oxhq / deadcode-laravel
Laravel dead code pruning with evidence, staged deletion, and rollback
Maintainers
Requires
- php: ^8.2
- illuminate/console: ^10.0|^11.0|^12.0|^13.0
- illuminate/routing: ^10.0|^11.0|^12.0|^13.0
- illuminate/support: ^10.0|^11.0|^12.0|^13.0
- symfony/process: ^6.4|^7.0|^8.0
Requires (Dev)
- guzzlehttp/guzzle: ^7.9
- guzzlehttp/promises: ^2.0
- guzzlehttp/psr7: ^2.7
- inertiajs/inertia-laravel: ^2.0
- laravel/pint: ^1.23
- orchestra/testbench: ^8.0|^9.0|^10.0|^11.0
- pestphp/pest: ^2.34|^3.8|^4.0
- pestphp/pest-plugin-laravel: ^2.4|^3.2|^4.0
README
Laravel dead code pruning with evidence, staged deletion, and rollback.
deadcode-laravel boots the host Laravel app, captures runtime truth, calls the Rust deadcore engine, renders the deadcode.analysis.v1 report, and stages only the conservative removals that the current policy allows.
Command Flow
php artisan deadcode:doctor php artisan deadcode:analyze php artisan deadcode:report --input=storage/app/deadcode/analysis.json --format=json php artisan deadcode:report --input=storage/app/deadcode/analysis.json --format=table php artisan deadcode:apply --input=storage/app/deadcode/analysis.json --dry-run php artisan deadcode:apply --input=storage/app/deadcode/analysis.json --stage php artisan deadcode:rollback
deadcode:analyze {projectPath?} is supervisor-backed. The command sends an analysis task to deadcode-supervisor, streams task progress, and prints the generated deadcode.analysis.v1 payload path.
deadcode:report does not analyze a project. It only renders an existing analysis payload from --input.
deadcode:apply --dry-run explains what would be staged and which findings were skipped. deadcode:apply --stage writes conservative edits and stores rollback data for the latest staged change set.
Installation
Require the package from Packagist and publish configuration:
composer require oxhq/deadcode-laravel php artisan vendor:publish --tag=deadcode-config
For development against the public GitHub repository instead of Packagist:
composer config repositories.deadcode-laravel vcs https://github.com/oxhq/deadcode-laravel composer require oxhq/deadcode-laravel:^0.1.5 php artisan vendor:publish --tag=deadcode-config
Install or build the deadcore binary:
php artisan deadcode:install-binary v0.1.5 php artisan deadcode:install-supervisor v0.1.5
For local development against a source checkout:
php artisan deadcode:install-binary v0.1.5 --source-root=/absolute/path/to/deadcore --prefer-source
Configure explicit binary paths when defaults are not valid for the host app:
DEADCODE_SUPERVISOR_INSTALL_PATH=bin/deadcode-supervisor DEADCODE_SUPERVISOR_BINARY=/absolute/path/to/deadcode-supervisor DEADCODE_SUPERVISOR_TIMEOUT=300 DEADCORE_BINARY=/absolute/path/to/deadcore DEADCORE_SOURCE_ROOT=/absolute/path/to/deadcore DEADCORE_WORKING_DIRECTORY=/absolute/path/to/your/laravel/app DEADCORE_TIMEOUT=120
See docs/installation.md for the longer install path. See docs/fixtures.md for the package fixture map and verification boundaries.
Release Status
v0.1.5 is the current coordinated public release:
deadcode-laravelprovides the Artisan workflow and Laravel runtime snapshot.deadcoreprovides the Rust analysis engine anddeadcode.analysis.v1.go-supervisorprovides the native JSONL worker supervisor used bydeadcode:analyze.
The GitHub releases publish checksum-verified Windows, Linux, and macOS binaries for the native components.
Current Coverage
The current verified slice reports:
- controller methods
- dead controller classes
- explicit typed
FormRequestclasses - direct supported resource usage
- runtime-registered command classes
- runtime-registered listener classes
- explicitly registered subscriber classes
- job classes reached from supported explicit dispatch patterns
- policy classes from the runtime Gate policy map
- model helper methods reached from supported explicit calls
- local scopes reached from supported explicit scope-call patterns
- relationship methods reached from supported explicit access and eager-loading patterns
- legacy and modern accessors/mutators reached from supported explicit reads, writes, and append-style metadata
deadcode:report renders compact reasonSummary values plus structured reachabilityReasons and evidence emitted by deadcore.
deadcode:apply --dry-run explains skipped findings with planner decisions such as report-only category, insufficient confidence, missing range, missing removal plan, or non-isolated removal plan.
Remediation Policy
Auto-removal is limited to high-confidence findings with a matching removal plan for:
unused_controller_methodunused_form_requestunused_resource_classunused_controller_classunused_command_classunused_listener_classunused_subscriber_classunused_job_class
Report-only categories:
unused_policy_classunused_model_methodunused_model_scopeunused_model_relationshipunused_model_accessorunused_model_mutator
Rollback currently restores only the latest staged change set.
Limits
- Controller-class deadness is defined by extracted controller methods.
- Job support is limited to
SomeJob::dispatch(...),dispatch(new SomeJob(...)), andBus::dispatch(new SomeJob(...)). - Model-method support is limited to explicit supported calls from already-reachable surfaces.
- Scope support is limited to explicit conventional scope-call patterns.
- Relationship support is limited to explicit access plus supported eager-loading patterns.
- Accessor support is limited to explicit reads plus append-driven serialization support.
- Mutator support is limited to explicit writes,
setAttribute(...), and supported bulk write paths. - The package renders engine explanations; it does not synthesize deeper reasoning than
deadcoreemitted.