Claude Code Plugin
Connect Claude Code to your Oxagen workspace — typed ontology access, durable agent memory, multi-agent coordination, and 50+ slash commands. Engineered for code, but the same surface powers incident response, security triage, customer-impact analysis, and research workflows.
Overview
The Oxagen Claude Code plugin gives Claude Code direct, typed access to your workspace knowledge graph via MCP. Once connected, Claude can resolve entities, traverse the graph, generate blast-radius reports before refactors, query CI / coverage / security alerts, recall stored procedures, coordinate with other agents — all without leaving your editor.
The plugin's value isn't limited to code. The same MCP tools and the always-on memory layer power incident response, security triage, customer-impact analysis, on-call runbook recall, and research workflows. See Real-world use cases below.
The repo is open source at
oxagenai/claude-code-plugin
(MIT). Every tool call is workspace-scoped, credit-tracked, and returns
the canonical SPEC §7.9 envelope (results, evidence,
tokens_used_estimate, counterfactual_estimate_tokens,
counterfactual_method, cursor, tenant_scoped_at).
Quick start
# Add the Oxagen marketplace + install the plugin
/plugin marketplace add oxagenai/claude-code-plugin
/plugin install oxagen@oxagen
# Wire your workspace — opens the browser wizard
/oxagen:setup
# Ask a question about your workspace
/oxagen:ask "what are the most-called functions in the billing module?"
# Resolve a name to a graph node
/oxagen:find-symbol charge_credits
# Get a blast-radius report before a refactor
/oxagen:impact UserService.authenticate
# Search the knowledge graph
/oxagen:search "functions that write to the billing ledger"Always-on guarantees
When the plugin is enabled, the SessionStart hook injects an
<EXTREMELY_IMPORTANT> preamble on every session start (and after
/clear and /compact) that pins three guarantees the agent honours
on every turn:
- Graph first, guess second. Before any non-trivial action — code
edit, research synthesis, incident triage, ops change, customer-impact
analysis, policy lookup — the agent queries the Oxagen graph
(
ontology.*,code.*,incident.*,security.*,workspace.*) instead of reasoning from name matches or its own prior context. - Memory always recalled. At the start of any task, the agent calls
memory.recall(ormemory.context_injecton target node IDs). If a procedure or episode matches, it uses it. After meaningful work, it persists what it learned viamemory.rememberandagent.record_finding. - Coordination respected. Other Oxagen-connected agents may be
operating against the same workspace. The agent uses
agent.list_active_claimsbefore editing shared scope andagent.claim_workwhile it holds it.
The full routing policy lives in the oxagen:using-oxagen skill, also
auto-loaded by the hook. The exhaustive tool catalog and write-back
conventions live in oxagen:oxagen-tool-reference and
oxagen:dogfooding, loaded on demand.
Installation
Step 1: Create or open a workspace
Sign in at app.oxagen.ai. A default workspace is provisioned on signup.
Step 2: Add the plugin
/plugin marketplace add oxagenai/claude-code-plugin
/plugin install oxagen@oxagenStep 3: Run setup
/oxagen:setupThe command opens the browser wizard at
https://app.oxagen.ai/setup/claude-code, walks you through workspace +
GitHub repo selection, and hands back a one-line install string. Settings
are written to ~/.claude/oxagen.local.json. The plugin polls until the
initial repo ingest completes, then confirms the live tool list.
Step 4: Export the token
Add the following to your shell profile so the MCP connection works across restarts:
export OXAGEN_MCP_TOKEN="$(jq -r .token ~/.claude/oxagen.local.json)"Then restart your shell (or source ~/.zshrc) and reopen Claude Code.
Step 5: Verify
/mcpYou should see the oxagen server listed with its full tool set.
Real-world use cases
Coding is the most obvious surface. It is not the only one. Anything Oxagen ingests becomes queryable and groundable.
Engineering — refactor with confidence
/oxagen:impact UserService.authenticate returns callers, dependents,
PageRank, reach paths, and active claims — before you ship a signature
change. Stops the "I didn't realize ten things called this" class of
regression.
