hypergumbo 2.6.0__tar.gz → 3.0.0__tar.gz

{hypergumbo-2.6.0 → hypergumbo-3.0.0}/.gitignore

@@ -29,6 +29,7 @@ slice.*.json
 **/.cursor/state/
 **/*-session/
 AUTONOMOUS_MODE.txt
+autonomous_intent.txt
 .agent/LOOP
 .agent/disabled.LOOP
 .agent/invariant-ledger.md
@@ -41,6 +42,7 @@ AUTONOMOUS_MODE.txt
 .agent/.transcript-sync-state.*.json
 .agent/.transcript-poll-state.*
 .agent/.transcript-injection-state.*.json
+.agent/.transcript-injection-state.*.lock
 .agent/.last_session_transcript.jsonl
 .agent/.second_to_last_transcript.jsonl
 .agent/.last_injection_history.jsonl

{hypergumbo-2.6.0 → hypergumbo-3.0.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: hypergumbo
-Version: 2.6.0
+Version: 3.0.0
 Summary: Local-first repo behavior map generator
 Author: Hypergumbo contributors
 License: AGPL-3.0-or-later
@@ -10,10 +10,10 @@ Classifier: License :: OSI Approved :: GNU Affero General Public License v3 or l
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3 :: Only
 Requires-Python: >=3.10
-Requires-Dist: hypergumbo-core==2.6.0
-Requires-Dist: hypergumbo-lang-common==2.6.0
-Requires-Dist: hypergumbo-lang-extended1==2.6.0
-Requires-Dist: hypergumbo-lang-mainstream==2.6.0
+Requires-Dist: hypergumbo-core==3.0.0
+Requires-Dist: hypergumbo-lang-common==3.0.0
+Requires-Dist: hypergumbo-lang-extended1==3.0.0
+Requires-Dist: hypergumbo-lang-mainstream==3.0.0
 Provides-Extra: dev
 Requires-Dist: bandit~=1.9.3; extra == 'dev'
 Requires-Dist: check-jsonschema~=0.36.1; extra == 'dev'
@@ -150,7 +150,7 @@ hypergumbo . -t 8000   # detailed with many symbols
 hypergumbo [path]              # Markdown sketch (default)
 hypergumbo run [path]          # Full JSON behavior map
 hypergumbo slice --entry X     # Subgraph from entry point
-hypergumbo io-boundaries       # Find all I/O (filesystem, network, subprocess, env)
+hypergumbo io-boundaries       # Find all I/O (filesystem, network, subprocess, env, IPC, browser storage)
 hypergumbo verify-claims ...   # Verify security claims against analysis
 hypergumbo routes [path]       # List HTTP routes
 hypergumbo search <query>      # Search symbols
@@ -168,6 +168,19 @@ hypergumbo . --no-progress     # hide progress indicator (on by default)
 hypergumbo --help --all        # comprehensive help for all commands
 ```
 
+### Project-local taint catalogs
+
+`verify-claims` ships with paranoid defaults auto-derived from the built-in IO primitive catalog. Projects can supply their own trust zones, sanitizers, and label maps:
+
+```bash
+hypergumbo verify-claims claims.yaml \
+    --taint-sources    myrepo/taint/sources.yaml \
+    --taint-sinks      myrepo/taint/sinks/ \
+    --taint-sanitizers myrepo/taint/sanitizers.yaml
+```
+
+Each flag accepts a YAML file or a directory (globbed as `*.yaml`), and is repeatable. The same paths can be declared inside the claims YAML under `extra_catalogs: {sources, sinks, sanitizers}` — relative paths resolve against the claims-file directory. User entries whose `(module, name, kind)` triple matches a built-in replace it; sanitizers concatenate.
+
 Results are automatically cached in `~/.cache/hypergumbo/`. Just run:
 ```bash
 hypergumbo .    # auto-runs analysis if no cache exists, then generates sketch
@@ -180,10 +193,10 @@ See `hypergumbo --help` for all options.
 ## What It Understands
 
 - **Language analyzers**: Python, JS/TS, Java, Rust, Go, C/C++, and [many more](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LANGUAGES.md)
-- **Cross-language linkers**: JNI, HTTP, WebSocket, gRPC, GraphQL, message queues ([full list](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md))
+- **Linkers**: Tier 2 edge-recovery passes across four subcategories — Protocol (HTTP, WebSocket, message queues, SQL), Bridge (JNI, wasm_bindgen, Tauri IPC, language-pair FFI), Framework (gRPC, GraphQL, React components, DI resolution, ORM), Infrastructure (containment, inheritance, module imports). [Full catalogue](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md).
 - **Framework patterns**: FastAPI, Django, Rails, Spring Boot, Phoenix, Express, and [many more](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/FRAMEWORKS.md)
-- **I/O boundary detection**: Maps every call chain that reaches the filesystem, network, subprocesses, or environment — across FFI boundaries
-- **Taint-flow analysis**: Traces data from sensitive sources (crypto keys, plaintext) to sinks (filesystem, network), with sanitizer awareness
+- **I/O boundary detection**: Maps every call chain that reaches the filesystem, network, subprocess, environment, IPC, or browser-local storage — across FFI boundaries
+- **Taint-flow analysis**: Traces data from sensitive sources (environment variables, received network input, crypto outputs, key material) to sinks in six trust zones (`host_fs`, `network`, `host_env`, `ipc`, `browser_storage`, `relay`), with sanitizer awareness
 - **Supply chain tiers**: Classifies code as first-party, internal, external, or derived for dependency-aware analysis
 
