Overview

Quality dimensions

Four headline scores (0–100, higher = healthier) summarising the repo's Code, Architecture, Knowledge, and Delivery dimensions. The bullet bar shows the current score against the healthy (green) and warning (yellow) thresholds. The sparkline shows the sampled historical trend. The "Attention" chip appears when the Shewhart XmR chart signals a statistical excursion or sustained run.

Codebase at a glance

Summary metrics across the repo. KPI cards are computed at ingest time using deterministic published formulas — click any value to inspect its derivation in the report sidecar.
Learn more — how to read this panel

What it measures. Top-line repo health metrics computed at ingest from the full git history and HEAD-time code scans: file count, contributor count, total churn, complexity peaks, and a handful of composite indicators. Every number is deterministic and reproducible from the commit SHA — no sampling, no estimation.

How to read it. Each tile is one metric with the current value and a short qualifier. KPIs are snapshots, not trends — for trends, scroll to the Trends, Commit activity, or Delivery risk panels below.

What to watch for. Disproportions: high churn with very few contributors hints at bus-factor risk. Many files but low complexity peaks usually means small, single-purpose modules (good). A small number of files with extreme complexity = monolith risk.

Suggested action. Use the tiles as orientation. Any anomalous value is a breadcrumb into the deeper panels — pull the thread there.

Guided tour

A 4-step walk through the hero map — from code health to refactoring targets. Each step sets the circle-pack colour lens and brushes the relevant files.
Learn more

What it does. The martini-glass tour narrows focus progressively: start with the full health picture, then zoom into hotspots, then find where effort is wasted, then surface the top refactoring candidates.

How to use it. Click Start tour to begin. Use Next / Prev or the numbered chips to navigate. The circle-pack colour mode and brush update automatically at each step (entering the tour clears any active brush). Click Exit or finish the last step to return to free-form exploration.

Colour modes used. Steps 1 and 4 use the Code health lens; step 2 uses Cognitive complexity; step 3 uses the Friction heat-ramp. Step 4 additionally brushes the top-10 hotspot files across all widgets.

Hotspots

Files sized by churn (revisions). Toggle the colour mapping across the behavioural lenses: complexity (cognitive yellow→red), code health (DaisyUI 3-band), tech-debt friction (Tornhill 2018 score), knowledge map (primary author), AI attribution, and clones (Type-1/Type-2 structural duplication). Files in the top quartile of hotspot score wear a yellow ring overlay.
Learn more — how to read this panel

What it measures. Behavioural pressure across the codebase. Circle size encodes churn (revision count); the active colour lens encodes one of seven behavioural signals — complexity, code health, tech-debt friction, knowledge map, AI attribution, knowledge loss (under your off-boarding scenario), or clones.

How to read it. Big circles = files changed often. Red / dark fills = high pressure on the selected lens. A yellow ring overlay marks the top quartile of hotspot score (the composite churn × complexity signal). Click any circle to open the file detail drawer — the same file then lights up across the trends and multi-metric panels.

What to watch for. Large RED circles wearing a yellow ring: frequently changed, complex, and in the top-quartile of overall risk. They are the primary refactor candidates. Switch to Knowledge loss mode after picking off-boarders to see which circles turn red under attrition.

Suggested action. Sort the Hotspot table by score and refactor top-down. Use the off-boarding picker to surface bus-factor exposure before it becomes an incident.

A. Tornhill 2018, Software Design X-Rays; cognitive complexity per SonarSource 2018.

Keyboard-accessible file list () A screen-reader-friendly textual alternative to the canvas circle-pack above. Same top-50 hotspot files, browsable with arrow keys and selectable with Enter / Space. Useful for WAI-ARIA accessibility and for users who prefer scanning a list to clicking circles. Each row shows the path plus a colour-coded code-health badge.

Hotspots & Risk

Hotspot table

Sortable drill-down view of every hotspot row. Click a column header to sort. Type to filter by path.
Learn more — how to read this panel

What it measures. The full hotspot list as a sortable, filterable table. One row per file with every behavioural metric the dashboard computes — revisions, cognitive complexity, code health, hotspot score, primary author, AI attribution, MI rank, contributors.

How to read it. Click any column header to sort by that column (click again to reverse). Type in the filter box to narrow by path substring; the summary line under the filter shows how many rows match. Click a row to open the file detail drawer — the file then lights up across the trends, parallel-coords, and any other path-aware panel.

What to watch for. Use the table as the drill-down surface for any signal you spotted in a chart. The combination of high revisions + low health + recent activity is the canonical "fix this now" pattern.