/oxagen:impact UserService.authenticate
/oxagen:cochange UserService.authenticate
/oxagen:tests-for UserService.authenticateEngineering — onboarding
The new hire gets a cartography of the system in five minutes:
/oxagen:repo-overview
/oxagen:module-tree services/api/app
/oxagen:who-knows BillingLedger.charge
/oxagen:expert @aliceIncident response & SRE — blast-radius from a stack trace
Within seconds of a page firing:
/oxagen:find-symbol process_chunk
/oxagen:impact process_chunk
/oxagen:pr-history process_chunk
/oxagen:procedure-for "redis OOM during ingest"The procedure recall pulls back what the last on-call engineer did the last time this happened — no wiki hunting at 3 a.m. After resolution:
/oxagen:incident resolve INC-2941
/oxagen:remember "OOM root-caused to chunk size 16k; mitigated by bounded queue at packages/oxagen/oxagen/ingest/queue.py:142" --outcome=succeededThe next session that hits a similar trace gets that episode injected as context.
Security & compliance — triage with reach
/oxagen:security-alerts --severity=high
/oxagen:alert GHSA-xxxx-yyyy-zzzzAlerts come back joined to the call graph so the agent can immediately
answer "what is actually affected?" without grep-hunting. For audit
workflows, ingest controls + evidence + owners into a workspace ontology
and let the agent traverse CONTROLS → IMPLEMENTED_BY → OWNED_BY instead
of stitching together spreadsheets.
Customer success & support — escalation graphs
/oxagen:ask "which customers depend on the feature gated by payments.charge?"
/oxagen:expert payments
/oxagen:procedure-for "stripe webhook retry storm"For workspaces that ingest a customer ontology layer, the same code.*
ontology.*tools answer "who's affected, who knows, what did we do last time" with typed certainty instead of guesswork.
Research, R&D, internal knowledge
Ingest a corpus (papers, internal docs, design memos) into a workspace.
The agent answers "how does concept A relate to concept B" via
ontology.traverse instead of vector-search guessing. Memory turns the
agent into a research notebook that gets smarter every run:
/oxagen:recall "approaches to vector compression we've ruled out"
/oxagen:remember "Product-quantization variant X failed on our high-dim dataset; recall improved by 3pt but latency 4x" --outcome=failedFailed approaches show up as warnings before the next agent retries them.
Multi-agent fleets
/oxagen:claim packages/oxagen/.../service.py:50-120
# … edit …
/oxagen:remember "extracted retry policy into shared helper at packages/oxagen/oxagen/util/retry.py:8" --outcome=succeeded
/oxagen:release-claimagent.record_finding persists typed observations on affected nodes;
agent.get_findings retrieves them at the start of the next task. Use
/oxagen:go --p0 "investigate auth regression" to dispatch the Oxagen
swarm; each agent inherits the same graph + memory + claim coordination.
Slash commands
All commands use the /oxagen: prefix. Run any command with no arguments
to get interactive prompts.
Setup and Q&A
| Command | Argument | What it does |
|---|---|---|
/oxagen:setup | [install-string] | End-to-end onboarding: workspace → GitHub → token → ingest verify |
/oxagen:ask | <question> | Direct Q&A against the ontology — prose answer backed by Cypher |
/oxagen:search | <query> | NL→Cypher graph search with traversal fallback, returns file:line hits |
Discovery and structure
| Command | Argument | What it does |
|---|---|---|
/oxagen:repo-overview | — | Workspace summary — language mix, top modules, entry points, node counts |
/oxagen:module-tree | [path] | Annotated directory tree with per-subtree symbol counts |
/oxagen:find-symbol | <name> | Resolve a name to one or more ontology nodes |
/oxagen:describe | <symbol> | Structural metadata — kind, signature, decorators, docstring, location |
/oxagen:read | <symbol> | Source bytes + summary + line range with configurable surrounding context |
/oxagen:find-pattern | <pattern> | Hybrid semantic + grep search over the ontology |
/oxagen:explain | <symbol> | Behavioural breakdown: inputs, outputs, calls, reads, writes, raises |
Traversal
| Command | Argument | What it does |
|---|---|---|
/oxagen:impact | <symbol> | Blast-radius report — callers, deps, PageRank, reach path, active claims |
