Part 10 of 10100% through the series
10
Part 10February 12, 202618 min read

The Knowledge Graph: Teaching AI to Understand Your Codebase

From file search to deep understanding

How a three-database architecture with CodeGraph, import edges, and session memory gives AI true understanding of your codebase. The knowledge graph that makes everything else possible.

Three months ago, I renamed a database column. Not a big deal --- a legacy name that had been bugging me, something like product_number being displayed as "SKU" in the UI. I did all the right things. I searched for references, updated the queries, changed the API routes, modified the frontend components that displayed it.

I missed the export function. And the webhook handler. And the PDF generator. And two reporting queries that ran on a schedule I'd forgotten about.

The rename itself was trivial. Finding all the places that referenced it should have been trivial too. But "should have been" is doing a lot of heavy lifting in that sentence. Because my codebase, like any real codebase that's been growing for months, isn't a collection of independent files. It's a web of dependencies, and that web is invisible unless you have a way to see it.

I had rules. I had memory. I had verification protocols. I had blast radius analysis. All of those systems, described in earlier articles in this series, are genuinely valuable. But they all shared the same blind spot: they treated the codebase as a flat collection of things, not as the interconnected system it actually is.

That's the problem I set out to solve. And the solution changed how every other part of the system works.

A note on availability: the knowledge graph and its associated tools are part of Massu Pro. The free core gives you the foundational governance system --- hooks, commands, memory, and verification --- and Pro adds the deep codebase intelligence described in this article.

The Limits of Flat Knowledge

If you've been following this series, you know that I've built multiple layers of institutional knowledge around my AI development process. Rules that define patterns. Memory that persists across sessions. Verification that proves claims. Incident tracking that turns failures into prevention.

All of these systems work. They've prevented hundreds of bugs and saved me countless hours. But they have a structural limitation that became increasingly painful as the codebase grew: they understand files and rules, but they don't understand relationships.

When my memory system records that a particular approach failed in a particular file, it stores that as a fact about a file. When my rules say "always use this query pattern," they apply globally. When my blast radius analysis searches for references to a value I'm changing, it's doing text search, finding strings that match, without understanding why they match or what they connect to.

This is like having an encyclopedia about a city but no map. You can look up any building and learn about it in detail. But you can't ask "what happens to traffic if I close this road?" because the encyclopedia doesn't understand how the buildings relate to each other, how the roads connect, how the systems interact.

A real codebase is a city. Files are buildings. Imports are roads. Database tables are utilities that serve multiple buildings. API routes are the transit system. And understanding any single building in isolation tells you almost nothing about what happens when you change it.

I needed a map.

From Files to Relationships

The idea is conceptually simple, even if the execution was not: build a model of the codebase that represents it as a graph of relationships, not a list of files.

In Massu, this became a three-database architecture:

  • CodeGraph DB --- a read-only database that stores the structural model: files, functions, classes, exports, and their relationships. This is the map itself.
  • Data DB --- a read-write database that stores import edges, tRPC mappings, and the sentinel registry (sentinel features available with Team). This is the layer that understands how code connects across module boundaries.
  • Memory DB --- a read-write database that stores session memory, observations, analytics (available with Pro), and the audit trail (available with Enterprise). This is the institutional knowledge layer.

Every significant element in the codebase becomes a node: files, functions, database tables, API routes, UI components, configuration values. And the connections between them become edges: this function calls that function, this component consumes that API route, this API route queries that database table, this configuration value is referenced by these twelve files.

The result is a queryable map of the entire system. Not just what exists, but how everything connects to everything else.

This isn't static analysis in the traditional sense. Traditional static analysis tools parse your code and find issues: unused variables, type mismatches, unreachable code. Those are useful but limited. What I'm describing is more like a living model that understands the architecture of your application at every level, from database schema up through API layer to frontend presentation.

When I say "living," I mean it updates as the codebase changes. It's not a snapshot you generate once and consult occasionally. It reflects the current state of the system, and you can query it in real time while working.

Impact Analysis: Seeing the Ripple Before You Drop the Stone

Remember the URL change from Article 7, the one where I changed a default landing page path and missed thirty out of thirty-three references? That incident was the catalyst for blast radius analysis, which I described as searching the entire codebase for every occurrence of a value before changing it.

Blast radius analysis works. It's saved me dozens of times. But it has a limitation: it can only find direct references. If I'm changing a database column name, text search will find every place that column name appears as a string. What it won't find is the component that doesn't reference the column directly but displays data from an API route that queries it.

