tree-sitter-analyzer
mcp
Fail
Health Pass
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 29 GitHub stars
Code Fail
- process.env — Environment variable access in .claude/skills/browse/src/browser-manager.ts
- child_process — Shell command execution capability in .claude/skills/browse/src/bun-polyfill.cjs
- spawnSync — Synchronous process spawning in .claude/skills/browse/src/bun-polyfill.cjs
- network request — Outbound network request in .claude/skills/browse/src/bun-polyfill.cjs
- child_process — Shell command execution capability in .claude/skills/browse/src/cli.ts
- spawnSync — Synchronous process spawning in .claude/skills/browse/src/cli.ts
- fs.rmSync — Destructive file system operation in .claude/skills/browse/src/cli.ts
- process.env — Environment variable access in .claude/skills/browse/src/cli.ts
- network request — Outbound network request in .claude/skills/browse/src/cli.ts
- spawnSync — Synchronous process spawning in .claude/skills/browse/src/config.ts
- process.env — Environment variable access in .claude/skills/browse/src/config.ts
- fs.rmSync — Destructive file system operation in .claude/skills/browse/src/cookie-import-browser.ts
- os.homedir — User home directory access in .claude/skills/browse/src/cookie-import-browser.ts
- network request — Outbound network request in .claude/skills/browse/src/cookie-picker-ui.ts
- spawnSync — Synchronous process spawning in .claude/skills/browse/src/find-browse.ts
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This is a code analysis framework that provides local-first repository retrieval and AST-based structural analysis for AI-assisted development. It is designed to be used as both a standalone CLI tool and an MCP server.
Security Assessment
Overall Risk: High. The automated scan flags multiple severe security concerns. The codebase extensively utilizes shell command execution (`child_process`) and synchronous process spawning (`spawnSync`) across several files. Additionally, it performs destructive file system operations (`fs.rmSync`), accesses the user's home directory (`os.homedir`), and initiates outbound network requests. Almost all of these high-risk capabilities are concentrated inside a hidden `.claude/skills/browse/` directory. While these features might be intended for a bundled browser automation or web scraping feature, they grant the tool extensive, unsupervised control over the host system, making it a significant security liability.
Quality Assessment
Overall Quality: Good. The project demonstrates strong maintenance and development hygiene. It features a highly permissive MIT license, bilingual documentation, and a robust testing suite with over 8,400 tests and nearly 89% code coverage. Receiving an update today and boasting nearly 30 GitHub stars, the project shows active, trustworthy development from its creator.
Verdict
Use with caution. While the project's development quality is excellent, the underlying code contains highly sensitive capabilities like shell execution and file deletion that require careful sandboxing before deployment.
This is a code analysis framework that provides local-first repository retrieval and AST-based structural analysis for AI-assisted development. It is designed to be used as both a standalone CLI tool and an MCP server.
Security Assessment
Overall Risk: High. The automated scan flags multiple severe security concerns. The codebase extensively utilizes shell command execution (`child_process`) and synchronous process spawning (`spawnSync`) across several files. Additionally, it performs destructive file system operations (`fs.rmSync`), accesses the user's home directory (`os.homedir`), and initiates outbound network requests. Almost all of these high-risk capabilities are concentrated inside a hidden `.claude/skills/browse/` directory. While these features might be intended for a bundled browser automation or web scraping feature, they grant the tool extensive, unsupervised control over the host system, making it a significant security liability.
Quality Assessment
Overall Quality: Good. The project demonstrates strong maintenance and development hygiene. It features a highly permissive MIT license, bilingual documentation, and a robust testing suite with over 8,400 tests and nearly 89% code coverage. Receiving an update today and boasting nearly 30 GitHub stars, the project shows active, trustworthy development from its creator.
Verdict
Use with caution. While the project's development quality is excellent, the underlying code contains highly sensitive capabilities like shell execution and file deletion that require careful sandboxing before deployment.
A scalable, multi-language code analysis framework based on Tree-sitter, usable both as a CLI tool and an MCP server.
README.md
🌳 Tree-sitter Analyzer
Tree-Sitter-Analyzer is a local-first code context engine for AI-assisted development — combining fast repository retrieval, AST-based structural analysis, and secure MCP integration.
Its job is not just to parse code. Its job is to help humans and AI agents fetch only the code context they actually need, safely, quickly, and with structural precision.
find the right files → find the right matches → extract the right structure → send only the right context
17 languages · Project-boundary security · Claude Desktop / Cursor / Roo Code · CLI + Python API
✨ What's New in v1.10.5
get_code_outlineMCP tool with TOON format: Outline-first navigation delivering 54-56% token reduction vs JSON. Retrieve hierarchical structure first, then fetch only the bodies you need.trace_impactMCP tool: Lightweight call site finder using ripgrep — impact analysis without graph database overhead- Intent-based tool aliases: AI-friendly tool naming (
locate_usage,map_structure) makes tool discovery natural for agents - Analysis session tracking: Audit multi-step SMART workflows with session IDs and operation history
- 23 critical bug fixes: TOON format return structure, default output format, test assertions - project fully operational
- Measured token savings: Real-world testing shows TOON format reduces output size by 54-56% across small/medium/large files
- Enhanced test coverage: 8,470 tests (100% pass), 88.68% coverage (↑8.35% from v1.10.4)
- Cross-platform verified: All tests pass on Ubuntu, Windows, macOS × Python 3.10-3.13
📖 Full Changelog for complete version history.