Suggested action. Sort by hotspot score descending, copy the top-N paths into your sprint board, and refactor by priority.

Hotspots — treemap view

Same data as the circle-pack above, rendered as nested rectangles for strict area-comparison readability.
Learn more — how to read this panel

What it measures. The same hotspot data as the circle-pack above, rendered as nested rectangles. Area encodes cognitive complexity × revisions; colour encodes the active hotspot lens.

How to read it. Each rectangle is one file (label = abbreviated path). The larger the rectangle, the higher the cognitive × revisions product. Treemaps use strict area encoding — unlike circle area, rectangle area is read accurately by the eye, so this view is the right one when you need to compare sizes precisely.

What to watch for. The two or three rectangles that dominate the layout — they own most of the codebase's pressure. Small, evenly-sized tiles = healthy distribution; one giant tile + many tiny ones = god-class shape.

Suggested action. When you're picking refactor targets by impact, sort by the treemap's largest rectangles. When you're picking by risk lens (complexity, health, friction), the circle-pack's colour ramp is easier to scan — use whichever fits your current question.

Function X-Ray

Function-level cognitive complexity. Inner ring = top-level path segment; outer = function. Click any wedge to drill down. Top 500 functions by cognitive complexity.
Learn more — how to read this panel

What it measures. Function-level cognitive complexity for the top 500 functions in the repository. Sunburst layout: the inner ring is the top-level path segment, the outer rings drill into directories and finally individual functions. Wedge area encodes complexity.

How to read it. Bigger wedge = more complex function. Click any wedge to zoom in (the sunburst re-roots to that subtree); click the centre to zoom back out. Hover for the full module path plus function name.

What to watch for. A single huge outer wedge inside a module = that one function owns most of the module's complexity. The most dangerous pattern is one function dominating and the same file appearing high in the Hotspot list (frequent churn on a complex function).

Suggested action. Refactor the largest wedges first by extracting helpers and simplifying control flow. Even one extraction can drop a wedge by 30–50% of its visual area.

Code Health

Repo health timeline

Combined, architectural, and code health (0–100) recomputed at sampled historical commits. Shows whether overall repo health is improving or degrading over time.
Learn more — how to read this panel

What it measures. Up to 12 commits evenly spaced across history are re-analysed: the import graph and complexity metrics are rebuilt at each revision, then scored as architectural health (propagation cost + cycle penalty, 0–100), code health (mean file health score, 0–100), and combined health (their average). Higher is healthier.

How to read it. The bold line is the combined score; the lighter lines are the two components. The faint background bands mark red (0–40), yellow (40–70), and green (70–100) zones. Use the toggle to switch to a split view showing each component on its own panel.

What to watch for. A declining combined line means the repo is accumulating debt faster than it is being paid down. A divergence between architectural and code health — one rising while the other falls — points to where the primary debt source is. Cross-reference with the Architecture trend panel for cycle and propagation details.

Suggested action. If architectural health is declining, run --analysis dependency-cycles to find the tangles introduced at the inflection point. If code health is declining, the Hotspot table will show which files are driving it.

Code Health — effort distribution

Where engineering effort lands across red / yellow / green health bands. A team with most churn in red code is in reactive mode; most churn in green means proactive maintenance.
Learn more — how to read this panel

What it measures. Two 100% stacked bars: the top bar shows the share of total SLOC (source lines of code) in each health band at HEAD; the bottom bar shows the share of trailing-window churn (lines added + deleted) that landed in each band. The dot strip encodes the same churn share as 20 coloured dots — each dot = 5% of window churn.

How to read it. LOC bar = how your codebase is distributed today. Churn bar = where your team is actually spending its energy. If the churn bar has a large red segment while the LOC bar has a small red segment, the team is disproportionately fighting fires in its worst files.

What to watch for. Red churn share consistently above 40% indicates a reactive maintenance pattern. Improving = churn shifting toward green over successive sprints.

Suggested action. Prioritise the top hotspots with red health for refactoring investment to reduce the cost of future changes there.

Health improvements & regressions

Signal-bearing code-health band transitions detected across sampled historical commits. Click any file to open its detail drawer.

Cognitive distribution

How hard each file is to reason about, across the whole codebase. Cognitive complexity counts nested decisions and control-flow disruptions — lower = easier to read. Box-and-whisker shows median + middle 50%; outlier count and max sit in the top-right corner.
Learn more — how to read this panel

What it measures. The distribution of cognitive complexity across every file with a measured score. Cognitive complexity counts nested decisions, breaks, and control-flow disruptions — it tracks "how hard is this to reason about" more faithfully than cyclomatic complexity does.

