sourcecode 1.10.0__tar.gz → 1.12.0__tar.gz

{sourcecode-1.10.0 → sourcecode-1.12.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sourcecode
-Version: 1.10.0
+Version: 1.12.0
 Summary: Deterministic codebase context for AI coding agents
 License:                                  Apache License
                                    Version 2.0, January 2004
@@ -254,48 +254,45 @@ sourcecode version
 
 ## Quickstart
 
-The most useful command for integrating `sourcecode` into an AI agent:
+The primary command — a high-signal, low-noise summary for Java/Spring codebases:
 
 ```bash
-sourcecode --agent
+sourcecode --compact
+# ~600-800 tokens: stack, entry points, dependencies, risk flags, confidence.
+
+sourcecode --compact --git-context
+# Adds git hotspots and uncommitted file count.
+
+sourcecode --compact --copy
+# Copies the result to clipboard.
 ```
 
-It produces a structured JSON with the essential sections (no noise, no file tree), ready to paste into an LLM context:
+Example output for a Spring Boot project:
 
 ```json
 {
-  "project": {
-    "type": "fullstack",
-    "summary": "Full-stack project in Nodejs, mvc, 4075 source files. Domains: atlas-client, atlas-server, atlas-hub, atlas-reports. 3300 dependencies (java, nodejs).",
-    "primary_stack": "nodejs",
-    "secondary_stacks": ["java"]
+  "project_type": "api",
+  "stacks": [{ "stack": "java", "frameworks": ["Spring Boot", "MyBatis"] }],
+  "entry_points": {
+    "bootstrap": ["src/main/java/io/spring/RealWorldApplication.java"],
+    "security": ["src/main/java/io/spring/api/security/WebSecurityConfig.java"],
+    "controllers": { "count": 8, "sample": [...] }
   },
-  "entry_points": [
-    {
-      "path": "atlas-server/src/main/java/com/example/atlas/AtlasServerApplication.java",
-      "stack": "java",
-      "kind": "application",
-      "confidence": "high"
-    },
-    {
-      "path": "atlas-client/src/main.ts",
-      "stack": "nodejs",
-      "kind": "entrypoint",
-      "confidence": "high"
-    }
+  "key_dependencies": [
+    { "name": "org.mybatis.spring.boot:mybatis-spring-boot-starter",
+      "version": "2.2.2", "risk_flags": ["spring-boot-2.x-eol"] }
   ],
-  "runtime_packages": [ ... ],
-  "dependencies": { ... },
-  "env_map": { ... },
-  "code_notes": [ ... ]
+  "language_version": "11",
+  "deployment": { "spring_boot_version": "2.6.3" },
+  "mybatis": { "mapper_interfaces": 4, "xml_files": 4 },
+  "confidence_summary": { "overall": "high" }
 }
 ```
 
-For large repositories where context matters, use `--compact` to reduce to ~600-800 tokens:
+For full structured output with per-file contracts and signals, use `--agent`:
 
 ```bash
-sourcecode --compact --copy
-# Copies the summary to the clipboard. Ready to paste.
+sourcecode --agent
 ```
 