🎬 See It In Action
Demo GIF coming soon - showcasing AI integration with SMART workflow
🎯 Why Tree-sitter Analyzer
Tree-sitter Analyzer is an open-source, local-first code context engine for helping AI assistants read only what matters in large codebases.
- Minimal context, not whole-file stuffing: retrieve the smallest useful code regions before sending them to AI
- Evidence-based analysis: combine tree-sitter structure with
fdandripgrepto surface relevant files, symbols, and paths - No heavy preprocessing required: useful on messy repositories where full indexing can be slow, stale, or difficult to maintain
Common Use Cases
- Understand what a very large file or module is doing without loading the entire file into an AI prompt
- Trace business logic, UI handlers, or bug-related code paths across a complex repository
- Narrow AI context for Java and other large codebases before asking for analysis or changes
🚀 5-Minute Quick Start
Prerequisites
# Install uv (required)
# macOS/Linux
curl -LsSf https://astral.sh/uv/install.sh | sh
# Windows PowerShell
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
# Install fd + ripgrep (required for search features)
brew install fd ripgrep # macOS
winget install sharkdp.fd BurntSushi.ripgrep.MSVC # Windows
📖 Detailed Installation Guide for all platforms.
Verify Installation
uv run tree-sitter-analyzer --show-supported-languages
🤖 AI Integration
Configure your AI assistant to use Tree-sitter Analyzer via MCP protocol.
This works especially well when your assistant struggles with very large files, noisy repository-wide context, or legacy code that is too expensive to load all at once.
Claude Desktop / Cursor / Roo Code
Add to your MCP configuration:
{
"mcpServers": {
"tree-sitter-analyzer": {
"command": "uvx",
"args": [
"--from", "tree-sitter-analyzer[mcp]",
"tree-sitter-analyzer-mcp"
],
"env": {
"TREE_SITTER_PROJECT_ROOT": "/path/to/your/project",
"TREE_SITTER_OUTPUT_PATH": "/path/to/output/directory"
}
}
}
}
Configuration file locations:
- Claude Desktop:
%APPDATA%\Claude\claude_desktop_config.json(Windows) /~/Library/Application Support/Claude/claude_desktop_config.json(macOS) - Cursor: Built-in MCP settings
- Roo Code: MCP configuration
After restart, tell the AI: Please set the project root directory to: /path/to/your/project
📖 MCP Tools Reference for complete API documentation.
💻 Common CLI Commands
Installation
uv add "tree-sitter-analyzer[all,mcp]" # Full installation
Top 5 Commands
# 1. Analyze file structure
uv run tree-sitter-analyzer examples/BigService.java --table full
# 2. Quick summary
uv run tree-sitter-analyzer examples/BigService.java --summary
# 3. Extract code section
uv run tree-sitter-analyzer examples/BigService.java --partial-read --start-line 93 --end-line 106
# 4. Find files and search content
uv run find-and-grep --roots . --query "class.*Service" --extensions java
# 5. Query specific elements
uv run tree-sitter-analyzer examples/BigService.java --query-key methods --filter "public=true"
╭─────────────────────────────────────────────────────────────╮
│ BigService.java Analysis │
├─────────────────────────────────────────────────────────────┤
│ Total Lines: 1419 | Code: 906 | Comments: 246 | Blank: 267 │
│ Classes: 1 | Methods: 66 | Fields: 9 | Complexity: 5.27 avg │
╰─────────────────────────────────────────────────────────────╯
📖 Complete CLI Reference for all commands and options.
🌍 Supported Languages
| Language | Support Level | Key Features |
|---|---|---|
| Java | ✅ Complete | Spring, JPA, enterprise features |
| Python | ✅ Complete | Type annotations, decorators |
| TypeScript | ✅ Complete | Interfaces, types, TSX/JSX |
| JavaScript | ✅ Complete | ES6+, React/Vue/Angular |
| C | ✅ Complete | Functions, structs, unions, enums, preprocessor |
| C++ | ✅ Complete | Classes, templates, namespaces, inheritance |
| C# | ✅ Complete | Records, async/await, attributes |
| SQL | ✅ Enhanced | Tables, views, procedures, triggers |
| HTML | ✅ Complete | DOM structure, element classification |
| CSS | ✅ Complete | Selectors, properties, categorization |
| Go | ✅ Complete | Structs, interfaces, goroutines |
| Rust | ✅ Complete | Traits, impl blocks, macros |
| Kotlin | ✅ Complete | Data classes, coroutines |
| PHP | ✅ Complete | PHP 8+, attributes, traits |
| Ruby | ✅ Complete | Rails patterns, metaprogramming |
| YAML | ✅ Complete | Anchors, aliases, multi-document |
| Markdown | ✅ Complete | Headers, code blocks, tables |
📖 Features Documentation for language-specific details.
