Labsco
postrv logo

Narsil MCP

167

from postrv

Blazingly fast 🔥 best in class MCP server in Rust 🦀 with neural engine, security profiling, and optional graph frontend

🔥🔥🔥🔥✓ VerifiedAccount requiredAdvanced setup

narsil-mcp

The blazing-fast, privacy-first MCP server for deep code intelligence

License Rust Tests MCP

A Rust-powered MCP (Model Context Protocol) server providing AI assistants with deep code understanding through 90 specialized tools.

Why narsil-mcp?

Featurenarsil-mcpXRAYSerenaGitHub MCP
Languages32430+ (LSP)N/A
Neural SearchYesNoNoNo
Taint AnalysisYesNoNoNo
SBOM/LicensesYesNoNoPartial
Offline/LocalYesYesYesNo
WASM/BrowserYesNoNoNo
Call GraphsYesPartialNoNo
Type InferenceYesNoNoNo

Key Features

  • Code Intelligence - Symbol extraction, semantic search, call graph analysis
  • Neural Semantic Search - Find similar code using embeddings (Voyage AI, OpenAI)
  • Security Analysis - Taint analysis, vulnerability scanning, OWASP/CWE coverage
  • Supply Chain Security - SBOM generation, dependency auditing, license compliance
  • Advanced Analysis - Control flow graphs, data flow analysis, dead code detection

Why Choose narsil-mcp?

  • Written in Rust - Blazingly fast, memory-safe, single binary (~30MB)
  • Tree-sitter powered - Accurate, incremental parsing for 32 languages
  • Zero config - Point at repos and go
  • MCP compliant - Works with Claude, Cursor, VS Code Copilot, Zed, and any MCP client
  • Privacy-first - Fully local, no data leaves your machine
  • Parallel indexing - Uses all cores via Rayon
  • Smart excerpts - Expands to complete syntactic scopes
  • Security-first - Built-in vulnerability detection and taint analysis
  • Neural embeddings - Optional semantic search with Voyage AI or OpenAI
  • WASM support - Run in browser with WebAssembly build
  • Real-time streaming - Results as indexing progresses for large repos

Supported Languages

LanguageExtensionsSymbols Extracted
Rust.rsfunctions, structs, enums, traits, impls, mods
Python.py, .pyifunctions, classes
JavaScript.js, .jsx, .mjsfunctions, classes, methods, variables
TypeScript.ts, .tsxfunctions, classes, interfaces, types, enums
Go.gofunctions, methods, types
C.c, .hfunctions, structs, enums, typedefs
C++.cpp, .cc, .hppfunctions, classes, structs, namespaces
Java.javamethods, classes, interfaces, enums
C#.csmethods, classes, interfaces, structs, enums, delegates, namespaces
Bash.sh, .bash, .zshfunctions, variables
Ruby.rb, .rake, .gemspecmethods, classes, modules
Kotlin.kt, .ktsfunctions, classes, objects, interfaces
PHP.php, .phtmlfunctions, methods, classes, interfaces, traits
Swift.swiftclasses, structs, enums, protocols, functions
Verilog/SystemVerilog.v, .vh, .sv, .svhmodules, tasks, functions, interfaces, classes
Scala.scala, .scclasses, objects, traits, functions, vals
Lua.luafunctions, methods
Haskell.hs, .lhsfunctions, data types, type classes
Elixir.ex, .exsmodules, functions
Clojure.clj, .cljs, .cljc, .ednlists (basic AST)
Dart.dartfunctions, classes, methods
Julia.jlfunctions, modules, structs
R.R, .r, .Rmdfunctions
Perl.pl, .pm, .tfunctions, packages
Zig.zigfunctions, variables
Erlang.erl, .hrlfunctions, modules, records
Elm.elmfunctions, types
Fortran.f90, .f95, .f03, .f08, .f, .for, .fppprograms, subroutines, functions, modules
PowerShell.ps1, .psm1, .psd1functions, classes, enums
Nix.nixbindings
Groovy.groovy, .gradlemethods, classes, interfaces, enums, functions

Available Tools (90)