/oxagen:callers | <symbol> | Direct callers (alias code.callers_of) |
/oxagen:callees | <symbol> | Outgoing CALLS edges |
/oxagen:refs | <symbol> | All references — calls, imports, type uses |
/oxagen:path | <from> <to> | Directed path between two symbols (alias code.dependency_path) |
/oxagen:cochange | <symbol> | Symbols that historically change together |
History, ownership, issues
| Command | Argument | What it does |
|---|---|---|
/oxagen:who-knows | <symbol> | People ranked by authorship + review activity on a symbol |
/oxagen:expert | <login> | What a person owns — inverse of /oxagen:who-knows |
/oxagen:recent | [--days] [--path] | Recent commits across the workspace |
/oxagen:blame | <file> | Enriched blame with PR / issue / reviewer joins |
/oxagen:pr | <num> | Full PR context — files, commits, reviewers, linked issues, affected nodes |
/oxagen:pr-history | <symbol> | PRs that have touched a symbol |
/oxagen:issue | <key> | Issue context — title, body, comments, linked PRs, affected nodes |
/oxagen:find-issues | <query> | Hybrid full-text issue search |
Tests and CI
| Command | Argument | What it does |
|---|---|---|
/oxagen:tests-for | <symbol> | Tests exercising a symbol — direct + transitive |
/oxagen:coverage | <file> | Per-line coverage from the latest CI run |
/oxagen:failing-tests | [--branch] | Tests currently failing on the branch |
/oxagen:flaky-tests | [--days] | Flake-rate ranking over a rolling window |
/oxagen:last-run | [workflow] | Most-recent CI workflow run for a workflow / branch / PR |
/oxagen:run-failures | <run-id> | Failed jobs and steps for a workflow run with cold-log preview |
Security
| Command | Argument | What it does |
|---|---|---|
/oxagen:security-alerts | [--severity] | Open Dependabot, CodeQL, and secret-scan alerts |
/oxagen:alert | <id> | Full alert context — affected nodes, recommendation, advisory links |
Memory
| Command | Argument | What it does |
|---|---|---|
/oxagen:recall | <intent> | Retrieve procedures + episodes by intent (M8 §6.4) |
/oxagen:remember | <fact> | Persist a free-form fact as a memory episode (M8 §6.4) |
/oxagen:procedure-for | <trigger> | Look up a stored procedure by exact trigger pattern |
/oxagen:forget | <memory-id> | Soft-delete an episode or procedure |
/oxagen:memory-enable | — | Enable durable agent memory (automatic capture + pattern injection) |
/oxagen:memory-metric | [name] [condition] | Define a custom self-improvement eval metric |
/oxagen:memory-logs | [limit] | View recent agent actions captured by memory |
Coordination and ops
| Command | Argument | What it does |
|---|---|---|
/oxagen:claim | <file:line | symbol> | Lock a range so parallel agents back off; auto-releases on session end |
/oxagen:incident | <open|resolve|link> | Track production incidents against graph nodes |
/oxagen:workspace-select | [id-or-name] | Switch active workspace for the current session |
/oxagen:go | [--p0|--issue <issue-key>] | Dispatch the Oxagen agent swarm |
/oxagen:watch | [--daemons] | Start the Oxagen monitor supervisor |
Response envelope
Every code-graph tool returns the same canonical envelope so the agent parses one shape regardless of which tool emitted it.
{
"results": [...],
"evidence": [
{"node_id": "…", "kind": "code.function", "url": "https://github.com/…"}
],
"tokens_used_estimate": 142,
"counterfactual_estimate_tokens": 8400,
"counterfactual_method": "grep_plus_read_n_files",
"cursor": null,
"tenant_scoped_at": {
"tenant_id": "…",
"workspace_id": "…",
"project_id": null
}
}results— the typed records the tool was asked for.evidence— node IDs the agent can cite back. Every record inresultsis reachable from at least oneevidenceentry.tokens_used_estimate— tokens spent on this tool's reply, computed from the assembled payload.counterfactual_estimate_tokens— what the same answer would have cost a vanilla file-search agent. The receipt for the "fewer LLM calls, smaller models, lower bills" claim.counterfactual_method— stable method-id naming the estimator (e.g.grep_plus_read_n_files,lockfile_transitive_parse_plus_manifests).cursor— opaque pagination token, ornullfor unpaginated results.tenant_scoped_at— the workspace the tool resolved to. Always populated.
The envelope is enforced — malformed responses are rejected before they reach the agent.
MCP tool reference
All tools follow the naming convention mcp__oxagen__<group>_<action>.
ontology.* — knowledge graph
| Tool | Description |
|---|---|
ontology.ask | NL question → Cypher → prose answer + raw rows |
ontology.get_node | Resolve a symbol or file:line to a graph node |
ontology.list_nodes | List nodes filtered by type |
ontology.create_node | Upsert a node into the ontology |
ontology.list_edges | List edges filtered by type |
ontology.create_edge | Upsert an edge between two nodes |
ontology.list_types | Enumerate all node and edge type schemas |
ontology.pagerank | Return precomputed PageRank scores for a set of nodes |
ontology.communities | Detect communities via Louvain or label propagation |
ontology.traverse | Multi-hop graph traversal with edge-type and depth filters |
ontology.explain_function | Behavioural breakdown: calls, reads, writes, raises, callers |
ontology.impact_of | Direct callers and dependents of a node (alias code.affected_by) |
ontology.symbol_context | One-call laser-context bundle — class, siblings, tests, callers, callees, returns, recent commits |
ontology.refresh_repo | Trigger a manual re-ingest of the connected GitHub repo |
ontology.list_merge_candidates / approve_merge / reject_merge / set_merge_policy | Node-merge review queue |
code.* — discovery and structure
| Tool | Description |
|---|---|
code.repo_overview | Workspace overview — language mix, top modules, entry points |
code.module_tree | Directory tree with per-subtree symbol counts |
code.find_symbol | Resolve a name to ontology nodes |
code.describe_symbol | Structural metadata — kind, signature, decorators, docstring |
code.read_symbol | Symbol summary + line range + source bytes, with context_lines padding (default 5, range 0–200) |
code.* — traversal
| Tool | Description |
|---|---|
code.find_callers (alias code.callers_of) | Who calls this function or method |
code.callees_of | Outgoing CALLS edges |
code.find_dependencies | What this node depends on |
code.find_path (alias code.dependency_path) | Shortest path between two nodes |
code.get_neighborhood | All nodes within N hops |
code.references_to | All references — calls, imports, type uses |
code.co_changes_with | Symbols that historically change together |
code.find_cycles | Circular dependency clusters |
code.find_dead_code | Nodes with no incoming CALLS edges |
code.stats | Summary node and edge counts for the workspace |
code.* — history, ownership, issues
| Tool | Description |
|---|---|
code.recent_changes | Recent commits across the workspace |
code.blame_enriched | Line-level blame with PR / issue / reviewer joins |
code.pr_context | Full PR context — commits, reviewers, files, linked issues |
code.pr_history | PRs that touched a symbol |
code.who_knows_about | People ranked by activity on a symbol |
code.expertise | Symbols a person owns |
code.issue_context | Issue body, comments, linked PRs, affected nodes |
code.find_issues | Hybrid full-text issue search |
code.discussion_context | GitHub Discussion context |
code.find_pattern | Hybrid semantic + grep search across the ontology |
code.* — tests and CI
| Tool | Description |
|---|---|
code.tests_for | Tests exercising a symbol |
code.coverage_for | Per-line coverage for a file |
code.failing_tests | Tests currently failing on a branch |
code.flaky_tests | Flake-rate ranking |
code.last_run | Most-recent CI workflow run |
code.run_failures | Failed jobs and steps for a run with cold-log preview |
code.* — dependencies
| Tool | Description |
|---|---|
code.dependencies | Resolved package dependencies for the workspace |
code.dependency_graph | Transitive dependency graph |
agent.* — multi-agent coordination
| Tool | Description |
|---|---|
agent.start_session | Register a new agent session |
agent.heartbeat | Extend the session lifetime and refresh active claims |
agent.end_session | Close a session and release all its claims |
agent.claim_work | Lock a file range or symbol for this session |
agent.release_claim | Release a specific claim before session end |
agent.record_finding | Persist a finding for future sessions to read |
agent.get_findings | Retrieve findings for a specific node |
agent.list_active_claims | List all active claims overlapping a file or range |
memory.* — agent memory
