βββ ββββββββββββββββββββ βββββββ βββββββ βββββββ ββββββββ
βββ ββββββββββββββββββββββββββββ βββββββββββββββββββββββββ
βββ ββ βββ βββ ββββββ βββ βββ ββββββ βββββββββ
ββββββββββ βββ ββββββ βββ βββ ββββββ βββββββββ
ββββββββββ βββ βββ ββββββββ βββββββββββββββββββββββββ
ββββββββ βββ βββ βββββββ βββββββ βββββββ ββββββββ
# WTFcode
## What it does
WTFcode builds a dependency graph of your repo from AST and import analysis, ranks every node by structural risk, and produces six output files:
- **What this system is** β its architectural layers and how they wire together
- **Which files are load-bearing** β ranked by dependents and cross-layer coupling
- **Blast radius per file** β exactly how many nodes break if you touch it
- **System smells** β single points of failure, hidden dependency chains, high-coupling zones
- **How to touch it safely** β specific checks before editing each hotspot
It never reads raw source files. It works from a compact graph summary β **~700 tokens instead of ~568,000 for a repo like FastAPI** β so your LLM reasons from structure, not from a wall of code.
**v1 scope:** WTFcode v1 scans your local repo. It does not scan the internet, compare across GitHub, or automatically rewrite code. It gives you the map. You β or your AI coder β make the moves.
---
## Quick Start
**Step 1 β Install**
```bash
pip install wtfcode
This installs both WTFcode and Graphify in one shot. Nothing else needed.
Step 2 β Scan
wtfcode scan path/to/repoStep 3 β Read the output
wtfcode-output/
βββ EASY_OVERVIEW.md β start here: plain English, 3 questions you must answer
βββ PRODUCT_OVERVIEW.md β architecture layers, load-bearing nodes, system smells
βββ FAILURE_REPORT.md β where it breaks, blast radius, how to touch it safely
βββ CRITICAL_PATH.md β don't touch these casually
βββ tokens_saved.json β proof: N tokens vs M naive (Xx savings)
βββ graph.json β raw graph for follow-up queries
Richer analysis (optional): Run
/graphify .in Claude Code first to build a full semantic graph. WTFcode uses it automatically if present β otherwise it builds a structural graph from your repo directly.
WTFcode auto-detects whichever API key you have set. No config needed.
| Key in your env | Install |
|---|---|
ANTHROPIC_API_KEY |
pip install wtfcode[anthropic] |
OPENAI_API_KEY |
pip install wtfcode[openai] |
GEMINI_API_KEY |
pip install wtfcode[gemini] |
| Ollama running locally | just run ollama serve |
| No key | --no-llm β free and instant |
wtfcode scan path/to/repo # auto-detects your key
wtfcode scan path/to/repo --model gpt-4o # override model
wtfcode scan path/to/repo --model claude-opus-4-7
wtfcode scan path/to/repo --model gemini-2.5-flash
wtfcode scan path/to/repo --model ollama/llama3.2
wtfcode scan path/to/repo --no-llm # graph topology only, no API callUse a .env file (WTFcode loads it automatically if python-dotenv is installed):
pip install wtfcode[dotenv]# .env
ANTHROPIC_API_KEY=sk-ant-...
wtfcode scan <repo_path>
Options:
--output-dir, -o Where to write outputs [default: <repo>/wtfcode-output]
--top Number of critical files to surface [default: 20]
--no-llm Graph topology only β no API call, no cost
--model Override model [default: auto-detected from API key]
$ wtfcode scan fastapi/
Graph: 532 nodes, 1,536 edges
Top 3 nodes drive ~72% of structural risk:
1. HTTPException (exceptions.py) 107 dependents
2. DefaultPlaceholder (datastructures) 56 dependents
3. RequestValidationError 52 dependents
Token compression: 568,365 β 683 (832x)
PRODUCT_OVERVIEW.md opens with:
Codebase with 532 nodes across 12 architectural layers, wired through HTTPException, DefaultPlaceholder, RequestValidationError as load-bearing central points.
System smells:
single point of failureβ HTTPException, DefaultPlaceholder, RequestValidationError. Central control points β any change propagates to every caller with no isolation layer.
WTFcode's output is designed to be pasted directly into any AI coding assistant before you start a task. Three files, 30 seconds, and your AI now understands the structural risk of every move it makes.
Open a new chat with Cursor, Claude Code, Copilot, or any other AI coder and start like this:
Here's a structural analysis of the codebase I need your help with.
Read this before suggesting any changes.
--- PRODUCT_OVERVIEW.md ---
<paste contents>
--- FAILURE_REPORT.md ---
<paste contents>
--- CRITICAL_PATH.md ---
<paste contents>
My task: [what you want to do]
No plugin, no extension, no integration required.
Without WTFcode, your AI coder reads individual files and guesses at the blast radius of a change. With WTFcode, it starts from a ranked structural map.
Without WTFcode β AI flying blind:
"I'll refactor
exceptions.pyto add a new error type. Looks straightforward."