 ---
@@ -304,41 +301,18 @@ sourcecode --compact --copy
 
 ### Global options
 
-| Flag | Alias | Type | Default | Description | Status |
-|------|-------|------|---------|-------------|--------|
-| `--format` | `-f` | `json\|yaml` | `json` | Output format. YAML is more readable, JSON preferred in pipelines. | ✅ CORE |
-| `--output` | `-o` | `PATH` | stdout | Writes output to a file instead of stdout. | ✅ CORE |
-| `--compact` | | flag | off | ~600-800 token output: stacks, entry points, deps, gaps. No file tree. | ✅ CORE |
-| `--agent` | | flag | off | JSON optimized for agents. Automatically enables `--dependencies`, `--env-map`, `--code-notes`. | ✅ CORE |
-| `--dependencies` | | flag | off | Analyzes direct and transitive deps from manifests and lockfiles. | ✅ CORE |
-| `--git-context` | `-g` | flag | off | Includes recent commits, change hotspots, uncommitted changes, contributors. | ✅ CORE |
-| `--git-depth` | | `INT [1–100]` | `20` | Number of recent commits with `--git-context`. | ✅ CORE |
-| `--git-days` | | `INT [1–3650]` | `90` | Window in days to detect hotspots with `--git-context`. | ✅ CORE |
-| `--env-map` | | flag | off | Maps environment variables: key, type, category, files that reference them. | ✅ CORE |
-| `--code-notes` | | flag | off | Extracts inline annotations: TODO, FIXME, HACK, BUG, DEPRECATED, NOTE, etc. | ✅ CORE |
-| `--copy` | `-c` | flag | off | Copies output to the clipboard after successful execution. | ✅ CORE |
-| `--depth` | | `INT [1–20]` | `4` | Maximum file tree traversal depth. Java/Maven requires ≥8. | ✅ CORE |
-| `--mode` | | `contract\|standard\|raw` | `contract` | `contract`: minimal contracts per file. `standard`: full detail. `raw`: project level only. | ✅ CORE |
-| `--tree` | | flag | off | Includes full `file_tree` and `file_paths` in the output. Increases size significantly. | ✅ CORE |
-| `--changed-only` | | flag | off | Contract mode: only files modified in git (staged, unstaged, untracked). | ✅ CORE |
-| `--rank-by` | | `relevance\|centrality\|git-churn` | `relevance` | File ranking strategy in contract mode. | ✅ CORE |
-| `--semantics` | | flag | off | Cross-file symbol resolution, call graph with confidence levels, fan-in/fan-out hotspots. Slower. | 🧪 EXP |
-| `--architecture` | | flag | off | Architectural layer inference (MVC/hexagonal/bounded contexts). Low confidence without `--semantics`. | 🧪 EXP |
-| `--graph-modules` | | flag | off | Structural module graph: nodes (files/symbols) and edges (imports, calls, contains). | 🧪 EXP |
-| `--graph-detail` | | `high\|medium\|full` | `high` | Module graph detail level. | 🧪 EXP |
-| `--max-nodes` | | `INT [≥1]` | — | Maximum nodes in `--graph-modules`. Prevents huge graphs in large repos. | 🧪 EXP |
-| `--graph-edges` | | `TEXT` | all | Edge types for `--graph-modules`, comma-separated: `imports,calls,contains`. | 🧪 EXP |
-| `--docs` | | flag | off | Extracts docstrings, function signatures, and module comments. | 🧪 EXP |
-| `--docs-depth` | | `module\|symbols\|full` | `symbols` | Docs extraction depth. `full` includes private symbols. | 🧪 EXP |
-| `--symbol` | | `TEXT` | — | Contract mode: localized context for a specific symbol. Python, TS, JS only. **Does not support Java.** | 🧪 EXP |
-| `--max-importers` | | `INT [1–10000]` | `50` | Limit on importer files returned by `--symbol`. | 🧪 EXP |
-| `--full-metrics` | | flag | off | Per-file technical metrics: LOC, cyclomatic complexity, coverage. Aimed at CI, not at agents. | 🧪 EXP |
-| `--emit-graph` | | flag | off | Contract mode: includes a compact dependency graph (nodes + edges) in the output. | 🚧 WIP |
-| `--entrypoints-only` | | flag | off | Contract mode: only files with exports or entry points. Note: includes *all* files with exports. | 🚧 WIP |
-| `--max-symbols` | | `INT [≥1]` | — | Limits total exported symbols in contract mode. Discards lower-ranked files. | 🚧 WIP |
-| `--no-redact` | | flag | off | Disables automatic secret redaction. Output may contain sensitive values. | 🚧 WIP |
-| `--trace-pipeline` | | flag | off | Diagnostic mode: includes a trace of each candidate and filtering decision. Debugging only. | 🚧 WIP |
-| `--version` | `-v` | flag | — | Shows version and exits. | ✅ CORE |
+| Flag | Alias | Type | Default | Description |
+|------|-------|------|---------|-------------|
+| `--compact` | | flag | off | **Recommended.** ~600-800 token summary: stack, entry points, deps, risk flags, confidence. |
+| `--git-context` | `-g` | flag | off | Adds git hotspots (top changed files), branch, uncommitted file count. Use with `--compact`. |
+| `--agent` | | flag | off | Full structured JSON for AI agents. Auto-enables dependency, env-var, and code-notes analysis. |
+| `--changed-only` | | flag | off | Limit output to git-modified files (staged, unstaged, untracked). |
+| `--depth` | | `INT [1–20]` | `4` | File tree traversal depth. Java projects auto-adjust to 12. |
+| `--format` | `-f` | `json\|yaml` | `json` | Output format. JSON preferred in pipelines. |
+| `--output` | `-o` | `PATH` | stdout | Write output to a file instead of stdout. |
+| `--copy` | `-c` | flag | off | Copy output to clipboard after a successful run. |
+| `--no-redact` | | flag | off | Disable automatic secret redaction. Output may contain sensitive values. |
+| `--version` | `-v` | flag | — | Show version and exit. |
 