How to read it. The box spans Q1 to Q3 (the middle 50% of files). The line inside the box is the median. Whiskers extend to ±1.5 × IQR; the y-axis is clipped to that range so the box dominates the chart. The "+N outliers · max V" annotation in the top-right tells you how many files exceed the upper whisker and what the worst case is.

What to watch for. A short box with a high outlier count is a long-tail problem: most files are fine but a handful are pathological. The bigger the gap between the upper whisker and the annotated max, the more lopsided your complexity tail is.

Suggested action. Open the Hotspot table sorted by cognitive descending. The first five to ten rows usually own most of the right-tail; refactoring those alone moves the median significantly.

G. A. Campbell, Cognitive Complexity — A new way of measuring understandability, SonarSource white paper 2018.

Multi-metric comparison

Top-20 hotspots across five behavioural axes. Drag on any axis to filter — useful for "files high on cognitive AND low on MI" cross-cuts.
Learn more — how to read this panel

What it measures. The top-20 hotspot files plotted simultaneously across five axes: Revisions, Cognitive complexity, Code health, Hotspot score (composite), and MI rank (maintainability percentile). Each polyline is one file.

How to read it. Follow a polyline left-to-right to see one file's profile across all five metrics. Drag-select a range on any axis to filter — polylines outside your selection grey out. Hover any polyline to isolate it (others fade to 15%); click to open the file drawer.

What to watch for. Files that are outliers on multiple axes at once — high Revisions AND high Cognitive AND low MI is a triple red flag. Drag-filter the Cognitive axis to "> 200" and the MI axis to "< 5%" simultaneously to see who survives both cuts.

Suggested action. Use this panel when no single metric clearly points to a winner. Multi-axis outliers are the highest-leverage refactor targets — addressing them moves several axes at once.

A. Inselberg 1985, The plane with parallel coordinates.

Architecture

Architecture graph

Force-directed import graph (Rust + Python + JS/TS) fused with git history. Nodes are coloured by architectural role (core / control / shared / periphery); diamonds are unstable interfaces; ringed nodes sit in a dependency cycle. Solid edges are imports; dashed edges are modularity violations (co-change with no import). The title reports the system propagation cost.
Learn more — how to read this panel

What it measures. The structural import graph as resolved from source: Rust use, Python import, JS/TS import. The depth selector below controls how aggressively paths are rolled up into "modules" — Auto deepens until at least 8 distinct nodes surface, fixed numbers force a specific roll-up depth.

How to read it. Force-directed layout: modules that import each other settle next to each other. Node colour = architectural role (Baldwin & MacCormack "hidden structure", from transitive reachability): core = the dominant dependency cycle; shared = depended on as widely as the core but depends on little (utilities); control = the inverse (orchestrators); periphery = the healthy leaf bulk. Diamonds = unstable interfaces; a ring = the module sits in a dependency cycle. Solid edges are imports; dashed edges are modularity violations (Fisher-significant co-change with no import edge). The title shows propagation cost — the share of the system a random change can reach.

What to watch for. A large red core means a big tangle everything routes through (hard to change in isolation) — confirm with --analysis dependency-cycles. A high propagation cost means changes ripple widely. Dashed edges are hidden coupling — two modules that change together but don't import each other, coupled through a shared global, a leaky abstraction, or a third party (Kazman & Cai's "implicit cross-module dependency"). Diamonds sitting on many edges are unstable hubs whose churn propagates.

Suggested action. Compare against the Module coupling chord above. Agreement (modules that import each other also change together) = healthy modularity. Disagreement = behaviour bleeds across structural boundaries; root-cause is usually a shared mutable state, a leaky framework, or a contract violated through string-typed APIs.

Dependency structure matrix

The same import graph as a layer-ordered matrix — it scales where the force graph hairballs. Rows import columns; cells below the diagonal (red) are back-edges: dependency cycles and layering violations. A clean, acyclic architecture is a triangular, all-blue matrix. The Fusion toggle (top of the panel) reclassifies each cell by structure×history agreement against the change- coupling data — a legend row explains the added colours.
Learn more — how to read this panel

What it measures. The resolved import graph rolled up to modules (same depth selector as the graph above), rendered as a Dependency Structure Matrix (Steward 1981; Sangal et al. 2005). Modules are ordered by architectural layer — entry points first, foundations last — using the topological level from --analysis architecture-roles.