With WTFcode β AI working from the map:
"
exceptions.pyis a single point of failure β 107 nodes depend onHTTPException. Adding a new error type is safe only if I leave the existing interface unchanged. I'll check the 3 downstream callers inCRITICAL_PATH.mdbefore writing anything."
| Task | Files to paste |
|---|---|
| "Explain this codebase to me" | PRODUCT_OVERVIEW.md |
| "I want to change X β what else breaks?" | FAILURE_REPORT.md |
| "Which files should I not touch casually?" | CRITICAL_PATH.md |
| "Help me refactor this module safely" | FAILURE_REPORT.md + CRITICAL_PATH.md |
| Starting a new feature | All three β takes 30 seconds |
New to the codebase:
Read PRODUCT_OVERVIEW.md below. Tell me what this system does, which parts are
load-bearing, and what I should understand before writing any code.
<paste PRODUCT_OVERVIEW.md>
Before making a change:
I need to modify [file/function]. Using FAILURE_REPORT.md and CRITICAL_PATH.md below,
tell me what could break and what I should check or lock down first.
<paste FAILURE_REPORT.md>
<paste CRITICAL_PATH.md>
Reviewing a PR:
Here's a diff I need to review. Using the structural analysis below, flag any changes
that touch load-bearing nodes or high-severity failure scenarios.
<paste diff>
<paste FAILURE_REPORT.md>
You don't need to read every line of every file. Here's exactly what you must do, and what you can delegate.
WTFcode generates EASY_OVERVIEW.md specifically for you β plain English, no graph jargon, no node IDs. It answers three questions:
- What does this system do?
- What is the main user-facing flow?
- Which files could break 50+ other things if changed?
Read this file until you can answer all three in your own words. That's the only requirement. After that, let your AI coder handle the details.
| File | You need to | Or just paste it into your AI coder |
|---|---|---|
EASY_OVERVIEW.md |
Read it yourself β know the big picture | β |
PRODUCT_OVERVIEW.md |
Skim for architecture and system smells | Yes |
FAILURE_REPORT.md |
Skip β let your AI read it | Yes |
CRITICAL_PATH.md |
Skip β let your AI read it | Yes |
Once you understand the big picture from EASY_OVERVIEW.md, open a new chat and paste everything:
I've read EASY_OVERVIEW.md and understand the system. Here's the full structural context.
--- EASY_OVERVIEW.md ---
<paste contents>
--- PRODUCT_OVERVIEW.md ---
<paste contents>
--- FAILURE_REPORT.md ---
<paste contents>
--- CRITICAL_PATH.md ---
<paste contents>
My task: [what you want to do]
You understand the story. The AI understands the structure. Together you won't break prod.
WTFcode works in three steps and never reads raw source files:
-
Build the graph β reads
graphify-out/graph.jsonif present (built by Graphify), or falls back to direct AST extraction from the repo. Either way, you get a dependency graph. -
Compress to a summary β serializes the top 20 nodes by dependency degree and their edges into ~700 tokens of plain text. A 1,000-node repo becomes a paragraph, not a wall of code.
-
Analyze β sends the compact summary to your LLM (or uses graph topology alone in
--no-llmmode) to rank failure scenarios, identify system smells, and generate safe-change guidance.
WTFcode v1 ships three structurally-defined smells β each is computed from graph topology, not from heuristics or "vibes":
| Smell | Structural definition |
|---|---|
single point of failure |
40+ nodes depend on this β any change is system-wide |
high coupling |
connects 4+ distinct subsystems (approx) β changes bleed across unrelated layers |
hidden dependency chain |
10+ callers route through this with no isolation layer |
Risk percentages and smell classifications are proxies derived from degree, centrality, and bridging behavior β not from runtime data or failure logs.
| File | Read when... |
|---|---|
EASY_OVERVIEW.md |
You need to understand the codebase in plain English before touching anything |
PRODUCT_OVERVIEW.md |
You want the full architectural picture β layers, smells, god nodes |
FAILURE_REPORT.md |
You're about to change something and want the blast radius |
CRITICAL_PATH.md |
You need to know which files are load-bearing and why |
tokens_saved.json |
You want the token savings breakdown |
graph.json |
You want to run follow-up queries with /graphify query |
WTFcode v1 is deliberately scoped. Here's what it is, and what it isn't.
What v1 does:
- Scans any local repo and builds a structural dependency graph (AST + import analysis)
- Detects load-bearing nodes, blast radius, and three structurally-defined smells (no vibes β all computable from the graph)
- Generates six output files: plain-English overview, architecture report, failure map, critical path, token proof, and raw graph
- Runs free with
--no-llm; plugs into any LLM with a single API key - Works on any language codebase the graph can represent
What v1 does not do:
- Scan the internet, compare across GitHub, or find "similar code" globally
- Automatically rewrite or refactor your code
- Replace code review or human judgment
- Run as a persistent agent or CI integration (that's v2)
Who it's for:
- Any developer using an AI coding assistant β Cursor, Claude Code, Copilot, or similar
- Teams onboarding to a codebase they didn't write
- Anyone about to refactor a module they're not sure is safe to touch
- Python-first for now; the graph layer is language-agnostic
- Python 3.10+
- At least one LLM API key (optional) β Anthropic, OpenAI, or Gemini; or Ollama running locally. Structural mode is free with no key.
git clone <this-repo>
cd WTFcode
pip install -e .Run tests:
pytest tests/Contract tests in tests/test_contracts.py verify the output bundle shape, model field contracts, and CLI options. Tests requiring a pre-built graph skip automatically if graphify-out/graph.json is absent.
Built by Siddharth Reddy.