Code Analysis Workflows

Workflows for structural code analysis: impact reviews, security audits, vulnerability discovery, and cross-subsystem coupling analysis. Built on the CPG Engine.

How to Start

• “Review the impact of my changes” → cpg.change_impact_review

• “Audit the crypto subsystem for security issues” → cpg.subsystem_security_audit

• “Find functions similar to this vulnerability” → cpg.similar_vulnerability_finder

• “Check coupling between networking and storage” → cpg.cross_subsystem_coupling

CPG Analysis Workflows

Skill	What it does
cpg.change_impact_review	Analyze blast radius of code changes: callers, callees, affected files, risk level
cpg.subsystem_security_audit	Security audit scoped to a subsystem using CPG safety flags
cpg.similar_vulnerability_finder	Find structurally similar functions to a known vulnerability
cpg.cross_subsystem_coupling	Analyze coupling between subsystems via shared call edges

These are standalone analysis workflows — each produces structured findings in a single pass. For multi-step pipelines, see the example workflows below.

Example Workflows

The following pages show how to compose CPG tools into multi-step analysis pipelines. These are usage guides — dedicated skill suites for these workflows are planned but not yet implemented.

• Automated Review Workflow
• Backport Workflow

See Also

• CPG Engine — tool reference for all CPG query tools

• apogee-mcp — MCP tools for CPG analysis

• apogee-manifest — generates the CPG database