purecontext-mcp 1.1.0 → 1.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENT_INSTRUCTIONS.md +509 -0
- package/AGENT_INSTRUCTIONS_SHORT.md +97 -0
- package/CHANGELOG.md +212 -0
- package/docs/01-introduction.md +69 -0
- package/docs/02-installation.md +267 -0
- package/docs/03-quick-start.md +135 -0
- package/docs/04-configuration.md +214 -0
- package/docs/05-cli-reference.md +130 -0
- package/docs/06-tools-reference.md +499 -0
- package/docs/07-language-support.md +88 -0
- package/docs/08-framework-adapters.md +324 -0
- package/docs/09-dependency-graph.md +182 -0
- package/docs/10-semantic-search.md +153 -0
- package/docs/11-search-quality.md +110 -0
- package/docs/12-ai-summarization.md +106 -0
- package/docs/13-token-savings.md +110 -0
- package/docs/14-transport-modes.md +167 -0
- package/docs/15-team-setup.md +251 -0
- package/docs/16-docker.md +186 -0
- package/docs/17-web-ui.md +157 -0
- package/docs/18-git-history.md +157 -0
- package/docs/19-cross-repo.md +177 -0
- package/docs/20-architecture-analysis.md +228 -0
- package/docs/21-ecosystem-tools.md +189 -0
- package/docs/22-distribution.md +240 -0
- package/docs/23-performance.md +121 -0
- package/docs/24-security.md +144 -0
- package/docs/25-architecture-overview.md +240 -0
- package/docs/26-troubleshooting.md +234 -0
- package/docs/27-api-stability.md +114 -0
- package/docs/README.md +71 -0
- package/guide/README.md +57 -0
- package/guide/ai-summaries.md +127 -0
- package/guide/code-health.md +190 -0
- package/guide/code-history.md +149 -0
- package/guide/finding-code.md +157 -0
- package/guide/navigating-new-code.md +121 -0
- package/guide/safe-changes.md +156 -0
- package/guide/team-setup.md +191 -0
- package/guide/web-ui.md +154 -0
- package/guide/why-purecontext.md +73 -0
- package/guide/workflow-onboarding.md +114 -0
- package/guide/workflow-pr-review.md +199 -0
- package/guide/workflow-refactoring.md +172 -0
- package/package.json +9 -2
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
# Navigating a New Codebase
|
|
2
|
+
|
|
3
|
+
Whether you've just joined a team or picked up a project you haven't touched in six months, the first challenge is the same: you don't know where anything is. PureContext gives you a structured way to orient yourself without reading files at random.
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## The orientation problem
|
|
8
|
+
|
|
9
|
+
Most developers starting on a new codebase do one of three things: they ask someone to walk them through it (expensive for the team), they read files top-to-bottom hoping to find patterns (slow), or they wait until they need to touch something and learn as they go (risky).
|
|
10
|
+
|
|
11
|
+
AI assistants make this better in theory — but without a structured index, they can only help you understand files you explicitly show them. PureContext lets Claude navigate the codebase proactively, building a picture you can interrogate.
|
|
12
|
+
|
|
13
|
+
---
|
|
14
|
+
|
|
15
|
+
## Step 1: Get the lay of the land
|
|
16
|
+
|
|
17
|
+
Start by asking Claude to describe the project structure:
|
|
18
|
+
|
|
19
|
+
> "Give me an overview of this project's structure. What are the main directories and what do they contain?"
|
|
20
|
+
|
|
21
|
+
Claude will call `get_file_tree` and `get_repo_outline` to return a directory breakdown and the top-level symbols per file — without reading any file content. In a 200-file TypeScript project, this might return something like:
|
|
22
|
+
|
|
23
|
+
```
|
|
24
|
+
src/
|
|
25
|
+
api/ — 12 files, 87 symbols (routes, controllers, middleware)
|
|
26
|
+
core/ — 8 files, 64 symbols (services, domain logic)
|
|
27
|
+
db/ — 5 files, 43 symbols (models, migrations, queries)
|
|
28
|
+
workers/ — 3 files, 28 symbols (background job handlers)
|
|
29
|
+
utils/ — 6 files, 51 symbols (formatters, validators, helpers)
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
That's the skeleton. You now know where things live without reading a single file.
|
|
33
|
+
|
|
34
|
+
---
|
|
35
|
+
|
|
36
|
+
## Step 2: Find the entry points
|
|
37
|
+
|
|
38
|
+
> "Where does this application start? What are the main entry points?"
|
|
39
|
+
|
|
40
|
+
Claude will search for common patterns — `main`, `createServer`, `app.listen`, `bootstrap` — and return the symbols with their signatures. For a Node.js API:
|
|
41
|
+
|
|
42
|
+
```
|
|
43
|
+
src/index.ts — bootstrap() starts the HTTP server
|
|
44
|
+
src/api/router.ts — createRouter() registers all routes
|
|
45
|
+
src/workers/index.ts — startWorkers() initializes background jobs
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
Three entry points, their file locations, their signatures — in seconds.
