Hybrid retrieval
Each query combines semantic search and exact keyword matching, then fuses the rankings so the strongest results rise to the top.
Private code memory for AI
SourceVault keeps every line on infrastructure you control — laptop, workstation, or your own server — indexes it with code-aware retrieval, and gives your team a safer way to search, read, and reason about proprietary code.
What buyers get
See it work
The problem
Most code assistants want to upload your repository, keep it in a cloud context window, and answer from a lossy slice of your system. That creates privacy risk, compliance concerns, and weak answers when the repo is large or sensitive.
SourceVault is built for teams that need private code intelligence on local infrastructure.
How it works
The retrieval patterns the leading RAG frameworks document as best practice — implemented natively on ChromaDB and Ollama, so the stack stays small and every line is yours to audit.
Each query combines semantic search and exact keyword matching, then fuses the rankings so the strongest results rise to the top.
Files are split along function and class boundaries, so every result maps to readable code with exact line ranges.
Each chunk is embedded with its path and symbol names so the vector store knows where code lives, not just what it says.
Ask mode checks whether it has enough context, retrieves again if needed, and answers only from source-backed snippets instead of guessing.
Cost model
Watch an AI agent work on a real codebase and you will see where the money goes: it re-reads whole files to find one function, drags stale context forward turn after turn, and pays again for every retry. That burn compounds — per question, per developer, per day — and per-seat plans meter all of it.
SourceVault's retrieval engine exists to end that pattern. Every question gets a bounded budget of cited file and line ranges — never a repo dump — and repeated questions return from cache with zero model calls. Local models answer with no meter at all; when you do route an agent to a hosted model, it receives targeted snippets, so the tokens you pay for are the ones that matter.
Operator experience
Three commands cover it: search for code, read a file, ask a grounded question. They behave the same way every time — in the CLI, Telegram, or Hermes Desktop — so they're easy to teach, support, and repeat. Just ask; the engine retrieves on its own.
/code-search express "trust proxy client ip"/code-read express lib/request.js/code-ask express "how does the trust proxy setting affect the client IP?"Code intelligence
The retrieval engine goes past keyword matching: it knows how your code connects, keeps its answers honest as the code changes, and plugs into the AI tools you already use.
A symbol graph links definitions to their references, so "who calls this function?" is answered from the code's actual structure — not just text that looks similar.
Ask one question across every indexed repository at once, with each citation tagged by repo — "how do the frontend and backend handle this?" in a single answer. Standard from Pro up.
Commit messages index alongside code, so "why was this changed?" and "when did this break?" get grounded answers — coverage a cloud indexer never sees, because it never sees your history.
A generated repo map and per-module summaries answer "how does auth work overall" with an overview instead of fragments — written by your local model, from your code, on your machine.
A local reranker re-reads the top candidates against your actual question before answering — a sensible default at sub-second cost. We're straight about why: the measured file-hit jump on our Express benchmark came from a separate retrieval fix, not the reranker, whose isolated effect was within noise on 30 questions. We keep it on by default and are re-measuring its benefit on a larger repository.
An MCP server exposes the same engine to Claude Code, OpenClaw, and any MCP client — bounded, cited context instead of re-reading files. The server itself is local-only: pair it with a local-model client and the loop stays zero-egress end to end; a cloud-backed client sends what it retrieves to its own vendor, by your choice.
The dashboard
Everything ships with a browser dashboard — connect your source control platforms, manage repositories and models, and ask questions about your code without touching a terminal. See it in action in the walkthrough above.
Sign in to GitHub, GitLab, or Bitbucket once. Browse and autocomplete your repositories as you type, and clone private repos without per-clone credentials.
Repositories index automatically on import. Update, sync, or switch branches per repo — and a stale index is one click from fresh.
Literal and semantic search with file-type filters, plus Ask mode for grounded answers where every citation clicks open to its source. History and archive are built in.
