code-rag
Verified Safeby qduc
Overview
Semantic code search for your entire codebase, enabling natural language queries to find relevant code snippets and source locations.
Installation
code-rag-mcpEnvironment Variables
- CODE_RAG_EMBEDDING_MODEL
- CODE_RAG_DATABASE_TYPE
- CODE_RAG_DATABASE_PATH
- CODE_RAG_CHUNK_SIZE
- CODE_RAG_BATCH_SIZE
- CODE_RAG_ADDITIONAL_IGNORE_PATTERNS
- CODE_RAG_RERANKER_ENABLED
- CODE_RAG_RERANKER_MODEL
- CODE_RAG_RERANKER_MULTIPLIER
- CODE_RAG_LOG_LEVEL
- CODE_RAG_REINDEX_DEBOUNCE_MINUTES
- CODE_RAG_VERIFY_CHANGES_WITH_HASH
- CODE_RAG_MODEL_IDLE_TIMEOUT
- CODE_RAG_SHARED_SERVER
- CODE_RAG_SHARED_SERVER_PORT
- OPENAI_API_KEY
- AZURE_API_KEY
- COHERE_API_KEY
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_REGION_NAME
- VERTEX_AI_PROJECT
- VERTEX_AI_LOCATION
Security Notes
The primary security consideration is the 'codebase_path' argument. The server is designed to read and process files from the specified path. If a malicious or untrusted path is provided, the tool will attempt to access and index those files, which could lead to unauthorized data access or processing. While the CLI mode offers a validation callback, the MCP integration sets 'validate_codebase=False' for seamless operation, assuming the path is trusted. There are no obvious 'eval' or direct code injection vulnerabilities. Network communication for the shared embedding server is primarily local (127.0.0.1).
Similar Servers
VectorCode
Indexes code repositories to generate relevant contextual information for Large Language Models (LLMs), enhancing their performance on specific or private codebases.
chunkhound
Provides local-first codebase intelligence, extracting architecture, patterns, and institutional knowledge for AI assistants.
Context-Engine
Self-improving code search and context engine for IDEs and AI agents, providing hybrid semantic/lexical search, symbol graph navigation, and persistent memory.
codegraph-rust
Transforms codebases into a semantically searchable knowledge graph, enabling AI agents to reason about code relationships, architecture, and impact rather than just performing text-based searches.