TS/JS Duplication Stabilization Report

Date: 2026-03-06
Scope: TypeScript/JavaScript duplication cleanup only (safe mode)
Safety posture: no deletions, no entrypoint/port/URL changes

Step 1 — Duplication Clusters

Total TS/JS duplicate pairs detected: 295

Full duplication map:

• TS_JS_DUPLICATION_MAP_2026-03-06.tsv

Sample high-value clusters:

| Cluster ID | TS file | JS file | Import locations | Used by runtime? | Risk | | --- | --- | --- | --- | --- | --- | | C001 | services/svc-auth/src/security/jwt.ts | services/svc-auth/src/security/jwt.js | services/svc-auth/src/server.ts imports ./security/jwt | Yes (service runtime path) | High | | C002 | services/svc-auth/src/security/password.ts | services/svc-auth/src/security/password.js | services/svc-auth/src/server.ts imports ./security/password | Yes | High | | C003 | services/api/src/routes/tenders.ts | services/api/src/routes/tenders.js | services/api/src/server.ts mounts tendersRouter | Yes | High | | C004 | services/api/src/routes/auctions.ts | services/api/src/routes/auctions.js | services/api/src/server.ts mounts auctionsRouter | Yes | High | | C005 | services/svc-tenders/src/server.ts | services/svc-tenders/src/server.js | services/svc-tenders/package.json (dev ts, start dist) | Yes | Medium | | C006 | packages/ai-layer/src/index.ts | packages/ai-layer/src/index.js | apps/web/src/app/api/ai/ask/route.ts imports @kvary/ai-layer | Yes | High | | C007 | packages/memory-layer/src/index.ts | packages/memory-layer/src/index.js | apps/web/src/app/api/ai/ask/route.ts imports @kvary/memory-layer | Yes | High | | C008 | packages/core/index.ts | packages/core/index.js | used via @kvary/core and core compat paths | Yes | High |

Step 2 — Canonical Source Classification

Heuristic used:

• If .ts exists, treat TS as canonical source.
• If package/service builds to dist and starts from dist, src/*.js is candidate artifact.
• If package runs/exports from src/*.ts, duplicate src/*.js is treated as UNKNOWN.

Classification totals:

• SAFE_TO_REMOVE_JS: 147
• UNKNOWN: 148
• RUNTIME_JS: 0 detected explicitly

Notes:

• services/* pairs were classified as SAFE_TO_REMOVE_JS (builds to dist, starts from dist, dev runs TS entrypoint).
• packages/ai-layer, packages/memory-layer, packages/identity-infra, and packages/core were kept UNKNOWN due active src-based runtime/export patterns.

Step 3 — Runtime Import Verification

Checks performed:

• explicit imports to *.js in TS sources
• package scripts for node src/*.js
• service start scripts (node dist/server.js) and dev scripts (ts-node(-dev)/tsx TS entrypoints)

Result:

• No explicit RUNTIME_JS_DEPENDENCY detected via source/package-script scan.
• Runtime resolution expectation in services:
  • prod: dist/*.js
  • dev: TS entrypoint loaders (ts-node-dev, ts-node, tsx)

Reference:

• RUNTIME_JS_DEPENDENCIES_2026-03-06.txt

Step 4 — Safe Build Structure Updates

Added "rootDir": "src" (while keeping existing "outDir": "dist") to:

• services/api/tsconfig.json
• services/svc-auth/tsconfig.json
• services/svc-tenders/tsconfig.json
• services/svc-risk/tsconfig.json
• services/svc-kyc/tsconfig.json
• services/svc-carbon/tsconfig.json

No boot logic changed.

Step 5 — Safe Import Redirects

No safe redirects applied in this pass because:

• no explicit src/*.js import targets were found in TS code paths.
• changing extensionless runtime resolution behavior was intentionally avoided in safe mode.

Step 6 — Legacy JS Marking

For services/*/src/*.js files that have sibling .ts canonical files, header added:

// @deprecated duplicate JS build artifact
// canonical source: file.ts

Marked files in services: 87

No deletions were performed.

Step 7 — Dry-run Removal Simulation

Candidate list generated only (not removed):

• SAFE_REMOVAL_CANDIDATES_2026-03-06.txt

Candidates count: 147

Step 8 — Stabilization Output

Produced outputs:

1. duplication clusters map (TSV)
2. canonical classification
3. safe-removal candidate list
4. runtime JS dependency list
5. commit plan below

Step 9 — Commit Plan

1. chore(stabilization): add TS/JS duplication analysis artifacts
2. chore(build): add rootDir=src to service tsconfigs with outDir=dist
3. refactor(stabilization): mark service src JS duplicates as deprecated artifacts
4. chore(stabilization): add runtime-js dependency report + safe-removal dry-run list
5. chore(stabilization): manual removal (optional, only after build/runtime parity check)

Safety Notes

• No files were deleted.
• No service ports/URLs/entrypoints were changed.
• No domain logic rewrites were done.
• UNKNOWN clusters were intentionally not touched beyond reporting.