The pipeline
INPUT
Repository
GitLab / GitHub
→
DETERMINISTIC
Static analysis
~10 layers · every line
→
DETERMINISTIC
Clusters matrix
dependencies · critical points
→
AI
AI describes
compact & readable
→
OUTPUT
Living model
domains · abilities · files
Deterministic — facts, no hallucinations
AI — language only, never discovery
1
Connect
OAuth to GitLab or GitHub, read-only. Nothing is written back to your repository.
2
Deterministic
Extract
~10 static-analysis layers read every line, build clusters and the dependency graph, and flag critical points. Bytes and algorithms — no AI here yet.
3
AI
Describe
The clusters matrix is handed to AI purely to make it compact and readable — never to discover the truth.
4
Model
Domains, abilities, tips & tricks, files — the always-current knowledge model of your codebase.
5
Refresh
Re-analyzed periodically. The model never goes stale; it tracks your repository automatically.
The five reports
One analysis, examined five ways.
🔒
Security
Potential vulnerabilities and risky places surfaced before the client’s auditor finds them — grounded in the real code, not a checklist.
“Where are the risky auth paths in this service?”
🕸
Dependency graphs
What depends on what — the picture you normally rebuild in your head over your first month on a project, ready on day one.
“What breaks if I change the billing module?”
▦
Architecture guidelines
The real patterns the project follows, extracted from the code itself — not a two-year-old wiki page nobody trusts.
“What are the conventions this repo actually follows?”
✦
Features
The functional view of what the product actually does, mapped to the code that implements it.
“Which features touch the payments domain?”
📦
Packages
Everything the project pulls in from the outside world — versions, and where each dependency is used.
“What third-party packages handle our PII?”
What it asks of you
Almost nothing. And nothing that leaves your control.
Codiflow runs on read-only access and never touches how your team works.
🔒
Self-hosted runners — coming soon
Run the analysis inside your own infrastructure. We never need access to your repositories.
✎
No code changes
Keep your style, your class names, your structure. The framework adapts to you.
◉
Explicit opt-in
Nothing is shared across teams unless you deliberately mark a codebase shareable.
⟳
Runs automatically
Analysis re-runs on its own. No one on your team fills anything in.
FAQ
Questions, answered.
+How do I know the AI isn’t making things up about my code?
The AI never discovers anything — the facts come from deterministic static analysis (bytes and algorithms). AI only formats and describes what was already extracted, and every answer stays connected to real files you can open and check.
+What do I need to do to onboard?
Connect the repository — GitLab or GitHub. That’s the whole onboarding. The analysis runs on its own and refreshes periodically; nobody on your team fills anything in.
+Is my client’s code shared with everyone?
No. Nothing is shared by default. The marketplace only includes codebases explicitly set as shareable — you stay in full control.
+How does my team actually receive work through this?
The way you work today: create the Jira task and mark it for Codiflow. The analysis lands back in the ticket, and developers pick up the prepared task through the CLI with the context already inside.
+What if the analysis is wrong or incomplete for my project?
It re-runs periodically and improves continuously — and real edge cases are exactly what we want during early access. Tell us and we’ll dig in with you.