Refract
This server exposes your codebase for AI agents to analyze, navigate, and understand code repositories with compressed, token-efficient responses.
index_repo: Walk a Python/JavaScript/TypeScript repo (up to 3 levels deep) and return a full structural index of every function, class, import, and dependency — skipping noise like__pycache__,.git,venv, andnode_modules.get_compressed: Compress a single source file (Python or JS/TS) by stripping function bodies and retaining only signatures and dependency contracts, returning token stats (before, after, and reduction percentage).expand: Retrieve the full verbatim source of specific functions or classes from a.pyfile, along with their compressed dependency context.blast_radius: Perform reverse-call-graph impact analysis on a Python function to find every function transitively affected if that function changes — returns direct callers, all impacted functions, a count, and a risk level (LOW / MEDIUM / HIGH).security_surface: Scan a Python repo using pure AST analysis to identify dangerous calls (HIGH risk:subprocess,eval,exec,pickle, etc.; MEDIUM risk:requests,httpx,socket, write-modeopen, etc.) and detect potential hardcoded secrets (API keys, tokens, passwords), returning a categorized risk report.
Provides compressed MCP proxy access to GitHub tools, reducing token usage for operations like repository management, issues, and pull requests.
Provides compressed MCP proxy access to Gmail tools, reducing token usage for email operations.
Provides compressed MCP proxy access to Google Calendar tools, reducing token usage for calendar management.
Provides compressed MCP proxy access to Slack tools, reducing token usage for messaging and channel management.
Refract
Cuts up to 98% of the tokens your AI agents spend using MCP tools — without losing anything.
What it actually changes
Server | Tools | Before | After | Reduction |
filesystem (Anthropic) | 14 | 1,892 tok | 236 tok | −88% |
sequential-thinking | 1 | 926 tok | 20 tok | −98% |
Google Calendar | 5 | 5,010 tok | 660 tok | −87% |
Enterprise (Cal + Gmail + Drive) | 12 | 8,649 tok | 882 tok | −90% |
sample_app.js (JavaScript) | — | 799 tok | 284 tok | −64.5% |
sample_app.ts (TypeScript) | — | 378 tok | 266 tok | −29.6% |
ast_extractor.py (Python) | — | 3,633 tok | 890 tok | −75.5% |
Fewer tokens sent = lower API bills, faster responses. And nothing is lost. Every check confirmed tools stay 100% usable after compression.
Reproduce these numbers yourself — every input is a static fixture in the repo, tokens counted with tiktoken cl100k_base:
python benchmarks/run_benchmark.py # the table above
python benchmarks/run_benchmark.py --json # machine-readable
python benchmarks/run_benchmark.py --fixture path/to/your_schemas.jsonRelated MCP server: Bifrost-MCP Gateway
Install
One-liner (macOS / Linux) — installs the package and configures Claude Desktop:
curl -sSL https://raw.githubusercontent.com/LoudiliMed/Refract/main/install-refract.sh | shPiping a script from the internet into your shell deserves a quick look first: inspect install-refract.sh on GitHub. It never uses sudo.
Or with pip directly:
pip install refract-mcpOptional extras:
pip install refract-mcp[semantic] # semantic tool routing with embeddings
pip install refract-mcp[multilang] # JavaScript, TypeScript, JSX, TSX supportTwo modes
Mode 1 — MCP Proxy
Sits between your agent and any MCP server. Compresses tool schemas on the fly so your agent does not load the full catalogue on every request.
