codebase-memory-mcp
Extracts declared package and dependency nodes from PHP Composer manifests and lockfiles.
Extracts declared package and dependency nodes from Dart pubspec manifests and lockfiles.
Indexes Dockerfile stages, images, and container images into the code graph.
Extracts declared package and dependency nodes from Elixir Mix manifests and lockfiles.
Provides git-aware auto-syncing of indexed repositories, git-history hotspot analysis, and git-change impact detection.
Integrates with GitHub Codex for agent setup and supports GitHub security features, enabling repository indexing and dependency analysis.
Extracts declared package and dependency nodes from Gradle build scripts and lockfiles.
Extracts GraphQL operations and type definitions from source code for schema-aware analysis.
Indexes Kubernetes resources, container images, and Kustomize overlays with relationship edges.
Extracts declared package and dependency nodes from npm manifests and lockfiles for dependency graph analysis.
Extracts declared package and dependency nodes from Ruby Gemfile manifests and lockfiles.
Detects Socket.IO-style event channels and creates EMITS and LISTENS_ON edges in the code graph.
Extracts tRPC procedure definitions and call patterns for router and procedure analysis.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@codebase-memory-mcpsearch for 'config' in the codebase"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
RepoLens MCP
Local-first repository intelligence for AI coding agents. Index a repo into SQLite, expose architecture-aware MCP tools, and inspect code relationships in a browser dashboard.
RepoLens MCP is an original TypeScript implementation built around fast local verification, readable internals, and reviewable engineering evidence. It focuses on the workflows engineers actually need during AI-assisted development: finding code, tracing symbols, checking impact, and preserving architecture decisions.
Core Capabilities
MCP-native workflow: 38 tools grouped around indexing, code search, graph search, tracing, impact analysis, project inventory, fleet views, report generation, and ADR memory.
Code graph extraction: captures symbols, routes, imports, package manifests, lockfiles, infrastructure files, protocol surfaces, event channels, typed relationships, conservative data flow, runtime traces, and HTTP route-call links.
Local verification loop: repeatable full/incremental benchmarks, package-boundary checks, release gates, graph packages, dashboard/report artifacts, and security-summary commands keep validation inspectable.
Agent-ready setup:
doctorinspects the local Codex MCP configuration,install-codexcan add a managed MCP block with dry-run and force safeguards,uninstall-codexremoves only managed RepoLens config,agent-hookprovides executable non-blocking broad-search reminders, andagent-setup/install-agentsgenerate reviewable guidance plus opt-in hook/reminder files for Codex, Claude, Gemini, Zed, OpenCode, Antigravity, Aider, KiloCode, VS Code, OpenClaw, and Kiro, including a managed local Claude PreToolUse hook config.Local-first SQLite memory: all indexed data stays in
.repolens/memory.db.Project catalog and cross-repo graphing:
list-projects,project-status,fleet-summary,fleet-graph, anddelete-projecttrack indexed repositories, aggregate languages/routes/HTTP calls/dependencies, and produce a catalog-wide graph with shared dependencies, route overlaps, inferred consumer/provider service links, and shareable HTML/JSON artifacts throughfleet-graph --out.Incremental refreshes: skip unchanged files, prune removed files, preserve the existing graph when a repo has not changed, optionally refresh on MCP startup with
REPOLENS_AUTO_INDEX, and keep long-running MCP sessions fresh with git-awareREPOLENS_AUTO_SYNC.Persistent local config:
config set auto-index incrementalandconfig set auto-sync truestore defaults for MCP startup indexing, live-session syncing, root, database path, max file size, max file count, labels, graph-package bootstrap, and diagnostics output without requiring shell env vars.Watch mode: keep an indexed graph fresh during active coding with polling-based incremental refreshes, optionally skipping unchanged git polls with
--git-aware.Operational diagnostics: opt into JSONL lifecycle events for index, benchmark, watch, MCP startup auto-index, and auto-sync runs with
--diagnostics,REPOLENS_DIAGNOSTICS, or persistentdiagnostics-path.Portable graph and report artifacts: export self-contained interactive HTML graph explorers, architecture reports, and compressed
.rlgzgraph packages from the CLI; first index can bootstrap a missing database from.repolens/graph.rlgz.Operational dashboard: browse an interactive graph explorer with filtering, hover/click node inspection, legend, pause, and fit controls, plus structural filters, references, semantic/vector search, schema counts, relationship patterns, label property hints, fleet service links, dead-code candidates, review signals, and report links without a frontend build.
