RIG Ltd's high-performance code intelligence engine for AI agents — fork of codebase-memory-mcp with RIG-specific QA tools.
Code intelligence engine that indexes a codebase into a tree-sitter-based knowledge graph and exposes it as MCP tools. Full-index of an average repository in milliseconds, sub-1ms queries. Ships as a single static binary — download, run, done.
The fork adds two QA-specific tools unavailable in upstream:
rig_scan_credentials_leak — detect hardcoded API keys, JWT secrets, private keys, DB URLs (44 patterns)rig_authglue_detect — detect auth-flow silent-failure patterns (Twilio country-block, VoIP carrier-drop, reCAPTCHA loops, phone-verify throttle)| Phase | Description | Status |
|---|---|---|
| S1 | Rebrand + attribution + MIT preserve | ✅ Complete |
| S2 | src/rig/ scaffold + MCP registration + Makefile | ✅ Complete |
| S3 | rig_scan_credentials_leak implementation | ⏳ Spec ready · impl pending |
| S4 | rig_authglue_detect implementation | ⏳ Spec ready · impl pending |
| S5 | Documentation + upstream-sync guide | ⏸ Pending |
| S6 | Public release + upstream merge tests | ⏸ Pending |
Linux kernel (28M LOC, 75k files) in ~3 minutes. Sub-1ms structural queries. RAM-first pipeline with LZ4 compression.
Semantic type resolution across 11 languages: Python, TypeScript/JS/JSX/TSX, PHP, C#, Go, C, C++, Java, Kotlin, Rust.
Tree-sitter grammars vendored into the binary. No external dependencies. Nothing to install, nothing that breaks.
Dockerfiles, Kubernetes manifests, Kustomize overlays indexed as first-class graph nodes with cross-references.
rig_scan_credentials_leakScans indexed project for credential leaks. 44 regex patterns covering Anthropic, OpenAI, Google, AWS, GitHub, Stripe, Slack, Discord, Twilio, SendGrid, GCP service accounts, private keys (RSA/OpenSSH/EC/DSA/PGP), JWT, OAuth, DB URLs (Postgres/MySQL/MongoDB/Redis), Firebase, Telegram, Pinecone, xAI, and generic high-entropy strings in .env-style files.
./evocodegraph mcp call rig_scan_credentials_leak '{
"project": "my-app",
"min_severity": "high",
"include_git_history": true
}'
rig_authglue_detectDetects auth-flow patterns that cause silent user-visible failures. 8 categories: Twilio country-throttle, VoIP carrier-drop, SMS throttle-no-counter, reCAPTCHA-loop, phone-verify throttle, geo-KYC block, voice-signup-loop, silent-drop-no-error-ui. Feeds RIG's Auth-Glues Catalogue.
./evocodegraph mcp call rig_authglue_detect '{
"project": "my-app",
"categories": ["twilio-country-throttle", "voip-carrier-drop"]
}'
EvoCodeGraph MCP is a fork of DeusData/codebase-memory-mcp (MIT, ~27k⭐). All upstream code retains its original MIT license and copyright. RIG-specific additions (src/rig/ subtree, docs/RIG_TOOLS_SCHEMA.md, this landing page) are © 2026 RIG Ltd, also MIT.
Reference paper (upstream research): arXiv:2603.27277 — Codebase-Memory: Tree-Sitter-Based Knowledge Graphs for LLM Code Exploration via MCP.