Codevira MCP
Integrates with Git to bootstrap project roadmaps from commit history and uses post-commit hooks to automatically trigger reindexing of the codebase.
Provides Google Antigravity agents with access to a persistent context graph and roadmap, ensuring continuity and reducing token overhead in coding tasks.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Codevira MCPShow me the current project roadmap and any pending changesets."
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Codevira also enforces those decisions: in Claude Code, a PreToolUse
hook physically blocks an Edit/Write that would revert a decision you marked
do_not_revert or re-introduce a fixed bug — before the file changes. Other IDEs
read the same decisions as AGENTS.md guidance (advisory, not a hard block —
their edits never route through codevira's hook engine). Local-first, MIT, no
cloud, no vectors, no account. A production pipx install is ~66 MB.
Works with: Claude Code · Claude Desktop · Cursor · Windsurf · Google Antigravity · OpenAI Codex · GitHub Copilot · any MCP-compatible AI tool.
The problem — four pains, every AI project
If you've coded with AI agents on one project for longer than a week, you've felt all four:
Re-explaining your codebase every session. Every new chat starts from zero. You spend the first ten minutes (and thousands of tokens) catching the AI up on your architecture and conventions — then do it again tomorrow.
AI quietly undoing your careful decisions. You debugged a tricky retry policy for three hours last week. Today's session "simplifies" it, because nothing remembered why the complexity existed. Now it's broken again.
Cross-tool amnesia. Plan in Claude Code, autocomplete in Cursor, run tests in Antigravity — three agents, three blind copies of your project state, nothing carried over.
Token budget burned on re-discovery. The agent reads the same dozen files every session before doing any real work. You pay for the same lookups over and over.
Codevira is a persistent memory layer that fixes all four — for every AI tool, on every project, on your local machine.
Related MCP server: Tages
What using it looks like
The payoff is a loop: record once → shared everywhere → enforced later.
1. You (or the AI) record a decision — one MCP call, ~50 tokens.
record_decision(
decision="Use bcrypt for password hashing",
context="md5 considered and rejected — rainbow-table risk. Re-examine only if NIST guidance changes.",
tags=["auth", "security"],
do_not_revert=true,
)
→ D000412 recorded and locked.It lands in <repo>/.codevira/decisions.jsonl — human-readable, git-committed,
visible in git diff. Codevira regenerates a slim AGENTS.md contract from it.
2. Weeks later, a fresh Claude Code session tries to swap bcrypt for md5.
The Edit goes through Claude Code's PreToolUse hook first. Because the diff
touches the locked decision's subject, the hook denies the tool call and
hands the agent the original reasoning:
✗ Edit blocked — decision_lock (do_not_revert)
D000412: "Use bcrypt for password hashing"
context: md5 rejected — rainbow-table risk.
The file was not modified. Surface this to the human and re-decide deliberately.The regression never reaches disk. (An orthogonal edit to the same file — one whose diff doesn't touch the decision's subject — is allowed through and downgraded to a warn. Precision, not paranoia.)
3. You switch to Cursor the next morning — and it already knows.
You never re-explained anything. Cursor reads the same repo AGENTS.md (and,
over MCP, can call search_decisions("auth")) and sees D000412 with its full
context. A decision recorded in one tool is visible to every tool. The hard
block is Claude Code only today; the shared memory is universal.
The honest caveat: only Claude Code's
PreToolUsehook hard-blocks, because only its edits route through codevira's engine. In Cursor / Windsurf / Codex / Copilot the decision is strong advisory context inAGENTS.md, not a physical veto.
Quick Start — three commands
# 1. Install (production install: ~66 MB pipx venv, no ML deps)
pipx install codevira
# 2. Opt this project in (writes .codevira/, AGENTS.md, .gitignore)
cd ~/Projects/my-project
codevira init
# 3. Wire codevira into every AI tool detected on this machine
codevira setupCommit .codevira/ + AGENTS.md + .gitignore so teammates inherit the
memory. Open any IDE — codevira's MCP server is ready.
Opt-in tracking (v3.7.0).
codevira initis the explicit opt-in. Codevira tracks only projects you'veinit-ed; a project you merely open stays inert (its tools return a "runcodevira init" hint and nothing is written), so~/.codevira/projects/never fills with projects you didn't choose. Existing tracked projects are grandfathered — zero migration. SetCODEVIRA_AUTO_ADOPT=1to track every project you open instead.
Verify:
codevira doctor # 18 health checks, ✓/⚠/✗ + a fix command for each
codevira replay # browse the decisions timeline
codevira sync # regenerate AGENTS.md from current decisions.jsonlTry it. In your AI tool, ask: "Use get_session_context to brief me on
this project." You get a ~500-token structured project state in one tool call
instead of the AI re-reading docs.
