Labsco
ashfordeOU logo

grasp-mcp-server a

โ˜… 10

from ashfordeOU

36 tools for dependency graphs, architecture analysis, security scanning, refactoring, and CI tracking for LLM agents

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedPaid serviceAdvanced setup
<div align="center"> <img src="grasp-social-v2.png" alt="Grasp โ€” Code Architecture Suite" width="100%"/>

English ยท เคนเคฟเคจเฅเคฆเฅ€ ยท ๆ—ฅๆœฌ่ชž ยท ํ•œ๊ตญ์–ด ยท ็ฎ€ไฝ“ไธญๆ–‡

<br/> <br/>

<a href="https://github.com/ashfordeOU/grasp/actions/workflows/ci.yml" target="_blank"><img src="https://github.com/ashfordeOU/grasp/actions/workflows/ci.yml/badge.svg" alt="CI"/></a> <a href="https://www.npmjs.com/package/grasp-mcp-server" target="_blank"><img src="https://img.shields.io/npm/v/grasp-mcp-server?label=MCP%20Server&color=00d4aa&style=flat-square&logo=npm" alt="npm"/></a> <a href="LICENSE" target="_blank"><img src="https://img.shields.io/badge/license-ELv2-4d9fff?style=flat-square" alt="License"/></a> <a href="https://ashfordeou.github.io/grasp" target="_blank"><img src="https://img.shields.io/badge/browser%20app-live-00d4aa?style=flat-square&logo=github" alt="GitHub Pages"/></a>

<br/>

131 MCP tools + 8 Resources + 2 Prompts ยท 35 languages ยท 11 AI providers + 200+ models via OpenRouter ยท 10 graph views ยท zero data collection

<br/>

<a href="https://ashfordeou.github.io/grasp" target="_blank"><img src="https://img.shields.io/badge/โ–ถ%20Browser%20App-ashfordeou.github.io%2Fgrasp-0f2a2a?style=for-the-badge&color=0f2a2a&logoColor=00d4aa" alt="Browser App"/></a> ย  <a href="https://github.com/ashfordeOU/grasp/releases/latest" target="_blank"><img src="https://img.shields.io/badge/VS%20Code-Install%20(.vsix)-007ACC?style=for-the-badge&logo=visual-studio-code" alt="VS Code"/></a> ย  <a href="https://www.npmjs.com/package/grasp-mcp-server" target="_blank"><img src="https://img.shields.io/badge/MCP%20Server-npm-CB3837?style=for-the-badge&logo=npm" alt="MCP Server"/></a> ย  <a href="https://plugins.jetbrains.com/plugin/31362-grasp--code-architecture-visualizer" target="_blank"><img src="https://img.shields.io/badge/JetBrains-Marketplace-000000?style=for-the-badge&logo=jetbrains" alt="JetBrains"/></a> ย  <a href="https://addons.mozilla.org/firefox/addon/grasp-code-architecture" target="_blank"><img src="https://img.shields.io/badge/Firefox-Add--ons-FF7139?style=for-the-badge&logo=firefox-browser&logoColor=white" alt="Firefox Add-ons"/></a> ย  <a href="https://chromewebstore.google.com/detail/grasp-%E2%80%94-code-architecture/pipmlammandfhfbodllcjolgeolkhapj" target="_blank"><img src="https://img.shields.io/badge/Chrome-Web%20Store-4285F4?style=for-the-badge&logo=google-chrome&logoColor=white" alt="Chrome Web Store"/></a> ย  <a href="https://github.com/ashfordeOU/grasp/releases" target="_blank"><img src="https://img.shields.io/badge/Safari-Sideload%20(macOS%2013%2B)-0D96F6?style=for-the-badge&logo=safari&logoColor=white" alt="Safari sideload"/></a> ย  <a href="https://www.raycast.com/ashfordeOU/grasp" target="_blank"><img src="https://img.shields.io/badge/Raycast-Store-FF6363?style=for-the-badge&logo=raycast&logoColor=white" alt="Raycast Store"/></a> ย  <a href="https://zed.dev/extensions?query=grasp" target="_blank"><img src="https://img.shields.io/badge/Zed-Extension-084CCF?style=for-the-badge&logoColor=white" alt="Zed Extension"/></a>

<br/>

<a href="https://ashfordeou.github.io/grasp" target="_blank">๐ŸŒ Browser App</a> ย ยทย  <a href="https://www.npmjs.com/package/grasp-mcp-server" target="_blank">๐Ÿ“ฆ MCP Server</a> ย ยทย  <a href="https://github.com/ashfordeOU/grasp/issues" target="_blank">๐Ÿ› Report Bug</a> ย ยทย  <a href="https://github.com/ashfordeOU/grasp/issues" target="_blank">โœจ Request Feature</a> ย ยทย  <a href="https://ashfordeou.github.io/grasp/docs/privacy.html" target="_blank">๐Ÿ”’ Privacy</a>

</div>

What's New in v3.20.0

Full security scanning suite โ€” grasp_vulnerabilities now covers 5 threat vectors beyond the original OSV.dev dependency scan.

LayerData sourceWhat it checks
Dependency CVEsOSV.devnpm, PyPI, Go, Cargo, Maven declared deps vs known CVEs
Container/Runtime CVEsNIST NVDFROM nginx:1.25.3 in Dockerfiles, image: in docker-compose + CI YAML
Supply-chain integrityLocal (no network)npm lockfile sha512 coverage, go.sum, Cargo.lock, pip --hash= pinning
Behavioral analysisSocket.dev free APInpm malware, supply-chain risk, install-scripts flags
Scheduled monitoringgrasp_vuln_watch (new)Periodic re-scans with brain.db history + CVE diff since last scan

New skip flags (skip_container, skip_socket, skip_integrity) for targeted fast scans. Also fixed a missing await bug in sessionStore.get().

Previously in v3.19.0: Full visual + UX parity between team-dashboard.html and index.html โ€” teal brand sweep, SVG icons, 7-provider auth, mobile More menu, keyboard shortcut popover.

Previously in v3.18.0: 9 new MCP tools (graph analytics + LLM-context), 11 graph export formats, TypeScript path-alias + Python import resolvers, Claude Code slash commands, token-reduction eval harness (3,241ร— on got@v14).

Total as of v3.20.0: 131 MCP tools ยท 8 Resources ยท 2 Prompts ยท 35 languages ยท 11 graph export formats ยท 10 graph views ยท 19 themes.


What is Grasp?

Grasp turns any GitHub or GitLab repository โ€” cloud or self-hosted โ€” or local codebase into an interactive architecture map in seconds. 131 MCP tools (plus 8 Resources and 2 guided Prompts) expose the full analysis engine to Claude Code, Cursor, and any MCP-compatible agent.

Paste URL / Open Folder  โ†’  AST Analysis Engine  โ†’  Architecture Map + 130 MCP Tools
No installationRuns 100% in your browser โ€” two HTML files, no build step
No data collectionYour code never leaves your machine
No accountsPaste a URL and go
Works offlineAnalyse local folders without internet
35 languagesJS/TS, Python, Go, Java, Rust, C/C++, C#, Ruby, Swift, Kotlin, Scala, Dart, Elixir, Erlang, Haskell, OCaml, F#, Clojure, Julia, Lua, R, Perl, Shell, PowerShell, Groovy, Zig, V, Nim, Crystal, VBA, Ada/SPARK, Vue, Svelte, PHP
131 MCP toolsDependency graphs, security, OSV.dev SCA vulnerability scanning, DORA, brain store, Kuzu graph schema v3, communities, ORM tracker, git change impact, architecture drift detection, test coverage gap map, org dashboard, PR impact action, MCP Resources/Prompts, grasp setup editor auto-config
11 AI providers (+ unlimited via routers)Direct: Anthropic Claude (3 models), OpenAI (GPT-4o + o-series), Google Gemini (3), Mistral (2), Groq (3), DeepSeek (chat + reasoner), Ollama (local), LM Studio (local), Custom OpenAI-compatible endpoint. Routers: OpenRouter (200+ models via slug) and Together AI (50+ open-source models). Switchable mid-conversation, fully off by default (chat panel closed = zero network calls), API keys stored in localStorage only โ€” Grasp has no proxy or telemetry.
10 graph viewsForce graph, 3D, arch, treemap, matrix, tree (dendrogram), flow (sankey), bundle, cluster (disjoint), heatmap
Grasp BrainSQLite + Kuzu persistent store โ€” index once, query instantly. FTS5 + 384D vector embeddings + Cypher graph queries
Supply chain signedSLSA Level 2 npm provenance + Cosign keyless Docker signing on every release

Who is Grasp for?