Repository & File Management

ToolDescription
list_reposList all indexed repositories with metadata
get_project_structureGet directory tree with file icons and sizes
get_fileGet file contents with optional line range
get_excerptExtract code around specific lines with context
reindexTrigger re-indexing of repositories
discover_reposAuto-discover repositories in a directory
validate_repoCheck if path is a valid repository
get_index_statusShow index stats and enabled features

Symbol Search & Navigation

ToolDescription
find_symbolsFind structs, classes, functions by type/pattern
get_symbol_definitionGet symbol source with surrounding context
find_referencesFind all references to a symbol
get_dependenciesAnalyze imports and dependents
workspace_symbol_searchFuzzy search symbols across workspace
find_symbol_usagesCross-file symbol usage with imports
get_export_mapGet exported symbols from a file/module

Code Search

ToolDescription
search_codeKeyword search with relevance ranking
semantic_searchBM25-ranked semantic search
hybrid_searchCombined BM25 + TF-IDF with rank fusion
search_chunksSearch over AST-aware code chunks
find_similar_codeFind code similar to a snippet (TF-IDF)
find_similar_to_symbolFind code similar to a symbol

AST-Aware Chunking

ToolDescription
get_chunksGet AST-aware chunks for a file
get_chunk_statsStatistics about code chunks
get_embedding_statsEmbedding index statistics

Neural Semantic Search (requires --neural)

ToolDescription
neural_searchSemantic search using neural embeddings (finds similar code even with different names)
find_semantic_clonesFind Type-3/4 semantic clones of a function
get_neural_statsNeural embedding index statistics

Call Graph Analysis (requires --call-graph)

ToolDescription
get_call_graphGet call graph for repository/function
get_callersFind functions that call a function
get_calleesFind functions called by a function
find_call_pathFind path between two functions
get_complexityGet cyclomatic/cognitive complexity
get_function_hotspotsFind highly connected functions

Control Flow Analysis

ToolDescription
get_control_flowGet CFG showing basic blocks and branches
find_dead_codeFind unreachable code blocks

Data Flow Analysis

ToolDescription
get_data_flowVariable definitions and uses
get_reaching_definitionsWhich assignments reach each point
find_uninitializedVariables used before initialization
find_dead_storesAssignments that are never read

Type Inference (Python/JavaScript/TypeScript)

ToolDescription
infer_typesInfer types for variables in a function without external type checkers
check_type_errorsFind potential type errors without running mypy/tsc
get_typed_taint_flowEnhanced taint analysis combining data flow with type inference

Import/Dependency Graph

ToolDescription
get_import_graphBuild and analyze import graph
find_circular_importsDetect circular dependencies
get_incremental_statusMerkle tree and change statistics

Security Analysis - Taint Tracking

ToolDescription
find_injection_vulnerabilitiesFind SQL injection, XSS, command injection, path traversal
trace_taintTrace tainted data flow from a source
get_taint_sourcesList taint sources (user input, files, network)
get_security_summaryComprehensive security risk assessment

Security Analysis - Rules Engine

ToolDescription
scan_securityScan with security rules (OWASP, CWE, crypto, secrets)
check_owasp_top10Scan for OWASP Top 10 2021 vulnerabilities
check_cwe_top25Scan for CWE Top 25 weaknesses
explain_vulnerabilityGet detailed vulnerability explanation
suggest_fixGet remediation suggestions for findings

Supply Chain Security

ToolDescription
generate_sbomGenerate SBOM (CycloneDX/SPDX/JSON)
check_dependenciesCheck for known vulnerabilities (OSV database)
check_licensesAnalyze licenses for compliance issues
find_upgrade_pathFind safe upgrade paths for vulnerable deps

Git Integration (requires --git)

ToolDescription
get_blameGit blame for file
get_file_historyCommit history for file
get_recent_changesRecent commits in repository
get_hotspotsFiles with high churn and complexity
get_contributorsRepository/file contributors
get_commit_diffDiff for specific commit
get_symbol_historyCommits that changed a symbol
get_branch_infoCurrent branch and status
get_modified_filesWorking tree changes

LSP Integration (requires --lsp)

