Stats
Actions
Tags
From cartographer
Map, audit, and review large multi-segment codebases (hundreds of files, multiple integrations like Supabase, Telegram, Vercel, AI APIs, file systems, queues, etc.) by building a dependency graph, detecting functional segments, then dispatching review subagents in controlled waves. Use this skill whenever the user wants to "map out", "audit", "review", "find duplication in", "enforce style across", "understand the structure of", or "analyze a large codebase" — especially when they mention many endpoints, multiple third-party integrations, or cross-cutting consistency concerns. Use even when the user does not say "skill" or "cartographer" — phrases like "review my whole project", "find inconsistencies across the repo", "build a UML of my project", or "I have hundreds of files spread across X, Y, Z services" should trigger this. This skill consumes substantial tokens and runs many subagents; it requires explicit upfront opt-in from the user before proceeding past Phase 0.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cartographer:cartographerThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
A multi-phase skill for mapping, segmenting, and auditing large codebases. Builds a dependency graph, detects functional segments (per integration / per pipeline), dispatches review subagents in waves of 5, and synthesizes cross-cutting findings (duplication, naming drift, refactor candidates, centralization opportunities).
A multi-phase skill for mapping, segmenting, and auditing large codebases. Builds a dependency graph, detects functional segments (per integration / per pipeline), dispatches review subagents in waves of 5, and synthesizes cross-cutting findings (duplication, naming drift, refactor candidates, centralization opportunities).
Trigger this skill when the user wants holistic understanding or auditing of a project that:
Do NOT use this skill for small projects (<30 files) — agentic search handles those just fine. The overhead only pays off when the project is too large to hold in working memory.
Phase 0 Scope & explicit opt-in
Phase 1 Build dependency graph + call graph + class model (scripted)
Phase 1.5 Trace pipelines from entry points through call graph (scripted)
Phase 1.6 Extract OpenAPI + per-endpoint deep call trace (scripted)
Phase 2 Detect & label segments (scripted)
Phase 3 Plan review waves (scripted)
Phase 3.5 Match a specialist agent to each segment (scripted)
Phase 4 Dispatch review subagents (Claude does this, in waves of ≤5)
Phase 5 Synthesize cross-cutting findings (script + main agent)
Phase 6 Produce final artifacts (FINAL_REPORT.md + backlog.md)
Phase 7 Apply backlog — dispatch fix subagents per backlog item (opt-in)
Phases 1–3.5 and 5 are deterministic Python scripts under scripts/. Phase 4 is the only "agentic" phase and is gated by the user's opt-in from Phase 0.
The skill ships with 14 specialist reviewer roles under agents/:
| Specialist | Reviews |
|---|---|
auth-security-reviewer | Auth flows, tokens, sessions, secrets |
supabase-reviewer | Supabase client, RLS, edge functions, realtime, storage |
db-schema-reviewer | Schema, migrations, indexes, raw SQL |
telegram-bot-reviewer | Handlers, FSM, webhook security, rate limits |
ai-pipeline-reviewer | Models, prompts, caching, token budgets, structured output |
backend-api-reviewer | Endpoints, validation, response shapes |
data-pipeline-reviewer | ETL/ML correctness, leakage, NaN/index, perf, reproducibility |
queue-worker-reviewer | Idempotency, retries, DLQ, backpressure |
webhook-integration-reviewer | Sig verification, replay, outbound timeouts |
frontend-ui-reviewer | Hooks, props, state, render perf, a11y |
file-storage-reviewer | Upload safety, signed URLs, FS leaks |
realtime-streaming-reviewer | Channels, broadcast scope, auth-per-message |
devops-config-reviewer | Image hygiene, secrets, env drift, pins |
caching-reviewer | TTL, invalidation, stampede, key collisions |
generalist-reviewer | Fallback for everything else |
Each segment is auto-matched to the best specialist by Phase 3.5. See agents/AGENTS.md for the catalog and matching rules.