 ---
 
@@ -357,5 +331,3 @@ Generates task-specific context for AI agents.
 | `refactor` | Structural problems, improvement opportunities | 🧪 EXP |
 | `generate-tests` | Files without tests, coverage gap analysis | 🧪 EXP |
 | `review-pr` | Changed files + architectural impact | 🧪 EXP |
-
-...

sourcecode-1.12.0/README.md

@@ -0,0 +1,114 @@
+# sourcecode
+
+**Deterministic codebase context for AI coding agents.**
+
+![Version](https://img.shields.io/badge/version-1.0.0-blue)
+![Status](https://img.shields.io/badge/status-MVP-orange)
+![Python](https://img.shields.io/badge/python-3.10%2B-green)
+
+---
+
+## What is it?
+
+`sourcecode` analyzes a repository and produces a structured context map (JSON or YAML) designed to be consumed by AI agents or language models. It solves the "stuff the whole repo into the prompt" problem by instead producing a deterministic extract: entry points, dependencies, stacks, inline annotations, environment variables, and git activity. It is an MVP tool under active evolution — the semantic analysis and module graph features work but have known limitations that are explicitly documented below.
+
+---
+
+## Installation
+
+**Prerequisites:** Python 3.10+
+
+```bash
+pip install sourcecode
+# or with pipx for isolation:
+pipx install sourcecode
+```
+
+Verify installation:
+
+```bash
+sourcecode version
+# sourcecode 1.0.0
+```
+
+---
+
+## Quickstart
+
+The primary command — a high-signal, low-noise summary for Java/Spring codebases:
+
+```bash
+sourcecode --compact
+# ~600-800 tokens: stack, entry points, dependencies, risk flags, confidence.
+
+sourcecode --compact --git-context
+# Adds git hotspots and uncommitted file count.
+
+sourcecode --compact --copy
+# Copies the result to clipboard.
+```
+
+Example output for a Spring Boot project:
+
+```json
+{
+  "project_type": "api",
+  "stacks": [{ "stack": "java", "frameworks": ["Spring Boot", "MyBatis"] }],
+  "entry_points": {
+    "bootstrap": ["src/main/java/io/spring/RealWorldApplication.java"],
+    "security": ["src/main/java/io/spring/api/security/WebSecurityConfig.java"],
+    "controllers": { "count": 8, "sample": [...] }
+  },
+  "key_dependencies": [
+    { "name": "org.mybatis.spring.boot:mybatis-spring-boot-starter",
+      "version": "2.2.2", "risk_flags": ["spring-boot-2.x-eol"] }
+  ],
+  "language_version": "11",
+  "deployment": { "spring_boot_version": "2.6.3" },
+  "mybatis": { "mapper_interfaces": 4, "xml_files": 4 },
+  "confidence_summary": { "overall": "high" }
+}
+```
+
+For full structured output with per-file contracts and signals, use `--agent`:
+
+```bash
+sourcecode --agent
+```
+
+---
+
+## Flags reference
+
+### Global options
+
+| Flag | Alias | Type | Default | Description |
+|------|-------|------|---------|-------------|
+| `--compact` | | flag | off | **Recommended.** ~600-800 token summary: stack, entry points, deps, risk flags, confidence. |
+| `--git-context` | `-g` | flag | off | Adds git hotspots (top changed files), branch, uncommitted file count. Use with `--compact`. |
+| `--agent` | | flag | off | Full structured JSON for AI agents. Auto-enables dependency, env-var, and code-notes analysis. |
+| `--changed-only` | | flag | off | Limit output to git-modified files (staged, unstaged, untracked). |
+| `--depth` | | `INT [1–20]` | `4` | File tree traversal depth. Java projects auto-adjust to 12. |
+| `--format` | `-f` | `json\|yaml` | `json` | Output format. JSON preferred in pipelines. |
+| `--output` | `-o` | `PATH` | stdout | Write output to a file instead of stdout. |
+| `--copy` | `-c` | flag | off | Copy output to clipboard after a successful run. |
+| `--no-redact` | | flag | off | Disable automatic secret redaction. Output may contain sensitive values. |
+| `--version` | `-v` | flag | — | Show version and exit. |
+
+---
+
+## Subcommands
+
+### `prepare-context TASK [PATH]`
+
+Generates task-specific context for AI agents.
+
+| Task | Description | Status |
+|------|-------------|--------|
+| `explain` | Architecture, entry points, key dependencies | ✅ CORE |
+| `fix-bug` | Files prioritized by risk, inline annotations | ✅ CORE |
+| `onboard` | Full context for new agents or developers | ✅ CORE |
+| `delta` | Incremental context: only files changed in git | ✅ CORE |
+| `refactor` | Structural problems, improvement opportunities | 🧪 EXP |
+| `generate-tests` | Files without tests, coverage gap analysis | 🧪 EXP |
+| `review-pr` | Changed files + architectural impact | 🧪 EXP |