|
|
49
|
+
|
|
50
|
+
---
|
|
51
|
+
|
|
52
|
+
## Step 3: Follow a feature you care about
|
|
53
|
+
|
|
54
|
+
Once you know the structure, pick a feature area you'll be working in and trace it:
|
|
55
|
+
|
|
56
|
+
> "I'll be working on the payment system. Find all payment-related symbols."
|
|
57
|
+
|
|
58
|
+
```
|
|
59
|
+
search_symbols(query: "payment") →
|
|
60
|
+
processPayment() src/core/billing.ts function
|
|
61
|
+
PaymentGateway src/api/gateway.ts class
|
|
62
|
+
validatePaymentMethod src/core/validators.ts function
|
|
63
|
+
POST /payments src/api/routes/payments.ts route
|
|
64
|
+
PaymentRecord src/db/models/payment.ts class (ORM model)
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
Five symbols across five files gives you the full map of the payment system before you've opened a single file.
|
|
68
|
+
|
|
69
|
+
---
|
|
70
|
+
|
|
71
|
+
## Step 4: Understand a specific symbol in depth
|
|
72
|
+
|
|
73
|
+
Now pick the one that matters most:
|
|
74
|
+
|
|
75
|
+
> "Show me how processPayment works and what it depends on."
|
|
76
|
+
|
|
77
|
+
Claude calls `get_context_bundle` starting from `processPayment`. It returns the function's source plus everything it imports transitively — `validatePaymentMethod`, `PaymentGateway`, the database model — up to the depth you specify. The token estimate tells you how large the context is before it loads.
|
|
78
|
+
|
|
79
|
+
This is the difference between "read billing.ts" (entire file) and "get the context bundle for processPayment" (exactly the symbols involved in payment processing, nothing else).
|
|
80
|
+
|
|
81
|
+
---
|
|
82
|
+
|
|
83
|
+
## Step 5: Ask questions about what you've found
|
|
84
|
+
|
|
85
|
+
With the context bundle loaded, ask anything:
|
|
86
|
+
|
|
87
|
+
> "What happens if the payment gateway is unavailable? Does this code handle that case?"
|
|
88
|
+
|
|
89
|
+
> "Where does the currency conversion happen? I don't see it in processPayment."
|
|
90
|
+
|
|
91
|
+
> "Who calls this function? I want to make sure I understand all the places payments are triggered."
|
|
92
|
+
|
|
93
|
+
Claude uses `find_importers` and `search_symbols` to answer the last question without you having to search manually.
|
|
94
|
+
|
|
95
|
+
---
|
|
96
|
+
|
|
97
|
+
## For enterprise onboarding: going deeper
|
|
98
|
+
|
|
99
|
+
On a large codebase, you won't understand everything in one session. Use PureContext to build a map over time:
|
|
100
|
+
|
|
101
|
+
**Day 1:** Project structure, entry points, the one domain area you'll be working in.
|
|
102
|
+
|
|
103
|
+
**Day 2:** The APIs your domain area calls. The services it depends on. The database tables it touches.
|
|
104
|
+
|
|
105
|
+
**Week 1:** The patterns the codebase uses. How errors propagate. How authentication works. How jobs are scheduled.
|
|
106
|
+
|
|
107
|
+
Each of these is a focused PureContext session — specific questions with targeted symbol retrieval. You're not reading documentation that may be stale. You're reading the code that's actually running.
|
|
108
|
+
|
|
109
|
+
---
|
|
110
|
+
|
|
111
|
+
## Tips
|
|
112
|
+
|
|
113
|
+
**Use `get_file_outline` on files you'll be editing frequently.** It gives you a complete list of everything defined in a file with signatures and summaries — a live table of contents that's always current.
|
|
114
|
+
|
|
115
|
+
**Ask about naming conventions early.** `search_symbols(query: "user")` in a new codebase tells you immediately whether the team calls things `User`, `UserRecord`, `UserEntity`, or `Account`. Understanding the vocabulary saves hours.
|
|
116
|
+
|
|
117
|
+
**Don't try to understand everything at once.** The goal of day-one orientation is to know where to find things, not to understand every file. Let the index do the navigation for you when you need something specific.
|
|
118
|
+
|
|
119
|
+
---
|
|
120
|
+
|
|
121
|
+
→ Reference: [MCP Tools Reference](../docs/06-tools-reference.md) — `get_file_tree`, `get_repo_outline`, `get_file_outline`, `search_symbols`, `get_context_bundle`
|
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
# Making Changes Safely
|
|
2
|
+
|
|
3
|
+
The hardest part of changing code in a large codebase is not writing the new code — it's understanding what the old code touches. Every change that breaks something unexpected does so because the developer didn't know about a dependency they couldn't see.
|
|
4
|
+
|
|
5
|
+
PureContext gives you two tools that together form a complete pre-change analysis workflow: **blast radius** (what does this touch?) and **context bundle** (what does this need?).
