286 lines
8.4 KiB
YAML
286 lines
8.4 KiB
YAML
kind: WavePipeline
|
|
metadata:
|
|
name: audit-dead-code
|
|
description: "Find dead or redundant code, remove it, and commit to a feature branch"
|
|
release: true
|
|
|
|
requires:
|
|
tools:
|
|
- go
|
|
|
|
skills:
|
|
- software-design
|
|
|
|
input:
|
|
source: cli
|
|
example: "find and remove dead code in internal/pipeline"
|
|
|
|
steps:
|
|
- id: scan
|
|
persona: navigator
|
|
model: claude-haiku
|
|
workspace:
|
|
mount:
|
|
- source: ./
|
|
target: /project
|
|
mode: readonly
|
|
exec:
|
|
type: prompt
|
|
source: |
|
|
Scan for dead or redundant code: {{ input }}
|
|
|
|
## Pre-Scan: Ensure Code is Up-to-Date
|
|
|
|
Before scanning, verify the local code matches the remote to avoid analyzing stale code:
|
|
```bash
|
|
git fetch origin
|
|
```
|
|
If the local HEAD is behind origin/main, warn in your output that findings may
|
|
need re-verification against the latest main branch.
|
|
|
|
## What to Look For
|
|
|
|
1. **Unused exports**: Exported functions, types, constants, or variables
|
|
that are never referenced outside their package.
|
|
|
|
2. **Unreachable code**: Code after return/panic, impossible branches,
|
|
dead switch cases.
|
|
|
|
3. **Orphaned files**: Files not imported by any other file in the project.
|
|
|
|
4. **Redundant code**: Duplicate functions, copy-paste blocks,
|
|
wrappers that add no value.
|
|
|
|
5. **Stale tests**: Tests for functions that no longer exist,
|
|
or tests that test nothing meaningful.
|
|
|
|
6. **Unused dependencies**: Imports that are no longer needed.
|
|
|
|
7. **Commented-out code**: Large blocks of commented code that
|
|
should be deleted (git has history).
|
|
|
|
## Verification
|
|
|
|
For each finding, verify it's truly dead:
|
|
- Grep for all references across the entire codebase
|
|
- Check for reflect-based or string-based usage
|
|
- Check if it's part of an interface implementation
|
|
- Check for build tag conditional compilation
|
|
|
|
Produce a structured JSON result matching the contract schema.
|
|
Only include findings with high or medium confidence. Skip low confidence.
|
|
output_artifacts:
|
|
- name: scan_results
|
|
path: .wave/output/dead-code-scan.json
|
|
type: json
|
|
retry:
|
|
policy: patient
|
|
max_attempts: 2
|
|
handover:
|
|
contract:
|
|
type: json_schema
|
|
source: .wave/output/dead-code-scan.json
|
|
schema_path: .wave/contracts/dead-code-scan.schema.json
|
|
on_failure: retry
|
|
|
|
- id: clean
|
|
persona: craftsman
|
|
dependencies: [scan]
|
|
memory:
|
|
inject_artifacts:
|
|
- step: scan
|
|
artifact: scan_results
|
|
as: findings
|
|
workspace:
|
|
type: worktree
|
|
branch: "chore/{{ pipeline_id }}"
|
|
base: "origin/main"
|
|
exec:
|
|
type: prompt
|
|
source: |
|
|
Remove the dead code on this isolated worktree branch.
|
|
|
|
The scan findings have been injected into your workspace. Read them first.
|
|
|
|
## Process
|
|
|
|
1. **Remove dead code** — ONLY high-confidence findings:
|
|
- Start with unused imports (safest)
|
|
- Then commented-out code blocks
|
|
- Then unused exports
|
|
- Then orphaned files
|
|
- Skip anything with confidence=medium unless trivially safe
|
|
- After each removal, verify the build still passes
|
|
|
|
2. Run the full test suite and fix any failures before committing.
|
|
|
|
3. **Commit**:
|
|
```bash
|
|
git add <specific-files>
|
|
git commit -m "chore: remove dead code
|
|
|
|
Removed N items of dead code:
|
|
- DC-001: <symbol> (unused export)
|
|
- DC-002: <file> (orphaned file)
|
|
..."
|
|
```
|
|
|
|
If ANY test fails after a removal, revert that specific removal
|
|
and continue with the next item.
|
|
retry:
|
|
policy: standard
|
|
max_attempts: 3
|
|
handover:
|
|
contract:
|
|
type: test_suite
|
|
command: "{{ project.test_command }}"
|
|
must_pass: true
|
|
on_failure: retry
|
|
|
|
- id: verify
|
|
persona: reviewer
|
|
dependencies: [clean]
|
|
memory:
|
|
inject_artifacts:
|
|
- step: scan
|
|
artifact: scan_results
|
|
as: original_findings
|
|
exec:
|
|
type: prompt
|
|
source: |
|
|
Verify the dead code removal was safe.
