hypergumbo 2.5.1__tar.gz → 2.7.0__tar.gz

{hypergumbo-2.5.1 → hypergumbo-2.7.0}/.gitignore

@@ -19,6 +19,7 @@ hypergumbo_capsule/
 hypergumbo.results.json
 hypergumbo.results.*.json
 slice.json
+slice.*.json
 
 # Agent configuration
 **/*.local.json
@@ -28,18 +29,34 @@ slice.json
 **/.cursor/state/
 **/*-session/
 AUTONOMOUS_MODE.txt
+autonomous_intent.txt
 .agent/LOOP
 .agent/disabled.LOOP
-.agent/last_stop_check.json
 .agent/invariant-ledger.md
-.agent/.current_session_transcript.jsonl
+# Per-session transcript pipeline (ADR-0018, per-session amendment 2026-04-08).
+# Each session writes per-session-keyed files. The .last_*/.second_to_last_*
+# global slots are written at session END by rotate-on-session-end.sh.
+.agent/.current_session_transcript.*.jsonl
+.agent/.current_injection_history.*.jsonl
+.agent/.transcript-sync.*.pid
+.agent/.transcript-sync-state.*.json
+.agent/.transcript-poll-state.*
+.agent/.transcript-injection-state.*.json
 .agent/.last_session_transcript.jsonl
 .agent/.second_to_last_transcript.jsonl
+.agent/.last_injection_history.jsonl
+.agent/.second_to_last_injection_history.jsonl
+.agent/.archived-transcripts/
+.agent/.rotation.lock
+# Legacy paths from before the per-session amendment (ignored for one-time
+# upgrade-cleanup safety; may be removed once no repo still has these).
+.agent/.current_session_transcript.jsonl
 .agent/.transcript-sync.pid
 .agent/.transcript-sync-state.json
 .agent/.transcript-poll-state
 .agent/.transcript-injection-state.json
 .agent/.transcript-session-token
+.agent/.current_injection_history.jsonl
 hook-canary.txt
 
 # Coverage
@@ -72,5 +89,7 @@ package-lock.json
 .agent/.sync-logs/
 .agent/.training-data.jsonl
 .agent/.training-data-selected.jsonl
+.agent/.training-data-v1-snapshot-*.jsonl
+.agent/.deprecated-datasets/
 .agent/finetuned-model/
 .agent/transcript-model.gguf

{hypergumbo-2.5.1 → hypergumbo-2.7.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: hypergumbo
-Version: 2.5.1
+Version: 2.7.0
 Summary: Local-first repo behavior map generator
 Author: Hypergumbo contributors
 License: AGPL-3.0-or-later
@@ -10,10 +10,10 @@ Classifier: License :: OSI Approved :: GNU Affero General Public License v3 or l
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3 :: Only
 Requires-Python: >=3.10
-Requires-Dist: hypergumbo-core==2.5.1
-Requires-Dist: hypergumbo-lang-common==2.5.1
-Requires-Dist: hypergumbo-lang-extended1==2.5.1
-Requires-Dist: hypergumbo-lang-mainstream==2.5.1
+Requires-Dist: hypergumbo-core==2.7.0
+Requires-Dist: hypergumbo-lang-common==2.7.0
+Requires-Dist: hypergumbo-lang-extended1==2.7.0
+Requires-Dist: hypergumbo-lang-mainstream==2.7.0
 Provides-Extra: dev
 Requires-Dist: bandit~=1.9.3; extra == 'dev'
 Requires-Dist: check-jsonschema~=0.36.1; extra == 'dev'
@@ -150,6 +150,8 @@ hypergumbo . -t 8000   # detailed with many symbols
 hypergumbo [path]              # Markdown sketch (default)
 hypergumbo run [path]          # Full JSON behavior map
 hypergumbo slice --entry X     # Subgraph from entry point
+hypergumbo io-boundaries       # Find all I/O (filesystem, network, subprocess, env)
+hypergumbo verify-claims ...   # Verify security claims against analysis
 hypergumbo routes [path]       # List HTTP routes
 hypergumbo search <query>      # Search symbols
 hypergumbo symbols [path]      # Browse symbols with connectivity
@@ -160,8 +162,8 @@ hypergumbo catalog             # List analysis passes
 
 Useful flags:
 ```bash
-hypergumbo . -x                # exclude test files (faster)
-hypergumbo . --with-source     # append full source code
+hypergumbo . -x                # exclude test files (cleaner output)
+hypergumbo . --no-source       # omit source code (included by default)
 hypergumbo . --no-progress     # hide progress indicator (on by default)
 hypergumbo --help --all        # comprehensive help for all commands
 ```
@@ -178,8 +180,11 @@ See `hypergumbo --help` for all options.
 ## What It Understands
 
