code-graph-context
Verified Safeby drewdrewH
Overview
A Model Context Protocol (MCP) server that builds and queries a knowledge graph of TypeScript codebases in Neo4j, supporting semantic search, impact analysis, dead code detection, and multi-agent coordination through stigmergy.
Installation
node dist/mcp/mcp.server.jsEnvironment Variables
- OPENAI_API_KEY
- NEO4J_URI
- NEO4J_USER
- NEO4J_PASSWORD
- NEO4J_QUERY_TIMEOUT_MS
- NEO4J_CONNECTION_TIMEOUT_MS
- OPENAI_EMBEDDING_TIMEOUT_MS
- OPENAI_ASSISTANT_TIMEOUT_MS
- OPENAI_ASSISTANT_ID
Security Notes
The default Neo4j password 'PASSWORD' is a critical security vulnerability if the server is used without overriding the NEO4J_PASSWORD environment variable. The server interacts with external services (Neo4j, OpenAI), requiring secure configuration of connection details and API keys. The NL-to-Cypher tool includes validation steps (`EXPLAIN` and `validateProjectIdFilters`) to mitigate Cypher injection risks and enforce project isolation. File path inputs are validated against traversal attacks. There is no explicit user authentication or authorization built into the MCP server itself, implying it's expected to run in a trusted environment or behind an authenticated client.
Similar Servers
mcp
Enables AI models (LLMs) to interact with a Neo4j graph database by providing a structured set of tools via the Model Context Protocol (MCP).
codegraph-rust
Transforms codebases into a semantically searchable knowledge graph, enabling AI agents to reason about code relationships, architecture, and impact rather than just performing text-based searches.
ast-mcp-server
Provides an MCP (Model Context Protocol) server for code structure and semantic analysis using ASTs and ASGs, integrated with external AI clients like Claude Desktop.
tenets
Provides intelligent, token-optimized code context and automatically injects guiding principles to AI coding assistants for enhanced understanding and consistent interactions.