code-graph-mcp
code-graph-mcp is a Python MCP server that builds and serves a multi-language code graph for code intelligence tasks (navigation/search for symbols, call graphs, dependency graphs, complexity/health metrics) using ast-grep with caching and a file-watcher for incremental updates.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
No authentication/authorization model is documented (appears designed for local use by an MCP host). The server indexes local code and logs/monitoring are mentioned, but the README does not describe logging redaction for secrets or safe handling of sensitive file contents. TLS/rate limiting are not applicable/undocumented for a local MCP server; security posture should be reviewed in the codebase.
⚡ Reliability
Best When
You have a local repository (possibly polyglot) and want an MCP-connected agent to navigate and analyze code structure, dependencies, and complexity efficiently.
Avoid When
You need authenticated multi-tenant remote access, or you cannot grant the MCP process read access to the project files.
Use Cases
- • Codebase exploration across multiple languages (25+)
- • Finding definitions and references for symbols in mixed-language repos
- • Generating caller/callee and dependency/circular dependency graphs
- • Assessing complexity and maintainability / project health
- • Detecting potential code smells (e.g., long functions, duplication patterns)
- • Architecture and refactoring impact analysis via tool workflows
Not For
- • Production deployment without reviewing runtime security and performance characteristics
- • Pure SaaS/API usage without a local/hosted MCP runtime
- • Tasks requiring authoritative semantic understanding beyond static analysis
- • Environments that forbid file system watchers or broad codebase indexing
Interface
Authentication
README describes local MCP host configuration and CLI usage but does not document authentication mechanisms, API keys, or scoped access control.
Pricing
No hosted pricing described; distributed as a Python package (installation via pip/PyPI).
Agent Metadata
Known Gotchas
- ⚠ Server may re-analyze on file changes; repeated calls during active edits could trigger incremental indexing and higher latency.
- ⚠ Very large repositories may be expensive (tools labeled as expensive/moderate); agents should prefer the 'Fast' tools first.
- ⚠ ast-grep and caching assumptions may require sufficient CPU/RAM; environment misconfiguration (missing deps) will prevent proper graph building.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for code-graph-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.