Graph communities: detects functional modules from weighted relationships, not just folder names.
Code-aware search ranking: uses SQLite FTS5 BM25 ranking with indexed camelCase and snake_case term expansion, so
create ordercan findcreateOrderwithout scanning files.Reference lookup: finds exact indexed identifier references and labels definition lines for language-server-style navigation without requiring an external LSP process.
Type relationship graph: adds
INHERITS,IMPLEMENTS, andUSES_TYPEedges from class/interface/protocol declarations and typed signatures for safer impact analysis.Configuration links: extracts config keys from repo-local config files and links config keys, dependency declarations, and referenced config files back to code with
CONFIGURESedges.Receiver-aware call graph: resolves TypeScript/JavaScript calls such as
repo.save()to the method on the inferred constructed class, avoiding ambiguous same-name method edges.Local semantic and vector search: adds dependency-free
SIMILAR_TOandSEMANTICALLY_RELATEDedges, concept search, and persisted local vector embeddings over names, paths, signatures, metadata, and symbol bodies.Context packs for agents: one query can return semantic matches, vector matches, graph matches, BM25 code hits, snippets, and nearby edges for focused development context.
Redacted secret scan: review high-confidence token shapes, sensitive assignments, and environment references from indexed source/config lines without returning raw secret values.
Resolved import graph: creates
IMPORTS_FILEedges for relative imports, file-like includes/requires, dotted or backslash namespaces, workspace package names, source-root imports, andtsconfig/jsconfigpath aliases.Route-call edges: stores literal HTTP requests as
http_callnodes, connects callers withCALLS_HTTP_ENDPOINT, and links matching in-repo routes withHTTP_CALLS.Runtime trace ingestion: imports observed HTTP, event, or symbol traces as
OBSERVED_*graph edges with counts and timestamps.Channel/event edges: detects EventEmitter, Socket.IO-style, DOM custom event, Python decorator/call, and Swift
NotificationCenterchannels withEMITSandLISTENS_ONedges.Protocol surfaces: extracts GraphQL operations/types, gRPC services/RPC routes from protobuf, OpenAPI routes, and common tRPC procedures/calls.
Manifest and lockfile dependency graph: extracts declared package/dependency nodes from npm, Composer, Python, Go, Cargo, Maven, Gradle, Dart, Elixir, Ruby, and
requirements.txtmanifests, plus pinnedlockfileandlocked_dependencynodes from common package-manager locks.Infrastructure graph nodes: indexes Dockerfile stages/images, Kubernetes resources, container images, and Kustomize overlays with
DECLARES,CONFIGURES, andIMPORTSedges.Architecture recommendations: turns structural hotspots, git-history churn, import-resolved dependency cycles, dead-code candidates, and review signals into concrete next steps.
Wide practical coverage: TypeScript, JavaScript, Python, Go, Java, Rust, Swift, C/C++, C#, Kotlin, PHP, Ruby, Elixir, Dart, Terraform/HCL, QML, Apex, SQL, YAML, Markdown, JSON, and shell-oriented project files.
Project-specific language overrides: map framework or template extensions in
.repolens.json, such as treating.astroor.viewfiles as TypeScript for indexing.Validation evidence: tests, CI, CodeQL, OpenSSF Scorecard, CycloneDX SBOM generation, GitHub build-provenance attestations, docs, local dashboard smoke checks, and a documented local big-repo validation run.
Architecture decisions built in: persist ADR-style decisions next to the code graph.