What you get
One memory across every AI tool. A decision logged in Claude Code is visible to Cursor, Windsurf, Antigravity, Codex, Copilot — all read the same
.codevira/decisions.jsonland generatedAGENTS.mdin your repo. No per-tool re-onboarding, no cloud sync.Enforcement, not just notes (Claude Code). Decisions you mark
do_not_revertget aPreToolUsehook that refuses violating edits, plus an Anti-Regression guard that blocks re-introducing a previously-fixed bug. Every guard ships a per-policy warn/off env kill-switch and a globalCODEVIRA_ENGINE=0. Other IDEs get the same decisions as advisoryAGENTS.md.One-command setup.
pipx install codevira && codevira setupdetects installed AI tools via strong signals (binary on PATH + valid config file) and configures only what's actually installed.--forceoverrides a missed detect.Local-first, no ML. Everything lives in
<repo>/.codevira/*.jsonl(git), with rebuildable caches under~/.codevira/. Decision search is pure keyword/BM25 (SQLite FTS5) — no vectors, no ChromaDB, no sentence-transformers, no torch, nothing phones home. ~1–2 MB of committed memory per project.Frugal by design. Tools return summaries by default; warm tool calls return in a few milliseconds; the server cold-starts in well under a second with no ML model to load.
Concurrent-safe under multi-IDE load. Every write is a crash-safe atomic write behind a Posix
fcntl.flock(Windows sentinel fallback), so two IDEs on one project don't race — verified by thread, subprocess, and adversarial chaos tests. Details in Concurrency & safety.
Latest: v3.7.0 — opt-in tracking, fresh memory (supersede-on-write +
freshness-ranked reads + mark_decision_outdated), shared-repo decision-id
collision repair (repair-ids + a git merge driver), and one user-scope MCP
registration for all your projects. All model-free, all local. See the
CHANGELOG.
How It Works
Codevira is a Model Context Protocol server that runs locally and gives any AI tool a structured, queryable memory of your codebase.
┌─────────────────────────────────────────────────────────────────┐
│ IN THE PROJECT REPO (committed to git) (selected) │
│ │
│ AGENTS.md ≤5 KB slim contract, auto-generated │
│ ↑ │
│ .codevira/ │
│ decisions.jsonl full text + metadata (append-only) │
│ digest.jsonl slim summary for prompt injection │
│ outcomes.jsonl kept/reverted from git observation │
│ manifest.yaml tag→ids, file→ids index (regen) │
│ enforcement.yaml which decisions hard-block │
│ config.yaml project settings │
│ sessions.jsonl session events │
│ roadmap.yaml phase tracking │
│ (also: skills / reflections / preferences / learned rules) │
│ │
│ .codevira-cache/ gitignored, rebuildable │
│ fts5.sqlite FTS5 index over decisions.jsonl │
│ hash-cache.db file change detection │
│ working.jsonl intra-session scratchpad │
│ (the code graph is a per-project SQLite db under ~/.codevira/)│
└─────────────────────────────────────────────────────────────────┘
↑ MCP / hooks ↓
┌─────────────────────────────────────────────────────────────────┐
│ PIPX INSTALL (~66 MB venv, ~/.local/pipx/venvs/codevira) │
│ codevira (CLI + MCP server) │
│ - pure Python; no chromadb / sentence-transformers / torch │
│ - server cold-start well under 1 s; warm tool calls ~2 ms │
└─────────────────────────────────────────────────────────────────┘
↑ stdio MCP ↓
┌─────────────────────────────────────────────────────────────────┐
│ IDE (Claude Code / Cursor / Windsurf / Antigravity / Codex /…) │
│ │
│ UserPromptSubmit → codevira hook → relevance-gated inject │
│ Edit / Write → PreToolUse → block if do_not_revert violated │
│ PostToolUse → Post-Edit Graph Refresh (+ working-mem fanout) │
│ Stop → Token Budget / Session-Log Enforcer │
└─────────────────────────────────────────────────────────────────┘Token-efficient by design
AI context windows are precious. Tools return summaries by default with opt-in full data:
get_node(path)— ~100 tokens by default (counts + flags);full=truefor the full rules array.get_impact(path)— up to 10 affected files;summary_only=truefor just counts (~80 tokens) before you dig deeper.search_decisions(query)/list_decisions()— top 5 truncated matches by default;full=truefor verbatim text,summary_only=truefor one-line summaries, thenexpand(ids=[…])to pull only the few full records you want.
Shrink the tool surface itself. The advertised tools/list is a fixed
per-session cost (~8K tokens for the full 51-tool surface). Set
CODEVIRA_TOOL_PROFILE=lean in the MCP server's env block to advertise only
the 12 daily-driver tools — a ~71% token trim of tools/list. Hidden tools
still work when called explicitly.
