An MCP server that uses tree-sitter AST parsing to enable precise, symbol-level code retrieval from GitHub repositories, reducing AI token costs by 95%+ compared to file-based exploration. Designed for developers using Claude Code, Cursor, and other MCP-compatible clients who want to cut context window waste and API costs.
Cut AI token costs 95%+ on code exploration. The leading MCP server for precise, symbol-level GitHub code retrieval via tree-sitter AST. Works with Claude Code, Cursor & any MCP client. 313B+ tokens saved.
README
jCodeMunch MCP
The leading, most token-efficient MCP server for precise GitHub source code retrieval via tree-sitter AST parsing. Cut AI token costs 95%+ on code exploration — stop burning your context window reading entire files.
Real results, live from production 335B+ tokens saved · 48,000+ developers · $1.69M+ in AI spend avoided · 40,000+ kg CO₂ prevented Live telemetry at jcodemunch.com — benchmark: 95% average token reduction (15 tasks / 3 repos, 99.8% peak).
Works with Autohand Code, Claude Code, Cursor, VS Code, Codex CLI, Continue, Windsurf, and any MCP-compatible client.
One-click installs:
Prefer the command line?
pip install jcodemunch-mcp
uvx jcodemunch-mcp
For pinned/B2B deployments that want a version-stable install channel independent of PyPI, install straight from the repo (requires git, builds from source):
pip install git+https://github.com/jgravelle/jcodemunch-mcp.git
uvx --from git+https://github.com/jgravelle/jcodemunch-mcp.git jcodemunch-mcp
Quickstart - https://github.com/jgravelle/jcodemunch-mcp/blob/main/QUICKSTART.md
A crapload of detailed info: http://jcodemunch.com/
Live OSS code-health observatory — weekly six-axis health snapshots of Express, FastAPI, Gin, Pydantic, Django, Flask, NestJS, Cobra, and this very repo: https://jgravelle.github.io/jcodemunch-observatory/
Token Cost Radar — daily intelligence on AI token costs, minimization strategies, and budget trends for teams running Claude Code / Cursor / MCP: https://jcodemunch.com/radar/
FREE FOR PERSONAL USE
Use it to make money, and Uncle J. gets a taste. Fair enough? details
Our guarantee: If jCodeMunch doesn't pay for itself, you don't pay for jCodeMunch!
Cut code-reading token usage by 95% or more with precise symbol retrieval
Most AI agents explore repositories the expensive way:
open entire files → skim thousands of irrelevant lines → repeat.
That is not “a little inefficient.” That is a token incinerator.
jCodeMunch indexes a codebase once and lets agents retrieve only the exact code they need: functions, classes, methods, constants, outlines, and tightly scoped context bundles, with byte-level precision.
In retrieval-heavy workflows, that routinely cuts code-reading token usage by 95%+ because the agent stops brute-reading giant files just to find one useful implementation.
| Task | Traditional approach | With jCodeMunch |
|---|---|---|
| Find a function | Open and scan large files | Search symbol → fetch exact implementation |
| Understand a module | Read broad file regions | Pull only relevant symbols and imports |
| Explore repo structure | Traverse file after file | Query outlines, trees, and targeted bundles |
Index once. Query cheaply. Keep moving. Precision context beats brute-force context.
Documentation
| Doc | What it covers |
|---|---|
| QUICKSTART.md | Zero-to-indexed in three steps |
| USER_GUIDE.md | Full tool reference, workflows, and best practices |
| AGENT_HOOKS.md | Agent hooks and prompt policies |
| CONFIGURATION.md | JSONC config file reference, migration from env vars |
| GROQ.md | Groq Remote MCP integration, deployment, gcm CLI |
| HEADLESS.md | Using jCodeMunch with claude -p (and the jragmunch CLI) |
| ARCHITECTURE.md | Internal design, storage model, and extension points |
| LANGUAGE_SUPPORT.md | Supported languages and parsing details |
| CONTEXT_PROVIDERS.md | dbt, Git, and custom context provider docs |
| TROUBLESHOOTING.md | Common issues and fixes |
| AGENT_INSTALL_UNIVERSAL.md | Paste-and-go prompt for installing jCodemunch guidance into agent/IDE clients without a first-class jcm install target (Codex CLI, Cline, JetBrains AI, Aider, etc.). For Claude Code, Cursor, Windsurf, Continue — use jcm install <client> instead. |
Compact output — the second token axis (MUNCH)
Retrieval decides what to send. MUNCH decides how to pack it.
