It builds the graph from what is actually there.
index walks the workspace, reads each repository, and derives edges from real evidence (imports, manifests, references) rather than from hand-written declarations you have to maintain. Each edge carries the evidence that produced it, so you can inspect why any two repos are connected. Each node gets a structural role based on its position in the graph: a root, a leaf, a hub, a bridge. Nothing is inferred that cannot be shown.
A label that comes from the graph topology is more trustworthy than a label someone wrote in a config file and forgot to update.An atlas of code and knowledge.
The deeper idea behind index is a two-layer map: repos and docs as linked nodes, navigable the way a wiki is navigable. This site is, in that sense, a small atlas of the work. Each flagship page is a node; the connections between the projects are the edges. index makes that structure explicit and machine-readable for a whole workspace, not just a website.
Run it over the actual workspace and a drift signal emerges: places where the real dependencies no longer match the stated ones.
When index was run over the author’s own workspace it found around 80 repos and 32 edges, and it surfaced drift: dependencies that had shifted since the manifests were last written. That is the kind of signal that is invisible when you have to count it by hand but obvious the moment you have a graph.
It does not just draw the map. It checks it.
A map tells you the shape. The next questions are whether it is the shape you meant, and whether it is still that shape today. You write the rules a healthy codebase keeps into a small .index.toml: which layers may depend on which, edges that must never exist, a ceiling on cycles. index check measures the real graph against them and returns a certificate.
The verdict is one of three words, MATCH, DRIFT, or UNVERIFIABLE, and never a fourth. There is no TRUSTED.
You believe a certificate by re-running its own recheck command and recomputing its hashes, not because it told you to. It states its own coverage as well: the files it could not parse, the dynamic imports it could not follow, so a MATCH never claims more than it proved. index snapshot and index drift do the same across time. index freshness answers whether the ground truth has moved since a certificate was minted. index verify grounds a single claim, does A depend on B, against the real graph, so a model confirms a dependency instead of trusting its memory.
Built from what practitioners keep asking for.
These are real comments from developers talking about agent memory and code agents, each next to what index does about it.
“Claude can make a wrong assumption and that issue will compound for hours until I check.”
The MATCH / DRIFT / UNVERIFIABLE certificate is the mid-loop check that re-grounds an agent against the real structure each turn, instead of letting a wrong assumption ride.
“A brain that only ever adds slowly poisons itself with stale facts.”
index marks a superseded dependency as DRIFT, non-destructively, with the trail kept, rather than letting a stale claim compete with the truth.
“I am done with online AI. Double down on offline AI.”
index makes no model call and no network call at all. The same repo gives the same graph and the same certificate regardless of which model ran, so it is the deterministic fixed point in a stochastic stack.
“90,948 tokens to produce a 3,408-token answer.”
index precomputes the map once and hands an agent a compact pack instead of making each sub-agent re-read the code. index bench measures the saving on your own workspace: on a 47-repo, 50 MB workspace the structural pack came back about 70 times smaller than the source it distills.
See it run.
One dependency edge, with the evidence that drew it. One certificate, with the verdict you re-run. One number, the token economy on your own code.
$ index graph --root . --json # every edge carries the file and line that witnesses it {"from": "cli", "to": "core", "confidence": "high", "evidence": "cli/main.py:12 import + pyproject.toml:8 manifest"} $ index check --root . verdict=MATCH findings=0 # re-run the recheck command and confirm the hashes yourself $ index bench --root . # the structural pack vs the source it reads source read 49,880,045 bytes index pack 716,288 bytes 69.6x smallerRun any of these over your own workspace and the output is the same shape, with your repos in it.
What is done. What is next.
Done and public on PyPI as index-graph (the name index was already taken): the two-layer atlas, the dependency graph across nine ecosystems, the intra-repo module graph, the architecture certificate with snapshot, drift, and freshness, the claim oracle, the router for a CLAUDE.md or AGENTS.md, the MCP protocol face, and the token-economy benchmark. All of it offline, with zero dependencies. Next: typed edges that say how A connects to B (defines, re-exports, replaces), a budget-sized per-turn context pack, and the same verified-compression discipline turned on prose.
Saying what is not done yet is part of the design. A map that overstates its coverage is worse than no map at all.
Install it. Point it at the workspace.
One command to install, one command to run. If you find repos it missed, edges it drew wrong, or roles it assigned incorrectly, those are exactly the reports that sharpen the engine.
$ pip install index-graph Successfully installed index-graph-2.8.0 $ index atlas --root . --format html --out atlas.html # the two-layer code-and-knowledge map, one self-contained offline file