[Debt] Triage jscpd duplicate-code baseline across GovOPlaN repositories #3

Closed
opened 2026-07-11 16:02:50 +02:00 by zemion · 1 comment
Owner

Created from /mnt/DATA/git/govoplan/audit-reports/govoplan-full-20260711-1529/jscpd/jscpd-report.json.

Current baseline:

  • 377 duplicate blocks.
  • 5,046 duplicated lines.
  • 2.709% duplicated lines and 3.687% duplicated tokens.

Largest clusters from the report include:

  • audit route response assembly duplicated within govoplan-audit.
  • core WebUI API client repetition in webui/src/api/admin.ts and webui/src/api/mail.ts.
  • campaign schema and campaign version validation repetition.
  • cross-module admin/access/policy/tenancy schema duplication.
  • permission catalog duplication between access and core.

Acceptance criteria:

  • Split this baseline into focused child issues only where duplication causes bugs, blocks maintainability, or crosses ownership boundaries.
  • Avoid mechanical abstraction for harmless generated/package metadata duplication.
  • Keep jscpd ignored paths narrow; do not suppress real application duplication globally.
Created from `/mnt/DATA/git/govoplan/audit-reports/govoplan-full-20260711-1529/jscpd/jscpd-report.json`. Current baseline: - 377 duplicate blocks. - 5,046 duplicated lines. - 2.709% duplicated lines and 3.687% duplicated tokens. Largest clusters from the report include: - audit route response assembly duplicated within `govoplan-audit`. - core WebUI API client repetition in `webui/src/api/admin.ts` and `webui/src/api/mail.ts`. - campaign schema and campaign version validation repetition. - cross-module admin/access/policy/tenancy schema duplication. - permission catalog duplication between access and core. Acceptance criteria: - Split this baseline into focused child issues only where duplication causes bugs, blocks maintainability, or crosses ownership boundaries. - Avoid mechanical abstraction for harmless generated/package metadata duplication. - Keep jscpd ignored paths narrow; do not suppress real application duplication globally.
Author
Owner

Codex State: done

Triaged the jscpd duplicate-code baseline and split the actionable source-code clusters into owner-specific child issues.

Child issues:

  • govoplan-audit#7: [Debt] Refactor duplicated audit route response assembly (created)
  • govoplan-core#249: [Debt] Centralize repeated WebUI API client request helpers (created)
  • govoplan-core#250: [Debt] Define shared platform API schema primitives across access, admin, policy, and tenancy (created)
  • govoplan-access#14: [Debt] Remove permission catalog duplication between access and core (created)
  • govoplan-calendar#14: [Debt] Consolidate duplicated calendar sync source finalization paths (created)
  • govoplan-core#251: [Debt] Provide shared module runtime proxy helper for modules (created)
  • govoplan-core#252: [Debt] Define shared SQLAlchemy change-tracking helpers for modules (created)
  • govoplan-campaign#56: [Debt] Reduce campaign route and recipient UI duplication after address integration (created)

Audit-tooling cleanup:

  • Scoped jscpd away from documentation snippets, package manifests, generated translations, public SVG assets, workflow YAML, and declarative backend schema JSON.
  • Kept application/test source, migrations, and module code in scope so structural duplication still appears in future full scans.

Verification:

  • bash -n tools/checks/check-security-audit.sh
  • ./.venv/bin/python - <<'PY' ... recomputed the filtered baseline: 328 source-code clones remain after non-code filtering, down from 377 total report entries.

Closing this tracker; implementation work continues in the child issues above.

## Codex State: done Triaged the jscpd duplicate-code baseline and split the actionable source-code clusters into owner-specific child issues. Child issues: - govoplan-audit#7: [Debt] Refactor duplicated audit route response assembly (created) - govoplan-core#249: [Debt] Centralize repeated WebUI API client request helpers (created) - govoplan-core#250: [Debt] Define shared platform API schema primitives across access, admin, policy, and tenancy (created) - govoplan-access#14: [Debt] Remove permission catalog duplication between access and core (created) - govoplan-calendar#14: [Debt] Consolidate duplicated calendar sync source finalization paths (created) - govoplan-core#251: [Debt] Provide shared module runtime proxy helper for modules (created) - govoplan-core#252: [Debt] Define shared SQLAlchemy change-tracking helpers for modules (created) - govoplan-campaign#56: [Debt] Reduce campaign route and recipient UI duplication after address integration (created) Audit-tooling cleanup: - Scoped jscpd away from documentation snippets, package manifests, generated translations, public SVG assets, workflow YAML, and declarative backend schema JSON. - Kept application/test source, migrations, and module code in scope so structural duplication still appears in future full scans. Verification: - `bash -n tools/checks/check-security-audit.sh` - `./.venv/bin/python - <<'PY' ...` recomputed the filtered baseline: 328 source-code clones remain after non-code filtering, down from 377 total report entries. Closing this tracker; implementation work continues in the child issues above.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan#3
No description provided.