## Codebase Accountability - 09/10/2025 - Your team has the best understanding of your code and knows which areas require improvement. High-priority cleanup efforts should focus on addressing debt in actively used features. Debt that could pose significant risks to your product working properly, or delay your team's delivery of that product. - However, there are universal practices across Nitro & Tempo that need improvement and maintenance. The issues below can be categorized as: - Feature debt (issues related to specific features) - Technical debt (systemic issues that slow down development) - Security risks (vulnerabilities that need addressing) - Best practices --- ### Feature Toggles - Remove usage of dead toggles in application & automated test code - Reduces table lookups in `feature_toggles` table (resulting in faster page loads) - Checking for inactivity in db, codebase, & Product intention. - Feature Toggles records delete themselves on Sundays when it's been 90+ days since their `deprecated_at` Example PRs: - https://github.com/powerhome/nitro-web/pull/50078 - https://github.com/powerhome/nitro-web/pull/51187 --- ### Brakeman Run with `bundle exec brakeman -I` for entire codebase, or `bundle exec brakeman -I -p components/foo` for one component at a time. - File to remove offenses from: `config/brakeman.ignore` - Interactive command is cumbersome & slow, but works - Interactive command is much faster scoped to one component at a time, but must regen full app - After resolving offenses, regenerate file to confirm issue is resolved & push up results. Brakeman docs: https://brakemanscanner.org/docs/ BT handbook: https://portal.powerapp.cloud/docs/default/component/bt-handbook/technical-standards/software-security-policy/#brakeman Example Nitro PRs: - https://github.com/powerhome/nitro-web/pull/50441 - https://github.com/powerhome/nitro-web/pull/43701 --- ### Global frozen string literals (Magic comments) - Globally turned on by Nitro/Tempo component - Most causes involve Zero QA testing - Some components need a few files updated first - On by default in all new components since end of 2023 StackOverflow Step-by-Step instructions: https://stackoverflowteams.com/c/powerhome/questions/524 Example PRs: - https://github.com/powerhome/nitro-web/pull/37823 - https://github.com/powerhome/nitro-web/pull/36815 --- ### CSS Best Practices As presented by Nida Ghuman [Gist with breakdown of issue and solutions](https://gist.github.com/nidaqg/a74357264a1f4f53b273158b1f4b9676) --- ### Packwerk Resolve offenses in component's `package_todo.yml` - Easy ones: A transcient dep is actually a direct dep; Just add correctly and bundle in all components (bin/cobra exec bundle --ruby) - Hard ones: There is a circular dependency that needs to be resolved by refactoring concerns into the right places - `bin/packwerk update-todo` is the command that will regen todo files in all components. You can only remove offenses, not permitlist new ones. BT handbook: https://portal.powerapp.cloud/docs/default/component/bt-handbook/technical-standards/packwerk-for-compoent-based-rails-apps/ Example PRs: - https://github.com/powerhome/nitro-web/pull/47609 - https://github.com/powerhome/nitro-web/pull/49239 --- ### JS Lint #### ESLint & Prettier - `yarn lint` & `yarn lint-fix` scripts live in `package.json` - No "Todo" files in JS lint tools, but ESLint rules can be disabled inline - Enforced in CI but not in overcommit - On by default in all new components since early 2023 RFC: https://github.com/powerhome/rfcs/blob/main/0075-enforce-frontend-code-formatting.md Example PRs: https://github.com/powerhome/nitro-web/pull/30070 https://github.com/powerhome/nitro-web/pull/30889 Example `package.json` files: - components/compensation/package.json - components/marketing/package.json Prettier adoption HackMD: https://hackmd.io/oygwpnr0TtObS4MvLiuzEw?view --- ### Rubocop Ruby lint offenses that are intended to NEVER be corrected get added as inline disable comments in files. The rubocop TODO file is just that, a file holding items that need to be resolved. - Easy to resolve offenses: - using the `-a` flag only fixes safely autocorrected offenses - using the `-A` flag autocorrects more offenses, but those autocorrections may or may not alter how the code works, so they need to be scrutinized - Hard to resolve offenses: require manual changes - Enforced in CI & in overcommit - On by default in all new components since generators have existed StackOverflow & example PRs StackOverflow on how to regenerate `rubocop_todo.yml`s: https://stackoverflowteams.com/c/powerhome/questions/188 Example PR that cleans up auto-correctable offenses: https://github.com/powerhome/nitro-web/pull/24548 ---- ### ERB Lint - Almost all offenses are autocorrectible - Enabled one component at a time - No "Todo" files like Rubocop, but enforces rubocop cops in templates - Enforced in CI & overcommit - Not yet configured on by default in generators RFC: https://github.com/powerhome/rfcs/blob/main/0100-erb-linting.md StackOverflow Instructions: https://stackoverflowteams.com/c/powerhome/questions/545 Example PR: https://github.com/powerhome/nitro-web/pull/50776