You areโ€ฆGrasp helps youโ€ฆStart with
Tech lead joining a new teamMap the codebase in 60s, find the riskiest hotspots, identify good first issuesTry expressjs/express chip โ†’ ISS tab + ACT tab
Engineering managerTrack health across all team repos, see DORA metrics, identify bus-factor risksteam-dashboard.html
Open-source maintainerGenerate a wiki, label good first issues, post PR impact commentsgrasp_wiki + GitHub Action grasp-pr-impact
Security reviewerSpot hardcoded secrets, scan dependencies for CVEs, generate SBOM/SARIFVULN tab + grasp_sbom + grasp_sarif
AI agent (Claude Code, Cursor, Copilot)Get sub-100-token repo orientation + token-budget-aware traversalMCP server: grasp_minimal_context โ†’ grasp_traverse
Developer onboardingGet an ordered reading path, plain-English explanations of any filegrasp_onboard + grasp_explain
Refactoring contractorPlan migrations with topological ordering, preview renames, find duplicate codegrasp_migration_plan + grasp_apply_refactor
CTO evaluating tech debtQuantify debt in dev-days, flag legacy hotspots, justify rewrite budgetHealth Score + Technical Debt + Org Dashboard

What makes Grasp different

Grasp is intentionally additive to whatever static-analysis or graph tool you already use. The axes that matter:

CapabilityGrasp
Run on a stranger's repo without cloningโœ… Paste URL โ†’ instant analysis in browser
Zero install, zero accountโœ… Single HTML file, runs entirely in browser
MCP-native โ€” works with Claude Code, Cursor, Copilot, Continue, etc.โœ… 130 tools, 8 Resources, 2 Prompts
Supply-chain CVE scanningโœ… OSV.dev across npm/PyPI/Go/Cargo/Maven
35 languages with native ASTโœ… Tree-sitter
Local โ€” your code never leaves your machineโœ… Browser fetches direct; MCP runs as subprocess
Persistent architecture intelligenceโœ… Brain store + Kuzu graph DB
Multi-channel โ€” Chrome/Firefox/Safari/VS Code/JetBrains/Docker/Raycast/Zedโœ… 13 distribution channels

Screenshots

๐Ÿ•ธ๏ธ Dependency Graph โ€” see exactly how files connect

<img src="docs/screenshots/graph.png" alt="Grasp dependency graph view" width="100%"/>

๐Ÿ›๏ธ Architecture Diagram โ€” your codebase by layer

<img src="docs/screenshots/arch.png" alt="Grasp architecture diagram view" width="100%"/>

๐Ÿ“ฆ Treemap โ€” files sized by line count

<img src="docs/screenshots/treemap.png" alt="Grasp treemap view" width="100%"/>

๐Ÿข Team Dashboard โ€” health across all your repos at a glance

<img src="docs/screenshots/team-dashboard.png" alt="Grasp team dashboard" width="100%"/>

How It Works

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚  Input                                                            โ”‚
โ”‚  github.com/owner/repo  ยท  gitlab.com/ns/proj  ยท  ./local/path   โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                                 โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚  Analysis Pipeline  (mcp/src/)                                    โ”‚
โ”‚                                                                   โ”‚
โ”‚  1. scan        file enumeration + gitignore                      โ”‚
โ”‚  2. parse       tree-sitter AST ยท 35 languages ยท 16 native        โ”‚
โ”‚  3. resolvers   tsconfig path-alias ยท Jedi-style Python imports   โ”‚
โ”‚  4. routes      HTTP route detection (Express/FastAPI/Gin)        โ”‚
โ”‚  5. tools       MCP/gRPC tool definition detection                โ”‚
โ”‚  6. orm         ORM query tracking (Prisma/TypeORM/Sequelize/SA)  โ”‚
โ”‚  7. scope       3-tier call resolver  (0.95 โ†’ 0.90 โ†’ 0.50)       โ”‚
โ”‚  8. types       cross-file type propagation  (Kahn topo-sort)     โ”‚
โ”‚  9. coverage    test-file detection โ†’ TESTS/COVERS edges (v3)     โ”‚
โ”‚ 10. communities Louvain community detection on import graph       โ”‚
โ”‚ 11. processes   BFS execution-flow tracing from entry points      โ”‚
โ”‚ 12. analytics   degree centrality ยท Brandes betweenness ยท         โ”‚
โ”‚                 surprising-edge rarity ยท knowledge-gap detection  โ”‚
โ”‚ 13. vulns       OSV.dev SCA scan (npm/PyPI/Go/Cargo/Maven)        โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
            โ”‚                          โ”‚
    โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ–ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”    โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ–ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
    โ”‚  Browser App    โ”‚    โ”‚   MCP Server (CLI)           โ”‚
    โ”‚  index.html     โ”‚    โ”‚   grasp-mcp-server           โ”‚
    โ”‚                 โ”‚    โ”‚                              โ”‚
    โ”‚ 10 graph views  โ”‚    โ”‚ 130 tools ยท 8 Resources      โ”‚
    โ”‚ 16 color modes  โ”‚    โ”‚ 2 guided Prompts             โ”‚
    โ”‚ AI Chat (11p)   โ”‚    โ”‚ Brain + Kuzu Schema v3       โ”‚
    โ”‚ Ask Grasp       โ”‚    โ”‚ Hybrid search (BM25+vector)  โ”‚
    โ”‚ Coverage overlayโ”‚    โ”‚ Graph analytics (5 tools)    โ”‚
    โ”‚ VULN tab        โ”‚    โ”‚ LLM-context (4 tools)        โ”‚
    โ”‚ Try-it chips    โ”‚    โ”‚ Graph exports (GraphML /     โ”‚
    โ”‚ Token indicator โ”‚    โ”‚   Cypher / Obsidian)         โ”‚
    โ”‚ Snapshot URLs   โ”‚    โ”‚ Slash commands (3 in         โ”‚
    โ”‚ Compare modal   โ”‚    โ”‚   .claude/commands/)         โ”‚
    โ”‚ Mid-fetch retry โ”‚    โ”‚ grasp setup (5 editors)      โ”‚
    โ”‚ Mobile touch    โ”‚    โ”‚ grasp vulns / drift / org    โ”‚
    โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜    โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

Analysis flow (v3.18.0): the pipeline is additive โ€” phase 12 (graph analytics) runs after the dependency graph is built and produces the data backing grasp_hub_nodes, grasp_bridge_nodes, grasp_surprising_connections, grasp_knowledge_gaps, and grasp_suggested_questions. Phase 13 only runs when a manifest (package.json, requirements.txt, go.mod, Cargo.toml, pom.xml) is present. Both browser and MCP server share the exact same pipeline output via the ~/.grasp/brain.db + ~/.grasp/graph/ pair so a CLI grasp index and a browser analyze of the same repo are interchangeable.


Visualizations

Graph Types

ViewDescription
๐Ÿ•ธ๏ธ GraphForce-directed dependency graph โ€” drag, zoom, multi-select
๐Ÿ”ฎ 3D GraphThree-dimensional force graph โ€” rotate, pan, zoom
๐Ÿ›๏ธ ArchLayer-by-layer architecture diagram
๐Ÿ“ฆ TreemapFiles sized by line count, grouped by folder
๐Ÿ“Š MatrixAdjacency matrix showing all dependencies
๐ŸŒณ TreeHierarchical cluster dendrogram
๐ŸŒŠ FlowFolder-level Sankey dependency flow
๐ŸŽฏ BundleCircular layout with arc-based connections
๐Ÿ”ฎ ClusterSeparated force graphs per folder

Color Modes

ModeWhat it shows
๐Ÿ“ FolderDirectory structure
๐Ÿ—๏ธ LayerArchitectural layer (UI, Services, Utils, etc.)
๐Ÿ”ฅ ChurnCommit frequency โ€” red = most-changed hot spots
โšก ComplexityCyclomatic complexity (green โ†’ yellow โ†’ red)
๐Ÿ’ฅ BlastBlast radius impact for a selected file
๐ŸŒŠ DepthMax brace-nesting depth
๐Ÿ”Ž DupDuplicate code density โ€” red = many clones
๐Ÿ‘ค OwnerTop contributor โ€” spot bus-factor risks
๐Ÿ› IssuesLinked GitHub Issues per file
๐Ÿงช CoverageTest coverage โ€” highlight untested files
๐Ÿ“ฆ BundleBundle size contribution
๐ŸŒ API SurfacePublic-facing file exposure
โšก RuntimeActual call frequency from a live trace
๐Ÿ”’ SafetySafety gate coverage (green = gated, red = ungated)
๐Ÿงช BoundaryResearch/production boundary drift
๐Ÿงช Eval CoverageCoverage from eval/test scripts

Code Intelligence

๐Ÿ“Š Health Score

Instant Aโ€“F grade based on dead code, circular dependencies, coupling metrics, and security issues. Displayed as a score (0โ€“100) with a visual bar.

๐Ÿ” Security Scanner

Automatic detection of hardcoded secrets & API keys, SQL injection risks, dangerous eval() usage, and debug statements left in production.

