Know exactly how much your technical debt costs.

What it measures: Ranks every file by how often it was changed over the last 6 months. A file touched 47 times while the average is 3 is a hotspot.

Why it matters: Hotspots concentrate bugs. Research shows that 4% of files cause 50% of defects. Knowing where they are lets you focus refactoring where it actually matters.

What the report shows: A ranked list of critical and warning hotspots, with change frequency and a density score (0–1) that feeds into your overall health rating.

What it measures: Cross-references cyclomatic complexity with change frequency. A 500-line file with complexity 40 that changes weekly is far more dangerous than a complex file nobody touches.

Why it matters: Complex + frequently changed = highest defect probability. These files slow down every developer who touches them and are the #1 source of regressions.

What the report shows: A quadrant map: high-complexity/high-churn files are flagged as critical. You see exactly which files need refactoring first for maximum impact.

What it measures: Detects files that consistently change together in the same commits. If UserService.php and BillingHelper.php always change as a pair, they have hidden coupling.

Why it matters: Temporal coupling reveals architectural debt that static analysis misses. These hidden dependencies make changes unpredictable — touching one file breaks another in ways no linter can catch.

What the report shows: A coupling index (0–1) and the pairs of files with the strongest co-change patterns. High coupling = candidates for merging or clearer interfaces.

What it measures: Measures author concentration per file. If 90% of commits on a critical module come from one person, that module is a knowledge silo.

Why it matters: When that person goes on vacation, changes teams, or quits, nobody else can safely modify the code. Knowledge silos are a direct operational risk — your bus factor.

What the report shows: A silo risk score (0–1) and the number of files with dangerous single-author concentration. The report highlights which areas need knowledge sharing or pair programming.

What it measures: Identifies files that haven't been modified in a long time relative to the rest of the codebase. A file untouched for 18 months in an active repo is likely dead weight.

Why it matters: Dead code increases onboarding time, confuses new developers, and inflates metrics. Cleaning it up is the easiest, lowest-risk way to improve your codebase health.

What the report shows: A dead code ratio (0–1) and a count of candidate files. The report distinguishes truly dead files from stable utility code that rarely needs changes.

What it measures: Classifies recent commits into feature work, bug fixes, and refactoring based on commit message patterns. Then measures the ratio over time.

Why it matters: A healthy team spends most of its time on features. When bug fixes dominate, the team is firefighting instead of building. This is the clearest signal that debt is costing real velocity.

What the report shows: A velocity profile breakdown (% feature / % bugfix / % refactoring) and a trend indicator — is the balance improving or deteriorating month over month?

What it measures: Analyzes merge commits to detect self-merges (author == merger), reviewer diversity, and average PR size. Uses git log --merges — 100% offline, no GitHub API required.

Why it matters: Code merged without review carries higher defect risk and creates knowledge silos. Two repos with identical DebtLens scores can have radically different quality cultures — this scan reveals the difference.

What the report shows: A discipline signal (exemplary / adequate / weak / solo) and a self-merge ratio. High self-merge ratio + low reviewer diversity = weak discipline, high risk.

What it measures: Detects AI-generated code signatures in your git history — Co-Authored-By trailers (Claude, Copilot, Cursor, Codeium...), commit messages, and bot authors (Dependabot, Renovate). Then checks whether each AI commit was reviewed by a human before merging.

Why it matters: AI-assisted coding is productive when governed. But AI code merged without review is a ticking governance bomb — no one verified correctness, security, or architectural fit. For CTOs and compliance teams, knowing what percentage of your codebase was written by AI and shipped unreviewed is critical.

What the report shows: A governance signal (clean / governed / partial / uncontrolled), the AI commit ratio, the unreviewed AI ratio, and the list of AI tools detected in the repo.