No frontend build required: the dashboard is served by the CLI.
Related MCP server: agentmako
Security And Quality
Protected mainline:
mainrequires PR review, CODEOWNERS review, fresh branch checks, resolved conversations, linear history,verify, and CodeQLAnalyze; force pushes and branch deletion are blocked.GitHub security coverage: CodeQL, OpenSSF Scorecard, Dependabot security updates, secret scanning with push protection, private vulnerability reporting, pinned workflow actions, least-privilege workflow tokens, and a release gate that blocks publishing when actionable CodeQL, Dependabot, or secret-scanning alerts are open or alert APIs are unavailable.
Property-based fuzzing:
fast-checkfuzzes import resolver traversal boundaries, safe alias/source-root/workspace-package resolution, and MCP JSON-RPC tool-call validation intests/security-fixes.test.tsandtests/mcp-server.test.ts.Release integrity: npm provenance, GitHub build-provenance attestations, CycloneDX SBOM generation, lockfile dependency graphing, clean builds, dry-run package validation, and a package contents gate that blocks local graph artifacts and stale compiled output from being published.
Agent-readable docs:
llms.txtanddocs/agent-guide.mdgive coding agents a concise operating guide, data-boundary rules, and validation commands.
Quick Start
npm install
npm run build
node --experimental-sqlite dist/src/cli.js index .
node --experimental-sqlite dist/src/cli.js architecture
node --experimental-sqlite dist/src/cli.js serveThen open http://127.0.0.1:9749.
The dashboard includes an interactive graph explorer, code search, reference lookup, semantic/vector search, graph search, graph schema tables with relationship patterns and label property hints, fleet service links, hotspot and boundary summaries, git-history signals, dead-code candidates, and one-click Markdown/HTML architecture reports.
From a local clone, the installer runs the same build and Codex checks:
./install.sh --install-codex --dry-run
./install.sh --install-codex
./install.sh --install-agents --dry-run
./install.sh --install-agents --with-hooks --dry-run
./install.sh --uninstall-agents --dry-runWindows PowerShell uses the same installer flow:
.\install.ps1 -InstallCodex -DryRun
.\install.ps1 -InstallCodex
.\install.ps1 -InstallAgents -DryRun
.\install.ps1 -InstallAgents -WithHooks -DryRun
.\install.ps1 -UninstallAgents -DryRunProject-specific language suffixes can be mapped in .repolens.json without changing RepoLens source:
{
"languages": {
".astro": "typescript",
".view": "typescript",
"*.blade.php": "php"
}
}CLI
repolens-mcp index [repo] [--db path] [--max-file-bytes n] [--max-files n] [--incremental] [--label name] [--write-package [graph.rlgz]] [--diagnostics [path|true|off]]
repolens-mcp index [repo] [--bootstrap-package .repolens/graph.rlgz] [--no-bootstrap]
repolens-mcp version [--check] [--registry url]
repolens-mcp update-check [--registry url]
repolens-mcp benchmark [repo] [--db path] [--max-file-bytes n] [--max-files n] [--no-secret-scan] [--diagnostics [path|true|off]]
repolens-mcp list-projects [--limit n]
repolens-mcp project-status [root-or-db-or-label]
repolens-mcp delete-project <root-or-db-or-label> [--delete-db]
repolens-mcp fleet-summary [--limit n]
repolens-mcp fleet-graph [--limit n] [--max-nodes n] [--max-edges n] [--out fleet.html|fleet.json]
repolens-mcp config list|get|set|reset|path [key] [value]
repolens-mcp architecture [--db path]
repolens-mcp search <query> [--db path]
repolens-mcp scan-secrets [--db path] [--limit n] [--min-confidence low|medium|high] [--include-tests]
repolens-mcp symbols <query> [--kind function]
repolens-mcp snippet <symbol-or-path:line> [--context n]
repolens-mcp references <symbol> [--db path] [--limit n]
repolens-mcp trace <symbol> [--direction inbound|outbound|both] [--mode all|calls|data_flow|cross_service] [--parameter name]