|
|
6
|
+
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
## The blast radius: knowing your impact before you start
|
|
10
|
+
|
|
11
|
+
Before you change anything, find out what depends on it.
|
|
12
|
+
|
|
13
|
+
**Scenario:** You're refactoring a utility function `formatCurrency` that's been in the codebase for three years. It's used everywhere, but you don't know exactly where.
|
|
14
|
+
|
|
15
|
+
> "Before I refactor formatCurrency, show me everything that uses it."
|
|
16
|
+
|
|
17
|
+
Claude calls `get_blast_radius` and returns:
|
|
18
|
+
|
|
19
|
+
```
|
|
20
|
+
formatCurrency() is imported by 23 files:
|
|
21
|
+
Direct importers (depth 1):
|
|
22
|
+
src/billing/invoice.ts
|
|
23
|
+
src/reporting/pdf-generator.ts
|
|
24
|
+
src/api/responses/pricing.ts
|
|
25
|
+
src/ui/components/PriceDisplay.tsx
|
|
26
|
+
... (8 more)
|
|
27
|
+
|
|
28
|
+
Transitive importers (depth 2–3):
|
|
29
|
+
src/api/routes/orders.ts (via billing/invoice.ts)
|
|
30
|
+
src/workers/monthly-report.ts (via reporting/pdf-generator.ts)
|
|
31
|
+
... (9 more)
|
|
32
|
+
|
|
33
|
+
Total files affected: 23
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
You now know the scope before you've written a line. If the blast radius is 23 files, you know this change needs careful testing. If it's 2, you can move quickly.
|
|
37
|
+
|
|
38
|
+
**What the blast radius tells you:**
|
|
39
|
+
- Files you need to update if the function's signature changes
|
|
40
|
+
- Test files that will break if behavior changes
|
|
41
|
+
- Services that will fail if the function is removed
|
|
42
|
+
- The difference between "safe to refactor locally" and "needs a deprecation cycle"
|
|
43
|
+
|
|
44
|
+
**Using blast radius for deletion decisions:**
|
|
45
|
+
|
|
46
|
+
> "I think this helper is unused — can you confirm?"
|
|
47
|
+
|
|
48
|
+
```
|
|
49
|
+
get_blast_radius(symbolId: "legacyFormatDate-id") →
|
|
50
|
+
importers: []
|
|
51
|
+
count: 0
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
Zero importers. Safe to delete. `find_dead_code` will surface all such symbols at once across the whole codebase.
|
|
55
|
+
|
|
56
|
+
---
|
|
57
|
+
|
|
58
|
+
## The context bundle: understanding what you're changing
|
|
59
|
+
|
|
60
|
+
Once you know the impact scope, understand the code itself before you touch it.
|
|
61
|
+
|
|
62
|
+
**Scenario:** You need to modify the `processOrder` function but you've never worked in this part of the codebase. You need to understand what it calls, what data it expects, and what it produces.
|
|
63
|
+
|
|
64
|
+
> "Give me everything I need to understand processOrder before I change it."
|
|
65
|
+
|
|
66
|
+
Claude calls `get_context_bundle` starting from `processOrder` with a depth of 2:
|
|
67
|
+
|
|
68
|
+
```
|
|
69
|
+
Context bundle for processOrder():
|
|
70
|
+
|
|
71
|
+
processOrder() src/orders/processor.ts (the function itself, 67 lines)
|
|
72
|
+
validateCart() src/cart/validator.ts (called by processOrder, 34 lines)
|
|
73
|
+
calculateTax() src/billing/tax.ts (called by processOrder, 28 lines)
|
|
74
|
+
formatPrice() src/utils/format.ts (called by validateCart, 12 lines)
|
|
75
|
+
OrderRecord src/db/models/order.ts (the data shape, 22 lines)
|
|
76
|
+
|
|
77
|
+
Token estimate: 1,240 tokens
|
|
78
|
+
Files covered: 5
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
1,240 tokens for a complete picture of the order processing flow. Reading those 5 files directly would be ~8,000 tokens and would include unrelated functions, imports, and comments.
|
|
82
|
+
|
|
83
|
+
**Setting depth:** `maxDepth: 1` gives you just the direct dependencies. `maxDepth: 3` follows the dependency chain further but returns more. Start at 2 and go deeper only if you need it.
|
|
84
|
+
|
|
85
|
+
**Setting a token budget:** If you're working within a context window budget, set `maxTokens` and the bundle will stop collecting symbols once the estimate exceeds it — always returning the most directly connected ones first.
|
|
86
|
+
|
|
87
|
+
---
|
|
88
|
+
|
|
89
|
+
## The complete pre-change workflow
|
|
90
|
+
|
|
91
|
+
This is the pattern to use before any significant change:
|
|
92
|
+
|
|
93
|
+
```
|
|
94
|
+
1. Identify the symbol you're changing
|
|
95
|
+
search_symbols(query: "processOrder") → find the right one
|
|
96
|
+
|
|
97
|
+
2. Check the blast radius
|
|
98
|
+
get_blast_radius(symbolId) → how many files are affected?
