Weekly health digest — 2026-06-22

[ucsandman]

What got worse

• Files over 300 lines: 211 vs 158. Net +53, driven by four new mcp-server/* entrants in the top-10 (test/providers.test.ts 3334, src/provider-actions.ts 2793, src/tools/index.ts 1996, lib/provider-actions.js 1825).
• JS vulnerabilities: 1 vs 0. Audit is no longer clean; npm audit will name the advisory.
• app/docs/page.tsx grew again (3066 to 3265). middleware.js (1615 to 1724) and actions.repository.ts (1366 to 1751) both grew materially.

What got better

• Test-to-source file ratio: 0.38 vs 0.36. Small but real; the new 3334-line providers.test.ts is what nudged the ratio.

New untested routes

None.

Current state concerns

• CI pass rate below 80% over 30 days (current 0.0%, last-10 runs: empty; no recorded runs, signal is absent rather than failing).
• JS dependency vulnerabilities greater than 0 (current 1).
• Files over 300 lines exceed baseline + 10% (current 211 vs 2026-06-08 baseline 158; 10% threshold is 174).
• mcp-server/test/providers.test.ts over 2000 lines (3334).
• app/docs/page.tsx over 2000 lines (3265).
• sdk/legacy/dashclaw-v1.js over 2000 lines (2960; deprecated, removed in v5.0.0).
• mcp-server/src/provider-actions.ts over 2000 lines (2793).

One thing to do this week

Patch the new JS advisory. Run npm audit to name it (lockfile is fresh, so the regression landed this week), apply npm audit fix if it resolves cleanly, otherwise bump the specific dep and rerun. Under 4 hours, returns the audit to 0, and forecloses the easy cause before it compounds.

---

Generated by Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
dashclaw-hosted	Ready	Preview, Comment	Jun 22, 2026 1:06pm
dashclaw-trial	Ready	Preview, Comment	Jun 22, 2026 1:06pm