Gulf Shield Technologies · Canopy

Code intelligence
that runs on your machine.

A local-first MCP server that gives Claude Code, Cursor, Zed, and Continue structural understanding of your codebase. 21+ tools across 50+ languages and file formats, no cloud dependency.

MCP server  ·  21+ tools  ·  50+ languages  ·  Local code analysis

bash
$ canopy index . --with-search
canopy: indexing /home/you/repos/example (incremental)
canopy: AST index done — 847 files indexed, 12 skipped, 0 errors (1284 ms)
canopy: search index done — 847 files, 18923 chunks (3470 ms)

$ canopy health
canopy health for /home/you/repos/example
  critical: 0  errors: 0  warnings: 3  info: 0

  WARNING (3 findings):
    [circular_deps] (1 finding):
      - cycle detected: core → auth → core  src/core/mod.rs:1
    [dead_exports] (2 findings):
      - export 'computeTotal' is never imported  packages/ui/index.ts:42

  status: FAIL

Real output, not a mockup — matches what the binary prints.

21+
MCP tools
50+
Languages & formats
100%
Local AST analysis
~50%
Smaller agent context

What Canopy does

AI coding agents are powerful but stateless about your codebase. Canopy is the context layer that fixes that — without sending your code anywhere.

Understands your codebase.

Real AST analysis across 50+ languages and file formats — TypeScript, Python, Rust, Go, Java, Swift, C++, Ruby, GDScript, and more. Live dependency graph. Symbol resolution that follows re-exports, imports, and platform-specific branches. Not regex — structural.

MCP-native, 21+ tools.

Speaks the Model Context Protocol natively. Drops into Claude Code, Cursor, Zed, Continue, or any MCP-compatible client. Search, dependency graphs, ownership maps, health checks, workflow composites — composable.

Local-first by design.

Real AST parsing happens on-device, every tier. Solo and Pro keep indexes on your machine. Team defaults to caching CI indexes in your own bucket — R2, S3, GCS, MinIO, anywhere S3-compatible; GST-managed cache is opt-in for teams that prefer not to provision storage themselves. Air-Gapped compiles every cloud path out entirely: zero outbound calls, license embedded at build time, CI cache against your internal storage.

Workflow composites.

canopy_prepare before edits gives agents structural context up front. canopy_validate after re-indexes and runs health checks. Two calls bookend an edit so agents stay grounded in real code.

Half the context. All the answers.

Measured across five real OSS codebases in five languages — ardupilot (C++), curl (C), kotlinx.coroutines (Kotlin), dotnet-aspnetcore-samples (C#), laravel (PHP). Seventy-five retrieval-comprehension questions. Day-1 install, no prompt engineering, no API keys.

Mode
Context chars
vs Shell
Shell-only (Read / Grep / Glob / Bash)
124,468
baseline
Canopy default (unprompted, day-1)
63,687
−49%
Canopy biased ("prefer Canopy" system prompt)
81,259
−35%
Canopy levered (Canopy only, no shell)
113,938
−8.5%

Every mode beats the no-tool baseline. The day-1 unprompted default is the number a new user actually gets — no prompt engineering, agent picks Canopy on its own.

~50%
Smaller context budget, day-1 unprompted
75 / 75
Correctness held — no quality regression
5
Real OSS codebases across 5 languages
$0
API keys, usage credits, prompt engineering

What does “100% correctness” actually mean?

Each of the 75 questions is scored 0–3 by an independent grader. The benchmark tests engineering judgment, not file lookup — can the agent reason about what it's seeing, not just find it. Here's one of the questions from the ArduPilot run.

Question (ArduPilot · Q1 · bug verdict)

“ArduPilot's canopy_health_check output reports 6,631 broken_imports. Are these genuine broken imports requiring fixes, or false positives from indexer/file-resolution heuristic limitations? Justify your verdict with at least one concrete example showing why a specific finding is or isn't a real bug.”