Every tool response can be emitted in a purpose-built compact wire format instead of verbose JSON. Path prefixes are interned to short handles, homogeneous lists of dicts pack into single-character-tagged CSV rows, and per-column types are preserved so the decode is lossless.
# any tool call accepts format=
find_references(identifier="get_user", format="auto")
# auto — emit compact if savings ≥ 15%, otherwise JSON
# compact — always compact
# json — never compact (back-compat passthrough)
Benchmark (v1.56.0): median 45.5% bytes saved across 6 representative tools, peaks at 55.4% on graph and outline responses. Full spec in SPEC_MUNCH.md; numbers and harness in TOKEN_SAVINGS.md.
Encoding savings stack on top of retrieval savings — every byte off the wire is a byte the agent doesn't pay to read.
Structured code retrieval for serious AI agents
What's new
- v1.108.94 (2026-07-02) — New tool: index_dependency (index the libraries a repo actually uses)
- v1.108.93 (2026-07-02) — Upstream exposure links (get_endpoint_impact include_infra exposes)
- v1.108.92 (2026-07-02) — Progress-notification flood control + response drain (#359)
Mentioned by
- Artur Skowroński (VirtusLab) — "roughly 80% fewer tokens, or 5× more efficient — index once, query cheaply forever" · GitHub All-Stars #15
- Julian Horsey (Geeky Gadgets) — "3,850 tokens reduced to just 700 — a 5.5× improvement" · JCodeMunch AI Token Saver
- Sion Williams — "preserving tokens for tasks that actually require reasoning rather than retrieval" · March 2026 AI Workflow Update
- Traci Lim (AWS · ASEAN AI Lead) — "structural queries that native tools can't answer: find_importers, get_blast_radius, get_class_hierarchy, find_dead_code" · 5 Repos That Save Token Usage in Claude Code
- Eric Grill — "context is the scarce resource. Cut it by 90% and the whole stack gets cheaper and more reliable" · jCodemunch: Context Engine for AI Agents
Commercial licenses
jCodeMunch-MCP is free for non-commercial use.
Commercial use requires a paid license.
jCodeMunch-only licenses
- Builder — $79 — 1 developer
- Studio — $349 — up to 5 developers
- Platform — $1,999 — org-wide internal deployment
Want the full jMunch suite (code + docs + data)?
Stop paying your model to read the whole damn file.
jCodeMunch turns repo exploration into structured retrieval.
Instead of forcing an agent to open giant files, wade through imports, boilerplate, comments, helpers, and unrelated code, jCodeMunch lets it navigate by what the code is and retrieve only what matters.
That means:
- 95%+ lower code-reading token usage in many retrieval-heavy workflows
- less irrelevant context polluting the prompt
- faster repo exploration
- more accurate code lookup
- less repeated file-scanning nonsense
It indexes your codebase once using tree-sitter, stores structured symbol metadata plus byte offsets into the original source, and retrieves exact implementations on demand instead of re-reading entire files over and over.
