Your codebase is a graph. Every node reasons. Every change is governed.

One command. 90 seconds. Your AI writes code with architectural awareness, governance gates, and multi-agent reasoning. Not a linter. Not a copilot. A knowledge graph where every module is an autonomous agent — now with a structured chat layer that picks the right tool for every task.

The world's first governance-led multi-agent reasoning system for code. Scan any codebase into a persistent knowledge graph. Every module becomes a reasoning agent. Multiple agents decompose, debate, and synthesize answers with clearance-level governance. Every change is impact-analysed, gate-checked, and taught back — automatically.

"AI assistants see files. GraQle sees architecture. That's why it catches the bugs they can't."

pip install graqle && graq scan repo . && graq run "find every security bug in this codebase"

Website · VS Code Extension · Dashboard · PyPI · Changelog

Governance Gate — Activate Full GraQle Autonomy

Optional. One command. Fully reversible. Turn any Claude Code session into a governed, architecture-aware reasoning pipeline.

pip install graqle
graq gate-install

That's it. Claude Code now routes every tool call through GraQle's governed equivalents — impact analysis, preflight checks, lesson memory, and architectural reasoning activate automatically. No workflow change. No configuration. Just governance.

• What it does: Installs .claude/hooks/graqle-gate.py and .claude/settings.json in your project

• What changes: Claude Code's native tools (Read, Write, Edit, Bash) are routed through GraQle's graph-aware equivalents (graq_read, graq_edit, graq_generate, graq_bash)

• Why: Every file read gets architectural context. Every edit gets preflight governance. Every change gets impact analysis. Your AI stops guessing and starts knowing.

• Reversible: Delete .claude/hooks/graqle-gate.py to disable. Your project is unchanged.

Works with the free tier. No signup required. No API key needed if you use Ollama (fully local).

Learn more about Governance Gate · VS Code Extension

What's New in v0.50.0 — Structured Chat Agent

Your AI coding assistant now runs a structured chat loop with architectural awareness, durable pause/resume, and governed tool selection. The same quality you get from dedicated coding assistants — now inside any MCP client.

Structured chat agent layer

• Smart tool selection — the assistant picks the right tool for the job based on what your project already uses, your past successful workflows, and the specific intent of your question. No more cold-picking from a long tool list.

• Durable pause/resume — long-running tasks can pause for your approval and resume exactly where they left off. No lost work if you close the session.

• Structured second-opinion check — for sensitive actions, the assistant runs a quick internal check before touching anything, flagging safety concerns, missing prerequisites, or ambiguity.

• Bring-your-own-backend — mix and match LLM providers for different task types (triage, reasoning, formatting). Works with a single backend or multiple families.

• Hard-error continuation — when a tool fails, the assistant adapts and keeps going instead of freezing.

• Convention inference — when you say "write an ADR for this" or "add a test for that", the assistant finds existing examples in your project, matches the style, and writes in the right location — no clarifying questions.

Three new SDK capabilities

• Session-scoped permissions — approve a tool once for a scope, subsequent same-scope calls auto-proceed. Revocable mid-session.

• Append-only audit log — every turn is recorded at .graqle/chat/ledger/turn_<id>.jsonl for full historical transcript inspection.

• Project-specific instructions — drop a GRAQ.md at your project root to customize how the assistant behaves for your codebase, similar to CLAUDE.md.

Governed by default

• Three-tier governance (auto / review / approval) with tiers pre-disclosed upfront — no surprise-blocks mid-flow

• Impact analysis and preflight checks on every change

• Destructive operations always require explicit confirmation

Three critical bug fixes rolled in

• Backend reliability — fixes a crash that affected reasoning calls after the first round on some backends

• Long-response handling — synthesis now correctly handles responses that hit the model's output token limit

• Batch reasoning — the batch reasoning path now works correctly when a query fails inside a batch

Key numbers

• 136 MCP tools exposed to Claude Code, Cursor, and VS Code Copilot

• 14 LLM backends — Anthropic, OpenAI, AWS Bedrock, Ollama (local), Gemini, Groq, DeepSeek, Together, Mistral, OpenRouter, Fireworks, Cohere, vLLM, and custom providers

• Fully offline capable with Ollama

Install VS Code Extension | Full Changelog

Why GraQle is different from everything else

The problem with AI coding at scale

Copilot writes auth logic. Cursor generates your API layer. Claude Code refactors your service layer. All of it ships fast. None of it is checked at the architectural level.

