Delv
CodingActive· 9dby Sourcegraph4.3

Sourcegraph Cody

AI coding assistant that uses Sourcegraph code graph search to answer questions and edit code across large enterprise codebases.

Try it Source Also in Tools: AI Code & Dev
A
Safety & Trust

Delv Safety Grade: A

Score 82/100 · assessed 2026-04-18

Maintainer85
Permissions65
Supply chain90
Transparency88
Incidents100

Sourcegraph Cody is maintained by Sourcegraph, a well-established code intelligence company with significant enterprise adoption and venture backing. The agent integrates deeply with IDEs to provide AI-assisted coding, requiring substantial filesystem access to read and modify code across entire repositories. It connects to Sourcegraph's backend services for code graph analysis and to external LLMs for generation. The supply chain is solid with official IDE marketplace distribution and open-source codebase. Documentation and transparency are strong with active development and clear changelogs. Primary risk stems from the breadth of permissions needed: full codebase read/write access, network connectivity to external services, and environment variable access for authentication tokens. Enterprise deployments may use self-hosted Sourcegraph instances, reducing some external data exposure. No known security incidents. The freemium model with paid tiers aligns incentives towards sustained maintenance.

Green flags

  • Maintained by well-funded enterprise company (Sourcegraph) with strong reputation
  • Fully open source with active development and community engagement
  • Distributed via official IDE marketplaces (VS Code, JetBrains)
  • Supports self-hosted deployment for enterprise data sovereignty
  • Clear documentation and transparent security practices

Red flags

  • Requires full filesystem read/write access across entire codebase
  • Connects to external LLM services, potential data exfiltration vector
  • Accesses environment variables which may contain sensitive credentials
  • IDE integration grants broad execution context within development environment

Permissions requested

Read filesWrite filesOutbound networkRead envExternal LLM callRepo readRepo write
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Pricing

FREEMIUMFree tier, paid from $9/mo

Platforms

vscodejetbrainsweb

Review

Cody's pitch is simple: it knows your entire codebase, not just the file you're editing. That context awareness is the autonomy hook. When you ask "where do we handle authentication?", it searches across repos using Sourcegraph's code graph, then answers with actual file paths and snippets. This beats ChatGPT-in-an-editor tools that only see what you paste. I've used it most on a sprawling Django monolith where grep fails and institutional knowledge lives in three people's heads. Cody's codebase Q&A shines here. Ask "how does the billing webhook retry logic work?" and it traces through models, tasks, and config files to give you a coherent answer. The autocomplete is fine, nothing special, but the chat with full repo context is genuinely useful when onboarding or debugging unfamiliar modules. The refactoring commands ("extract this to a function", "add error handling") work across multiple files if you select them. That's more autonomous than Copilot's single-file edits, though less ambitious than Cursor's multi-file diffs. Cody will propose changes, you review, it applies them. No magic, but it saves the tedious part of renaming a function in twelve places. Failure modes: it hallucinates less than raw GPT-4 because it's grounded in real code, but it still invents method names occasionally. The free tier caps context window size, so massive monorepos hit limits fast. Enterprise pricing unlocks better models and more context, but at that point you're paying Sourcegraph rates. Versus Cursor: Cursor feels faster for greenfield work and has better multi-file editing UI. Cody wins if you already use Sourcegraph for code search, or if your codebase is large and poorly documented. Versus Copilot: Copilot's autocomplete is snappier, but Cody's whole-repo awareness makes it better for understanding existing systems. The JetBrains and VS Code extensions are solid. The web version exists but feels like an afterthought. If you're on a small team with a tidy codebase, Copilot or Cursor will do. If you're wading through enterprise spaghetti, Cody's context engine earns its keep.
Verdict

Best for developers inheriting large, unfamiliar codebases where understanding matters as much as writing. If your repo fits in your head, cheaper tools suffice. Enterprise teams already on Sourcegraph should trial this immediately.

Good at

  • Whole-codebase context via Sourcegraph code graph, not just open files
  • Codebase Q&A genuinely useful for onboarding and archaeology
  • Multi-file refactoring that actually works across related modules
  • Less hallucination than raw LLMs because answers grounded in real code
  • Free tier usable for small projects, enterprise tier scales properly

Watch out

  • Free tier context limits hit fast on large repos
  • Autocomplete unremarkable compared to Copilot
  • Enterprise pricing steep if you don't already use Sourcegraph
  • Still invents method names occasionally despite grounding
  • Web version feels underbaked versus IDE extensions

Use cases

  • code search
  • refactoring
  • codebase Q&A