Architecture Audits: Finding Where Your Codebase Resists Change

# Measuring architecture debt instead of arguing about it

Architecture discussions often devolve into aesthetic preferences. One developer wants microservices, another wants a monolith, a third wants event sourcing. These debates are unresolvable because they're not grounded in measurement.

A better approach: identify the files that are changed most frequently AND have the highest defect density. This intersection — high churn, high bugs — is where architecture debt actually lives. These are the files where the structure is actively fighting the team.

Git log gives you churn. Bug tracker gives you defect density. Cross-reference them and you have an objective, ranked list of structural problems. No opinions required.

# The God module problem

In codebases under 100K lines (most startups), the most common structural problem is a single module that everything depends on. It might be called utils.js, helpers.py, common.go, or BaseService.java. It has 2,000+ lines. It's imported by 60% of the codebase. Every feature touches it.

This module is a merge conflict generator, a test bottleneck, and an onboarding wall. New developers can't understand it because it does everything. Senior developers are afraid to refactor it because everything depends on it.

The fix isn't to delete it in one heroic PR. It's to stop adding to it (enforce via lint rule), then extract cohesive pieces into focused modules one at a time, behind feature work that already touches those code paths.

# Boundary violations that create coupling

The second most common problem: layers that know too much about each other. A React component that constructs SQL. A controller that contains business logic. A data access layer that formats HTTP responses.

These violations feel harmless individually. But they compound: changing the database schema now requires updating UI components. Adding a new API endpoint requires understanding the ORM internals. Every change fans out unpredictably.

An architecture audit should map these violations explicitly: which modules import from layers they shouldn't, which data types leak across boundaries, and which changes historically required touching 5+ files across 3+ directories.

# What the audit output should look like

Not a 50-page document. Not a target architecture diagram. A ranked list:

• Top 5 files by (churn × defect density) with specific extraction opportunities
• Boundary violations: which imports cross layer boundaries and how often they cause cascading changes
• Ownership gaps: modules that no single team owns, leading to diffusion of responsibility and inconsistent patterns
• Concrete refactor proposals with estimated effort (T-shirt size) and expected improvement (fewer files touched per feature, fewer merge conflicts per sprint)

# Executing without stopping product work

The refactors identified by an architecture audit should be attached to product work, not scheduled as a separate 'tech debt sprint' that never survives prioritization.

When a feature touches the God module, extract the relevant piece as part of that feature's PR. When a boundary violation causes a bug, fix the violation as part of the bug fix. This is slower than a dedicated rewrite but actually ships, because it doesn't require permission to stop building product.

Track progress with a simple metric: average number of files changed per feature PR. If it's trending down over quarters, the architecture is improving. If it's trending up, the debt is compounding.