Recent releases have made that retrieval workflow sharper and more useful in real engineering work, with BM25-based symbol search, fuzzy matching, semantic/hybrid search (opt-in, zero mandatory dependencies), query-driven token-budgeted context assembly (get_ranked_context), dead code detection (find_dead_code), untested symbol detection (get_untested_symbols), git-diff-to-symbol mapping (get_changed_symbols), architectural centrality ranking (get_symbol_importance, PageRank), cold-start orientation maps (get_repo_map — query-less, token-budgeted, signature-only repo overview ranked by PageRank), consolidation candidate detection (find_similar_symbols — multi-signal duplicate finder blending semantic embeddings, structural signature, and behavioral callee Jaccard; union-find clustering with verdict tiers and PageRank-based canonical-pick), cross-repo API contract surfacing (get_group_contracts — group of indexed repos in, ranked shared-symbol contracts out, each classified as de_facto_api / leaky_internal / dead_contract / version_skew with stability + breaking-change history + runtime hits), concrete-implementation discovery (find_implementations — multi-source resolution across LSP dispatch / class hierarchy / duck-typed / decorator-handler with confidence scoring), deletion preflight (check_delete_safe — composite verdict from importers + references + dead-code + runtime evidence + entry-point heuristics, with ranked blockers and recommended action), edit-safety preflight (check_edit_safe — the companion that answers "can I modify this," fusing signature impact, cyclomatic complexity, test-coverage presence, and runtime traffic into a verdict + recommended action), task-aware single-call context orchestration (assemble_task_context — natural-language task in, source-attributed context capsule out; auto-classifies into one of six intents with explainable keyword matching, auto-extracts anchor symbols from the task, runs the intent-appropriate sub-tool sequence end-to-end under one token budget), blast-radius depth scoring with source snippets, context bundles with token budgets, AST-derived call graphs and call hierarchy traversal, decorator-aware search and filtering, hotspot detection (complexity x churn), dependency cycles and coupling metrics, session-aware routing (plan_turn, turn budgets, negative evidence), agent config auditing, complexity-based model routing (Agent Selector), enforcement hooks (PreToolUse/PostToolUse/PreCompact), dependency graphs, class hierarchy traversal, multi-symbol bundles, live watch-based reindexing, automatic Claude Code worktree discovery (watch-claude), registry-wide auto-reindexing with one-command login-service install (watch-all + watch-install / watch-uninstall / watch-status; also exposed as MCP tool get_watch_status), auto-watch on demand (when watch: true in config, the server automatically indexes and watches any repo a tool is called against — ensuring fresh results from the first call), trusted-folder access controls, edit-ready refactoring plans (plan_refactoring) for rename, move, extract, and signature change operations, symbol provenance archaeology (get_symbol_provenance — full git lineage, semantic commit classification, evolution narrative), unified PR risk profiling (get_pr_risk_profile — composite risk score fusing blast radius, complexity, churn, test gaps, and volume), automatic response secret redaction (AWS/GCP/Azure/JWT/GitHub tokens scrubbed before reaching the LLM context window), and cross-language AST pattern matching (search_ast — 10 preset anti-pattern detectors + custom mini-DSL for structural queries like call:*.unwrap, string:/password/i, nesting:5+; works across all 70+ languages with universal node-type mapping).
Real-world results
Reproducible token efficiency benchmark
Measured with tiktoken cl100k_base across three public repos. Workflow: search_symbols (top 5) + get_symbol_source × 3 per query. Baseline: all source files concatenated (minimum cost for an agent that reads everything). Full methodology and harness →
| Repository | Files | Symbols | Baseline tokens | jCodeMunch tokens | Reduction |
|---|---|---|---|---|---|
| expressjs/express | 34 | 117 | 73,838 | ~1,300 avg | 98.4% |
| fastapi/fastapi | 156 | 1,359 | 214,312 | ~15,600 avg | 92.7% |
| gin-gonic/gin | 40 | 805 | 84,892 | ~1,730 avg | 98.0% |
| Grand total (15 task-runs) | 1,865,210 | 92,515 | 95.0% |
Per-query results range from 79.7% (dense FastAPI router query) to 99.8% (sparse context-bind query on Express). The 95% figure is the aggregate. Run python benchmarks/harness/run_benchmark.py to reproduce.
