What tugtug does

See every file's risk at a glance — before it causes a bug.

Combines complexity and churn into a single bubble chart. Bigger bubble = more complex code. Redder bubble = changes more often. Files in the top-right corner are your real risk — complex and constantly being edited.

• Based on Adam Tornhill's research in Your Code as a Crime Scene
• AST-based complexity — not keyword counting
• Churn measured over the last 90 days of commits

Surface the hidden dependencies GitHub doesn't show.

Tracks which files change together across your commit history. When auth.ts and session.ts appear in the same commit over and over, that's a hidden dependency — a change to one likely breaks the other. tugtug maps these automatically.

• Force-directed graph; edge thickness = coupling strength
• Reveals architectural debt invisible in code review
• Built into the analysis instead of requiring a separate archaeology workflow

A single number that tells you if your codebase is getting better or worse.

The health score (0–100) combines hotspot ratio, average complexity, and average churn. The timeline tracks it across every analysis you run — so you can see whether that big refactor actually helped.

• 80–100: healthy. 60–79: watch list. Below 60: act now.
• Timeline shows trend across all analyses
• Weekly auto-reanalysis keeps history fresh

Everything else you need to know about a file's health.

Beyond hotspots, every file is scored for cognitive complexity (how hard it is to read, not just count branches), duplication (copy-pasted blocks that cause bugs when fixed in one place but not another), dead code (exports nothing references), and security patterns.

• Cognitive complexity — an industry-standard nesting penalty
• 6-line sliding block hash for duplication detection
• 16 security rules: eval, XSS, execSync, hardcoded secrets, weak hashes, and more

Know when something gets worse — before it ships.

After each analysis, tugtug compares results to the previous run and flags changes: a file that just became a hotspot, an existing hotspot that worsened by more than 20%, or a coupling pair that's grown. No manual checking required.

• Orphaned high-risk files (untouched 90+ days) flagged as CRITICAL
• New hotspots flagged as HIGH severity
• Worsening hotspots flagged as MEDIUM
• Files that increasingly change together flagged as LOW

Keep the whole team informed without anyone having to check a dashboard.

Free gives one developer the full code-health report. Team adds a shared workspace, member access, audit logs, and digests so everyone sees the same repo health without passing screenshots around.

• Shared team workspace with role-based access
• Daily email digest — only sends when something changed
• Audit log tracks every action; one-click data purge for GDPR

Send a health report to anyone — no account needed.

Every analysis can get a time-limited, token-protected share link. Send it to a client, a manager, or a teammate to show the state of a codebase. They see the hotspot map and metrics without needing a tugtug account.

• Token-protected links with selectable expiration
• Hotspot map and metrics visible
• No account required to view