CCM
/MCP
SkillsMCPMarketplacesDigestToolsAdvertise

This week in Claude

Every Monday: Claude Code, Agent SDK, MCP, and the Anthropic platform moves worth your time.

Skills by Category
Frontend DevelopmentBackend & APIsTesting & QASecurityDevOps & CI/CDGit & Pull RequestsDocumentationCode Review & QualityAI & Agent BuildingSkill Development
MCP Servers by Category
Sales & MarketingWeb & Browser AutomationDatabasesAI & LLM ToolsCloud & InfrastructureCommunication & MessagingDeveloper ToolsDesign & CreativeDocuments & KnowledgeSearch & Web Crawling
Marketplaces by Category
AI Agents & OrchestrationLLM IntegrationDevelopment ToolsFrontend & UIBackend & APIsDatabasesTesting & Code QualityDevOps & CloudSecurity & ComplianceGit & Version Control

Claude Code Marketplaces

Discover Claude Code plugins, extensions, and tools. Automatically updated directory of Anthropic Claude AI marketplaces with development tools, productivity plugins, and integrations.

Resources

  • Browse Skills
  • Browse MCP Servers
  • Browse Marketplaces
  • Plugins Reference

Community

  • About
  • Tools
  • Feedback
  • Privacy Policy
  • Advertise

Built for the Claude Code community with Claude Code by @mertduzgun

Independent project, not affiliated with Anthropic

Flyto Indexer

flytohub/flyto-indexer
4STDIOregistry active
Summary

This is impact analysis built for AI coding assistants. It exposes tools that answer "what breaks if I change this?" by tracking dependencies across functions, files, and even repositories. The core impact() call shows you every caller, cross-project references, affected test files, and blast radius before you rename or refactor anything. It also surfaces API dependencies between backend routes and frontend calls, runs code health audits with complexity scoring, and includes AST-based taint analysis that tracks untrusted data flows from request inputs to SQL queries or eval() calls. Setup runs one command that indexes your codebase, configures your MCP client, and writes a CLAUDE.md with usage examples. Works entirely locally with zero external dependencies.

CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →

Flyto2 Indexer

Code intelligence MCP server for AI coding agents. Know what breaks before you change it.

CI PyPI License Python 3.11+

Open-source code intelligence MCP server for AI coding agents, refactors, pull-request review, and release gates.
Impact analysis, cross-project references, dependency graphs, taint checks, documentation scoring, and code health in one local tool.

flyto2.com · Docs · Blog · PyPI · YouTube


Flyto2 Indexer is built for teams that let AI agents touch real code. It gives Codex, Claude Code, Cursor, Windsurf, and other MCP clients a local map of your repository before they rename symbols, edit shared APIs, delete files, or ship a pull request. Grep finds text; Flyto2 Indexer answers the question that matters: what depends on the thing you are changing?

Use it for AI code review, monorepo impact analysis, cross-repo dependency tracking, safe refactors, security taint scanning, release-readiness checks, documentation audits, and GitHub/GitLab merge gates. If you are looking for a local MCP server for AI-assisted development, this is the guardrail layer: it lets the agent search, inspect impact, and verify the work before it says done.

Good fit if you searched for:

  • code intelligence MCP server
  • AI coding agent impact analysis
  • monorepo dependency graph for safe refactors
  • GitHub or GitLab merge gate for AI-generated code

Try it in 60 seconds

pip install flyto-indexer
flyto-index setup .
flyto-index verify . --strict

That builds the local index, writes agent instructions, configures MCP for supported clients, and runs the same closed-loop gate Flyto2 uses before shipping AI-assisted code.