A/B test on production codebase
Independent 50-iteration A/B test on a real Vue 3 + Firebase production codebase — JCodeMunch vs native tools (Grep/Glob/Read), Claude Sonnet 4.6, fresh session per iteration:
| Metric | Native | JCodeMunch |
|---|---|---|
| Success rate | 72% | 80% |
| Timeout rate | 40% | 32% |
| Mean cost/iteration | $0.783 | $0.738 |
| Mean cache creation | 104,135 | 93,178 (−10.5%) |
Tool-layer savings isolated from fixed overhead: 15–25%. One finding category appeared exclusively in the JCodeMunch variant: orphaned file detection via find_importers — a structural query native tools cannot answer without scripting.
Full report: benchmarks/ab-test-naming-audit-2026-03-18.md
Why agents need this
Most agents still inspect codebases like tourists trapped in an airport gift shop:
- open entire files to find one function
- re-read the same code repeatedly
- consume imports, boilerplate, and unrelated helpers
- burn context window on material they never needed in the first place
jCodeMunch fixes that by giving them a structured way to:
- search symbols by name, kind, or language — with fuzzy matching and optional semantic/hybrid search
- inspect file and repo outlines before pulling source
- retrieve exact symbol implementations only
- grab a token-budgeted context bundle or ranked context pack for a task
- fall back to text search when structure alone is not enough
- detect dead code, trace impact, rank by centrality, and map git diffs to symbols
- plan the next turn with
plan_turn— confidence-guided routing before the first read - assemble a whole task's context in one call with
assemble_task_context— intent-classified, multi-tool, single token budget - track session state and avoid re-reading files the agent already explored
Agents do not need bigger and bigger context windows.
They need better aim.
What you get
Symbol-level retrieval
Find and fetch functions, classes, methods, constants, and more without opening entire files.
Faster repo understanding
Inspect repository structure and file outlines before asking for source.
Lower token spend
Send the model the code it needs, not 1,500 lines of collateral damage.
One-call task orchestration — the tools compose, they don't sit in isolation
The retrieval primitives below are not a disconnected bag of tools the agent has to wire together by hand. Two composition tools drive the rest:
assemble_task_contexttakes a natural-language task and returns a single source-attributed context capsule under a token budget. It auto-classifies the task into one of six intents (explore / debug / refactor / extend / audit / review), auto-extracts the anchor symbols, and runs the intent-appropriate sequence of the tools below end-to-end — so the agent gets the whole context for a task in one request instead of chaining five. Every entry is tagged with itsstageandsource_tool, so the provenance is auditable.plan_turnis the opening move: it analyzes the query against the index and returns a confidence-guided route — which tools to call, on which symbols, under a turn budget — before the first read. Low confidence means "this probably doesn't exist," so the agent stops instead of burning a budget hunting for a feature that isn't there.get_ranked_contextpacks the most relevant symbols for a query into a fixed token budget (BM25 + PageRank), when you want a ranked context pack rather than a full intent sequence.
The point: jCodeMunch is structured retrieval with an orchestration layer over it, not a pile of primitives. The composition tools run the right sub-tools, in the right order, under one budget, in one call.