|
|
99
|
+
|
|
100
|
+
3. Understand the symbol in context
|
|
101
|
+
get_context_bundle(symbolId, maxDepth: 2) → what does it depend on?
|
|
102
|
+
|
|
103
|
+
4. Make the change
|
|
104
|
+
|
|
105
|
+
5. Verify nothing became orphaned
|
|
106
|
+
find_dead_code(repoId) → any exports that are now unused?
|
|
107
|
+
|
|
108
|
+
6. Re-index (if you changed signatures)
|
|
109
|
+
index_folder → incremental, fast, picks up your changes
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
---
|
|
113
|
+
|
|
114
|
+
## Detecting architectural violations before they ship
|
|
115
|
+
|
|
116
|
+
PureContext can also check whether your change violates the project's intended layer structure. If your codebase has defined architectural layers — for example, "core services must not import from API controllers" — the `get_layer_violations` tool checks for violations across the whole codebase.
|
|
117
|
+
|
|
118
|
+
> "Check if my changes introduced any architectural boundary violations."
|
|
119
|
+
|
|
120
|
+
```
|
|
121
|
+
get_layer_violations(repoId) →
|
|
122
|
+
|
|
123
|
+
VIOLATION: src/core/billing.ts imports from src/api/middleware/auth.ts
|
|
124
|
+
Layer: core → api (not allowed per layer rules)
|
|
125
|
+
Import: AuthMiddleware
|
|
126
|
+
```
|
|
127
|
+
|
|
128
|
+
Catch these before code review, not during.
|
|
129
|
+
|
|
130
|
+
---
|
|
131
|
+
|
|
132
|
+
## For teams: sharing impact analysis
|
|
133
|
+
|
|
134
|
+
In a team environment, blast radius analysis is especially valuable during planning. Before a developer starts on a change, ask PureContext to assess the scope:
|
|
135
|
+
|
|
136
|
+
> "We're planning to move the authentication service from JWT to session-based auth. What's the blast radius of changing the validateToken function?"
|
|
137
|
+
|
|
138
|
+
The answer tells the team how many files need to be updated, which services are affected, and whether this is a one-person job or a coordinated migration. That's a planning conversation that used to require a senior engineer's memory of the codebase.
|
|
139
|
+
|
|
140
|
+
---
|
|
141
|
+
|
|
142
|
+
## For legacy codebases
|
|
143
|
+
|
|
144
|
+
Legacy codebases are where blast radius analysis pays off most. Nobody knows all the call sites for a function that's been there for five years. PureContext does.
|
|
145
|
+
|
|
146
|
+
Before refactoring anything in a legacy system:
|
|
147
|
+
|
|
148
|
+
1. Run `find_dead_code` first — it often reveals that 20% of what you thought you needed to understand is actually unused
|
|
149
|
+
2. Use blast radius on the symbols you do need to change — the dependency graph doesn't lie
|
|
150
|
+
3. Use context bundle to understand the chain before proposing a change to your team
|
|
151
|
+
|
|
152
|
+
This transforms "I think this change is safe but I'm not sure" into "I know exactly which 7 files this change affects and here they are."
|
|
153
|
+
|
|
154
|
+
---
|
|
155
|
+
|
|
156
|
+
→ Reference: [MCP Tools Reference](../docs/06-tools-reference.md) — `get_blast_radius`, `get_context_bundle`, `find_importers`, `find_dead_code`, `get_layer_violations`
|
|
@@ -0,0 +1,191 @@
|
|
|
1
|
+
# Using PureContext with a Team
|
|
2
|
+
|
|
3
|
+
Running PureContext locally is useful. Running it as a shared server is transformative. The difference is the difference between one person being able to navigate the codebase and the whole team navigating it — with the same index, the same symbol summaries, and the same dependency graph.
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## The problem with local-only indexing
|
|
8
|
+
|
|
9
|
+
When every developer runs PureContext locally, several problems emerge:
|
|
10
|
+
|
|
11
|
+
**Inconsistent indexes.** Alice indexed last Tuesday. Bob indexed this morning. Charlie hasn't indexed at all since he joined. When the team asks the AI questions about the codebase, they're getting answers from three different versions of the truth.
|
|
12
|
+
|
|
13
|
+
**Redundant work.** A 10,000-file codebase takes a minute to index from scratch. Every developer on a 20-person team does this independently. It's 20 minutes of CPU time and API calls (if AI summaries are enabled) that could have been done once.
|
|
14
|
+
|
|
15
|
+
**No shared knowledge base.** Symbol summaries generated by AI are stored in the local index. The rich, useful summaries that help Alice navigate the codebase exist only on Alice's laptop. Bob gets a different quality of search because he hasn't generated summaries yet.
|
|
16
|
+
|
|
17
|
+
**CI doesn't benefit.** A local index goes stale the moment you push code and someone else merges. There's no way to keep it current across a team without a server.
