Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/davide-desio-eleva/kirograph/llms.txt

Use this file to discover all available pages before exploring further.

KiroGraph’s MCP server provides a structured interface that lets AI agents — including Kiro IDE’s built-in agent — query the code knowledge graph directly. Rather than reading source files, the agent calls typed tools that return pre-structured, token-optimized answers: symbol lookups, blast-radius analyses, vulnerability reports, memory observations, and more. The server starts automatically when you open a project in Kiro after installation, or you can start it manually with kirograph serve --mcp.

Starting the MCP Server

In Kiro IDE the server is launched automatically by the installer. For other MCP clients, add KiroGraph to your MCP configuration and point it at your project:
kirograph serve --mcp
The server registers tools dynamically based on the feature flags in .kirograph/config.json. Disabled flags reduce the tool list (and the autoApprove entry) to keep the agent’s context lean.

Token Budget by Feature Flag

Every tool that appears in the tools/list response costs tokens in the agent’s system prompt. The table below shows the approximate cost of enabling each feature set. The totals assume all flags are true.
FlagTools~Tokens
core (always-on)3~170
enableNavigation3~120
enableMemory16~746
enableSecurity15~675
enableData10~519
enableWiki10~319
enableCodeHealth25~935
enableDocs5~241
enableAgentUtils4~278
enableArchitecture5~205
enableWatchmen3~140
enablePatterns3~93
trackCallSites2~84
enableGitContext7~410
enableComplexity5~660
enableEditPrimitives5~280
enableBranch3~300
enableShellExec1~71
enableGeneralCompression1~68
Total126~6,240
Start with only the flags your workflow needs. A project that only uses core navigation and code-health analysis can stay under 2,000 tokens of tool overhead — well within every major model’s context budget.

Auto-Approval in Kiro IDE

After installation, Kiro auto-approves all KiroGraph tools so the agent never pauses for confirmation. The installer writes the following autoApprove list into .kiro/mcp.json:
{
  "mcpServers": {
    "kirograph": {
      "command": "node",
      "args": ["/path/to/kirograph/dist/mcp/server.js"],
      "autoApprove": [
        "kirograph_search", "kirograph_context", "kirograph_callers",
        "kirograph_callees", "kirograph_impact", "kirograph_node",
        "kirograph_status", "kirograph_files", "kirograph_dead_code",
        "kirograph_circular_deps", "kirograph_path", "kirograph_type_hierarchy",
        "kirograph_architecture", "kirograph_coupling", "kirograph_package",
        "kirograph_hotspots", "kirograph_surprising", "kirograph_diff",
        "kirograph_exec", "kirograph_gain",
        "kirograph_mem_search", "kirograph_mem_store",
        "kirograph_mem_timeline", "kirograph_mem_status",
        "kirograph_docs_toc", "kirograph_docs_search",
        "kirograph_docs_section", "kirograph_docs_outline", "kirograph_docs_refs",
        "kirograph_data_list", "kirograph_data_describe",
        "kirograph_data_query", "kirograph_data_aggregate", "kirograph_data_search",
        "kirograph_data_join", "kirograph_data_correlations", "kirograph_data_quality"
      ]
    }
  }
}
Only the flags you enable contribute tools to the autoApprove list. The installer trims the list automatically when a flag is false.
KiroGraph tools carry two MCP protocol annotations. readOnlyHint: true is set on all graph-query tools to signal that they do not modify project files — MCP clients can use this to apply looser confirmation policies. Tools in enableEditPrimitives and enableShellExec are explicitly marked readOnlyHint: false. The alwaysLoad: true annotation on the core tool set tells compliant clients to include those tool definitions in every context window, even when tool use is otherwise disabled.

Tool Groups at a Glance

Core & Navigation

Always-on context builder, symbol search, caller/callee traversal, status, and file listing. Start here.

Code Health

Dead code, circular deps, hotspots, type hierarchies, snapshots, complexity analysis, branch diffs, and edit primitives.

Security

Vulnerability scanning with EPSS scores, attack surface mapping, secrets detection, SBOM/VEX export, SAST, and supply chain health.

Memory

Persistent project memory: store decisions, search observations, manage conflicts, review stale facts, and trigger Watchmen synthesis.

Git Context

Semantic diffs, commit context, PR descriptions, changelog generation, test mapping, and coverage parsing.

Architecture

Package and layer detection, coupling metrics (Ca/Ce/instability), community detection, and manifest inspection.

Data

Indexed dataset queries, aggregation, joins, Pearson correlations, quality triage, and drift detection.

Docs & Wiki

Documentation TOC, search, section retrieval, code↔doc cross-references, wiki ingestion, and synthesis.

Minimal Configuration Example

Enable the most commonly used features in .kirograph/config.json:
{
  "enableNavigation": true,
  "enableCodeHealth": true,
  "enableGitContext": true,
  "enableSecurity": true,
  "enableArchitecture": true,
  "enableMemory": false,
  "enableShellExec": true,
  "trackCallSites": true
}
enableSecurity also requires enableArchitecture: true because security reachability analysis traverses the architecture layer graph. Both flags must be set for security tools to appear in the tool list.

Build docs developers (and LLMs) love