repolens-mcp impact <path-or-symbol...>
repolens-mcp schema [--db path]
repolens-mcp communities [--db path] [--limit n] [--min-size n]
repolens-mcp watch [repo] [--db path] [--interval-ms n] [--git-aware] [--diagnostics [path|true|off]]
repolens-mcp search-graph [query] [--kind function] [--relationship CALLS] [--min-degree n]
repolens-mcp semantic "live session repository" [--limit n]
repolens-mcp vector "live session repository" [--limit n]
repolens-mcp context-pack "create order" [--limit n] [--context n]
repolens-mcp query-graph "MATCH (a)-[:CALLS]->(b) RETURN a.name,b.name LIMIT 5"
repolens-mcp dead-code [--db path]
repolens-mcp cycles [--db path] [--limit n]
repolens-mcp ingest-traces traces.json [--db path]
repolens-mcp changes [repo] [--db path]
repolens-mcp report [--db path] [--format markdown|html] [--graph-limit n] [--out report.html]
repolens-mcp export-graph --out graph.html [--db path]
repolens-mcp pack-graph --out graph.rlgz [--db path] [--label name]
repolens-mcp unpack-graph graph.rlgz [--db path] [--overwrite]
repolens-mcp doctor [--config ~/.codex/config.toml] [--name repolens]
repolens-mcp install-codex [--db .repolens/memory.db] [--dry-run] [--force]
repolens-mcp uninstall-codex [--dry-run]
repolens-mcp agent-setup [--target .] [--agents all|codex,claude,gemini,zed,opencode,antigravity,aider,kilocode,vscode,openclaw,kiro] [--db .repolens/memory.db] [--with-hooks]
repolens-mcp install-agents [--target .] [--agents all|codex,claude,gemini,zed,opencode,antigravity,aider,kilocode,vscode,openclaw,kiro] [--dry-run] [--with-hooks]
repolens-mcp uninstall-agents [--target .] [--agents all|codex,claude,gemini,zed,opencode,antigravity,aider,kilocode,vscode,openclaw,kiro] [--dry-run] [--with-hooks]
repolens-mcp agent-hook|hook-augment [--db .repolens/memory.db] [--name repolens] [--json|--claude] [--with-query]
repolens-mcp decision --title "Use SQLite" --body "Keep memory local."
repolens-mcp decision-update 1 --status accepted --tags sqlite,privacy
repolens-mcp decision-delete 1
repolens-mcp serve [--db path] [--port 9749]
repolens-mcp mcpMCP Tools
Tool | Purpose |
| Build or refresh the local SQLite memory, optionally bootstrapping from a |
| Report installed package and Node versions, plus optional npm latest-version/update guidance. |
| Run full and no-op incremental indexing, graph totals, throughput, and optional redacted secret-scan summary for repeatable performance evidence. |
| Create a compressed, checksummed |
| Import a compressed |
| Read or update persistent RepoLens defaults for startup auto-indexing and graph paths. |
| List repositories indexed through RepoLens on this machine. |
| Return the latest indexed status for a root, database path, label, or project folder name. |
| Remove a project from the local catalog, with optional safe |
| Aggregate indexed projects by language, package, dependency, route, HTTP call, route overlap, and inferred service link. |
| Return a catalog-wide graph of indexed repositories, shared dependencies, overlapping routes, and inferred cross-repo HTTP caller/provider edges. |
| Render or write project-local RepoLens MCP setup guidance for supported coding agents. |
| Search indexed source lines with BM25 ranking and code-aware token expansion. |
| Scan indexed source/config lines for redacted secret, token, credential, and sensitive environment patterns. |
| Search functions, classes, routes, resources, headings, and package nodes. |
| Return source lines around a symbol, qualified name, file path, or |
| Find indexed definition and reference lines for a symbol or identifier. |
| Return language mix, hotspots, git-history churn, entrypoints, packages, and risk markers. |
| Trace inbound, outbound, or bidirectional paths around a symbol; modes include calls, data flow, cross-service HTTP/event edges, and unfiltered graph traversal. |
