Back to blog

What Is Codewalk? And Why Its Code Review Doesn’t Need Indexing

Aakash Gupta· Founder5 min read
code-reviewaiopen-source
Share

Codewalk is an open-source codebase intelligence tool. Point it at any git repo and it builds a map of how the code actually fits together — modules, imports, functions, call chains, and risk hotspots. Then it lets you explore that map through a web UI, an MCP server inside your IDE agent, or a REST API.

The foundation is a dependency graph built from real imports across 15+ languages, stored in DuckDB and analyzed with igraph. On top of that graph sits semantic search, AI chat with source citations, architecture health metrics, blast-radius analysis, and code review.

That last one — code review — is where Codewalk does something unusual. It works without indexing the repo first. You can run a review on a fresh clone in seconds. The intelligence layer makes it smarter when an index exists, but the index is never a gate.


The foundation: indexing, blast radius, and the graph

Most AI coding tools ask you to embed the entire codebase before they can do anything useful. That process is called indexing: chunk the files, compute embeddings, store them in a vector database, and build auxiliary structures like symbol tables and dependency graphs.

Codewalk can do that too. codewalk_analyze_codebase scans a repo, chunks and embeds files, and builds the graph. Once indexed, you can ask questions like:

  • “What breaks if I change auth.py?”
  • “Which files have the highest PageRank — the ones everything else depends on?”
  • “Are there circular imports between the payment and notification modules?”

That last question is blast radius. If base_model.py is imported by 47 other files, changing it is high risk. Codewalk shows the transitive impact — not just direct callers, but everything downstream.

This foundation makes Codewalk’s AI chat and architecture analysis grounded. It answers from the actual code, not from stale docs or guesswork.

codewalk-v2-web-blast-radius.mp4
Seeing what breaks when a file changes.

See all demos →


The surprising part: review runs before any of that

Most code review tools treat indexing as a prerequisite. You wait, you pay per embedding, and if the index is stale the review quality drops.

Codewalk separates review from indexing. The review engine only needs:

  • the git diff
  • the content of changed files
  • static analysis
  • team guidelines from codewalk.yaml

That is enough to find bugs, security issues, style violations, and logic errors.

What you get with and without an index

ComponentWithout indexWith index
Git diff + file content
Rubrics + team guidelines
Stack detection✅ from file extensions✅ cached
Risk annotations⚠️ diff-size proxy✅ PageRank, fan-in, cycles
Neighborhood context⚠️ no callers/tests✅ from DuckDB graph
Blast radius warnings⚠️ not available✅ transitive impact

The un-indexed review is already useful. The indexed review is senior-engineer-level useful.


How the review pipeline works

git diff → Static Analysis → Batch files by risk
         → Host LLM reviews each batch with full context
         → Submit findings per batch
         → Final summary + verdict
         → Re-review: hide rejected findings and verify fixes

Files are batched in groups of 3–5, sorted by risk, so the host LLM stays focused. Static analysis and stack detection run locally. OWASP security checks and custom guidelines are applied. Then the LLM reviews each batch with the context it actually needs.

Findings are ranked:

  • blocker — must fix before merge
  • error — real bugs, logic errors, security risks
  • suggestion — style, naming, minor improvements

You accept or reject each finding. Accepted fixes can be applied atomically and verified with tests. After fixes, codewalk_re_review starts a fresh review and hides any finding you rejected in the previous session. A human-in-the-loop gate prevents any file modification without approval.

codewalk-v2-web-run-review.mp4
Running a review from the web interface.
codewalk-mcp-run-review-v2.mp4
Running a review through the MCP server.

See all demos →


Why this matters

  • Hotfixes. Production is on fire. You do not have time to embed 50,000 files.
  • CI/CD gates. Run review on every PR without maintaining a warm index.
  • Legacy monorepos. Index once if you want, but do not block the first review on it.
  • Lower cost. No per-embedding charges just to check a three-file change.

Indexing still makes sense for the repos you work in every day. Codewalk’s incremental reindex only re-embeds changed files, so keeping the index fresh is cheap. But review should never be held hostage by it.


Try it

From the REST API:

curl -X POST http://localhost:8000/review \
  -H "Content-Type: application/json" \
  -d '{}'

From the MCP server in VS Code Copilot, Claude Code, or Cursor:

@codewalk run review on my working-tree changes

After you accept or reject findings, re-review to verify fixes without re-seeing rejected issues:

@codewalk re-review this diff

No analyze step. No embedding queue. Just the repo and the diff.


Learn more