sourcecode 1.11.0__tar.gz → 1.13.0__tar.gz

{sourcecode-1.11.0 → sourcecode-1.13.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sourcecode
-Version: 1.11.0
+Version: 1.13.0
 Summary: Deterministic codebase context for AI coding agents
 License:                                  Apache License
                                    Version 2.0, January 2004
@@ -254,48 +254,45 @@ sourcecode version
 
 ## Quickstart
 
-The most useful command for integrating `sourcecode` into an AI agent:
+The primary command — a high-signal, low-noise summary for Java/Spring codebases:
 
 ```bash
-sourcecode --agent
+sourcecode --compact
+# ~600-800 tokens: stack, entry points, dependencies, risk flags, confidence.
+
+sourcecode --compact --git-context
+# Adds git hotspots and uncommitted file count.
+
+sourcecode --compact --copy
+# Copies the result to clipboard.
 ```
 
-It produces a structured JSON with the essential sections (no noise, no file tree), ready to paste into an LLM context:
+Example output for a Spring Boot project:
 
 ```json
 {
-  "project": {
-    "type": "fullstack",
-    "summary": "Full-stack project in Nodejs, mvc, 4075 source files. Domains: atlas-client, atlas-server, atlas-hub, atlas-reports. 3300 dependencies (java, nodejs).",
-    "primary_stack": "nodejs",
-    "secondary_stacks": ["java"]
+  "project_type": "api",
+  "stacks": [{ "stack": "java", "frameworks": ["Spring Boot", "MyBatis"] }],
+  "entry_points": {
+    "bootstrap": ["src/main/java/io/spring/RealWorldApplication.java"],
+    "security": ["src/main/java/io/spring/api/security/WebSecurityConfig.java"],
+    "controllers": { "count": 8, "sample": [...] }
   },
-  "entry_points": [
-    {
-      "path": "atlas-server/src/main/java/com/example/atlas/AtlasServerApplication.java",
-      "stack": "java",
-      "kind": "application",
-      "confidence": "high"
-    },
-    {
-      "path": "atlas-client/src/main.ts",
-      "stack": "nodejs",
-      "kind": "entrypoint",
-      "confidence": "high"
-    }
+  "key_dependencies": [
+    { "name": "org.mybatis.spring.boot:mybatis-spring-boot-starter",
+      "version": "2.2.2", "risk_flags": ["spring-boot-2.x-eol"] }
   ],
-  "runtime_packages": [ ... ],
-  "dependencies": { ... },
-  "env_map": { ... },
-  "code_notes": [ ... ]
+  "language_version": "11",
+  "deployment": { "spring_boot_version": "2.6.3" },
+  "mybatis": { "mapper_interfaces": 4, "xml_files": 4 },
+  "confidence_summary": { "overall": "high" }
 }
 ```
 
-For large repositories where context matters, use `--compact` to reduce to ~600-800 tokens:
+For full structured output with per-file contracts and signals, use `--agent`:
 
 ```bash
-sourcecode --compact --copy
-# Copies the summary to the clipboard. Ready to paste.
+sourcecode --agent
 ```
 
