Give your AI the map it needs — before it starts writing code.
Index your codebase once. Agents query only what they need.
Runs entirely on your machine. No data leaves your computer.
AI coding agents search through your files on every task — reading source files, following imports, grepping for context. That's expensive, slow, and often inaccurate because context windows fill up before the relevant files are seen. Project Mapper solves this in three steps.
Walk your project once. Extract every module, class, and function via static AST analysis. Supports Python, TypeScript/JS, Java, Kotlin, Go, Rust, C, C++, C#, PHP, Ruby, and Swift — 13 languages. No AI required, zero API cost.
Store entities and their relationships (imports, calls, extends, depends_on) in a local knowledge graph. Subsequent scans only re-process changed files.
Agents call one of 12 MCP tools instead of reading raw files. Context, impact, path, visualize, security, and delta — all answered in milliseconds at a fraction of the token cost.
Returns every entity relevant to a task description. "I'm adding rate limiting to the auth system" → the 20 most relevant files and classes, ranked by relevance.
Traces the dependency graph to find what breaks if you change entity X. Tested on Django's Model class: 69 affected entities found in 11 ms.
Finds the connection chain between two seemingly unrelated entities. Understand hidden coupling before making changes.
Find any function, class, or module by name across the entire indexed codebase. Returns file location and line number in milliseconds.
Finds entities with no inbound references — functions and classes never called or imported anywhere in the graph. Useful for pre-refactor cleanup.
Generates a Mermaid or DOT subgraph centred on a named entity, with depth, direction, and relation-kind filters. Paste straight into a PR or doc.
Runs a full SAST scan in seconds. 140+ patterns across OWASP Top 10 in 8 languages, with CWE mapping, route-reachability taint tracking, and triage persistence.
Mark a security finding as false positive, verified, or resolved. Stable 8-char IDs keep triage decisions persistent across rescans.
Lets agents record what they did to the knowledge graph — keeping the index accurate after code modifications without a full rescan.
Shows what changed on disk since the last scan. Useful for CI pipelines and incremental review workflows.
Starts a background scan from inside a Claude Code or Cursor session — no need to switch to a terminal.
Returns a summary of what's in the database: entity counts by type, files tracked, last scan time, and relation counts.
pm_security is a standalone SAST-style scanner built into Project Mapper. One call checks your entire codebase — no separate tool, no setup beyond installation, no data sent anywhere.
OWASP Top 10 (A01–A10) across Python, TypeScript/JS, Java, Go, C#, PHP, Ruby, and C/C++.
Runs across the entire codebase in seconds — not minutes. No daemon, no build step required.
Flags findings reachable from HTTP handlers — so agents focus on exploitable paths first.
Every finding carries a CWE ID, OWASP category, severity, and stable ID for persistent triage across scans.
Benchmarked against OWASP Juice Shop: security benchmark ↗
Tested on the Django source repository (2,411 Python files · ~420,000 lines). All measurements from static analysis only — no AI enrichment, no API keys.
| Test | Metric | Result |
|---|---|---|
| Full cold scan | Files · Entities · Time | 2,411 files · 12,066 entities · 9.5 s |
| Token reduction (PM Full) | vs. grep + reading files | −91% |
| Token reduction (PM Slim) | vs. grep + reading files | −93% |
| Query latency | Context / impact / path calls | 5–125 ms |
| Navigation speedup | vs. grep + reading files | ~97× faster |
Full methodology: Django benchmark ↗ · Full benchmark suite (11 codebases) ↗ · Security benchmark ↗
Estimate your monthly savings based on your team size, codebase, and model choice.
The turns / task slider accounts for context accumulation: files loaded in turn 1
stay in the context window for every subsequent turn, so the token cost of not using PM
multiplies with session length. The per-turn reduction percentage stays constant at 83–92%;
only the absolute dollar cost changes.
Based on the geomean across 11 real-world codebases (Python, Java, C#, PHP, C, Ruby, TypeScript, Rust, C++, Swift, Go).
Actual savings vary by codebase and query patterns.
# Step 1 — install uv (manages Python automatically) # macOS / Linux: curl -LsSf https://astral.sh/uv/install.sh | sh # Windows (PowerShell): powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex" # Step 2 — install Project Mapper (one-time) uv tool install "aethvion-project-mapper[languages]" # Step 3 — start the HTTP server pm-server --port 7474 # Scan your project curl -X POST http://localhost:7474/api/project-mapper/scan \ -H "Content-Type: application/json" \ -d '{"project_root": "/path/to/project", "db": "myproject"}'
# Clone and run git clone https://github.com/Aethvion/Aethvion-ProjectMapper cd Aethvion-ProjectMapper # Mount your projects directory and start PROJECTS_DIR=/home/you/code docker compose up # Server running at http://localhost:7474/docs
# Step 1 — install (if not done already) uv tool install "aethvion-project-mapper[languages]" # Step 2 — register with the Claude Code CLI (writes to ~/.claude.json) claude mcp add -s user project-mapper -- pm-mcp --db workspace # No CLI? Use a project-level .mcp.json instead — Claude Code ignores # mcpServers entries in ~/.claude/settings.json. { "mcpServers": { "project-mapper": { "type": "stdio", "command": "pm-mcp", "args": ["--db", "workspace"] } } } # Restart Claude Code, then: "scan this project with Project Mapper"
# Step 1 — install (if not done already) uv tool install "aethvion-project-mapper[languages]" # Step 2 — add to ~/.cursor/mcp.json { "mcpServers": { "project-mapper": { "command": "pm-mcp", "args": ["--db", "workspace"] } } } # Restart Cursor, then: "scan this project with Project Mapper"