{sourcecode-1.10.0 → sourcecode-1.12.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "sourcecode"
-version = "1.10.0"
+version = "1.12.0"
 description = "Deterministic codebase context for AI coding agents"
 readme = "README.md"
 requires-python = ">=3.9"

{sourcecode-1.10.0 → sourcecode-1.12.0}/src/sourcecode/__init__.py

@@ -1,3 +1,3 @@
 """sourcecode — Deterministic codebase context maps for AI coding agents."""
 
-__version__ = "1.10.0"
+__version__ = "1.12.0"

{sourcecode-1.10.0 → sourcecode-1.12.0}/src/sourcecode/cli.py

@@ -141,10 +141,14 @@ def _check_pipeline_coherence(sm: "SourceMap") -> list[str]:  # type: ignore[nam
 _HELP = """\
 Compressed AI-ready context for Java/Spring enterprise codebases.
 
+[bold]Primary usage:[/bold]
+  sourcecode --compact                  high-signal summary (~600-800 tokens)
+  sourcecode --compact --git-context    include git hotspots and uncommitted files
+
 [bold]Examples:[/bold]
   sourcecode saint-server --compact
+  sourcecode . --compact --git-context --copy
   sourcecode . --changed-only --git-context
-  sourcecode saint-server --symbol SeguridadRestController
   sourcecode prepare-context onboard saint-server
   sourcecode prepare-context delta . --since main
 
@@ -565,7 +569,8 @@ def main(
     symbol: Optional[str] = typer.Option(
         None,
         "--symbol",
-        help="Extract context for a specific symbol: defining file + all importers.",
+        hidden=True,
+        help="Extract context for a specific symbol (Python/TS/JS only — not supported for Java).",
     ),
     max_importers: int = typer.Option(
         50,
@@ -586,10 +591,10 @@ def main(
 
     \b
     Examples:
-      sourcecode                        analyze current directory
-      sourcecode /path/to/repo          analyze specific path
-      sourcecode --agent                agent-optimized output
-      sourcecode --agent --git-context  include git activity signals
+      sourcecode --compact              high-signal summary (recommended)
+      sourcecode --compact --git-context  include git hotspots
+      sourcecode /path/to/repo --compact  analyze specific path
+      sourcecode --agent                agent-optimized output (full detail)
     """
     # First-run consent (skip for telemetry/version/config subcommands)
     if ctx.invoked_subcommand not in ("telemetry", "version", "config"):
@@ -629,6 +634,10 @@ def main(
         )
         raise typer.Exit(code=1)
 
