Safe production cleanup and hardening for vibe-coded fullstack apps (Next.js, React, Node.js, etc.). Removes dead imports, unused files, and broken references without breaking routes or APIs.
| name | vibe-code-cleanup |
| description | Safe production cleanup and hardening for vibe-coded fullstack apps (Next.js, React, Node.js, etc.). Removes dead imports, unused files, and broken references without breaking routes or APIs. |
| category | fullstack |
| risk | safe |
| source | self |
| source_type | self |
| date_added | 2026-05-31 |
| author | Whoisabhishekadhikari |
| tags | ["cleanup","refactor","nextjs","production","vibe-code","fullstack","nodejs"] |
| tools | ["claude","cursor","gemini","claude-code"] |
| version | 1.0.0 |
A safe, incremental cleanup workflow for AI-generated / vibe-coded fullstack apps. The goal is to make the codebase production-ready without breaking anything that already works.
Surgery, not demolition. Remove only what is provably dead. Preserve everything else.
Never:
Always:
Before changing anything, map the codebase:
# List all pages/routes
find . -type f \( -name 'page.js' -o -name 'page.jsx' -o -name 'page.ts' -o -name 'page.tsx' \)
find pages -type f \( -name '*.js' -o -name '*.jsx' -o -name '*.ts' -o -name '*.tsx' \) | rg -v '/_' | sort
# Find broken imports (TS projects)
npx tsc --noEmit 2>&1 | head -80
# Find unused exports (optional, for larger projects)
npx ts-prune 2>/dev/null | head -40
# Check for console.log / debug leftovers
grep -r "console\.log\|debugger\|TODO\|FIXME\|HACK" --include="*.{js,ts,jsx,tsx}" -l
Document what you find. Do NOT change yet.
Broken imports cause build failures and should be fixed before anything else.
# TypeScript: list all errors
npx tsc --noEmit 2>&1
# Common patterns to fix:
# - Missing file (file was deleted or renamed)
# - Wrong relative path (../lib vs ../../lib)
# - Named export that doesn't exist
Fix rule: Fix the import reference. Do NOT delete the referenced file unless you've confirmed it's unused everywhere.
A file/export is safe to remove only if:
# Check if a file is imported anywhere
grep -r "from.*my-file\|require.*my-file" --include="*.{js,ts,jsx,tsx}" .
# Check if a component is used anywhere
grep -r "MyComponent" --include="*.{js,ts,jsx,tsx}" .
Look for repeated patterns (metadata blocks, API fetch wrappers, error handlers) that appear in 3+ places.
Good consolidation targets:
Bad consolidation targets (leave alone):
Pattern for shared metadata helper (Next.js):
// lib/socialMetadata.js
export function buildPageMetadata({ title, description, path, image }) {
const baseUrl = process.env.NEXT_PUBLIC_BASE_URL || 'https://yourdomain.com';
const imageUrl = image?.startsWith('http') ? image : `${baseUrl}${image}`;
return {
title,
description,
openGraph: {
title,
description,
url: `${baseUrl}${path}`,
images: [{ url: imageUrl, width: 1200, height: 630, alt: title }],
},
twitter: {
card: 'summary_large_image',
title,
description,
images: [imageUrl],
},
alternates: {
canonical: `${baseUrl}${path}`,
},
};
}
# List all env vars used in code
grep -r "process\.env\." --include="*.{js,ts,jsx,tsx}" . | grep -oP 'process\.env\.\w+' | sort -u
# Compare against .env.example or .env.local
cat .env.example 2>/dev/null || cat .env.local 2>/dev/null
Flag any env vars used in code but missing from .env.example. Never add secrets to version control.
Run this after every meaningful batch of cleanup changes:
# TypeScript check
npx tsc --noEmit
# Lint
npx eslint . --ext .js,.jsx,.ts,.tsx --max-warnings 0
# Build (catches runtime issues TypeScript misses)
npm run build
# Tests (if present)
npm test -- --runInBand --passWithNoTests
If build or typecheck breaks → revert the last batch before continuing.
Each commit should be a single logical unit:
fix: remove broken import in app/blog/page.js
refactor: consolidate social metadata into lib/socialMetadata.js
chore: remove verified-unused utils/oldHelper.js
fix: standardize env var references to NEXT_PUBLIC_BASE_URL
Never bundle UI changes + logic changes + file deletions in one commit. Smaller commits = easier rollback.
Treat these as off-limits unless there's a verified bug:
| Area | Why |
|---|---|
| Route slugs / page paths | May be indexed by Google |
| API route contracts | Callers depend on exact shape |
| DB schema / Prisma models | Migration required |
| Auth flow logic | Security-sensitive |
| Third-party integration configs | Keys/webhooks are environment-specific |
| Working tool pages | User-facing functionality |
.env.exampleAudit deployed Vercel apps for cost and performance issues using metrics, project config, code scans, and version-aware recommendations.
Find and fix WCAG 2.2 accessibility issues. Two modes — report (sweep a codebase or page, produce a prioritized written report, no edits) and fix (audit→edit→verify loop on a target). Prefers direct-CDP live-DOM auditing; falls back to a browser-MCP composition or HTML-string audits.
Diff a live page's accessibility violations against a baseline — by default compares uncommitted changes (stash-based), or pass --branch [<name>] to diff against a branch. Reports only new violations introduced, violations fixed, and pre-existing count. Use `scan` for a full audit with no diffing.
Audit a live page for accessibility issues, locate each WCAG violation precisely, and return a selector-grounded fix worklist without editing.
Use when working with composition-patterns tasks or workflows
Use when working with debugging toolkit smart debug (Alias for debugging-toolkit-smart-debug)
