Every codebase rots if you only ever add to it. Today we ran a disciplined cleanup pass on Dekimu — seven tracks, eleven commits, about 460 lines of duplication collapsed without touching a single feature.
Operation Clean House is our internal name for a specific kind of work: not refactoring for its own sake, not chasing a new pattern, just removing things that no longer carry their weight. Dead code. Copy-paste that should have been one function. Types defined twice. Weak `any` escapes that hide real shapes. Error handlers that catch and swallow.
Dead code first, because nothing else matters if the line is already unreachable. Then AI slop — the restated-name JSDoc, the "// removed X" ghosts, the defensive try/catch around pure code. Then deduplication, type consolidation, circular dependencies, type strengthening, and finally error handling. Each track has its own rules for what counts as a finding and what gets dropped.
The biggest win this round was the EN/ES landing pages. They had been kept in sync by hand across two parallel component trees for months. We extracted a single `LandingPage` component parameterized by `lang`, with a `COPY` map holding every localized string. The two route files collapsed into thin wrappers that only exist to keep their metadata exports. Same pattern applied to the blog index and the blog post view.
The rule we hold ourselves to: only High-confidence findings are applied. Medium gets reported in the audit trail and dropped for the pass. Low gets dropped silently. A cleanup pass that introduces a bug is worse than one that misses an opportunity.
That rule is load-bearing. It's what lets us run one of these without a QA cycle attached. Every commit is small, every commit is reversible, every commit has a single reason. If something breaks, `git bisect` finishes in under a minute.
The measure of a good cleanup pass isn't how much code you removed. It's how quickly someone else could audit every line you touched.
Two Next.js CVEs require a 14 → 15 jump with breaking changes in middleware and server actions. Neither is exploitable against Dekimu today — we have no `next/image` on untrusted input and no public rewrites that chain to internal origins. They're written down in the decision log and they wait.
Cleanup compounds. A codebase small enough that you can read it in an afternoon stays that way only if you prune it on a cadence. Eleven commits today — probably fewer next time, because the patterns worth extracting have already been extracted. That's the whole point.