MCP tool surface (deep dive)
51 tools are surfaced to AI clients via tools/list (a 52nd, refresh_graph,
is registered but hidden — humans invoke it via codevira sync). All 51 carry
MCP ToolAnnotations
(readOnlyHint / destructiveHint=false / idempotentHint): 29 are read-only
and can run without a confirmation prompt, and no MCP tool is destructive —
the only destructive ops (reset / uninstall) are CLI-only, never exposed over
MCP. Good to know for anyone wiring codevira into an autonomous agent.
The lean 12 (CODEVIRA_TOOL_PROFILE=lean) are deterministic and worth
knowing verbatim, since they're what you keep:
get_session_context · get_impact · get_node · get_roadmap · search_decisions
list_decisions · expand · record_decision · update_phase_status
complete_phase · update_next_action · write_session_logReads — the memory surface
Tool | Description |
| THE "catch me up" call. ~500 tokens: current phase, next action, recent decisions, top tags, last session brief. |
| FTS5/BM25 over |
| Fetch full records for just the ids you care about — the summary-first complement to |
| Paginate / filter: |
| All tags with decision counts. |
| Recent decisions touching a file. |
| Surface duplicate / contradictory decisions BEFORE you write. |
Writes — capturing decisions
Tool | Description |
| Capture a decision. |
| Retire an old decision, link to its replacement, keep the audit trail. |
| v3.7 — retire a decision that's simply no longer true (no successor) so it stops surfacing. Reversible via |
| Re-confirm a soft-expired |
| Toggle |
| Structured session record. |
Roadmap
get_roadmap · get_phase · add_phase · update_phase_status ·
update_next_action · complete_phase · defer_phase · bulk_import_phases.
Code graph
get_node (file metadata) · get_impact (blast radius) · query_graph
(function-level callers/callees/tests/dependents/symbols) · get_signature
(all public symbols) · get_code (source of one symbol) · get_playbook
(curated rules for add_tool / add_service / add_schema / debug_pipeline
/ commit / write_test). Plus the hidden refresh_graph.
Memory subsystems (v3.1.0)
Subsystem | Tools | What it covers |
Working memory (4) |
| Intra-session scratchpad, decay-scored ( |
Skill library (6) |
| Reusable procedures; FTS5 composite ranking (BM25 + tag-Jaccard + recency); auto-archive at 5 consecutive failures or 90 unused days ( |
Spatial (4) |
| Code-as-space: activity heatmap, folder neighborhoods, what task types each area affords. |
Consensus (5) |
| Tracks which IDE wrote each decision so cross-IDE contradictions surface. (Provenance is a cooperative signal — |
Reflections (3) |
| LLM-generated abstractions over recent decisions + sessions via MCP sampling. |
Preferences (2) |
| Session-end distillation of your prompts into durable, user-scoped preferences in |
MCP Workflow Prompt
onboard_session — full project catch-up for new sessions; wraps
get_session_context().
Language support
Feature | Python | TS/JS | Go | Rust | Others |
Decision capture + search | ✓ | ✓ | ✓ | ✓ | ✓ |
Cross-IDE memory via AGENTS.md | ✓ | ✓ | ✓ | ✓ | ✓ |
Roadmap / sessions | ✓ | ✓ | ✓ | ✓ | ✓ |
Code graph + blast radius | ✓ | ✓ | ✓ | ✓ | — |
| ✓ | ✓ | ✓ | ✓ | — |
Decisions / AGENTS.md / roadmap are language-agnostic — they work for any
language. Code-graph and symbol tools cover exactly Python (stdlib ast)
plus TS / TSX / JS / JSX / Go / Rust (bundled tree-sitter grammars — 4 pip
packages, since TSX ships inside the TypeScript grammar). For any other language
the AI Reads the file directly. The legacy 17-grammar [all-languages] pack
was removed in v2.2.0 to keep the install lean.
Enforcement engine (deep dive)
Codevira ships 8 default engine policies ("heroes"), each hooked to Claude
Code lifecycle events: SessionStart, PreToolUse, PostToolUse,
UserPromptSubmit, Stop.
Policy | Event | What it does |
Decision Lock | PreToolUse | Blocks an edit that touches a |
Anti-Regression | PreToolUse | Blocks edits that look like reverts of previously-fixed bugs. Fix-history is scanned from |
Blast-Radius Veto | PreToolUse | Blocks a signature-removing/modifying edit to a high-fan-in file (purely-additive signatures pass since v3.3). Shows the callers. |
Relevance Inject | UserPromptSubmit | Injects ≤3 relevant decisions per prompt; 0 tokens when off-topic. |
Prompt Capture | UserPromptSubmit + Stop | Records sanitized prompts for later preference distillation. |
Session-Log Enforcer | SessionStart + Stop | Nudges (or blocks) a session that shipped commits without a |
Post-Edit Graph Refresh | PostToolUse | Reindexes edited files in the background. |
Token Budget / telemetry | Stop | Records outcome telemetry. |
How verdicts combine. The three edit guards compose into a single verdict — first block wins by priority (Decision Lock 100 > Anti-Regression 80 > Blast-Radius 50). The highest-priority block's message is what you see; the rest are recorded as telemetry.
