@misterhuydo/cairn-mcp 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 misterhuydo
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/bin/cairn-mcp.js

@@ -0,0 +1,21 @@
+#!/usr/bin/env node
+import { spawn } from 'child_process';
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const indexPath  = join(__dirname, '..', 'index.js');
+
+const child = spawn(
+  process.execPath,
+  ['--experimental-sqlite', '--no-warnings=ExperimentalWarning', indexPath],
+  { stdio: 'inherit', env: process.env }
+);
+
+child.on('exit', (code, signal) => {
+  if (signal) process.kill(process.pid, signal);
+  else process.exit(code ?? 0);
+});
+
+process.on('SIGTERM', () => child.kill('SIGTERM'));
+process.on('SIGINT',  () => child.kill('SIGINT'));

package/how-to-use.md

@@ -0,0 +1,61 @@
+# Cairn — Quick Start
+
+## 1. Install globally
+
+```bash
+npm install -g @misterhuydo/cairn-mcp
+```
+
+That's it — `cairn-mcp` is now available as a global command.
+
+## 2. Register with Claude Code
+
+Add to `~/.claude/config.json` (create it if it doesn't exist):
+
+```json
+{
+  "mcpServers": {
+    "cairn": {
+      "command": "cairn-mcp"
+    }
+  }
+}
+```
+
+> If you already have other MCP servers, just add `"cairn": { ... }` inside the existing `"mcpServers"` block.
+
+Restart Claude Code. You should see 6 cairn tools available.
+
+## 3. Index your repos
+
+```
+cairn_maintain
+  roots: ["/path/to/repo1", "/path/to/repo2"]
+```
+
+Run this once at the start of each session (or whenever code changes significantly).
+
+## 4. Tools at a glance
+
+| Tool | What to use it for |
+|---|---|
+| `cairn_maintain` | Index repos (run first) |
+| `cairn_search` | Find classes, functions, components by name or concept |
+| `cairn_describe` | Summarize what a folder/module does |
+| `cairn_code_graph` | Check instability, health, or cycles before refactoring |
+| `cairn_security` | Scan for vulnerabilities (XSS, SQLi, hardcoded secrets, etc.) |
+| `cairn_bundle` | Package source files into a minified snapshot for Claude to read |
+
+## 5. Typical session
+
+```
+1. cairn_maintain   → index all repos
+2. cairn_search     → find what you need
+3. cairn_bundle     → get a readable snapshot of relevant files
+4. cairn_describe   → understand a module before modifying it
+5. cairn_security   → check for issues before a PR
+```
+
+---
+
+**Requirements:** Node.js >= 22.15.0

