# ArchGraph Docs — full corpus > Code intelligence for AI agents. ArchGraph parses your codebase, builds a knowledge graph, and exposes it to AI agents via the Model Context Protocol (MCP). Source: https://docs.archgraph.dev Generated: 2026-04-18T10:30:54.489Z Pages: 9 --- # ArchGraph Path: / URL: https://docs.archgraph.dev/ Summary: Code intelligence for AI agents. ArchGraph parses your codebase, builds a knowledge graph, and exposes it to AI agents via the Model Context Protocol (MCP). Code intelligence for AI agents. ArchGraph parses your codebase, builds a knowledge graph, and exposes it to AI agents via the Model Context Protocol (MCP). ## What is ArchGraph? ArchGraph extracts code structure from 11 programming languages and stores it in a Neo4j knowledge graph. AI agents (Claude, Cursor, Windsurf) can query this graph to understand your codebase -- finding functions, tracing call chains, analyzing blast radius, and detecting vulnerabilities. ## How it works 1. **Connect** your repository (GitHub App or public catalog) 2. **Extract** -- ArchGraph parses your code with tree-sitter + SCIP compiler-backed resolution 3. **Query** -- AI agents use MCP tools to search, analyze, and understand your code ## Quick links - [Quick Start](/quick-start) -- Get running in 5 minutes - [Connect an Agent](/connect-agent) -- Claude, Cursor, Windsurf setup - [MCP Tools](/mcp-tools) -- All 9 available tools - [Example Queries](/example-queries) -- Common questions to ask your agent --- # Quick Start Path: /quick-start URL: https://docs.archgraph.dev/quick-start Summary: Get ArchGraph running in 5 minutes. Get ArchGraph running in 5 minutes. ## 1. Sign up Go to [archgraph.dev](https://archgraph.dev) and sign up with your GitHub account. ## 2. Connect a repository From the dashboard, click **Connect Repository**. You can either: - **Private repo**: Install the ArchGraph GitHub App on your repository - **Public catalog**: Browse and connect popular open-source repos instantly ## 3. Wait for extraction ArchGraph clones your repo, parses the code with tree-sitter, resolves call chains with SCIP (Pro plan), and imports everything into the knowledge graph. | Repo size | Extraction time | |-----------|----------------| | < 10K LOC | ~1-5 seconds | | 10-50K LOC | ~10-30 seconds | | 50-200K LOC | ~30-120 seconds | | 200K+ LOC | ~2-5 minutes | ## 4. Create an API key Go to **Dashboard > API Keys** and click **Create API Key**. Copy the key -- it will only be shown once. ## 5. Connect your AI agent See [Connect an Agent](/connect-agent) for setup instructions for Claude, Cursor, and Windsurf. ## What's next? - [Example Queries](/example-queries) -- Common questions to ask - [MCP Tools](/mcp-tools) -- Full tool reference - [Supported Languages](/supported-languages) -- Language support details --- # Connect an Agent Path: /connect-agent URL: https://docs.archgraph.dev/connect-agent Summary: Set up ArchGraph with your preferred AI coding assistant. Set up ArchGraph with your preferred AI coding assistant. ## Claude Desktop Add to your `claude_desktop_config.json`: ```json { "mcpServers": { "archgraph": { "url": "https://mcp.archgraph.dev/mcp", "headers": { "Authorization": "Bearer ag_YOUR_API_KEY" } } } } ``` ## Claude Code ```bash claude mcp add archgraph \ --transport sse \ --header "Authorization: Bearer ag_YOUR_API_KEY" \ https://mcp.archgraph.dev/mcp ``` ## Cursor Open Cursor settings, navigate to the MCP section, and add: ```json { "archgraph": { "url": "https://mcp.archgraph.dev/mcp", "headers": { "Authorization": "Bearer ag_YOUR_API_KEY" } } } ``` ## Windsurf Add to your Windsurf MCP configuration: ```json { "mcpServers": { "archgraph": { "serverUrl": "https://mcp.archgraph.dev/mcp", "headers": { "Authorization": "Bearer ag_YOUR_API_KEY" } } } } ``` ## Verify connection Once connected, ask your agent: > "Use ArchGraph to show me the stats for my repository" If the connection is working, you'll see node and edge counts for your repo. --- # MCP Tools Path: /mcp-tools URL: https://docs.archgraph.dev/mcp-tools Summary: Reference for the 9 MCP tools ArchGraph exposes — search, stats, impact, context, source, query, search_calls, detect_changes, find_vulnerabilities. ArchGraph exposes 9 tools via the Model Context Protocol. Every tool is a `POST` on the MCP endpoint (`https://mcp.archgraph.dev/mcp`) carrying an `Authorization: Bearer ag_…` header. Request/response bodies are JSON. Quick index: - [search](#search) — find nodes by name/type/language - [stats](#stats) — graph statistics for a repo - [impact](#impact) — upstream/downstream blast radius - [context](#context) — node neighborhood - [source](#source) — source snippet for a node - [query](#query) — raw read-only Cypher - [search_calls](#search_calls) — callers or callees of a function - [detect_changes](#detect_changes) — recent changes with impact - [find_vulnerabilities](#find_vulnerabilities) — taint-based security scan ## search Find code nodes by name, type, or language. Use when an agent needs to locate a symbol, enumerate files of a type, or narrow a large repo. Supports wildcard name patterns such as `auth*`. | Parameter | Type | Description | |-----------|------|-------------| | `name` | string | Name pattern (supports wildcards: `auth*`) | | `type` | string | Node type: `function`, `class`, `module`, `file` | | `language` | string | Filter by language: `python`, `typescript`, etc. | | `repo` | string | Repository name | | `limit` | number | Max results (default 20) | ```json title="Request" { "name": "validate*", "type": "function", "language": "python", "repo": "Deaxu/ArchGraph", "limit": 10 } ``` ```json title="Response" { "results": [ { "id": "func:src/auth.py:validate_token:42", "name": "validate_token", "type": "function", "language": "python", "file": "src/auth.py", "line": 42 } ] } ``` Related: [context](#context) to expand a hit, [search_calls](#search_calls) to trace a function, [impact](#impact) to score its blast radius. ## stats Return graph-level counts (nodes, edges, per-type breakdown) for a repository. Use as a sanity check after extraction, or to answer "how big is this codebase?". | Parameter | Type | Description | |-----------|------|-------------| | `repo` | string | Repository name | ```json title="Request" { "repo": "Deaxu/ArchGraph" } ``` ```json title="Response" { "repo": "Deaxu/ArchGraph", "nodes": 12843, "edges": 34710, "by_type": { "function": 7120, "class": 842, "file": 1231, "module": 409 } } ``` Related: [search](#search) once sizes look right, [detect_changes](#detect_changes) for activity. ## impact Analyze the blast radius of a code node — trace upstream callers and/or downstream callees up to a depth. Use before refactors, incident postmortems, or when scoping a PR's effect. | Parameter | Type | Description | |-----------|------|-------------| | `node_id` | string | Node identifier (e.g. `func:src/auth.py:validate:42`) | | `direction` | string | `upstream`, `downstream`, or `both` | | `depth` | number | Max traversal depth (default 3) | ```json title="Request" { "node_id": "func:src/auth.py:validate:42", "direction": "both", "depth": 2 } ``` ```json title="Response" { "root": "func:src/auth.py:validate:42", "upstream": [ { "id": "func:src/api/login.py:login:17", "depth": 1 } ], "downstream": [ { "id": "func:src/crypto.py:hash:8", "depth": 1 } ] } ``` Related: [search_calls](#search_calls) for direct neighbors, [context](#context) for the node itself. ## context Return a node with its surrounding context — neighbors, relationships, and properties. Use for "tell me about this symbol" prompts and to hydrate a [search](#search) result. | Parameter | Type | Description | |-----------|------|-------------| | `node_id` | string | Node identifier | ```json title="Request" { "node_id": "func:src/auth.py:validate:42" } ``` ```json title="Response" { "node": { "id": "func:src/auth.py:validate:42", "name": "validate", "type": "function", "file": "src/auth.py", "line": 42 }, "neighbors": { "callers": ["func:src/api/login.py:login:17"], "callees": ["func:src/crypto.py:hash:8"], "contained_in": "class:src/auth.py:AuthService:12" } } ``` Related: [source](#source) for the raw code, [impact](#impact) for the wider graph. ## source Retrieve the source code for a specific node. Use when an agent wants to read a function body verbatim (e.g. to suggest an edit). | Parameter | Type | Description | |-----------|------|-------------| | `node_id` | string | Node identifier | ```json title="Request" { "node_id": "func:src/auth.py:validate:42" } ``` ```json title="Response" { "node_id": "func:src/auth.py:validate:42", "file": "src/auth.py", "line_start": 42, "line_end": 58, "source": "def validate(token: str) -> bool:\n ..." } ``` Related: [context](#context) for structural metadata. ## query Execute a raw read-only Cypher query. Use for patterns the pre-built tools don't cover; writes are rejected. | Parameter | Type | Description | |-----------|------|-------------| | `cypher` | string | Cypher query (MATCH/RETURN only, no writes) | ```json title="Request" { "cypher": "MATCH (f:Function) WHERE f.name CONTAINS 'auth' RETURN f.name, f.file LIMIT 5" } ``` ```json title="Response" { "columns": ["f.name", "f.file"], "rows": [ ["authenticate", "src/auth.py"], ["auth_required", "src/api/middleware.py"] ] } ``` Related: [search](#search) for the common case without raw Cypher. ## search_calls Find callers or callees of a function by name. Use as a lighter alternative to [impact](#impact) when depth > 1 isn't needed. | Parameter | Type | Description | |-----------|------|-------------| | `name` | string | Function name | | `direction` | string | `callers` or `callees` | ```json title="Request" { "name": "authenticate", "direction": "callers" } ``` ```json title="Response" { "name": "authenticate", "direction": "callers", "results": [ { "id": "func:src/api/login.py:login:17", "file": "src/api/login.py", "line": 17 } ] } ``` Related: [impact](#impact) for multi-hop traversal, [context](#context) for full neighborhoods. ## detect_changes Detect recently changed code and surface its impact. Use to brief an agent on "what happened this week" or drive risk-weighted review. | Parameter | Type | Description | |-----------|------|-------------| | `repo` | string | Repository name | | `since` | string | Time period (e.g. `7d`, `30d`) | ```json title="Request" { "repo": "Deaxu/ArchGraph", "since": "7d" } ``` ```json title="Response" { "repo": "Deaxu/ArchGraph", "since": "7d", "changes": [ { "node_id": "func:src/auth.py:validate:42", "change": "modified", "impact_score": 0.72, "callers": 4 } ] } ``` Related: [impact](#impact) to drill into a single change. ## find_vulnerabilities Scan for security vulnerabilities — taint paths from input sources to dangerous sinks, CVE matches on dependencies (Pro). Use for ad-hoc security triage without running a full SAST pipeline. | Parameter | Type | Description | |-----------|------|-------------| | `repo` | string | Repository name | ```json title="Request" { "repo": "Deaxu/ArchGraph" } ``` ```json title="Response" { "repo": "Deaxu/ArchGraph", "findings": [ { "severity": "high", "rule": "sql-injection", "source": "func:src/api/users.py:get_user:22", "sink": "func:src/db.py:execute:91", "path_length": 3 } ] } ``` Related: [impact](#impact) to score the fix's blast radius before shipping. --- # Example Queries Path: /example-queries URL: https://docs.archgraph.dev/example-queries Summary: Common questions to ask your AI agent with ArchGraph connected. Common questions to ask your AI agent with ArchGraph connected. ## Finding code > "What functions call `parseData`?" > "Show me all classes that inherit from `BaseExtractor`" > "Find all functions named `validate*` in Python files" ## Understanding architecture > "Show the class hierarchy for the auth module" > "What modules does `api/routes.py` depend on?" > "Give me an overview of the project structure and main components" ## Impact analysis > "What would break if I changed the `authenticate` function?" > "Show the blast radius for `func:src/auth.py:validate:42`" > "What functions are affected by changes to the database module?" ## Security > "Find all security-sensitive functions (input sources, dangerous sinks)" > "Are there any known vulnerabilities in the project dependencies?" > "Show me all functions that handle user input without validation" ## Recent changes > "What changed in the last week and what's the impact?" > "Show me recently modified functions and their callers" ## Raw queries > "Run this Cypher query: MATCH (f:Function) WHERE f.name CONTAINS 'auth' RETURN f.name, f.file" > "How many nodes and edges are in the graph for this repo?" --- # API Reference Path: /api-reference URL: https://docs.archgraph.dev/api-reference Summary: The ArchGraph REST API is available at `api.archgraph.dev`. The ArchGraph REST API is available at `api.archgraph.dev`. ## Authentication All API requests require authentication via one of: - **API Key**: `Authorization: Bearer ag_...` header - **Clerk JWT**: For web dashboard sessions ## Endpoints ### Tools | Method | Endpoint | Description | |--------|----------|-------------| | POST | `/api/tools/search` | Search code nodes | | POST | `/api/tools/stats` | Graph statistics | | POST | `/api/tools/impact` | Blast radius analysis | | POST | `/api/tools/context` | Node context | | POST | `/api/tools/source` | Source code retrieval | | POST | `/api/tools/query` | Raw Cypher (read-only) | | POST | `/api/tools/search_calls` | Find callers/callees | | POST | `/api/tools/detect_changes` | Recent changes | | POST | `/api/tools/find_vulnerabilities` | Security scan | ### Repositories | Method | Endpoint | Description | |--------|----------|-------------| | GET | `/api/repos` | List connected repos | | POST | `/api/repos` | Connect a repo | | DELETE | `/api/repos/:id` | Remove a repo | | POST | `/api/repos/:id/extract` | Trigger extraction | | GET | `/api/repos/:id/status` | Extraction status | | GET | `/api/repos/public` | Browse public catalog | ### API Keys | Method | Endpoint | Description | |--------|----------|-------------| | GET | `/api/keys` | List API keys | | POST | `/api/keys` | Create API key | | DELETE | `/api/keys/:id` | Revoke API key | ### Account | Method | Endpoint | Description | |--------|----------|-------------| | GET | `/api/auth/me` | Current user profile | | DELETE | `/api/auth/me` | Delete account (GDPR) | ### Health | Method | Endpoint | Description | |--------|----------|-------------| | GET | `/health` | Service health check | --- # Supported Languages Path: /supported-languages URL: https://docs.archgraph.dev/supported-languages Summary: ArchGraph supports 11 programming languages with varying levels of call resolution. ArchGraph supports 11 programming languages with varying levels of call resolution. ## Language support matrix | Language | Parser | Call Resolution | Requirements | |----------|--------|----------------|--------------| | TypeScript | tree-sitter | SCIP (compiler-backed) | Node.js | | JavaScript | tree-sitter | SCIP (compiler-backed) | Node.js | | Python | tree-sitter | SCIP (compiler-backed) | Node.js | | Rust | tree-sitter | SCIP (compiler-backed) | Rust toolchain | | Go | tree-sitter | SCIP (compiler-backed) | Go toolchain | | Java | tree-sitter | SCIP (compiler-backed) | JDK | | Kotlin | tree-sitter | SCIP (compiler-backed) | JDK | | C | tree-sitter | SCIP (scip-clang) | Linux/macOS | | C++ | tree-sitter | SCIP (scip-clang) | Linux/macOS | | Swift | tree-sitter | Heuristic (name-based) | -- | | Objective-C | tree-sitter | Heuristic (name-based) | -- | ## Resolution methods **SCIP (compiler-backed)**: Uses compiler indexes for precise, cross-file call resolution. Available on Pro and Enterprise plans. **Heuristic (name-based)**: Matches function calls by name. Works without compiler toolchains but may produce false positives for common names. ## What gets extracted For each language, ArchGraph extracts: - **Functions** -- declarations, parameters, return