|
|
|
|
The original scan findings have been injected into your workspace. Read them first.
|
|
|
|
Check:
|
|
1. Were only high-confidence items removed?
|
|
2. Are all tests still passing?
|
|
3. Does the project still build cleanly?
|
|
4. Were any false positives accidentally removed?
|
|
5. Is the commit focused (no unrelated changes)?
|
|
|
|
Produce a structured JSON verification report matching the contract schema.
|
|
|
|
The `verdict` field MUST be either:
|
|
- `"CLEAN"` — all removals are safe, tests pass, no false positives detected
|
|
- `"NEEDS_REVIEW"` — potential issues found that require human review
|
|
|
|
**Important**: The contract schema only accepts `"CLEAN"`. If you set verdict
|
|
to `"NEEDS_REVIEW"`, contract validation will intentionally fail and the
|
|
pipeline will halt before creating a PR. This is the desired safety behavior.
|
|
output_artifacts:
|
|
- name: verification
|
|
path: .wave/output/verification.json
|
|
type: json
|
|
retry:
|
|
policy: standard
|
|
max_attempts: 2
|
|
handover:
|
|
contract:
|
|
type: json_schema
|
|
source: .wave/output/verification.json
|
|
schema_path: .wave/contracts/dead-code-verification.schema.json
|
|
on_failure: retry
|
|
|
|
- id: create-pr
|
|
persona: craftsman
|
|
dependencies: [verify]
|
|
memory:
|
|
inject_artifacts:
|
|
- step: scan
|
|
artifact: scan_results
|
|
as: findings
|
|
- step: verify
|
|
artifact: verification
|
|
as: verification_report
|
|
workspace:
|
|
type: worktree
|
|
branch: "chore/{{ pipeline_id }}"
|
|
exec:
|
|
type: prompt
|
|
source: |
|
|
Create a pull request for the dead code removal.
|
|
|
|
## Working Directory
|
|
|
|
You are running in an **isolated git worktree** shared with previous pipeline steps.
|
|
Your working directory IS the project root. The branch already exists from the
|
|
clean step — just push it and create the PR.
|
|
|
|
## SAFETY: Do NOT Modify the Working Tree
|
|
|
|
This step MUST NOT run `git checkout`, `git stash`, or any command that changes
|
|
the current branch or working tree state.
|
|
|
|
## Instructions
|
|
|
|
### Step 1: Load Context
|
|
|
|
The scan findings and verification report have been injected into your workspace.
|
|
Read them both to understand what was found and the verification outcome.
|
|
|
|
### Step 2: Push the Branch
|
|
|
|
```bash
|
|
git push -u origin HEAD
|
|
```
|
|
|
|
### Step 3: Create Pull Request
|
|
|
|
```bash
|
|
{{ forge.cli_tool }} {{ forge.pr_command }} create --title "chore: remove dead code" --body "$(cat <<'PREOF'
|
|
## Summary
|
|
|
|
Automated dead code removal based on static analysis scan.
|
|
|
|
<summarize what was removed: N items, types, estimated lines saved>
|
|
|
|
## Verification
|
|
|
|
<summarize verification report: CLEAN or NEEDS_REVIEW, test status>
|
|
|
|
## Removed Items
|
|
|
|
<list each removed item with its ID, type, and location>
|
|
|
|
## Test Plan
|
|
|
|
- Full test suite passed after each removal
|
|
- Build verified clean after all removals
|
|
- Auditor persona verified no false positives
|
|
PREOF
|
|
)"
|
|
```
|
|
|
|
### Step 4: Request Copilot Review (Best-Effort)
|
|
|
|
```bash
|
|
{{ forge.cli_tool }} {{ forge.pr_command }} edit --add-reviewer "copilot" 2>/dev/null || true
|
|
```
|
|
|
|
## CONSTRAINTS
|
|
|
|
- Do NOT spawn Task subagents — work directly in the main context
|
|
- Do NOT run `git checkout`, `git stash`, or any branch-switching commands
|
|
- Do NOT include Co-Authored-By or AI attribution in commits
|
|
|
|
output_artifacts:
|
|
- name: pr-result
|
|
path: .wave/output/pr-result.json
|
|
type: json
|
|
retry:
|
|
policy: aggressive
|
|
max_attempts: 2
|
|
handover:
|
|
contract:
|
|
type: json_schema
|
|
source: .wave/output/pr-result.json
|
|
schema_path: .wave/contracts/pr-result.schema.json
|
|
must_pass: true
|
|
on_failure: retry
|
|
outcomes:
|
|
- type: pr
|
|
extract_from: .wave/output/pr-result.json
|
|
json_path: .pr_url
|
|
label: "Pull Request"
|