Bugs don't live in files. They live between files.

In a 6-file dental appointment system we built as a demo, every single tool — pylint, mypy, flake8, Copilot — missed 4 of the 8 bugs. Because those bugs only exist in the relationship between files:

• app.py assumed services.py checks auth on the cancel endpoint

• services.py assumed app.py already checked it

• Neither did

• Any unauthenticated HTTP client could cancel any patient's appointment

That is a HIPAA violation. That is what vibe coding at scale produces. That is what Graqle catches.

The 90-second proof

# 1. Scan any codebase into a knowledge graph
graq scan repo .
# → 5,579 nodes, 19,916 edges — full architecture mapped in seconds

# 2. Ask Graqle to audit it
graq run "find every security vulnerability in this codebase"
# → Graph-of-agents activates across 50 nodes
# → Traces cross-file attack chain: MD5 (models.py) → expired tokens
#    never checked (auth.py) → cancel endpoint with zero auth (app.py)
# → Confidence: 89% | Evidence: 3-file chain | Cost: ~$0.001

# 3. Fix it — Graqle shows exact before/after for each file
# 4. Teach it back — the graph never forgets
graq learn "cancel endpoint must always require auth token"
# → Lesson persists. Every future audit knows this rule.
# → Copilot forgot. Graqle remembered.

Dental audit results (live, AWS Bedrock, 2026-03-28):

What makes Graqle structurally different

Every other AI tool works at the file level. Graqle works at the relationship level.

The graph IS the reasoning architecture

Every node is simultaneously a knowledge entity AND a reasoning agent. The graph topology determines who reasons. Edge weights encode what was learned. Ontological constraints govern what reasoning is permitted. Results mutate the same graph that governs future reasoning.

This is a closed developmental loop. No stateless tool can replicate it without rebuilding the entire persistent typed graph layer from scratch.

Cross-file bugs. Found automatically.

app.py ──imports──> services.py
    |                    |
    └──assumes auth──────┘
         checked here

Neither checks. Graqle sees both.
Copilot sees one file at a time.

The assumption gap between app.py and services.py is invisible to any single-file tool. Graqle maps the relationship, activates both as agents, and surfaces the contradiction at 89% confidence.

Persistent architectural memory

graq learn "auth must be in services layer"
# Written to graph as weighted LESSON edge
# Survives git ops, session resets, team changes
# Every future audit activates this lesson

Lessons compound. The longer your team uses Graqle, the more it knows about your specific architecture, your specific past mistakes, your specific safety rules. That compounding is the moat.

Governance gates before code is written

graq preflight "refactor the auth layer"
# → 12 modules depend on auth
# → 3 have no tests
# → 2 past lessons activated
# → LESSON: cancel endpoint must require auth
# → Risk: HIGH — proceed with plan

The gate runs before a single line changes. Not a linter rule. The graph reasoning about the specific change in the context of your specific architecture.

How it works

Your Code                    Knowledge Graph                AI Reasoning
┌──────────────┐            ┌───────────────────┐         ┌──────────────────────┐
│ Python       │ graq scan  │ 13 node types      │  query  │ Graph-of-Agents      │
│ TypeScript   │ ─────────> │ 10 edge types      │ ──────> │ PCST activation      │
│ Config       │            │ Weighted lessons   │         │ Multi-round reasoning │
│ Docs / APIs  │            │ Dependency chains  │         │ Confidence-scored    │
└──────────────┘            └───────────────────┘         │ Audit-trailed        │
                                      │                    └──────────────────────┘
                               graq learn / graq grow              │
                                      │                            ▼
                            Graph evolves with every      graq preflight / graq impact
                            interaction and lesson        Gate every change before it ships

6-gate validation pipeline — every scanned node passes: parse integrity → completeness repair → chunk quality → edge deduplication → relationship inference → compilation verification. Hollow nodes are auto-repaired, never silently dropped.

Model agnostic. Works everywhere.