package/index.js

@@ -0,0 +1,141 @@
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { CallToolRequestSchema, ListToolsRequestSchema } from '@modelcontextprotocol/sdk/types.js';
+
+import { openDB }    from './src/graph/db.js';
+import { maintain }  from './src/tools/maintain.js';
+import { search }    from './src/tools/search.js';
+import { describe }  from './src/tools/describe.js';
+import { codeGraph } from './src/tools/codeGraph.js';
+import { security }  from './src/tools/security.js';
+import { bundle }    from './src/tools/bundle.js';
+
+const db = openDB();
+
+const server = new Server(
+  { name: 'cairn', version: '1.0.0' },
+  { capabilities: { tools: {} } }
+);
+
+server.setRequestHandler(ListToolsRequestSchema, async () => ({
+  tools: [
+    {
+      name: 'cairn_maintain',
+      description: 'Index all repos into Cairn\'s polyglot knowledge graph. Supports Java, TypeScript, JavaScript, Vue, Python, SQL, config, and Markdown. Run at session start or after major changes.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          roots: {
+            type: 'array', items: { type: 'string' },
+            description: 'Absolute paths to repo roots to index',
+          },
+          languages: {
+            type: 'array', items: { type: 'string' },
+            description: 'Optional: limit to specific languages e.g. ["java","typescript"]',
+          },
+        },
+        required: ['roots'],
+      },
+    },
+    {
+      name: 'cairn_search',
+      description: 'Search the codebase by concept across all languages. Returns ranked symbols with scores.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          query:    { type: 'string' },
+          limit:    { type: 'number', default: 10 },
+          language: { type: 'string', description: 'Optional: filter by language' },
+          kind:     { type: 'string', description: 'Optional: class/function/component/table/...' },
+        },
+        required: ['query'],
+      },
+    },
+    {
+      name: 'cairn_describe',
+      description: 'Describe what a directory/module does: symbols, responsibilities, upstream/downstream deps.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          path: { type: 'string', description: 'Directory or file path to describe' },
+        },
+        required: ['path'],
+      },
+    },
+    {
+      name: 'cairn_code_graph',
+      description: 'Analyze module dependencies and instability metrics across all languages. Use before refactoring.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          module: { type: 'string', description: 'Optional: scope to a specific module/package' },
+          mode:   { type: 'string', enum: ['instability', 'health', 'cycles'] },
+        },
+        required: ['mode'],
+      },
+    },
+    {
+      name: 'cairn_security',
+      description: 'Scan for security vulnerabilities across all languages (XSS, XXE, SQLi, weak crypto, hardcoded secrets, etc.)',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          paths:    { type: 'array', items: { type: 'string' }, description: 'Optional: scope to specific paths' },
+          severity: { type: 'string', enum: ['HIGH', 'MEDIUM', 'LOW', 'ALL'], default: 'HIGH' },
+          language: { type: 'string', description: 'Optional: scope to a specific language' },
+        },
+      },
+    },
+    {
+      name: 'cairn_bundle',
+      description: `Produce a minified single-file snapshot of source code for Claude to read.
+Strips comments, empty lines, and optionally styles. Returns the bundle file path and compression stats.
+Use AFTER cairn_search to get a readable version of the files Claude needs to work with.
+Typical workflow: cairn_search → find files → cairn_bundle those paths → Claude reads bundle.`,
+      inputSchema: {
+        type: 'object',
+        properties: {
+          roots: {
+            type: 'array', items: { type: 'string' },
+            description: 'Repo roots to bundle',
+          },
+          bundle_name: {
+            type: 'string', default: 'default',
+            description: 'Name for the bundle file (saved to ~/.cairn/bundles/<name>.txt)',
+          },
+          filter_paths: {
+            type: 'array', items: { type: 'string' },
+            description: 'Optional: only include files under these relative paths',
+          },
+          filter_language: {
+            type: 'string',
+            description: 'Optional: only bundle this language (java/typescript/vue/python/...)',
+          },
+          no_comments:    { type: 'boolean', default: true,  description: 'Strip code comments' },
+          no_empty_lines: { type: 'boolean', default: true,  description: 'Remove empty lines' },
+          no_style:       { type: 'boolean', default: false, description: 'Skip <style> blocks in Vue files' },
+          aggressive:     { type: 'boolean', default: false, description: 'Aggressive whitespace/punctuation minification' },
+          only_changed:   { type: 'boolean', default: false, description: 'Incremental: only re-bundle files changed since last run' },
+          max_size_kb:    { type: 'number',  default: 800,   description: 'Safety cap in KB to avoid context window overflow' },
+        },
+        required: ['roots'],
+      },
+    },
+  ],
+}));
+
+server.setRequestHandler(CallToolRequestSchema, async (request) => {
+  const { name, arguments: args } = request.params;
+  switch (name) {
+    case 'cairn_maintain':   return await maintain(db, args);
+    case 'cairn_search':     return search(db, args);
+    case 'cairn_describe':   return describe(db, args);
+    case 'cairn_code_graph': return codeGraph(db, args);
+    case 'cairn_security':   return security(db, args);
+    case 'cairn_bundle':     return await bundle(db, args);
+    default: throw new Error(`Unknown tool: ${name}`);
+  }
+});
+
+const transport = new StdioServerTransport();
+await server.connect(transport);