Impact analysis through a knowledge graph solves this. Instead of searching for strings, you trace relationships. "This column is queried by these API routes. These API routes are consumed by these components. These components are rendered on these pages. These pages are linked from these navigation elements."

The graph follows the chain of dependencies in both directions, upstream and downstream, and gives you the complete picture of what a change will affect. Not just the files that contain the string you're changing, but every file that's connected to the thing you're changing, however indirectly.

In Massu, this is the massu_impact tool. I can ask "what is the full impact of modifying this database table?" and get back a structured answer that includes the API routes that query it, the frontend components that display its data, the export functions that process it, the webhook handlers that react to changes in it, and the scheduled jobs that aggregate it. Every link in the chain, not just the first one.

This is the difference between searching and understanding. Text search finds occurrences. The graph finds consequences.

Coupling Detection: Finding the Ghosts

In Article 4, I talked about phantom components: code that exists but isn't actually used anywhere. A component file that's been created but never rendered on a page. A backend procedure that's been built but never called from the frontend. A database table that exists in the schema but has no API route that accesses it.

These phantom elements are surprisingly common in AI-assisted development. The AI creates things eagerly. It builds a backend procedure because the plan says to, then moves on to the next item and forgets to wire it up to the UI. It creates a component, but the page that's supposed to render it still uses the old version. It adds a database table, but the migration doesn't make it past staging.

Finding phantoms through manual review is like finding a needle in a haystack. You'd have to check every backend procedure to see if any frontend code calls it. Every component to see if any page renders it. Every table to see if any query references it.

The knowledge graph makes this trivial. By definition, a phantom is a node in the graph with no incoming connections of the expected type. A backend procedure with no frontend callers. A component with no page rendering it. A table with no API route querying it.

In Massu, this is the massu_coupling_check tool. I run coupling checks regularly now. They surface exactly these disconnections, the places where something exists but isn't integrated into the system. And they surface them before I discover them in production, which is when phantom components usually announce themselves (by their absence).

More importantly, coupling detection runs both ways. It doesn't just find backend features with no frontend exposure. It also finds frontend elements that reference backend procedures that don't exist, components that import modules that have been deleted, and pages that link to routes that were removed. The graph sees broken connections from both ends.

Domain Awareness: Not Everything Is Relevant

One of the hardest aspects of working with AI on a large codebase is relevance. When you're working on the authentication system, the AI doesn't need to know about your product catalog. When you're building an export feature, the shopping cart code is irrelevant. But loading everything means wasting context, that precious, limited resource I spent all of Article 8 discussing.

The knowledge graph solves this through domain awareness --- in Massu, the massu_domains tool. It understands that your codebase has logical domains (authentication, products, orders, documents, reporting, administration) and it knows which files, functions, tables, and routes belong to which domain. Domains are defined in massu.config.yaml, so they reflect your actual architecture, not a generic guess.

This means when I start working in a particular area, the system can automatically surface only what's relevant. The patterns specific to that domain. The past failures that occurred in that domain. The files that are part of that domain. The tables and routes that belong to that domain. Everything else stays out of the way.

Domain boundaries also serve as natural checkpoints for impact analysis. When a change in one domain ripples into another domain, that's a signal that something significant is happening; you're not just modifying a feature, you're affecting a cross-domain dependency. These cross-boundary impacts deserve extra scrutiny, and the graph flags them automatically.

Before domain awareness, working on a large codebase felt like searching a library with no catalog system. Every session started with "which files do I need?" followed by a lot of exploration. Now, the system knows what I'm working on and loads the right context without my intervention. It's the difference between walking into a library and being handed the three books you need versus wandering the stacks trying to remember where you saw that one reference last week.

Memory, But Smarter

In Article 3, I described the memory system: a persistent database that stores observations, decisions, failures, and lessons across sessions. That system was a breakthrough. The knowledge graph makes it significantly better.

Without the graph, memory retrieval is keyword-based. When you start working on a file, the system searches memory for entries that mention that filename. This works, but it's blunt. If a failure was recorded against a different file that happens to query the same database table you're modifying, keyword search won't surface it. The failure was about that file, but it's relevant to this file because of a shared dependency.

With the graph, memory retrieval follows relationships. When you start working on a file, the system identifies everything that file is connected to (the tables it queries, the functions it calls, the components that render it) and searches memory for entries related to any of those connected elements.

The result is that relevant lessons surface even when the specific file you're editing was never directly involved in the past failure. If there was an incident involving a database table, and today you're modifying a function that queries that table, the system connects the dots. Not through keyword overlap, but through structural understanding.

