codeiq

module

v0.4.0 Latest Latest Go to latest Published: May 14, 2026 License: MIT

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/randomcodespace/codeiq

Links

Open Source Insights

README ¶

codeiq

Deterministic code knowledge graph — scans codebases to map services, endpoints, entities, infrastructure, auth patterns, and framework usage. No AI, pure static analysis. Single static Go binary; MCP server included.

What it is

codeiq scans a codebase and produces a deterministic graph of its services, endpoints, entities, infrastructure, auth patterns, and framework usage. Same input ⇒ same output, every time.

Single static binary — built from the go/ tree. No JVM, no Spring Boot start time. ~30 MB. CGO enabled (Kuzu graph + SQLite cache).
100 detectors across 35+ languages — Java, Kotlin, Scala, Python, TypeScript/JavaScript, Go, Rust, C#, C++, Terraform, Bicep, Helm, Kubernetes, Docker, GitHub Actions, GitLab CI, …
MCP server included — codeiq mcp runs an MCP stdio server exposing 10 user-facing tools (6 consolidated mode-driven + run_cypher + read_file + generate_flow + review_changes) so Claude / Cursor / any MCP-aware agent can query the graph directly.
LLM-driven PR review — codeiq review walks the diff, queries the indexed graph for evidence, and asks Ollama (Cloud or local) for review comments.

Install

Pre-built binary

Grab from Releases:

curl -L https://github.com/RandomCodeSpace/codeiq/releases/latest/download/codeiq_$(uname -s | tr A-Z a-z)_$(uname -m | sed s/x86_64/amd64/).tar.gz | tar xz
sudo install codeiq /usr/local/bin/
codeiq --version

Verify (Sigstore keyless):

sha256sum -c checksums.sha256
cosign verify-blob \
  --bundle checksums.sha256.cosign.bundle \
  --certificate-identity-regexp 'https://github.com/RandomCodeSpace/codeiq/.github/workflows/release-go.yml@.*' \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  checksums.sha256

Build from source

Requires Go 1.25.10+ and a C toolchain (CGO).

git clone https://github.com/RandomCodeSpace/codeiq.git
cd codeiq
CGO_ENABLED=1 go build -o /usr/local/bin/codeiq ./cmd/codeiq
codeiq --version

Or directly via go install:

CGO_ENABLED=1 go install github.com/randomcodespace/codeiq/cmd/codeiq@latest

Quickstart

# Index a repository → SQLite analysis cache.
codeiq index /path/to/repo

# Enrich → Kuzu graph at .codeiq/graph/codeiq.kuzu.
codeiq enrich /path/to/repo

# Query.
codeiq stats /path/to/repo
codeiq find endpoints /path/to/repo
codeiq query consumers <node-id> /path/to/repo
codeiq topology /path/to/repo
codeiq flow /path/to/repo --view overview --format mermaid

# LLM PR review (local Ollama; OLLAMA_API_KEY → Cloud).
codeiq review --base origin/main --head HEAD /path/to/repo

MCP integration

Add to your MCP client config (e.g. .mcp.json at the project root):

{
  "mcpServers": {
    "code-mcp": {
      "command": "codeiq",
      "args": ["mcp"]
    }
  }
}

Ten user-facing tools: six mode-driven (graph_summary, find_in_graph, inspect_node, trace_relationships, analyze_impact, topology_view) plus run_cypher (Cypher escape hatch), read_file (utility), generate_flow, and review_changes.

CLI reference

Command	Purpose
`index [path]`	Scan files → SQLite analysis cache.
`enrich [path]`	Load cache → Kuzu graph; run linkers + layer classifier.
`mcp [path]`	Stdio MCP server (Claude / Cursor).
`stats [path]`	Categorized statistics.
`query <kind> <id> [path]`	consumers / producers / callers / dependencies / dependents / shortest-path / cycles / dead-code.
`find <preset> [path]`	endpoints, entities, services, …
`cypher <query> [path]`	Raw Cypher against Kuzu (read-only).
`flow [path]`	Mermaid / dot / yaml flow diagrams.
`graph [path]`	Export graph: json / yaml / mermaid / dot.
`topology [path]`	Service-topology projection.
`review [path]`	LLM-driven PR review.
`cache <action>`	Inspect / clear the analysis cache.
`plugins <action>`	List + describe registered detectors.
`config <action>`	Validate / explain `codeiq.yml`.
`version`	Build info.

codeiq <cmd> --help for full flag listing.

Design

The graph is canonical and deterministic — GraphBuilder deduplicates nodes by ID (confidence-aware merge) and edges by canonical (source, target, kind) tuple. Phantom edges (endpoint missing from the graph) are dropped at snapshot. Every run prints a "Deduped: N nodes, M edges Dropped: K phantom edges" line so graph hygiene is visible.

Pipeline: FileDiscovery → tree-sitter / regex → detectors → GraphBuilder → linkers → LayerClassifier → Kuzu. See CLAUDE.md for the full architecture and the detector authoring contract.

Releases

Tag vX.Y.Z → .github/workflows/release-go.yml builds linux/amd64, linux/arm64, darwin/arm64 archives with SPDX SBOMs (Syft); the checksum manifest is keyless-signed via Cosign + GitHub OIDC (Sigstore Rekor). Runbook: shared/runbooks/release-go.md.

Security

See SECURITY.md. Supply-chain stack: OpenSSF Best Practices 12650, OpenSSF Scorecard, and the OSS-CLI workflow (security.yml) running OSV-Scanner, Trivy, Semgrep, Gitleaks, jscpd, and anchore/sbom-action on every PR.