How to read it (Structure mode, the default). Each cell (row, col) means "row imports col"; blue intensity = number of imports. Because modules are layer-ordered, healthy forward dependencies fall above the diagonal. A cell below the diagonal is red — a back-edge, where a module imports something in its own layer or shallower, which only happens inside a dependency cycle. A perfectly triangular all-blue matrix is an acyclic, cleanly-layered architecture.

Fusion mode. Click the Fusion button to reclassify each above-diagonal cell against change-coupling data (aggregated to the same module depth): agree cells import and co-change (blue, opacity graded by co-change strength); structural only cells import but never co-change (dimmed); co-change only cells — a modularity violation — co-change with no import edge at all, in the same amber the architecture graph uses for its dashed violation edges. Back-edges below the diagonal stay red in both modes. Every cell's tooltip names its class; a legend row lists all four. With no change-coupling data, Fusion mode shows the structure-mode view plus a one-line hint instead of misleading empty classifications.

What to watch for. Red cells below the diagonal are your cycles / layering violations — cross-reference --analysis dependency-cycles. A dense red block straddling the diagonal is a large tangle (the Core). In Fusion mode, amber co-change-only cells are hidden coupling a resolver can't see — the same signal the architecture graph's dashed edges surface. Unlike the force graph, the matrix stays readable as the module count grows — this is the scalable default for big repos.

Architecture trend

Structural health over time — propagation cost (blue, left) and dependency cycles (red, right) recomputed at sampled historical commits. Rising lines mean the architecture is decaying; a step up in cycles marks when a tangle first formed.
Learn more — how to read this panel

What it measures. Up to 12 commits evenly spaced across history are re-analysed: the import graph is rebuilt from the source as it existed at each revision, and the same propagation cost + dependency-cycle count the HEAD architecture metrics report are recomputed at each point (--analysis architecture-trend).

How to read it. The blue line is propagation cost (the share of the system a random change can reach, as a percentage); the red stepped line is the number of import-graph cycles. A propagation cost that climbs as the repo grows is healthy dilution turning into entanglement; a red step from 0 to 1 is the commit where the first dependency cycle appeared.

What to watch for. Sustained upward drift in either line is architectural decay. Cross-reference the commit dates with the dependency-cycles and architecture-metrics analyses to find the change that introduced a tangle. The final point matches the current HEAD metrics by construction.

Module coupling

Inter-module change-coupling rolled up from the file-pair graph by top-level directory.
Learn more — how to read this panel

What it measures. Change-coupling rolled up to the module level (first N path segments controlled by the depth selector below). Modules A and B are coupled when files in A frequently change in the same commits as files in B. Infrastructure files (lock files, .env*, docs, build manifests) are filtered out — they cluster with every release commit and would otherwise dominate the picture.

How to read it. Each node on the circle is one module. Chords (curved bands between nodes) represent cross-module change-coupling; thicker bands = stronger historical coupling. Hover a node to highlight its adjacent chords. Use the depth selector below to widen / narrow the aggregation: 2 = broad architectural modules, 6 = near file-level subsystems.

What to watch for. Strong chords between modules that should not be tightly coupled — that is the structural smell. Compare to the Architecture graph below: if two modules are change-coupled but don't import each other, the coupling is implicit (shared utilities, leaky abstractions, contract violations through a third party).

Suggested action. For each unexpected strong chord, open the Change-coupling sankey to find the top file pair driving it, then ask: is there a missing shared abstraction, or is a contract being violated?

H. Gall, K. Hajek, M. Jazayeri 1998, Detection of logical coupling based on product release history.

Change coupling

Files that change together at Fisher-significant rates. Wider bands = stronger historical coupling. Top 30 pairs by combined score.
Learn more — how to read this panel

What it measures. File-pair change-coupling at Fisher-significant rates — pairs of files that change together more often than chance would predict. Top 30 pairs by composite score (frequency × significance).

How to read it. Sankey diagram: source files on the left, target files on the right; each band is one file pair. Band width = strength of the coupling.

What to watch for. Wide bands between files that don't obviously belong together. That's the symptom of hidden coupling — shared global state, parallel-mod tax, contract violations through a third party. The Module coupling chord aggregates these to the module level; this panel is the file-level source of truth.

Suggested action. For unexpected strong pairs, look for shared dependencies you can extract or contracts you can formalise so that changes in one file don't have to ripple to the other.

Fisher's exact significance test applied per file pair; change-coupling theory: H. Gall, K. Hajek, M. Jazayeri 1998. Visual technique influenced by A. Tornhill, Your Code as a Crime Scene.

