loctree-ast
Health Uyari
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 7 GitHub stars
Code Uyari
- process.env — Environment variable access in .github/workflows/gemini-dispatch.yml
Permissions Gecti
- Permissions — No dangerous permissions requested
This tool provides structural code intelligence for AI agents. It performs a single scan of your project to build a dependency graph, which can then be queried to find dead exports, circular imports, and usage contexts.
Security Assessment
Overall risk: Low. The tool is written in Rust, which provides strong memory safety. It does not request dangerous system permissions. While there is a rule-based warning regarding environment variable access in a GitHub Actions workflow (`.github/workflows/gemini-dispatch.yml`), this is a standard CI/CD practice for managing pipeline secrets and poses no threat to end-users. A notable security consideration is the installation method: piping a remote shell script directly to `sh` (`curl ... | sh`) is a common but inherently risky pattern. Developers can completely avoid this vector by using the reproducible `cargo install` command or standard package managers like Homebrew instead. No hardcoded secrets were detected in the codebase.
Quality Assessment
Quality is high, and the project is actively maintained (last push was today). It is properly licensed under the permissive MIT and Apache-2.0 licenses, making it safe for commercial and personal use. The only drawback is its low community visibility; with only 7 GitHub stars, it is a very new or niche tool, meaning it has not yet been battle-tested by a large audience.
Verdict
Safe to use, but for optimal security, install via `cargo` or Homebrew rather than the web shell script.
Structural code intelligence for AI agents. Scan once, query everything — dead exports, circular imports, dependency graphs, and more. CLI + MCP server.
loctree
Scan once, query everything.
AI-oriented static analysis for dead exports, circular imports, dependency graphs, and holographic context slices.
Install
curl -fsSL https://loct.io/install.sh | sh # CLI + loctree-mcp
cargo install --locked loctree loctree-mcp # Cargo, reproducible
npm install -g loctree # CLI only; published targets follow the latest npm release
brew install loctree/cli/loct # CLI via Homebrew tap
brew install loctree/mcp/loctree-mcp # MCP via Homebrew tap
Public install channels track the latest published release, which can lag behind
the workspace version on main. If you're validating a specific release, check
crates.io, npm, or GitHub Releases rather than assuming branch parity.
Quick Start
Artifacts are stored in your OS cache dir by default (override via LOCT_CACHE_DIR).loct is the canonical CLI command. loctree remains available as a quiet compatibility alias.
loct # Scan project, write cached artifacts
loct --for-ai # AI-optimized overview (health, hubs, quick wins)
loct slice src/App.tsx --consumers # Context: file + deps + consumers
loct find useAuth # Find symbol definitions
loct find 'Snapshot FileAnalysis' # Cross-match: where terms meet
loct impact src/utils/api.ts # What breaks if you change this?
loct health # Quick summary: cycles + dead + twins
loct dead --confidence high # Unused exports
loct cycles # Circular imports
loct twins # Dead parrots + duplicates + barrel chaos
loct audit # Full codebase review
What It Does
loctree captures your project's real dependency graph in a single scan, then answers structural questions instantly from the snapshot. Designed for AI agents that need focused context without reading every file.
Core capabilities:
- Holographic Slice - extract file + dependencies + consumers in one call
- Cross-Match Search - find where multiple terms co-occur (not flat grep)
- Dead Export Detection - find unused exports across JS/TS, Python, Rust, Go, Dart
- Circular Import Detection - Tarjan's SCC algorithm catches runtime bombs
- Handler Tracing - follow Tauri commands through the entire FE/BE pipeline
- Impact Analysis - see what breaks before you delete or refactor
- jq Queries - query snapshot data with jq syntax (
loct '.files | length')
Why loctree
| grep/rg | LSP | loctree | |
|---|---|---|---|
| Knows imports vs definitions | No | Per-file | Whole graph |
| Dead export detection | No | No | Yes (multi-lang) |
| Cross-file impact analysis | No | Limited | Full transitive |
| AI agent integration | No | No | MCP server + --for-ai |
| Speed on 1M LOC repo | Fast (text) | Slow (indexing) | ~3s (structural) |
| Setup | None | Per-editor | One binary |
MCP Server
loctree ships as an MCP server for seamless AI agent integration:
loctree-mcp # Start via stdio (configure in your MCP client)
7 tools: repo-view, slice, find, impact, focus, tree, follow. Each tool accepts a project parameter — auto-scans on first use, caches snapshots in RAM. Project-agnostic: analyze any repo without configuration.
