nomik
Nomik scans a codebase and builds a persistent knowledge graph in Neo4j, then exposes code/navigation/impact and documentation capabilities to AI assistants via MCP tools (plus a local CLI and optional REST dashboard).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security/auth details for the MCP server/REST dashboard are not specified in the provided README. The project mentions tracking secrets and env vars as data in the graph (i.e., it may ingest sensitive values unless the implementation redacts), which increases the importance of securing storage and restricting tool access. Neo4j is used locally via Docker; TLS enforcement for any REST endpoint is not stated. Dependency hygiene and CVE status are not provided in the supplied content.
⚡ Reliability
Best When
You want a local, persistent, graph-backed “code intelligence” layer that an MCP-capable agent can query repeatedly without re-supplying large prompt contexts.
Avoid When
You cannot run Docker/Neo4j locally, or you need a fully standardized API with OpenAPI/SDKs rather than MCP tool calls.
Use Cases
- • AI-assisted code navigation (symbols, relationships, context)
- • Impact analysis for refactors (call chains, downstream effects, DB reads/writes)
- • Architecture understanding and drift detection between scans/commits
- • Quality gating (dead code, god files, duplicates) and rule-based architecture checks
- • Automated documentation/wiki generation from the code graph
- • Dependency vulnerability auditing with blast radius
Not For
- • A managed hosted SaaS that requires no local setup
- • High-security environments that forbid local graph databases/Neo4j deployments
- • Use cases needing a strictly HTTP/SDK-only integration (primary interface is MCP/CLI)
- • Environments where scanning entire repos is unacceptable for performance/privacy reasons
Interface
Authentication
No authentication mechanism, tokens, or scope model is described in the provided README content for the MCP server or REST dashboard. Role-based access is mentioned via NOMIK_ROLE, but this appears to filter available tools rather than provide security boundaries.
Pricing
Licensing is Functional Source License (FSL) v1.1 with later transition to Apache 2.0 after 2 years (as stated).
Agent Metadata
Known Gotchas
- ⚠ Requires an initial scan to populate the Neo4j knowledge graph before query tools will return useful results.
- ⚠ Role-scoped tool filtering via NOMIK_ROLE may hide tools/prompts expected by an agent; ensure the role matches the agent’s needs.
- ⚠ Incremental/watch modes may change graph state during use, so repeated calls could see updated results if files change.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for nomik.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.