Knowledge

Knowledge surfaces

Team familiarity, knowledge islands ratio, tenure mix, and the files with the highest coordination overhead — from one behavioural scan, no manual tagging.
Learn more — how to read this panel

Familiarity. Mean team familiarity across active files: the fraction of each file's weighted change history that active authors "own" — averaged over all files touched in the window. Green ≥ 70 %, yellow 40–70 %, red < 40 %.

Islands. Fraction of active files with no active owner (primary author inactive + no successor). Lower is better. Green ≤ 20 %, yellow 20–40 %, red > 40 %.

Team composition. Commit share split by tenure bucket: onboarded (< 90 days), experienced (90–364 days), veteran (≥ 365 days). A healthy team shows some onboarding throughput without veteran over-concentration.

Coordination needs. Top files by co-change coupling tier and entropy. High-tier files are frequently changed together by multiple authors with high authorship interleaving — the strongest coordination signal.

Methodology: knowledge-shares materialized view + coordination-needs entropy; see analyses/code_familiarity.rs, analyses/coordination_needs.rs.

Knowledge islands

Files whose primary author has departed and where no substantial other owner exists — auto-detected, no manual ex-developer marking. CodeScene requires you to mark ex-developers manually; CodeLore detects them from commit history + co-change intensity.
Learn more — how to read this panel

What it measures. Files whose primary author (typically ≥80% of historical line-changes) has stopped committing and where no other developer has substantial backup ownership. Detection is purely behavioural — there's no manual "ex-developer" tagging required.

How to read it. One row per orphaned file. The risk score combines code health, complexity, and downstream coupling — the higher the score, the more painful the orphan is.

What to watch for. Concentration: multiple orphaned files in the same module = an entire subsystem with no clear owner. Critical-path orphans (high hotspot score, low health) at the top of the list are the immediate priorities.

Suggested action. Pair-program new contributors with the top files; promote the orphan files to the next sprint's documentation push; assign succession owners explicitly so the names move out of this list.

Detection: primary-author share + commit-recency decay + co-change intensity heuristic; see analyses/knowledge_islands.rs.

Delivery

Delivery

Git-only delivery proxies: rework rate, branch duration, lead-time proxy, release cadence, and top friction files. Run with --include-merges and release tags matching --release-tag-glob to populate.

Delivery risk · last 30 commits

Per-commit risk score composited from Kamei's JIT-SDP feature vector (la, ld, nf, ndev, exp, entropy). Hover any bar to see which dimension dominates that commit's risk. Citations: Kamei et al. 2013 · Hassan 2009.
Learn more — how to read this panel

What it measures. A per-commit risk score derived from Kamei's Just-In-Time defect-prediction (JIT-SDP) feature vector. Each commit is scored on size (lines added/deleted), spread (number of files), concurrency (other contributors recently touching the same files), experience (the author's familiarity with the touched files), and entropy (how diffuse the change is across modules).

How to read it. Each bar is one commit, last 30 non-merge commits, chronological order. Bar height = composite risk %. Bar colour tags whether the commit is heuristically a bug-fix vs. a feature. Hover any bar to see the full feature vector and which dimension dominates that commit's risk.

What to watch for. Streaks of high-risk commits without proportionate review investment. Size dominance = big diff; entropy = scattered changes; concurrency = simultaneous editors fighting over the same files; inexp = an unfamiliar author for the touched files. Each tells a different story.

Suggested action. For commits in the 70%+ band, retroactively check whether the review caught the risky aspects. Use the Kamei dimensions as PR-template prompts: "what dominates the risk on this PR?".

Y. Kamei et al. 2013, A large-scale empirical study of just-in-time quality assurance; A. E. Hassan 2009, Predicting faults using the complexity of code changes.

Commit activity

Per-day commit volume across the analysed history.
Learn more — how to read this panel

What it measures. Per-day commit volume across the entire analysed history. GitHub-style heatmap; one cell per day, one calendar block per year.

How to read it. Darker cells = more commits that day. The colour bands at the top map cell shade to commit-count buckets. Hover a cell for the exact date and count.

What to watch for. Cadence patterns and gaps. Sustained dark streaks = consistent delivery. Weekend or off-hours commits = potential burnout signal. Long quiet periods aligned with release dates = release-freeze rhythm. Sudden bursts in unusual periods often correlate with incidents.

Suggested action. Compare against the Delivery risk sparkline — activity bursts that coincide with high-risk commits are worth a retro discussion. Long silent days in a "shipping" team are equally worth surfacing.