CodeAtlas AI MCP Server
Uses NVIDIA NIM for enterprise-grade vector embeddings, powering semantic code search and AI memory with the nvidia/nv-embed-v1 model.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@CodeAtlas AI MCP ServerAnalyze architectural smells in my codebase"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
π Table of Contents
Related MCP server: Code Graph Knowledge System
β¨ Features
ποΈ Knowledge Graph Reasoning
Architectural Smell Detection β Automatically detect circular dependencies, God objects, and dead code using Oracle 26ai SQL Property Graph queries (
GRAPH_TABLEmatch recursion).Tri-Layer Memory β Episodic (business rules & change logs), Semantic (vector embeddings via NVIDIA NIM), and Relational (property graph) all stored natively in Oracle 26ai.
AI Vector Search β Semantic code search using 4096-dimensional embeddings and
VECTOR_DISTANCEcosine similarity.
π‘οΈ Security Scanner
Hardcoded Secrets Detection β Identifies potential API keys, tokens, passwords, and credentials in variable declarations with intelligent false-positive suppression.
Unsafe Function Detection β Flags dangerous calls (
eval,exec,system,child_process, etc.) at CRITICAL severity.SQL Injection Risk Analysis β Detects dynamic query construction patterns with database context verification.
Enterprise Security Scoring β Cross-project vulnerability scoring with risk-level classification (LOW / HIGH / CRITICAL).
π AST Code Analysis
Multi-Language Support β Analyzes JavaScript/TypeScript, Python, PHP, and more via AST parsing.
Entity Extraction β Discovers modules, classes, functions, variables, and their relationships (imports, calls, containment, inheritance).
Smart Filtering β Automatically excludes
node_modules,venv,.venv, andsite-packagesfor clean, actionable results.Fuzzy Search β Search entities by name with partial matching across entire projects.
π§ AI Semantic Memory
Dreaming Memory System β Persist learned patterns, mistakes, user preferences, and project knowledge as "dreams" with importance scoring (1β10).
NVIDIA NIM Embeddings β Enterprise-grade vector embeddings via
nvidia/nv-embed-v1for semantic code understanding.Oracle 26ai Native Vectors β Native
VECTOR(4096, FLOAT32)data type for high-performance similarity search.Auto-Synced Documentation β Automatically sync business rules and change logs to the Oracle Knowledge Graph.
π Interactive Dashboard
Force-Directed Knowledge Graph β Interactive SVG canvas with physics simulation, zoom/pan, node dragging, and glow effects.
Real-Time Analysis β View project statistics, entity counts, and dependency metrics.
Glassmorphic UI β Premium design system with frosted glass panels, neon cyan accents, and dark space theme.
Full-Screen Mode β Immersive codebase visualization with native HTML5 Fullscreen API.
π MCP Protocol Integration
Dual Transport β Supports both stdio (local IDE integration) and SSE (remote server deployment) transports.
Dynamic Session Isolation β Per-connection MCP server instances for zero-contention concurrent access.
Works With β Claude Desktop/Code, Cursor AI, VS Code (Cline, Continue), Windsurf, and any MCP-compatible client.
π REST API
Full HTTP API β Express-based REST endpoints for project management, analysis, settings, dreams, and memory.
Rate Limiting β Built-in per-tenant rate limiter (60 req/min) to protect against abuse.
CORS Support β Configurable cross-origin policies for dashboard and remote access.
π Multi-Tenant Support
Oracle VPD/RLS β Row-level security using Oracle Virtual Private Database for complete tenant data isolation.
Firestore Isolation β Tenant-scoped telemetry documents (
${tenantId}_${projectName}) in Firebase.Sandboxed Workspaces β Each tenant operates within their own directory sandbox (
tenants/{tenantId}/).