 ## How It Works
@@ -204,7 +217,7 @@ All analyzers produce the same IR types:
 - **Edge**: A relationship between symbols (calls, imports, extends, implements)
 - **Span**: Source location (file, line, column)
 
-This uniform IR is what allows all language analyzers and cross-language linkers to work together coherently.
+This uniform IR is what allows all language analyzers and linkers (Protocol / Bridge / Framework / Infrastructure — see [ADR-0003-ext](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/adr/0003-linker-subcategory-restoration.md)) to work together coherently.
 
 ## Architecture
 
@@ -216,7 +229,7 @@ packages/
 │       ├── ir.py              # Symbol, Edge, Span
 │       ├── sketch.py          # Token-budgeted Markdown
 │       ├── slice.py           # Subgraph extraction
-│       ├── linkers/           # Cross-language linkers
+│       ├── linkers/           # Tier 2 edge-recovery passes (Protocol/Bridge/Framework/Infrastructure)
 │       └── frameworks/        # Framework detection (YAML patterns)
 ├── hypergumbo-lang-mainstream/  # Python, JS, Java, Go, Rust, etc.
 ├── hypergumbo-lang-common/      # Haskell, Elixir, GraphQL, etc.
@@ -251,11 +264,12 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for PR workflow (including fork-based wor
 - [docs/USE-CASES.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/USE-CASES.md) — Practical workflows and examples
 - [CHANGELOG.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/CHANGELOG.md) — Implementation history
 - [docs/LANGUAGES.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LANGUAGES.md) — Supported languages
-- [docs/LINKERS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md) — Cross-language linkers
+- [docs/LINKERS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md) — Linkers catalogue (Protocol / Bridge / Framework / Infrastructure)
 - [docs/FRAMEWORKS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/FRAMEWORKS.md) — Framework patterns
 - [docs/hypergumbo-spec.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/hypergumbo-spec.md) — Detailed specification
 - [docs/CITATIONS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/CITATIONS.md) — Paper citations for embedding models
 - [docs/CACHE.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/CACHE.md) — Caching architecture
+- [docs/agent-supervisor.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/agent-supervisor.md) — Operator guide for `scripts/agent-supervisor` (the tmux-session watchdog for autonomous agents)
 - [SECURITY.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/SECURITY.md) — Vulnerability reporting
 - [hypergumbo-tracker README](packages/hypergumbo-tracker/README.md) — Standalone tracker for AI agent governance
 

{hypergumbo-2.6.0 → hypergumbo-3.0.0}/README.md

@@ -120,7 +120,7 @@ hypergumbo . -t 8000   # detailed with many symbols
 hypergumbo [path]              # Markdown sketch (default)
 hypergumbo run [path]          # Full JSON behavior map
 hypergumbo slice --entry X     # Subgraph from entry point
-hypergumbo io-boundaries       # Find all I/O (filesystem, network, subprocess, env)
+hypergumbo io-boundaries       # Find all I/O (filesystem, network, subprocess, env, IPC, browser storage)
 hypergumbo verify-claims ...   # Verify security claims against analysis
 hypergumbo routes [path]       # List HTTP routes
 hypergumbo search <query>      # Search symbols
@@ -138,6 +138,19 @@ hypergumbo . --no-progress     # hide progress indicator (on by default)
 hypergumbo --help --all        # comprehensive help for all commands
 ```
 
+### Project-local taint catalogs
+
+`verify-claims` ships with paranoid defaults auto-derived from the built-in IO primitive catalog. Projects can supply their own trust zones, sanitizers, and label maps:
+
+```bash
+hypergumbo verify-claims claims.yaml \
+    --taint-sources    myrepo/taint/sources.yaml \
+    --taint-sinks      myrepo/taint/sinks/ \
+    --taint-sanitizers myrepo/taint/sanitizers.yaml
+```
+
+Each flag accepts a YAML file or a directory (globbed as `*.yaml`), and is repeatable. The same paths can be declared inside the claims YAML under `extra_catalogs: {sources, sinks, sanitizers}` — relative paths resolve against the claims-file directory. User entries whose `(module, name, kind)` triple matches a built-in replace it; sanitizers concatenate.
+
 Results are automatically cached in `~/.cache/hypergumbo/`. Just run:
 ```bash
 hypergumbo .    # auto-runs analysis if no cache exists, then generates sketch
@@ -150,10 +163,10 @@ See `hypergumbo --help` for all options.
 ## What It Understands
 
