An AI-powered codebase profiler for threat modeling. CodeKing uses multiple specialized Claude agents to analyze Git repositories and generate comprehensive security threat modeling reports.
CodeKing automates the tedious first phase of threat modeling by:
- Cloning a Git repository to a local directory
- Running 6 specialized AI agents that analyze different aspects of the codebase:
- Overview Agent — High-level summary, tech stack, security posture
- Architecture Agent — System design, component interactions, data flows
- Abstractions Agent — Code patterns, relationships, security-relevant abstractions
- Dependency Agent — Service dependencies, external integrations
- Database Agent — Data models, storage patterns, sensitive data handling
- IAC Agent — Infrastructure as Code analysis (Terraform, Helm, Docker, etc.)
- Generating a detailed Markdown report with summaries, explanations, and Mermaid diagrams ready for threat modeling
- Python 3.13+
- uv package manager
- Node.js (for MCP memory server)
- Claude API access via
claude-agent-sdk
- Clone the repository
git clone <repo-url>
cd codeking- Install dependencies
uv sync- Configure environment variables
Create a .env file in the project root:
# Required for claude-agent-sdk authentication
ANTHROPIC_API_KEY=your-api-key-hereEdit the configuration in codeking.py at the bottom of the file:
if __name__ == "__main__":
git_repo = "https://github.com/your-org/your-repo.git"
src_dir = "/path/to/source_files"
output_dir = "/path/to/output"
asyncio.run(profile_codebase(git_repo, src_dir, output_dir))Then run:
uv run python codeking.py| Parameter | Description |
|---|---|
git_repo |
URL of the Git repository to analyze |
src_dir |
Local directory where the repo will be cloned |
output_dir |
Directory where the threat modeling report will be saved |
The tool generates a comprehensive Markdown report containing:
- High Level Overview — Executive summary, technology stack, security posture
- Architecture — System diagrams, component analysis, data flow
- Abstractions — Code patterns and their security implications
- Dependencies — Service catalog and external integration risks
- Database — Data model analysis, sensitive data identification
- Infrastructure as Code — Deployment security analysis
Reports are saved as <project>_threat_modeling_report.md in the output directory.
codeking/
├── codeking.py # Main application and agent definitions
├── pyproject.toml # Project dependencies
├── source_files/ # Cloned repositories (gitignored)
├── output/ # Generated threat modeling reports
└── .env # Environment variables (gitignored)
CodeKing leverages the claude-agent-sdk to orchestrate multiple AI agents, each with specialized skills:
┌─────────────────────────────────────────────────────────────┐
│ CodeKing Orchestrator │
│ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Overview │ │ Arch │ │ Abstract │ │ Depend │ │
│ │ Agent │ │ Agent │ │ Agent │ │ Agent │ │
│ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ │
│ │ │ │ │ │
│ ┌────┴─────┐ ┌────┴─────┐ ┌────┴─────┐ ┌────┴─────┐ │
│ │ DB │ │ IAC │ │ │ │ │ │
│ │ Agent │ │ Agent │ │ │ │ │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
│ │
│ ↓ Output ↓ │
│ Threat Modeling Report (Markdown) │
└─────────────────────────────────────────────────────────────┘
Each agent uses Claude's analysis capabilities combined with specific skills to examine different aspects of the codebase. The orchestrator compiles their findings into a unified threat modeling report.
- Analysis time depends on repository size — large repos like Airflow or Kibana can take 30+ minutes
- The tool uses
bypassPermissionsmode, so ensure you trust the repository being analyzed - Generated reports are designed as input for human threat modeling experts, not as final security assessments