| Tool | Description |
|---|---|
memory.recall | Retrieve procedures + episodes by intent (M8 §6.4) |
memory.remember | Persist a fact as a memory episode (M8 §6.4) |
memory.procedure_for | Look up a procedure by exact trigger pattern (M8 §6.4) |
memory.forget | Soft-delete an episode or procedure (M8 §6.4) |
memory.search | Search captured agent actions with filters |
memory.context | Retrieve the current memory context for a workspace |
memory.annotate | Annotate an action with outcome metadata |
memory.metric_create | Create a custom eval metric |
memory.metric_update | Update a metric's definition |
memory.metric_delete | Delete a metric |
memory.metric_list | List all metrics for the workspace |
memory.benchmark_get | Retrieve benchmark results for a metric |
memory.benchmark_compare | Compare two benchmark snapshots |
memory.context_inject | Inject memory context into the current system prompt |
security.* — security alerts
| Tool | Description |
|---|---|
security.open_alerts | List open Dependabot, CodeQL, and secret-scan alerts |
security.alert_context | Full alert body, affected nodes, recommendation, advisory links |
workspace.* — workspace management
| Tool | Description |
|---|---|
workspace.list | List all workspaces accessible to this token |
workspace.bind | Bind the session to a specific workspace ID |
workspace.enable_memory | Enable agent memory capture for the workspace |
workspace.disable_memory | Disable agent memory capture |
incident.* — incident tracking
| Tool | Description |
|---|---|
incident.open | Open an incident, optionally linked to a graph node |
incident.resolve | Mark an incident resolved with an optional root-cause note |
incident.link | Associate an existing incident with an additional graph node |
Agent memory
Once enabled with /oxagen:memory-enable, capture is automatic. Claude
Code does not need to call any memory tools explicitly — the MCP server
captures every tool invocation in the background. The plugin's
SessionStart hook still tells the agent to recall memory before any
non-trivial task; the capture half is server-managed.
The M8 memory module surfaces:
- Procedures — recipes promoted from repeated successful or recovered
runs. Retrieve via
/oxagen:procedure-for <trigger>. - Episodes — single events the agent stored via
/oxagen:remember <fact>. Retrieve via/oxagen:recall <intent>.
Patterns are detected and injected into context before each run. Inspect
the injection by reviewing the conversation's system prompt — the
oxagen plugin's preamble plus any pattern-driven warnings appear under
<EXTREMELY_IMPORTANT> tags.
Troubleshooting
No tools listed after setup. Check that OXAGEN_MCP_TOKEN is exported
in the shell that launched Claude Code. Run echo $OXAGEN_MCP_TOKEN to
verify. Restart Claude Code from a shell that has the export, then run
/mcp.
memory.* tools not returning results. Memory tools are always
registered; capture activates only after /oxagen:memory-enable flips on
the workspace.
401 on every call. Your MCP token has expired or been revoked.
Generate a new token at Settings → MCP → Tokens and re-run
/oxagen:setup with the new install string.
Ingest stuck / graph empty. Check Settings → Connections in the
app. If the GitHub connection shows an error, reconnect it and trigger a
manual re-ingest from the same page. Or ask the agent to call
ontology.refresh_repo.
Stale claim blocking another session. Use /oxagen:ask "list active claims" to find it, then run:
/oxagen:claim <file:line> --forceto override it (records an audit event).
Low confidence from /oxagen:ask or /oxagen:search. The workspace
graph may be sparse or the ingest incomplete. Trigger a re-ingest via
Settings → Connections → Re-ingest and retry once the status is
ready.
Open source
The plugin is MIT-licensed and developed in the open at
oxagenai/claude-code-plugin.
File bugs, request commands, or open PRs there. The platform monorepo
mirrors the same tree at plugins/oxagen-claude-code/ for internal
dogfooding; ejection is automated via
scripts/eject-claude-code-plugin.sh.
Plugins
Extend your Oxagen workspace with plugins — pre-built integrations that add tools, slash commands, and agent capabilities to your MCP-connected coding agents.
API Reference
The public Oxagen API — the capability surface that exposes every agent tool, the typed ontology endpoints, and the MCP-token endpoint.