cxpak is both an executable binary that can be run, and a library that can be used in Rust programs.

Installing the command-line executable

Assuming you have Rust/Cargo installed, run this command in a terminal:

cargo install cxpak

It will make the cxpak command available in your PATH if you've allowed the PATH to be modified when installing Rust. cargo uninstall cxpak uninstalls.

Adding `cxpak` library as a dependency

Run this command in a terminal, in your project's directory:

cargo add cxpak

To add it manually, edit your project's Cargo.toml file and add to the [dependencies] section:

cxpak = "2.1.0"

The cxpak library will be automatically available globally. Read the cxpak library documentation.

Back to the crate overview.

Readme

cxpak

Spends CPU cycles so you don't spend tokens.

cxpak indexes your codebase using tree-sitter across 42 languages, builds a typed dependency graph, and produces token-budgeted context bundles that give LLMs a briefing packet instead of a flashlight in a dark room. It understands your code's architecture, conventions, risk profile, and data layer -- then packs exactly what the LLM needs, nothing more.

What it looks like

Dashboard

Architecture Explorer -- directed dependency graph with risk coloring

Architecture -- tooltip with PageRank and metadata on hover

Risk Heatmap -- treemap sized by token count, colored by risk score

Flow Diagram -- call graph with directional arrows

Diff View -- before/after with blast radius overlay

Install

brew tap Barnett-Studios/tap && brew install cxpak   # macOS/Linux
cargo install cxpak                                   # or via cargo

Quick start

# See your codebase the way an LLM should
cxpak overview .

# Trace a symbol through the dependency graph
cxpak trace "handle_request" .

# Generate an interactive dashboard
cxpak visual --visual-type dashboard .

# Get a guided reading order for onboarding
cxpak onboard .

Use with AI tools

Claude Code / Cursor (MCP)

Add to .mcp.json in your project root:

{
  "mcpServers": {
    "cxpak": {
      "command": "cxpak",
      "args": ["serve", "--mcp", "."]
    }
  }
}

Your AI tool gets 26 codebase intelligence tools -- cxpak_auto_context is the main entry point. One call, optimal context:

Category	Tools
Context	`auto_context`, `overview`, `trace`, `diff`, `search`, `context_for_task`, `pack_context`, `context_diff`
Intelligence	`health`, `risks`, `architecture`, `blast_radius`, `predict`, `drift`, `dead_code`, `call_graph`
Security	`security_surface`, `data_flow`, `cross_lang`
Conventions	`conventions`, `verify`, `briefing`
Visual	`visual`, `onboard`
Surface	`api_surface`, `stats`

Claude Code Plugin

/plugin install cxpak

Auto-triggers on architecture questions and change reviews. Slash commands: /cxpak:overview, /cxpak:trace, /cxpak:diff, /cxpak:clean.

HTTP Server

cxpak serve .                          # port 3000
cxpak serve --token my-secret .        # with Bearer auth on /v1/ endpoints
cxpak watch .                          # file watcher with hot index

LSP

cxpak lsp .                            # stdio, works with any LSP client

CodeLens, hover, diagnostics, workspace symbols, plus 14 custom cxpak/* methods. Supports didOpen/didChange/didClose for in-editor reactivity.

Core capabilities

Auto Context

cxpak_auto_context is the primary entry point. Give it a task and token budget; it returns exactly what the LLM needs.

The pipeline: query expansion with domain-specific synonyms, 7-signal relevance scoring (keyword, symbol, path, domain, import proximity, PageRank, embeddings), seed selection, noise filtering, test/schema/blast-radius enrichment, progressive degradation (Full > Trimmed > Documented > Signature > Stub), and per-file annotations explaining why each file was included.

Every response starts with a Repository DNA section -- a ~1000 token convention summary so the LLM knows how your team writes code before it sees any.