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@misterhuydo/cairn-mcp",
+  "version": "1.0.0",
+  "description": "Persistent polyglot knowledge graph MCP server for Claude Code. Index once, query forever — across Java, TypeScript, Vue, Python, SQL and more.",
+  "type": "module",
+  "main": "index.js",
+  "bin": {
+    "cairn-mcp": "./bin/cairn-mcp.js"
+  },
+  "scripts": {
+    "start": "node --experimental-sqlite index.js"
+  },
+  "engines": {
+    "node": ">=22.15.0"
+  },
+  "keywords": [
+    "mcp",
+    "claude",
+    "claude-code",
+    "knowledge-graph",
+    "codebase-search",
+    "polyglot",
+    "java",
+    "typescript",
+    "vue",
+    "python",
+    "sqlite",
+    "developer-tools"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/misterhuydo/Cairn.git"
+  },
+  "homepage": "https://github.com/misterhuydo/Cairn#readme",
+  "bugs": {
+    "url": "https://github.com/misterhuydo/Cairn/issues"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "fast-glob": "^3.3.0"
+  }
+}

package/src/bundler/bundleWriter.js

@@ -0,0 +1,113 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import { minifyContent } from './minifier.js';
+import { minifyVue }     from './vueMinifier.js';
+import { walkRepo, LANGUAGE_MAP } from '../indexer/fileWalker.js';
+
+const BUNDLE_DIR = path.join(os.homedir(), '.cairn', 'bundles');
+
+export async function writeBundle(roots, options = {}) {
+  const {
+    bundleName   = 'default',
+    noComments   = true,
+    noEmptyLines = true,
+    noStyle      = false,
+    aggressive   = false,
+    onlyChanged  = false,
+    filterLang   = null,
+    filterPaths  = null,
+    maxSizeKB    = 800,
+  } = options;
+
+  fs.mkdirSync(BUNDLE_DIR, { recursive: true });
+
+  const outPath    = path.join(BUNDLE_DIR, `${bundleName}.txt`);
+  const mtimePath  = path.join(BUNDLE_DIR, `${bundleName}.mtime.json`);
+  const mtimeCache = onlyChanged && fs.existsSync(mtimePath)
+    ? JSON.parse(fs.readFileSync(mtimePath, 'utf8')) : {};
+
+  const newMtimes = {};
+  const lines     = [];
+  const stats     = {
+    processed: 0, skipped_unchanged: 0, skipped_size: 0,
+    original_bytes: 0, compressed_bytes: 0, by_language: {},
+  };
+
+  const langFilter = filterLang
+    ? (Array.isArray(filterLang) ? filterLang : [filterLang]) : null;
+
+  for (const root of roots) {
+    const files = await walkRepo(root);
+
+    for (const filePath of files) {
+      const ext      = path.extname(filePath).toLowerCase();
+      const language = LANGUAGE_MAP[ext];
+      if (!language) continue;
+      if (langFilter && !langFilter.includes(language)) continue;
+
+      // Path filter — match against relative path from repo root
+      if (filterPaths) {
+        const rel = path.relative(root, filePath).replace(/\\/g, '/');
+        if (!filterPaths.some(p => rel.startsWith(p))) continue;
+      }
+
+      // Incremental: skip files unchanged since last bundle
+      const mtime = fs.statSync(filePath).mtimeMs;
+      newMtimes[filePath] = mtime;
+      if (onlyChanged && mtimeCache[filePath] === mtime) {
+        stats.skipped_unchanged++;
+        continue;
+      }
+
+      // Size cap — check current accumulated size before adding more
+      const currentKB = Buffer.byteLength(lines.join('\n'), 'utf8') / 1024;
+      if (currentKB > maxSizeKB) {
+        stats.skipped_size++;
+        continue;
+      }
+
+      let raw;
+      try {
+        raw = fs.readFileSync(filePath, 'utf8');
+      } catch {
+        continue;
+      }
+      stats.original_bytes += Buffer.byteLength(raw, 'utf8');
+
+      // Minify
+      const minified = language === 'vue'
+        ? minifyVue(raw, { noStyle, noComments, noEmptyLines, aggressive })
+        : minifyContent(raw, language, { noComments, noEmptyLines, aggressive });
+
+      if (!minified.trim()) continue;
+
+      const rel = path.relative(process.cwd(), filePath).replace(/\\/g, '/');
+      lines.push(`### File: ${rel}`);
+      lines.push(minified.trim());
+      lines.push('');
+
+      stats.compressed_bytes += Buffer.byteLength(minified, 'utf8');
+      stats.processed++;
+      stats.by_language[language] = (stats.by_language[language] || 0) + 1;
+    }
+  }
+
+  const output = lines.join('\n');
+  fs.writeFileSync(outPath, output, 'utf8');
+  if (onlyChanged) fs.writeFileSync(mtimePath, JSON.stringify(newMtimes), 'utf8');
+
+  const ratio = stats.original_bytes > 0
+    ? Math.round((1 - stats.compressed_bytes / stats.original_bytes) * 100) : 0;
+
+  return {
+    bundle_path:       outPath,
+    processed:         stats.processed,
+    skipped_unchanged: stats.skipped_unchanged,
+    skipped_size_cap:  stats.skipped_size,
+    original_kb:       Math.round(stats.original_bytes / 1024),
+    compressed_kb:     Math.round(stats.compressed_bytes / 1024),
+    reduction_pct:     ratio,
+    by_language:       stats.by_language,
+  };
+}

