codeTree
codetree is an MCP server that provides structured code understanding for coding agents using tree-sitter. It exposes 23 tools to extract file skeletons/symbols, inspect relationships (call graphs, references, blast radius), perform code quality analyses (complexity, dead code, clone detection), and support navigation/search and repo/graph queries (dependency graphs, change impact, dataflow/taint tracing, git history).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Runs as a local MCP server over stdio; the README does not describe authentication, authorization, or transport security controls. It indexes local project files and caches to disk (.codetree/index.json, graph.db), so confidentiality depends on local environment protections. No explicit guidance is provided on avoiding logging of sensitive code contents or paths. Dependency hygiene is unknown; tree-sitter and fastmcp are third-party libraries.
⚡ Reliability
Best When
You want a stateless, agent-friendly way to query code structure and relationships across multiple languages with minimal token usage.
Avoid When
You cannot allow local code indexing/SQLite caching, or you require strong guarantees about analysis correctness for complex semantic behaviors (e.g., advanced interprocedural effects) without further validation.
Use Cases
- • Help an AI coding agent understand a repository without reading entire files
- • Locate and retrieve specific symbols (classes/functions) and their source
- • Generate/inspect call graphs and reference relationships for impact analysis
- • Find dead code, duplicates/clones, and compute complexity hotspots
- • Support onboarding and documentation by finding undocumented functions
- • Perform lightweight static analysis workflows via an agent-friendly interface
Not For
- • Replacing a full compiler/toolchain type-checking and runtime testing
- • Security-critical vulnerability auditing (unless backed by robust, validated analysis and review)
- • Environments where running an indexing server over a large codebase is not acceptable
- • Use as a hosted SaaS API where strict uptime/SLA guarantees are required
Interface
Authentication
The README describes running an MCP server locally via `claude mcp add ...` and `uvx ... codetree --root .` with no mention of authentication or access control.
Pricing
Self-hosted/open-source tool; no hosting pricing described.
Agent Metadata
Known Gotchas
- ⚠ Indexing and graph persistence may require filesystem permissions and can take time on first run
- ⚠ If large repos are used, batch tools should be preferred to reduce repeated queries
- ⚠ Some analyses (e.g., dataflow/taint) may be approximate depending on language support and parser limitations
- ⚠ Tools that fetch full skeletons/symbols could still be token-heavy if used without the provided compact formats
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for codeTree.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.