 - **Language analyzers**: Python, JS/TS, Java, Rust, Go, C/C++, and [many more](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LANGUAGES.md)
-- **Cross-language linkers**: JNI, HTTP, WebSocket, gRPC, GraphQL, message queues ([full list](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md))
+- **Linkers**: Tier 2 edge-recovery passes across four subcategories — Protocol (HTTP, WebSocket, message queues, SQL), Bridge (JNI, wasm_bindgen, Tauri IPC, language-pair FFI), Framework (gRPC, GraphQL, React components, DI resolution, ORM), Infrastructure (containment, inheritance, module imports). [Full catalogue](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md).
 - **Framework patterns**: FastAPI, Django, Rails, Spring Boot, Phoenix, Express, and [many more](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/FRAMEWORKS.md)
+- **I/O boundary detection**: Maps every call chain that reaches the filesystem, network, subprocesses, or environment — across FFI boundaries
+- **Taint-flow analysis**: Traces data from sensitive sources (crypto keys, plaintext) to sinks (filesystem, network), with sanitizer awareness
+- **Supply chain tiers**: Classifies code as first-party, internal, external, or derived for dependency-aware analysis
 
 ## How It Works
 
@@ -187,7 +192,9 @@ See `hypergumbo --help` for all options.
 2. **Analyze**: Run language-specific analyzers to extract symbols and edges
 3. **Link**: Connect symbols across language boundaries (JS fetch → Python route)
 4. **Enrich**: Detect frameworks via YAML pattern matching
-5. **Output**: Generate Markdown sketch or JSON behavior map
+5. **Classify**: Assign supply chain tiers (first-party, internal, external, derived)
+6. **Trace I/O**: Map call chains to I/O boundaries; run taint-flow analysis
+7. **Output**: Generate Markdown sketch or JSON behavior map
 
 ### The Internal Representation
 
@@ -197,7 +204,7 @@ All analyzers produce the same IR types:
 - **Edge**: A relationship between symbols (calls, imports, extends, implements)
 - **Span**: Source location (file, line, column)
 
-This uniform IR is what allows all language analyzers and cross-language linkers to work together coherently.
+This uniform IR is what allows all language analyzers and linkers (Protocol / Bridge / Framework / Infrastructure — see [ADR-0003-ext](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/adr/0003-linker-subcategory-restoration.md)) to work together coherently.
 
 ## Architecture
 
@@ -209,7 +216,7 @@ packages/
 │       ├── ir.py              # Symbol, Edge, Span
 │       ├── sketch.py          # Token-budgeted Markdown
 │       ├── slice.py           # Subgraph extraction
-│       ├── linkers/           # Cross-language linkers
+│       ├── linkers/           # Tier 2 edge-recovery passes (Protocol/Bridge/Framework/Infrastructure)
 │       └── frameworks/        # Framework detection (YAML patterns)
 ├── hypergumbo-lang-mainstream/  # Python, JS, Java, Go, Rust, etc.
 ├── hypergumbo-lang-common/      # Haskell, Elixir, GraphQL, etc.
@@ -244,11 +251,12 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for PR workflow (including fork-based wor
 - [docs/USE-CASES.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/USE-CASES.md) — Practical workflows and examples
 - [CHANGELOG.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/CHANGELOG.md) — Implementation history
 - [docs/LANGUAGES.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LANGUAGES.md) — Supported languages
-- [docs/LINKERS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md) — Cross-language linkers
+- [docs/LINKERS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md) — Linkers catalogue (Protocol / Bridge / Framework / Infrastructure)
 - [docs/FRAMEWORKS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/FRAMEWORKS.md) — Framework patterns
 - [docs/hypergumbo-spec.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/hypergumbo-spec.md) — Detailed specification
 - [docs/CITATIONS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/CITATIONS.md) — Paper citations for embedding models
 - [docs/CACHE.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/CACHE.md) — Caching architecture
+- [docs/agent-supervisor.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/agent-supervisor.md) — Operator guide for `scripts/agent-supervisor` (the tmux-session watchdog for autonomous agents)
 - [SECURITY.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/SECURITY.md) — Vulnerability reporting
 - [hypergumbo-tracker README](packages/hypergumbo-tracker/README.md) — Standalone tracker for AI agent governance
 

{hypergumbo-2.5.1 → hypergumbo-2.7.0}/README.md

@@ -120,6 +120,8 @@ hypergumbo . -t 8000   # detailed with many symbols
 hypergumbo [path]              # Markdown sketch (default)
 hypergumbo run [path]          # Full JSON behavior map
 hypergumbo slice --entry X     # Subgraph from entry point
+hypergumbo io-boundaries       # Find all I/O (filesystem, network, subprocess, env)
+hypergumbo verify-claims ...   # Verify security claims against analysis
 hypergumbo routes [path]       # List HTTP routes
 hypergumbo search <query>      # Search symbols
 hypergumbo symbols [path]      # Browse symbols with connectivity
@@ -130,8 +132,8 @@ hypergumbo catalog             # List analysis passes
 
 Useful flags:
 ```bash
-hypergumbo . -x                # exclude test files (faster)
-hypergumbo . --with-source     # append full source code
+hypergumbo . -x                # exclude test files (cleaner output)
+hypergumbo . --no-source       # omit source code (included by default)
 hypergumbo . --no-progress     # hide progress indicator (on by default)
 hypergumbo --help --all        # comprehensive help for all commands
 ```
@@ -148,8 +150,11 @@ See `hypergumbo --help` for all options.
 ## What It Understands
 