Local subprocess (stdio):
refract-proxy --target "npx @modelcontextprotocol/server-filesystem /tmp" --verboseRemote HTTP/SSE server:
# --url implies SSE transport (explicit, recommended for remote endpoints)
refract-proxy --url https://my-mcp-server.com/sse
# or with --transport flag (auto-detection can be overridden)
refract-proxy --target https://my-mcp-server.com/sse --transport sseProxy flags:
Flag | Default | Description |
| required | MCP target: stdio command, HTTP URL, or JSON file |
| — | Alias for |
| — | Remote SSE/HTTP endpoint — implies |
| auto | Force transport to the target: |
| 30 | Connection timeout for SSE targets (retries 3×) |
| stdio | How the proxy serves your agent |
| 8080 | Proxy listen port in |
| off | Print token counts per request |
| WARNING | DEBUG / INFO / WARNING / ERROR |
Add it to Claude Desktop:
{
"mcpServers": {
"my-server-via-refract": {
"command": "/path/to/refract-proxy",
"args": [
"--target",
"npx @modelcontextprotocol/server-filesystem /path/to/folder",
"--verbose"
]
}
}
}For a remote MCP server (SSE):
{
"mcpServers": {
"remote-via-refract": {
"command": "/path/to/refract-proxy",
"args": ["--url", "https://my-mcp-server.com/sse"]
}
}
}refract-wrap-all — wrap every server at once
Instead of editing entries one by one (or running refract-install per server), refract-wrap-all rewrites all stdio servers in claude_desktop_config.json to go through refract-proxy in a single command:
# Preview what would change — writes nothing
refract-wrap-all --dry-run
# Wrap every stdio server not already going through refract
refract-wrap-all
# Restore the original commands
refract-wrap-all --unwrapExample: this entry
{
"mcpServers": {
"filesystem": {
"command": "npx",
"args": ["@modelcontextprotocol/server-filesystem", "/tmp"],
"env": {"MY_VAR": "1"}
}
}
}becomes
{
"mcpServers": {
"filesystem": {
"command": "/path/to/refract-proxy",
"args": ["--stdio-cmd", "npx @modelcontextprotocol/server-filesystem /tmp"],
"env": {"MY_VAR": "1"}
}
}
}Guarantees:
A backup of the config is taken before every write (
claude_desktop_config.json.bak, then.bak2,.bak3… — an existing backup is never overwritten).env,cwdand any other server fields are preserved.Servers already going through
refract-proxyorrefract-serverare skipped (already wrapped).Remote SSE/HTTP servers (
urlentries) are skipped — only stdio servers are wrapped.--unwrapis an exact round-trip: wrap then unwrap restores every original command, args and fields.
Transports supported by refract-proxy
Flag | Value | Description |
| Streamable HTTP | Current standard (MCP spec 2025-03-26). Use with remote MCP servers. |
| SSE | Legacy transport, kept for compatibility. Use if the server does not support Streamable HTTP. |
| stdio subprocess | Local command (default when |
(omit) | auto-detect | Inferred from |
Both sse and http require an HTTP(S) URL in --target.
# Connect to a remote MCP server via Streamable HTTP (recommended)
refract-proxy --target "https://my-mcp-server.com/mcp" --transport http
# Connect via SSE (legacy)
refract-proxy --target "https://my-mcp-server.com/sse" --transport sse
# Local subprocess (auto-detected, --transport stdio optional)
refract-proxy --target "npx @modelcontextprotocol/server-filesystem /tmp"Mode 2 — MCP Server
Exposes your codebase as an MCP server. Your agent can index a repo, get compressed file context, expand specific functions, analyze impact, detect breaking changes, and map security risks.
refract-server --root /path/to/your/repoAdd it to Claude Desktop:
{
"mcpServers": {
"refract-code": {
"command": "/path/to/refract-server",
"args": ["--root", "/path/to/your/repo"]
}
}
}How it works, no jargon
Imagine a library with 50 books.
Without Refract: your agent gets a detailed summary of all 50 books on every question, even if the answer only needs one of them.
With Refract: your agent first gets a list of titles (the index). Once it knows which book it needs, it only receives that book's content.
Technically:
The index (always sent): just tool names and a short description of each.
The detail (sent only when needed): the full description of the tool actually used, everything required to use it correctly, nothing more.
