osscodeiq 0.1.0

CLI tool for intelligent code graph discovery and analysis

OSSCodeIQ

Deterministic code graph discovery and analysis CLI — no AI, pure pattern matching

---

OSSCodeIQ scans codebases to build a deterministic knowledge graph of code relationships — classes, methods, endpoints, entities, dependencies, infrastructure resources, auth patterns, and more. 97 detectors across 35 languages, 3 storage backends (NetworkX, SQLite, KuzuDB), interactive flow diagrams, and zero AI dependency.

Features

• 97 detectors across 35 languages — Java, Python, TypeScript, Go, C#, Rust, Kotlin, and more
• Framework detection — Spring Boot, Django, Flask, FastAPI, Express, NestJS, Gin, Echo, Actix-web, Axum, Quarkus, Micronaut, Prisma, Sequelize, Mongoose, Pydantic, Entity Framework Core, and 60+ more
• Auth/security detection — Spring Security, Django Auth, FastAPI Auth, NestJS Guards, Passport/JWT, LDAP, Azure AD, mTLS, CSRF, session/cookie auth
• Frontend detection — React, Vue, Angular, Svelte components, hooks, frontend routes (React Router, Vue Router, Next.js, Remix)
• Infrastructure — Terraform, Kubernetes, Docker Compose, Helm Charts, CloudFormation, Bicep, GitLab CI, GitHub Actions
• Layer classification — Every node tagged as frontend, backend, infra, shared, or unknown
• Flow diagrams — Generate interactive Mermaid architecture diagrams with drill-down (CI, Deploy, Runtime, Auth views)
• 3 storage backends — NetworkX (in-memory), SQLite (file-based), KuzuDB (Cypher queries)
• Bundle & distribute — Package the graph DB + interactive HTML into a zip for sharing
• 100% deterministic — Same input, same output, every time, on every backend
• Plugin system — Auto-discovered detectors + setuptools entry points for external plugins

Quick Start

# Install
pip install -e .

# Analyze a codebase
osscodeiq analyze /path/to/repo

# Generate architecture flow diagram
osscodeiq flow /path/to/repo --format html --output flow.html

# Query the graph
osscodeiq find endpoints /path/to/repo
osscodeiq find guards /path/to/repo
osscodeiq find unprotected /path/to/repo

# Use Cypher queries (KuzuDB backend)
osscodeiq analyze /path/to/repo --backend kuzu
osscodeiq cypher "MATCH (e:CodeNode {kind: 'endpoint'})-[]->(s:CodeNode) RETURN e.label, s.label LIMIT 20" /path/to/repo --backend kuzu

# Bundle for distribution
osscodeiq bundle /path/to/repo --tag v2.1.0 --backend kuzu

Supported Languages & Frameworks

Java (28 detectors)

Spring REST, Spring Security, JPA/Hibernate, Kafka, RabbitMQ, JMS, gRPC, JAX-RS, WebSocket, Azure Functions, Cosmos DB, IBM MQ, TIBCO EMS, Quarkus, Micronaut

Python (12 detectors)

Flask, Django (views + models), FastAPI, SQLAlchemy, Celery, Pydantic, Kafka (confluent/aiokafka), general structures (classes, functions, imports)

TypeScript/JavaScript (22 detectors)

Express, NestJS, Fastify, Remix, GraphQL, TypeORM, Prisma, Sequelize, Mongoose, KafkaJS, React, Vue, Angular, Svelte, frontend routes

Go (3 detectors)

Gin, Echo, Chi, gorilla/mux, net/http endpoints + GORM, sqlx, database/sql + general structures

C# (4 detectors)

Entity Framework Core, Minimal APIs, ASP.NET Core, Azure Functions

Rust (2 detectors)

Actix-web, Axum + general structures (traits, impls, macros)

Kotlin (2 detectors)

Ktor + general structures (sealed/enum/annotation classes, extension functions)

Infrastructure & Config (16 detectors)

Terraform, Kubernetes, K8s RBAC, Docker Compose, Dockerfile, Bicep, GitHub Actions, GitLab CI, Helm Charts, CloudFormation, JSON, YAML, TOML, INI, Properties, Markdown, Proto

Auth & Security (9 detectors)

Spring Security, Django Auth, FastAPI Auth, NestJS Guards, Passport/JWT, K8s RBAC, LDAP, TLS/Certificate/Azure AD, Session/Header/CSRF

Architecture

osscodeiq analyze /path/to/repo
        |
        v
+------------------+
| File Discovery   |  git ls-files + extension/filename mapping (35 languages)
+--------+---------+
         |
         v
+------------------+
| Parsing Layer    |  Tree-sitter (Java/Python/TS/JS) + structured parsers
+--------+---------+
         |
         v
+------------------+
| 97 Detectors     |  Auto-discovered via pkgutil, 8 parallel workers
+--------+---------+
         |
         v
+------------------+
| Layer Classifier |  frontend / backend / infra / shared / unknown
+--------+---------+
         |
         v
+------------------+
| Cross-file       |  Topic linking, entity-repo matching, module containment
| Linkers          |
+--------+---------+
         |
         v
+------------------+
| Graph Backend    |  NetworkX (memory) | SQLite (file) | KuzuDB (Cypher)
+------------------+
         |
         v
+------------------+
| Output           |  JSON | YAML | Mermaid | DOT | Interactive HTML
+------------------+

Flow Diagrams

Generate architecture flow diagrams with drill-down views:

# High-level overview
osscodeiq flow ./my-project --format mermaid

# Drill into specific layers
osscodeiq flow ./my-project --view ci       # CI/CD pipeline
osscodeiq flow ./my-project --view deploy   # Deployment topology
osscodeiq flow ./my-project --view runtime  # Service architecture
osscodeiq flow ./my-project --view auth     # Security coverage

# Interactive HTML with click-to-drill
osscodeiq flow ./my-project --format html --output flow.html

Graph Model

Node Types (31)

module package class method endpoint entity repository query migration topic queue event interface abstract_class enum annotation_type protocol_message config_file config_key config_definition database_connection infra_resource azure_resource azure_function message_queue websocket_endpoint rmi_interface component guard middleware hook

Edge Types (26)

depends_on imports extends implements calls injects exposes queries maps_to produces consumes publishes listens invokes_rmi exports_rmi reads_config migrates contains defines overrides connects_to triggers provisions sends_to receives_from protects renders

Storage Backends

Backend	Type	Cypher	Bundleable	Use Case
NetworkX	In-memory	No	Via JSON	Default, fastest for analysis
SQLite	File	No	.db file	Persistent, zero dependencies
KuzuDB	File	Yes	Directory	Cypher queries, agentic AI

osscodeiq analyze ./repo --backend kuzu
osscodeiq analyze ./repo --backend sqlite

Development

git clone https://github.com/RandomCodeSpace/code-iq.git
cd osscodeiq
pip install -e ".[dev]"
pytest                    # 1,662 tests
osscodeiq analyze . # Analyze this repo

Adding a New Detector

Just create a file — auto-discovered, zero registration:

# src/osscodeiq/detectors/python/my_detector.py
from osscodeiq.detectors.base import DetectorContext, DetectorResult
from osscodeiq.detectors.utils import decode_text
from osscodeiq.models.graph import GraphNode, NodeKind, SourceLocation

class MyDetector:
    name = "my_detector"
    supported_languages = ("python",)

    def detect(self, ctx: DetectorContext) -> DetectorResult:
        result = DetectorResult()
        text = decode_text(ctx)
        # Your detection logic here
        return result

Requirements

• Python 3.11+
• Dependencies: typer, rich, tree-sitter, networkx, lxml, pyyaml, sqlparse, pydantic
• Optional: pip install kuzu for KuzuDB backend

License

MIT License. See LICENSE for details.

---

Built with intelligence. No AI required.