 - **Language analyzers**: Python, JS/TS, Java, Rust, Go, C/C++, and [many more](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LANGUAGES.md)
-- **Cross-language linkers**: JNI, HTTP, WebSocket, gRPC, GraphQL, message queues ([full list](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md))
+- **Linkers**: Tier 2 edge-recovery passes across four subcategories — Protocol (HTTP, WebSocket, message queues, SQL), Bridge (JNI, wasm_bindgen, Tauri IPC, language-pair FFI), Framework (gRPC, GraphQL, React components, DI resolution, ORM), Infrastructure (containment, inheritance, module imports). [Full catalogue](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md).
 - **Framework patterns**: FastAPI, Django, Rails, Spring Boot, Phoenix, Express, and [many more](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/FRAMEWORKS.md)
+- **I/O boundary detection**: Maps every call chain that reaches the filesystem, network, subprocesses, or environment — across FFI boundaries
+- **Taint-flow analysis**: Traces data from sensitive sources (crypto keys, plaintext) to sinks (filesystem, network), with sanitizer awareness
+- **Supply chain tiers**: Classifies code as first-party, internal, external, or derived for dependency-aware analysis
 
 ## How It Works
 
@@ -157,7 +162,9 @@ See `hypergumbo --help` for all options.
 2. **Analyze**: Run language-specific analyzers to extract symbols and edges
 3. **Link**: Connect symbols across language boundaries (JS fetch → Python route)
 4. **Enrich**: Detect frameworks via YAML pattern matching
-5. **Output**: Generate Markdown sketch or JSON behavior map
+5. **Classify**: Assign supply chain tiers (first-party, internal, external, derived)
+6. **Trace I/O**: Map call chains to I/O boundaries; run taint-flow analysis
+7. **Output**: Generate Markdown sketch or JSON behavior map
 
 ### The Internal Representation
 
@@ -167,7 +174,7 @@ All analyzers produce the same IR types:
 - **Edge**: A relationship between symbols (calls, imports, extends, implements)
 - **Span**: Source location (file, line, column)
 
-This uniform IR is what allows all language analyzers and cross-language linkers to work together coherently.
+This uniform IR is what allows all language analyzers and linkers (Protocol / Bridge / Framework / Infrastructure — see [ADR-0003-ext](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/adr/0003-linker-subcategory-restoration.md)) to work together coherently.
 
 ## Architecture
 
@@ -179,7 +186,7 @@ packages/
 │       ├── ir.py              # Symbol, Edge, Span
 │       ├── sketch.py          # Token-budgeted Markdown
 │       ├── slice.py           # Subgraph extraction
-│       ├── linkers/           # Cross-language linkers
+│       ├── linkers/           # Tier 2 edge-recovery passes (Protocol/Bridge/Framework/Infrastructure)
 │       └── frameworks/        # Framework detection (YAML patterns)
 ├── hypergumbo-lang-mainstream/  # Python, JS, Java, Go, Rust, etc.
 ├── hypergumbo-lang-common/      # Haskell, Elixir, GraphQL, etc.
@@ -214,11 +221,12 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for PR workflow (including fork-based wor
 - [docs/USE-CASES.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/USE-CASES.md) — Practical workflows and examples
 - [CHANGELOG.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/CHANGELOG.md) — Implementation history
 - [docs/LANGUAGES.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LANGUAGES.md) — Supported languages
-- [docs/LINKERS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md) — Cross-language linkers
+- [docs/LINKERS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md) — Linkers catalogue (Protocol / Bridge / Framework / Infrastructure)
 - [docs/FRAMEWORKS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/FRAMEWORKS.md) — Framework patterns
 - [docs/hypergumbo-spec.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/hypergumbo-spec.md) — Detailed specification
 - [docs/CITATIONS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/CITATIONS.md) — Paper citations for embedding models
 - [docs/CACHE.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/CACHE.md) — Caching architecture
+- [docs/agent-supervisor.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/agent-supervisor.md) — Operator guide for `scripts/agent-supervisor` (the tmux-session watchdog for autonomous agents)
 - [SECURITY.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/SECURITY.md) — Vulnerability reporting
 - [hypergumbo-tracker README](packages/hypergumbo-tracker/README.md) — Standalone tracker for AI agent governance
 

{hypergumbo-2.5.1 → hypergumbo-2.7.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "hypergumbo"
-version = "2.5.1"
+version = "2.7.0"
 description = "Local-first repo behavior map generator"
 readme = "README.md"
 requires-python = ">=3.10"
@@ -19,10 +19,10 @@ classifiers = [
 ]
 dependencies = [
   # Meta-package that pulls in all hypergumbo components
-  "hypergumbo-core==2.5.1",
-  "hypergumbo-lang-mainstream==2.5.1",
-  "hypergumbo-lang-common==2.5.1",
-  "hypergumbo-lang-extended1==2.5.1",
+  "hypergumbo-core==2.7.0",
+  "hypergumbo-lang-mainstream==2.7.0",
+  "hypergumbo-lang-common==2.7.0",
+  "hypergumbo-lang-extended1==2.7.0",
 ]
 
 [project.optional-dependencies]