๐Ÿ›ก๏ธ Dependency & Container Security Scanner (v3.17.0, expanded v3.20.0)

Five-layer security scan via grasp_vulnerabilities:

  • Dependency CVEs โ€” declared deps (npm/PyPI/Go/Cargo/Maven) vs OSV.dev public CVE database. Resolves pinned versions from lockfiles. Severity-classified with CVSS scores and fix-version suggestions. Health score deducts โ€“5 per critical and โ€“3 per high.
  • Container/Runtime CVEs โ€” parses Dockerfile (FROM image:tag), docker-compose*.yml, and CI workflow YAML for pinned image versions, then queries NIST NVD. Set GRASP_NVD_API_KEY for higher rate limits.
  • Supply-chain integrity โ€” local checks (no network): npm lockfile sha512 integrity field coverage, go.sum alongside go.mod, Cargo.lock alongside Cargo.toml, --hash= pinning in requirements.txt.
  • Behavioral analysis โ€” Socket.dev free API scans npm packages for malware, supply-chain risk, and install-script signals (up to 50 packages per scan).
  • Scheduled monitoring โ€” grasp_vuln_watch MCP tool: start/stop/status/history actions; periodic re-scans via setInterval; persists scan history + CVE diffs in brain.db.

New grasp vulns <path> CLI exits 1 on critical/high findings (CI-friendly). 100% client-side โ€” all API requests go directly from your machine to the respective services, never through a Grasp server.

๐Ÿงฉ Pattern Detection

Identifies Singleton, Factory, Observer/Event patterns, React hooks, and anti-patterns (God Objects, high coupling) โ€” automatically.

๐Ÿ’ฅ Blast Radius Analysis

"If I change this file, what breaks?" โ€” select any file and see every downstream file that would be affected, highlighted on the graph.

๐Ÿ”ฅ Activity Heatmap

Colors files by commit frequency. Works for GitHub repos (via API) and local repos (via git log โ€” no internet required).

๐Ÿ”Ž Duplicate & Similarity Detection

The Dup color mode highlights files with exact or near-duplicate code. The grasp_similarity MCP tool returns ranked duplicate clusters for targeted refactoring.

๐Ÿ‘ฅ Code Ownership

Top contributors per file from git history, with line-percentage breakdowns. One-click jump to GitHub Blame.

๐Ÿ“‹ PR Impact Analysis

Paste a PR URL to see which files it touches and calculate the blast radius of proposed changes before merging.

๐Ÿ’ฐ Technical Debt Quantification

Converts every architectural issue into developer-hours using configurable estimates โ€” circular dep = 4h, god file = 16h, critical security = 8h โ€” with a coupling multiplier. Shown in the health panel and Team Dashboard.

๐Ÿ”— Shareable Embeds

Click โ‹ฏ โ†’ ๐Ÿ”— Embed for a ready-to-paste <iframe>, README badge, React snippet, and direct link โ€” share live health reports in docs, wikis, or dashboards.

๐ŸŽฏ Connection Confidence Scoring (v3.16.0)

Every cross-file connection is scored 0โ€“1: explicit static imports = 1.0, same-folder = 0.8, cross-folder inferred = 0.6, low-frequency = 0.4. The force graph overlays confidence as edge opacity โ€” use the slider in โš™ settings to filter out low-confidence edges.

๐Ÿ” Graph Query Modal (v3.16.0)

Click the ๐Ÿ” toolbar button to search files, functions, and edges in-browser without leaving the graph. Matches update live โ€” click any file result to jump to it on the graph.

ฦ’() Function-Level Canvas (v3.16.0)

Toggle the ฦ’() button to switch the force graph from file-level to function-level nodes โ€” see individual function call relationships, capped at 300 nodes for performance.

๐Ÿ—„๏ธ DB Coupling Tab (v3.16.0)

The right panel ๐Ÿ—„๏ธ DB tab scans file content for ORM patterns (Django, TypeORM, raw SQL), mapping which files reference which tables. Instantly spot god-tables and high-coupling files.

๐ŸŽฏ Good First Issues Tab (v3.16.0)

The ๐ŸŽฏ GFI tab surfaces isolated, low-complexity, untested files โ€” ideal contribution targets for new engineers or AI coding agents.

๐Ÿ” PII Detection & Security Subcategories (v3.16.0)

The Security tab now has subcategory pills โ€” ALL / SECRETS / INJECTION / PII / EVAL โ€” to filter findings. The PII pill scans file content for email, phone, SSN, credit card, and API key patterns in source files.

๐Ÿ“ธ Architecture Drift Detection (v3.17.0)

Snapshot your codebase architecture and detect drift over time โ€” automatically.

grasp snapshot ./my-project --name before-refactor
# ... make changes ...
grasp drift ./my-project          # exits 1 if drift is CRITICAL (CI-friendly)
MCP ToolDescription
grasp_snapshotSave current health score, coupling metrics, circular deps, and top-10 hotspots as a named snapshot
grasp_diff_snapshotsCompare any two snapshots โ€” returns health delta, new circular deps, files whose coupling increased >20%, drift level (STABLE / DEGRADED / CRITICAL)

Snapshots are stored in ~/.grasp/brain.db and persist across analysis sessions.

๐Ÿงช Test Coverage Gap Map (v3.17.0)

Find the functions most likely to cause production incidents โ€” highest call count, zero test coverage.

grasp_coverage_gaps  # via MCP โ€” returns uncovered_functions sorted by call_count DESC

The dependency graph gains a ๐Ÿงช Coverage overlay toggle โ€” uncovered functions render in red, partially-covered in amber, covered in green. Coverage is estimated by static analysis: Grasp detects test files (*.test.*, *.spec.*, test_*, *_test.*) and traces which source functions they reference.

MCP ToolDescription
grasp_coverage_gapsReturns uncovered_functions (sorted by call count), risky_uncovered (high churn + no tests), coverage_by_module per directory, and overall_coverage_estimate

๐Ÿข Org-Level Dashboard (v3.17.0)

Analyse an entire GitHub organisation in one command:

grasp org my-github-org --token ghp_xxx --format html   # Self-contained HTML dashboard
grasp org my-github-org --format json                   # CI-consumable JSON
grasp org my-github-org --format md                     # Markdown for wikis

Aggregates health grades, security findings, most-churned files, and language distribution across all repos (up to 500, 5 concurrent). The HTML output embeds Chart.js inline โ€” no external dependencies.

MCP ToolDescription
grasp_org_summaryAnalyse up to 20 top repos in an org โ€” returns aggregate health grade, grade distribution, total security findings by severity, top churned files, language breakdown

๐Ÿค– PR Impact GitHub Action (v3.17.0)

Add automated architectural impact analysis to every pull request:

# .github/workflows/grasp-pr-impact.yml
- uses: ashfordeOU/grasp/.github/actions/grasp-pr-impact@main
  with:
    github-token: ${{ secrets.GITHUB_TOKEN }}
    min-risk-to-comment: LOW      # LOW / MEDIUM / HIGH / CRITICAL
    fail-on-risk: CRITICAL        # fail the CI check at this risk level

The action posts a structured PR comment showing:

  • Risk badge (LOW / MEDIUM / HIGH / CRITICAL) with colour coding
  • Changed files with function-level blast radius
  • Affected execution processes (with step counts)
  • Suggested reviewers from git blame (top 2 contributors per affected file)
  • Test coverage gaps: which changed functions have no test file touching them

AI Chat โ€” 11 Providers + Routers

Built-in AI assistant that knows your entire codebase. Ask "why is auth.ts a hotspot?", "which files are safest to refactor?", or "explain the security issues in this call chain" โ€” answers reference your live dependency graph, security findings, and architectural layers.

ProviderModels
AnthropicClaude Opus 4.7, Sonnet 4.6, Haiku 4.5
OpenAIGPT-4o, GPT-4o mini, o3-mini, o1
Google GeminiGemini 2.0 Flash, 1.5 Pro, 1.5 Flash
MistralMistral Small, Mistral Large
GroqLlama 3.3 70B, 3.1 8B, Gemma 2 9B
DeepSeekDeepSeek Chat, DeepSeek Reasoner
OpenRouterAny model slug (100+ models via one key)
Together AIAny model slug
OllamaLocal models (no key needed)
LM StudioLocal models on any port
CustomAny OpenAI-compatible base URL

Features:

  • Multi-turn conversation memory โ€” persisted in localStorage across page refreshes
  • Selected-file context โ€” layer, functions, complexity, and issues injected automatically when a file is selected
  • Rich codebase context โ€” top 80 files with metadata, all issues, security findings, circular deps, layer breakdown
  • Markdown rendering with syntax-highlighted code blocks
  • API key stays in your browser only, never sent anywhere except the chosen provider

Grasp Brain โ€” Persistent Architecture Intelligence (v3.16.0)

Grasp Brain combines two persistent stores that work together:

  • SQLite Brain (~/.grasp/brain.db) โ€” file metadata, coupling, security, and issue index. Includes a FTS5 full-text index over functions and an in-process 384D vector embedding store (Xenova/all-MiniLM-L6-v2 โ€” no cloud dependency). Index once, query instantly.
  • Kuzu Graph DB (~/.grasp/graph/) โ€” native graph database with Cypher query support. Stores the full function call graph, file imports, and type relationships as a traversable property graph.

Index once, then query instantly โ€” no re-analysis needed. Every function is tagged with the execution processes it participates in (BFS from entry points), so search results include a processes[] field grouping matches by flow.