+    if symbol is not None and not symbol.strip():
+        typer.echo("symbol query cannot be empty", err=True)
+        raise typer.Exit(code=2)
+
     if symbol and mode not in ("contract", "standard"):
         typer.echo(
             f"Error: --symbol requires --mode contract or standard (got '{mode}'). "
@@ -760,6 +769,16 @@ def main(
     _java_min_depth = 12
     effective_depth = max(depth, _java_min_depth) if _is_java and depth < _java_min_depth else depth
 
+    if symbol is not None and _is_java:
+        typer.echo(
+            f"Error: --symbol is not supported for Java/JVM repositories. "
+            "Per-file AST extraction is unavailable for JVM — symbol search only works with Python, TypeScript, and JavaScript. "
+            "Alternatives: use --agent --compact to get file relevance scores, "
+            "or use --git-context to find recently changed files.",
+            err=True,
+        )
+        raise typer.Exit(code=1)
+
     # --agent: enable signal analyzers; output via agent_view (not compact)
     if agent:
         dependencies = True
@@ -1485,7 +1504,9 @@ def main(
         if _is_contract_mode and sm.file_contracts:
             from sourcecode.serializer import _serialize_contract_minimal
             data.pop("file_relevance", None)
-            _MAX_AGENT_CONTRACTS = 10
+            _jvm_stacks_agent = {"java", "kotlin", "scala", "groovy"}
+            _is_jvm_agent = any(s.stack in _jvm_stacks_agent for s in sm.stacks)
+            _MAX_AGENT_CONTRACTS = 50 if _is_jvm_agent else 10
             _all_contracts = sm.file_contracts
             _sorted = sorted(_all_contracts, key=lambda c: getattr(c, "relevance_score", 0.0), reverse=True)
             _sampled = _sorted[:_MAX_AGENT_CONTRACTS]

{sourcecode-1.10.0 → sourcecode-1.12.0}/src/sourcecode/detectors/java.py

@@ -41,6 +41,34 @@ _M3_FILTRO_PARAMS_RE = re.compile(
     r'(?:[^)]*nivelRequerido\s*=\s*(\d+))?'
 )
 
+# Security config detection
+_WEB_SECURITY_CONFIGURER_RE = re.compile(r'WebSecurityConfigurerAdapter\b')
+_SECURITY_FILTER_CHAIN_RE = re.compile(r'SecurityFilterChain\b')
+_SECURITY_CONFIG_ANNOTATION_RE = re.compile(r'@EnableWebSecurity\b')
+# JWT/token filter detection (files that process every request)
+_ONCE_PER_REQUEST_FILTER_RE = re.compile(r'extends\s+(?:OncePerRequestFilter|GenericFilterBean)\b')
+_JWT_FILTER_KEYWORDS_RE = re.compile(r'\b(?:jwt|token|bearer|authorization)\b', re.IGNORECASE)
+
+# @Transactional detection
+_TRANSACTIONAL_RE = re.compile(r'@Transactional\b')
+# Extracts class name: `public class Foo` or `class Foo`
+_CLASS_NAME_RE = re.compile(r'\bclass\s+([A-Z][A-Za-z0-9_]*)')
+
+# Gradle plugin Spring Boot version: id 'org.springframework.boot' version '2.6.3'
+_GRADLE_SB_PLUGIN_RE = re.compile(
+    r"""id\s*['"]\s*org\.springframework\.boot\s*['"]\s+version\s*['"]([\d.]+)['"']""",
+    re.IGNORECASE,
+)
+# Gradle Java version: sourceCompatibility = '11' or sourceCompatibility = JavaVersion.VERSION_11
+_GRADLE_JAVA_VERSION_RE = re.compile(
+    r"""(?:sourceCompatibility|targetCompatibility|javaVersion)\s*=\s*['"]?([0-9.]+)['"]?""",
+    re.IGNORECASE,
+)
+# JavaVersion.VERSION_11 form
+_GRADLE_JAVA_ENUM_RE = re.compile(
+    r"""(?:sourceCompatibility|targetCompatibility)\s*=\s*JavaVersion\.VERSION_(\d+)"""
+)
+
 
 class JavaDetector(AbstractDetector):
     name = "java"
@@ -69,6 +97,12 @@ class JavaDetector(AbstractDetector):
         if "build.gradle" in context.manifests:
             manifests.append("build.gradle")
             frameworks.extend(self._frameworks_from_gradle(context.root / "build.gradle"))
+            if language_version is None:
+                try:
+                    gradle_content = "\n".join(read_text_lines(context.root / "build.gradle"))
+                    language_version = self._extract_gradle_java_version(gradle_content)
+                except OSError:
+                    pass
 