ποΈ Architecture
CodeAtlas AI follows a Clean Architecture pattern with clear separation of concerns:
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β MCP Clients β
β Claude Cursor VS Code Windsurf Custom CLI β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββ
β
ββββββββββββββββββββββΌββββββββββββββββββββββββββββββ
β Presentation Layer β
β ββββββββββββββββββββ ββββββββββββββββββββββββ β
β β MCP Server β β Express HTTP API β β
β β (stdio / SSE) β β (REST Endpoints) β β
β β mcpServer.ts β β httpServer.ts β β
β β mcpTools.ts β β dreamingRoutes.ts β β
β ββββββββββββββββββββ ββββββββββββββββββββββββ β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββ
β
ββββββββββββββββββββββΌββββββββββββββββββββββββββββββ
β Service Layer β
β ββββββββββββββ ββββββββββββ ββββββββββββββββββ β
β β Project β β Memory β β Security β β
β β Service β β Service β β Scanner β β
β β β β β β β β
β β project β β Oracle β β Security β β
β β Service.ts β β Memory β β Scanner.ts β β
β β β β Service β β β β
β ββββββββββββββ β .ts β β β β
β β β ββββββββββββββββββ β
β ββββββββββββββ β ββββββββ β β
β β Dreaming β β βEmbed β β β
β β Service β β β-ding β β β
β β β β βServiceββ β
β β dreaming β β β.ts ββ β
β β Service.ts β β ββββββββ β β
β ββββββββββββββ ββββββββββββ β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββ
β
ββββββββββββββββββββββΌββββββββββββββββββββββββββββββ
β Infrastructure Layer β
β ββββββββββββ ββββββββββββ ββββββββββββββββββββ β
β β Oracle β β Firebase β β File System β β
β β 26ai DB β β Admin β β (codeatlas/ β β
β β β β β β analysis.json) β β
β β .connect β β .auth β β β β
β β .memory β β .firestoreβ β projectService β β
β β .schema β β β β .ts β β
β ββββββββββββ ββββββββββββ ββββββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββData Flow
1. User opens IDE (Claude / Cursor / VS Code)
2. IDE connects to CodeAtlas via MCP (stdio or SSE)
3. MCP tools query local .codeatlas/analysis.json AST data
4. sync_system_memory pushes embeddings & relationships to Oracle 26ai
5. Dashboard fetches analysis results via REST API
6. Security Scanner runs against analysis data for vulnerability detection
7. Knowledge Graph queries (Oracle Property Graph) identify architectural smellsπ Quick Start
1. Prerequisites
Node.js: v20.0.0 or higher
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - sudo apt-get install -y nodejsnpm (comes with Node.js) or pnpm (recommended)
npm install -g pnpmOracle Instant Client β Required for Thick Mode connectivity to Oracle 26ai. Download from Oracle Instant Client Downloads and extract to
/opt/oracle/instantclient.Firebase Project β For API key authentication and telemetry storage.
NVIDIA API Key β For embedding generation (sign up at NVIDIA AI Foundation).
2. Installation
# Clone the repository
git clone https://github.com/giauphan/codeatlas-platform.git
cd codeatlas-platform
# Install dependencies
pnpm install
# Build the TypeScript project
pnpm run build3. Environment Configuration
Create a .env file in the project root:
# Server Configuration
PORT=8080
NODE_ENV=production
LOG_LEVEL=info
# Authentication
CODEATLAS_API_KEY=your_admin_secret_key
GOOGLE_APPLICATION_CREDENTIALS=/path/to/firebase-service-account.json
# Oracle 26ai Database (Thick Mode)
ORACLE_USER=admin
ORACLE_PASSWORD=your_password
ORACLE_CONN_STRING=your_db_connection_string
ORACLE_LIB_DIR=/opt/oracle/instantclient
ORACLE_WALLET_DIR=/opt/oracle/wallet # For mTLS connections
# NVIDIA Embeddings
NVIDIA_API_KEY=nvapi-your-key-here
# Multi-Tenant (optional)
CODEATLAS_MULTI_TENANT=false
CODEATLAS_PROJECTS_ROOT=./tenants
# CORS (optional, defaults to localhost origins)
ALLOWED_ORIGINS=http://localhost:5173,http://localhost:30004. Running the Server
Development Mode (with hot reload)
pnpm run devProduction Mode
pnpm run build
pnpm run startPM2 (Production Process Manager)
npm install -g pm2
pm2 start dist/src/index.js --name codeatlas-platform
pm2 save
pm2 startupInitialize Oracle Database Schema
pnpm run db-initThe server auto-detects the runtime mode:
If
PORTis set β starts in SSE Mode (remote HTTP server)If
PORTis unset β starts in Stdio Mode (local MCP server for IDE integration)
π AI Editor Integration
CodeAtlas AI works with any MCP-compatible AI coding assistant. Choose your editor below:
Claude Desktop / Code
Add to your claude_desktop_config.json:
{
"mcpServers": {
"codeatlas": {
"command": "npx",
"args": ["-y", "codeatlas-enterprise"],
"env": {
"CODEATLAS_API_KEY": "your-api-key",
"ORACLE_CONN_STRING": "...",
"NVIDIA_API_KEY": "nvapi-..."
