Codebase Graphs: How TheAuditor and Brokk Fix AI Agent Context Collapse

An AI agent refactoring a Schema change from “Products” to “ProductsVariants” kept hallucinating — inventing files that didn’t exist, fixing problems it created itself, and spiraling into a death spiral of fabricated fixes. The agent had run out of context window and started guessing.

This is context collapse: the moment an AI coding agent loses sight of the codebase reality and compensates with plausible-sounding hallucinations. It’s not a model quality problem — it’s a data access problem. The agent doesn’t have deterministic access to the code structure, so it infers it. And inference over code structures is what rm -rf bugs are made of.

Two open-source projects are attacking this at the root: TheAuditor and Brokk. Both build queryable codebase graphs that agents use as ground truth. Here’s how they work and what the pattern means for your agent workflow.

The Context Collapse Problem

| TheAuditor’s v2.0 creator, a former Cisco/VMware architect, described the failure mode after an 800-commit rewrite on the official blog [1]:

“The AI couldn’t keep enough files in its context window to understand the full scope of the refactor, so it started hallucinating, ‘fixing’ superficial issues. If I kept pressing it, it would literally panic and make up problems ‘so it could fix them.’”

Two root causes emerge from this diagnosis:

Context window exhaustion. A non-trivial refactor involves 10-20+ files. Even Claude 4’s 200K-token context runs out when you’re chasing imports across a microservice boundary. The agent starts discarding earlier file contents — the ones that established the refactoring plan — to make room for new information.

Stale training data. Agents default to obsolete patterns (Node 16 APIs in a Node 22 project, glob v7 instead of v11) because their training data lags behind your project’s dependency versions. The agent optimizes for “making it run at any cost” — including introducing security holes to bypass an error.

The fix in both TheAuditor and Brokk is the same architectural insight: give the agent a way to query codebase facts deterministically, so it doesn’t have to hold everything in context.

TheAuditor: SQLite Graph DB for Codebase Reality

TheAuditor indexes your entire codebase into a local SQLite graph database [2]. Instead of reading 10+ files into context to understand a dependency chain, the agent runs a single query:

aud explain --path "src/services/payments.ts"

What comes back is 500 lines of deterministic facts: import relationships, type dependencies, function callers and callees, microservice boundaries. No inference, no hallucination — just the graph traversal result.

The architecture uses three principles:

Triple-entry fidelity. Every data pipeline step — Indexer → Extractor → Parser → Storage — has matching checks. If the parser emits a manifest and the DB emits a receipt that doesn’t match, the system crashes intentionally. Silent data loss is treated as a crash, not a warning. This is the opposite of the “make it run at any cost” agent behavior.

Hybrid taint tracking. Extended from Oracle Labs’ IFDS research, TheAuditor can track data flow across microservice boundaries — a React fetch call through Express middleware to a controller. This matters because in a “Products” to “ProductsVariants” refactor, the data flow crosses these boundaries and agents miss the connections.

Scope expansion. v2.0 added Rust, Go, Bash, AWS CDK, and Terraform support (v1 was Python/JS only). The tradeoff: every language needs a pseudo-compiler with extractors for every framework, every syntax. The creator acknowledges this explicitly — “sometimes I don’t get it right, and sometimes I just won’t have had enough time to build it out.”

Brokk: Fast AST Analysis for Agent Context

Brokk takes a different architectural approach: it uses AST analysis rather than a pseudo-compiler, targeting significantly higher throughput [3].

Dimension TheAuditor Brokk
Data store SQLite graph DB In-memory AST cache
Throughput Language-dependent ~1M LOC/minute
Framework support Python, JS, Rust, Go, Bash, CDK, TF Primarily Python/JS via AST
Fidelity model Triple-entry (crash on mismatch) AST-native (no translation layer)
Agent integration CLI tool (aud explain) Harness-level integration
License Proprietary Open (Brokk.ai)

Brokk’s 1M LOC/minute throughput means it can index a monorepo in seconds rather than minutes. It’s more tightly coupled to its own agent harness — the creator described it as “more tightly coupled to our own harness” compared to TheAuditor’s standalone CLI approach [4].

The throughput advantage comes from avoiding the pseudo-compiler overhead. Instead of building framework-specific extractors, Brokk works directly with the AST. This means lower latency and less surface area for bugs, at the cost of less framework-specific knowledge (no React fetch → Express middleware tracking, for example).

Pre-Investigation: The Pattern That Matters

Both tools share a workflow pattern that’s more important than either implementation: the agent runs a codebase investigation before writing any code.

TheAuditor’s creator described his daily workflow:

“I don’t let the AI write a line of code until the AI has run a pre-investigation for whatever problem statement I’m facing. This ensures it’s anchored in facts and not inference assumptions or, worse, hallucinations.”

This is the opposite of the typical “prompt → generate code → debug” loop. The pre-investigation phase is a separate step where the agent:

  1. Queries the codebase graph for affected files, dependencies, and data flows
  2. Produces a pre-implementation audit of what needs to change
  3. Creates a planning document based on deterministic facts
  4. Only then generates code against the verified plan

The result is fewer rounds of “fix the bug the previous fix introduced” — the death spiral that TheAuditor’s creator identified as the villain origin story for the project.

Key Takeaways

  1. Context collapse is a data access problem, not a model quality problem. Giving agents deterministic access to code structure eliminates the root cause of codebase hallucinations — agents guessing about files they can’t fit in context.

  2. Two architectural approaches exist. TheAuditor’s pseudo-compiler with triple-entry fidelity provides deeper framework-specific understanding (cross-microservice data flow) but at higher maintenance cost. Brokk’s AST-native approach provides higher throughput and less surface area for bugs but less framework-specific insight.

  3. Pre-investigation breaks the write-fix-write loop. The workflow pattern — investigate before generating — is more important than the tool choice. Any agent workflow should have a “read the codebase first” phase before “write the code.”

  4. Fidelity models matter. TheAuditor’s “crash on silent data loss” approach is deliberately extreme. It’s a reaction to the agent mindset of “make it run at any cost.” Whether that strictness is appropriate for your workflow depends on whether you’re refactoring production infrastructure or experimenting with a side project.

  5. The category is early but directionally right. Both projects are pre-1.0. TheAuditor’s GitHub repo is preparing for release with blog-based early access. Brokk is available but tightly coupled to its harness. The pattern — codebase graphs for agent context — is the durable insight, regardless of which tool survives.

[1] TheAuditor Official Blog — “Why We Built TheAuditor”

[2] TheAuditor GitHub repository

[3] Brokk — AI-powered codebase understanding

[4] HN discussion: Brokk vs TheAuditor comparison

[5] Brokk Documentation

← Back to all posts