ToolDescription
get_hover_infoType info and documentation
get_type_infoPrecise type information
go_to_definitionFind definition location

Remote Repository Support (requires --remote)

ToolDescription
add_remote_repoClone and index GitHub repository
list_remote_filesList files via GitHub API
get_remote_fileFetch file via GitHub API

Metrics

ToolDescription
get_metricsPerformance stats and timing

SPARQL / Knowledge Graph (requires --graph)

ToolDescription
sparql_queryExecute SPARQL query against RDF knowledge graph
list_sparql_templatesList available SPARQL query templates
run_sparql_templateExecute predefined SPARQL template with parameters

Code Context Graph (CCG) (requires --graph)

CCG provides standardized, AI-consumable representations of codebases in tiered layers.

ToolDescription
get_ccg_manifestLayer 0 manifest (~1-2KB JSON-LD) - repo identity, counts
export_ccg_manifestExport Layer 0 manifest to file
export_ccg_architectureLayer 1 architecture (~10-50KB JSON-LD) - modules, API
export_ccg_indexLayer 2 symbol index (~100-500KB N-Quads gzipped)
export_ccg_fullLayer 3 full detail (~1-20MB N-Quads gzipped)
export_ccgExport all CCG layers as a bundle
query_ccgQuery CCG using SPARQL
get_ccg_aclGenerate WebACL access control for CCG layers
get_ccg_access_infoGet CCG access tier information
import_ccgImport CCG layer from URL or file
import_ccg_from_registryImport CCG from codecontextgraph.com registry

Security Rules

narsil-mcp includes built-in security rules in rules/:

Core Rulesets:

  • owasp-top10.yaml - OWASP Top 10 2021 vulnerability patterns
  • cwe-top25.yaml - CWE Top 25 Most Dangerous Weaknesses
  • crypto.yaml - Cryptographic issues (weak algorithms, hardcoded keys)
  • secrets.yaml - Secret detection (API keys, passwords, tokens)

Language-Specific Rules:

  • rust.yaml - Rust security patterns (unsafe transmute, FFI boundaries, command injection, TOCTOU)
  • elixir.yaml - Elixir/BEAM patterns (atom exhaustion, binary_to_term, Code.eval, Ecto SQL injection)
  • go.yaml - Go security patterns (SQL injection, TLS, command injection)
  • java.yaml - Java vulnerabilities (XXE, deserialization, LDAP injection)
  • csharp.yaml - C# security issues (deserialization, XSS, path traversal)
  • kotlin.yaml - Kotlin/Android patterns (WebView, intents, secrets)
  • bash.yaml - Shell script vulnerabilities (command injection, eval)

Infrastructure & Configuration:

  • iac.yaml - Infrastructure as Code (Terraform, CloudFormation, Kubernetes)
  • config.yaml - Configuration file security (hardcoded credentials, insecure settings)

Custom rules can be loaded with scan_security --ruleset /path/to/rules.yaml.

Architecture

Copy & paste — that's it
+-----------------------------------------------------------------+
|                         MCP Server                               |
|  +-----------------------------------------------------------+  |
|  |                   JSON-RPC over stdio                      |  |
|  +-----------------------------------------------------------+  |
|                              |                                   |
|  +---------------------------v-------------------------------+  |
|  |                   Code Intel Engine                        |  |
|  |  +------------+ +------------+ +------------------------+  |  |
|  |  |  Symbol    | |   File     | |    Search Engine       |  |  |
|  |  |  Index     | |   Cache    | |  (Tantivy + TF-IDF)    |  |  |
|  |  | (DashMap)  | | (DashMap)  | +------------------------+  |  |
|  |  +------------+ +------------+                              |  |
|  |  +------------+ +------------+ +------------------------+  |  |
|  |  | Call Graph | |  Taint     | |   Security Rules       |  |  |
|  |  |  Analysis  | |  Tracker   | |   Engine               |  |  |
|  |  +------------+ +------------+ +------------------------+  |  |
|  +-----------------------------------------------------------+  |
|                              |                                   |
|  +---------------------------v-------------------------------+  |
|  |                Tree-sitter Parser                          |  |
|  |  +------+ +------+ +------+ +------+ +------+             |  |
|  |  | Rust | |Python| |  JS  | |  TS  | | Go   | ...         |  |
|  |  +------+ +------+ +------+ +------+ +------+             |  |
|  +-----------------------------------------------------------+  |
|                              |                                   |
|  +---------------------------v-------------------------------+  |
|  |                Repository Walker                           |  |
|  |           (ignore crate - respects .gitignore)             |  |
|  +-----------------------------------------------------------+  |
+-----------------------------------------------------------------+