Structural queries native tools can't answer
find_importers tells you what imports a file. get_blast_radius tells you what breaks if you change a symbol, with depth-weighted risk scores and optional source snippets. get_class_hierarchy traverses inheritance chains. get_call_hierarchy traces callers and callees N levels deep using AST-derived call graphs, with optional LSP-enriched dispatch resolution for interface/trait method calls. find_dead_code finds symbols and files unreachable from any entry point. get_untested_symbols finds functions with no evidence of test-file reachability — the intersection of import-graph analysis and test-file detection. get_changed_symbols maps a git diff to the exact symbols that were added, modified, or removed. get_symbol_importance ranks your codebase by architectural centrality using PageRank on the import graph. get_hotspots surfaces the riskiest code by combining complexity with git churn. get_dependency_cycles detects circular imports. get_coupling_metrics measures module coupling and instability. get_tectonic_map discovers the logical module topology by fusing three coupling signals (imports, shared references, git co-churn) — revealing hidden module boundaries, misplaced files, and god-module risk without any configuration. get_signal_chains traces how external signals (HTTP requests, CLI commands, scheduled tasks, events) propagate through the codebase via the call graph — discovery mode maps all entry-point-to-leaf pathways and reports orphan symbols, lookup mode tells you which user-facing chains a specific symbol participates in (e.g. "validate_email sits on POST /api/users and cli:import-users"). get_endpoint_impact answers the endpoint-shaped version of "what breaks if I change X": give it an HTTP endpoint (GET /users) or a handler symbol and it resolves the route to its handler — across string-dispatch (Django/Express/Flask/Rails) and decorator routes (Flask/FastAPI/Spring) — then fuses the blast radius (importing files + callers) with the templates that handler renders, in one read-only call mapping a URL to everything a change to it would touch; pass include_infra=true and it also crosses the code/infra boundary, surfacing the env vars, compose services, Dockerfiles, CI jobs, and scripts whose project-intel cross-references land in that endpoint's blast radius, plus what exposes the app to the outside world (compose port mappings, K8s Services and Ingresses) — each exposure labelled with its real precision, host_port unless an Ingress path rule literally names the route (ingress_path). These are not "faster grep" — they are questions grep cannot answer at all.
And the questions don't stop at your own code: index_dependency resolves a third-party package to the version actually installed in your repo (node_modules or a repo-local virtualenv — version read from package metadata, no registry lookup, nothing leaves your machine) and indexes it as its own queryable repo in one call. Your agent stops guessing a library's API from training data and starts reading the exact code it's running against — including compiled npm packages that ship only dist/ with type declarations.
Compiler-verified references — no language server required
AST-derived analysis is fast and language-broad, but dynamic dispatch and barrel re-exports can hide references from any static heuristic. import-scip closes that gap with evidence instead of guesswork: point it at a SCIP index file — the artifact scip-typescript, scip-python, scip-java, scip-go, rust-analyzer, and scip-clang already emit in CI — and jCodeMunch stores the compiler's own reference and implementation edges alongside the index. find_references then labels agreement as verification: "compiler_verified" and, more importantly, surfaces the references only the compiler saw as additional source: "scip" rows. The evidence is honest about its age: results ingested at an older index HEAD carry a stale flag and a re-import hint rather than posing as current truth. One command in CI (scip-typescript index && jcodemunch-mcp import-scip index.scip), zero language servers running, nothing executed by jCodeMunch itself, and everything stays on your machine.
Agent config hygiene
audit_agent_config scans your CLAUDE.md, .cursorrules, copilot-instructions.md, and other agent config files for token waste: per-file token cost, stale symbol references (cross-referenced against the index — catches renamed or deleted functions), dead file paths, redundancy between global and project configs, bloat, and scope leaks. No other tool can tell you "line 15 references a function that was renamed three weeks ago."
Symbol provenance and PR risk profiling
get_symbol_provenance is git archaeology: given a symbol, it traces every commit that touched it, classifies each into semantic categories (creation, bugfix, refactor, feature, perf, rename, revert), extracts commit intent, and generates a human-readable narrative explaining who created it, why, and how it evolved. get_pr_risk_profile produces a unified risk assessment for a branch or PR — one call fuses blast radius, complexity, churn, test gaps, and change volume into a composite risk score (0.0–1.0) with actionable recommendations. get_delivery_metrics quantifies durable-change delivery over a window: of the non-merge commits in the last N days, how many landed and stuck versus were reverted or re-touched (churn-back) within a short horizon — with churn-hub files (CHANGELOG, version, a monolithic dispatch module) excluded from the rework signal so a shared ledger can't masquerade as rework. The durable count is the honest numerator for a cost-per-outcome ratio: pair it with AI spend (the delivery CLI takes --cost) to show how much got done for how little, instead of rewarding raw activity. All responses are automatically scanned for leaked credentials (AWS keys, JWTs, GCP service accounts, etc.) and redacted before reaching the LLM.