| Find adjacent symbols for changed files or symbols. |
| Return node labels, edge types, relationship patterns, label properties, language coverage, and totals. |
| Detect weighted graph communities with representative symbols, cohesion, and boundary counts. |
| Search structurally by query, kind, regex, relationship, file scope, or degree. |
| Search symbols by local semantic token overlap across names, paths, signatures, and bodies. |
| Search symbols with deterministic local vector embeddings over names, paths, signatures, metadata, and bodies. |
| Return semantic matches, vector matches, graph matches, code hits, snippets, and nearby edges for one query. |
| Run a read-only Cypher-like query over symbols and one-hop edges. |
| Find non-exported functions and methods with no inbound call edges. |
| Find import-resolved dependency cycles between architecture clusters. |
| Add observed runtime HTTP, event, or symbol edges as |
| Map uncommitted git changes to indexed graph impact with per-file blast radius, relationship counts, and risk reasons. |
| Generate a markdown or HTML architecture report with graph, hotspot, history, risk, and recommendation sections. |
| Persist an ADR-style architecture decision. |
| Retrieve saved decisions. |
| Update an existing architecture decision without rewriting unspecified fields. |
| Delete an architecture decision by id. |
| Export compact graph data for dashboards or reviews. |
Supported Extraction
The extractor is intentionally compact and extensible:
TypeScript and JavaScript: classes, interfaces, types, functions, const functions, imports, resolved local import edges, Express-style routes, and Next.js App Router
app/api/**/route.tshandlers.Receiver-aware TypeScript/JavaScript call edges: method symbols are attached to parent classes, and constructor-assigned receivers such as
const repo = new MemoryOrderRepository()resolverepo.save()to the matching class method instead of every method namedsave.Conservative data-flow edges: maps meaningful call arguments to target parameters when the callee can be resolved without ambiguous duplicate names, and prunes stale
DATA_FLOWSedges during incremental refreshes.Trace modes:
trace_pathcan focus on call paths, value propagation throughDATA_FLOWS, cross-service HTTP/event paths, or all nearby edges.HTTP call linking: literal
fetch, Axios, and Nodehttpcalls becomehttp_callnodes withCALLS_HTTP_ENDPOINT; matching route nodes also receiveHTTP_CALLS.GraphQL, gRPC, and OpenAPI:
.graphql,.gql,.proto, OpenAPI JSON, and OpenAPI YAML files produce protocol nodes; protobufrpcmethods become route nodes using/Service/Methodpaths, and OpenAPI{id}path params normalize to:id.tRPC: common procedure declarations and client calls become
trpc_procedureandtrpc_callnodes.Channel/event linking: EventEmitter/Socket.IO-style
emit,on,once,addListener,subscribe, DOMCustomEvent, Python@*.on, and SwiftNotificationCenterpatterns becomechannelnodes withEMITSandLISTENS_ONedges.Swift: classes, structs, enums, protocols, actors, functions, and imports.
Python: classes, functions, imports, route decorators.
Go, Java, Rust: common functions, methods, types, classes, traits, structs, imports, and route decorators where applicable.
C/C++, C#, Kotlin, PHP, Dart, Ruby, Elixir, QML, and Apex: practical symbol extraction for classes/interfaces/records/modules/functions/methods, imports/includes/uses/requires, plus C#/PHP/Kotlin/Apex route annotations and route helpers.
SQL: created tables, views, indexes, functions, procedures.
Terraform/HCL:
resource,data,module,variable,output, andproviderblocks, including modulesourceimport edges.YAML: multi-document Kubernetes resources from
kindandmetadata.name, container image links, and Kustomizeresources,bases, andcomponents.Dockerfile: build stages, base images, and
COPY --fromstage dependencies.Markdown: headings as knowledge nodes.
