Code-Index-MCP

Code-Index-MCP is a local-first code indexing and search MCP server for AI coding assistants. It builds a repository index (SQLite+FTS5) from local source files using tree-sitter-based parsing and supports symbol resolution and lexical search, with optional semantic search via embeddings (e.g., Voyage AI). It can watch the filesystem for updates and optionally sync/publish index baselines via GitHub artifacts. It also provides a FastAPI REST gateway and an MCP interface for assistant integration.

Evaluated Mar 30, 2026 (21d ago)
Repo ↗ Ai Ml mcp code-search indexing tree-sitter local-first sqlite fts5 semantic-search embeddings fastapi code-intelligence devtools
⚙ Agent Friendliness
51
/ 100
Can an agent use this?
🔒 Security
36
/ 100
Is it safe for agents?
⚡ Reliability
32
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
78
Documentation
70
Error Messages
0
Auth Simplicity
55
Rate Limits
10

🔒 Security

TLS Enforcement
40
Auth Strength
25
Scope Granularity
20
Dep. Hygiene
55
Secret Handling
45

Local-first design and index filtering on export are positive security considerations (gitignore/.mcp-index-ignore filtering and 'security-aware export' are described). However, the README does not clearly specify transport security (TLS) for the local FastAPI server, nor the authentication/authorization model for REST/MCP access. Dependencies include passlib/bcrypt and several external libraries; no vulnerability/security posture details are provided here. Secret handling is not fully evidenced (though it suggests using .env variables for keys). The documentation claims filtering of sensitive files on share, but the implementation details and guarantees are not provided in the provided content.

⚡ Reliability

Uptime/SLA
0
Version Stability
45
Breaking Changes
40
Error Recovery
45
AF Security Reliability

Best When

You want a local MCP-connected code search/indexing service for one or more developer workspaces, optionally augmented with embeddings for higher recall, and you can run it via native Python or Docker.

Avoid When

You cannot run a local indexing service (FastAPI/MCP + SQLite/Qdrant) or you require clear, centrally managed authentication/authorization and audit controls for all access paths.

Use Cases

  • Enhance LLM coding assistants with fast code symbol lookup and text/code search over a local repo
  • Cross-language code search and symbol resolution across mixed-language projects
  • Local-first indexing for privacy-sensitive environments (indexes stored locally under .indexes/ / data files)
  • Semantic/hybrid code search when an embedding provider is available
  • Keeping indexes fresh via file watching and optional automated sync/publish of index baselines
  • Preparing security-aware index exports by filtering sensitive/gitignored files

Not For

  • Production deployments that require a managed hosted service/SLA from a third party (this is local-first/self-hosted tooling)
  • Use cases that cannot tolerate local filesystem indexing/processing of source code
  • Environments that require strict data residency/compliance guarantees beyond what the documentation describes (details are not fully evidenced here)
  • Teams that need a formally specified, discoverable OpenAPI/MCP contract for every endpoint/tool beyond the README-level description

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: Local execution (no explicit auth described for MCP itself) External API keys for optional semantic search (e.g., VOYAGE_AI_API_KEY) Optional GitHub auth for artifact sync (implied by gh auth login / GitHub artifacts flow)
OAuth: No Scopes: No

README describes local execution and optional API keys for embeddings; it does not document MCP/REST auth mechanisms (e.g., API keys, OAuth, JWT) for protecting the server endpoints.

Pricing

Model: Embeddings/semantic search may incur provider usag
Free tier: No
Requires CC: No

Code Search, 48 languages, and GitHub sync are described as Free; semantic search incurs embedding/LLM provider costs when enabled.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • If semantic search is enabled, agent workflows must handle missing/invalid embedding API keys and degraded behavior when external embedding/Qdrant services are unavailable.
  • Local-first indexing implies the agent must ensure the working directory/workspace root is correct and that the .mcp.json configuration points to the right command/cwd.
  • Artifact sync/publish flows may require GitHub authentication and can introduce inconsistencies if workspace indexes drift from restored artifacts.

Alternatives

Code search/indexing tools like Sourcegraph (hosted/self-hosted) Open-source semantic code search projects (e.g., Vector-based code search stacks with embeddings) Other MCP server implementations for repo-aware assistants (varies by platform) Standalone code indexing/search engines using ripgrep+BM25 (lexical) and local embeddings (semantic)

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Code-Index-MCP.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered