Krolik

30 MCP tools for structural code intelligence across 16 languages

Anatoly Koptev

Krolik: 30 Free MCP Tools for Code Intelligence (2026)

Krolik adds 30 MCP tools for code intelligence to Claude Code, Cursor, and Windsurf. Free, Apache 2.0, self-hosted. Traces bugs to file:function in 5 seconds.

Krolik is a free, open-source MCP server by Anatoly Koptev that adds 30 code intelligence tools to your AI coding agent. It parses 16 programming languages, runs a knowledge graph on Apache AGE, and pinpoints the root-cause file and function from a Prometheus alert in 5 seconds. No SaaS, no telemetry: self-hosted on Docker or Go 1.24+.

Krolik is a free, open-source MCP server that gives AI coding agents 30 tools for structural code intelligence. Built by Anatoly Koptev under Apache 2.0, it parses 16 languages via tree-sitter, indexes code into an Apache AGE knowledge graph, and bridges Prometheus alerts to the root-cause file and function in 5 seconds. Works with Claude Code, Cursor, Windsurf, Aider, and Cline. Self-hosted only.

Maker: Anatoly Koptev · Protocol: MCP · Auth: none

Compatible agents: Claude Code, Cursor, Windsurf, Aider, Cline, Any MCP client

Required runtime: Docker (recommended) OR Go 1.24+ with a C compiler, OpenAI-compatible LLM endpoint (mandatory), PostgreSQL 14+ with Apache AGE extension (optional, for code_graph), pgvector + ox-embed-server (optional, for semantic search reranking)

About Krolik

Krolik is an open-source MCP (Model Context Protocol) server built by Anatoly Koptev, a Staff Software Engineer with 14 years of production infrastructure experience. It adds 30 structured code intelligence tools to any MCP-compatible AI coding agent. Released under Apache 2.0 with no telemetry and no SaaS dependency, Krolik indexes codebases into an Apache AGE property graph on PostgreSQL, enabling queries that grep and keyword search cannot answer. As of v1.21.0 (June 20, 2026), the project has shipped 35 releases on GitHub. Krolik runs as a Go 1.24+ binary or Docker container, exposing all tools over Streamable HTTP on port 8897. It uses tree-sitter to parse 16 languages including Go, Python, TypeScript/JS, Rust, Java, C, C++, Ruby, C#, PHP, Svelte, Astro, Kotlin, Swift, and HTML into abstract syntax trees, then stores every symbol, call edge, and import relationship in an Apache AGE property graph. An optional ox-embed-server companion adds ONNX embeddings with ColBERT cross-encoder reranking for semantic search. An optional ox-codes companion deepens dead-code detection. Authentication is not required for local connections; an OpenAI-compatible LLM endpoint is supplied via environment variable. Any editor or agent that implements the Model Context Protocol can call Krolik's tools: Claude Code, Cursor, Windsurf, Aider, and Cline are all confirmed. The 30 tools cover the full development cycle: repo_analyze and explore for codebase overview, symbol_search and semantic_search for finding code, call_trace and impact_analysis for understanding change blast radius up to depth 10, dataflow_analyze for security taint tracking, debug_investigate for a 7-phase root-cause pipeline that goes from Prometheus alert to file:function in 5 seconds, rewrite for AST-based code transformations across 16 languages, and review_pr for differential PR analysis with persistent learnings. Krolik is entirely free to use. There is no paid tier, no hosted cloud option, and no telemetry. Self-hosting requires Docker (recommended) or Go 1.24+ with a C compiler for CGO tree-sitter bindings. PostgreSQL with Apache AGE is optional but required for the knowledge graph tools. The LLM API cost is the only ongoing expense. Since its first release, Krolik has shipped 35 versions, adding language support for Kotlin, Swift, and HTML, fleet monitoring via fleet_versions, WordPress plugin search via wp_plugin_search, and persistent learning across sessions via remember_graph_insights. Anatoly Koptev develops and maintains the project from the SF Bay Area.

Key Features

Use Cases

Install

claude mcp add -s user -t http go-code http://127.0.0.1:8897/mcp

Requirements

Actions

debug_investigate

Runs a 7-phase async pipeline from an error or Prometheus alert to the root-cause file and function, completing in approximately 5 seconds.

{"tool": "debug_investigate", "arguments": {"query": "rate(http_requests_total{status=\"500\"}[5m]) > 0.1", "depth": 3}}

semantic_search

Finds code by concept using hybrid BM25F lexical scoring, pgvector 768-dim embeddings, one-hop AGE graph expansion, and ColBERT cross-encoder reranking.

{"tool": "semantic_search", "arguments": {"query": "user authentication token validation", "limit": 10}}

symbol_search

Searches functions, types, and constants by name pattern across all indexed files and languages.

{"tool": "symbol_search", "arguments": {"pattern": "HandleAuth*", "language": "go"}}

call_trace

Traces call chains bidirectionally from a given symbol with configurable depth, showing all callers or all callees.

{"tool": "call_trace", "arguments": {"symbol": "CreateOrder", "direction": "up", "depth": 5}}

impact_analysis

Calculates the blast radius of changing a symbol: all direct and transitive callers up to depth 10 across the entire codebase.

{"tool": "impact_analysis", "arguments": {"symbol": "parseUserToken", "depth": 10}}

dataflow_analyze

Tracks taint flow through the IL/CFG to detect unescaped inputs, dead stores, and potential injection paths in security-sensitive code.

{"tool": "dataflow_analyze", "arguments": {"symbol": "processUserInput", "source": "http.Request.FormValue"}}

rewrite

Applies structural AST search-replace patterns across 16 languages using wildcard matching, without regex or text substitution.

{"tool": "rewrite", "arguments": {"pattern": "fmt.Sprintf(\"%s\", $x)", "replacement": "$x.String()", "language": "go"}}

review_pr

Analyzes a pull request by computing the differential blast radius and persisting learnings for future reviews of the same codebase.

{"tool": "review_pr", "arguments": {"pr_url": "https://github.com/org/repo/pull/42"}}

understand

Returns type-aware symbol analysis with complexity metrics, including type signatures, references, and cyclomatic complexity.

{"tool": "understand", "arguments": {"symbol": "OrderService.PlaceOrder"}}

code_graph

Queries the Apache AGE property graph using a natural language question translated to Cypher, returning graph relationships between symbols.

{"tool": "code_graph", "arguments": {"query": "Which functions call the database layer from the HTTP handlers?", "depth": 3}}

dead_code

Identifies unused symbols using cross-encoder confidence scoring per symbol, with deeper analysis available via the ox-codes companion.

{"tool": "dead_code", "arguments": {"language": "typescript", "threshold": 0.8}}

code_health

Grades a repository from A to F on code health based on dead code, complexity, and dependency metrics. Requires the ox-codes companion.

{"tool": "code_health", "arguments": {}}

repo_analyze

Performs a deep, quick, or issue/PR-focused analysis of a repository and returns a structured overview.

{"tool": "repo_analyze", "arguments": {"repo_path": "/workspace/my-service", "mode": "deep"}}

explore

Returns a quick sub-second overview of a repository without cloning, useful for getting initial context before deeper analysis.

{"tool": "explore", "arguments": {"repo_url": "https://github.com/org/repo"}}

file_parse

Parses a single file with tree-sitter and returns either a flat list of symbols or the full AST in JSON.

{"tool": "file_parse", "arguments": {"file_path": "src/auth/token.go", "output": "symbols"}}

dep_graph

Builds a dependency graph for the indexed codebase and outputs it in Mermaid, Graphviz DOT, or JSON format.

{"tool": "dep_graph", "arguments": {"format": "mermaid"}}

code_compare

Compares two repositories structurally across architecture, API surface, and code quality dimensions.

{"tool": "code_compare", "arguments": {"repo1": "https://github.com/org/service-v1", "repo2": "https://github.com/org/service-v2"}}

prepare_change

Assesses the risk of a planned code change by identifying affected symbols, tests, and dependent services before any code is written.

{"tool": "prepare_change", "arguments": {"symbol": "UserService.UpdateEmail", "change_description": "Add email uniqueness validation"}}

code_research

Performs BM25F plus embedding-based search optimized for large monorepos where semantic_search may be too broad.

{"tool": "code_research", "arguments": {"query": "distributed transaction rollback", "limit": 5}}

design_search

Finds system components or modules by a natural language UI or workflow description using multilingual-e5-large embeddings.

{"tool": "design_search", "arguments": {"description": "The checkout flow that shows a cart summary before payment"}}

resolve_frame

Unminifies a JavaScript or TypeScript stack frame by resolving it through a source map back to the original file and line number.

{"tool": "resolve_frame", "arguments": {"frame": "at t.e.n.processEvent (bundle.min.js:1:43291)", "source_map_url": "https://cdn.example.com/bundle.min.js.map"}}

site_analyze

Crawls a website to produce a tech stack fingerprint and SEO audit including meta tags, canonical URLs, and structured data.

{"tool": "site_analyze", "arguments": {"url": "https://example.com"}}

site_crawl

Runs a breadth-first crawl of a website and returns all discovered URLs with their status codes.

{"tool": "site_crawl", "arguments": {"url": "https://docs.example.com", "depth": 3}}

fleet_versions

Diffs pinned container image versions in configuration files against the versions actually running in the deployed environment.

{"tool": "fleet_versions", "arguments": {}}

remember_graph_insights

Persists learnings about the codebase to a knowledge store so future queries benefit from prior analysis context.

{"tool": "remember_graph_insights", "arguments": {"insights": "The auth package uses singleton pattern; token validation always goes through TokenService.Validate before any DB write."}}

repo_search

Discovers GitHub repositories matching a query by combining SearXNG web search with GitHub API results, ranked by an LLM.

{"tool": "repo_search", "arguments": {"query": "Go microservices gRPC health check", "limit": 5}}

review_delta

Computes differential blast radius for a code diff and persists learnings, functionally identical to review_pr but accepts raw diffs directly.

{"tool": "review_delta", "arguments": {"diff": "--- a/auth.go\n+++ b/auth.go\n@@ -12,7 +12,8 @@"}}

wp_plugin_search

Searches the WordPress.org plugin directory for plugins matching a query, returning plugin names, versions, and active install counts.

{"tool": "wp_plugin_search", "arguments": {"query": "woocommerce payment gateway"}}

How to Invoke

Exposed as 30 MCP tools via Streamable HTTP on port 8897. Register with: claude mcp add -s user -t http go-code http://127.0.0.1:8897/mcp. Agent calls tools by name (e.g. debug_investigate, semantic_search, symbol_search) with JSON arguments.

Pricing

Completely free and open source under Apache 2.0. No paid tier, no hosted SaaS, and no telemetry. Self-hosted: only ongoing cost is your own LLM API usage.

Strengths

Weaknesses

Frequently Asked Questions

What is Krolik and what does it do?

Krolik is a free, open-source MCP (Model Context Protocol) server that adds 30 code intelligence tools to AI coding agents. Built by Anatoly Koptev, a Staff Software Engineer with 14 years of production experience, it is available at krolik.tools and on GitHub at github.com/anatolykoptev/go-code under Apache 2.0 license. The server runs locally via Docker or Go 1.24+ and exposes all tools over Streamable HTTP on port 8897. Agents call tools by name with JSON arguments, covering everything from symbol search and call graph tracing to security taint analysis and pull request review. As of v1.21.0 (June 20, 2026), Krolik has shipped 35 releases and supports 16 programming languages. The standout capability is debug_investigate: a 7-phase async pipeline that goes from a Prometheus alert or error to the root-cause file and function in approximately 5 seconds.

How much does Krolik cost in 2026?

Krolik is completely free to use. There is no paid tier, no hosted SaaS product, and no subscription. The project is released under the Apache 2.0 license, which permits commercial use, modification, and redistribution. The only ongoing expense is the cost of the OpenAI-compatible LLM endpoint that you supply via environment variable, since Krolik requires a language model for tools like code_graph and debug_investigate. Hosting Krolik on your own server adds standard compute costs for Docker or a Go binary. Two optional companion services, ox-embed-server and ox-codes, are also open source under the same license. There is no freemium model, no usage limit, and no feature gating behind a paid plan.

What are the main features of Krolik?