|
|
18
|
+
|
|
19
|
+
---
|
|
20
|
+
|
|
21
|
+
## The shared server model
|
|
22
|
+
|
|
23
|
+
A shared PureContext server indexes the codebase once and serves all team members. Every developer connects with a personal API key and queries the same index.
|
|
24
|
+
|
|
25
|
+
```
|
|
26
|
+
Developer A (Claude Code) ──┐
|
|
27
|
+
Developer B (Claude Code) ──┤── HTTPS ──► PureContext Server ──► Shared SQLite Index
|
|
28
|
+
Developer C (Claude Code) ──┘ ↑
|
|
29
|
+
CI auto-reindex on push
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
The index is updated automatically when code is pushed, either through webhooks or CI. When a developer starts a conversation about a feature, they're working with the current state of the main branch — not whatever they had locally last week.
|
|
33
|
+
|
|
34
|
+
---
|
|
35
|
+
|
|
36
|
+
## Deploying the server
|
|
37
|
+
|
|
38
|
+
The fastest path is Docker:
|
|
39
|
+
|
|
40
|
+
```bash
|
|
41
|
+
docker run -d \
|
|
42
|
+
--name purecontext \
|
|
43
|
+
-p 3000:3000 \
|
|
44
|
+
-v "$(pwd)/data:/data" \
|
|
45
|
+
-e PCTX_ADMIN_KEY="$(openssl rand -hex 32)" \
|
|
46
|
+
--restart unless-stopped \
|
|
47
|
+
purecontext/purecontext-mcp:latest
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
Save the `PCTX_ADMIN_KEY` — it's the root credential for all server management.
|
|
51
|
+
|
|
52
|
+
Verify:
|
|
53
|
+
```bash
|
|
54
|
+
curl http://localhost:3000/health
|
|
55
|
+
# {"status":"ok","version":"1.x.x","repoCount":0}
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
For production, put the server behind nginx or Caddy for TLS. See [Docker Deployment](../docs/16-docker.md) for the full nginx and Caddy configuration.
|
|
59
|
+
|
|
60
|
+
---
|
|
61
|
+
|
|
62
|
+
## Setting up workspaces and API keys
|
|
63
|
+
|
|
64
|
+
A **workspace** is the unit of isolation. Each team or project gets its own workspace — separate repos, separate API keys, no cross-workspace access.
|
|
65
|
+
|
|
66
|
+
```bash
|
|
67
|
+
# Create a workspace for your team
|
|
68
|
+
curl -s -X POST http://localhost:3000/admin/workspaces \
|
|
69
|
+
-H "Authorization: Bearer $PCTX_ADMIN_KEY" \
|
|
70
|
+
-H "Content-Type: application/json" \
|
|
71
|
+
-d '{"name": "backend-team"}'
|
|
72
|
+
|
|
73
|
+
# → {"id": "ws_abc123", "name": "backend-team"}
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
Then create a personal API key for each developer:
|
|
77
|
+
|
|
78
|
+
```bash
|
|
79
|
+
curl -s -X POST http://localhost:3000/admin/keys \
|
|
80
|
+
-H "Authorization: Bearer $PCTX_ADMIN_KEY" \
|
|
81
|
+
-H "Content-Type: application/json" \
|
|
82
|
+
-d '{"label": "alice-macbook", "workspace_id": "ws_abc123", "permissions": ["read", "write"]}'
|
|
83
|
+
|
|
84
|
+
# → {"key": "pctx_00000000_..._1234"} ← shown once, save immediately
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
**Permission levels:**
|
|
88
|
+
|
|
89
|
+
| Permission | What it allows |
|
|
90
|
+
|------------|---------------|
|
|
91
|
+
| `read` | Search and retrieve — for AI agents that navigate but don't index |
|
|
92
|
+
| `write` | + Index new repos and trigger re-indexing |
|
|
93
|
+
| `admin` | + Manage keys and workspaces |
|
|
94
|
+
|
|
95
|
+
Most developers should have `read` permission. CI pipelines and the one developer responsible for keeping the index current get `write`.
|
|
96
|
+
|
|
97
|
+
---
|
|
98
|
+
|
|
99
|
+
## Connecting each developer
|
|
100
|
+
|
|
101
|
+
Each developer runs this once:
|
|
102
|
+
|
|
103
|
+
```bash
|
|
104
|
+
claude mcp add purecontext-shared \
|
|
105
|
+
--transport http \
|
|
106
|
+
--url https://purecontext.yourcompany.com/mcp/sse \
|
|
107
|
+
--header "Authorization: Bearer pctx_theirpersonalkey"
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
From that point on, when any team member talks to Claude about the codebase, they're working from the shared index. No individual indexing. No staleness.
|
|
111
|
+
|
|
112
|
+
---
|
|
113
|
+
|
|
114
|
+
## Keeping the index current with webhooks
|
|
115
|
+
|
|
116
|
+
Configure a webhook in your repository to trigger re-indexing automatically on every push to main:
|
|
117
|
+
|
|
118
|
+
```json
|
|
119
|
+
{
|
|
120
|
+
"webhooks": {
|
|
121
|
+
"enabled": true,
|
|
122
|
+
"secret": "${WEBHOOK_SECRET}",
|
|
123
|
+
"branches": ["main", "develop"]
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
```
|
|
127
|
+
|
|
128
|
+
In GitHub: Settings → Webhooks → Add webhook → Payload URL: `https://purecontext.yourcompany.com/webhook/github`.
