<div align="center">
CodeAtlas MCP Enterprise
Enterprise-Grade, Local-First MCP Server for AI-Powered Code Intelligence
     
CodeAtlas MCP Enterprise is an ultra-lightweight, local-first Model Context Protocol (MCP) server that securely indexes your codebase, performs deep AST-based analysis, and provides 20+ intelligent tools for AI code assistants. Your source code never leaves your machine.
</div>
---
π Table of Contents
- Why CodeAtlas MCP?
- Features
- Architecture Overview
- Quick Start
- Authentication
- AI Editor Integration
- Cursor
- Claude Desktop
- VS Code / Windsurf / Copilot
- MCP Tools Reference
- Analysis & Indexing
- Code Exploration
- Dependency & Impact Analysis
- Visualization & Diagrams
- Memory & Persistence
- Security & Architecture
- Project Operations
- Security Model
- Multi-Tenant Mode
- Environment Configuration
- How It Works
- License
---
π― Why CodeAtlas MCP?
AI code assistants are powerful β but they work best with context. CodeAtlas gives them X-ray vision into your codebase by:
- π Deep parsing β Understands JavaScript, TypeScript, Python, and PHP at the AST level
- π§ Persistent memory β Retains insights across conversations via Dreaming Memory
- π Zero data leakage β All parsing happens locally, no source code ever transmitted
- β‘ Blazing fast β Full codebase analysis in seconds, incremental re-indexing
- π Universal compatibility β Works with any MCP-compatible editor (Cursor, Claude, VS Code, Windsurf, Copilot)
---
β¨ Features
| Feature | Description | |---------|-------------| | π Local-First Parsing | AST analysis runs entirely on your machine β zero code uploaded | | π MCP Protocol | Works with all MCP-compatible AI editors | | π Auto Workspace Discovery | Automatically finds projects in your workspace | | π Multi-Language AST | JavaScript, TypeScript, Python, PHP with deep dependency resolution | | π§ Dreaming Memory | Persistent AI memory with vector search for cross-session context | | π Multi-Tenant Isolation | Isolate projects by workspace with sandbox boundaries | | π API Key Auth | Secure communication via cryptographic hash verification | | β‘ Incremental Indexing | Only re-parses changed files for near-instant updates | | ποΈ Knowledge Graph | Visualize modules, classes, and functions as an interactive graph | | π Remote Sync | Optionally sync metadata to CodeAtlas Enterprise via HTTPS | | π Code Metrics | LOC, complexity scores, function counts per project | | π‘οΈ Security Scanner | Detect hardcoded secrets, unsafe functions, SQL injection | | π Real-time Watching | Auto re-index on file changes via chokidar |
---
π Architecture Overview
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Your Local Machine β
β β
β ββββββββββββ ββββββββββββββ ββββββββββββββββββ β
β β Source βββββΆβ AST βββββΆβ MCP Server β β
β β Code β β Parser β β (this tool) βββββΌβββΆ AI Editor
β β (JS/TS/ β β (local) β βββββββββ¬βββββββββ β
β β PY/PHP)β ββββββββββββββ β β
β ββββββββββββ β β
β βΌ β
β ββββββββββββββββββββ β
β β Dreaming Memory β β
β β (optional: sync) β β
β ββββββββββ¬ββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββΌββββββββββββββββ
β HTTPS (optional)
βΌ
CodeAtlas Enterprise Server---
π Quick Start
Prerequisites
- Node.js v18.0.0 or higher (v20+ recommended)
Install Globally
npm install -g codeatlas-enterpriseRun
# Scan current directory and start MCP server
codeatlas-mcp
# With API key for remote sync
codeatlas-mcp --apiKey="your_api_key_here"
# Point to a specific project directory
codeatlas-mcp --projectDir="/path/to/your/project"That's it! Your AI editor can now connect to the MCP server running on stdio.
---
π Authentication
Provide your API Key in one of these ways:
- Environment Variable:
export CODEATLAS_API_KEY="your_api_key_here"- CLI Argument:
codeatlas-mcp --apiKey="your_api_key_here"- Local
.envFile (in the directory where you run the command):
CODEATLAS_API_KEY=your_api_key_here---
π AI Editor Integration
Cursor
Add to ~/.cursor/mcp.json or project-level .cursor/mcp.json:
{
"mcpServers": {
"codeatlas": {
"command": "codeatlas-mcp",
"args": ["--apiKey", "YOUR_API_KEY_HERE"]
}
}
}Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"codeatlas": {
"command": "codeatlas-mcp",
"args": ["--apiKey", "YOUR_API_KEY_HERE"]
}
}
}VS Code / Windsurf / Copilot
For any MCP-compatible editor, use the same JSON structure:
{
"mcpServers": {
"codeatlas": {
"command": "codeatlas-mcp",
"args": ["--apiKey", "YOUR_API_KEY_HERE"]
}
}
}Note: If you're running without a remote server, omit the
--apiKeyargument. The local MCP tools (analysis, search, graph) work fully offline.