How it works

grasp index ./my-project    โ†’  analysis stored in ~/.grasp/brain.db
grasp context src/api.ts    โ†’  instant file context from the stored index
grasp diff ./my-project     โ†’  compare current state vs stored baseline
grasp daemon ./my-project   โ†’  watch for changes, re-index automatically

CLI Subcommands

grasp index <path>           # Analyse and persist a repo to the brain
grasp context <src> <file>   # Get rich context for any file
grasp setup [path]           # Install hooks in Claude Code / Cursor / Windsurf
grasp diff <path>            # Compare current analysis vs brain baseline
grasp daemon <path>          # Watch directory and auto-reindex on changes
grasp drift [path]           # Snapshot + diff vs last snapshot; exits 1 on CRITICAL (CI-friendly)
grasp org <github-org>       # Org-level dashboard (--format json|html|md --token ghp_xxx)
grasp vulns [path]           # OSV.dev dependency vulnerability scan

Ask Grasp โ€” Natural Language Architecture Queries

Both the browser app (Ask Grasp panel) and grasp_ask MCP tool support plain-English questions about your codebase. grasp_ask recognises structural intents directly; for open-ended queries it falls back to hybrid semantic search โ€” BM25 full-text + 384D vector embeddings merged with Reciprocal Rank Fusion.

For pure semantic search without the question-answering layer, use grasp_search directly โ€” results include a processes[] field showing which execution flows each match belongs to.

QuestionWhat you get
"What are the most complex files?"Files ranked by cyclomatic complexity
"Show me coupling hotspots"Files with highest combined fan-in + fan-out
"Any security issues?"All security findings across the codebase
"What's the blast radius of auth.ts?"Full transitive impact list
"What layer handles data access?"Layer breakdown with file examples
"What's the overall grade?"Health score, grade, issue summary
"Which files have the most churn?"Commit frequency ranking
"Are there circular dependencies?"Cycle list with severity

Registry โ€” All Indexed Repos

grasp_registry_list and grasp_registry_status expose the full Brain index:

# Via MCP
grasp_registry_list          # all repos: health grade, files, functions, active sessions
grasp_registry_status        # aggregate: indexed count, session count, grade distribution

# Via HTTP (when MCP server runs with --http)
curl http://localhost:7332/api/v1/registry

The Team Dashboard ๐Ÿ—‚๏ธ Registry panel auto-fetches this on load โ€” no session_id needed.

Arch Diff

grasp diff (and grasp_arch_diff MCP tool) compares your current codebase against the stored brain baseline and surfaces:

  • Grade degradations (files that got worse: Aโ†’B, Bโ†’C, etc.)
  • Health score delta
  • New security issues introduced since baseline

Editor Hooks (grasp setup)

Detects .claude/, .cursor/, .windsurf/ in your repo and installs a pre-tool-use hook that automatically gives your AI coding assistant codebase context before every action. Also writes CLAUDE.md and AGENTS.md with architecture summaries.


Team & Collaboration

๐Ÿข Team Dashboard

Track health across multiple repos in one view. Add any public (or private, with a token) GitHub repo and see:

  • Health score, grade, files, issues, circular deps, security findings, architectural layers
  • Pattern count, Env var issues, Feature flag count โ€” new v3.13.0 columns
  • DORA metrics mini-card โ€” Deploy Frequency, Lead Time, Change Fail Rate, MTTR per repo (expandable row)
  • ๐Ÿ—‚๏ธ Registry panel โ€” all Brain-indexed repos with live health grades and session status
  • Commit activity (7d / 30d) and CI status (โœ…/โŒ/โณ)
  • Commit velocity sparkline, Technical debt in developer-days
  • Export the full table as CSV or JSON. Open local folders with ๐Ÿ“ Open Folder (File System Access API).

๐Ÿ”„ Live Team Collaboration

Grasp's CLI hosts a real-time collaboration server for your whole team:

npx grasp --host=0.0.0.0 --room-secrets=backend:pass1,frontend:pass2
#   โ†’ main app:       http://server-ip:7331/
#   โ†’ team dashboard: http://server-ip:7331/dashboard
#   โ†’ health check:   http://server-ip:7331/api/health
  • WebSocket sync โ€” workspace changes propagate to all connected team members instantly
  • Named rooms โ€” ?sync_room=backend-team isolates each team's workspace
  • Presence indicators โ€” see who's online in the Sync panel
  • Share links โ€” โŽ˜ Copy team link or ๐Ÿ‘ Copy read-only link
  • Read-only mode โ€” ?readonly=1 for observers
  • Password protection โ€” --room-secrets=room:password
  • REST API โ€” GET /api/health ยท GET /api/rooms ยท GET/PUT /api/workspace/:room

LAN hosting: anyone on the same network accesses http://server-ip:7331/dashboard โ€” no cloud needed.

๐Ÿข Monorepo & Workspace Support

Grasp automatically detects sub-packages in monorepos (package.json, pyproject.toml, Cargo.toml, go.mod, pom.xml). A Workspace sidebar lets you filter to a single package โ€” all graphs, treemaps, and metrics update instantly.

โฎ๏ธ Time-Travel Architecture Scrubber

Run grasp . --timeline to load your last 30 git commits as a scrubber panel. Drag the slider to any commit โ€” changed nodes glow yellow on the graph so you can watch your architecture evolve over time.

๐Ÿ“ก Live Watch Mode

Run grasp . --watch for a local dev server with real-time SSE sync. Every file save reloads the browser graph automatically โ€” a LIVE badge appears while connected.


Industry Verticals

โœˆ๏ธ Aerospace / Safety-Critical

FeatureDescription
Requirement TraceabilityUpload a requirements CSV โ€” Grasp scans for @REQ-NNN tags and shows coverage %, missing, and unspecified files. One-click compliance matrix export.
MISRA / Safety Modeโ‹ฏ โ†’ ๐Ÿ”ง Safety Mode โ€” detect MISRA C/C++ and Ada violations: dynamic allocation after init, recursive calls, goto, abort()/exit().
DO-178C / ECSS Certification ExportOne-click certification evidence package: inventory, traceability matrix, complexity, MISRA violations, security findings โ€” JSON and printable HTML.
Anomaly InvestigationSelect file โ†’ ๐Ÿ” Anomaly Investigation โ€” callers, callees, transitive blast radius, recent commits, security in call path, plain-English summary.
Software Reuse AssessorTraffic-light matrix across Interface Compatibility, Dependencies, Safety Level, Architecture Fitness, Security, Complexity.
Cross-language Call GraphAdaโ†’C pragma Import, Python ctypes/cffi, JSโ†’WASM boundaries.
Heritage Software GenealogyOverlay an origin-mission manifest, identify zero-delta certification shortcuts.
ICD MapperMatch Interface Control Document entries to exported functions, flag unimplemented interfaces.
ECSS-E-ST-40C ComplianceCheck DI-01, DI-04, DI-07, DI-10, DI-15 compliance requirements.

๐Ÿง  AI Research

FeatureDescription
Safety Constraint TracerMark safety gates (filters, sanitizers) โ€” trace every entryโ†’output path and flag any that bypass all gates. New Safety color mode.
Research/Production BoundaryDefine research vs production folders โ€” flags production files that import from research code.
Jupyter Notebook Support.ipynb in the dependency graph โ€” extracts code cells, parses imports, flags reproducibility issues.
Training Run DiffUpload two YAML/JSON configs โ€” diff hyperparameters and find which files read each changed key.
Eval Coverage MapAuto-detects eval scripts and traces which model/training code they exercise. Safety gates with no eval coverage flagged as critical.
ML Pipeline DAGDetects PyTorch, TensorFlow, JAX, HuggingFace patterns โ€” renders Dataโ†’Modelโ†’Trainingโ†’Evalโ†’Checkpoint DAG.

๐Ÿข Enterprise

FeatureDescription
SBOM GenerationCycloneDX 1.4 or SPDX 2.3 JSON for npm, pip, Cargo, Go modules. Optional CVE enrichment via OSV API.
DORA MetricsDeployment Frequency, Lead Time, Change Failure Rate, MTTR from GitHub Actions. Elite/High/Medium/Low classification.
AI-Powered ADR GenerationOne-click MADR-format Architecture Decision Records using codebase context + optional PR diff.
PII Data Flow TracerBFS from user-marked PII source files โ€” shows all downstream consumers.
Separation of DutiesDetects files that both initiate and approve transactions (SOX/FDA compliance).
Regulatory Change ImpactKeywords-to-blast-radius for GDPR/HIPAA/SOX/PCI-DSS article changes.
Finance / TradingLatency hotspot detection โ€” blocking I/O, GC pressure, lock contention, allocation in loops.
Financial Model RiskHardcoded parameters, missing NaN checks, division without zero-guard.

Token-Reduction Benchmark (v3.18.0)

scripts/eval-token-reduction.mjs is a benchmark harness that measures how many tokens an LLM saves by querying grasp_minimal_context instead of reading every source file. It clones 6 OSS repos (express, flask, gin, got, lodash, axios), computes naive total-token cost, calls Grasp, and reports the reduction factor.