         # Detect app server from descriptor files
         all_paths = flatten_file_tree(context.file_tree)
@@ -81,6 +115,7 @@ class JavaDetector(AbstractDetector):
         spring_profiles = self._detect_spring_profiles(context.root, all_paths)
 
         entry_points = self._collect_entry_points(context)
+        transactional_classes = self._collect_transactional_classes(context, all_paths)
         stack = StackDetection(
             stack="java",
             detection_method="manifest",
@@ -91,6 +126,7 @@ class JavaDetector(AbstractDetector):
             packaging=packaging,
             app_server_hint=app_server_hint,
             spring_profiles=spring_profiles,
+            transactional_classes=transactional_classes,
         )
         return [stack], entry_points
 
@@ -196,8 +232,24 @@ class JavaDetector(AbstractDetector):
         return frameworks
 
     def _frameworks_from_gradle(self, path: Path) -> list[FrameworkDetection]:
-        content = "\n".join(read_text_lines(path)).lower()
-        return self._detect_jvm_frameworks(content, "build.gradle")
+        original = "\n".join(read_text_lines(path))
+        content = original.lower()
+        sb_version = self._extract_gradle_sb_version(original)
+        return self._detect_jvm_frameworks(content, "build.gradle", sb_version=sb_version)
+
+    def _extract_gradle_sb_version(self, content: str) -> str | None:
+        m = _GRADLE_SB_PLUGIN_RE.search(content)
+        return m.group(1) if m else None
+
+    def _extract_gradle_java_version(self, content: str) -> str | None:
+        m = _GRADLE_JAVA_ENUM_RE.search(content)
+        if m:
+            v = m.group(1)
+            return "1." + v if int(v) <= 8 else v
+        m = _GRADLE_JAVA_VERSION_RE.search(content)
+        if m:
+            return m.group(1)
+        return None
 
     def _detect_jvm_frameworks(self, text: str, source: str, *, sb_version: str | None = None) -> list[FrameworkDetection]:
         frameworks: list[FrameworkDetection] = []
@@ -319,7 +371,11 @@ class JavaDetector(AbstractDetector):
             return []
 
         # Quick pre-filter before running regexes
-        if ("Controller" not in content and "Filter" not in content
+        has_controller = "Controller" in content
+        has_filter = "Filter" in content
+        has_security = "WebSecurityConfigurerAdapter" in content or "SecurityFilterChain" in content or "EnableWebSecurity" in content
+        has_once_filter = "OncePerRequestFilter" in content or "GenericFilterBean" in content
+        if (not has_controller and not has_filter and not has_security
                 and "ControllerAdvice" not in content
                 and "M3FiltroSeguridad" not in content):
             return []
@@ -379,6 +435,23 @@ class JavaDetector(AbstractDetector):
                 path=rel_path, stack="java", kind="filter",
                 source="annotation", confidence="medium",
             )]
+        if has_security and (
+            _WEB_SECURITY_CONFIGURER_RE.search(content)
+            or _SECURITY_CONFIG_ANNOTATION_RE.search(content)
+            or _SECURITY_FILTER_CHAIN_RE.search(content)
+        ):
+            return [EntryPoint(
+                path=rel_path, stack="java", kind="security_config",
+                source="annotation", confidence="high",
+                evidence="Spring Security configuration",
+            )]
+        if has_once_filter and _ONCE_PER_REQUEST_FILTER_RE.search(content):
+            is_jwt = bool(_JWT_FILTER_KEYWORDS_RE.search(content))
+            return [EntryPoint(
+                path=rel_path, stack="java", kind="security_filter",
+                source="annotation", confidence="high",
+                evidence="jwt_filter" if is_jwt else "request_filter",
+            )]
         return []
 