Graqle is not tied to any AI provider. The knowledge graph and reasoning architecture are completely decoupled from the backend. One line in graqle.yaml switches providers.

# graqle.yaml — smart task routing
model:
  backend: bedrock
  model: eu.anthropic.claude-sonnet-4-6
  region: eu-north-1

routing:
  rules:
    - task: reason
      provider: bedrock
      model: eu.anthropic.claude-opus-4-6-v1
      profile: your-aws-profile    # uses your existing AWS credentials
    - task: context
      provider: groq               # fast lookups on cheap model

Works with every AI IDE: Claude Code, Cursor, VS Code + Copilot, Windsurf, JetBrains — zero workflow change. Graqle adds 74 architecture-aware MCP tools your AI uses automatically.

What Graqle does that competitors cannot

The structural reason competitors cannot copy this: They are stateless. Graqle's moat is a persistent typed knowledge graph where topology governs agent activation, ontological constraints bound reasoning, edge weights encode institutional memory, and results mutate the same structure that governs future cognition. You cannot replicate this with prompt engineering. You have to rebuild the entire layer.

Use cases

Point Graqle at any codebase. It scans in minutes. You get:

• Full blast radius for every file — what breaks if this changes

• Cross-file vulnerability chains traced across auth, business logic, data layers

• Architectural coupling violations and assumption gaps between modules

• Security issues: auth bypass, injection vectors, insecure crypto, data exposure

• All findings with confidence scores and file-level evidence

No prior knowledge of the codebase required. The graph maps it for you.

graq scan repo .
graq run "find every security vulnerability"
graq run "what are the highest-risk files to change?"
graq impact auth.py    # blast radius: what breaks if auth changes

Every function you add gets mapped to the graph immediately. Before writing the next function, run preflight: the graph tells you what this will affect, whether something similar already exists, whether this introduces a circular dependency.

graq preflight "add payment processing to checkout service"
# → 6 modules will be affected
# → LESSON: payment module must never call user service directly
# → Similar function exists in billing.py — consider reusing

You build with architectural awareness that accumulates as you build. By the time you ship, the graph is a complete living specification.

Legacy systems are where Graqle is most valuable. No single developer has the full picture. Assumptions are buried across dozens of files. A change to one module silently breaks five others.

The graph maps hidden dependencies explicitly. A new engineer gets full architectural context for any module in seconds. A senior engineer validates that a refactor is safe before touching a single line.

graq context legacy_payments.py     # 500-token focused context
graq impact legacy_payments.py      # what depends on this
graq lessons payment                # what went wrong here before

Every PR runs graq preflight. The gate produces a confidence score. Below threshold: blocked.

# .github/workflows/graqle-gate.yml
- name: Graqle governance gate
  run: |
    graq predict "$(git diff HEAD~1 --stat | head -20)" \
      --confidence-threshold 0.80 \
      --fail-below-threshold

Architecture-aware quality control that scales across teams without requiring every reviewer to understand every subsystem.

PR Guardian — governance checks on every pull request

Automated blast radius analysis for PRs. PR Guardian analyses your diff against the project knowledge graph and reports blast radius, a governance verdict, and a status badge — directly on the PR.

GitHub Action

# .github/workflows/graq-guardian.yml
name: PR Guardian
on: [pull_request]
permissions:
  contents: read
  pull-requests: write
jobs:
  guardian:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: graqle/pr-guardian@v1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

CLI

# Analyse a diff locally
graq pr-guardian --diff <(git diff main...HEAD)

# JSON output for CI integration
graq pr-guardian --diff <(git diff main...HEAD) --output-format json

What it shows

• Blast radius — how many downstream modules are affected by the change

• Governance verdict — pass or block, with actionable reasoning

• PR badge — shields.io-compatible SVG posted as a PR comment

• SARIF output — optional integration with GitHub Code Scanning

PR Guardian runs the same analysis locally and in CI, so developers catch governance issues before review.

75 MCP tools — your AI uses them automatically

graq init          # Claude Code — auto-wires all 75 tools
graq init --ide cursor
graq init --ide vscode
graq init --ide windsurf

Core reasoning tools (free):

SCORCH — UX audit engine (12 dimensions):

Phantom — browser computer skills (8 tools):

graq_* tools have kogni_* aliases for backwards compatibility. All 75 tools, zero license checks.