Intelligence

Feature	What it does
Health Score	Composite metric across conventions, test coverage, churn stability, coupling, cycles, dead code
Risk Ranking	Files ranked by churn x blast radius x test gap -- the ones most likely to cause problems
Architecture	Per-module coupling, cohesion, circular dependencies, boundary violations, god files
Blast Radius	Change impact: direct dependents, transitive dependents, test files, schema dependents, each with risk scores
Change Prediction	Structural + historical (180-day co-change) + call-graph signals, confidence 0.3--0.9
Architecture Drift	Compare against stored baselines; auto-saves snapshots for trend tracking
Dead Code	Symbols with zero callers, ranked by importance (PageRank x visibility)
Call Graph	Cross-file call edges with Exact/Approximate confidence levels
Security Surface	Unprotected endpoints, secrets, SQL injection, validation gaps, exposure scores across 12 frameworks
Data Flow	Trace values source-to-sink through the call graph; reports module/language/security boundary crossings
Cross-Language	HTTP, FFI, gRPC, GraphQL, shared schema, and exec bridges between languages

Visual Intelligence

Six interactive views, self-contained HTML with D3.js. No build step, no CDN.

cxpak visual --visual-type dashboard .
cxpak visual --visual-type architecture .
cxpak visual --visual-type risk .
cxpak visual --visual-type flow --symbol handle_request .
cxpak visual --visual-type timeline .
cxpak visual --visual-type diff --files "src/api.rs,src/db.rs" .

Export formats: HTML, Mermaid, SVG, PNG, C4 DSL, JSON.

Layout engine: Sugiyama method with SCC condensation, barycenter crossing minimization, Brandes-Kopf coordinate assignment, and 7+/-2 cognitive clustering.

Conventions

Extracts a quantified convention profile from what your team actually does: naming, imports, error handling, dependencies, testing, visibility, function length, git health. Each pattern has counts, percentages, and strength labels (Convention >= 90%, Trend >= 70%, Mixed).

cxpak_verify checks code changes against observed conventions -- only flags violations in changed lines. cxpak conventions export/diff enables CI drift detection with SHA256 checksums.

Onboarding

cxpak onboard .

Generates a dependency-ordered reading guide: files topologically sorted, grouped into phases by module, ordered by PageRank. Each file lists key symbols to focus on and an estimated reading time.

Language support (42)

Full extraction (functions, classes, methods, imports, exports): Rust, TypeScript, JavaScript, Python, Java, Go, C, C++, Ruby, C#, Swift, Kotlin, Bash, PHP, Dart, Scala, Lua, Elixir, Zig, Haskell, Groovy, Objective-C, R, Julia, OCaml, MATLAB

Structural extraction (selectors, keys, blocks): CSS, SCSS, Markdown, JSON, YAML, TOML, Dockerfile, HCL/Terraform, Protobuf, Svelte, Makefile, HTML, GraphQL, XML

Database DSLs: SQL, Prisma

Data layer awareness

cxpak understands your data layer and uses it to build a richer dependency graph:

Schema detection -- SQL DDL, Prisma, Django, SQLAlchemy, TypeORM, ActiveRecord
Migration sequences -- Rails, Alembic, Flyway, Django, Knex, Prisma, Drizzle
Embedded SQL linking -- inline SQL in application code creates edges to table definitions
10 typed edge types -- Import, ForeignKey, ViewReference, EmbeddedSql, OrmModel, MigrationSequence, CrossLanguage, and more

Embeddings

Semantic similarity as the 7th scoring signal. Local inference with all-MiniLM-L6-v2 (zero config, ~30 MB), or bring your own key for OpenAI, Voyage AI, or Cohere via .cxpak.json. Falls back gracefully to 6 deterministic signals on any failure.

WASM Plugin SDK

Extend cxpak with custom analyzers and detectors:

Plugin manifest with SHA-256 checksum verification before WASM compilation
wasmtime sandbox: epoch interruption (CPU), 64 MB memory cap, capability enforcement
File pattern scoping and content access control

Workspace support

For monorepos: --workspace packages/api scopes scanning to a subdirectory while keeping the full repo as the git root.

Caching

Parse results cached in .cxpak/cache/ keyed on file mtime and size. Cache invalidates automatically when tree-sitter grammar versions change. Atomic writes with advisory locking for concurrent process safety. cxpak clean . to reset.

Stable API

v2.0.0 establishes semver for the MCP API. Tool names, parameters, and response structures are stable across 2.x.

License

MIT

Built by Barnett Studios -- building products, teams, and systems that last.

Installing the command-line executable

Adding cxpak library as a dependency

Adding `cxpak` library as a dependency