}
}
}
}Or for remote SSE mode:
{
"mcpServers": {
"codeatlas": {
"type": "sse",
"url": "https://your-server.com/sse?apiKey=YOUR_API_KEY_HERE"
}
}
}Cursor AI
Create .cursor/rules/codeatlas.mdc in your project:
---
description: CodeAtlas AI codebase intelligence
globs: *
---
An MCP server named `codeatlas` is available with code analysis tools.
Always use it before manual file searches for faster results.Configure in Cursor Settings β MCP Servers:
{
"mcpServers": {
"codeatlas": {
"command": "npx",
"args": ["-y", "codeatlas-enterprise"],
"env": {
"CODEATLAS_API_KEY": "your-api-key"
}
}
}
}VS Code (Cline / Continue)
Add to your VS Code MCP settings:
{
"mcpServers": {
"codeatlas": {
"command": "npx",
"args": ["-y", "codeatlas-enterprise"],
"env": {
"CODEATLAS_API_KEY": "your-api-key"
}
}
}
}Windsurf
Create .windsurfrules in your project:
Use CodeAtlas MCP tools for codebase analysis before making changes.
Tools: list_projects, get_project_structure, search_entities, get_dependencies,
generate_system_flow, trace_feature_flow, sync_system_memoryCustom MCP Clients
Any MCP client can connect directly via stdio:
npx -y codeatlas-enterpriseOr via SSE:
curl -N https://your-server.com/sse?apiKey=YOUR_API_KEYπ οΈ MCP Tools Reference
CodeAtlas AI exposes 14 MCP tools for comprehensive codebase intelligence. Run list_projects first to discover analyzed projects, then use the rest.
π Code Analysis & Discovery
Tool | Description | Parameters |
| List all analyzed projects with names, paths, and last analysis timestamps | None |
| Get all entities (modules, classes, functions, variables) in a project |
|
| Get all entities defined in a specific file |
|
| Fuzzy search for functions, classes, modules, or variables by name |
|
| AI-generated code quality insights (refactoring, security, maintainability) | None |
π Dependency & Flow Visualization
Tool | Description | Parameters |
| Get import/call/containment/implements relationships between entities |
|
| Generate a Mermaid flowchart showing system architecture (module imports) |
|
| Generate a Mermaid diagram of feature execution flow (call chains: entry point β controller β service β model β database) |
|
| Trace the complete execution flow of a feature through the codebase, ordered by dependency chain |
|
π§ AI Memory & Knowledge Graph
Tool | Description | Parameters |
| Sync code entities & relationships to Oracle 26ai Knowledge Graph. Creates auto-generated system documentation with business rules and change logs |
|
| Retrieve episodic memories (business rules, change logs) from Oracle 26ai |
|
| Save a learned pattern, mistake, preference, or knowledge to the Dreaming Memory system |
|
| Search Dream Memories by semantic similarity using vector search |
|
| Use Oracle 26ai Property Graph to detect circular dependencies, God objects, and dead code |
|
π‘οΈ Security & Architecture Scanning
Tool | Description | Parameters |
| Enterprise vulnerability scanner β auto-scans all projects for hardcoded secrets, unsafe functions, SQL injection risks, and architectural issues with security scoring |
|
π REST API Reference
In addition to MCP, CodeAtlas AI provides a full REST API for remote access and dashboard integration.
Method | Endpoint | Description | Auth Required |
|
| List all discovered projects | β |
|
| Remove a project and its data | β |
|
| Get episodic memories for a project | β |
|
| Get indexing settings | β |
|
| Update indexing settings | β |
|
| Save a dreaming memory | β |
|
| Query dreaming memories | β |
|
| Delete a dreaming memory | β |
|
| Get quick setup guide (markdown) | β |
|
| Get AI memory setup guide (markdown) | β |
Authentication: API requests require either:
Firebase ID Token:
Authorization: Bearer <firebase-id-token>(for dashboard users)API Key:
x-api-key: <your-api-key>(for programmatic access)
Rate Limiting: 60 requests per minute per tenant/IP.