     def _parse_web_xml(self, abs_path: Path, rel_path: str) -> list[EntryPoint]:
@@ -412,3 +485,26 @@ class JavaDetector(AbstractDetector):
                 seen.add(framework.name)
                 result.append(framework)
         return result
+
+    def _collect_transactional_classes(self, context: DetectionContext, all_paths: list[str]) -> list[str]:
+        """Scan Java source files for @Transactional and return unique class names."""
+        classes: list[str] = []
+        seen: set[str] = set()
+        java_paths = [p for p in all_paths if p.endswith(".java") and "/test/" not in p and "/tests/" not in p]
+        for rel_path in java_paths[:_MAX_JAVA_ENTRY_SCAN]:
+            abs_path = context.root / rel_path
+            try:
+                if abs_path.stat().st_size > _MAX_FILE_SIZE:
+                    continue
+                content = abs_path.read_text(encoding="utf-8", errors="replace")
+            except OSError:
+                continue
+            if not _TRANSACTIONAL_RE.search(content):
+                continue
+            m = _CLASS_NAME_RE.search(content)
+            if m:
+                cls = m.group(1)
+                if cls not in seen:
+                    seen.add(cls)
+                    classes.append(cls)
+        return classes

{sourcecode-1.10.0 → sourcecode-1.12.0}/src/sourcecode/detectors/project.py

@@ -121,6 +121,7 @@ class ProjectDetector:
             packaging=stack.packaging,
             app_server_hint=stack.app_server_hint,
             spring_profiles=list(stack.spring_profiles),
+            transactional_classes=list(stack.transactional_classes),
         )
 
     def _merge_stack(self, current: StackDetection, incoming: StackDetection) -> StackDetection:
@@ -144,6 +145,8 @@ class ProjectDetector:
             current.app_server_hint = incoming.app_server_hint
         if incoming.spring_profiles and not current.spring_profiles:
             current.spring_profiles = list(incoming.spring_profiles)
+        if incoming.transactional_classes and not current.transactional_classes:
+            current.transactional_classes = list(incoming.transactional_classes)
         return current
 
     def _merge_frameworks(

{sourcecode-1.10.0 → sourcecode-1.12.0}/src/sourcecode/prepare_context.py

@@ -563,6 +563,25 @@ class TaskContextBuilder:
         except Exception:
             pass
 
+        # ── 5c. review-pr suspected_areas (needs git uncommitted_files) ──────
+        if task_name == "review-pr" and spec.enable_code_notes:
+            pr_areas: dict[str, int] = {}
+            for path in uncommitted_files:
+                pr_areas[path] = pr_areas.get(path, 0) + 10
+            review_kinds = {"FIXME", "TODO", "BUG", "HACK"}
+            for note in cn_notes_for_ranking:
+                if note.kind in review_kinds:
+                    pr_areas[note.path] = pr_areas.get(note.path, 0) + 1
+            _BOOST_STEMS = ("Controller", "Service", "Repository", "Mapper", "Filter", "Security")
+            for path in all_paths:
+                stem = Path(path).stem
+                if any(k in stem for k in _BOOST_STEMS):
+                    pr_areas[path] = pr_areas.get(path, 0) + 2
+            suspected_areas = [
+                p for p, _ in sorted(pr_areas.items(), key=lambda x: -x[1])[:8]
+                if not self._is_test(p)
+            ]
+
         # ── 6. Rank files ──────────────────────────────────────────────────
         entry_set = {ep.path for ep in entry_points}
         test_set = {p for p in all_paths if self._is_test(p)}

{sourcecode-1.10.0 → sourcecode-1.12.0}/src/sourcecode/schema.py

@@ -68,6 +68,7 @@ class StackDetection:
     packaging: Optional[str] = None          # e.g. "war" | "jar"
     app_server_hint: Optional[str] = None    # e.g. "weblogic" | "wildfly"
     spring_profiles: list[str] = field(default_factory=list)  # detected Spring profiles
+    transactional_classes: list[str] = field(default_factory=list)  # classes with @Transactional
 
 
 @dataclass