code-review-graph
A local-first structural memory layer for AI code review that indexes your repository into a persistent graph and serves precise context to MCP-compatible AI coding tools via 30 MCP tools.
At a Glance
About code-review-graph
code-review-graph (CRG) is an open-source, local-first code intelligence tool built by Tirth Kanani under the MIT license. It indexes a repository into a persistent SQLite-backed graph of functions, call chains, imports, and blast-radius relationships, then serves that context to AI coding assistants via the Model Context Protocol (MCP). The project reports over 20,000 GitHub stars and is available at v2.3.7 as of July 2026.
What It Is
CRG sits between your codebase and your AI assistant as a structural memory layer. Instead of letting tools like Claude Code, Cursor, Copilot, or Codex re-read the entire repository on every prompt, CRG pre-computes a graph of code relationships and answers queries with only the slice that matters for a given diff or question. The project claims an 8.2× average context reduction across 6 open-source repositories, with a median per-question token reduction of ~82× and a maximum of 528× on the fastapi corpus.
How the Pipeline Works
CRG runs a five-stage local pipeline:
- Parsing: Tree-sitter parses source files into AST nodes (functions, classes, imports, call sites) across 56 recognized file extensions covering Python, TypeScript, Go, Rust, Java, C/C++, C#, Ruby, Kotlin, Swift, PHP, Scala, Solidity, Dart, R, Perl, Lua, Elixir, Zig, Julia, SQL, Terraform, Ansible, Vue/Svelte SFCs, Jupyter notebooks, and more.
- Graph storage: Nodes and edges are stored in a local
.code-review-graph/graph.dbSQLite file — no external database or cloud service required. - Intelligence: Blast-radius analysis, community detection via the Leiden algorithm, risk scoring, and execution flow tracing are computed on-device.
- MCP surface: 30 MCP tools and 5 workflow prompts (
review_changes,architecture_map,debug_issue,onboard_developer,pre_merge_check) are exposed to any MCP-compatible client. - Incremental updates: File-hash deduplication and git-based change detection mean subsequent re-indexes complete in under 2 seconds even for large projects.
MCP Tools and AI Client Integration
The code-review-graph install command auto-detects installed AI coding tools and writes the correct MCP configuration for each. Supported clients include Codex, Claude Code, Cursor, Windsurf, Zed, Continue, OpenCode, Gemini CLI, Qwen, Kiro, GitHub Copilot, and GitHub Copilot CLI. The 30 MCP tools cover blast-radius queries, semantic search, architecture overviews, hub/bridge node detection, knowledge gap analysis, refactoring previews, wiki generation, and cross-repo search. Optional vector embeddings are supported via sentence-transformers, Google Gemini, MiniMax, or any OpenAI-compatible endpoint.
GitHub Action and CI Integration
CRG ships a composite GitHub Action that posts sticky, risk-scored PR review comments on every push. The action builds and queries the knowledge graph entirely on the CI runner — no source code is sent to any external service. An optional fail-on-risk input can turn the review into a merge gate. The project also includes a multi-repo daemon (crg-daemon) that watches multiple repositories as child processes with health checks and auto-restart.
Update: v2.3.7
The latest release is v2.3.7, published on July 18, 2026. The v2.3.4 release introduced compact context_savings metadata on MCP and CLI review outputs. v2.3.5 added a CLI Token Savings panel (detect-changes --brief) and --verify cross-checking against OpenAI's cl100k_base tokenizer. The project is MCP 1.0 compatible and actively maintained, with 79 open issues and regular pushes to the main branch. Custom language support via a .code-review-graph/languages.toml drop-in was also added, allowing new grammars without forking the project.
Community Discussions
Be the first to start a conversation about code-review-graph
Share your experience with code-review-graph, ask questions, or help others learn from your insights.
Pricing
Open Source
Fully free and open-source under the MIT license. Install via pip and use all features locally.
- 30 MCP tools
- 5 MCP workflow prompts
- Local-first SQLite graph storage
- Incremental graph updates
- Broad language support (56 extensions)
Capabilities
Key Features
- 30 MCP tools for blast-radius, call graphs, semantic search, risk scoring, and architecture overview
- Incremental graph updates in under 2 seconds using file-hash deduplication
- Broad language support: 56 file extensions including Python, TypeScript, Go, Rust, Java, C/C++, C#, Ruby, Kotlin, Swift, PHP, Scala, Solidity, Dart, Jupyter notebooks, and more
- Local-first SQLite graph storage — no code leaves the machine
- Blast-radius analysis tracing callers, dependents, and tests affected by a change
- Community detection via Leiden algorithm with architecture overview generation
- Hybrid search: FTS5 BM25 + optional vector embeddings with Reciprocal Rank Fusion
- Interactive D3.js force-directed graph visualization
- 5 MCP workflow prompts: review_changes, architecture_map, debug_issue, onboard_developer, pre_merge_check
- GitHub Action for sticky risk-scored PR review comments in CI
- Multi-repo registry and crg-daemon for watching multiple repositories
- Auto-generated markdown wiki from community structure
- Custom language support via languages.toml drop-in
- Token Savings panel with optional tiktoken cross-verification
- Graph export to GraphML, Neo4j Cypher, Obsidian vault, SVG
- Risk-scored reviews with security sensitivity, test coverage gaps, and flow participation
- Watch mode for continuous graph updates
- Edge confidence scoring (EXTRACTED/INFERRED/AMBIGUOUS)
- Memory loop: persist Q&A results as markdown for re-ingestion
- Tool filtering via --tools flag or CRG_TOOLS environment variable