|
|
129
|
+
|
|
130
|
+
After this, every merged PR triggers an incremental re-index within seconds. The index is always current. Developers never need to think about it.
|
|
131
|
+
|
|
132
|
+
---
|
|
133
|
+
|
|
134
|
+
## Using GitHub Actions for CI integration
|
|
135
|
+
|
|
136
|
+
For teams that want index building as part of CI rather than webhooks, the official GitHub Action handles it:
|
|
137
|
+
|
|
138
|
+
```yaml
|
|
139
|
+
- uses: purecontext/purecontext-mcp@v1
|
|
140
|
+
with:
|
|
141
|
+
token: ${{ secrets.GITHUB_TOKEN }}
|
|
142
|
+
analyze-diff: 'true' # posts blast radius as PR comment
|
|
143
|
+
detect-antipatterns: 'false' # set to 'true' to fail CI on critical issues
|
|
144
|
+
upload-index: 'true' # uploads .pcx bundle as artifact
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
When `analyze-diff` is enabled, every pull request gets an automated comment showing which symbols changed, their blast radius, and the review priority — before a human reviewer has read a line.
|
|
148
|
+
|
|
149
|
+
---
|
|
150
|
+
|
|
151
|
+
## Onboarding new developers
|
|
152
|
+
|
|
153
|
+
With a shared index and AI summaries enabled, a new developer's first day is fundamentally different.
|
|
154
|
+
|
|
155
|
+
**Without PureContext:** "Here's the codebase. Here are some key files to read. Find someone to give you a walkthrough."
|
|
156
|
+
|
|
157
|
+
**With PureContext:** The developer opens Claude Code, connects to the shared server, and asks questions.
|
|
158
|
+
|
|
159
|
+
> "I'm new here. Give me an overview of the payment service and explain how orders flow through it."
|
|
160
|
+
|
|
161
|
+
Claude uses `get_repo_outline`, `get_context_bundle`, and `get_file_outline` to build a picture and explain it. The explanation draws from the actual current code, not documentation that may be outdated. The new developer doesn't need to find a senior engineer — they can get a coherent, accurate orientation on demand.
|
|
162
|
+
|
|
163
|
+
This doesn't eliminate the value of pairing and walkthroughs — it eliminates the need for them to cover basic navigation. Senior engineers spend time sharing context that can't be indexed, not explaining where the auth service lives.
|
|
164
|
+
|
|
165
|
+
---
|
|
166
|
+
|
|
167
|
+
## Enterprise considerations
|
|
168
|
+
|
|
169
|
+
**Rate limiting:** Each API key has a configurable token bucket. Heavy operations like indexing cost more tokens than searches. This prevents any single AI agent from monopolizing the server.
|
|
170
|
+
|
|
171
|
+
```json
|
|
172
|
+
{
|
|
173
|
+
"rateLimit": {
|
|
174
|
+
"maxTokens": 100,
|
|
175
|
+
"refillRate": 10,
|
|
176
|
+
"perToolLimits": { "index_folder": 10, "search_symbols": 1 }
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
**Audit logging:** The HTTP server logs every tool call with the key label, tool name, repoId, and duration. Pipe these to your log aggregator for compliance trails.
|
|
182
|
+
|
|
183
|
+
**Data isolation:** API keys from one workspace cannot access repos in another. Workspace isolation is enforced at the SQL query level — there's no path to cross-workspace data access.
|
|
184
|
+
|
|
185
|
+
**No data leaves your infrastructure:** PureContext stores everything in SQLite on your server. If you enable AI summarization, those calls go to whichever AI provider you've configured — otherwise, no external connections are made.
|
|
186
|
+
|
|
187
|
+
---
|
|
188
|
+
|
|
189
|
+
→ Reference: [Team Setup & Multi-Tenant](../docs/15-team-setup.md) — admin API reference, full configuration
|
|
190
|
+
→ Reference: [Docker Deployment](../docs/16-docker.md) — reverse proxy configuration, resource requirements
|
|
191
|
+
→ Reference: [Security](../docs/24-security.md) — threat model, hardening checklist
|
package/guide/web-ui.md
ADDED
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
# The Web UI
|
|
2
|
+
|
|
3
|
+
PureContext's primary interface is the AI agent — you talk to Claude and it calls the tools. But some questions are easier to answer visually than through conversation. The Web UI exists for those moments.
|
|
4
|
+
|
|
5
|
+
It runs in a browser alongside the MCP server and requires no separate installation — start the server in HTTP mode and open `http://localhost:3000`.
