Code intelligence for AI agents.

Connect your repository, get an instant MCP endpoint, and let your AI understand your codebase with compiler-backed precision.

Get Started FreeRead Documentation
Works withClaude CodeCursorWindsurfClineCodexOpenCode
Pipeline

From repository to queryable graph, in five passes.

Every pass is deterministic and inspectable. No LLM sits in the extraction path — only compilers, parsers, and the well-typed edges they emit.

01

Connect

Point ArchGraph at a repository. GitHub, GitLab, Bitbucket, or Azure — OAuth only, no agents installed.

01 · connect
$ archgraph connect github.com/openfga/openfga
→ resolving remote…
→ 436 files discovered · primary language: Go
queued for extraction
02

Parse

Tree-sitter lifts every file into a syntax tree. Classes, methods, imports, interfaces — nothing is guessed.

02 · parse
commands/check_command.gofile
CheckQuerystruct
Execute(ctx, params)method
NewCheckCommand(datastore, resolver, typesys)function
WithCheckCommandCache(shared, settings)function
import "openfga/storage"import
import "context"import
03

Resolve

Language-native compilers resolve call sites, type references, and cross-module bindings into graph edges.

03 · resolve
POST /checkServer.CheckCheckQuery.ExecuteCheckResolverTupleReader
04

Label

Taint sources, dangerous sinks, and CVE-affected dependencies are annotated on the graph at extraction time.

04 · label
source
request.args.get('user_id')
sink
cursor.execute(query)
  • sql-injection pattern · 2 hops · no sanitizer on path
  • vulnerable transitive dep · reachable from 4 call sites
05

Serve

A secure MCP endpoint ships within seconds. Claude, Cursor, Windsurf, and Cline attach in one line of config.

05 · serve
mcp-config.json
{
  "mcpServers": {
    "archgraph": {
      "url": "https://mcp.archgraph.dev",
      "headers": {
        "Authorization": "Bearer ag_live_••••"
      }
    }
  }
}
Attaches toClaude CodeCursorWindsurfClineCodexOpenCode
Interactive

The exchange your agent makes, made visible.

Pick a tool, hit Run. This is the shape of every request your AI agent will send — and the shape of every response it will receive.

Tool
RequestFind functions, classes, or other symbols matching a rich query.
// search
{
  "tool": "search",
  "args": {
    "query": "type:class AuthService",
    "limit": 5
  }
}
POST /mcp
Responseduration 42 ms
{
  "hits": [
    {
      "id": "class:src/services/auth.ts:AuthService:12",
      "name": "AuthService",
      "type": "class",
      "file": "src/services/auth.ts",
      "line": 12,
      "language": "typescript"
    },
    {
      "id": "class:tests/mocks/auth.ts:MockAuthService:4",
      "name": "MockAuthService",
      "type": "class",
      "file": "tests/mocks/auth.ts",
      "line": 4,
      "language": "typescript"
    }
  ],
  "total": 2
}
Signal vs. noise

Same question. Different answer.

A call graph removes matches that live in comments, docs, strings, old deletions, and test fixtures. What you're left with is code that actually runs.

query:"build"
grep -r
357 matches
  • README.md:34: Build the code graph: `archgraph extract ./my-repo`
  • pyproject.toml:4: [build-system]
  • Dockerfile:5: FROM python:3.11-slim AS build
  • docs/ARCHITECTURE.md:69: The pipeline builds the graph in eleven stages.
  • archgraph/search/orchestrator.py:283: Should be called after GraphBuilder.build() completes.
  • archgraph/enrichment/clustering.py:52: # build community hierarchy via greedy modularity
  • tests/test_builder.py:26: def test_build_extracts_functions():
  • archgraph/graph/builder.py:57: def build(self) -> GraphData:
  • + 349 more matches
349 false positivescomments · docs · fixtures · deleted code
vs
archgraph.call_sites
8 call sites
  • archgraph/api.pyArchGraph.extract
    L172
  • archgraph/cli.pyextract
    L225
  • archgraph/cli.pydiff
    L543
  • archgraph/cli.pyexport
    L983
  • archgraph/workspace.pyWorkspace.extract
    L109
  • archgraph/workspace.pyWorkspace.extract_repo
    L183
  • archgraph/mcp/server.py_handle_extract_sync
    L954
  • archgraph/tool/archgraph_tool.pyArchGraphTool.diff_summary
    L536
verified callers onlycompiler-resolved
3578· 98% filtered at the call-site level
Coverage

16 languages, one graph.

Each language has a dedicated indexer — the compiler toolchain developers already trust — emitting identical graph shape so cross-repo, cross-language queries just work.

Nodes
12.7M
Edges
35.1M
Indexers
8

TypeScript

nodes
2.42M
edges
7.62M
indexerscip-typescript

JavaScript

nodes
1.90M
edges
5.23M
indexerscip-typescript

Python

nodes
1.64M
edges
4.02M
indexerscip-python

Rust

nodes
812K
edges
2.11M
indexerrust-analyzer

Go

nodes
1.13M
edges
2.88M
indexerscip-go

Java

nodes
1.00M
edges
3.11M
indexerscip-java

C#

nodes
737K
edges
2.11M
indexerscip-dotnet

C++

nodes
692K
edges
1.87M
indexerscip-clang

Kotlin

nodes
318K
edges
884K
indexerscip-java

Scala

nodes
264K
edges
692K
indexerscip-java

Swift

nodes
285K
edges
712K
indexertree-sitter

C

nodes
542K
edges
1.40M
indexerscip-clang

Ruby

nodes
412K
edges
1.02M
indexertree-sitter

PHP

nodes
372K
edges
938K
indexertree-sitter

Lua

nodes
86K
edges
193K
indexertree-sitter

Objective-C

nodes
112K
edges
277K
indexertree-sitter
Security

Taint flows, compiled in.

Sources, sanitizers, and sinks are annotated on the graph at extraction time — not at query time. Vulnerabilities appear as labeled subgraphs you can ask questions against.

SQL injection · tainted input reaches execute()subgraph · routes/users.py
Source01
request.args.get('user_id')
routes/users.py:12
Propagator02
user_id = request.args.get(...)
routes/users.py:14
Propagator02
f"SELECT * FROM users WHERE id = {user_id}"
routes/users.py:18
Sink04
cursor.execute(query)
routes/users.py:24
classification
SQL injection · tainted input reaches execute()
hops to sink
3
sanitizer on path
none
reachability
2 callers
Also surfaces
  • CVE reachability
  • Unreachability pruning
  • Mass assignment
  • SQL injection sinks
  • SSRF vectors
  • Open redirects
  • Command injection

Give your agent real context.

Connect a repository in under five minutes. Free tier included. No credit card required.

Start freeView pricing
Free tier·No credit card·5 min setup