EvoCodeGraph MCP

RIG Ltd's high-performance code intelligence engine for AI agents — fork of codebase-memory-mcp with RIG-specific QA tools.

v0.1 · in development Pure C · 158 languages MCP-native SLSA-inspired MIT License

What is EvoCodeGraph

Code intelligence engine that indexes a codebase into a tree-sitter-based knowledge graph and exposes it as MCP tools. Full-index of an average repository in milliseconds, sub-1ms queries. Ships as a single static binary — download, run, done.

The fork adds two QA-specific tools unavailable in upstream:

Fork Progress · v0.1 MVP

PhaseDescriptionStatus
S1Rebrand + attribution + MIT preserve✅ Complete
S2src/rig/ scaffold + MCP registration + Makefile✅ Complete
S3rig_scan_credentials_leak implementation⏳ Spec ready · impl pending
S4rig_authglue_detect implementation⏳ Spec ready · impl pending
S5Documentation + upstream-sync guide⏸ Pending
S6Public release + upstream merge tests⏸ Pending

Base capabilities (inherited from upstream)

Indexing speed

Linux kernel (28M LOC, 75k files) in ~3 minutes. Sub-1ms structural queries. RAM-first pipeline with LZ4 compression.

Hybrid LSP

Semantic type resolution across 11 languages: Python, TypeScript/JS/JSX/TSX, PHP, C#, Go, C, C++, Java, Kotlin, Rust.

158 languages

Tree-sitter grammars vendored into the binary. No external dependencies. Nothing to install, nothing that breaks.

Infrastructure-as-code

Dockerfiles, Kubernetes manifests, Kustomize overlays indexed as first-class graph nodes with cross-references.

RIG-specific tools

rig_scan_credentials_leak

Scans indexed project for credential leaks. 44 regex patterns covering Anthropic, OpenAI, Google, AWS, GitHub, Stripe, Slack, Discord, Twilio, SendGrid, GCP service accounts, private keys (RSA/OpenSSH/EC/DSA/PGP), JWT, OAuth, DB URLs (Postgres/MySQL/MongoDB/Redis), Firebase, Telegram, Pinecone, xAI, and generic high-entropy strings in .env-style files.

./evocodegraph mcp call rig_scan_credentials_leak '{
  "project": "my-app",
  "min_severity": "high",
  "include_git_history": true
}'

rig_authglue_detect

Detects auth-flow patterns that cause silent user-visible failures. 8 categories: Twilio country-throttle, VoIP carrier-drop, SMS throttle-no-counter, reCAPTCHA-loop, phone-verify throttle, geo-KYC block, voice-signup-loop, silent-drop-no-error-ui. Feeds RIG's Auth-Glues Catalogue.

./evocodegraph mcp call rig_authglue_detect '{
  "project": "my-app",
  "categories": ["twilio-country-throttle", "voip-carrier-drop"]
}'

Attribution

EvoCodeGraph MCP is a fork of DeusData/codebase-memory-mcp (MIT, ~27k⭐). All upstream code retains its original MIT license and copyright. RIG-specific additions (src/rig/ subtree, docs/RIG_TOOLS_SCHEMA.md, this landing page) are © 2026 RIG Ltd, also MIT.

Reference paper (upstream research): arXiv:2603.27277 — Codebase-Memory: Tree-Sitter-Based Knowledge Graphs for LLM Code Exploration via MCP.

Roadmap