Three things happen here, in order:
Run a quick size scan and present it:
cd <project_root>
echo "Files: $(git ls-files 2>/dev/null | wc -l || find . -type f -not -path '*/node_modules/*' -not -path '*/.git/*' | wc -l)"
echo "LOC: $(git ls-files 2>/dev/null | xargs wc -l 2>/dev/null | tail -1 || echo 'n/a')"
echo "Languages:" && git ls-files 2>/dev/null | sed 's/.*\.//' | sort | uniq -c | sort -rn | head -10
Read prompts/clarifying_questions.md and ask the user 3–5 focused questions in one message (don't ping-pong). The goal is to capture: goal, skip-paths, known-issues, ground-truth docs, sensitive paths, test posture, budget.
Save answers to .cartographer/scope.json. The mapper, segmenter, and specialist matcher all consume this file downstream.
After scope + answers, present a clear plan:
Project: X files / Y LOC in {languages}. Goal (from your answer): {goal}. Excluded: {skip_paths}.
Plan:
- Build dependency graph + call graph + class model (~30s, scripted)
- Trace pipelines + extract OpenAPI (~10s, scripted)
- Detect ~N functional segments (scripted)
- Match each to a specialist reviewer (scripted)
- GATE A — confirm segmentation + assignments before dispatching agents
- Dispatch
M reviewer subagents in waves of 5 ($X estimate)- Synthesize findings + final report
- GATE D — review backlog, pick what to fix
- Phase 7 (optional) — apply fixes via fix subagents
Reply "proceed" to start, or describe a partial scope.
Do not proceed past 0.3 without explicit go-ahead.
Run the mapping script. It walks the repo, parses Python (AST-precise) / JS/TS/Go (regex), extracts:
tsconfig.json are resolved)python scripts/map_project.py <project_root> --output .cartographer/
Outputs:
.cartographer/project-map.json — full graph: files, edges, symbols, classes, calls, endpoints, integrations.cartographer/project-map.mmd — Mermaid: file-level dependency graph.cartographer/class_diagram.mmd — Mermaid classDiagram of project classes (with methods + fields + inheritance)If a language isn't yet supported, scripts/map_project.py is the place to extend.
Run the pipeline tracer. It finds entry points (API endpoint handlers, main() functions, worker tasks) and BFS-walks the resolved call graph from each one. Each pipeline becomes a function-level "what calls what" diagram — the closest thing to a runtime UML you can build statically.
python scripts/trace_pipelines.py .cartographer/project-map.json --output-dir .cartographer/
Outputs:
.cartographer/pipelines.json — list of pipelines (each with nodes, edges, top external calls).cartographer/pipelines.mmd — combined Mermaid flowchart (top 10 pipelines by node count).cartographer/pipelines/<entry>.mmd — one Mermaid flowchart per pipeline (clickable in IDEs)Knobs: --max-depth (default 6), --max-nodes (default 60). Increase for deeper traces; decrease if pipelines balloon for utility-heavy code.
This phase is the answer to "show me what calls what across the project." The Mermaid output renders directly in GitHub, VS Code, Obsidian, and most markdown viewers.
For HTTP services, the API is the contract. This phase:
Extract the OpenAPI spec (3 strategies, tried in order):
openapi.json / openapi.yaml / openapi_tmp.json at standard locations--live-url http://localhost:PORT/openapi.json (or sets CARTOGRAPHER_LIVE_URL)Trace each endpoint through the resolved call graph (deeper than Phase 1.5 — default depth 10, 120 nodes per endpoint).
python scripts/extract_openapi.py .cartographer/project-map.json \
--output-dir .cartographer/ \
[--live-url http://localhost:8000/openapi.json]
python scripts/trace_endpoints.py .cartographer/project-map.json \
--output-dir .cartographer/
Outputs:
.cartographer/openapi.json — the spec (real or synthetic), with our x-cartographer.handler_id annotation per operation.cartographer/openapi_summary.md — human-readable endpoint table.cartographer/endpoints.json — per-endpoint trace summary (machine).cartographer/endpoints.md — index + reuse hot-list (functions called from 2+ endpoints).cartographer/endpoints/<METHOD>_<path>.md — one detail card per endpoint with:
Use these cards as the debug-mode view of the API: each card shows what an endpoint actually calls when invoked, statically over-approximated. Combined with the OpenAPI surface, this gives the most complete API picture without needing to run the project.
