Last week I had Claude Code open on a postgres formatter file. I asked it to refactor a small helper. It came back with a 12 line patch. Looked clean. Lint passed. I was about to hit accept.
Before I did, the agent ran a check I'd wired in. Output:
Diff Validation
Risk: HIGH
Files changed: 1
Union blast radius: 83 transitive dependents
Violations (1):
HIGH high_blast packages/pg-meta/src/pg-format/index.ts
Modifying this file affects 83 transitive dependents (>50).
83 files import this thing. The agent paused, threw out its own patch, and asked if I wanted to split the change instead.
The check is a tool called validate_diff. Runs in well under a millisecond on a 7,000-file repo. It's part of an MCP server I built called Carto, and this post is about why a check like this matters, how I made it fast enough to run on every diff, and the numbers that made me trust it.
The problem
AI coding tools are confident. They'll propose a 12-line patch to a file with 83 transitive dependents like it's nothing. You accept it. Things break downstream.
The reason is simple. Your AI tool reads the file it's editing. Maybe a few greps. Maybe a vector search hit. It doesn't read the import graph. It doesn't know which files are load-bearing. It has no model of what depends on what.
Most of the time this is fine. The patch lands somewhere reasonable, tests pass, the change ships. The bad case is the silent one. The agent refactors a utility 60 other files import. Tests pass locally because the cascade doesn't run. Three days later something downstream breaks. The agent isn't in the room anymore.
This isn't a model problem. The LLM can't reason about a graph it doesn't have. RAG over file chunks doesn't fix it either, because what the AI needs is a graph, not more snippets. More context, not different context.
The fix has to be structural. Something the agent can query the way I'd run git log and grep -r before touching code I don't know.
So I built Carto
Carto indexes your codebase into a local SQLite database. Import graph, domain map, blast radius for every file. It exposes validate_diff and 21 other tools over MCP, and your AI calls them mid-task.
validate_diff takes the unified diff the agent is about to propose and returns the risk level, every file the change touches transitively, and whether it crosses domain boundaries it shouldn't. All of this before it proposes the patch. The AI revises, splits the change, or flags it. The bad diff never makes it to your screen.
The other tools answer obvious questions. What depends on this file. What domain is it in. What files do I need to touch to add rate limiting to /api/users. What patterns already exist before I write new code. validate_diff is the one I built the rest of the system around.
carto init auto-wires into Cursor, Claude Code, Kiro, Windsurf, VS Code Copilot, Codex, Claude Desktop, Zed, JetBrains. Install once, restart your AI tool, and from then on the AI calls Carto on its own.
How it works
The validate_diff pipeline is five steps. Parse the diff. Look up each changed file's blast radius (precomputed at index time). OR-aggregate the blast radii into a union. Check for new cross-domain imports. Score it.
The whole thing finishes in microseconds because of the bitmap layer. A naive implementation would round-trip to SQLite for every file in the diff. Carto stores reverse-deps as Uint32Array bitsets built from SQLite, so a union over 20 files' blast radii is one OR pass over data already in memory.
Indexing uses tree-sitter to parse every file for imports and symbols, around 0.05 to 0.2ms per file. Babel goes deeper on API handler files only, to extract routes and models. Domains are detected by running Leiden+CPM clustering over the import graph. Files that heavily import each other cluster together. Names are inferred from path tokens.
Numbers
validate_diff runs at 0.084ms median on a 7,567-file repo (vscode). p99 is 0.489ms. The budget I'd set going in was p50 under 5ms, p99 under 15ms. Cleared by 30 to 60x.
The budget mattered because this has to run inside the agent loop on every proposed diff. At 50ms the agent skips the call. At 0.08ms there's no reason not to make it.
Indexing on real repos, M-series Mac, 8 cores:
- prisma/prisma, 961 files: 961ms first run, 431ms re-sync, 0.7 MB on disk
- supabase/supabase, 6,330 files: 5.4s first run, 1.2s re-sync, 4.0 MB
- microsoft/vscode, 7,567 files: 7.7s first run, 1.0s re-sync, 6.7 MB
- zed-industries/zed in Rust, 1,752 files: 3.0s first run, 491ms re-sync, 4.4 MB
Re-sync uses an mtime+size cache, so only changed files get re-parsed. That's how Carto runs from git hooks (pre-commit, post-merge, post-rewrite, post-checkout) without slowing anything down.
Bitmap engine vs raw SQLite on vscode across five tools: 10.7x median speedup. get_high_impact_files peaks at 559x. 12 corpus repos pass full parity tests, so the bitmap layer is a speedup, never a behavior change.
The agent remembers
Every validate_diff call writes a row to a local SQLite log. Three tables: ai_sessions, decisions, interventions. Lives in .carto/carto.db. Never leaves the machine, never shared between projects.
So five hours later, a different session can ask did_we_discuss_this("snake_case naming") and get the answer back. The AI stops relitigating things that were already settled. It
stops contradicting its own past output inside the same repo.
This was the smallest piece to build, honestly the most useful one. The agent's worst trait is that it forgets, and SQLite turns out to be a fine memory.
Why this shape was already in my head
Before Carto I was building Emfirge, a cloud security agent that maps AWS infrastructure into a graph and simulates the blast radius of every change. To make its AI understand AWS, I wrote a module called cartography.py. Mapped resources, built a graph, wrote it into a structured map. The AI stopped hallucinating about IAM and VPC peering.
One night I was watching Claude Code propose a refactor inside a file with 60+ dependents and realized I'd already solved this once. For AWS. Same exact shape. Source code and cloud infra are both directed graphs of components with declared dependencies. Carto is cartography.py retargeted at source.
Try it
npm install -g carto-md
cd your-project
carto init
carto init detects every AI tool installed on your machine and writes the right MCP config for each. Restart your AI tool, ask it to do something architectural, and watch it call get_blast_radius instead of just grepping.
No daemon. Just 4 git hooks keep the index fresh. Stale files re-parse inline at MCP query time. 22 MCP tools total. MIT, runs locally, free.
github.com/theanshsonkar/carto
If you run it on a large repo and the numbers don't match, open an issue with the SHA and I'll dig in.


