types - **Classes** -- inheritance, methods, properties - **Modules/Files** -- imports, exports, dependencies - **Calls** -- function-to-function call edges - **Contains** -- structural nesting (class contains method, file contains class) - **Security labels** -- input sources, dangerous sinks, crypto operations --- # Self-Hosting Path: /self-hosting URL: https://docs.archgraph.dev/self-hosting Summary: ArchGraph can be self-hosted using Docker Compose. The infrastructure configuration is maintained in the [archgraph-infra](https://github.com/Deaxu/archgraph-infra) repository. ArchGraph can be self-hosted using Docker Compose. The infrastructure configuration is maintained in the [archgraph-infra](https://github.com/Deaxu/archgraph-infra) repository. ## Requirements - Docker and Docker Compose - 4 vCPU, 8 GB RAM minimum - 50 GB disk space ## Quick start ```bash git clone https://github.com/Deaxu/archgraph-infra.git cd archgraph-infra cp .env.example .env # Edit .env with your passwords and configuration ./scripts/deploy.sh ``` ## Services | Service | Image | Memory | |---------|-------|--------| | API | ghcr.io/deaxu/archgraph-api:latest | 1 GB | | Worker | ghcr.io/deaxu/archgraph-api:latest | 2 GB | | Neo4j | neo4j:5-community | 2 GB | | PostgreSQL | postgres:16-alpine | 512 MB | | Redis | redis:7-alpine | 256 MB | ## MCP Gateway For the MCP gateway (Cloudflare Workers), see the [archgraph-gateway](https://github.com/Deaxu/archgraph-gateway) repository. You can either use the hosted version at `mcp.archgraph.dev` or deploy your own Worker. ## Backups Use the provided backup script to dump Neo4j and PostgreSQL: ```bash ./scripts/backup.sh ``` This creates database dumps and uploads them to Cloudflare R2 (requires rclone configuration). --- # FAQ Path: /faq URL: https://docs.archgraph.dev/faq Summary: **What is ArchGraph?** ArchGraph is a code intelligence service that builds knowledge graphs from your codebase and exposes them to AI agents via MCP. Agents can search, trace call chains, analyze impact, and detect vuln ## General **What is ArchGraph?** ArchGraph is a code intelligence service that builds knowledge graphs from your codebase and exposes them to AI agents via MCP. Agents can search, trace call chains, analyze impact, and detect vulnerabilities. **Which AI agents work with ArchGraph?** Any MCP-compatible agent: Claude Desktop, Claude Code, Cursor, Windsurf, and others. **What languages are supported?** 11 languages: TypeScript, JavaScript, Python, Rust, Go, Java, Kotlin, C, C++, Swift, Objective-C. See [Supported Languages](/supported-languages). ## Pricing **Is there a free plan?** Yes. The free plan includes 1 private repo, unlimited public repos, and 100 MCP queries per day. **What does Pro include?** Pro ($29/month) adds 10 private repos, unlimited queries, SCIP compiler-backed resolution, and CVE scanning. **Is there an enterprise option?** Yes. Contact us at emreaxu@fifty3s.com for custom plans with unlimited repos and dedicated support. ## Security **Is my code stored?** ArchGraph extracts the structural graph (functions, classes, calls) from your code. Source code body storage is optional and controlled per-repo. The graph itself contains metadata, not full source. **How is data isolated?** Each user's data is tagged with a unique tenant ID. All queries are automatically scoped to your tenant. Cross-tenant access is not possible. **Can I delete my data?** Yes. Use the GDPR deletion endpoint or delete your account from the dashboard. All associated data (repos, graphs, API keys, usage) is permanently removed. ## Self-Hosting **Can I self-host ArchGraph?** Yes. See the [Self-Hosting](/self-hosting) guide. You'll need Docker Compose and a machine with at least 8 GB RAM. **What's the difference between hosted and self-hosted?** The hosted version includes managed infrastructure, automatic updates, and the Cloudflare edge gateway. Self-hosted gives you full control but requires your own infrastructure management. ---