Fail-open and opt-in. The dispatcher never raises: each policy is wrapped in
try/except and returns allow on failure. CODEVIRA_ENGINE=0 disables all
policies; each edit guard also has a per-policy off|warn|block env override
(CODEVIRA_DECISION_LOCK_MODE, CODEVIRA_ANTI_REGRESSION_MODE,
CODEVIRA_BLAST_RADIUS_MODE). And enforcement is not global across all
Claude Code projects — in any project you never ran codevira init on, the
hooks stay fully inert.
Why "Claude Code only." The hard-block path is Claude Code's real
PreToolUse hook. Edits from Cursor / Windsurf / Codex / Copilot go straight to
the filesystem — they never reach codevira's PreToolUse engine at all — so
those IDEs get the decisions as advisory AGENTS.md context instead.
Concurrency & safety
Every on-disk write goes through mcp_server/storage/atomic.py: a crash-safe
atomic write (mkstemp + fsync + os.replace) behind a Posix fcntl.flock
(with an in-process threading.Lock first, and a Windows O_EXCL sentinel
fallback). Appends to the JSONL logs are line-atomic — concurrent appenders never
interleave bytes. Result: two IDEs hitting the same project don't race on
manifest.yaml / roadmap.yaml / AGENTS.md.
This is exercised by a 50-operation stress over a 10-thread pool, a 20-subprocess
cross-process stress (spawn), and an adversarial chaos harness
(scripts/chaos_smoke.py — 8 scenarios / 29 checks including SIGKILL during a
held lock, symlink traversal, malformed MCP payloads, corrupt-JSONL graceful
degradation, and read-only-directory hostility). See
docs/architecture.md § "Concurrent-write safety".
CLI
~26 user-facing commands; the daily-use ones:
Command | What it does |
| Opt this project in: |
| Detect installed AI tools + write MCP configs + Claude Code hooks |
| 18 health checks (read-only; ✓/⚠/✗ + a fix command each) |
| Index health + project state |
| List tracked projects with staleness; |
| Build / refresh the code-graph cache |
| Regenerate AGENTS.md + manifest + digest from |
| v3.7 — detect/repair cross-engineer decision-id collisions ( |
| Classify past decisions as kept/modified/reverted from git history |
| Browse the decisions timeline (terminal / markdown / HTML) |
| Search decisions from the terminal (FTS5/BM25); |
| Render an interactive, offline HTML viewer of decision memory |
| Back up / restore project memory + global learning across machines |
| Remove orphaned data / destructive cleanup (auto-exports first) |
| Reverse every system write codevira made (preserves user content outside markers) |
| Start the single-project MCP HTTP server (stdio is the daily mode) |
Run codevira <cmd> --help for full flags. Uninstall with codevira uninstall
then pipx uninstall codevira.
Production-stable vs known-limited
Production-stable | Known-limited |
Cross-IDE decision memory via in-repo JSONL | Hard |
| Symbol tools cover Python / TS / JS / Go / Rust; other languages → the AI |
FTS5/BM25 decision search | Real-time multi-machine sync — by design local-first; for team sharing, commit |
Per-project + cross-machine project inventory ( | No web UI — use the |
51 MCP tools + ~26 CLI commands + 8 engine policies | The HTTP server ( |
Concurrent-safe storage (Posix | Windows sentinel fallback is verified in unit tests but not yet load-tested on real Windows |
Anti-Regression on small | Anti-Regression does not yet detect full-file |
Background
Want the full story — why this was built, what didn't work, how it compares to other memory tools? Read How I Built Persistent Memory for AI Coding Agents.
Contributing
Contributions welcome — see CONTRIBUTING.md.
Bug? Open a bug report
Feature? Open a feature request
Security issue? Read SECURITY.md — please don't use public issues for vulnerabilities.
FAQ & Roadmap
Common questions on setup, usage, and troubleshooting: FAQ.md. What's built, what's next, and the long-term vision: ROADMAP.md. Full release history: CHANGELOG.md.
Star History
If Codevira saves you tokens or sanity, a star helps other developers find it.
License
MIT — free to use, modify, and distribute.
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/sachinshelke/codevira'
If you have feedback or need assistance with the MCP directory API, please join our Discord server