Manifest files:
package.json,composer.json,pyproject.toml,requirements.txt,go.mod,Cargo.toml,pom.xml,build.gradle,pubspec.yaml,mix.exs, and*.gemspecpackage/dependency nodes.Lockfiles:
package-lock.json,npm-shrinkwrap.json,pnpm-lock.yaml,yarn.lock,composer.lock,Cargo.lock,poetry.lock,go.sum, andGemfile.lockbecomelockfileandlocked_dependencynodes connected byLOCKSedges.
Repository Ignore Rules
Add .repolensignore at the repository root to exclude generated code, local scratch folders, vendored samples, or sensitive paths from indexing. Rules are path-relative globs with ! negation, similar to .gitignore; RepoLens still applies its built-in skips for dependency folders, build outputs, binaries, and .repolens artifacts.
Local Graph Artifact Cleanup
.repolens/ is gitignored and can grow when you run benchmarks, imports, dashboard exports, or large-repo validation locally. Review old artifacts with:
find .repolens -maxdepth 1 -type f -size +50M -printUse repolens-mcp delete-project <root-or-db-or-label> --delete-db for catalog-tracked databases, or manually remove reviewed scratch artifacts you no longer need. Do not publish .repolens/ databases or graph packages without reviewing them for derived source metadata.
Query Graph Subset
query-graph and query_graph are read-only. Supported patterns:
MATCH (f:Function) WHERE f.name = 'main' RETURN f.name,f.filePath LIMIT 10
MATCH (a)-[r:CALLS]->(b) WHERE b.name CONTAINS 'order' RETURN a.name,b.name,r.type LIMIT 10
MATCH (a)<-[:CALLS]-(b) RETURN a.name,b.name LIMIT 10
MATCH (s) WHERE s.kind IN ['function', 'method'] RETURN s.name,s.kind LIMIT 10
MATCH (s) WHERE s.kind = 'route' OR s.kind = 'http_call' RETURN s.name,s.kind LIMIT 10
MATCH (a)-[r]->(b) WHERE r.weight >= 0.7 RETURN a.name,b.name,r.weight LIMIT 10
MATCH (f:Function) RETURN count(f) AS functions
MATCH (f:Function) RETURN DISTINCT f.name ORDER BY f.name SKIP 10 LIMIT 10Supported WHERE operators are =, <>, CONTAINS, STARTS WITH, ENDS WITH, IN, >, >=, <, and <=, joined with AND or OR; AND binds tighter than OR.
Supported result clauses include RETURN DISTINCT, count(...), ORDER BY, SKIP, and LIMIT.
Validation
npm run verify
npm run test:skip-gate
npm run package:check
npm run installer:audit
npm run audit:prod
GITHUB_REPOSITORY=sameer2191/repolens-mcp GH_TOKEN="$(gh auth token)" npm run security:github
GITHUB_REPOSITORY=sameer2191/repolens-mcp GH_TOKEN="$(gh auth token)" npm run release:security-gate
node --experimental-sqlite dist/src/cli.js index /path/to/big/repo --db /tmp/memory.db
node --experimental-sqlite dist/src/cli.js benchmark /path/to/big/repo --db /tmp/benchmark.db
node --experimental-sqlite dist/src/cli.js list-projects
node --experimental-sqlite dist/src/cli.js project-status /path/to/big/repo
node --experimental-sqlite dist/src/cli.js fleet-summary
node --experimental-sqlite dist/src/cli.js fleet-graph --limit 20 --max-nodes 500 --max-edges 1000 --out /tmp/repolens-fleet.html
node --experimental-sqlite dist/src/cli.js index /path/to/big/repo --db /tmp/memory.db --incremental
node --experimental-sqlite dist/src/cli.js architecture --db /tmp/memory.db
node --experimental-sqlite dist/src/cli.js schema --db /tmp/memory.db
node --experimental-sqlite dist/src/cli.js communities --db /tmp/memory.db --limit 12
node --experimental-sqlite dist/src/cli.js snippet createOrder --db /tmp/memory.db
node --experimental-sqlite dist/src/cli.js references createOrder --db /tmp/memory.db
node --experimental-sqlite dist/src/cli.js semantic "order checkout flow" --db /tmp/memory.db
node --experimental-sqlite dist/src/cli.js vector "order checkout flow" --db /tmp/memory.db