Krolik provides 30 MCP tools divided into several capability groups. Code discovery tools include symbol_search, semantic_search, code_research, and design_search for finding code by name, concept, or UI description. Analysis tools include call_trace, impact_analysis, understand, and dep_graph for mapping how code connects. The debug_investigate tool runs a 7-phase pipeline from a Prometheus alert to the root-cause function in about 5 seconds. Security tools include dataflow_analyze for taint tracking and dead_code for finding unused symbols. Transformation tools include rewrite for AST-level structural code changes across 16 languages. Review tools include review_pr and review_delta for computing blast radius before merging. Additional tools cover fleet monitoring (fleet_versions), web crawling (site_analyze, site_crawl), and persistent learning (remember_graph_insights).

Is Krolik free to use?

Yes, Krolik is free to use with no restrictions. It is released under the Apache 2.0 open source license, which means you can use it commercially, modify it, and redistribute it without paying any fees. There is no freemium tier with locked features, no usage-based billing, and no telemetry or phone-home. The only cost is what you pay your LLM provider for the API endpoint that Krolik calls internally, and any cloud compute you use to host the Docker container or Go binary. Both optional companion services, ox-embed-server for ONNX embeddings and ox-codes for deeper dead-code analysis, are also free and open source.

What are the best alternatives to Krolik?

The strongest alternatives in the code intelligence MCP category as of mid-2026 are CodeGraph, GitNexus, and codebase-memory-mcp. CodeGraph (47,400 GitHub stars) and GitNexus (42,000 stars) both pre-compute codebase structure on-device and serve it over MCP with no cloud or embeddings API required, making them better choices if you want instant setup and a large community for support. Codebase-memory-mcp supports 158 languages, far more than Krolik's 16, and uses tree-sitter plus LSP for higher-fidelity type resolution. Choose Krolik if you specifically need its debug_investigate pipeline (Prometheus-to-function in 5 seconds), its dataflow taint analysis, or its site crawl and fleet monitoring tools, which the above alternatives do not provide. Repomix (26,200 stars) is another option if your goal is compressing codebase context for prompts rather than calling structured analysis tools.

Who is Krolik best for?

Krolik is best for backend engineers, security engineers, and platform teams who use AI coding agents (Claude Code, Cursor, Windsurf) to navigate large codebases. Backend engineers benefit from call_trace and impact_analysis when planning refactors, because the tools show exactly which code will break before a single line is changed. Security engineers get the most value from dataflow_analyze, which traces user input through the CFG to identify injection risks in code that is too large to audit manually. Platform teams debugging production incidents benefit most from debug_investigate, which connects Prometheus alerts to the root-cause function in seconds. Krolik is not the right choice for teams that want a hosted, zero-setup solution, or for individual developers who only work on small codebases where grep is sufficient.

How do you get started with Krolik?

Getting started with Krolik takes about 5 minutes assuming Docker is installed. First, clone the repository from github.com/anatolykoptev/go-code and start the server with docker compose up -d from the project directory. Set the LLM_API_BASE and LLM_API_KEY environment variables to point to your OpenAI-compatible LLM endpoint before starting. Once the container is running on port 8897, register it in Claude Code with: claude mcp add -s user -t http go-code http://127.0.0.1:8897/mcp. For Cursor and Windsurf, add the MCP URL http://127.0.0.1:8897/mcp in their MCP settings panel. Optional: add a PostgreSQL database with Apache AGE for the code_graph tools, and run ox-embed-server for embedding-based semantic search. Without the optional companions, repo analysis, symbol search, call tracing, and debug investigation all work immediately.

How does Krolik compare to CodeGraph in 2026?

Krolik and CodeGraph both deliver code intelligence over MCP, but they target different pain points. CodeGraph (47,400 GitHub stars, launched January 2026) focuses on pre-indexing codebase structure on-device for fast context delivery to agents, with zero external dependencies and sub-millisecond query times. Krolik (2 GitHub stars) trades community size for breadth: its 30 tools go far beyond structure queries to include dataflow taint analysis, 7-phase production incident debugging connected to Prometheus and Jaeger, AST rewriting across 16 languages, fleet monitoring, and site crawling. If your agent mainly needs to read code structure and keep token usage low, CodeGraph's simplicity and community support make it the better choice. If you need an agent that can debug production incidents, track security vulnerabilities through dataflow analysis, or transform code at the AST level, Krolik provides capabilities that CodeGraph does not have.

View the official Krolik skill page