Built a local-first blast radius analyzer so AI coding agents stop breaking things they don't understand
I kept running into the same problem: AI coding agents (Cursor, Claude Code, etc.) would confidently rewrite a function without knowing what else in the codebase depended on it. One "simple fix" would silently break three other modules downstream.
So I built a tool that gives agents a structural map of the codebase before they touch anything — call graphs, blast radius analysis, and architecture boundaries, computed locally with no cloud calls.
A few technical details that might be interesting to this crowd:
- Delta sync via SHA-256: instead of re-indexing the whole repo on every change, it hashes each file and only re-parses what actually changed. Makes it usable on large repos without a multi-minute wait every time.
- Hybrid graph model: combines a structural graph (tree-sitter based, across Python/JS/TS/Java/C++/Go) with semantic embeddings, so queries can be answered by structure ("what calls this function") or by meaning ("where's the auth logic").
- Blast radius: before an edit lands, it traces downstream callers/dependents so you (or the agent) know what's at risk.
- MCP integration: exposes this as context directly inside Cursor/Windsurf/Claude Code, so the agent gets the graph without you manually pasting file contents.
It runs fully offline — no API keys, no data leaving your machine, works air-gapped with a local LLM if you want it fully isolated.Wanted to share it here since blast-radius-aware tooling for AI agents seems like a gap in the current OSS landscape.
Code's here if you want to poke at the architecture or the parsing layer: Github
Happy to answer questions about the graph construction, the delta-sync design, or tradeoffs I hit along the way.