node --experimental-sqlite dist/src/cli.js context-pack "order checkout flow" --db /tmp/memory.db
node --experimental-sqlite dist/src/cli.js cycles --db /tmp/memory.db
node --experimental-sqlite dist/src/cli.js query-graph "MATCH (f:Function) RETURN f.name,f.filePath LIMIT 5" --db /tmp/memory.db
node --experimental-sqlite dist/src/cli.js ingest-traces traces.json --db /tmp/memory.db
node --experimental-sqlite dist/src/cli.js report --db /tmp/memory.db --format html --out report.html
node --experimental-sqlite dist/src/cli.js export-graph --db /tmp/memory.db --out graph.html --limit 1000
node --experimental-sqlite dist/src/cli.js pack-graph --db /tmp/memory.db --out graph.rlgz --label validation
node --experimental-sqlite dist/src/cli.js unpack-graph graph.rlgz --db /tmp/imported-memory.db
node --experimental-sqlite dist/src/cli.js watch /path/to/big/repo --db /tmp/memory.db --interval-ms 2500 --git-aware
node --experimental-sqlite dist/src/cli.js config set auto-index incremental
node --experimental-sqlite dist/src/cli.js config set root /path/to/big/repo
node --experimental-sqlite dist/src/cli.js serve --db /tmp/memory.db --port 9749
node --experimental-sqlite dist/src/cli.js agent-setup --target /tmp/project --agents allSecurity-summary commands need a token that can read GitHub security-alert endpoints; see SECURITY.md for local token requirements.
The repo includes docs/research-notes.md with source-research notes and design decisions, plus docs/BENCHMARK.md with sanitized validation evidence for the npm package.
Team-Shared Graph Bootstrap
Create a reusable graph package:
repolens-mcp index . --db .repolens/memory.db --write-package--write-package without a value writes .repolens/graph.rlgz after a successful index. Pass a path such as --write-package artifacts/service.rlgz to write somewhere else, or use REPOLENS_WRITE_PACKAGE=.repolens/graph.rlgz for session-wide automation. .rlgz packages are marked as binary by .gitattributes; review them before force-adding ignored .repolens artifacts to a repository.
On another machine or a fresh clone, the first index will import .repolens/graph.rlgz when the target database is missing, then run an incremental refresh for local changes:
repolens-mcp index . --db .repolens/memory.dbUse --bootstrap-package path/to/graph.rlgz for a custom artifact, REPOLENS_BOOTSTRAP_PACKAGE=path/to/graph.rlgz for MCP/session-wide configuration, or --no-bootstrap / REPOLENS_BOOTSTRAP_PACKAGE=0 to force a fresh database.
MCP Client Config
Codex users can inspect or install the MCP entry directly:
repolens-mcp doctor
repolens-mcp install-codex --db .repolens/memory.db --dry-run
repolens-mcp install-codex --db .repolens/memory.db
repolens-mcp uninstall-codex --dry-runinstall-codex refuses to replace an existing unmanaged mcp_servers.repolens entry unless --force is passed. uninstall-codex removes only the RepoLens managed block and leaves unmanaged MCP entries untouched.
Optional startup indexing for MCP sessions:
[mcp_servers.repolens.env]
REPOLENS_DB = ".repolens/memory.db"
REPOLENS_AUTO_INDEX = "1" # incremental startup refresh
REPOLENS_AUTO_SYNC = "1" # keep a long-running MCP session fresh after git changes
REPOLENS_AUTO_SYNC_INTERVAL_MS = "2500"
REPOLENS_ROOT = "." # optional, defaults to process cwd
REPOLENS_MAX_FILE_BYTES = "750000" # optional
REPOLENS_MAX_FILES = "5000" # optional, fail closed on unexpected huge repos
REPOLENS_DIAGNOSTICS = "true" # optional, writes .repolens/diagnostics.jsonlSet REPOLENS_AUTO_INDEX=full to force a full rebuild on startup. Leave it unset for the default manual-index behavior.