# Build the MCP server first
cd mcp && node build.mjs && cd ..

# Run the full benchmark (clones 6 repos to /tmp/grasp-eval, ~5 minutes)
node scripts/eval-token-reduction.mjs

# Or just one repo
node scripts/eval-token-reduction.mjs --only got

Outputs to docs/benchmarks/token-reduction.{md,json}. Verified end-to-end on got@v14.0.0: 113,438 โ†’ 35 tokens.


For AI Agents โ€” MCP Server

Grasp ships a Model Context Protocol (MCP) server that exposes the full analysis engine as callable tools for Claude Code, Cursor, and any MCP-compatible agent.

Setup

# Install
npm install -g grasp-mcp-server

# Or run without installing
npx grasp-mcp-server

Add to ~/.claude/claude_mcp_settings.json:

{
  "mcpServers": {
    "grasp": {
      "command": "npx",
      "args": ["-y", "grasp-mcp-server"]
    }
  }
}

Works with GitHub repos and local directories. See mcp/README.md for GitLab, Docker, and self-hosted options.

Claude Code Slash Commands (v3.18.0)

Three pre-built slash commands ship in .claude/commands/ so any Claude Code workspace can invoke Grasp's most common flows in one step:

CommandWhat it does
/grasp:build-graphRuns grasp_analyze on the current dir + grasp_minimal_context for a sub-100-token orientation
/grasp:review-deltaDetects changes since base branch and produces a risk-scored impact report
/grasp:review-prFull PR review composing detect_changes + suggested_questions + surprising_connections + knowledge_gaps

Each command is a markdown file with allowed-tools and template body. Edit them in-repo to customize.

Tools Reference

Tier legend: Most tools work after a single grasp_analyze. Some require an indexed Brain (run grasp_brain_index first) โ€” flagged in their description with phrases like "from the brain index". A few make outbound network calls: GitHub Issues / DORA / CI status / deps.dev (grasp_issues, grasp_jira_issues, grasp_dora, grasp_ci_status, grasp_deps_dev) need a token; grasp_vulnerabilities queries OSV.dev, NIST NVD, and Socket.dev; grasp_vuln_watch runs scheduled re-scans; grasp_adr calls the AI provider you configure. grasp_apply_refactor and grasp_rename are the only tools that write to disk (off by default โ€” dry_run / apply: false is the default).

Core Analysis

ToolWhat it does
grasp_analyzeFull analysis of any repo or local path โ€” returns session_id for follow-up queries
grasp_sessionsList active sessions (persist 7 days, survive restarts)
grasp_diffCompare two snapshots โ€” what changed between analyses?
grasp_watchRe-analyse a directory and diff against a prior run
grasp_rules_checkRun grasp.yml architecture rules and report violations
grasp_config_checkValidate a session against architecture rules โ€” returns violations

File & Code Intelligence

ToolWhat it does
grasp_file_depsWhat does this file depend on?
grasp_dependentsWhat breaks if I change this file?
grasp_cyclesAre there circular dependencies?
grasp_architectureWhat layers does this codebase have?
grasp_hotspotsWhich files are riskiest to touch?
grasp_metricsLines, complexity, fan-in/fan-out per file
grasp_find_pathHow does file A connect to file B?
grasp_patternsWhat design patterns are in use?
grasp_unusedDead code โ€” defined but never called
grasp_explainPlain-English explanation of any file or function
grasp_refactorStep-by-step refactor plan for a file or session
grasp_suggestRanked refactoring suggestions by effort-to-impact ratio
grasp_onboardOrdered reading path for new engineers entering a codebase area
grasp_typesType annotation coverage โ€” prioritises high fan-in files lacking types
grasp_similarityRanked duplicate clusters and code-clone groups
grasp_staleActive but abandoned files โ€” low churn, high fan-in, no test counterpart
grasp_change_riskRisk score 0โ€“100 for a set of changed files

Security & Compliance

ToolWhat it does
grasp_securityHardcoded secrets, injection risks, dangerous patterns
grasp_sbomSBOM in CycloneDX 1.4 or SPDX 2.3 JSON
grasp_sarifSARIF 2.1.0 export for GitHub Code Scanning
grasp_licenseDependency licenses โ€” flags copyleft and unknown
grasp_pii_traceBFS trace from PII source files to all consumers
grasp_dutiesSeparation of duties โ€” files that both initiate and approve
grasp_reg_impactRegulatory change blast radius (GDPR/HIPAA/SOX/PCI-DSS)
grasp_env_varsAll env var reads โ€” flags undocumented and test-only vars
grasp_feature_flagsAll feature flag reads (LaunchDarkly, GrowthBook, env-var flags)

Team & DevOps

ToolWhat it does
grasp_pr_commentGenerate PR health comment with blast radius for changed files
grasp_pr_reviewPost inline review comments on a GitHub PR at high-severity lines
grasp_commitsCommit counts for last 7d and 30d
grasp_ci_statusLatest GitHub Actions run โ€” passing/failing/in-progress
grasp_doraDORA metrics โ€” Deployment Frequency, Lead Time, CFR, MTTR
grasp_adrAI-powered MADR-format Architecture Decision Record
grasp_embedGenerate iframe, README badge, React snippet for sharing
grasp_timelineLast N commits with per-commit changed files + co-change matrix
grasp_contributorsPer-file ownership, bus-factor, top contributors
grasp_coverageTest coverage overlay โ€” which files lack tests?
grasp_issuesMap GitHub Issues to the files they mention
grasp_jira_issuesMap Jira issues to source files via project key
grasp_service_graphService-level dependency graph from OTEL / custom trace JSON
grasp_deps_devEcosystem dependents via deps.dev โ€” how many packages depend on this repo

Brain / Intelligence (v3.16.0)

ToolWhat it does
grasp_brain_indexAnalyse and persist a repo to the local SQLite brain
grasp_brain_statusWhat's indexed in the brain and when?
grasp_contextRich file context โ€” layer, complexity, coupling, security, dependents, dependencies
grasp_arch_diffCompare current state vs brain baseline โ€” detect degradations
grasp_askAsk a natural language question about your architecture

Graph Core (Kuzu โ€” v3.16.0)

ToolWhat it does
graph_queryRun read-only Cypher queries against the persistent function/file call graph
call_chainTrace caller and callee chains for any function, up to configurable depth
type_propagationFind all functions sharing a return type and their call neighbors
function_graphRender a Mermaid / DOT / JSON subgraph centred on any named function

Advanced Analysis

ToolWhat it does
grasp_dead_packagesnpm deps in package.json but never imported
grasp_runtime_callsMerge a live runtime trace with static edges โ€” actual hot paths
grasp_db_couplingORM/SQL-to-table coupling map โ€” god tables, high-coupling files
grasp_migration_planPhased topologically-ordered plan for replacing a package/module
grasp_api_surfaceUnified API surface from OpenAPI, GraphQL, Express/FastAPI routes
grasp_eventsEvent emitters and subscribers โ€” orphaned emits, ghost subscriptions
grasp_perfN+1 queries, synchronous I/O, JSON serialization in loops
grasp_bundleBundle size treemap โ€” largest files by size category
grasp_dep_impactImpact of upgrading a dependency across all files
grasp_cross_repoCompare two sessions โ€” shared files, diverged functions
grasp_diagramGenerate Mermaid flowchart or C4 diagrams from the dependency graph

Aerospace / Safety-Critical Vertical

ToolWhat it does
grasp_req_traceRequirement traceability โ€” scan @REQ-NNN tags against a CSV
grasp_anomalyAnomaly investigation โ€” BFS blast radius, security in call chain, plain-English summary
grasp_reuseSoftware reuse assessor โ€” Red/Amber/Green compatibility matrix
grasp_safety_traceSafety constraint tracer โ€” finds paths that bypass all safety gates
grasp_multilangCross-language call graph (Adaโ†’C, Pythonโ†’C, JSโ†’WASM)
grasp_heritageHeritage software genealogy โ€” zero-delta certification shortcuts
grasp_icdICD mapper โ€” match Interface Control Document entries to code
grasp_ecssECSS-E-ST-40C compliance checker (DI-01, DI-04, DI-07, DI-10, DI-15)

AI Research Vertical

ToolWhat it does
grasp_run_diffTraining run diff โ€” changed hyperparameters and affected code
grasp_eval_coverageEval coverage map โ€” safety gates with no eval coverage flagged critical

Multi-Repo / Platform

ToolWhat it does
grasp_org_graphOrg-level multi-repo dependency graph with inter-repo edges
grasp_api_diffBreaking API change detector โ€” removed/changed exported symbols
grasp_pluginsExtension-point map โ€” plugin interfaces, hook points, strategy patterns
grasp_semverSemantic versioning enforcer โ€” validate semver bump for the change set
grasp_abi_diffABI/API stability checker โ€” stability score 0โ€“100
grasp_subsystemsKernel/OS subsystem boundary map
grasp_kconfigKconfig/build-time conditional analysis โ€” CONFIG_* usage map
grasp_irqIRQ/interrupt dependency graph โ€” blocking calls, allocation in handlers
grasp_patch_impactPatch series impact analyzer โ€” rank patches by blast radius + complexity
grasp_good_first_issuesGood first issue generator โ€” isolated, low-complexity, untested files
grasp_api_stabilityAPI stability score (0โ€“100) between two sessions
grasp_fork_diffFork divergence analysis โ€” diverged/identical/fork-only files
grasp_latencyFinance/trading latency hotspot detection
grasp_model_riskFinancial model risk auditor