 - **Language analyzers**: Python, JS/TS, Java, Rust, Go, C/C++, and [many more](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LANGUAGES.md)
-- **Cross-language linkers**: JNI, HTTP, WebSocket, gRPC, GraphQL, message queues ([full list](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md))
+- **Linkers**: Tier 2 edge-recovery passes across four subcategories — Protocol (HTTP, WebSocket, message queues, SQL), Bridge (JNI, wasm_bindgen, Tauri IPC, language-pair FFI), Framework (gRPC, GraphQL, React components, DI resolution, ORM), Infrastructure (containment, inheritance, module imports). [Full catalogue](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md).
 - **Framework patterns**: FastAPI, Django, Rails, Spring Boot, Phoenix, Express, and [many more](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/FRAMEWORKS.md)
-- **I/O boundary detection**: Maps every call chain that reaches the filesystem, network, subprocesses, or environment — across FFI boundaries
-- **Taint-flow analysis**: Traces data from sensitive sources (crypto keys, plaintext) to sinks (filesystem, network), with sanitizer awareness
+- **I/O boundary detection**: Maps every call chain that reaches the filesystem, network, subprocess, environment, IPC, or browser-local storage — across FFI boundaries
+- **Taint-flow analysis**: Traces data from sensitive sources (environment variables, received network input, crypto outputs, key material) to sinks in six trust zones (`host_fs`, `network`, `host_env`, `ipc`, `browser_storage`, `relay`), with sanitizer awareness
 - **Supply chain tiers**: Classifies code as first-party, internal, external, or derived for dependency-aware analysis
 
 ## How It Works
@@ -174,7 +187,7 @@ All analyzers produce the same IR types:
 - **Edge**: A relationship between symbols (calls, imports, extends, implements)
 - **Span**: Source location (file, line, column)
 
-This uniform IR is what allows all language analyzers and cross-language linkers to work together coherently.
+This uniform IR is what allows all language analyzers and linkers (Protocol / Bridge / Framework / Infrastructure — see [ADR-0003-ext](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/adr/0003-linker-subcategory-restoration.md)) to work together coherently.
 
 ## Architecture
 
@@ -186,7 +199,7 @@ packages/
 │       ├── ir.py              # Symbol, Edge, Span
 │       ├── sketch.py          # Token-budgeted Markdown
 │       ├── slice.py           # Subgraph extraction
-│       ├── linkers/           # Cross-language linkers
+│       ├── linkers/           # Tier 2 edge-recovery passes (Protocol/Bridge/Framework/Infrastructure)
 │       └── frameworks/        # Framework detection (YAML patterns)
 ├── hypergumbo-lang-mainstream/  # Python, JS, Java, Go, Rust, etc.
 ├── hypergumbo-lang-common/      # Haskell, Elixir, GraphQL, etc.
@@ -221,11 +234,12 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for PR workflow (including fork-based wor
 - [docs/USE-CASES.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/USE-CASES.md) — Practical workflows and examples
 - [CHANGELOG.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/CHANGELOG.md) — Implementation history
 - [docs/LANGUAGES.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LANGUAGES.md) — Supported languages
-- [docs/LINKERS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md) — Cross-language linkers
+- [docs/LINKERS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/LINKERS.md) — Linkers catalogue (Protocol / Bridge / Framework / Infrastructure)
 - [docs/FRAMEWORKS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/FRAMEWORKS.md) — Framework patterns
 - [docs/hypergumbo-spec.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/hypergumbo-spec.md) — Detailed specification
 - [docs/CITATIONS.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/CITATIONS.md) — Paper citations for embedding models
 - [docs/CACHE.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/CACHE.md) — Caching architecture
+- [docs/agent-supervisor.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/docs/agent-supervisor.md) — Operator guide for `scripts/agent-supervisor` (the tmux-session watchdog for autonomous agents)
 - [SECURITY.md](https://codeberg.org/iterabloom/hypergumbo/src/branch/dev/SECURITY.md) — Vulnerability reporting
 - [hypergumbo-tracker README](packages/hypergumbo-tracker/README.md) — Standalone tracker for AI agent governance
 

{hypergumbo-2.6.0 → hypergumbo-3.0.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "hypergumbo"
-version = "2.6.0"
+version = "3.0.0"
 description = "Local-first repo behavior map generator"
 readme = "README.md"
 requires-python = ">=3.10"
@@ -19,10 +19,10 @@ classifiers = [
 ]
 dependencies = [
   # Meta-package that pulls in all hypergumbo components
-  "hypergumbo-core==2.6.0",
-  "hypergumbo-lang-mainstream==2.6.0",
-  "hypergumbo-lang-common==2.6.0",
-  "hypergumbo-lang-extended1==2.6.0",
+  "hypergumbo-core==3.0.0",
+  "hypergumbo-lang-mainstream==3.0.0",
+  "hypergumbo-lang-common==3.0.0",
+  "hypergumbo-lang-extended1==3.0.0",
 ]
 
 [project.optional-dependencies]