Cross-language AST pattern matching
search_ast brings structural code analysis to every language jCodeMunch indexes — write one query, match across all 70+ languages. Preset anti-patterns detect common problems without any configuration: empty_catch (silently swallowed errors), bare_except (catch-all handlers), deeply_nested (5+ control-flow levels), nested_loops (O(n³)+ performance risk), god_function (100+ line functions), eval_exec (injection-risk dynamic execution), hardcoded_secret (credential patterns in strings), todo_fixme (unfinished work markers), magic_number (unexplained numeric constants), and reassigned_param (overwritten function parameters). Run category='all' for a full sweep, or focus on security, error_handling, complexity, performance, or maintenance. Custom queries use a mini-DSL: call:*.unwrap (find method calls by glob), string:/password/i (regex over string literals), comment:/TODO/i (regex in comments), nesting:5+, loops:3+, lines:80+ (threshold queries). Every match is attributed to its enclosing indexed symbol with complexity metadata — so you can see not just where the problem is, but how bad the surrounding function already is.
Multi-axis constraint queries
winnow_symbols composes signals that every other tool exposes separately — kind, complexity, decorator, direct call references, file glob, name regex, git churn, and PageRank importance — into a single AND-intersected query. Agents stop making four or five calls and merging results by hand: "functions that call db.Exec, cyclomatic > 10, churned in the last 30 days, ranked by importance" resolves in one round trip. Supported axes expose their own operator set (eq, in, matches, contains, numeric comparisons); the window for churn-based filters is per-criterion. Results include per-symbol importance, complexity, and churn scores so the agent can explain why each survivor made the cut.
Better engineering workflows
Useful for onboarding, debugging, refactoring, impact analysis, and exploring unfamiliar repos without brute-force file reading.
Refactoring Planner
plan_refactoring generates exact edit-ready instructions for rename, move, extract, and
signature change operations. Returns {old_text, new_text} blocks compatible with any editor's
find-and-replace, plus import rewrites, collision detection, new file generation, and multi-file coordination.
Calibrated retrieval signals (v1.74.0+ telemetry initiative)
Every retrieval result now ships with three machine-readable health signals so agents can stop guessing whether to trust the response:
_meta.confidence— calibrated 0–1 score combining top-1/top-2 score gap, top-1 strength, identity-match presence, and freshness. Lets an agent gate follow-upget_symbol_sourcecalls on a single number._freshness ∈ {fresh, edited_uncommitted, stale_index}on every result entry, plus a_meta.freshnesssummary. Derived from index SHA vsgit rev-parse HEADand per-file mtime checks.- Per-tool latency telemetry (
p50/p95/max/error_rate) exposed viaget_session_stats.latency_per_tooland theanalyze_perftool. Optional SQLite sink (~/.code-index/telemetry.db) for cross-session analysis.
The tune_weights tool reads the persistent ranking ledger and learns per-repo retrieval weights (saved to ~/.code-index/tuning.jsonc). check_embedding_drift pins a 16-string canary to detect silent provider model changes. benchmarks/replay/ provides a CI-friendly retrieval-quality regression gate (nDCG/MRR/Recall) that every release runs against.
The suggest_corrections tool (and the reflect CLI) close the loop: they mine the same ranking ledger for retrieval regret — where retrieval failed and the agent had to re-ask — and return a prioritized, explainable set of suggested fixes (a CLAUDE.md routing or glossary line as a unified-diff preview, an index-freshness hint, a stale-config finding, a dry-run weight proposal). It is read-only by design: it suggests a patch and shows you the diff; applying it is your keystroke, never the server's. Requires perf_telemetry_enabled (it has a ledger to read only then) and returns an honest hint when off.
Local-first speed
Indexes are stored locally for fast repeated access.
How it works
jCodeMunch indexes local folders or GitHub repos, parses source with tree-sitter, extracts symbols, and stores structured metadata alongside raw file content in a local index. Each symbol includes enough information to be found cheaply and retrieved precisely later.