Performance

Benchmarked on Apple M1 (criterion.rs):

Parsing Throughput

LanguageInput SizeTimeThroughput
Rust (large file)278 KB131 µs1.98 GiB/s
Rust (medium file)27 KB13.5 µs1.89 GiB/s
Python~4 KB16.7 µs-
TypeScript~5 KB13.9 µs-
Mixed (5 files)~15 KB57 µs-

Search Latency

OperationCorpus SizeTime
Symbol exact match1,000 symbols483 ns
Symbol prefix match1,000 symbols2.7 µs
Symbol fuzzy match1,000 symbols16.5 µs
BM25 full-text1,000 docs80 µs
TF-IDF similarity1,000 docs130 µs
Hybrid (BM25+TF-IDF)1,000 docs151 µs

End-to-End Indexing

RepositoryFilesSymbolsTimeMemory
narsil-mcp (this repo)531,733220 ms~50 MB
rust-analyzer2,847~50K2.1s89 MB
linux kernel78,000+~500K45s2.1 GB

Key metrics:

  • Tree-sitter parsing: ~2 GiB/s sustained throughput
  • Symbol lookup: <1µs for exact match
  • Full-text search: <1ms for most queries
  • Hybrid search runs BM25 + TF-IDF in parallel via rayon

Development

Copy & paste — that's it
# Run the full test suite
cargo test

# Run benchmarks (criterion.rs)
cargo bench

# Run with debug logging
RUST_LOG=debug cargo run -- --repos ./test-fixtures

# Format code
cargo fmt

# Lint
cargo clippy

# Test with MCP Inspector
npx @modelcontextprotocol/inspector ./target/release/narsil-mcp --repos ./path/to/repo

Roadmap

Completed

  • Multi-language symbol extraction (32 languages)
  • Full-text search with Tantivy (BM25 ranking)
  • Hybrid search (BM25 + TF-IDF with RRF)
  • AST-aware code chunking
  • Git blame/history integration
  • Call graph analysis with complexity metrics
  • Control flow graph (CFG) analysis
  • Data flow analysis (DFG) with reaching definitions
  • Dead code and dead store detection
  • Taint analysis for injection vulnerabilities
  • Security rules engine (OWASP, CWE, crypto, secrets)
  • SBOM generation (CycloneDX, SPDX)
  • Dependency vulnerability checking (OSV)
  • License compliance analysis
  • Import graph with circular dependency detection
  • Cross-language symbol resolution
  • Incremental indexing with Merkle trees
  • Index persistence
  • Watch mode for file changes
  • LSP integration
  • Remote repository support
  • Streaming responses

What's New

v1.6.x (Current)