This was one of those improvements that's hard to appreciate in the abstract but immediately obvious in practice. The first time a past failure surfaced for a file I was editing, a failure I would never have thought to look for because it happened months ago in a completely different part of the codebase but affected a shared database table, I realized how much I'd been missing with keyword-based retrieval.

Keeping Documentation Honest

Every codebase has a documentation problem. Documentation starts accurate, drifts from reality as code changes, and eventually becomes a historical artifact that's more misleading than helpful.

The knowledge graph offers a structural solution. Because it understands what the code actually does (which features exist, which routes are active, which tables are in use) it can compare the current state of the code against the current state of the documentation.

Features that exist in code but aren't documented. Documentation that describes features that have been removed. Help pages that reference UI elements that no longer exist. API documentation that lists endpoints that have been renamed.

This isn't about generating documentation from code. Auto-generated docs are usually too technical to be useful for end users. It's about detecting drift: flagging the gaps between what the code does and what the docs say it does, so you can update the docs with human judgment about what's worth documenting and how.

I used to treat documentation as a task I'd get to "when things settle down." Things never settle down. With drift detection, documentation maintenance becomes incremental. I fix the gaps as they're surfaced, rather than trying to do a complete documentation audit every few months (which I was never disciplined enough to actually do).

Schema as a First-Class Citizen

In Article 4, I described what I call ghost columns: code that references database columns that don't actually exist. A query that filters by a column name that was renamed months ago. A component that displays a field that was removed from the table. An API route that sorts by a column that never existed in the first place.

My verification system catches these when you explicitly verify. But what about the references you don't think to check? In a codebase with dozens of database tables and hundreds of queries, there are always column references that haven't been verified recently.

The knowledge graph treats the database schema as a first-class element of the system model. It knows which tables exist, which columns they have, what types those columns are. And it can trace from those columns to every piece of code that references them.

This means schema changes trigger automatic analysis. Rename a column, and the graph immediately identifies every query, every API route, every component that references the old name. Drop a table, and you see exactly which parts of the codebase still expect it to exist. Add a column, and you can verify that all the relevant API routes and components have been updated to include it.

It also prevents the ghost column problem proactively. Before code runs against the database, the system can verify that every column reference in that code corresponds to an actual column in the actual schema. Not by running the query and seeing if it fails, but by checking the graph before the code executes.

The Compound Effect

I described in Article 9 how each layer of the system amplifies the others: rules make memory more useful, verification makes rules enforceable, incident tracking makes everything self-improving. The knowledge graph takes this compound effect to another level, because it's the connective tissue that makes every other system structurally aware.

Memory becomes graph-aware, so failures surface based on relationships, not just keywords. Blast radius analysis becomes complete, following actual dependencies instead of relying on text search. Coupling checks become automated; instead of manually verifying that backend features have frontend consumers, the graph reports disconnections as a matter of course. Domain awareness makes context management efficient: instead of loading everything and hoping the AI ignores what's irrelevant, only the relevant domain is surfaced. Schema verification becomes systemic; instead of checking one table at a time, the entire codebase is validated against the actual database structure.

No single one of these improvements is revolutionary on its own. But together, they transform the system from a collection of independent tools into an integrated development intelligence.

Think of it this way. Before the knowledge graph, each tool in my system was like a specialist who's brilliant in their domain but doesn't talk to the other specialists. The memory system knew about past failures but didn't understand code structure. The blast radius analyzer understood text references but not dependency chains. The verification system could check claims but didn't know which claims to prioritize.

The knowledge graph is the meeting room where all these specialists finally sit down together. Memory says "there was a failure here." The graph says "and that failure is relevant to what you're doing now because of this dependency chain." Blast radius says "here are all the direct references." The graph says "and here are all the indirect ones too." Coupling detection says "this procedure has no frontend caller." The graph says "and neither does this one, which was created in the same feature branch."

This integration extends to cost management too (cost tracking available with Pro). The graph helps the system decide which agents need the most powerful models and which can use efficient ones. When the graph identifies a change that crosses domain boundaries and affects security-sensitive code, it flags this for the adversarial review agents that use more capable models. When a change is contained within a single domain and touches well-understood patterns, efficient models handle the review. The knowledge graph doesn't just connect code; it connects the decision-making about how to allocate AI resources.