|
|
6
|
+
|
|
7
|
+
```bash
|
|
8
|
+
purecontext-mcp --transport http --port 3000
|
|
9
|
+
```
|
|
10
|
+
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
## When to use the UI instead of the chat
|
|
14
|
+
|
|
15
|
+
**The chat is better for:** Specific questions, targeted retrieval, workflows that need AI reasoning alongside code navigation. "Find the authentication logic and explain why the session expiry is set the way it is."
|
|
16
|
+
|
|
17
|
+
**The UI is better for:** Understanding the big picture, spotting patterns, navigating by clicking rather than typing, sharing a visual with your team, architecture reviews.
|
|
18
|
+
|
|
19
|
+
The two complement each other. Start a session in the chat to understand a specific feature, then open the UI to see where that feature sits in the larger dependency map.
|
|
20
|
+
|
|
21
|
+
---
|
|
22
|
+
|
|
23
|
+
## Repository browser
|
|
24
|
+
|
|
25
|
+
The sidebar lists every indexed repository with symbol counts, file counts, and language breakdown. Click a repository to open its file tree.
|
|
26
|
+
|
|
27
|
+
The file tree is collapsible and shows symbol counts per directory. Click any file to open its **symbol outline** — all symbols in the file with their signatures and summaries, like a live table of contents. Click any symbol to open its source.
|
|
28
|
+
|
|
29
|
+
This is the fastest way to get a feel for a module you haven't worked in before: expand the directory, scan the symbol outline, open the two or three symbols that seem most relevant.
|
|
30
|
+
|
|
31
|
+
---
|
|
32
|
+
|
|
33
|
+
## Symbol search
|
|
34
|
+
|
|
35
|
+
The search bar at the top is always available. Start typing and results appear within 300ms — no need to press Enter.
|
|
36
|
+
|
|
37
|
+
- **Keyword mode:** Searches symbol names and summaries. `processOrder` and `process order` return the same results.
|
|
38
|
+
- **Semantic mode:** Toggle to search by meaning. "function that validates credentials" finds relevant symbols even if none of them have "validate" or "credentials" in their name.
|
|
39
|
+
- **Filters:** Narrow by symbol kind (function, class, route, component, etc.) or file path pattern.
|
|
40
|
+
|
|
41
|
+
Results are navigable by keyboard: arrow keys to move, Enter to open. Query terms are highlighted in results so you can see why each result matched.
|
|
42
|
+
|
|
43
|
+
---
|
|
44
|
+
|
|
45
|
+
## Symbol viewer
|
|
46
|
+
|
|
47
|
+
Clicking any symbol opens a syntax-highlighted view of its source. The highlighter uses the same token definitions as VS Code — the rendering quality is the same as your editor.
|
|
48
|
+
|
|
49
|
+
The right panel shows three related sets:
|
|
50
|
+
- **Dependencies** — symbols this one imports, in order of relevance
|
|
51
|
+
- **Importers** — symbols that import this one (the blast radius, one level)
|
|
52
|
+
- **Same file** — other symbols defined in the same file
|
|
53
|
+
|
|
54
|
+
Clicking any of these navigates to that symbol. This lets you trace a dependency chain by clicking through the graph rather than running a series of queries.
|
|
55
|
+
|
|
56
|
+
URLs are shareable. Each symbol view has a stable URL — link a colleague directly to the function you want them to look at.
|
|
57
|
+
|
|
58
|
+
---
|
|
59
|
+
|
|
60
|
+
## Dependency graph viewer
|
|
61
|
+
|
|
62
|
+
The graph view renders the dependency relationships between files and symbols as a force-directed network. Nodes are files or symbols; edges are import relationships.
|
|
63
|
+
|
|
64
|
+
Open the graph viewer from any symbol with the **G** keyboard shortcut, or from the toolbar.
|
|
65
|
+
|
|
66
|
+
### Navigating the graph
|
|
67
|
+
|
|
68
|
+
| Action | How |
|
|
69
|
+
|--------|-----|
|
|
70
|
+
| Pan | Click and drag the background |
|
|
71
|
+
| Zoom | Scroll wheel |
|
|
72
|
+
| Fit everything in view | Double-click background |
|
|
73
|
+
| Select a node | Click it |
|
|
74
|
+
| Expand a node's connections | Click the **+** button on the node |
|
|
75
|
+
| Switch between dependency/importer view | Toggle in toolbar |
|
|
76
|
+
|
|
77
|
+
### Layout options
|
|
78
|
+
|
|
79
|
+
- **Force-directed** (default): Nodes cluster by how connected they are. Highly-connected files naturally cluster toward the center. Leaf nodes float outward. This reveals the structure of your codebase without any manual arrangement.
|
|
80
|
+
- **Hierarchical**: Root at top, dependencies flow downward. Clearer for trees with a single root.
|
|
81
|
+
- **Radial**: Selected node at center, connected nodes radiate out. Good for exploring one module's connections.
|
|
82
|
+
|
|
83
|
+
### Blast radius view
|
|
84
|
+
|
|
85
|
+
Switch to blast radius mode to see everything that depends on the selected node — color gradient from red (directly imports this) to yellow (transitively imports this). This is the visual equivalent of `get_blast_radius`, and it makes the scope of a change immediately legible in a way that a file list cannot.
