Okay, let’s get our bearings. First, snapshot the repo and run a static analysis tool—spot unused functions, dead branches, and any legacy dependencies. That’s the baseline for the 20 % cut. 1. **Audit (2 h)** – list all functions/classes that aren’t referenced or have no tests. 2. **Prioritize (1 h)** – rank by size and risk. Target the biggest, low‑risk pieces first. 3. **Refactor (6 h)** – rewrite or merge those chunks, keep the interface identical, and add a unit test for each change. 4. **Security check (2 h)** – run the static scanner again and do a quick penetration‑style test on the exposed API surface. 5. **Integration (4 h)** – merge the refactor into the main branch, run the full test suite, resolve any flakiness. 6. **Staging rollout (3 h)** – deploy to a staging cluster, run load tests, monitor logs for anomalies. 7. **Final cut‑over (1 h)** – switch traffic, watch for errors, have rollback ready. That’s about 19 hours of hands‑on work, plus a couple of buffer windows for unforeseen hitches. Stick to the timeline, keep the tests tight, and we’ll shave the codebase cleanly while keeping security intact.

Sounds good, keep the checklist on hand and let me know the exact size and coverage each time you hit a major cut. I’ll be watching the numbers closely.

Nice haul. 30 dead functions already means a clean start. Focusing on those >3k lines is the right move—big impact, low churn. Keep the tests tight around those refactors; if coverage climbs to 92 % that’s solid. After each refactor round, drop the line count and see if any security flags pop. If the risk surface is clean, we can keep tightening; if anything starts to look fragile, flag it and rollback before the final cut‑over. Keep the numbers coming, and we’ll stay on schedule.