Citations and search results open the full file in a syntax-highlighted viewer — cited lines marked and scrolled into view, 15 languages, selectable light and dark code themes.
Pin a question as a standing check. After every reindex it re-asks itself and flags you when the cited answer drifts — "did the auth flow change this sprint?" answers itself.
Trust layer
Embeddings run on local Ollama, vectors live in local ChromaDB, and answers come from local models.
An enforcement layer between the index and everything that reads it: an access policy gates which files can be read at all, a DLP pass redacts secrets from every answer before delivery, and each decision lands in a tamper-evident, hash-chained audit log.
Commits are classified for AI authorship and security relevance, with signed attestations — so "what did the AI change in auth this month?" has a grounded, verifiable answer.
Authentication is enforced by default — there is no tokenless mode. A token is auto-provisioned at first boot, sessions get a one-click Lock, and a strict content-security policy plus loopback guard keep the control plane local.
Access tokens are generated server-side and rotated from the UI in one click — nobody types or chooses a credential, and rotation signs every other session out instantly.
.env files, lockfiles, and dependency directories are excluded automatically so credentials never become searchable vectors — and Sentinel's DLP layer redacts anything that slips through, on the way out.
The retrieval engine is built natively on two auditable local services — ChromaDB for vectors, Ollama for models. No LangChain-style orchestration layer in between: a smaller attack surface, every line yours to audit.
Pricing
Pricing scales with repositories — never per seat, never per token. Licenses are a one-time payment, yours forever, with 12 months of updates included — your installed version never stops working, and renewing updates later costs a fraction of list. Priority Support is the optional subscription for teams that want an SLA and hands-on tuning.
One command installs the full product with one repository for 7 days — no account, no card, and nothing leaves your machine. If it can't answer questions about your code with file-and-line citations, don't buy it.
$1,350 one-time
30 days of Priority Support included
For a founder or solo engineer who needs private code memory without a heavy platform project.
$3,800 one-time
30 days of Priority Support included
For a power user or small team running AI across several private repos.
From $8,200 one-time
30 days of Priority Support included
For an engineering team or large monorepo that needs a deliberate rollout.
Custom
Priority Support SLA
For regulated or air-gapped environments that need the compliance story in writing.
A support SLA plus hands-on expertise when it matters: model and resource tuning for your hardware, and reindex strategy when embedding models change. Flat $195/mo for any plan, after the 30 days included with every license. Requires an active SourceVault license (buy with the same email). Cancel anytime.
Your license and installed version work forever. When your 12-month updates window ends, renew to keep receiving new releases — Starter $550, Pro $1,550, one-time. The fresh key arrives by email and replaces the old one in Settings → License.
"From" prices are honest floors, not bait — your quote is fixed before work starts. Send your stack, repo count, and target machine and you will get a straight recommendation, even if the right answer is the smaller package.
Every license carries a 14-day money-back guarantee, and nothing ever auto-renews — the details are in the billing & refund policy. Starting small is safe, too: upgrade from Starter to Pro any time for the difference in list prices — just email support.
Deployment
Everything runs on infrastructure you control — the models, the index, the dashboard. macOS installs with a single Homebrew command (native launchd services). Linux gets its own one-liner (curl | bash, systemd services). Windows runs it inside WSL2 Ubuntu from a single PowerShell command. Every install includes the 7-day free trial — or use the shared Docker Compose deploy, where teammates on any OS connect through the browser.
# macOS
brew install sourcevault-ai/tap/sourcevault
# Linux (Ubuntu/Debian) and WSL2
curl -fsSL https://sourcevault.ai/install.sh | bash
# Windows (PowerShell)
irm https://sourcevault.ai/install.ps1 | iexStart the conversation
The free trial answers most questions — install it and see your own code cited back to you. For Team and Enterprise rollouts, air-gapped installs, or anything the trial can't settle, tell us your stack and you'll get a straight recommendation, usually the same day.
Prefer email? [email protected]