Answer that scored 3/3 (Canopy levered, v1.21.9)
PASS

“The 6,631 broken_imports are false positives from the indexer's import-resolution heuristic. The smoking gun: libraries/AP_Baro/AP_Baro_BMP280.cpp:1 reports ‘Unresolved import AP_Baro_BMP280.h’ — yet canopy_search_symbols confirms that header exists in the same directory. ArduPilot uses WAF-managed include paths; Canopy's resolver doesn't replicate WAF's search logic.”

“Even non-code findings are flagged — AGENTS.md reports an unresolved import of CODE_OF_CONDUCT.md, which is a Markdown link, not a compilable import. Verdict: do NOT treat as bugs.

Verbatim from the v1.21.9 transcript, trimmed for length.

Answer that scores 0/3
FAIL

“The health check identifies 6,631 broken imports across the codebase. These appear to be genuine issues that should be addressed. I recommend reviewing each file and fixing the missing imports.”

Surface-level reading. Treats indexer noise as real bugs. Would have an engineer chasing 6,000+ phantom issues. This is what default tools without structural context tend to produce.

Grading rubric (0–3)
  • 3 — Verdict: false positives + identifies markdown link references (e.g. AGENTS.md → CODE_OF_CONDUCT.md) + explains the indexer's extension / non-source resolution gap
  • 2 — Correct verdict + concrete example, but vague on mechanism
  • 1 — “Mostly false positives” without explanation
  • 0 — Says findings are genuine bugs, or no useful answer

Per-repo variance: curl ~40%, ardupilot ~45%, laravel ~55%. Full questions, transcripts, and per-question grading available in the methodology. See the full benchmark methodology →

Real AST parsing across 50+ languages & formats

TypeScript JavaScript Python Java C# C++ Go Rust Kotlin Swift PHP Ruby + 40 more

How it works

Install the binary, index a repo, point your MCP client at the local server. Three commands, two minutes.

Step 1

Install

$ curl -fsSL canopy.gulfshieldtech.com/install | sh

Single binary. No runtime, no daemon, no admin install.

Step 2

Index

$ canopy index . --with-search

Real AST parse + dependency graph + full-text index. Incremental on every subsequent run.

Step 3

Wire it up

$ claude mcp add canopy -- canopy mcp

One-line MCP registration. Cursor, Zed, Continue, and any MCP client work the same way.

Built for

Solo developers

You use Claude Code or Cursor daily. You want your agent to know what `getUserById` actually does, not guess. Canopy gives it the structural map. $19/mo, one machine.

Indie teams (2–20 devs)

Shared codebase, shared agent context. CI runners pull cached indexes from your own bucket by default (R2 / S3 / GCS / MinIO); GST-managed cache available if you’d rather skip the bucket setup. $39/seat, 3-seat minimum.

Defense-adjacent + regulated

Your code can’t legitimately leave your network. Canopy Air-Gapped compiles every cloud path out — heartbeat, GST cache, all gone — and caches CI indexes against your internal storage (MinIO, GovCloud S3, Ceph). Built for the work that doesn’t fit in someone else’s cloud.

Pricing

Flat per-developer pricing. No usage credits. No telemetry you didn't ask for.

Community
Free

1 repo · 3 core tools · full language coverage · runs entirely on your machine

Solo
$19/mo

1 machine · all 21+ MCP tools · dependency graph + dashboard · workflow composites

Pro
$39/mo

Up to 3 machines · multi-repo + cross-repo search · CI mode · SCIP ingestion · priority support

Team
$39/seat

3-seat min · CI cache to your bucket (R2 / S3 / GCS / MinIO) · admin portal · shared configs · seat reassignment

Air-Gapped
$499+/user/yr

Heartbeat compiled out · annual binary reissue · invoice billing · 3-seat min

See full pricing & feature matrix →

Founding Member Program

For the first cohort of customers.

A small founding-member cohort ahead of public launch. Locked-in pricing for the duration of continuous subscription, direct line to the team, and a 30-day refund window from the first launch-day charge.

Read the Founding Member terms →

Take a closer look

The full Canopy site has docs, the trial flow, the customer portal, and detailed tier comparisons.