|
|
86
|
+
|
|
87
|
+
**Practical use:** Before a code review or planning meeting, open the blast radius view for the symbols being changed. The visual immediately communicates whether this is a localized change or a cross-cutting concern.
|
|
88
|
+
|
|
89
|
+
### Depth control
|
|
90
|
+
|
|
91
|
+
The depth slider controls how many hops from the selected node are shown. At depth 1 you see direct connections. At depth 3 or 4 you see the full transitive graph. Large graphs at high depth can get dense — use the language and kind filters to focus on what matters.
|
|
92
|
+
|
|
93
|
+
### Cycle detection
|
|
94
|
+
|
|
95
|
+
Enable cycle detection to highlight circular dependencies in red. Circular dependencies are often a sign of architectural problems — modules that depend on each other can't be changed independently and are hard to test in isolation.
|
|
96
|
+
|
|
97
|
+
---
|
|
98
|
+
|
|
99
|
+
## Architecture heatmap
|
|
100
|
+
|
|
101
|
+
The heatmap overlays your file tree with color-coded quality signals. Select a metric from the dropdown and every file in the tree gets a color:
|
|
102
|
+
|
|
103
|
+
| Metric | What it shows |
|
|
104
|
+
|--------|--------------|
|
|
105
|
+
| **Churn** | Blue (stable) to red (high churn). High-churn files are actively changing or unstable. |
|
|
106
|
+
| **Complexity** | Green to red. Red files have high cyclomatic complexity — hard to understand and test. |
|
|
107
|
+
| **Quality score** | Green (healthy) to red (needs attention). Composite of complexity, coupling, and documentation coverage. |
|
|
108
|
+
| **Test coverage** | Green (well-covered) to red (uncovered). Requires uploading an lcov coverage report. |
|
|
109
|
+
|
|
110
|
+
Click any file cell in the heatmap to open its symbol outline. The heatmap is particularly effective for architecture reviews and sprint planning — it makes "where should we focus our technical debt effort?" a visual answer rather than a debate.
|
|
111
|
+
|
|
112
|
+
**Uploading test coverage:** Generate an lcov report from your test suite (`npx vitest --coverage`, `pytest --cov`, etc.) and upload it in Settings → Coverage. The coverage overlay then appears as an option in the heatmap dropdown.
|
|
113
|
+
|
|
114
|
+
---
|
|
115
|
+
|
|
116
|
+
## Symbol timeline
|
|
117
|
+
|
|
118
|
+
The symbol timeline shows a function's git history as a visual chart. Each commit that touched the symbol appears as a marker on the timeline.
|
|
119
|
+
|
|
120
|
+
Hover any marker to see the commit message, author, and date. Click to expand the diff for that function at that point — what lines were added, what were removed, what the function looked like before.
|
|
121
|
+
|
|
122
|
+
This is useful for three scenarios:
|
|
123
|
+
|
|
124
|
+
**Understanding why something is the way it is.** Follow the timeline backward. The function grew in a particular direction for a reason — the commit messages explain the decisions that accumulated over time.
|
|
125
|
+
|
|
126
|
+
**Finding when a bug was introduced.** Scan the timeline for changes around the date the bug was reported. The diff at that commit is usually the answer.
|
|
127
|
+
|
|
128
|
+
**Onboarding walkthroughs.** Show a new team member the history of a core function as a story — "here's where we started, here's when we added caching, here's when we refactored for the multi-region launch."
|
|
129
|
+
|
|
130
|
+
---
|
|
131
|
+
|
|
132
|
+
## Multi-repo workspace
|
|
133
|
+
|
|
134
|
+
When multiple repositories are indexed, the sidebar shows a repository switcher. The workspace view lists all repos with their key metrics. Cross-repo search results appear in a unified list with the source repository identified for each result.
|
|
135
|
+
|
|
136
|
+
This is particularly useful for microservices architectures or monorepos with multiple packages — you can search across the entire system from a single interface without switching contexts.
|
|
137
|
+
|
|
138
|
+
---
|
|
139
|
+
|
|
140
|
+
## Keyboard shortcuts
|
|
141
|
+
|
|
142
|
+
| Shortcut | Action |
|
|
143
|
+
|----------|--------|
|
|
144
|
+
| `/` | Focus search bar |
|
|
145
|
+
| `↑` / `↓` | Navigate search results |
|
|
146
|
+
| `Enter` | Open selected symbol |
|
|
147
|
+
| `Esc` | Close panels / clear search |
|
|
148
|
+
| `G` | Open graph view for current symbol |
|
|
149
|
+
| `B` | Show blast radius for current symbol |
|
|
150
|
+
| `H` | Toggle heatmap overlay |
|
|
151
|
+
|
|
152
|
+
---
|
|
153
|
+
|
|
154
|
+
→ Reference: [Web UI](../docs/17-web-ui.md) — full feature reference including build instructions
|