package/src/bundler/minifier.js

@@ -0,0 +1,69 @@
+export function minifyContent(content, language, options = {}) {
+  const { noComments = true, noEmptyLines = true, aggressive = false } = options;
+
+  let out = content;
+
+  if (noComments)   out = removeComments(out, language);
+  if (noEmptyLines) out = removeEmptyLines(out);
+  out = collapseWhitespace(out);
+  if (aggressive)   out = aggressiveMinify(out);
+
+  return out.trim();
+}
+
+function removeComments(content, language) {
+  switch (language) {
+    case 'java':
+    case 'typescript':
+    case 'javascript':
+    case 'vue':
+      return content
+        .replace(/\/\/.*$/gm, '')
+        .replace(/\/\*[\s\S]*?\*\//g, '');
+
+    case 'python':
+      return content
+        .replace(/#.*$/gm, '')
+        .replace(/'''[\s\S]*?'''/g, '')
+        .replace(/"""[\s\S]*?"""/g, '');
+
+    case 'sql':
+      return content
+        .replace(/--.*$/gm, '')
+        .replace(/\/\*[\s\S]*?\*\//g, '');
+
+    case 'xml':
+    case 'html':
+      return content.replace(/<!--[\s\S]*?-->/g, '');
+
+    case 'config':
+      return content.replace(/#.*$/gm, '');
+
+    default:
+      return content;
+  }
+}
+
+function removeEmptyLines(content) {
+  return content
+    .split('\n')
+    .filter(line => line.trim().length > 0)
+    .join('\n');
+}
+
+function collapseWhitespace(content) {
+  return content
+    .split('\n')
+    .map(line => line.trimEnd())
+    .join('\n');
+}
+
+function aggressiveMinify(content) {
+  return content
+    .replace(/\s+/g, ' ')
+    .replace(/\s*([=+\-*/%<>!&|^~?:;,{}()[\]])\s*/g, '$1')
+    .replace(/;\s*}/g, '}')
+    .replace(/\(\s+/g, '(')
+    .replace(/\s+\)/g, ')')
+    .trim();
+}

package/src/bundler/vueMinifier.js

@@ -0,0 +1,39 @@
+import { minifyContent } from './minifier.js';
+
+export function minifyVue(content, options = {}) {
+  const { noStyle = false, noComments = true, noEmptyLines = true, aggressive = false } = options;
+  const result = [];
+
+  // Extract and minify <template>
+  const templateMatch = content.match(/<template>([\s\S]*?)<\/template>/i);
+  if (templateMatch) {
+    let tpl = templateMatch[1];
+    if (noComments)   tpl = tpl.replace(/<!--[\s\S]*?-->/g, '');
+    if (noEmptyLines) tpl = tpl.split('\n').filter(l => l.trim()).join('\n');
+    tpl = tpl.replace(/\s+/g, ' ').trim();
+    if (tpl) result.push(`<template>${tpl}</template>`);
+  }
+
+  // Extract and minify <script> / <script setup>
+  const scriptMatch = content.match(/<script([^>]*)>([\s\S]*?)<\/script>/i);
+  if (scriptMatch) {
+    const attrs = scriptMatch[1];
+    const code = minifyContent(scriptMatch[2], 'javascript',
+      { noComments, noEmptyLines, aggressive });
+    const tag = /setup/i.test(attrs) ? '<script setup>' : '<script>';
+    if (code) result.push(`${tag}${code}</script>`);
+  }
+
+  // Extract and minify <style> (unless skipped)
+  if (!noStyle) {
+    const styleMatch = content.match(/<style([^>]*)>([\s\S]*?)<\/style>/i);
+    if (styleMatch) {
+      const css = styleMatch[2]
+        .replace(/\/\*[\s\S]*?\*\//g, '')
+        .replace(/\s+/g, ' ').trim();
+      if (css) result.push(`<style${styleMatch[1]}>${css}</style>`);
+    }
+  }
+
+  return result.join('\n\n');
+}

package/src/graph/db.js

@@ -0,0 +1,69 @@
+import { DatabaseSync } from 'node:sqlite';
+import path from 'path';
+import os from 'os';
+import fs from 'fs';
+
+const DB_PATH = process.env.CAIRN_DB_PATH || path.join(os.homedir(), '.cairn', 'index.db');
+
+const SCHEMA = `
+  CREATE TABLE IF NOT EXISTS files (
+    id           INTEGER PRIMARY KEY,
+    repo         TEXT NOT NULL,
+    path         TEXT NOT NULL UNIQUE,
+    language     TEXT,
+    file_type    TEXT,
+    last_indexed INTEGER
+  );
+
+  CREATE TABLE IF NOT EXISTS symbols (
+    id          INTEGER PRIMARY KEY,
+    file_id     INTEGER REFERENCES files(id) ON DELETE CASCADE,
+    fqn         TEXT UNIQUE,
+    name        TEXT NOT NULL,
+    kind        TEXT,
+    language    TEXT,
+    exported    INTEGER DEFAULT 0,
+    description TEXT
+  );
+
+  CREATE TABLE IF NOT EXISTS dependencies (
+    from_file_id INTEGER REFERENCES files(id),
+    to_fqn       TEXT,
+    dep_type     TEXT
+  );
+
+  CREATE TABLE IF NOT EXISTS build_deps (
+    repo        TEXT,
+    manager     TEXT,
+    group_id    TEXT,
+    artifact    TEXT,
+    version     TEXT,
+    scope       TEXT
+  );
+
+  CREATE TABLE IF NOT EXISTS security_findings (
+    id           INTEGER PRIMARY KEY,
+    file_id      INTEGER REFERENCES files(id),
+    line         INTEGER,
+    severity     TEXT,
+    cwe          TEXT,
+    rule_name    TEXT,
+    description  TEXT,
+    code_snippet TEXT
+  );
+
+  CREATE VIRTUAL TABLE IF NOT EXISTS fts_index USING fts5(
+    fqn, name, description, path, repo, language, kind
+  );
+`;
+
+export function openDB() {
+  const dir = path.dirname(DB_PATH);
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+
+  const db = new DatabaseSync(DB_PATH);
+  db.exec('PRAGMA journal_mode = WAL');
+  db.exec('PRAGMA synchronous = NORMAL');
+  db.exec(SCHEMA);
+  return db;
+}

package/src/graph/edges.js

@@ -0,0 +1,21 @@
+export function insertDependency(db, { from_file_id, to_fqn, dep_type }) {
+  db.prepare('INSERT INTO dependencies (from_file_id, to_fqn, dep_type) VALUES (?, ?, ?)')
+    .run(from_file_id, to_fqn, dep_type);
+}
+
+export function insertBuildDep(db, { repo, manager, group_id, artifact, version, scope }) {
+  const existing = db.prepare(
+    'SELECT rowid FROM build_deps WHERE repo=? AND manager=? AND artifact=?'
+  ).get(repo, manager, artifact);
+  if (!existing) {
+    db.prepare(
+      'INSERT INTO build_deps (repo, manager, group_id, artifact, version, scope) VALUES (?, ?, ?, ?, ?, ?)'
+    ).run(repo, manager, group_id, artifact, version, scope);
+  }
+}
+
+export function insertSecurityFinding(db, { file_id, line, severity, cwe, rule_name, description, code_snippet }) {
+  db.prepare(
+    'INSERT INTO security_findings (file_id, line, severity, cwe, rule_name, description, code_snippet) VALUES (?, ?, ?, ?, ?, ?, ?)'
+  ).run(file_id, line, severity, cwe, rule_name, description, code_snippet);
+}

package/src/graph/nodes.js

@@ -0,0 +1,30 @@
+export function upsertFile(db, { repo, path, language, file_type }) {
+  const existing = db.prepare('SELECT id FROM files WHERE path = ?').get(path);
+  if (existing) {
+    db.prepare('UPDATE files SET language = ?, file_type = ?, last_indexed = ? WHERE id = ?')
+      .run(language, file_type, Date.now(), existing.id);
+    return existing.id;
+  }
+  const result = db.prepare(
+    'INSERT INTO files (repo, path, language, file_type, last_indexed) VALUES (?, ?, ?, ?, ?)'
+  ).run(repo, path, language, file_type, Date.now());
+  return result.lastInsertRowid;
+}
+
+export function upsertSymbol(db, { file_id, fqn, name, kind, language, exported, description }) {
+  const existing = db.prepare('SELECT id FROM symbols WHERE fqn = ?').get(fqn);
+  if (existing) {
+    db.prepare(
+      'UPDATE symbols SET file_id=?, name=?, kind=?, language=?, exported=?, description=? WHERE id=?'
+    ).run(file_id, name, kind, language, exported ? 1 : 0, description || '', existing.id);
+  } else {
+    db.prepare(
+      'INSERT INTO symbols (file_id, fqn, name, kind, language, exported, description) VALUES (?, ?, ?, ?, ?, ?, ?)'
+    ).run(file_id, fqn, name, kind, language, exported ? 1 : 0, description || '');
+  }
+}
+
+export function clearFileData(db, fileId) {
+  db.prepare('DELETE FROM dependencies WHERE from_file_id = ?').run(fileId);
+  db.prepare('DELETE FROM security_findings WHERE file_id = ?').run(fileId);
+}

package/src/indexer/buildParsers/gradleParser.js

@@ -0,0 +1,14 @@
+export function parseGradle(filePath, content, repoName) {
+  const deps = [];
+
+  // Matches: implementation 'com.example:artifact:1.0.0' or "com.example:artifact:1.0.0"
+  for (const m of content.matchAll(/(\w+)\s+['"]([^:'"]+):([^:'"]+):([^'"]+)['"]/g)) {
+    const scope    = m[1];
+    const group    = m[2];
+    const artifact = m[3];
+    const version  = m[4];
+    deps.push({ manager: 'gradle', group_id: group, artifact, version, scope });
+  }
+
+  return deps;
+}

package/src/indexer/buildParsers/mavenParser.js

@@ -0,0 +1,15 @@
+export function parseMaven(filePath, content, repoName) {
+  const deps = [];
+
+  for (const m of content.matchAll(/<dependency>([\s\S]*?)<\/dependency>/g)) {
+    const block      = m[1];
+    const groupId    = block.match(/<groupId>([^<]+)<\/groupId>/)?.[1] || '';
+    const artifactId = block.match(/<artifactId>([^<]+)<\/artifactId>/)?.[1] || '';
+    const version    = block.match(/<version>([^<]+)<\/version>/)?.[1] || '';
+    const scope      = block.match(/<scope>([^<]+)<\/scope>/)?.[1] || 'compile';
+    if (groupId && artifactId)
+      deps.push({ manager: 'maven', group_id: groupId, artifact: artifactId, version, scope });
+  }
+
+  return deps;
+}