Without Flyto2 Indexer

You:    "Rename validateOrder to validate_order"

AI:     *renames the function*
        *greps for "validateOrder"*
        *finds 3 matches in the same project*
        *misses 4 callers in the frontend repo*
        *misses the API endpoint that routes to it*
        *pushes broken code*

With Flyto2 Indexer

You:    "Rename validateOrder to validate_order"

AI:     → impact(target="validateOrder", change_type="rename")

        ⚠️ 7 call sites across 3 projects:
          backend/checkout.py:42     — calls validateOrder()
          backend/api/orders.py:18   — imports validateOrder
          frontend/Cart.vue:55       — calls via useCheckout()
          frontend/QuickBuy.vue:23   — calls via useCheckout()
          mobile/OrderScreen.tsx:67  — API call to /api/validate
          tests/test_orders.py:12    — unit test
          tests/test_api.py:88       — integration test
          Risk: HIGH — 3 projects affected
          Test file: tests/test_orders.py
          Cross-project: 2 other repos affected

        *renames all 7 call sites, updates tests, pushes clean code*

That's the difference. grep finds text. This finds dependencies.

Flyto2 Indexer — impact analysis before renaming

Install

pip install flyto-indexer
flyto-index setup .

That's it. One command does everything:

  1. Scans your project and builds the code index
  2. Writes CLAUDE.md with tool usage instructions
  3. Configures Claude Code MCP settings (~/.claude/settings.json)

Restart Claude Code and start using it. Works with any MCP client — Claude Code, Cursor, Windsurf, etc.

API / MCP Tools

Flyto2 Indexer exposes the tools AI agents need before they make a risky edit:

ToolWhat it protects
searchFinds symbols and concepts across a project without guessing filenames.
impactShows references, blast radius, cross-project usage, and related tests.
structureMaps APIs, packages, dependencies, conventions, and type contracts.
auditScores security, complexity, dead code, coverage, and git hotspots.
scan_documentationChecks README quality, module docs, config docs, and contribution files.
verifyRuns the local closed-loop gate before an agent finishes or a PR merges.

Usage

Use flyto-index verify as the default gate before an AI agent finishes a code change. It runs the local indexer, validates graph integrity, checks context and impact loops, verifies CI/package/MCP runtime/working-tree closure, and runs the built-in weak scanners without Semgrep, Checkov, or network access.

flyto-index scan . --full
flyto-index verify . --strict
flyto-index verify-workspace /Users/chester/flytohub --project flyto-code --project flyto-engine --project flyto-indexer
flyto-index verify . --save-baseline .flyto-baselines/flyto-indexer.json --json
flyto-index verify . --baseline .flyto-baselines/flyto-indexer.json --regression-only
flyto-index verify-workspace . --changed-only --base origin/main
flyto-index verify . --report verify.sarif --report-format sarif
flyto-index verify-baseline compare . --baseline .flyto-baselines/flyto-indexer.json
flyto-index flyto2-product-gate /Users/chester/flytohub --health-report config/flyto2/health-baseline-2026-06-21.json
flyto-index flyto2-memory-bootstrap /Users/chester/flytohub --apply
flyto-index impact MySharedSymbol --path .
flyto-index context --path . --query "auth routes query keys"
flyto-index secrets . --json
flyto-index taint . --json --max-results 100

For CI, use verify --strict to fail on incomplete graph closure, unresolved impact references, high-risk secret findings, high-risk taint flows, missing agent instructions, incomplete CI gates, generated/high-risk changed files, runtime dependency drift, package manifest drift, suspicious baselines, or MCP tool/runtime drift. Use --baseline with --regression-only when a project has known warnings but new AI-generated regressions must still be blocked.

Use flyto2-product-gate for the Flyto2 workspace release gate. It validates the five product lines, repo classification, project memory, and health targets before a release can be considered production-ready. Use flyto2-memory-bootstrap to create missing project-memory, workflow, and handoff files from the same manifest without overwriting existing files.

Contributing

Pull requests are welcome for scanners, MCP tools, docs, CI gates, and language support. Run the local checks before opening a PR:

Testing

python -m pytest
python -m ruff check src tests
flyto-index verify . --strict

Security issues should be reported to security@flyto2.com. General developer questions can go to dev@flyto2.com or GitHub Discussions.