Why This Matters If You Work Alone

There's a concept in software development that I've come to think about a lot: the system model. In a traditional development team, the system model lives in people's heads, primarily the architect's. The architect understands how the pieces fit together, which parts depend on which, where the load-bearing walls are, and where you can knock through without structural consequences.

On a team, if you're about to make a change that has hidden dependencies, the architect stops you. "Wait, that table is used by the reporting system. If you change it, the weekly reports will break." That institutional knowledge is arguably the architect's most important contribution: not the code they write, but the system model they maintain.

When you're building solo with AI, nobody holds the system model. Not you, because the codebase has grown past the point where any human can hold all the relationships in working memory. Not the AI, because every session starts fresh, and even within a session, the context window can't hold the entire codebase. The system model exists nowhere, and that means nobody stops you before you break something three layers away.

The knowledge graph is the architect that never goes home. It holds the complete system model: every relationship, every dependency, every cross-domain connection. It doesn't forget over the weekend. It doesn't miss the reporting queries because it was focused on the API layer. It doesn't have knowledge that leaves when an employee does.

For a solo developer building something complex, this isn't a nice-to-have. It's the difference between building with a blueprint and building from memory. You can do either one, but only one of them scales.

What's Next

This article wasn't in the original plan. When I finished Article 9 and called the series complete, the knowledge graph was something I was just starting to build. Reader interest and a few pointed questions about how all the systems connect pushed me to write about it.

I'm glad I did, because the knowledge graph has turned out to be the most consequential piece of the entire system. Not because it's the most technically impressive (frankly, memory and verification were harder problems) but because it's the piece that ties everything else together. It's the reason the whole system is greater than the sum of its parts.

Will there be more articles? Honestly, I don't know. The system continues to evolve. Every week I discover something new about what's possible when you combine AI with rigorous engineering discipline. If something feels significant enough to share, I'll write about it.

Everything described in this series --- the protocols, the memory system, the verification mindset, the hooks, the incident loop, the planning process, and the context management --- is implemented in Massu AI. The free core is genuinely powerful: twelve core MCP tools, thirty-one workflow commands, eleven lifecycle hooks, and the three-database architecture. You can install it today and start governing your AI code with the same system that's been refined through hundreds of real features and dozens of production incidents. The knowledge graph, impact analysis, coupling detection, and domain awareness described in this article are part of Pro, which unlocks fifty-five tools across eighteen categories. Beyond the knowledge graph, Pro includes observability tools for real-time monitoring of AI session behavior, token usage patterns, and performance metrics, plus regression detection that automatically compares quality metrics against historical baselines to catch degradation before it compounds. Team (sixty-four tools) and Enterprise (seventy-two tools) add shared governance and compliance-grade audit capabilities.

The system matters more than the model. The relationships matter more than the rules. And the knowledge graph is the structure that makes both of those principles concrete.

This is Part 10 of a 10-part series on building enterprise software with AI:

  1. How I Stopped Vibe Coding and Built a System That Actually Ships
  2. The Protocol System: How I Turned AI From a Chatbot Into a Development Partner
  3. Memory That Persists: How I Made AI Actually Learn From Its Mistakes
  4. The Verification Mindset: Why "Trust But Verify" Is Wrong When Building With AI
  5. Automated Enforcement: Building Hooks and Gates That Catch Problems Before You Even See Them
  6. The Incident Loop: How Every Bug Makes Your AI Development System Permanently Stronger
  7. Planning Like an Architect: Why AI Needs a Blueprint Before Writing a Single Line of Code
  8. Context Is the Bottleneck: Managing AI's Most Precious and Most Fragile Resource
  9. Solo Worker, Enterprise Quality: The New Economics of AI-Assisted Development
  10. The Knowledge Graph: Teaching AI to Understand Your Codebase as a Living System (this article)

I'm the Co-founder and COO of Limn, where we create luxury furniture and fixtures for large-scale architectural and building projects. Alongside the physical work, we design the systems required to manage a complex, global lifecycle --- from development and production to shipping and final delivery. The governance system I built for Limn's software is now Massu AI, an open-source AI engineering governance platform.

Imagined in California. Designed in Milan. Made for you.

Here, I share what I've learned about making AI development actually work in the real world.

Have questions or want to share your own AI development setup? I'd love to hear from you in the comments.

Three databases. 12 free tools. 72 total.

Massu's architecture --- CodeGraph DB, Data DB, and Memory DB --- with 72 MCP tools across all tiers gives your AI true structural understanding of your codebase. Impact analysis, coupling detection, and domain awareness included in the free core.

Install FreeView Cloud Plans