Show HN: CKB – Code intelligence for AI assistants (impact, dead code, security) (codeknowledge.dev)

2 points by SimplyLiz ↗ HN
I've been building AI-assisted coding tools for the past year and kept running into the same problem: AI assistants are blind to code structure.

When you ask "what breaks if I change this function?", the AI greps for text patterns, reads random files hoping to find context, and eventually gives up and asks you to provide more context.

CKB gives AI tools the knowledge they're missing. It indexes your codebase and exposes 80+ MCP tools for:

- Impact analysis: blast radius with risk scores before you touch anything - Dead code detection: confidence-scored candidates based on call graphs + optional telemetry - Security scanning: 26 patterns for exposed secrets (API keys, tokens, credentials) - Ownership: CODEOWNERS + git-blame fusion with time decay - Affected tests: run only what matters instead of the full suite - Multi-repo federation: query across all your repositories

Works with Claude Code, Cursor, Windsurf, VS Code, and anything that speaks MCP. Also has CLI and HTTP API for CI/CD integration.

Technical details: - Written in Go - Uses SCIP indexes for precise symbol resolution - Incremental indexing (updates in seconds) - Presets system for token optimization (load 14-81 tools based on task) - Three-tier caching with auto-invalidation

Install: `npm install -g @tastehub/ckb && ckb init`

Free for personal use and small teams. Source on GitHub.

Would love feedback, especially on the MCP tool design and what's missing for your workflows.

2 comments

[ 3.6 ms ] story [ 14.1 ms ] thread
Curious how the token optimization presets balance context window costs against the depth of call graph analysis. I've found that aggressively pruning context to save on input tokens often degrades reasoning quality pretty quickly when dealing with complex dependencies.
This is exactly what I've been screaming about, AI coding assistants are basically playing guess the impact with our production code. The fact that you're exposing actual call graphs and blast radius through MCP tools instead of making Claude hallucinate dependencies is huge from my pov. Installing this now to test with our multi-repo setup. Does the telemetry integration for dead code detection require specific instrumentation? does it hook into existing APM tools?