Engineering decisions backed by
data, not intuition.
Vokt computes 20+ metrics from your codebase — hub scores, blast radius, cognitive load, change failure risk, knowledge concentration, architectural drift — and turns them into actionable intelligence. From org-wide architectural health to PR-level risk profiles to function-level trace paths.
20+ quantitative metrics computed from your codebase
Every metric is derived from call graphs, AST analysis, behavioral extraction, and git history. No surveys. No estimates. No opinions.
Structural
- Hub Scorecentrality
- Fan-In / Fan-Outcall graph
- Dependency Depthchain length
- Coupling Scoremodule edges
- Critical Path Densityentry traces
Complexity
- Complexity ScoreAST + calls
- Cognitive Loadmental effort
- Side-Effect SurfaceDB/API/IO
- Error Propagationfailure paths
Risk
- Risk Scorecomposite
- Behavioral Riskruntime impact
- Change Failure Riskincident prob.
- Blast Radiusdownstream
- Weighted Blast Radiusimpact-adjusted
Health & Velocity
- Volatilitychange freq.
- Stability Scorematurity
- Knowledge Riskbus factor
- Architectural Driftviolations
From visibility to productivity
One engine that serves every level of the engineering organization — from understanding what you have, to governing how it changes, to making every developer faster and safer.
Architectural Visibility
Your payment module's average blast radius increased 40% this quarter. OrderService went from 8 callers to 23 — it's now a hub. Hidden coupling detected: UserAuth and BillingEngine always change together but have no direct call relationship. This is the kind of insight Vokt surfaces.
Architectural Insights & Trends
Hub functions by centrality, cross-module coupling density, side effect distribution, and change velocity trends over time. See the inflection point when a module became a coupling risk.
Spec Generation & Onboarding
Generate behavioral specs from source — guards, side effects, calls, error handling — exportable to human-readable formats. The top 10 functions by centrality form your system's architectural spine.
API Contract Discovery
Functions above a caller threshold are implicit APIs. When a guard is removed from a function with 30 callers, that's a contract break affecting 30 downstream functions — Vokt escalates it.
Governance & Risk
A function changes every sprint, has blast radius 30, and only one person has ever touched it. Risk score: 94/100. Meanwhile, CI fails because PaymentController directly calls database.Query() — all database access must go through the repository layer. Quantified risk and enforced boundaries.
PR Risk Insights
Composite risk scores (0-100) combining blast radius, hub impact, propagation depth, behavioral severity, churn frequency, bus factor, and co-change anomalies. Git history signals meet graph signals.
Architecture Governance
Define boundary rules: 'no direct DB from controllers', 'UI cannot import infrastructure'. Vokt walks the graph, checks against rules, reports violations with exact line numbers. CI-ready with --fail-on.
Work Allocation Intelligence
Blast radius 47, touches 3 hub functions, crosses auth boundary — senior work. Blast radius 3, no hubs, single module — safe to parallelize. Complexity tiers driven by data, not gut feel.
Developer Productivity
Production is broken in payments. Here's what changed in the last 3 commits that touches the payment module, what downstream effects those changes have, and what error paths exist. Or: 42 functions have database writes but no test file — here are the top 10 by blast radius.
Context, Trace Paths & Incident Triage
Full behavioral context for any function — callers, callees, guards, side effects, error paths. Trace call chains across files. Combine change history with effects propagation for instant incident triage.
Behavioral Drift Detection
Per-field diffs showing exactly which guards, side effects, and error paths changed. Guard removals, contract breaks, silent regressions — caught before they ship. Natural language PR summaries of behavioral changes.
Refactoring Safety & Test Gaps
Rank functions by cost-to-change (blast radius * callers * side effects). Simulate extraction impact before touching code. Find untested functions with database writes — prioritized by blast radius.
Why existing tools aren't enough
Line-level diffs miss behavioral changes
GitHub, GitLab, and Bitbucket show you what lines changed. They can't tell you that a guard was removed from a payment function, or that 30 downstream callers are now affected.
SAST tools find vulnerabilities, not behavioral risk
Static analysis tools flag code patterns. They don't compute cognitive load, blast radius, coupling scores, or change failure risk. They can't tell you which changes need senior engineers.
No tool combines git signals + graph signals + behavioral signals
Vokt is the only tool that computes 20+ metrics from call graphs, AST analysis, behavioral extraction, and git history — and combines them into actionable intelligence at every level of the organization.
Stop shipping behavioral regressions
See what your code actually does. Catch what tests miss. Know the blast radius before you merge.