Codewalk is an open-source codebase intelligence tool. Point it at any git repo and it builds a map of how the code actually fits together — modules, imports, functions, call chains, and risk hotspots. Then it lets you explore that map through a web UI, an MCP server inside your IDE agent, or a REST API.
The foundation is a dependency graph built from real imports across 15+ languages, stored in DuckDB and analyzed with igraph. On top of that graph sits semantic search, AI chat with source citations, architecture health metrics, blast-radius analysis, and code review.
That last one — code review — is where Codewalk does something unusual. It works without indexing the repo first. You can run a review on a fresh clone in seconds. The intelligence layer makes it smarter when an index exists, but the index is never a gate.
The foundation: indexing, blast radius, and the graph
Most AI coding tools ask you to embed the entire codebase before they can do anything useful. That process is called indexing: chunk the files, compute embeddings, store them in a vector database, and build auxiliary structures like symbol tables and dependency graphs.
Codewalk can do that too. codewalk_analyze_codebase scans a repo, chunks and embeds files, and builds the graph. Once indexed, you can ask questions like:
- “What breaks if I change
auth.py?” - “Which files have the highest PageRank — the ones everything else depends on?”
- “Are there circular imports between the payment and notification modules?”
That last question is blast radius. If base_model.py is imported by 47 other files, changing it is high risk. Codewalk shows the transitive impact — not just direct callers, but everything downstream.
This foundation makes Codewalk’s AI chat and architecture analysis grounded. It answers from the actual code, not from stale docs or guesswork.
The surprising part: review runs before any of that
Most code review tools treat indexing as a prerequisite. You wait, you pay per embedding, and if the index is stale the review quality drops.
Codewalk separates review from indexing. The review engine only needs:
- the git diff
- the content of changed files
- static analysis
- team guidelines from
codewalk.yaml
That is enough to find bugs, security issues, style violations, and logic errors.
What you get with and without an index
| Component | Without index | With index |
|---|---|---|
| Git diff + file content | ✅ | ✅ |
| Rubrics + team guidelines | ✅ | ✅ |
| Stack detection | ✅ from file extensions | ✅ cached |
| Risk annotations | ⚠️ diff-size proxy | ✅ PageRank, fan-in, cycles |
| Neighborhood context | ⚠️ no callers/tests | ✅ from DuckDB graph |
| Blast radius warnings | ⚠️ not available | ✅ transitive impact |
The un-indexed review is already useful. The indexed review is senior-engineer-level useful.
How the review pipeline works
git diff → Static Analysis → Batch files by risk
→ Host LLM reviews each batch with full context
→ Submit findings per batch
→ Final summary + verdict
→ Re-review: hide rejected findings and verify fixes
Files are batched in groups of 3–5, sorted by risk, so the host LLM stays focused. Static analysis and stack detection run locally. OWASP security checks and custom guidelines are applied. Then the LLM reviews each batch with the context it actually needs.
Findings are ranked:
blocker— must fix before mergeerror— real bugs, logic errors, security riskssuggestion— style, naming, minor improvements
You accept or reject each finding. Accepted fixes can be applied atomically and verified with tests. After fixes, codewalk_re_review starts a fresh review and hides any finding you rejected in the previous session. A human-in-the-loop gate prevents any file modification without approval.
Why this matters
- Hotfixes. Production is on fire. You do not have time to embed 50,000 files.
- CI/CD gates. Run review on every PR without maintaining a warm index.
- Legacy monorepos. Index once if you want, but do not block the first review on it.
- Lower cost. No per-embedding charges just to check a three-file change.
Indexing still makes sense for the repos you work in every day. Codewalk’s incremental reindex only re-embeds changed files, so keeping the index fresh is cheap. But review should never be held hostage by it.
Try it
From the REST API:
curl -X POST http://localhost:8000/review \
-H "Content-Type: application/json" \
-d '{}'
From the MCP server in VS Code Copilot, Claude Code, or Cursor:
@codewalk run review on my working-tree changes
After you accept or reject findings, re-review to verify fixes without re-seeing rejected issues:
@codewalk re-review this diff
No analyze step. No embedding queue. Just the repo and the diff.
Learn more
- Landing page & docs: codewalk.xyz
- Open-source repo: github.com/gupta29470/codewalk
- See all demos →
- Try the web UI, MCP server, REST API, or cloud indexing from the docs.