If the user wants real runtime traces (cProfile / sys.settrace), they should run their server and pass --live-url to fetch the real OpenAPI; this skill does not invoke user code.
Run the segmentation script. It computes connected components on the import graph, then labels each component by dominant integration markers (Telegram, Supabase, OpenAI, file system, etc.).
python scripts/classify_segments.py .cartographer/project-map.json --output .cartographer/segments.json
Outputs:
.cartographer/segments.json — array of segments with name, root_files, member_files, integrations, complexity_score, endpoints.cartographer/segments.mmd — Mermaid diagram with one subgraph per segmentAfter this step, show the user the segment list before dispatching agents. They may want to merge, split, or rename segments. Honor any adjustments.
Run the wave planner. It groups segments into parallel waves (max 5 per wave) ordered by dependency depth so foundation segments are reviewed before consumers.
python scripts/plan_waves.py .cartographer/segments.json --output .cartographer/wave_plan.json
Output: .cartographer/wave_plan.json — ordered list of waves, each wave is a list of ≤5 segments to review in parallel.
After segments + waves are computed but before specialist matching, show the user the segment list and let them adjust:
I detected N segments. Top 10 by complexity: [paste the top 10 from segments.json with file count + integrations]
Anything to merge, split, or skip before I run the review agents?
- "looks good" / "proceed" → continue
- "merge X and Y" → merge those segments
- "skip Z" → drop that segment from the wave plan
- "split X by Y" → re-segment that subtree
Honor adjustments. Common ones the user might ask for: merge config-only segments into the parent domain; skip vendored / generated / legacy paths; rename a segment for clarity.
Run the specialist matcher. It scores every segment against the catalog in agents/ and assigns the best-fit specialist (e.g. a Telegram-heavy segment gets telegram-bot-reviewer, an SQL-heavy segment gets db-schema-reviewer).
python scripts/match_specialists.py .cartographer/wave_plan.json \
--segments .cartographer/segments.json \
--agents-dir agents/
This enriches wave_plan.json with specialist_assignments: {segment_name: {assigned_agent, score, runners_up}}. Show the user the assignments before Phase 4 — they may want to override (e.g. swap to auth-security-reviewer on a segment that touches auth even if it doesn't trigger the integration).
To override: edit the assigned_agent field for that segment in wave_plan.json directly.
Show assignments + cost estimate. This is the gate before the expensive part.
Specialist assignments: [paste from wave_plan.json — specialist count + per-segment listing of top 10 by complexity]
If any segment scored < 1500 (no good specialist match), see
specialist_gaps.json— those will usegeneralist-reviewerunless you specify otherwise.Cost estimate: ~M subagent runs × ~40K tokens avg =
T tokens ($E).Reply:
- "proceed" → run all M
- "top N" → only the N highest-complexity segments
- "skip generalist" → only run segments with a specialist match
- "swap X to Y" → reassign segment X to specialist Y
- "stop" → ship the static analysis only (no Phase 4)
Do not dispatch Phase 4 without explicit confirmation here. This is the cost gate.
This is the only phase where Claude (the main agent) does the orchestration. For each wave in wave_plan.json:
Read prompts/specialist_base.md — universal subagent contract (input vars, output schema, universal rules).
