This reference describes the current CodeGraph agent architecture. It intentionally focuses on runtime boundaries and extension points, not on a complete class-by-class API dump. For source-level detail, follow the module map and the public reference documents linked at the end.
Current Mental Model¶
CodeGraph no longer has a single “agent pipeline” as its main architecture. The current system is a set of coordinated planes:
- Workflow agents route user intent into scenario handlers, CPG queries, domain plugins, and formatted answers.
- Protocol adapters expose the same capabilities through REST, MCP, ACP, CLI, and headless Codex/OpenCode automation.
- Digital employees add governed role ownership, task capsules, handoffs, lane evidence, and release-readiness reporting.
- Context and memory services combine project scope, OpenViking resources, session memory, task memory, story capsules, and repository sync state.
- Graph intelligence services read CPG facts through GoCPG gRPC at runtime. GoCPG is the writer for project CPG DuckDB files.
flowchart LR
UI[Frontend / Dashboard] --> API[FastAPI REST]
Codex[Codex / OpenCode] --> MCP[MCP tools]
IDE[IDE / ACP client] --> ACP[ACP JSON-RPC / WS / stdio]
CLI[CLI / headless scripts] --> Services[Application services]
API --> Services
MCP --> Services
ACP --> Services
Services --> Workflow[Workflow scenarios]
Services --> Employees[Digital employees]
Services --> Context[Context and memory]
Services --> CPG[CPGQueryService]
Employees --> Tasks[TaskCapsuleService]
Employees --> Temporal[Temporal coordination]
CPG --> GoCPG[GoCPG gRPC]
GoCPG --> DuckDB[(Project CPG DuckDB)]
Context --> OpenViking[OpenViking]
Tasks --> AppDB[(Application DB)]
Temporal --> AppDB
Module Map¶
| Path | Responsibility | Notes |
|---|---|---|
src/workflow/ |
LangGraph-style orchestration, scenario routing, handlers, formatters, composition. | New scenario handlers should use BaseHandler from src/workflow/scenarios/_base/handler.py where practical. |
src/agents/ |
Core analysis helpers and compatibility facades such as analyzer, retriever, generator, interpreter, enrichment, reranking, and reasoning support. | These are helper components, not the whole agent architecture. |
src/digital_employees/ |
Role-governed employee actions, handoffs, capability control, adaptive memory, QA/AppSec/docs/UX/support/product operations. | Task capsules remain the authoritative task state. |
digital_employees/ |
Persona identities, role relationships, and runbooks. | Persona files are governance inputs; runtime proof comes from task events and evidence. |
src/context/ |
Project memory, task capsules, story capsules, OpenViking bridge, source freshness, session governance. | Keep bootstrap, task, project, session, repo-sync, and graph-evidence layers distinct. |
src/mcp/ |
MCP server and tool adapters for automation. | MCP tools should call shared services/actions, not FastAPI routers. |
src/acp/ |
Agent Client Protocol server, transports, session/thread state, approval bridge, diagnostics, hover, workflow/chat adapters. | ACP translates protocol traffic into existing services; it is not a separate business-logic stack. |
src/performance/agents/ |
Performance profiling, resource analysis, bottleneck modeling, and optimization advice helpers. | Used by diagnostic and advisory flows; keep reports as projections over measured data. |
src/architecture/agents/ |
Architecture dependency, layer validation, violation models, and reporting helpers. | Used for structural analysis and remediation advice, not as a separate workflow owner. |
src/security/security_agents.py |
Legacy security-agent facade for scanner, data-flow, vulnerability, and remediation helper classes. | Prefer shared security services and scenario handlers for new runtime behavior. |
src/api/ |
FastAPI app, routers, auth, middleware, schemas, repositories, API services. | Routers should stay thin and use request-scoped ProjectContext. |
src/services/cpg/ |
Python CPG query facade and query mixins. | Runtime reads are gRPC-first. Local DuckDB access is test/compatibility only. |
src/services/gocpg/ and gocpg/ |
GoCPG client, gRPC protocol, lifecycle and native CPG writer. | GoCPG owns project CPG DuckDB writes. |
src/orchestration/temporal/ |
Temporal clients, workers, workflow ids, schedules, handoff/task workflow coordination. | Temporal coordinates long-running work; it is not the source of business truth. |
src/domains/ |
Domain plugins and domain configuration. | Domain data belongs here, not hardcoded in workflows or routers. |
src/exports/ |
Obsidian and traceability exports for capability, PRD delivery, prompt control, and evidence surfaces. | Exports are projections, not authoritative state. |
Workflow Agents¶
Workflow execution is exposed through role-bound digital employee scenario
invocation. Runtime callers must use invoke_role_bound_scenario or the
corresponding MCP tool with explicit project, namespace, and task scope.
Current workflow code is mixed: some scenarios use the newer handler/formatter registry shape, while some legacy modules still contain composite workflow logic. When adding or materially changing scenario behavior:
- keep intent detection, CPG reads, structured data assembly, and formatting separate;
- prefer
BaseHandlerplus formatter modules for new handlers; - preserve benchmark-facing fields such as
answer,retrieved_functions,cpg_results, sources, and evidence; - use domain plugins from
src/domains/for reusable language/framework semantics; - do not bypass GoCPG/gRPC CPG reads in runtime paths.
The old core helper agents still exist, but they are now one layer inside the larger workflow and governance system:
| Helper area | Typical modules | Purpose |
|---|---|---|
| Question analysis | src/agents/core_agents/analyzer_agent.py |
Intent, query mode, keywords, domain hints. |
| Retrieval | src/agents/core_agents/retriever_agent.py, src/retrieval/* |
Semantic, structural, and hybrid context lookup. |
| Enrichment | src/agents/enrichment/* |
Tag hints, domain signals, prompt formatting, fallback enrichment. |
| Reasoning support | src/agents/reasoning_support/* |
Call-chain helpers, control-flow query support and non-SQL fallback strategy selection. |
| Interpretation and quality | src/agents/core_agents/interpreter_agent.py, src/agents/result_quality/* |
Result parsing, answer generation, confidence, reranking. |
Digital Employees¶
Digital employees are accountable role lanes, not just prompt personas. The current registry contains 13 role lanes. Together, they provide the governed SDLC contract for development work.
| Role | Accountability |
|---|---|
| Anna | PRD/task planning, orchestration, release-readiness reporting. |
| Kira | Product owner, discovery, requirements, and SDLC intake readiness. |
| Sergey | Systems analysis, industrial requirements, constraints, and requirement traceability. |
| Dmitry | Code-writing and implementation evidence. |
| Rita | Structural review. |
| Vera | AppSec review. |
| Lena | QA acceptance. |
| Boris | Documentation and memory sync. |
| Ivan | Traceability and UX/DX surfaces. |
| Oleg | Grounded code/support answers and operational notes. |
| Eva | AI FinOps, token/cost accounting, and financial-control evidence. |
| Marina | AI workforce lifecycle, capability, prompt, skill, and topology governance. |
| Gleb | DevOps/SRE runtime readiness. |
The runtime pattern is:
Anna-owned task plan
-> named employee task capsules and handoff chain
-> lane-specific action or tool
-> evidence refs, artifacts, checks, and events
-> Anna release-readiness status
Important boundaries:
TaskCapsuleServiceis the authoritative task state boundary.- Handoff lifecycle state is stored through task capsules and events, not a parallel handoff truth store.
- Codex/general AI is an operator that may invoke governed tools; it is not the accountable owner of implementation, review, QA, AppSec, docs, traceability, support, product discovery, or runtime readiness.
- A final “complete” delivery report requires explicit lane evidence or an explicit not-applicable waiver for the required lanes.
- Suggested handoffs are not executed handoffs until the offer/accept/complete lifecycle is recorded.
Key implementation areas:
| Surface | Modules |
|---|---|
| Handoff contracts and governance | src/digital_employees/governance/handoffs/* |
| Shared employee actions | src/digital_employees/actions/* |
| PRD delivery planning/execution | src/digital_employees/planning/delivery/* |
| Capability and skill control | src/digital_employees/governance/capabilities/* |
| Employee memory | src/digital_employees/memory/* |
| MCP employee tools | src/mcp/tools/digital_employee_core/*, src/mcp/tools/digital_employee_runtime/* |
| REST employee surfaces | src/api/routers/digital_employees*.py |
Protocol Surfaces¶
REST, MCP, and ACP should expose capabilities through shared service/action boundaries.
REST router / MCP tool / ACP handler
-> shared action or service
-> context, workflow, digital employee, CPG, or repository service
-> App DB, OpenViking, GoCPG, Temporal, or external runtime
Rules:
- REST routers validate HTTP shape, auth, rate limits, and project context.
- MCP tools parse tool arguments and call the same actions/services as REST.
- ACP transports and handlers adapt JSON-RPC, WebSocket, stdio, sessions, approvals, hover, diagnostics, and workflow/chat traffic into existing services.
- Frontend code should display backend-authored readiness, reviewability, approval, and chain state instead of inferring governance locally.
Project Scope and Memory¶
Runtime architecture has no global “current project”. Project scope must be explicit, route-bound, workspace-derived, session-bound, or actor-scoped for a user, digital employee, or service account.
Use ProjectContext and ctx.db_path in project-sensitive API, MCP, workflow,
automation, and multi-tenant paths. Do not trust user-provided DB paths.
Memory layers:
| Layer | Purpose |
|---|---|
bootstrap_memory |
Stable repo orientation: AGENTS.md, architecture, canonical maps. |
task_memory |
Active PRDs, implementation plans, acceptance docs, task capsules. |
project_memory |
Durable governed facts and policies. |
session_memory |
Temporary session evidence and used-context traces. |
repo_sync |
OpenViking projection of repository files and comments. |
graph_evidence |
GoCPG structural facts used as evidence, not memory storage. |
OpenViking is the primary context backend for repository resources, explicit sessions, memory resources, and native MCP resource access. Project memory and CPG are separate systems; they may be fused for agent context but neither becomes a hidden source of truth for the other.
CPG and Documentation Facts¶
GoCPG owns CPG generation and project CPG DuckDB writes. Runtime reads should go
through GoCPG gRPC via CPGQueryService.
Documentation extraction is CPG-first:
- canonical documentation facts come from
method_documentation_facts; - production consumers use
CPGQueryService.get_method_documentation_by_identity(...); - same-name methods in different files must remain distinct;
- legacy name-only comment and description APIs are compatibility/debug surfaces.
Configuration and Limits¶
Use get_unified_config() and attribute access on config objects. Do not hardcode
domains, DB paths, limits, thresholds, batch sizes, or timeouts in feature code.
Domain-specific data belongs under src/domains/{domain}/config/ or a reusable
domain plugin. Runtime routing and access decisions should use project scope,
policy, and backend-authored context.
Extending the System¶
Add or change a workflow scenario¶
- Review the module map in this reference and the relevant scenario code.
- Add or update a handler under
src/workflow/scenarios/.... - Use
BaseHandlerand a formatter when the local scenario supports that pattern. - Use
CPGQueryServiceand domain plugins instead of direct DB reads or hardcoded domain knowledge. - Add focused tests for the scenario or affected helper.
Add a protocol capability¶
- Put business logic in a service or shared action.
- Add thin REST, MCP, or ACP adapters as needed.
- Keep REST/MCP/ACP parity when the same capability is exposed on more than one surface.
- Preserve auth, project context, task evidence, rate limiting, and approval gates.
Add or change digital employee behavior¶
- Start from an Anna-owned plan/task capsule and required lane evidence.
- Keep role accountability explicit.
- Write handoff and lifecycle state through task capsules.
- Use shared employee action modules for REST/MCP/Temporal parity.
- Do not report full closure until required lane evidence exists.
Validation¶
Run validation that matches the changed surface. Do not run pytest ..
| Change area | Focused validation |
|---|---|
| Docs/catalog | python scripts/generate_development_doc_index.py --write and python scripts/check_development_doc_catalog.py --json |
| SDLC/operator contract | python scripts/check_sdlc_operator_contract.py --json |
| Task capsules | pytest tests/unit/context/test_task_capsule_service.py -v |
| Digital employee handoffs | pytest tests/unit/digital_employees/test_handoff_contracts.py tests/unit/digital_employees/test_handoff_orchestrator.py -v |
| Digital employee MCP | pytest tests/unit/mcp/test_digital_employee_tools.py -v |
| Digital employee REST | pytest tests/unit/api/test_digital_employees_router.py -v |
| Surface hardening | pytest tests/unit/security/test_surface_authz_audit.py -q plus affected API/MCP/ACP tests |
| CPG/gRPC runtime | pytest tests/unit/services/test_gocpg_grpc_transport.py -v plus affected CPG query tests |
| Workflow scenarios | Scenario-specific tests under tests/workflow/ or focused tests/unit/... targets |
| Frontend surfaces | cd frontend then focused checks such as npm run test:e2e and npm run check:i18n:ru when UI text/routes changed |