That includes metadata like:
- signature
- kind
- qualified name
- one-line summary
- byte offsets into the original file
So when the agent wants a symbol, jCodeMunch can fetch the exact source directly instead of loading and rescanning the full file.
Background behavior, fully disclosed
Everything jCodeMunch does beyond answering a tool call is listed here. All of it is visible, opt-in or opt-out, and reversible.
- File watching. The
watch/watch-all/watch-claudecommands (andwatch: truein config) re-index files when they change. Watching runs inside a process you started and stops when that process exits. Nothing monitors your filesystem unless a jCodeMunch process you launched is running. - Login service — explicit opt-in only.
jcodemunch-mcp watch-installregisterswatch-allas a login service (Windows Task Scheduler / macOS launchd / Linux systemd) so indexes stay fresh across reboots. This happens only when you runwatch-installyourself;init,install, and normal server use never register a service. Inspect it withwatch-status; remove it withwatch-uninstall. - Anonymous savings telemetry. The server periodically sends a random anonymous ID plus aggregate token-savings counters to the project's public community meter. No code, no file paths, no repo names, no PII — counters only. The sender is a single background daemon thread that starts lazily on the first share (never at import, and never if you have opted out), so a plain import has no background side effect. Opt out with
share_savings: falseinconfig.jsoncorJCODEMUNCH_SHARE_SAVINGS=0; redirect the endpoint withJCODEMUNCH_TELEMETRY_URL. - Agent hooks.
init/installcan write hook entries (auto-reindex on edit, read-interception nudges) into your MCP client's settings. They're offered during the interactive flow, shown before writing, and fully removed byuninstall. - Local index storage. Indexes live at
~/.code-index/(override withCODE_INDEX_PATH). Delete the directory and every trace of indexing is gone. - Live session journal. While the server runs, it periodically writes a small
_session_live.jsonin~/.code-index/recording the files and searches the agent touched this session (paths and query strings only, no file contents). It exists so the out-of-process PreCompact hook can restore session orientation after context compaction. Throttled, atomically written, overwritten in place; disable withJCODEMUNCH_LIVE_JOURNAL=0. - User-invoked network calls. A few commands you run explicitly reach the network. None run in the background or fire on a plain import; each happens only when you invoke the command:
- License validation.
license,org-rollup, andinstall-pack --licensesend your license key tovalidate.phponj.gravelle.usto confirm it. This gates only the teamorg-rollupfeature; the individual tools never call it. - Starter-pack download.
install-packfetches the pack catalog and any pre-built index pack you request fromj.gravelle.us(a premium pack also sends your license key). - Embedding-model download.
download-model— and the first semantic encode when the[local-embed]extra is installed — downloads the ONNX model (all-MiniLM-L6-v2, ~23 MB, one time) fromhuggingface.co; after that, semantic search needs no network.
- License validation.
Beyond the user-invoked calls listed above, the base package makes no other network calls and leaves no other persistent processes. AI-summary extras call their configured provider's API only when you enable them — see the extras matrix under Start fast.
Start fast
Ubuntu 24.04+ / Debian 12+: System Python is externally managed (PEP 668). Use
pipx install jcodemunch-mcporuv tool install jcodemunch-mcpinstead of barepip install.
Option A: One command (recommended)
pip install jcodemunch-mcp
jcodemunch-mcp init
init auto-detects your MCP clients (Claude Code, Claude Desktop, Cursor, Windsurf, Continue), writes their config entries, installs the CLAUDE.md prompt policy so your agent actually uses jCodeMunch, optionally installs enforcement hooks (PreToolUse read guard + PostToolUse auto-reindex + PreCompact session snapshot), optionally indexes your project, and audits your agent config files for token waste. Run jcodemunch-mcp init --help for all flags.
Prefer a one-line CLAUDE.md? From v1.71.0 the server exposes a
jcodemunch_guidetool that returns the same policy snippetclaude-md --generateprints — with the running version embedded. Keep this single line in your CLAUDE.md / AGENT.md and the guide always matches the installed server:Call the jcodemunch_guide tool and strictly follow its instructions.The tool is force-included, so it can't be hidden by
disabled_toolsor tier filtering.