π Project Structure
codeatlas-platform/
βββ src/
β βββ index.ts # Composition root β entry point
β βββ config/
β β βββ env.ts # Environment configuration
β βββ presentation/ # Presentation layer (MCP + HTTP)
β β βββ mcpServer.ts # MCP server instance
β β βββ mcpTools.ts # All 14 MCP tool definitions
β β βββ httpServer.ts # Express HTTP server + REST API
β β βββ dreamingRoutes.ts # Dream memory REST routes
β βββ services/ # Application services
β β βββ authService.ts # Authentication & API key verification
β β βββ projectService.ts # Project discovery & analysis loading
β β βββ memoryService.ts # Oracle 26ai tri-layer memory service
β β βββ dreamingService.ts # Oracle dreaming memory service
β β βββ embeddingService.ts # NVIDIA NIM embedding generation
β β βββ memoryGenerator.ts # Auto-generated memory documentation
β β βββ scanner/
β β βββ securityScanner.ts # Static security vulnerability scanner
β βββ middleware/
β β βββ auth.ts # Express auth middleware (Firebase + API key)
β βββ database/
β β βββ connection.ts # Oracle DB connection pool (Thick Mode)
β β βββ schema.sql # Oracle 26ai database schema + VPD setup
β βββ types/
β β βββ index.ts # TypeScript interfaces (GraphNode, AnalysisResult, etc.)
β β βββ express.d.ts # Express type augmentation
β βββ utils/
β β βββ logger.ts # Structured logging
β β βββ context.ts # AsyncLocalStorage for request context
β βββ repositories.ts # Repository pattern (auth, telemetry)
βββ dashboard/ # React dashboard (Vite + TypeScript)
β βββ src/
β β βββ App.tsx # Root component
β β βββ main.tsx # Entry point
β β βββ lib/
β β β βββ firebase.ts # Firebase client SDK
β β βββ components/
β β βββ Dashboard.tsx # Main dashboard (project management)
β β βββ Auth.tsx # Login / API key auth
β β βββ KnowledgeGraphView.tsx # Interactive force-directed graph
β β βββ ControlCenterView.tsx # Settings & controls
β β βββ CloudIndexView.tsx # Cloud sync status
β β βββ DocumentationView.tsx # MCP integration guide
β βββ index.html
β βββ vite.config.ts
β βββ package.json
βββ scripts/ # Utility scripts
β βββ db-init.ts # Database schema initialization
β βββ deploy.sh # Deployment script
β βββ migrate-user.ts # User migration
β βββ query-firestore.ts # Firestore debugging
βββ tests/ # Test suites
β βββ unit/ # Unit tests
β βββ integration/ # Integration tests
β βββ e2e/ # End-to-end tests
βββ docs/
β βββ QUICK_SETUP.md # Quick setup guide
β βββ AI-MEMORY-SETUP.md # AI memory configuration
β βββ rules-template/ # IDE integration templates
β βββ CLAUDE.md
β βββ cursor-codeatlas.mdc
β βββ codeatlas-mcp.md
β βββ windsurfrules.md
βββ instantclient/ # Oracle Instant Client libraries
βββ .github/workflows/
β βββ ci.yml # CI pipeline (build, type-check, test)
β βββ cd.yml # CD pipeline (deploy to live server)
βββ package.json
βββ tsconfig.json
βββ DESIGN.md # Design system specification
βββ CHANGELOG.md # Full version history
βββ LICENSE # MIT Licenseπ§ Memory Architecture
CodeAtlas AI implements a Tri-Layer Memory system using Oracle 26ai native database features:
1. π Episodic Memory (ai_episodic_memory)
Stores business events as JSON documents using Oracle's native JSON data type.
Business Rules β Captured during code review (e.g., "VIP users get free shipping")
Change Logs β Auto-recorded on every
sync_system_memorycallQuery:
SELECT event_data FROM ai_episodic_memory WHERE project_name = :project AND event_type = 'BUSINESS_RULE'
2. 𧬠Semantic Memory (ai_semantic_memory)
Stores vector embeddings of code entities for AI-powered similarity search.
Embedding Model:
nvidia/nv-embed-v1β 4096-dimensional FLOAT32 vectorsStorage: Oracle native
VECTOR(4096, FLOAT32)data typeSearch:
SELECT * FROM ai_semantic_memory ORDER BY VECTOR_DISTANCE(embedding, :query, COSINE) FETCH FIRST :limit ROWS ONLYBatch Processing: Entities are embedded in chunks of 50, stored in DB batches of 500
3. π Relational Memory (ai_relational_memory)
Stores code dependency relationships as a Property Graph for graph traversal.
