Skip to main content

No orphaned features detected

ab-001544 · goal-alignment.scope-accuracy.no-orphaned-features
Severity: mediumactive

Why it matters

Orphaned features are different from scope creep: they are incomplete implementations that were started and abandoned. An unlinked route that handles user data is reachable by anyone who knows the URL, even if no navigation link exposes it — no access control review was ever completed because the feature was never shipped intentionally. An unqueried database table accumulates data that is never cleaned up and never audited. ISO 25010:2011 maintainability flags dead code as a direct quality defect: it increases cognitive load for future developers and creates latent risk.

Severity rationale

Medium because orphaned routes are reachable despite appearing abandoned, creating unreviewed access surface that may handle sensitive operations without proper guards.

Remediation

For each orphaned element, make an explicit keep-or-delete decision. Do not leave it in an ambiguous state.

To wire up an orphaned route, add a navigation link and verify its auth guard in src/middleware.ts:

// src/middleware.ts — ensure the orphaned route is protected
export const config = {
  matcher: ['/analytics/:path*', '/dashboard/:path*']
}

To delete an orphaned route cleanly:

rm -rf src/app/analytics
# If it has an associated schema table:
npx prisma migrate dev --name drop_analytics_orphan

Also check src/components/ for defined-but-never-imported components and remove them from the component tree.

Detection

  • ID: goal-alignment.scope-accuracy.no-orphaned-features
  • Severity: medium
  • What to look for: Enumerate every relevant item. Look for code that appears to be part of an incomplete or abandoned feature — routes that exist but are not linked from anywhere in the navigation, components that are defined but never imported, API endpoints with no callers, database tables or schema models that no query references. These are different from scope creep (which is extra features that work) — orphaned features are partial or abandoned implementations.
  • Pass criteria: At least 1 of the following conditions is met. Every substantial route is reachable from the application's navigation. Every API endpoint is called from somewhere in the codebase. No schema tables are entirely unqueried.
  • Fail criteria: One or more routes exist that are not linked from the application's navigation and have no evidence of being intentionally unlisted (e.g., internal tooling, webhook endpoints). One or more API endpoints exist with no callers. One or more schema tables have no queries referencing them.
  • Skip (N/A) when: Project is in early development where placeholder routes are expected. Signal: most routes are empty or scaffolded with TODO comments, suggesting the project is not yet feature-complete.
  • Cross-reference: For user-facing accessibility and compliance, the Accessibility Basics audit covers foundational requirements.
  • Detail on fail: Name the specific orphaned elements. Example: "/analytics route exists with full implementation but is not linked from navigation and has no callers. analytics_events table has no queries." Max 500 chars.
  • Remediation: Orphaned features suggest incomplete work or abandoned ideas. For each orphaned element: either connect it to the application via src/app/ routes (add navigation links, wire up API calls) or delete it. Leaving orphaned code creates maintenance burden and can introduce security risk if the code handles sensitive operations without proper access control.

External references

Taxons

History