License

See LICENSE.

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
cmd
codeiq command Binary codeiq is the codeiq CLI entry point.	Binary codeiq is the codeiq CLI entry point.
extcheck command
go module
internal
analyzer
analyzer/linker Package linker contains cross-file enrichers that run after detectors during `codeiq enrich`.	Package linker contains cross-file enrichers that run after detectors during `codeiq enrich`.
buildinfo Package buildinfo exposes version/commit/date/dirty strings that the release pipeline injects via -ldflags -X. When ldflags are not set, an init() fallback reads `runtime/debug.BuildInfo` so `go install ...@v0.3.0` and local `go build` from a git checkout still produce a binary that reports its origin.	Package buildinfo exposes version/commit/date/dirty strings that the release pipeline injects via -ldflags -X. When ldflags are not set, an init() fallback reads `runtime/debug.BuildInfo` so `go install ...@v0.3.0` and local `go build` from a git checkout still produce a binary that reports its origin.
cache
cli Package cli wires Cobra commands.	Package cli wires Cobra commands.
detector
detector/auth Package auth holds cross-cutting authentication-related detectors.	Package auth holds cross-cutting authentication-related detectors.
detector/base Package base frontend.go provides shared helpers for frontend component detectors (Angular, React, Vue).	Package base frontend.go provides shared helpers for frontend component detectors (Angular, React, Vue).
detector/csharp Package csharp holds C#/.NET detectors.	Package csharp holds C#/.NET detectors.
detector/frontend
detector/generic
detector/golang Package golang holds Go-language detectors.	Package golang holds Go-language detectors.
detector/iac Package iac holds Infrastructure-as-Code detectors (Terraform, Bicep, Dockerfile, ...).	Package iac holds Infrastructure-as-Code detectors (Terraform, Bicep, Dockerfile, ...).
detector/jvm/java
detector/jvm/jvmhelpers Package jvmhelpers mirrors src/main/java/.../detector/StructuresDetectorHelper.java + AbstractJavaMessagingDetector helpers for JVM-family Go detectors.	Package jvmhelpers mirrors src/main/java/.../detector/StructuresDetectorHelper.java + AbstractJavaMessagingDetector helpers for JVM-family Go detectors.
detector/jvm/kotlin
detector/jvm/scala
detector/markup Package markup holds Markdown / other markup-language detectors.	Package markup holds Markdown / other markup-language detectors.
detector/proto Package proto holds Protocol Buffer detectors.	Package proto holds Protocol Buffer detectors.
detector/python
detector/script/shell Package shell holds Bash and PowerShell detectors.	Package shell holds Bash and PowerShell detectors.
detector/sql Package sql holds raw-SQL and migration-file detectors.	Package sql holds raw-SQL and migration-file detectors.
detector/structured
detector/systems/cpp Package cpp holds C/C++ detectors.	Package cpp holds C/C++ detectors.
detector/systems/rust Package rust holds Rust-language detectors.	Package rust holds Rust-language detectors.
detector/typescript Package typescript ports the Java TypeScript detectors.	Package typescript ports the Java TypeScript detectors.
flow Package flow generates architecture flow diagrams from the codeiq graph.	Package flow generates architecture flow diagrams from the codeiq graph.
graph Package graph is the Go port's facade over Kuzu Embedded.	Package graph is the Go port's facade over Kuzu Embedded.
intelligence/evidence Package evidence ports the runtime-facing evidence pack and assembler from src/main/java/.../intelligence/evidence/.	Package evidence ports the runtime-facing evidence pack and assembler from src/main/java/.../intelligence/evidence/.
intelligence/extractor Package extractor defines the LanguageExtractor interface and the Enricher orchestrator that drives per-language extractors over a node list.	Package extractor defines the LanguageExtractor interface and the Enricher orchestrator that drives per-language extractors over a node list.
intelligence/extractor/golang Package golang implements the Go language extractor.	Package golang implements the Go language extractor.
intelligence/extractor/java Package java implements the Java language extractor.	Package java implements the Java language extractor.
intelligence/extractor/python Package python implements the Python language extractor.	Package python implements the Python language extractor.
intelligence/extractor/typescript Package typescript implements the TypeScript language extractor.	Package typescript implements the TypeScript language extractor.
intelligence/lexical Package lexical extracts doc comments and bounded source snippets from already-discovered files, populating CodeNode properties used by the lexical intelligence layer.	Package lexical extracts doc comments and bounded source snippets from already-discovered files, populating CodeNode properties used by the lexical intelligence layer.
intelligence/query Package query implements the intelligence-layer query planner.	Package query implements the intelligence-layer query planner.
mcp Package mcp implements the codeiq stdio MCP server.	Package mcp implements the codeiq stdio MCP server.
model
parser
query Package query implements the codeiq Go port's query-side services.	Package query implements the codeiq Go port's query-side services.
review Package review implements the MR-review pipeline: git diff → graph evidence → LLM review.	Package review implements the MR-review pipeline: git diff → graph evidence → LLM review.
parity Package parity contains the cross-binary diff harness.	Package parity contains the cross-binary diff harness.
cmd/parity-normalize command Binary parity-normalize reads a codeiq SQLite cache and writes a normalized JSON dump to stdout.	Binary parity-normalize reads a codeiq SQLite cache and writes a normalized JSON dump to stdout.