{
"mcpServers": {
"loctree": {
"command": "loctree-mcp",
"args": []
}
}
}
Direct download users can also fetch signed release assets from the monorepo
GitHub release page, which mirrors both the CLI and loctree-mcp tarballs.
Language Support
| Language | Dead Export Accuracy | Notes |
|---|---|---|
| Rust | ~0% FP | Tested on rust-lang/rust (35K files) |
| Go | ~0% FP | Tested on golang/go (17K files) |
| TypeScript/JavaScript | ~10-20% FP | JSX/TSX, React patterns, Flow, WeakMap |
| Python | ~20% FP | Library mode, __all__, stdlib detection |
| Svelte | <15% FP | Template analysis, .d.ts re-exports |
| Vue | ~15% FP | SFC support, Composition & Options API |
| Dart/Flutter | Full | pubspec.yaml detection |
Auto-detects stack from Cargo.toml, tsconfig.json, pyproject.toml, pubspec.yaml, src-tauri/.
Holographic Slice
Extract 3-layer context for any file:
loct slice src/App.tsx --consumers
Slice for: src/App.tsx
Core (1 files, 150 LOC):
src/App.tsx (150 LOC, ts)
Deps (3 files, 420 LOC):
[d1] src/hooks/useAuth.ts (80 LOC)
[d2] src/contexts/AuthContext.tsx (200 LOC)
[d2] src/utils/api.ts (140 LOC)
Consumers (2 files, 180 LOC):
src/main.tsx (30 LOC)
src/routes/index.tsx (150 LOC)
Total: 6 files, 750 LOC
Cross-Match Search
Multi-term queries show where terms meet, not flat OR:
loct find 'Snapshot FileAnalysis'
=== Cross-Match Files (9) ===
src/snapshot.rs: Snapshot(6), FileAnalysis(4)
src/slicer.rs: Snapshot(2), FileAnalysis(3)
...
=== Symbol Matches (222 in cross-match files) ===
src/snapshot.rs:20 - Snapshot [struct]
src/types.rs:15 - FileAnalysis [struct]
...
=== Parameter Matches (4 cross-matched) ===
src/slicer.rs:45 - snapshot: &Snapshot in build_slice(analyses: &[FileAnalysis])
jq Queries
Query snapshot data directly:
loct '.dead_parrots' # Dead code findings
loct '.files | length' # Count files
loct '.edges[] | select(.from | contains("api"))' # Filter edges
loct '.summary.health_score' # Health score
CI Integration
loct lint --fail --sarif > results.sarif # SARIF for GitHub/GitLab
loct findings | jq '.dead_exports.total' # Check dead export count
loct findings --summary | jq '.health_score' # Health summary JSON
Crates
| Crate | Description |
|---|---|
loctree |
Core analyzer + CLI (loct, loctree) |
report-leptos |
HTML report renderer (Leptos SSR) |
loctree-mcp |
MCP server for AI agents |
Development
make precheck # fmt + clippy + check (run before push)
make install # Install loct, loctree, loctree-mcp
make test # Run all workspace tests
make publish # Cascade publish to crates.io
Badge
[](https://crates.io/crates/loctree)
License
MIT OR Apache-2.0. See LICENSE-MIT and LICENSE-APACHE.
𝚅𝚒𝚋𝚎𝚌𝚛𝚊𝚏𝚝𝚎𝚍. with AI Agents ⓒ 2025-2026 Loctree Team
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi