Nishi Family › Compare › Code Health and Janitor
Code Health and Janitor — mechanically measured, liar-killed, sovereign.
Nishi vs SonarQube and Semgrep and Knip and Renovate
| Capability | Nishi | SonarQube | Semgrep | Knip | Renovate | Notes |
|---|---|---|---|---|---|---|
| Whole-tree debt walker with 3-way debt classification | Yes | Best | Yes | Part | No | LIVE 2026-07-10: 89742 files walked, genuine_debt=544 verdict GREEN, purity 892 permil (was 7071 on 2026-06-23); classes KILL, MIGRATE, REVIEW; SonarQube is the platform bar for debt dashboards |
| Unified cleanliness scorecard (debt + collisions + scratch) | Yes | Best | No | No | No | LIVE 2026-07-10 gate 5/5: debt=544, shadow_collisions=19, scratch=627 -- one observable, each axis grounded in its own detector |
| Duplicate and shadow-name detection | Yes | Part | No | Part | No | LIVE: 19 shadow collisions (organs that run the WRONG code by name); June resolutions took 22 to 14, five NEW ones crept in since -- the creep the ratchet exists to catch; SonarQube CPD finds copy-paste, not name-shadowing |
| Dead and orphan artifact detection | Yes | Part | No | Best | No | Registry artifacts referenced by ZERO organs get flagged for reversible quarantine; Knip is the dead-export bar for JS/TS |
| In-content sovereignty lint (imports + exec targets) | Yes | Yes | Best | No | No | Flags non-sovereign imports and exec-target literals inside source; Semgrep the rule-engine bar |
| Byte-verified additive migration | Yes | No | No | No | No | Any non-sov data file to seg_store, BYTE-VERIFIED, original INTACT; peers report problems, none carry a verified data-migration action |
| Reversible no-delete retirement | Yes | No | No | No | No | REFUSES unless bytes are store-verified; renameat to _retired/, jan_unretire proves reversal; gate 5/5 |
| Multi-axis ratchet with locked floors | Yes | Part | No | No | No | Debt, collisions, scratch each ratchet DOWN and LOCK -- any rise is RED; SonarQube quality gates fail-on-worse is the closest peer idea; floors need re-lock at today's 544/19/627 |
| Scratch and artifact accumulation meter | Yes | No | No | No | No | LIVE: 627 scratch files (was 258 on 2026-06-23 -- 2.4x creep); missing zone reads -1 not 0 (absent is not empty) |
| Staleness and freshness caretaker | Yes | No | No | No | Part | Are surfaces regenerating, is the system alive -- STALE = silent death; Renovate covers the dependency-staleness slice only |
| Caller and impact analysis before rename | Yes | Part | Part | Part | No | Sovereign whole-tree reference search (no timeout on 89k files); powers the checked collision-resolution method that took 22 to 14 with zero functionality lost |
| Governed autonomous runs (conductor-owned pulses) | Yes | Part | No | No | Best | Ratchet gates registered as warden-owned conductor pulses -- governed, never ad-hoc; Renovate is the bar for fully-scheduled autonomous hygiene |
| Dependency update automation | No | Part | No | No | Best | Renovate 43.257.2 (released 2026-07-10) is the field bar; sovereign imports are vendored by doctrine but organ-version staleness has no automation |
| Secrets and credential scanning | No | Yes | Part | No | No | The vault doctrine keeps credentials out of source by convention; nothing SCANS for leaks -- and the ecosystem has had real credential-rotation flags open |
| SBOM and license compliance | No | Part | Part | No | No | license_tier tags exist in organ headers; no bill-of-materials or license-audit organ reads them |
| Security taint-analysis rules | No | Best | Part | No | No | SonarQube commercial taint analysis leads; Semgrep taint mode partial; we have no vulnerability-pattern rules |
| Multi-language analysis | No | Best | Yes | Part | Part | Peers analyze 30+ languages; our lint depth is NishiLang-only (the auditor classifies every file type but only by extension) |
| CI and PR integration | No | Yes | Yes | Yes | Best | Every peer comments on pull requests; our pulses are internal -- no PR surface |
| IDE integration | No | Best | Yes | No | No | SonarLint in-editor is the bar; we ship none |
| Automated fix generation | No | Part | Part | Part | Best | Renovate auto-PRs updates, Semgrep autofix, Knip --fix removes dead exports; our scrub migrates DATA but never patches CODE |
| Web dashboard UI | No | Best | Part | No | Part | SonarQube dashboard is the bar; our scorecard is console-only (this /compare page is the first public surface) |
| LLM-assisted repair and refactoring | No | Part | Part | No | No | SonarQube AI CodeFix class features arriving across the field; connects to our LLM-assisted-compiler-testing radar gap (mom 145) |
| Never-brick cleaning by construction (additive-only, no delete syscall, reversible) | Best | No | No | No | No | The janitor CANNOT destroy: no sys_unlink anywhere in the fleet, byte-verified store before any move, unretire proves reversal, gates 5/5 x4 organs; knip --fix deletes code, Renovate rewrites manifests -- none are reversible-by-construction |
| Sovereign zero-dependency fleet on own substrate | Best | Part | Part | Part | Part | Whole fleet is NishiLang organs on our own compiler and runtime, offline, zero SaaS, zero phone-home; peers self-host but sit on Java, OCaml or Node stacks and center on cloud services |
Generated by nx_swcompare_matrix (sovereign NishiLang organ) from knowledge/compare/janitor.matrix — every Nishi cell verified against real organ source on disk. Zero JS, zero trackers.