📊 Features Overview
| Feature | Description | Learn More |
|---|---|---|
| SMART Workflow | Set-Map-Analyze-Retrieve-Trace methodology | Guide |
| Outline-First Navigation | get_code_outline — hierarchical structure map before content retrieval |
MCP Tools |
| MCP Protocol | Native AI assistant integration | API Docs |
| Token Optimization | TOON format delivers 54-56% token reduction; token-aware controls for large AI workflows | Features |
| File Search | fd-based high-performance discovery | CLI Reference |
| Content Search | ripgrep regex search | CLI Reference |
| Security | Project boundary protection | Architecture |
🏆 Quality & Testing
| Metric | Value |
|---|---|
| Tests | Multi-thousand automated tests |
| Coverage | |
| Type Safety | 100% mypy compliance |
| Platforms | Windows, macOS, Linux |
# Run tests
uv run pytest tests/ -v
# Generate coverage report
uv run pytest tests/ --cov=tree_sitter_analyzer --cov-report=html
🛠️ Development
Setup
git clone https://github.com/aimasteracc/tree-sitter-analyzer.git
cd tree-sitter-analyzer
uv sync --extra all --extra mcp
Quality Checks
uv run pytest tests/ -v # Run tests
uv run python check_quality.py --new-code-only # Quality check
uv run python llm_code_checker.py --check-all # AI code check
📖 Architecture Guide for system design details.
🤝 Contributing & License
We welcome contributions! See Contributing Guide for development guidelines.
⭐ Support
If this project helps you, please give us a ⭐ on GitHub!
💝 Sponsors
@o93 - Lead Sponsor supporting MCP tool enhancement, test infrastructure, and quality improvements.
📄 License
MIT License - see LICENSE file.
🧪 Testing
Test Coverage
| Metric | Value |
|---|---|
| Test Suite | Multi-thousand automated tests across unit, integration, regression, property, benchmark, and compatibility layers |
| Code Coverage | |
| Type Safety | 100% mypy compliance |
Running Tests
# Run all tests
uv run pytest tests/ -v
# Run specific test category
uv run pytest tests/unit/ -v # Unit tests
uv run pytest tests/integration/ -v # Integration tests
uv run pytest tests/regression/ -m regression # Regression tests
uv run pytest tests/benchmarks/ -v # Benchmark tests
# Run with coverage
uv run pytest tests/ --cov=tree_sitter_analyzer --cov-report=html
# Run property-based tests
uv run pytest tests/property/
# Run performance benchmarks
uv run pytest tests/benchmarks/ --benchmark-only
Test Documentation
| Document | Description |
|---|---|
| Test Writing Guide | Comprehensive guide for writing tests |
| Regression Testing Guide | Golden Master methodology and regression testing |
| Testing Documentation | Project testing standards |
Test Categories
- Unit Tests: Test individual components in isolation
- Integration Tests: Test component interactions
- Regression Tests: Ensure backward compatibility and format stability
- Property Tests: Use Hypothesis-based invariant checking
- Benchmark Tests: Track performance and regression signals
- Compatibility Tests: Validate cross-version behavior
CI/CD Integration
- Test Coverage Workflow: Automated coverage checks on PRs and pushes
- Regression Tests Workflow: Golden Master validation and format stability checks
- Performance Benchmarks: Daily benchmark runs with trend analysis
- Quality Checks: Automated linting, type checking, and security scanning
Contributing Tests
When contributing new features:
- Write Tests: Follow the Test Writing Guide
- Ensure Coverage: Maintain >80% code coverage
- Run Locally:
uv run pytest tests/ -v - Check Quality:
uv run ruff check . && uv run mypy tree_sitter_analyzer/ - Update Docs: Document new tests and features
📚 Documentation
| Document | Description |
|---|---|
| Installation Guide | Setup for all platforms |
| CLI Reference | Complete command reference |
| SMART Workflow | AI-assisted analysis guide |
| MCP Tools API | MCP integration details |
| Features | Language support details |
| Architecture | System design |
| Contributing | Development guidelines |
| Test Writing Guide | Comprehensive test writing guide |
| Regression Testing Guide | Golden Master methodology |
| Changelog | Version history |
🎯 Built for developers working with large codebases and AI assistants
Making every line of code understandable to AI, enabling every project to break through token limitations
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found