Know which file will break
before it does.

Cortex watches your codebase in real time, scores every file 0–100 across 7 weighted metrics, and surfaces risk before it becomes a problem. Everything runs on your machine.

cortex
Export
filter files...
Critical
Stressed
Healthy
Activity
Features

Built for developers
who ship often.

Every feature runs locally, updates on every save, and gives you concrete signal, not vague advice.

Scoring

Every file has
a live score.

Each file gets its own 0–100 risk score, recalculated on every save. No project averages, just precise, per-file signal updated in real time.

per-file real-time 0–100 risk
Graph

See the architecture,
see the risk.

Interactive dependency graph of your import edges. Nodes colored by risk, sized by fan-in. Pan, zoom, explore the coupling, spot the dangerous files before they cause a regression.

LAYERS · ALL LINKS pan & zoom coupling analysis
Activity

Every scan,
logged.

Full scan history with an interactive trend graph. Track your project's risk score over time, by scan or by day. See exactly when complexity crept in, and when a refactor paid off.

scan history trend graph by scan · by day
Security

20 patterns.
Dep audit included.

Static pattern scan for secrets, XSS vectors, unsafe crypto, eval usage, and more. Plus npm advisory integration to catch vulnerable dependencies, without leaving the app.

20 patterns npm audit XSS · Secrets · Crypto
Code

See it, fix it,
without leaving Cortex.

Open any function directly from the detail panel. Read it with syntax highlighting, then switch to edit mode. Powered by CodeMirror 6. Save triggers an instant rescan so you see the impact immediately.

CodeMirror 6 TS · JS · Python save → rescan
cortex
Current
18.9/100
Average
26.9/100
Best
0.0/100
Worst
31.6/100
204 scans · 21/3 → 26/3 ↓ 7.6 since first scan
parser.ts / tokenize l.16–32
Edit
14// Tokenize source to token stream
15
16export function tokenize(
17 source: string,
18 lang: 'js' | 'py',
19): Token[] {
20 const tokens: Token[] = [];
21 let i = 0;
22
23 while (i < source.length) {
24 if (source[i] === '#') {
25 tokens.push({ type: 'comment' });
26 i++; continue;
27 }
28 tokens.push({ type: 'plain', text: source[i++] });
29 }
30
31 return tokens;
32}
← tokenize
tokenize
l.1617L
68 top signal
Cyclomatic8
Cognitive14
Size17L
Depth2
Params2
9 Medium 31 Low ▲ 4 vulnerabilities in dependencies
How it works

Up and running
in 3 steps.

01
Clone & install
Clone the repo, install dependencies, and start in dev mode, or grab a prebuilt binary from the releases page.
# Clone the repo git clone https://github.com/yugz29/Cortex.git
npm install && npm run dev
02
Add your project
Click Add project and select a folder. Cortex starts watching and scoring immediately. Switch between projects at any time. No restart needed.
.ts .tsx .js .jsx .mjs .cjs .py
03
Watch it update
Every save triggers a fresh scan. Risk scores, trend graphs, hotspots, security findings, all updated live. No cloud, no AI model required.
parser.ts rescanned 0ms
7 weighted metrics

Every signal
that matters.

Each metric is independently computed, then combined into a single weighted risk score. Thresholds adapt to your project's own distribution. What's normal here stays green.

28%
Cyclomatic Complexity
Counts independent paths through a function. Each branch (if, &&, ||, ternary, case, catch) adds 1. Blended max + mean. One monster function won't sink an otherwise healthy file.
safe cx ≤ 3  ·  danger cx ≥ 15
19%
Cognitive Complexity
Measures how hard code is to read. Nesting adds a depth penalty. An if inside 3 loops costs 4 points, not 1. Based on the SonarSource model.
safe cog ≤ 8  ·  danger cog ≥ 60
14%
Function Size
Lines per function, max and mean blended. Long functions mix concerns, resist refactoring, and are harder to test in isolation.
safe ≤ 20 lines  ·  danger ≥ 80 lines
14%
Nesting Depth
Maximum block nesting inside any function. Deep nesting is a proxy for entangled logic, conditions inside conditions inside conditions.
safe depth ≤ 2  ·  danger depth ≥ 6
12%
Churn
Git commit frequency over the last 30 days. Files that change often introduce more regressions, especially when complexity is also high. Churn × complexity = hotspot.
safe ≤ 3 commits  ·  danger ≥ 20 commits
8%
Parameter Count
Maximum parameters on any function. Many params signal poor encapsulation. Destructured props ({ a, b, c }) are counted individually, not as one.
safe ≤ 3 params  ·  danger ≥ 8 params
5%
Fan-in
Number of distinct files importing this one. High fan-in means a change here ripples widely. Combined with high complexity, it's a structural liability.
safe ≤ 3 importers  ·  danger ≥ 15 importers
Composite
Hotspot Score
Files that are both complex and frequently modified. Computed as complexity × churn, capped at 150. The real targets for refactoring.
formula min(cx × churn, 150)
Local-first

Your code never
leaves your machine.

Cortex runs entirely on your hardware. There's no cloud, no account, no analytics pipeline. Your source code stays where it belongs.

Your code never leaves your machine
Static analysis, scoring, and pattern scanning run entirely locally. Dependency audit uses npm audit. Only package names and versions reach the npm registry, never your source code.
SQLite on disk
All scan results stored in a plain SQLite file (cortex.db) in Electron's userData folder. Inspect, export, or delete it anytime.
Apache-2.0 open source
Every line of code is public. No binary blobs, no obfuscation. Read it, fork it, audit it.
Works offline
No license server, no activation, no subscription. Install once.
Your machine
Filesystem watcher (chokidar)
Cortex engine (ts-morph · git · d3)
cortex.db (Electron userData)
network boundary
Internet
Source code. No outbound
npm audit · package names only
Export

Share the full picture.

One click exports a complete snapshot of your project's health. Markdown for humans, JSON for tools.

Executive summary : global score, critical files, hotspots, critical hubs.
Security findings included if a scan has been run. Pattern results and dependency audit.
AI-ready context block : priority files formatted to paste directly into Claude, ChatGPT, or any assistant for instant refactoring help.
Markdown + JSON exported simultaneously. One for your team, one for your pipeline.
cortex-report-cortex-2026-03-27.md
# Cortex Report — cortex — 2026-03-27
Generated by Cortex v1.0
## Executive Summary
Status  CRITICAL  ·  Risk  23.4 / 100
47 files · 3 critical · 12 stressed · 32 healthy
## Critical Files
report.ts50.6 ↑  cx:19 cog:41 81L
churn.ts49.3 ↑  cx:14 cog:28 71L
scanner.ts47.5 ↑  cx:12 cog:22 68L
## Security
7 findings · 4 medium · 3 low
MEDIUMfront-end/auth.js:63 · Secret
## AI Context
Paste the following into your AI assistant
to get targeted refactoring suggestions...
Get started

Stop guessing
which file will break.

Free, open source, local-first. No account needed. Works on any TypeScript, JavaScript or Python codebase.

Get started GitHub
macOS · Windows · Linux