REPOLENS_AUTO_SYNC=1 starts a background git-aware watcher after startup; unchanged HEAD/status polls are skipped, while committed or dirty worktree changes trigger incremental refreshes.
You can also persist those defaults without shell env vars:
node --experimental-sqlite dist/src/cli.js config set auto-index incremental
node --experimental-sqlite dist/src/cli.js config set auto-sync true
node --experimental-sqlite dist/src/cli.js config set auto-sync-interval-ms 2500
node --experimental-sqlite dist/src/cli.js config set root /path/to/repo
node --experimental-sqlite dist/src/cli.js config set db-path /path/to/repo/.repolens/memory.db
node --experimental-sqlite dist/src/cli.js config set max-files 5000
node --experimental-sqlite dist/src/cli.js config set diagnostics-path .repolens/diagnostics.jsonlProject teams can generate agent guidance and config snippets for the broader agent set:
repolens-mcp agent-setup --target . --agents all
repolens-mcp install-agents --target . --agents codex,claude,gemini --dry-run
repolens-mcp install-agents --target . --agents codex,claude,gemini --with-hooks --dry-run
repolens-mcp install-agents --target . --agents codex,claude,gemini
repolens-mcp uninstall-agents --target . --agents codex,claude,gemini --with-hooks --dry-runinstall-agents writes managed markdown blocks into project-local instruction files and a docs/repolens-agent-setup.md guide. For VS Code it also writes a project-local .vscode/mcp.json servers.repolens entry while preserving unrelated servers. Add --with-hooks to generate opt-in, non-blocking hook/reminder files plus docs/repolens-agent-hooks.md; for Claude Code it also merges a managed .claude/settings.local.json PreToolUse hook entry while preserving unrelated hooks and settings. These files tell agents when to call RepoLens before broad searches or risky edits and include an executable hook-augment --claude command for agents that pass hook payload JSON through stdin. agent-hook/hook-augment recognizes PreToolUse-style Grep, Glob, and broad shell search payloads, emits either text, JSON, or Claude-compatible hookSpecificOutput.additionalContext, exits successfully, and does not intercept Read/Edit/Write tools. The hook does not query or mutate the local graph by default; add --with-query only when you want it to open the RepoLens database and append symbol metadata matches. uninstall-agents --with-hooks removes those managed reminder files and the managed Claude hook entry alongside managed RepoLens markdown blocks and managed VS Code config entries while preserving hand-written content. The MCP agent_setup tool is dry-run by default; write mode is limited to the server working directory, and executable hook writes require REPOLENS_ALLOW_MCP_HOOK_WRITES=1, so interactive CLI installers are the recommended hook setup path. The guide includes MCP config snippets for Codex, Claude, Gemini, Zed, OpenCode, Antigravity, Aider, KiloCode, VS Code, OpenClaw, and Kiro.
{
"mcpServers": {
"repolens-mcp": {
"command": "npx",
"args": ["-y", "@sameermir/repolens-mcp", "mcp"],
"env": {
"REPOLENS_DB": ".repolens/memory.db"
}
}
}
}Architecture
flowchart LR
Repo["Repository files"] --> Walker["Ignore-aware walker"]
Walker --> Extractor["Language extractors"]
Extractor --> Store["SQLite memory"]
Store --> MCP["MCP tools"]
Store --> CLI["CLI"]
Store --> Dashboard["Local dashboard"]
MCP --> Agent["AI coding agent"]Roadmap
Optional parser-backed adapters for deeper language-specific call/use precision where regex extractors are not enough.
Host-aware service-link inference from config, environment variables, and trace data.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/sameer2191/repolens-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server