---
π MCP Tools Reference
CodeAtlas MCP exposes 20+ tools organized into categories:
Analysis & Indexing
| Tool | Description | |------|-------------| | analyze | Trigger full AST analysis of the current project | | get_project_structure | Get entities tree (modules, classes, functions, variables) | | get_file_entities | List all entities defined in a specific file |
Code Exploration
| Tool | Description | |------|-------------| | search_entities | Search for functions, classes, modules by name (fuzzy) | | code_search | Search source file contents for any text or regex | | get_file_content | Read file contents with line numbers |
Dependency & Impact Analysis
| Tool | Description | |------|-------------| | get_callers | Find all functions/callers that reference a symbol | | get_callees | Find everything a function/module imports or calls | | impact_analysis | Full blast radius: callers + callees + test files | | get_dependencies | Get import/call/containment/implements relationships |
Visualization & Diagrams
| Tool | Description | |------|-------------| | generate_system_flow | Mermaid flowchart of module architecture | | generate_feature_flow_diagram | Mermaid sequence/flow diagram for a feature | | trace_feature_flow | Ordered call chain from entry point to database |
Memory & Persistence
| Tool | Description | |------|-------------| | query_dream_memories | Semantic vector search across past AI memories | | save_dream_memory | Persist an AI insight or observation for future sessions | | get_system_memory | Retrieve business rules and change logs | | sync_system_memory | Save business rules or change descriptions |
Security & Architecture
| Tool | Description | |------|-------------| | scan_enterprise_vulnerabilities | Scan all projects for hardcoded secrets, unsafe functions, SQL injection | | detect_architectural_smells | Detect circular dependencies, God objects, dead code |
Project Operations
| Tool | Description | |------|-------------| | list_projects | List all discovered and indexed projects | | refresh_projects | Re-scan directories for new or removed projects | | get_project_insights | AI-generated refactoring and maintainability suggestions |
---
π Security Model
π Local-First by Design
CodeAtlas MCP Enterprise follows a zero-trust, local-first architecture:
- Parsing is local β All source file reading, AST generation, and relationship mapping happens on your machine. No source code is ever uploaded.
- No credentials embedded β The package contains zero database passwords, Firebase configs, or private server keys. All remote communication uses standard HTTPS with Bearer token auth.
- Encrypted sync β If you enable remote sync, metadata is transmitted over HTTPS. The server authenticates via cryptographic hash of your API key.
π What Gets Sent (When Sync is Enabled)
Only structural metadata is transmitted:
- File paths and names (relative to project root)
- Function/class/module names and line numbers
- Import/export relationships
- Analysis statistics (file count, LOC, complexity)
Raw source code, credentials, and proprietary logic are never transmitted.
π Multi-Tenant Isolation
When multi-tenant mode is enabled:
- Each tenant's projects are isolated in separate sandbox directories
- Path traversal attacks are blocked by strict boundary validation
- Memory and analysis data are scoped per-tenant
---
π Multi-Tenant Mode
Enable tenant isolation via environment variables:
CODEATLAS_MULTI_TENANT=true
CODEATLAS_PROJECTS_ROOT=./tenantsEach tenant's projects live in ./tenants/{tenantId}/, with strict path-boundary enforcement.
---
π Environment Configuration
| Variable | Default | Description | |----------|---------|-------------| | CODEATLAS_API_KEY | β | API key for authenticating with remote server | | CODEATLAS_API_URL | https://your-server.com/api | Remote CodeAtlas server URL | | CODEATLAS_MULTI_TENANT | false | Enable multi-tenant isolation | | CODEATLAS_PROJECTS_ROOT | ./tenants | Root directory for tenant sandboxes | | CODEATLAS_PROJECT_DIR | process.cwd() | Default project path | | NODE_ENV | production | Environment mode |
---
βοΈ How It Works
- Start β Run
codeatlas-mcpin your project directory or point it with--projectDir - Auto-Discover β The server scans for projects by detecting
package.json,pyproject.toml,composer.json - AST Parse β Each source file is parsed into an Abstract Syntax Tree
- Build Graph β Modules, classes, functions, and their relationships form a Knowledge Graph
- Serve MCP β AI editors query the graph through 20+ MCP tools
- Dream β Insights persist across sessions via Dreaming Memory (optional remote vector store)
---
π License
MIT Β© 2026 Giau Phan
---
π Related Projects
- CodeAtlas AI β Full enterprise server with Oracle 26ai memory, dashboard, security scanner
- npm package β Install via npm