Project-specific verify budgets live in .flyto-rules.yaml under verify:. This stays stdlib-only; the verifier reads a small no-dependency subset:

verify:
  allow_warn: [docs_coverage]
  warn_as_fail: [agent_hygiene, generated_index_ignore, mcp_registry]
  min_docs_score: 60
Manual setup (other MCP clients)

If your MCP client doesn't use ~/.claude/settings.json, add this to your MCP config:

{
  "mcpServers": {
    "flyto-indexer": {
      "command": "python3",
      "args": ["-m", "flyto_indexer.mcp_server"]
    }
  }
}

Then scan and set up CLAUDE.md separately:

flyto-index scan .
flyto-index setup-claude .
Run from source
git clone https://github.com/flytohub/flyto-indexer.git
cd flyto-indexer && pip install -e .
flyto-index setup .
Uninstall
flyto-index setup . --remove
pip uninstall flyto-indexer

What It Does

Impact Analysis — the core feature

Every tool an AI already has (grep, file read, glob) finds text. None of them answer "what depends on this?"

One call gives you everything — references, blast radius, cross-project impact, and test files:

→ impact(target="useAuth")

  References: 12 across 4 projects
    flyto-cloud:  LoginPage.vue, RegisterPage.vue, AuthGuard.ts, api.ts
    flyto-pro:    vscode_agent/tools.py, middleware/auth.py
    flyto-vscode: ChatHandler.ts, AuthProvider.ts
    flyto-core:   modules/auth/login.py
  Risk: HIGH — shared across 4 projects
  Cross-project: 3 other repos affected
  Test file: tests/test_auth.py

Works with uncommitted changes too:

→ impact(mode="unstaged")

  3 symbols affected by your changes:
    validate_order  — 5 callers, test: tests/test_orders.py
    OrderSchema     — used in 2 API endpoints
    format_receipt  — no callers (safe)

Cross-Language API Tracking

Python backend endpoints automatically linked to TypeScript/Vue frontend callers:

→ structure(focus="apis")

  POST /api/checkout
    Defined in: backend/routes/order.py (create_order)
    Called by:   frontend/Cart.vue, frontend/api/orders.ts
    Call count: 4

Detects FastAPI, Flask, Starlette decorators + fetch(), axios, $http calls.

Code Health & Security

One call audits everything — auto-expands weak dimensions with detailed findings:

→ audit()

  Health: 74/100 (C)

  ⚠️ Security (60/100) — auto-expanded:
    2 critical: hardcoded API keys in config.py, settings.py
    1 high: SQL string concatenation in query.py

  ⚠️ Complexity (65/100) — auto-expanded:
    process_data() — 87 lines, depth=6 → extract sub-functions

  ✓ Dead code (90/100) — passing
  ✓ Documentation (85/100) — passing

  Git hotspots: order.py (42 commits, complexity=8.5)

  Refactoring suggestions:
    [high]   process_data() → extract sub-functions
    [medium] dead_fn() — unreferenced, 45 lines → safe to remove

Taint Analysis — track data flow, not just patterns

AST-based engine that tracks how untrusted data flows from sources to dangerous sinks. Unlike regex pattern matching, it follows variables through assignments, f-strings, and function calls — with sanitizer awareness to eliminate false positives.

→ audit(focus="security")

  Taint flows detected:
    [high] src/api/users.py:42
      SQL injection: request.args.get('id') → cursor.execute(query)
      Flow: request.args.get('id') → user_id → query (f-string) → cursor.execute()
      Fix: Use parameterized query: cursor.execute(sql, params)

    [critical] src/api/admin.py:18
      RCE: request.form.get('code') → eval(code)
      Fix: Never eval() user-controlled strings
  • Python: Full AST analysis — tracks taint through assignments, f-strings, concat, for loops
  • Cross-function: Detects when tainted data is passed as an argument to a function with a dangerous sink
  • JS/TS/Go: Regex-based fallback for common taint patterns
  • Sanitizer-aware: int(), html.escape(), shlex.quote(), parameterized queries all break the taint chain
  • Project DSL: Declare custom sources / sinks / sanitizers in .flyto-rules.yaml under taint: (merged on top of built-in defaults; taint_rules.yaml is also still honored for backward compat)
# .flyto-rules.yaml
taint:
  sources:
    - pattern: "ctx.payload"
      language: python
      taint_type: user_input
  sinks:
    - pattern: "dangerousEval("
      vuln_type: rce
      severity: critical
      recommendation: "Use sandbox runner"
  sanitizers:
    - pattern: "safe_html("
      cleanses: ["xss"]
flyto-index add-taint-source . --pattern "ctx.payload" --taint-type user_input
flyto-index add-taint-sink   . --pattern "dangerousEval(" --vuln-type rce --severity critical
flyto-index list-taint-rules .