  • Crash-proof chunking - Fixed unsafe byte-level string slicing in chunk_file() and extract_signature() that caused hybrid_search, search_chunks, and get_chunk_stats to crash when processing files with multi-byte UTF-8 characters (emoji, CJK, accented chars). All byte slicing now uses safe content.get() with fallback.
  • NaN-safe sort operations - Fixed 5 locations across search, embeddings, git, index, and extract modules where partial_cmp().unwrap() would panic on NaN float values. All sorts now use unwrap_or(Ordering::Equal).
  • Defense-in-depth chunking - Added catch_unwind wrappers around all repo-wide chunk_file() loops so a panic in one file skips it instead of crashing the entire MCP server.
  • Visualization frontend overhaul - Full SPA with HashRouter routing, file tree sidebar, syntax-highlighted code viewer, dashboard, and per-repo overview pages
  • Graph view performance - Import graph now uses cached index data instead of filesystem walks; symbol graph iterates file cache directly instead of markdown round-trips; all views respect max_nodes for early termination
  • Real control flow graphs - Flow view now uses the real CFG builder (cfg::analyze_function) with proper basic blocks, branch conditions, and loop back-edges instead of the single-block stub
  • Hybrid graph budget splitting - Hybrid view allocates 60/40 node budget between call and import graphs for balanced results
  • Fix #14: configurable embedding dimensions - Added --neural-dimension CLI arg and default_dimension_for_model() lookup so models like text-embedding-3-large use correct dimensions (3072) instead of hardcoded 1536
  • Fix #13: Nix frontend build - Added frontendDist derivation in flake.nix using buildNpmPackage so nix profile install github:postrv/narsil-mcp#with-frontend works
  • Rust security rules - 18 new rules (RUST-004 to RUST-021) covering command injection, transmute, FFI boundaries, TOCTOU, ReDoS, static mut, SSRF, and more
  • Elixir security rules - 18 new rules (EX-001 to EX-018) covering atom exhaustion, binary_to_term deserialization, Code.eval injection, Ecto SQL injection, Phoenix XSS, Erlang distribution security
  • Migrated from serde_yaml to serde-saphyr - Deprecated serde_yaml replaced with actively maintained, panic-free YAML library
  • Custom favicon - Frontend now uses narsil-mcp branding icon instead of default Vite logo
  • Dependency security - Updated time to 0.3.47 (RUSTSEC-2026-0009), bytes to 1.11.1 (RUSTSEC-2026-0007)
  • Test count increased from 1,611 to 1,763 (+152 tests)

v1.5.x

  • Deterministic call graph resolution - Scope-hint propagation disambiguates callee resolution (e.g., App::run() correctly resolves to src/app/mod.rs::run)
  • 8 graph analysis fixes - Qualified node keys, hotspot filtering, CFG expression handling, import path parsing
  • Nix flake improvements - DRY mkPkg helper, removed unnecessary macOS frameworks, --lib test strategy for sandbox builds

v1.4.x

  • SPARQL / RDF Knowledge Graph - Query code intelligence data with SPARQL via Oxigraph
  • Code Context Graph (CCG) - 12 tools for standardized, AI-consumable codebase representations with tiered layers (L0-L3)
  • Type-aware security analysis - Enhanced taint tracking with type inference and trait implementations
  • Multi-language CFG/DFG - Control flow and data flow analysis extended to Go, Java, C#, Kotlin
  • Infrastructure as Code scanning - New iac.yaml rules for Terraform, CloudFormation, Kubernetes
  • Language-specific security rules - New rules for Go, Java, C#, Kotlin, Bash
  • 6 new languages - Erlang, Elm, Fortran, PowerShell, Nix, Groovy
  • 90 tools total - Up from 79 with new SPARQL, CCG, and analysis capabilities

v1.2.x

  • exclude_tests parameter - 22 tools support filtering out test files
  • npm package - Install via npm install -g narsil-mcp

v1.1.x

  • Multi-platform distribution - Install via Homebrew, Scoop, npm, Cargo, or direct download
  • Configurable tool presets - Minimal, balanced, full, and security-focused presets
  • Automatic editor detection - Optimal defaults for Zed, VS Code, Claude Desktop
  • Interactive setup wizard - narsil-mcp config init for easy configuration
  • 32 language support - Added Dart, Julia, R, Perl, Zig, and more
  • Improved performance - Faster startup with background indexing

v1.0.x

  • Neural semantic search - Find similar code using Voyage AI or OpenAI embeddings
  • Type inference - Infer types in Python/JavaScript/TypeScript without external tools
  • Multi-language taint analysis - Security scanning for PHP, Java, C#, Ruby, Kotlin
  • WASM build - Run in browser for code playgrounds and educational tools
  • 147 bundled security rules - OWASP, CWE, crypto, secrets, Rust, Elixir detection
  • IDE configs included - Claude Desktop, Cursor, VS Code, Zed templates

License

Licensed under either of:

at your option.

Credits

Built with: