days): significantly behind, may have security patches

3. Architectural Boundary Violations

Define import rules that enforce module boundaries. A boundary rule like pkg/api -> internal/db means code in pkg/api/ should NOT import packages containing internal/db.

Import detection patterns per language:

  • Go: Full AST import parsing
  • TypeScript/JS: import...from, require(), dynamic import()
  • Python: import X, from X import
  • Rust: use, pub use, extern crate
  • Java: import (including static)

4. Dead Code Detection

Find exported/public functions that have zero callers within the project:

  • Go: Full AST — tracks all CallExpr and SelectorExpr nodes
  • Other languages: Scans for export patterns and cross-references with all call sites

5. Health Score Calculation

Combine metrics into an overall health score (0-100):

code
total = complexity_score * 0.30
      + deps_score       * 0.20
      + boundaries_score * 0.20
      + dead_code_score  * 0.15
      + coverage_score   * 0.15

Example Usage

bash
# Install drift
go install github.com/greatnessinabox/drift/cmd/drift@latest

# Run in any supported project
cd /path/to/project
drift report          # Terminal-formatted report
drift snapshot        # JSON output for CI (includes "language" field)
drift check --fail-under 70  # CI health gate
drift                 # Full interactive TUI dashboard