Code Intelligence (v3.16.0)

ToolWhat it does
grasp_diff_symbolsMap git diff hunks to functions โ€” blast radius of a PR before merge
grasp_exec_flowBFS execution flow from any entry point with STEP_IN_PROCESS edges + Mermaid chart
grasp_skillmdAuto-generate SKILL.md / CLAUDE.md snippet from the analysis session
grasp_hooksGenerate .claude/settings.json PostToolUse hook + .cursor/rules/grasp.mdc
grasp_mroMethod Resolution Order โ€” C3 linearization (Python), MRO for Ruby/Java hierarchies
grasp_communitiesLeiden/Louvain community detection โ€” identify bounded contexts and microservice candidates
grasp_contractsMulti-repo contract analysis โ€” provider exports vs consumer usage, violations + coverage %

Analysis Intelligence (v3.16.0)

ToolWhat it does
grasp_confidenceScore every cross-file connection 0โ€“1 (explicit import=1.0, same-folder=0.8, cross-folder=0.6, low-freq=0.4)
grasp_wikiAuto-generate a markdown wiki: index.md + per-folder pages + api.md sorted by caller count
grasp_registry_listList all Brain-indexed repos with health grade, file/function counts, and active session IDs
grasp_registry_statusRegistry health: indexed count, session count, grade distribution
grasp_resolve_receiverResolve the concrete class for every class method โ€” what self/this refers to across Python, JS, Java, Ruby

Semantic Search, Rename & Routes (v3.16.0)

ToolWhat it does
grasp_searchHybrid semantic search โ€” BM25 FTS5 + 384D vector embeddings (Xenova/all-MiniLM-L6-v2) merged with Reciprocal Rank Fusion. Results include processes[] grouping by execution flow. Supports @groupName fan-out across multiple repos
grasp_renameGraph-aware whole-codebase symbol rename using brain store edges to find every reference. apply: false (default) returns a dry-run diff; apply: true writes changes to disk
grasp_route_mapScan for HTTP route definitions (Express/Fastify/Hono, FastAPI/Flask, Gin) โ€” maps each route to its handler function with file location
grasp_api_impactGiven a route or handler name, returns all callers, downstream services, and blast radius using brain graph edges
grasp_tool_mapScan for MCP tool definitions (server.tool / server.registerTool) and gRPC service definitions โ€” returns a service contract map
grasp_shape_checkFor any function, traces parameter types and return types across all call sites from the brain index; flags call-site mismatches
grasp_group_addAdd a repo source to a named group in ~/.grasp/groups.json for multi-repo @groupName fan-out
grasp_group_listList all named groups and their member repos from ~/.grasp/groups.json

Graph Intelligence (v3.16.0)

ToolDescription
grasp_graph_schemaKuzu schema v3 introspection โ€” node/edge table definitions (File, Function, Class, Interface, Method, Constructor, TestFile + 12 edge types including TESTS and COVERS) with live row counts
grasp_type_propagationCross-file type inference via Kahn topological sort over import graph; returns top inferred types with confidence 0โ€“1
grasp_orm_mapORM query tracker โ€” Prisma, TypeORM, Sequelize, SQLAlchemy; results grouped by model with call sites, operations, frequency
grasp_detect_changesGit diff โ†’ symbol impact: changed files, affected functions, impacted process flows, risk level LOW/MEDIUM/HIGH/CRITICAL
grasp_generate_agents_mdGenerate rich AGENTS.md from brain session โ€” functional communities, execution processes, health grade, top issues
grasp_generate_skillsPer-community .claude/skills/generated/<community>.md files โ€” key files, entry points, cross-area deps

Graph Analytics & LLM Context (v3.18.0)

ToolWhat it does
grasp_hub_nodesTop-N most connected files by fan-in + fan-out (degree centrality)
grasp_bridge_nodesBrandes betweenness centrality. Auto-samples 100 sources for repos > 500 nodes
grasp_surprising_connectionsRare cross-layer edges flagged by frequency-weighted rarity
grasp_knowledge_gapsIsolated files, untested hotspots, weak communities
grasp_suggested_questionsAuto-generated 5โ€“10 review questions composing all of the above
grasp_minimal_contextSub-100-token repo orientation โ€” the LLM's first call
grasp_traverseToken-budget-aware BFS from any starting node
grasp_semantic_searchCosine similarity over function signatures via @xenova/transformers
grasp_apply_refactorExecutes rename ops with dry_run preview default
grasp_architecture_overviewCombined community + hub + review-question report
grasp_export_graphmlyEd / Gephi-compatible GraphML XML export
grasp_export_cypherNeo4j CREATE statements that reproduce the graph
grasp_export_obsidian.canvas JSON for Obsidian Canvas with per-layer column layout
grasp_export_dotGraphviz DOT (digraph) โ€” clusters per layer, edge counts, renders on GitHub
grasp_export_mermaidMermaid graph LR โ€” inline-renders on GitHub, GitLab, Notion, Obsidian
grasp_export_d2Terrastruct D2 โ€” direction: right with layer containers, render via d2 CLI
grasp_export_plantumlPlantUML class diagram โ€” works in Confluence, Jira, IntelliJ, VS Code
grasp_export_dgmlVisual Studio Directed Graph XML โ€” opens natively in VS Architecture window
grasp_export_gexfGephi-native GEXF 1.3 with layer/lines/complexity/churn node attributes
grasp_export_drawiodraw.io / diagrams.net XML โ€” grid layout, editable in app.diagrams.net
grasp_export_csvThree-sheet CSV bundle: files, connections, issues โ€” opens in any spreadsheet

MCP Resources (v3.16.0) โ€” 8 live grasp:// URIs for direct resource access: grasp://repos ยท grasp://setup ยท grasp://repo/{id}/context ยท grasp://repo/{id}/clusters ยท grasp://repo/{id}/processes ยท grasp://repo/{id}/schema ยท grasp://repo/{id}/cluster/{name} ยท grasp://repo/{id}/process/{name}

MCP Prompts (v3.16.0) โ€” detect_impact (changes โ†’ symbols โ†’ processes โ†’ risk โ†’ test scope) ยท generate_map (repos โ†’ analyze โ†’ diagram โ†’ communities โ†’ wiki)


CI/CD Integration

GitHub Actions โ€” Automatic PR Comments

# .github/workflows/grasp.yml
name: Grasp Health Check
on:
  pull_request:
    types: [opened, synchronize, reopened]
jobs:
  health:
    uses: ashfordeOU/grasp/.github/workflows/grasp-health.yml@main

The workflow posts and updates a comment on every PR:

MetricValue
Health Scoreโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–‘โ–‘ 82/100
Grade๐ŸŸข A
Files142 (891 functions)
Architecture Issues3
Circular Deps0 โœ“
Security0 โœ“
Changed Files5 code files in this PR

Architecture Rules (grasp.yml)

rules:
  - min_health_score: 70       # fail CI if score drops below 70
  - max_blast_radius: 20       # flag any file affecting 20+ others

Run locally with grasp . --check, or use the GitHub Actions template.

CLI-based CI Gate

grasp . --report   # Writes grasp-report.json, exit 0 = pass, exit 1 = fail
- name: Grasp health gate
  run: |
    PASSED=$(cat grasp-report.json | jq '.ci.passed')
    SCORE=$(cat grasp-report.json | jq '.ci.score')
    echo "Health score: $SCORE"
    if [ "$PASSED" != "true" ]; then
      cat grasp-report.json | jq '.ci.failures'
      exit 1
    fi

See docs/api-schema.md for the full export schema.

SARIF Upload (GitHub Code Scanning)

grasp . --format=sarif   # Writes grasp-results.sarif
- uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: grasp-results.sarif

Advanced Features

โšก Command Palette

Cmd+K (Mac) / Ctrl+K (Windows) โ€” search files, jump to functions, navigate to issues. Selecting a result pans the graph to that node.

๐Ÿ” Path Finder

Select two files in the details panel to find the shortest dependency chain between them.

๐Ÿ›๏ธ Architecture Rule Engine

Define custom FORBIDDEN dependency rules (e.g., utils โ†’ services is FORBIDDEN). Violations are flagged as issues and persist across sessions.

๐Ÿ“… History & Snapshots

Every analysis is saved automatically. Click HISTORY in the right panel to compare health scores over time with a D3 sparkline and range slider.

๐Ÿšซ Custom Ignore Patterns

โ‹ฏ โ†’ ๐Ÿšซ Ignore Patterns โ€” add directory exclusions (e.g., generated/, __mocks__/). Persists across sessions. Built-in defaults (node_modules, dist, .git) cannot be removed.

๐Ÿ“ค Export Reports

JSON, Markdown, Plain Text, SVG, SARIF 2.1.0, plus 11 portable graph formats: GraphML (yEd/Gephi), Cypher (Neo4j), Obsidian Canvas, DOT (Graphviz), Mermaid, D2 (Terrastruct), PlantUML, DGML (Visual Studio), GEXF (Gephi), draw.io, and a three-sheet CSV bundle (files / connections / issues). Every graph format is one click in the in-app Export menu and one MCP tool away (grasp_export_*). Full schema in docs/api-schema.md.

