Skip to content

chore: remove dead scaffolding + guard GPC cookie clear (audit cleanup)#45

Merged
MP2EZ merged 2 commits into
previewfrom
chore/bloat-cleanup
May 31, 2026
Merged

chore: remove dead scaffolding + guard GPC cookie clear (audit cleanup)#45
MP2EZ merged 2 commits into
previewfrom
chore/bloat-cleanup

Conversation

@MP2EZ
Copy link
Copy Markdown
Owner

@MP2EZ MP2EZ commented May 31, 2026

Summary

Cleanup from `/m:audit --bloat` + the one `--performance` finding. All cuts are scaffolding for code paths the architecture deliberately doesn't use — zero behavior change. Net −121 LOC.

Dead code removed (bloat findings)

Item File Why it's dead
trackConversion() + ConversionEvent lib/ab-testing.ts Only console.log'd in dev. Real conversion tracking is the variant written to Notion in the waitlist route — the function's own comment admitted this.
getGpcFromCookie() lib/gpc.ts Exported "for Server Components" but zero production callers. GPC is read client-side (AnalyticsGate, GpcNotice) and request-side (middleware). Removing it also drops the only next/headers cookies() import.
POSTHOG_ASSETS_HOST lib/posthog/config.ts Exported, never imported. CSP uses literal strings; init() only sets api_host.
phase-2-in-comments + restating JSDoc lib/posthog/events.ts, lib/gpc.ts "Ships in PR #2" belongs in the tracker; JSDoc that restates the signature. Kept the @see INFRA-* refs and load-bearing compliance comments.

Plus the corresponding tests for the deleted functions (6 tests removed).

Performance finding (PERF-01)

middleware.ts cleared the being_gpc cookie on every non-GPC request — emitting a Set-Cookie on ~all traffic, which defeats shared/CDN caching of HTML responses. Now guarded:

} else if (request.cookies.has(GPC_COOKIE_NAME)) {
  response.cookies.delete(GPC_COOKIE_NAME);
}

Only emits the clearing Set-Cookie when there's actually a stale cookie to clear. Updated the middleware test: clears-when-present + new does-not-emit-when-absent.

Bonus: .gitignore fix

/.open-next/ (the 27MB OpenNext Cloudflare build output) was untracked-but-not-ignored. A local opennextjs-cloudflare build pollutes git status and makes eslint glob 12k+ generated files (it bit this very cleanup — a stray build produced 469 phantom lint errors). Pre-existing gap, fixed here. /.next/ was already ignored; .open-next was just missed.

Verification

  • All 4 deleted symbols confirmed zero remaining refs (grep)
  • npm run lint — clean
  • npm run typecheck — clean
  • npm test — 75 pass (was 80: −6 dead-path tests, +1 new middleware test)
  • npm run build — all 17 routes static

Relationship to #44

Independent of the security PR (#44, dep updates) — different files, no conflict. Either can merge first.

🤖 Generated with Claude Code

MP2EZ and others added 2 commits May 31, 2026 11:37
@MP2EZ @claude
chore: remove dead scaffolding + guard GPC cookie clear (audit cleanup)
5616106 
Cuts the bloat findings from /m:audit --bloat — all scaffolding for
paths the architecture deliberately doesn't use. Zero behavior change.

- Remove trackConversion() + ConversionEvent (lib/ab-testing.ts): the
  function only console.log'd in dev; real conversion tracking is the
  variant written to Notion in the waitlist route (its own comment
  admitted this). Dropped the call site, import, and 4 tests.
- Remove getGpcFromCookie() (lib/gpc.ts): exported "for server
  components" but zero production callers — GPC is read client-side in
  AnalyticsGate/GpcNotice and request-side in middleware. Dropping it
  also removes the only next/headers cookies() import. Dropped 4 tests.
- Remove POSTHOG_ASSETS_HOST (lib/posthog/config.ts): exported, never
  imported. The CSP uses literal strings; init only sets api_host.
- Trim phase-2-in-comments (lib/posthog/events.ts) and restating
  JSDoc (lib/gpc.ts). Kept the @see INFRA refs and load-bearing
  compliance comments.

Perf finding (PERF-01): middleware now only clears being_gpc when the
cookie is actually present (request.cookies.has), instead of emitting a
needless clearing Set-Cookie on every no-GPC request — that Set-Cookie
on ~all traffic defeats shared/CDN caching of HTML responses. Updated
the middleware test accordingly (clears-when-present + does-not-emit-
when-absent).

Also: add /.open-next/ to .gitignore. The OpenNext Cloudflare build
output (27MB) was untracked-but-not-ignored, so a local
`opennextjs-cloudflare build` pollutes git status and makes `eslint`
glob 12k+ generated files. Pre-existing gap, fixed here since it bit
this very cleanup.

Net: ~70 LOC removed, 80 → 75 tests (removed 6 dead-path tests, added
1 middleware test). lint + typecheck clean, build + worker build OK.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@MP2EZ
Merge branch 'preview' into chore/bloat-cleanup
30fc063
@MP2EZ MP2EZ merged commit 14fc241 into preview May 31, 2026
2 checks passed
@MP2EZ MP2EZ deleted the chore/bloat-cleanup branch May 31, 2026 18:47
@MP2EZ MP2EZ mentioned this pull request May 31, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MP2EZ