For each segment in the wave, look up its assigned_agent in wave_plan.json.specialist_assignments, then spawn a subagent in parallel (use the Task tool). Compose the subagent's system prompt as:
<contents of prompts/specialist_base.md>
--- SPECIALIST ROLE ---
<contents of agents/<assigned_agent>.md>
Pass the segment's metadata as the user prompt: segment_name, integrations, file_list, output_path (.cartographer/reports/<segment_name>.md), project_root, specialist_role.
Wait for all subagents in the wave to finish before starting the next wave. Do not start wave N+1 while wave N is running.
After each wave, briefly summarize progress (e.g. "Wave 2/5 complete — 10 segments reviewed by [auth-security-reviewer × 2, db-schema-reviewer × 3]").
Important: subagent reports follow a strict schema (see prompts/specialist_base.md). Phase 5 parses these reports. If the user asks to customize the report format, update prompts/specialist_base.md AND scripts/synthesize.py together. The per-specialist sections (e.g. "Endpoint inventory", "RLS audit") are additive — they appear under "Specialist findings" and don't break the parser.
Wave with segments + assignments:
auth_module → auth-security-reviewer
telegram_bot → telegram-bot-reviewer
supabase_layer → supabase-reviewer
ai_chat → ai-pipeline-reviewer
file_storage → file-storage-reviewer
Spawn 5 subagents in parallel, each given:
prompts/specialist_base.md + matched agents/<role>.md..cartographer/reports/<segment_name>.md.Wait for all 5 to complete. Then proceed to next wave.
After all waves are complete, run the synthesis script. It reads every per-segment report, extracts symbol inventories, and runs cross-cutting analyses.
python scripts/synthesize.py .cartographer/reports/ --map .cartographer/project-map.json --output .cartographer/synthesis.json
What it detects:
Outputs:
.cartographer/synthesis.json — structured findings (now includes agent_findings.refactor_suggestions, agent_findings.concerns, agent_findings.cross_segment_hints aggregated from per-segment reports).cartographer/synthesis.md — human-readable summaryRead synthesis.json and write the final consolidated report. Use prompts/final_synthesis.md as the structure template.
The final report goes to .cartographer/FINAL_REPORT.md and includes:
Present FINAL_REPORT.md to the user. Offer to drill into any specific finding.
Read prompts/gap_handling.md and run the three rounds of questions:
Save selections to .cartographer/fix_selection.json. Don't dispatch Phase 7 without this confirmation.
.cartographer/parse_errors.log, continue. Don't fail the whole run on one bad file..cartographer/ directory holds all partial state. On resume, skip phases whose outputs already exist.The integration detectors (Phase 1) and segment heuristics (Phase 2) are designed to be extended. Edit INTEGRATION_PATTERNS in scripts/map_project.py (one regex per integration label) to add detectors for new frameworks/services.
After Phase 6 produces FINAL_REPORT.md and a backlog.md (curated list of file-pinned fixes), the user can opt into Phase 7 to actually apply fixes via subagents.
backlog.md)Fenced blocks, one per fix:
\`\`\`fix-1
summary: Move Toasters inside <BrowserRouter>
severity: P0
files: frontend/src/App.tsx
location: frontend/src/App.tsx
description: |
Toasters mounted outside <BrowserRouter>; useNavigate inside a toast
handler will crash the app.
fix: |
Move <Toaster /> and <Sonner /> inside <BrowserRouter> as siblings
of <Routes>. Keep their order.
verification: tsc --noEmit
\`\`\`
python scripts/apply_backlog.py .cartographer/backlog.md \
--output .cartographer/fix_plan.json
This groups items into waves so no two items in a wave touch the same file (parallel-safe).
For each wave, spawn one subagent per fix item using prompts/fix_agent.md as the system prompt. Each fix agent:
item.filesEdit with exact strings, no rewrites).cartographer/fix_reports/<item.id>.md with diff + verification resultAfter each wave, the main agent reviews the fix reports, runs git diff to confirm changes, and decides whether to proceed to the next wave or stop.
Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.
npx claudepluginhub roeimichael/cartographer --plugin cartographer