Real results

A 6-file, 410-line Flask dental appointment system. Bugs planted as a realistic "vibe coded" application would produce them.

What every standard tool missed:

• BUG-001 CRITICAL: cancel() in app.py — no auth. Traces through app.py → services.py. Neither file checks auth. Only visible as a relationship.

• BUG-002 CRITICAL: search() — unauthenticated. Empty query returns all patients. HIPAA violation.

• BUG-005 HIGH: Double-booking not prevented. services.py assumes models.py checks overlap. models.py assumes services.py does. Neither does. Only visible as a cross-file assumption gap.

• BUG-006 MEDIUM: notifications.py bypasses service layer entirely. Schema change in models.py silently breaks it.

Graqle found all 8. 89–90% confidence. AWS Bedrock. 3 minutes.

Three repos merged into one knowledge graph. 8 parallel SCORCH audits across the entire surface. Found a CTA button that was 20px tall (44px minimum for mobile touch targets). Fixed before a single prospect saw it.

Scale: 17,418 nodes | 70,545 edges | 8 audits | Total cost: $0.30

Graqle uses Graqle to manage its own development. From v0.12.3 (6.4/10) to v0.29.9 (8.5/10) — every improvement guided by the knowledge graph's own intelligence layer. 1,569+ tests. 5,579 compiled nodes. Graph-powered development, by the graph.

This is not a demo feature. This is proof the tool works at the scale and complexity of real software.

Full CLI reference

pip install graqle[phantom] && python -m playwright install chromium

Works on any website. Results feed back into the knowledge graph automatically.

Pricing

Start free →

Security & Privacy

• Local by default. All processing runs on your machine. No telemetry.

• Your API keys. LLM calls go directly to your provider — never proxied.

• Cloud is opt-in. Uploads graph structure only — never source code.

• Air-gapped mode. GRAQLE_OFFLINE=1 — full functionality, zero network calls.

Supply-chain integrity (v0.35.0+)

pip install "graqle[security]"
graq trustctl verify    # verify installed version against Sigstore

FAQ

Copilot and Cursor are file-level tools. They see what is written in one file. Graqle sees the relationships between files — the dependency graph, the assumption chains, the blast radius of every change. They generate code. Graqle makes generated code safe to ship. They are not competitors. Graqle is the layer beneath them.

LangChain and CrewAI are orchestration frameworks — they chain agents and prompts. They are stateless: no persistent graph, no accumulated institutional memory, no topology-governed agent activation. Graqle is the persistent typed knowledge substrate that agentic frameworks are missing. If you are building agents that write code, Graqle is the memory and governance layer your agents need underneath.

Never. All graph processing is local. Cloud sync uploads graph structure only — never source code. Use GRAQLE_OFFLINE=1 for fully air-gapped operation.

Yes. 14 backends. One line in graqle.yaml switches providers. AWS Bedrock uses your existing IAM profile — no new credentials needed. Ollama runs fully offline on your own GPU at zero cost.

Under 30 seconds for most codebases. 10K+ file monorepos take 1–2 minutes. The graph persists — subsequent scans are incremental.

Static analysis tells you what code exists. Graqle tells you how it connects, what breaks when it changes, what your team has learned about it, and what the blast radius of the next change will be. Static analysis is a search tool. Graqle is a reasoning architecture.

Patent & License

European Patent Applications EP26162901.8 and EP26166054.2 — Quantamix Solutions B.V. Phantom browser automation plugin: Copyright 2026 Quantamix Solutions B.V. Free to use under the license terms. See SECURITY.md for supply-chain documentation.

@article{kumar2026graqle,
  title   = {GraQle: Governed Intelligence through Graph-of-Agents Reasoning},
  author  = {Kumar, Harish},
  year    = {2026},
  institution = {Quantamix Solutions B.V.},
  url     = {https://github.com/quantamixsol/graqle}
}

Your AI generates code at 10x speed. Graqle makes sure it's safe to ship.

pip install graqle && graq init

⭐ Star this repo — it helps other developers find it.

Built by Quantamix Solutions B.V. · Uithoorn, The Netherlands 🇳🇱

Copilot forgot. Graqle remembered.