The verification: after every compression, Refract automatically checks that nothing important was removed. If there is any doubt, it sends the full version instead of taking a risk.
No AI model is involved in this process. It is fully automatic, fast, and deterministic.
MCP Proxy tools
Tool | What it does |
Compression | Compresses tool schemas on the fly, up to 98% reduction |
Signal check | Verifies callable contract after every compression |
Semantic routing | Identifies the right tool using embeddings (opt-in) |
Prompt caching | Injects Anthropic cache_control for repeated requests |
MCP Server tools
Tool | Input | Output |
index_repo | repo path | aggregated index of all Python, JS, TS files |
get_compressed | file path | compressed structure + token stats |
expand | file path + function names | verbatim source + dependency context |
blast_radius | file path + function name | all functions that break if target changes |
semantic_diff | file path + old source + new source | breaking changes vs body-only changes |
semantic_diff_branches | repo path + file + function + base/head git refs | semantic_diff of one function between two branches/commits |
security_surface | repo path | map of dangerous calls (subprocess, eval, pickle, requests) |
Repository health check
refract-status --root /path/to/repo
refract-status --root /path/to/repo --jsonFlag | Description |
| Path to analyse (default: current directory) |
| Machine-readable output |
Shows: files per language, raw vs compressed tokens, functions/classes indexed, dangerous calls by category, languages without tree-sitter support.
blast_radius
Ask Claude which functions break if you change a target function.
Example result:
{
"target": "authenticate",
"direct_callers": ["login_user"],
"all_impacted": ["login_user", "verify_session", "admin_access"],
"impacted_count": 3,
"risk_level": "MEDIUM"
}Risk levels: LOW (0 to 2 impacted), MEDIUM (3 to 5), HIGH (6 or more).
semantic_diff
Detects breaking API changes by comparing function interfaces, not bodies. Use it as a CI gate.
Example result:
{
"breaking": ["authenticate"],
"body_only": ["logout"],
"added": ["new_function"],
"removed": [],
"unchanged": ["hash_password"],
"is_breaking": true
}If is_breaking is true, the PR changes the public API and must be reviewed.
security_surface
Maps every function that calls dangerous primitives across your repo.
HIGH risk: subprocess, os.system, eval, exec, pickle, ctypes
MEDIUM risk: open (write mode), socket, requests, httpx, urllib
Example result:
{
"high_risk": [
{
"file": "src/llm_client.py",
"function": "run_command",
"calls": ["subprocess.run"]
}
],
"summary": {
"high_risk_count": 1,
"medium_risk_count": 3,
"total_functions_scanned": 87,
"clean_files": 8
}
}Languages supported
Python (via ast module), JavaScript, TypeScript, JSX, TSX (via tree-sitter, opt-in with pip install refract-mcp[multilang]).
Language is auto-detected from file extension. Graceful fallback if tree-sitter is not installed.
Built-in Anthropic caching
Refract integrates with Anthropic prompt caching. as_anthropic_tools() automatically marks the compressed catalogue as cacheable, cutting costs further on repeated requests.
Example over 30 days, 100 requests per day, 5,000 tokens of schemas:
Scenario | Cost |
Without Refract, without cache | $45.00 |
With Refract + cache | $1.49 |
Troubleshooting
"Failed to spawn process: No such file or directory" in Claude Desktop
Claude Desktop cannot find refract-proxy in its PATH. Find the absolute path and use it directly:
which refract-proxyThen use the full path in claude_desktop_config.json:
{
"mcpServers": {
"my-tool-via-refract": {
"command": "/full/path/to/refract-proxy",
"args": [
"--target",
"npx @modelcontextprotocol/server-filesystem /path/to/folder"
]
}
}
}Works with
Claude Desktop, Cursor, any client that follows the MCP standard, any existing MCP server.
License
MIT — free to use, including commercially.
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/LoudiliMed/Refract'
If you have feedback or need assistance with the MCP directory API, please join our Discord server