Project Rules — AI learns from your corrections

.flyto-rules.yaml — structured, versionable project conventions that audit enforces automatically.

# .flyto-rules.yaml
architecture:
  - rule: "i18n files must be in flyto-i18n/"
    glob_deny: ["flyto-cloud/**/*.locale.json"]

style:
  - rule: "Frontend does no data processing"
    grep_deny: [{ pattern: '\breduce\s*\(', glob: "*.vue" }]

conventions:
  - rule: "Commit messages in English"

When you correct the AI ("don't put i18n files there"), it auto-writes a verifiable rule — so the mistake never happens again, for any AI, any tool:

User corrects AI → add_rule() writes .flyto-rules.yaml → audit checks compliance
  • glob_deny — files in wrong locations
  • grep_deny — forbidden code patterns in specific file types
  • conventions — text-only guidance (no automated check)
  • Rules accumulate over time — no upfront config needed

Architecture Layers — declare who may import whom

Declarative layer membership + import constraints. The indexer walks the import graph (Python / TS / JS / Vue / Go) and flags every edge that crosses a forbidden boundary. No plugin, no runtime — just .flyto-rules.yaml and audit.

layers:
  - name: ui
    paths: ["src/pages/**", "src/components/**"]
    can_import: [lib, hooks, types]
    reason: "UI is the top layer"

  - name: lib
    paths: ["src/lib/**"]
    cannot_import: [ui]
    reason: "lib must be UI-agnostic"

  - name: db
    paths: ["src/db/**"]
    can_import: [types]

cross_imports_deny:
  - from: "src/features/a/**"
    to:   "src/features/b/**"
    reason: "features must not cross-import — use shared/"
flyto-index layers .                      # human-readable report
flyto-index layers . --json --fail-on-violation   # CI gate (exits non-zero)
flyto-index add-layer --name ui --paths "src/ui/**" --cannot-import db
  • can_import — whitelist (only these layers + self allowed)
  • cannot_import — blacklist (overrides the whitelist)
  • Path aliases from tsconfig.json paths and Go module paths from go.mod are resolved automatically
  • audit picks up layer violations with no extra flag

Task Analysis — plan before you code

Scores risk across 6 dimensions and generates an execution plan:

→ task(action="plan", description="Rename validateOrder to validate_order", intent="refactor")

  Dimensions:
    blast_radius:      HIGH (8.0)  — 7 callers across 3 projects
    breaking_risk:     HIGH (7.0)  — public API, used by external consumers
    test_risk:         MEDIUM (5.0) — 2/7 callers have test coverage
    cross_coupling:    HIGH (8.0)  — referenced in 3 projects
    complexity:        LOW (2.0)   — straightforward rename
    rollback_difficulty: MEDIUM (5.0) — multi-project change

  Execution Plan:
    1. scope_callers       → find_references("validateOrder")
    2. verify_test_coverage → find_test_file("checkout.py")
    3. check_cross_project → cross_project_impact("validateOrder")
    4. ⛔ gate_before_plan → task_gate_check(phase="plan")
    5. preview_changes     → edit_impact_preview("validateOrder", "rename")
    6. ⛔ gate_before_apply → task_gate_check(phase="apply")

Each step has pre-filled arguments — AI follows the data structure, not prompts. Server-side enforcement blocks skipping gates.

Tools

5 smart tools. Each one auto-enriches results with related data — no need to pick between dozens of granular tools.

ToolWhat it answersAuto-enrichment
search"Find code by name or description"Merges BM25 + semantic search, attaches callers and file context
impact"What breaks if I change this?"References + blast radius + cross-project + test files in one call
audit"How healthy is this project?"Health score (0-100), auto-expands weak dimensions, taint analysis, rules compliance
task"Plan, gate-check, or validate changes"Risk scoring, execution plans, linter + tests
structure"Show me the project layout"Projects, APIs, dependencies, type contracts
What each tool replaces

search replaces: search_code, semantic_search, fulltext_search, get_file_info, get_file_symbols, get_symbol_content, get_file_context

impact replaces: find_references, impact_analysis, batch_impact_analysis, edit_impact_preview, cross_project_impact, impact_from_diff

audit replaces: code_health_score, security_scan, taint_analysis, rules_check, find_dead_code, find_complex_functions, find_duplicates, suggest_refactoring, find_stale_files, find_todos, coverage_gaps

task replaces: analyze_task, task_gate_check, validate_changes

structure replaces: list_projects, list_apis, list_categories, dependency_graph, check_api_contracts, contract_drift, extract_type_schema

All legacy tools remain available in dispatch for backward compatibility and execution plan steps.

Languages

LanguageParserExtracts
PythonASTFunctions, classes, methods, decorators, API routes
TypeScript/JSCustomFunctions, classes, interfaces, types, API calls
VueSFCComponents, composables, emits, props
GoCustomFunctions, structs, methods, interfaces, embeddings, type aliases, const/var, impl tracking
RustCustomFunctions, structs, impl blocks, traits
JavaCustomClasses, methods, interfaces, annotations

How It Works

flyto-index scan .
  1. Parse — AST (Python) or regex (others) extracts every function, class, and import
  2. Graph — Builds dependency graph + reverse index (caller → callee)
  3. Serve — MCP server answers queries from the graph in memory
  4. Incremental — Re-scans only changed files, incrementally patches reverse_index and BM25 (10-50x faster than full rebuild)
  5. LSP — Optional type-aware references via pyright/tsserver/gopls/rust-analyzer (zero deps, graceful fallback)
.flyto-index/
├── index.json       # Symbols + dependency graph + reverse index
├── content.jsonl    # Source code (lazy-loaded)
├── bm25.json        # BM25 keyword search index
├── semantic.json    # TF-IDF + learned ConceptGraph (v2.2+)
└── manifest.json    # Change tracking

CI: Block Risky Changes

# Fail the PR if changes affect too many call sites
- run: pip install flyto-indexer
- run: flyto-index verify . --full-scan --strict
- run: flyto-index check . --threshold medium --base main

CLI

flyto-index setup .                       # One command: scan + CLAUDE.md + MCP config
flyto-index scan .                        # Index (or re-index)
flyto-index impact useAuth --path .       # Impact analysis
flyto-index check . --threshold medium    # CI gate
flyto-index demo .                        # 30-second demo
flyto-index install-hook .                # Auto-reindex on commit
flyto-index setup . --remove              # Uninstall

Privacy

100% local. No code is sent anywhere. Delete .flyto-index/ to clean up completely.

Limitations

  • Static analysis only — dynamic imports and metaprogramming not tracked
  • No type inference — complex TypeScript generics simplified
  • Cross-project tracking requires all projects indexed together

License

Apache License 2.0. See NOTICE for attribution.

Featured
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
Categories
Search & Web Crawling
Registryactive
Packageflyto-indexer
TransportSTDIO
UpdatedMay 6, 2026
View on GitHub

Related Search & Web Crawling MCP Servers

View all →
Google Search

com.mcparmory/google-search

Scrape Google search results with SERP data, ads, and knowledge panels
25
Brave Search

io.github.pipeworx-io/brave-search

Brave Search MCP — independent web index (no Google/Bing dependency)
Serper Search and Scrape

marcopesani/mcp-server-serper

Serper MCP Server supporting search and webpage scraping
154
Brave Search Mcp Server

brave/brave-search-mcp-server

Brave Search MCP Server: web results, images, videos, rich results, AI summaries, and more.
1.2k
Google Search Console

com.mcparmory/google-search-console

Query search analytics, manage sitemaps, and inspect site URLs and status
25
Google Search Console

acamolese/google-search-console-mcp

Google Search Console MCP server: SEO audits, performance queries, URL inspection, indexing checks.
3