โœจ v3.20.0 Team Dashboard Parity

Full visual and UX parity between the Team Dashboard and the main Grasp app:

  • Teal brand sweep โ€” all indigo accent tokens replaced with teal #00d4aa, matching Grasp's design system exactly.
  • Lucide SVG icons โ€” emoji buttons in the topbar and help modal replaced with proper inline SVG icons throughout.
  • Multi-provider auth โ€” GitLab Token, GitHub Enterprise, Bitbucket, Azure DevOps, and Gitea added to the auth selector, sharing the same localStorage keys as the main app (grasp_gitlab_token, grasp_bb_username, grasp_ghe_token, etc.).
  • Mobile More menu โ€” at โ‰ค860px, secondary topbar buttons collapse into a ยทยทยท dropdown. Auth bar flex-wraps on narrow screens.
  • Keyboard shortcut popover โ€” ? floating button (kbd-fab) shows a hover/click popover with dashboard shortcuts (/ to focus input, T for theme, Esc to close, ? to toggle).

โœจ v3.18.0 UX Improvements

  • Try-it chips โ€” empty state offers expressjs/express, lodash/lodash, sindresorhus/got quick-start chips for instant demos.
  • Token-loaded indicator โ€” green dot + "Token loaded โ€” 5,000 req/hr" caption when a saved token is detected; otherwise "60 req/hr ยท Add token โ†’".
  • Snapshot URLs โ€” ๐Ÿ“ธ Copy snapshot link bundles the entire analysis into a #snapshot=<gz-base64> fragment. Recipient loads instantly, offline, no API calls.
  • Compare two repos โ€” More menu โ†’ Compare opens a modal with two URL inputs and renders side-by-side health/files/issues/hubs.
  • Mid-analysis rate-limit recovery โ€” when GitHub returns 403/429 mid-fetch, a recovery card replaces the spinner with a countdown to reset, password input for token, and Resume / Retry / Cancel buttons.
  • Mobile touch gestures โ€” pinch-to-zoom + drag pan on the SVG graph. Right panel auto-collapses below 768px so the graph gets full width.
  • Better error messages โ€” 401 explains how to refresh the token + scope link; 404 includes correction examples; network errors mention Open Folder; every error has a โ†ป Retry button.
  • Per-repo persistence โ€” ignore patterns + color mode now save per-repo via grasp_ignore_patterns_<owner/repo> and grasp_color_mode_<owner/repo>. Restored automatically on next analysis of the same repo.
  • Floating ? popover โ€” bottom-right keyboard-shortcuts hint popover with frosted glass.
  • Export menu enhanced โ€” JSON, Markdown, SBOM (CycloneDX 1.4 / SPDX 2.3), SARIF 2.1.0, GraphML, Copy Snapshot URL.

๐Ÿค– AI Coding Tool Support

Grasp works via MCP with all major AI coding tools: Claude Code, Cursor, Cline, Roo Code, Kilo Code, OpenCode, Trae, Grok CLI, Codex CLI, Droid

See ai-tools/ for per-tool setup guides.

๐Ÿ”– Health Badge

![Grasp Health](https://grasp.ashforde.org/badge/owner/repo.svg)

@grasp-bot in PRs

Comment @grasp-bot analyze on any PR โ€” Grasp posts a full health report inline.


VS Code Extension

Install: Download grasp-vscode-3.20.0.vsix from GitHub Releases, then in VS Code run Extensions: Install from VSIXโ€ฆ (Cmd+Shift+P).

  • Auto-analyses workspace on startup, re-analyses on file save (2s debounce)
  • Status bar shows โ†‘ N deps โ†“ M dependents for the active file
  • Pans to the active file on every editor switch
  • Surfaces security issues and arch violations in the Problems panel (squiggly lines)
  • 4 color mode buttons in the panel header: Layer / Folder / Churn / Complexity
  • Health score badge in the panel header
  • Double-click any node to open the file in the editor
  • Right-click any file โ†’ Grasp: Analyze File for instant details
  • Directed links: blue = outgoing imports, green = incoming dependents
  • Rich tooltips: complexity, churn count, top contributor per file

Keyboard Shortcuts

KeyAction
EnterAnalyze repository
Cmd+K / Ctrl+KOpen command palette
+ / -Zoom in/out
Shift+clickMulti-select nodes
EscapeClose modal / command palette
TCycle through 19 themes
?Toggle the keyboard-shortcut popover (bottom-right)

In-app help: every screen in the browser app has a floating ? button bottom-right that opens a popover listing every shortcut and tab. The Team Dashboard (team-dashboard.html) ships its own help modal. If you ever feel lost, press ?.


Glossary

TermPlain English
MCP (Model Context Protocol)An open protocol for AI assistants to call tools. Grasp's MCP server exposes 130 tools to Claude Code, Cursor, etc.
AST (Abstract Syntax Tree)A tree representation of source code. Grasp uses tree-sitter to build them in 35 languages.
tree-sitterA parser library that builds ASTs incrementally and accurately. Grasp ships native bindings for 16 languages
fan-in / fan-outHow many other files import this file (in) vs how many it imports (out). High fan-in = critical hub
Brandes betweenness centralityAlgorithm that finds files sitting on the most "shortest paths" between others โ€” chokepoints
Leiden / LouvainAlgorithms that group densely-connected nodes into communities (microservice-candidate detection)
CypherThe graph-query language used by Kuzu. Grasp lets you run read-only Cypher queries via graph_query
KuzuAn embedded graph database optimised for analytical queries. Stores Grasp's call graph at ~/.grasp/graph/
BM25A keyword-search ranking function (the standard in search engines). Used by grasp_search for text matches
RRF (Reciprocal Rank Fusion)Algorithm to merge keyword and vector search results into a single ranked list
Brain storeGrasp's local SQLite cache at ~/.grasp/brain.db โ€” files, edges, security, coupling, churn
Blast radiusThe set of files affected when one file changes โ€” followed transitively through the import graph
Cyclomatic complexityA score for how many branches/paths a function has. Higher = harder to test
Hybrid searchBM25 (keywords) + vector (semantic) combined via RRF for the best of both worlds
SnapshotA frozen architecture state saved to brain.db; used to detect drift over time
MCP ResourcesURIs like grasp://repos that expose live data to MCP clients without a tool call
MCP PromptsPre-built guided workflows that compose multiple tools (e.g., detect_impact chains 5 tools)
Slash commandsPre-built .claude/commands/*.md files that give Claude Code shortcut buttons

19 Themes

Full theme system with hover picker and click-to-cycle:

Dark ยท Light ยท Matrix ยท Amber Terminal ยท Dracula ยท Nord ยท Tokyo Night ยท Catppuccin ยท Gruvbox ยท Obsidian Gold ยท Midnight Diamond ยท Carbon ยท Noir ยท Synthwave ยท Ocean Depth ยท Forest ยท Sunset ยท High Contrast ยท Solarized Light

Theme choice persists across sessions and is shared between Grasp and Team Dashboard.


Supported Languages

JavaScript ยท TypeScript ยท Python ยท Go ยท Java ยท Rust ยท C ยท C++ ยท C# ยท Ruby ยท PHP ยท Swift ยท Kotlin ยท Scala ยท Vue ยท Svelte ยท Dart ยท Elixir ยท Erlang ยท Haskell ยท Lua ยท R ยท Julia ยท Perl ยท Shell ยท PowerShell ยท F# ยท OCaml ยท Clojure ยท Elm ยท VBA ยท Groovy ยท Ada ยท Zig


GitHub API Rate Limits

AuthRequests/hour
No token60
Personal Access Token5,000
GitHub App5,000 per installation