For non-interactive CI or scripting:
jcodemunch-mcp init --yes --claude-md global --hooks --index --audit
Option B: Manual setup
1. Install it
pip install jcodemunch-mcp
Want semantic search? Install the local embedding extra for zero-config semantic search — no API keys, no internet after first download:
pip install "jcodemunch-mcp[local-embed]" # bundled ONNX encoder (recommended) jcodemunch-mcp download-model # fetch model (~23 MB, one-time)Want AI-generated summaries? Install the extra for your provider:
pip install "jcodemunch-mcp[anthropic]" # Claude pip install "jcodemunch-mcp[gemini]" # Gemini pip install "jcodemunch-mcp[openai]" # OpenAI-compatible pip install "jcodemunch-mcp[all]" # all providers + local embeddingsWithout an extra, summaries fall back to signatures (which still works — you just get shorter descriptions). Run
jcodemunch-mcp config --checkto verify your provider is installed and working.
Most extras are pure-Python and self-contained. A few pull libraries that touch system surfaces worth noting for managed-endpoint and SOC 2 / HIPAA-adjacent deployments. For the base package alone, none of these surfaces are introduced.
| Extra | Transitive dependencies of note | System surfaces |
|---|---|---|
| (base, no extra) | none | none |
[local-embed] |
onnxruntime |
local CPU inference (no network after model download); model fetched on first run |
[anthropic] |
anthropic SDK |
outbound HTTPS to api.anthropic.com when AI summaries are enabled |
[gemini] |
google-generativeai |
outbound HTTPS to Google AI endpoints when AI summaries are enabled |
[openai] |
openai SDK |
outbound HTTPS to api.openai.com (or OPENAI_API_BASE) when AI summaries are enabled |
[groq] |
openai SDK |
outbound HTTPS to Groq endpoints; used by the gcm CLI and speedreview Action |
[groq-voice] |
sounddevice, numpy |
microphone access — sounddevice.InputStream opens the system audio device when the voice path is invoked |
[groq-explain] |
Pillow |
image decode / re-encode of attached screenshots |
[all] |
union of all the above | union of all surfaces above, including microphone ([groq-voice]) and image libraries ([groq-explain]) |
For managed-endpoint deployments where microphone access on developer machines
is policy-restricted (HIPAA, SOC 2, finance), pin to the base package or to the
specific provider extras you need. The voice and explain paths are opt-in
features, not part of the core MCP server functionality, and [all] is the
only extra that bundles them together.
Upgrading
Upgrade through whatever installed it, then restart your editor / MCP client so it relaunches the server on the new version:
pip install -U jcodemunch-mcp # pip
pipx upgrade jcodemunch-mcp # pipx
uv tool upgrade jcodemunch-mcp # uv tool
uvx jcodemunch-mcp@latest --help # uvx (forces a cache refresh)
Check what you're running with jcodemunch-mcp --version.
Prefer not to touch the command line? jMunch Console (free, MIT, opt-in) makes upgrades one click — it shows an "update available" badge when a newer release exists and runs the install for you in a visible terminal (uv / pipx / pip, whichever you have), so you never copy a command.
2. Add it to your MCP client
If you’re using Claude Code, pick whichever matches what you installed in step 1.
Pip install (simplest, what most people do):
claude mcp add -s user jcodemunch jcodemunch-mcp
The -s user flag registers it at user scope so it's available in every
project. Without it, the registration is project-local and you'll see it
missing the next time you cd elsewhere. If jcodemunch-mcp isn't found
on PATH (common on Windows where pip install --user installs to
AppData\Roaming\Python\PythonXYZ\Scripts\), use the absolute path:
# Windows
claude mcp add -s user jcodemunch "C:\Users\YOU\AppData\Roaming\Python\
Comments (0)
Sign in to join the discussion.
No comments yet
Be the first to share your take.