Enterprise AI safety infrastructure

When a senior engineer leaves, production shouldn't break.

GapMap turns team transitions into a risk-reduction pipeline. It tracks high-inbound code pathways, captures tacit knowledge into machine-readable manifests, and builds programmatic guardrails that your AI agents enforce on every edit.

Run your first auditExplore the dashboard
uvx gapmap-ai audit --repo .
gapmap — zsh — 80×24MCP connected
484
Entities mapped
across 65 Python files
572
Call-graph edges
100% precisely resolved
194
Undocumented gaps
load-bearing & at risk
2,176
Top risk score
single critical hub

The problem

Tribal knowledge is your largest unhedged liability.

Undocumented, load-bearing code doesn't have to become an outage when its author offboards. GapMap converts the departure into a risk-reduction pipeline — auditing the blast radius, encoding what only one person knew, and gating every AI-assisted edit that follows.

Track load-bearing pathways

GapMap ranks every entity by blast radius — incoming callers, lines of code, and git volatility — so the code that quietly holds production together stops being invisible.

Capture tacit knowledge

The implicit contracts in a senior engineer's head become machine-readable Context Manifests: invariants, upstream callers, and the reasons a change is dangerous.

Build programmatic guardrails

Those manifests become enforcement. Over MCP, your AI agents read the invariants before they touch high-risk code — turning policy into a runtime check.

The pipeline

Four stages from blast radius to guardrail.

One CLI computes the risk, compiles the context, and hands it to your IDE agents — no manual documentation rituals required.

  1. 01

    Audit

    gapmap audit

    Tree-sitter parses every file into an entity call graph. GapMap scores risk by centrality — incoming callers × LOC × a temporal git factor.

  2. 02

    Capture

    gapmap ownership

    Author ownership and temporal churn are analyzed from git blame. Bus-factor-of-one hotspots and departed-contributor debt surface automatically.

  3. 03

    Generate

    gapmap generate

    Clean, machine-readable JSON Context Manifests are compiled — source hashes, upstream callers, and AI execution invariants for each critical entity.

  4. 04

    Shield

    gapmap-mcp

    Cursor and Claude Code read the manifests over MCP, injecting invariants pre-edit so agents intercept breaking changes before they ship.

The power grid

Four components. One safety layer.

Tree-sitter AST

Static Analysis Engine

Deep AST call-graph mapping with import-aware resolution. Every edge carries a confidence and resolution type — no same-name false positives.

Real-time context

GapMap Shield (MCP)

A FastMCP server that injects execution invariants directly into Cursor and Claude Code, gating risky AI edits before they happen.

Next.js UI

Risk Dashboard

Track documentation debt, ownership, and coverage trends over time with an interactive call graph and a ranked risk leaderboard.

Local & cited

Grounded RAG Search

A local semantic repository query system that answers questions about the codebase with grounded, absolute citations — fully offline.

The proving ground

We pointed an AI agent at a critical FastAPI hub.

Same model, same refactor request, same file — fastapi/routing.py::APIRoute. The only variable was whether GapMap Shield was connected over MCP.

1,455
Critical risk score
CRITICAL
Risk level
23
Inbound callers
318
Lines of code
500 → 2.9× over
Threshold

Without GapMap

The agent has no signal that this file is load-bearing.

  • Agent treats the file as ordinary application code
  • Blindly refactors the request-handling signature
  • 23 upstream call sites silently break at runtime
  • Regression ships — discovered only in production

With GapMap

Shield injects execution invariants before the first edit.

  • MCP flags a 1,455 CRITICAL risk score pre-edit
  • Execution invariants injected into agent context
  • Agent writes structural safety guardrails first
  • Backward-compatible change — no systemic break

Get started

Drop it into any Python repo in under a minute.

Option A — Zero config

recommended

Runs in a temporary env with uv — nothing to install.

uvx gapmap-ai audit --repo /path/to/project

Option B — Full suite

CLI, vector search, LLM invariants, MCP server, and dashboard.

pip install "gapmap-ai[all]"
gapmap audit --repo .

IDE configuration — GapMap Shield (MCP)

Cursor · Claude Code · ~/.cursor/mcp.json

Drop this into your mcpServers block. The healthy green dot means your agents now read execution invariants before every edit.

{
  "mcpServers": {
    "gapmap-shield": {
      "command": "uvx",
      "args": ["--from", "gapmap-ai[mcp]", "gapmap-mcp"]
    }
  }
}