Architecture

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚                          Analysis Engine  (mcp/src/)                    โ”‚
โ”‚                                                                         โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”   โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”   โ”‚
โ”‚  โ”‚  AST Parser          โ”‚   โ”‚  Analyzer + Pipeline                 โ”‚   โ”‚
โ”‚  โ”‚  tree-sitter WASM    โ”‚   โ”‚  ยท Dependency extraction             โ”‚   โ”‚
โ”‚  โ”‚  35 languages        โ”‚   โ”‚  ยท Cyclomatic complexity             โ”‚   โ”‚
โ”‚  โ”‚  native bindings     โ”‚   โ”‚  ยท Layer classification              โ”‚   โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜   โ”‚  ยท Security pattern detection        โ”‚   โ”‚
โ”‚                              โ”‚  ยท Dead code & duplicate analysis    โ”‚   โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”   โ”‚  ยท Scope resolver (3-tier, 0.95โ†’0.50)โ”‚   โ”‚
โ”‚  โ”‚  Source Adapters     โ”‚   โ”‚  ยท Type propagator (Kahn topo-sort)  โ”‚   โ”‚
โ”‚  โ”‚  GitHub  ยท GitLab    โ”‚   โ”‚  ยท ORM tracker (Prisma/TypeORM/SA)   โ”‚   โ”‚
โ”‚  โ”‚  Azure   ยท Bitbucket โ”‚   โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜   โ”‚
โ”‚  โ”‚  Gitea   ยท Local FS  โ”‚                                               โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜   โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”   โ”‚
โ”‚                              โ”‚  Brain Store  (~/.grasp/brain.db)    โ”‚   โ”‚
โ”‚                              โ”‚  SQLite ยท repos / files / edges      โ”‚   โ”‚
โ”‚                              โ”‚  FTS5 full-text ยท 384D vectors       โ”‚   โ”‚
โ”‚                              โ”‚  Execution process tags (BFS)        โ”‚   โ”‚
โ”‚                              โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜   โ”‚
โ”‚                              โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”   โ”‚
โ”‚                              โ”‚  Graph Store  (~/.grasp/graph/)      โ”‚   โ”‚
โ”‚                              โ”‚  Kuzu  โ€”  Schema v3                  โ”‚   โ”‚
โ”‚                              โ”‚  Nodes: File ยท Function ยท Class      โ”‚   โ”‚
โ”‚                              โ”‚         Interface ยท Method           โ”‚   โ”‚
โ”‚                              โ”‚         Constructor ยท TestFile       โ”‚   โ”‚
โ”‚                              โ”‚  Edges: CALLS(conf) ยท IMPORTS        โ”‚   โ”‚
โ”‚                              โ”‚         EXTENDS ยท IMPLEMENTS         โ”‚   โ”‚
โ”‚                              โ”‚         HAS_METHOD ยท OVERRIDES       โ”‚   โ”‚
โ”‚                              โ”‚         QUERIES ยท STEP_IN_PROCESS    โ”‚   โ”‚
โ”‚                              โ”‚         TESTS ยท COVERS               โ”‚   โ”‚
โ”‚                              โ”‚  Read-only Cypher via graph_query    โ”‚   โ”‚
โ”‚                              โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜   โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                                     โ”‚
           โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
           โ–ผ                         โ–ผ                         โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚      Browser Apps        โ”‚  โ”‚     MCP Server + CLI     โ”‚  โ”‚   IDE Extensions     โ”‚
โ”‚                          โ”‚  โ”‚    (grasp-mcp-server)    โ”‚  โ”‚                      โ”‚
โ”‚  index.html              โ”‚  โ”‚                          โ”‚  โ”‚  VS Code             โ”‚
โ”‚  ยท React + D3            โ”‚  โ”‚  130 tools               โ”‚  โ”‚  JetBrains           โ”‚
โ”‚  ยท 10 graph views        โ”‚  โ”‚  8 MCP Resources         โ”‚  โ”‚  Zed                 โ”‚
โ”‚  ยท AI Chat (11 prov)     โ”‚  โ”‚  2 guided Prompts        โ”‚  โ”‚  Neovim ยท Vim        โ”‚
โ”‚  ยท Confidence overlay    โ”‚  โ”‚  Brain (SQLite+Kuzu)     โ”‚  โ”‚  Emacs               โ”‚
โ”‚  ยท Graph query modal     โ”‚  โ”‚  Hybrid search           โ”‚  โ”‚  Eclipse ยท Continue  โ”‚
โ”‚  ยท Fn-level canvas       โ”‚  โ”‚  Graph analytics(v3.18)  โ”‚  โ”‚                      โ”‚
โ”‚  ยท DB coupling tab       โ”‚  โ”‚  ORM map ยท Change risk   โ”‚  โ”‚  Browser Extensions  โ”‚
โ”‚  ยท Compare mode (v3.18)  โ”‚  โ”‚  Route/API map           โ”‚  โ”‚  Chrome ยท Firefox    โ”‚
โ”‚  ยท Snapshot URLs (v3.18) โ”‚  โ”‚  @group fan-out          โ”‚  โ”‚  Safari              โ”‚
โ”‚  ยท PII detection         โ”‚  โ”‚  Arch diff ยท Hooks       โ”‚  โ”‚                      โ”‚
โ”‚  ยท 19 themes             โ”‚  โ”‚  grasp setup             โ”‚  โ”‚  Setup auto-config   โ”‚
โ”‚  ยท Try-it chips          โ”‚  โ”‚  (Claude/Cursor/         โ”‚  โ”‚  grasp setup [path]  โ”‚
โ”‚  ยท Token indicator       โ”‚  โ”‚   Windsurf/Codex/        โ”‚  โ”‚  writes mcp.json +   โ”‚
โ”‚                          โ”‚  โ”‚   OpenCode)              โ”‚  โ”‚  hooks for all       โ”‚
โ”‚  team-dashboard.html     โ”‚  โ”‚  --watch --timeline      โ”‚  โ”‚  detected editors    โ”‚
โ”‚  ยท Multi-repo health     โ”‚  โ”‚  --format=sarif          โ”‚  โ”‚                      โ”‚
โ”‚  ยท DORA + sparklines     โ”‚  โ”‚  --pr-comment            โ”‚  โ”‚                      โ”‚
โ”‚  ยท Patterns/Env/Flags    โ”‚  โ”‚  --http (HTTP server)    โ”‚  โ”‚                      โ”‚
โ”‚  ยท Registry panel        โ”‚  โ”‚                          โ”‚  โ”‚                      โ”‚
โ”‚  ยท WebSocket rooms       โ”‚  โ”‚                          โ”‚  โ”‚                      โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
           โ”‚                         โ”‚                         โ”‚
           โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                                     โ”‚
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ–ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚                           Integrations                                  โ”‚
โ”‚                                                                         โ”‚
โ”‚  CI/CD             Bots & Alerts       AI Coding Tools   Project Mgmt  โ”‚
โ”‚  GitHub Action     Slack Bot           Claude Code       Jira          โ”‚
โ”‚  GitLab CI         Discord Bot         Cursor            Linear        โ”‚
โ”‚  Bitbucket Pipe    Teams Bot           Windsurf ยท Codex  Raycast       โ”‚
โ”‚  CircleCI Orb      @grasp-bot          Copilot Extension               โ”‚
โ”‚  Jenkins Plugin                        Amazon Q ยท Cline                โ”‚
โ”‚                                        GPT Actions ยท Roo               โ”‚
โ”‚                                                                         โ”‚
โ”‚  Self-hostable SaaS API (saas/) ยท badge service ยท GitHub OAuth        โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

Browser app: zero dependencies to install. React 18, D3.js 7, Babel from CDNs. Tree-sitter WASM grammars load lazily and cache in IndexedDB.

MCP server: Node.js 18+. Native tree-sitter bindings for AST-backed function extraction and cyclomatic complexity across 16 languages: Python, Go, Java, Kotlin, Rust, C, C++, C#, Ruby, JavaScript, TypeScript, TSX, Swift, PHP, Scala, Zig.

Brain store: two persistent stores โ€” SQLite at ~/.grasp/brain.db (file metadata, coupling, security) and Kuzu graph DB at ~/.grasp/graph/ (function call graph, imports, return-type edges โ€” queryable via Cypher).

IDE extensions: VS Code (vscode-extension/), JetBrains (jetbrains-plugin/), Zed, Neovim, Vim, Emacs, Eclipse, Continue โ€” all backed by the same MCP server.

Browser extensions: Chrome, Firefox, and Safari (browser-extension/, safari-extension/) โ€” MV3, inject a floating Grasp button on GitHub and GitLab pages.


Version & Auto-Update

Both index.html and team-dashboard.html display the current version (v3.20.0) in the footer. On load, they silently check the npm registry for a newer release. If found, a dismissible toast appears:

  • Update Now โ€” fetches the new HTML from GitHub, downloads it, and applies it immediately
  • Later โ€” snoozes for 24 hours

No server, no background process.


Privacy & Security

Your code stays on your machine.

Browser app:

  • Runs 100% in the browser โ€” no server, no proxy
  • GitHub/GitLab API calls go directly from your browser to the provider
  • Your token lives in localStorage only โ€” never sent anywhere except the chosen Git provider
  • No analytics, no tracking, no accounts
  • The entire app is one open-source HTML file โ€” audit it yourself

MCP server:

  • Runs locally as a subprocess โ€” no outbound connections except the GitHub/GitLab API
  • No telemetry, no data collection
  • Local directory analysis is read and discarded in memory; Brain store stays on your machine at ~/.grasp/brain.db

Supply chain:

  • Every npm release is signed with SLSA provenance (Level 2) via GitHub Actions OIDC
  • Every Docker image (ghcr.io/ashfordeou/grasp) is signed with Cosign keyless signatures, recorded in the Sigstore Rekor public ledger

Full privacy policy: PRIVACY.md โ€” zero data collection, plain-language statement of what each surface (browser app, MCP server, CI bot, hosted SaaS) does and does not transmit.

Verify before installing:

# npm package
npm install -g @sigstore/verify  # one-time
sigstore verify npm grasp-mcp-server@3.20.0

# Docker image
cosign verify \
  --certificate-identity-regexp="https://github.com/ashfordeOU/grasp/.github/workflows/publish.yml" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
  ghcr.io/ashfordeou/grasp:v3.20.0