Knowledge Graph:
CREATE PROPERTY GRAPH ai_knowledge_graphconnecting semantic entities via relational edgesGraph Queries:
GRAPH_TABLE(ai_knowledge_graph MATCH (a)-[e]->{1,5}(a))for cycle detectionRelationship Types:
import,call,contains,implements
π Oracle VPD Multi-Tenant Security
All three memory tables are protected by Oracle Virtual Private Database (VPD) with automatic row-level security based on tenant_id. Each database connection session sets its security context via ADMIN.codeatlas_ctx_pkg.set_tenant(:tenantId), and VPD policies transparently filter rows.
π Multi-Tenant Architecture
CodeAtlas AI supports SaaS multi-tenancy at every layer:
Directory Sandbox
tenants/
βββ tenant-abc123/
β βββ project-alpha/
β β βββ .codeatlas/analysis.json
β βββ project-beta/
βββ tenant-def456/
βββ project-gamma/Database Isolation
Oracle VPD/RLS: Row-level security with automatic
tenant_idfilteringFirestore Namespacing: Documents prefixed as
${tenantId}_${projectName}Rate Limiting: Per-tenant rate limits (60 req/min)
Access Control
Standard users: Can only see and manage projects within their tenant sandbox
System administrators: Can view and manage all tenant projects
Authentication: Firebase ID Tokens (dashboard) or API Keys (programmatic)
π Dashboard
The interactive dashboard is a React application with a premium glassmorphism design system:
Design Specifications
Primary Color: Neon Cyan
#00F0FFβ active nodes, CTAs, glow accentsSecondary: Electric Violet
#9D00FFβ AI insights, relationshipsBackground: Deep Space
#0A0C10with glass surfacesrgba(16, 20, 29, 0.6)Backdrop Blur: 20px frosted glass
Typography: Space Grotesk (headlines) + Inter (body)
Typography: Space Grotesk (headlines) + Inter (body)
Dashboard Views
View | Description |
Control Center | Project management, API keys, settings |
Knowledge Graph | Interactive force-directed SVG graph with zoom, pan, and node dragging |
Cloud Index | Cloud sync status, indexing coverage |
Documentation | MCP integration guides and setup instructions |
Building the Dashboard
cd dashboard
pnpm install
pnpm run build # Production build
pnpm run dev # Development serverπ§ͺ Testing
CodeAtlas AI includes a comprehensive test suite with unit, integration, and e2e tests.
# Run all tests
pnpm test
# Run TypeScript type checking
npx tsc --noEmit --skipLibCheck
# Run dashboard tests
cd dashboard && pnpm testTest Structure
tests/
βββ unit/
β βββ scanner.test.ts # Security scanner logic
β βββ repositories.test.ts # Auth & telemetry repository
β βββ dreaming-service.test.ts # Dreaming service operations
β βββ dreaming-routes.test.ts # Dream memory REST endpoints
β βββ memory-generator.test.ts # Memory documentation generator
βββ integration/
β βββ api.test.ts # REST API endpoints
β βββ mcp.test.ts # MCP tool execution
β βββ database.test.ts # Oracle DB operations
β βββ multi-tenant.test.ts # Tenant isolation
β βββ project-deletion.test.ts # Project cleanup flow
β βββ discovery.test.ts # Project discovery
β βββ settings.test.ts # Indexing settings API
β βββ watcher.test.ts # File watcher
βββ e2e/
βββ scan-flow.test.ts # End-to-end analysis flowπ€ Contributing
Contributions are welcome! Here's how you can help:
Fork the repository
Create a feature branch:
git checkout -b feature/my-featureCommit your changes:
git commit -am 'Add my feature'Push to the branch:
git push origin feature/my-featureOpen a Pull Request
Development Guidelines
Follow the existing Clean Architecture patterns
Write TypeScript with strict typing
Add tests for new features
Update documentation as needed
Ensure all tests pass:
pnpm test
Code Style
TypeScript with strict mode enabled
ESLint + Prettier for consistent formatting
Clean Architecture with use caseβdriven service design
Async/await over raw promises
π License
This project is licensed under the MIT License β see the LICENSE file for details.
MIT License
Copyright (c) 2026 GiauPhan
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
...This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/giauphan/codeatlas-platform'
If you have feedback or need assistance with the MCP directory API, please join our Discord server