codebadger is a containerized Model Context Protocol (MCP) server that gives AI agents and LLMs deep, queryable access to a codebase's structure and data flow through Joern Code Property Graphs (CPGs). Point it at a Git repository, a local path, or a pasted code snippet, and it builds a CPG and exposes it as LLM-callable tools for running CPGQL queries, tracing data flow and taint, slicing programs, and hunting vulnerabilities — across Java, C/C++, JavaScript, Python, Go, Kotlin, C#, Ghidra, Jimple, PHP, Ruby, and Swift. It serves both general program analysis and vulnerability analysis, for academic research and industry alike.
These docs are for two audiences:
- Developers deploying, operating, or extending the server.
- Security researchers using the tools to hunt vulnerabilities and build PoCs.
| Doc | What's in it |
|---|---|
| Installation | Prerequisites and a 5-minute local setup. |
| Usage | Connecting MCP clients, the tool catalog, and a researcher workflow with examples. |
| Available Tools | Every MCP tool by category, with a description of what each does. |
| Configuration | config.yaml + environment variable reference, telemetry. |
| Deployment | Docker Compose, Postgres/Redis profiles, memory sizing, shared vs pool mode, large batches. |
| Architecture | System design, request flow, memory-aware admission, and design decisions (with diagrams). |
| Security | Threat model, trust boundaries, the controls we provide, and production hardening. |
| Custom Tools | Add your own detectors without touching the core. |
| Contributing | Dev setup, running tests, and contribution guidelines. |
| Roadmap | What's shipped and what's next. |
- New here? Start with Installation → Usage.
- Running a large batch (e.g. hundreds of CVEs)? See Deployment → Scaling.
- Want to understand why it's built this way? See Architecture.
- Found a bug with codebadger? Add it to TROPHIES.md.