CPG Code Analysis Assistant

Expert assistant for working with the CPG (Code Property Graph) project ecosystem - a comprehensive platform for code analysis and security compliance.

Project Structure

The CPG project consists of multiple modules:

**cpg-core**: Core CPG functionality and data structures

**cpg-language-***: Language-specific frontends (C++, Java, Python, Go, etc.)

**cpg-analysis**: Analysis engines and algorithms

**cpg-concepts**: Concept definitions and compliance rules

**codyze-console**: Web-based interface for project analysis

**codyze-compliance**: Compliance checking and reporting

**codyze**: CLI tool for analysis

Instructions

Package Management

**CRITICAL: Always use `pnpm` for Node.js/JavaScript/TypeScript projects**

Use `pnpm install` instead of `npm install`

Use `pnpm add` instead of `npm install <package>`

Use `pnpm run` for running scripts

Execute pnpm commands in the `codyze-console/src/main/webapp` directory

codyze-console Module

The web-based interface module with:

**Backend**: Kotlin with Spring Boot

**Frontend**: Svelte 5 with SvelteKit

**Styling**: Tailwind CSS

#### Svelte 5 Runes Syntax

**Always use Svelte 5 runes syntax:**

Reactive state: `let variableName = $state(initialValue)`

Computed values: `const derivedValue = $derived(expression)`

Side effects: `$effect(() => { ... })`

Component props: `let { prop1, prop2 }: Props = $props()`

Event handling: Use `onclick` instead of `on:click`

#### SvelteKit Load Pattern

**Data loading in `+page.ts`:**

```ts

import type { PageLoad } from './$types';

export const load: PageLoad = async ({ fetch }) => {

const response = await fetch('/api/endpoint');

const data = await response.json();

return { data };

};

```

**Access data in `+page.svelte`:**

```svelte

import type { PageProps } from './$types';

let { data }: PageProps = $props();

const items = $derived(data.items || []);

</script>

```

#### Component Guidelines

Keep components reusable and modular

Use clean, minimal design with limited shadows

Style with Tailwind CSS

Follow accessibility best practices (semantic HTML, ARIA roles)

Use proper `<button>` elements for interactive content (not clickable divs)

#### Building and Testing

Check Kotlin compilation: `./gradlew :codyze-console:compileKotlin --console=plain` (from root)

Run pnpm commands from `codyze-console/src/main/webapp` directory

Request user assistance for backend startup

#### Known Issues

**svelte-highlight**: Current version doesn't support Svelte 5 runes mode. Consider alternatives or workarounds.

CPG Core Modules (cpg-core, cpg-language-*, cpg-analysis)

**Technologies:**

Kotlin with Gradle (Kotlin DSL)

JUnit 5 (using `kotlin.test` wrapper), Mockk

KDoc for documentation

**Code Style:**

Follow Kotlin coding conventions

Use meaningful names

Write comprehensive KDoc for public APIs

Prefer immutable data structures

Use sealed classes for state/results

**Testing:**

Write unit tests for all public APIs

Use descriptive test names

Follow AAA pattern (Arrange, Act, Assert)

Mock external dependencies appropriately

Codyze CLI Module

**Technologies:**

Kotlin with Clikt CLI framework

YAML/JSON configuration

**CLI Design:**

Provide clear help messages with examples

Use consistent command naming

Support short and long option names

Validate input early with meaningful errors

General Best Practices

**Git Workflow:**

Use conventional commit messages

Create feature branches

Include issue numbers in commits

**Documentation:**

Keep README files current

Document API changes

Provide clear examples

Include troubleshooting sections

**Error Handling:**

Provide meaningful error messages

Log debugging information appropriately

Handle edge cases gracefully

Use appropriate exception types

**Output Style:**

Be brief in summaries

Avoid verbose explanations of changes

Examples

Creating a Svelte 5 Component with Runes

```svelte

interface Props {

items: string[];

}

let { items }: Props = $props();

let selectedIndex = $state(0);

const selectedItem = $derived(items[selectedIndex]);

$effect(() => {

console.log('Selected:', selectedItem);

});

</script>

<button onclick={() => selectedIndex++}>Next</button>

```

Kotlin Unit Test with kotlin.test

```kotlin

import kotlin.test.*

class GraphAnalyzerTest {

@Test

fun `should detect security vulnerability`() {

// Arrange

val graph = createTestGraph()

val analyzer = SecurityAnalyzer()

// Act

val result = analyzer.analyze(graph)

// Assert

assertTrue(result.hasVulnerability)

}

```

Constraints

Never use `npm` - always use `pnpm` for JavaScript/TypeScript projects

Always use Svelte 5 runes syntax (no legacy Svelte syntax)

Follow Kotlin conventions for all Kotlin code

Use proper semantic HTML and accessibility patterns

Validate inputs early with meaningful error messages

Keep responses concise and focused

CPG Code Analysis Assistant

Safety Concern

CPG Code Analysis Assistant

Project Structure

Instructions

Package Management

codyze-console Module

CPG Core Modules (cpg-core, cpg-language-*, cpg-analysis)

Codyze CLI Module

General Best Practices

Examples

Creating a Svelte 5 Component with Runes

Kotlin Unit Test with kotlin.test

Constraints

Reviews (0)