 ---
@@ -304,41 +301,18 @@ sourcecode --compact --copy
 
 ### Global options
 
-| Flag | Alias | Type | Default | Description | Status |
-|------|-------|------|---------|-------------|--------|
-| `--format` | `-f` | `json\|yaml` | `json` | Output format. YAML is more readable, JSON preferred in pipelines. | ✅ CORE |
-| `--output` | `-o` | `PATH` | stdout | Writes output to a file instead of stdout. | ✅ CORE |
-| `--compact` | | flag | off | ~600-800 token output: stacks, entry points, deps, gaps. No file tree. | ✅ CORE |
-| `--agent` | | flag | off | JSON optimized for agents. Automatically enables `--dependencies`, `--env-map`, `--code-notes`. | ✅ CORE |
-| `--dependencies` | | flag | off | Analyzes direct and transitive deps from manifests and lockfiles. | ✅ CORE |
-| `--git-context` | `-g` | flag | off | Includes recent commits, change hotspots, uncommitted changes, contributors. | ✅ CORE |
-| `--git-depth` | | `INT [1–100]` | `20` | Number of recent commits with `--git-context`. | ✅ CORE |
-| `--git-days` | | `INT [1–3650]` | `90` | Window in days to detect hotspots with `--git-context`. | ✅ CORE |
-| `--env-map` | | flag | off | Maps environment variables: key, type, category, files that reference them. | ✅ CORE |
-| `--code-notes` | | flag | off | Extracts inline annotations: TODO, FIXME, HACK, BUG, DEPRECATED, NOTE, etc. | ✅ CORE |
-| `--copy` | `-c` | flag | off | Copies output to the clipboard after successful execution. | ✅ CORE |
-| `--depth` | | `INT [1–20]` | `4` | Maximum file tree traversal depth. Java/Maven requires ≥8. | ✅ CORE |
-| `--mode` | | `contract\|standard\|raw` | `contract` | `contract`: minimal contracts per file. `standard`: full detail. `raw`: project level only. | ✅ CORE |
-| `--tree` | | flag | off | Includes full `file_tree` and `file_paths` in the output. Increases size significantly. | ✅ CORE |
-| `--changed-only` | | flag | off | Contract mode: only files modified in git (staged, unstaged, untracked). | ✅ CORE |
-| `--rank-by` | | `relevance\|centrality\|git-churn` | `relevance` | File ranking strategy in contract mode. | ✅ CORE |
-| `--semantics` | | flag | off | Cross-file symbol resolution, call graph with confidence levels, fan-in/fan-out hotspots. Slower. | 🧪 EXP |
-| `--architecture` | | flag | off | Architectural layer inference (MVC/hexagonal/bounded contexts). Low confidence without `--semantics`. | 🧪 EXP |
-| `--graph-modules` | | flag | off | Structural module graph: nodes (files/symbols) and edges (imports, calls, contains). | 🧪 EXP |
-| `--graph-detail` | | `high\|medium\|full` | `high` | Module graph detail level. | 🧪 EXP |
-| `--max-nodes` | | `INT [≥1]` | — | Maximum nodes in `--graph-modules`. Prevents huge graphs in large repos. | 🧪 EXP |
-| `--graph-edges` | | `TEXT` | all | Edge types for `--graph-modules`, comma-separated: `imports,calls,contains`. | 🧪 EXP |
-| `--docs` | | flag | off | Extracts docstrings, function signatures, and module comments. | 🧪 EXP |
-| `--docs-depth` | | `module\|symbols\|full` | `symbols` | Docs extraction depth. `full` includes private symbols. | 🧪 EXP |
-| `--symbol` | | `TEXT` | — | Contract mode: localized context for a specific symbol. Python, TS, JS only. **Does not support Java.** | 🧪 EXP |
-| `--max-importers` | | `INT [1–10000]` | `50` | Limit on importer files returned by `--symbol`. | 🧪 EXP |
-| `--full-metrics` | | flag | off | Per-file technical metrics: LOC, cyclomatic complexity, coverage. Aimed at CI, not at agents. | 🧪 EXP |
-| `--emit-graph` | | flag | off | Contract mode: includes a compact dependency graph (nodes + edges) in the output. | 🚧 WIP |
-| `--entrypoints-only` | | flag | off | Contract mode: only files with exports or entry points. Note: includes *all* files with exports. | 🚧 WIP |
-| `--max-symbols` | | `INT [≥1]` | — | Limits total exported symbols in contract mode. Discards lower-ranked files. | 🚧 WIP |
-| `--no-redact` | | flag | off | Disables automatic secret redaction. Output may contain sensitive values. | 🚧 WIP |
-| `--trace-pipeline` | | flag | off | Diagnostic mode: includes a trace of each candidate and filtering decision. Debugging only. | 🚧 WIP |
-| `--version` | `-v` | flag | — | Shows version and exits. | ✅ CORE |
+| Flag | Alias | Type | Default | Description |
+|------|-------|------|---------|-------------|
+| `--compact` | | flag | off | **Recommended.** ~600-800 token summary: stack, entry points, deps, risk flags, confidence. |
+| `--git-context` | `-g` | flag | off | Adds git hotspots (top changed files), branch, uncommitted file count. Use with `--compact`. |
+| `--agent` | | flag | off | Full structured JSON for AI agents. Auto-enables dependency, env-var, and code-notes analysis. |
+| `--changed-only` | | flag | off | Limit output to git-modified files (staged, unstaged, untracked). |
+| `--depth` | | `INT [1–20]` | `4` | File tree traversal depth. Java projects auto-adjust to 12. |
+| `--format` | `-f` | `json\|yaml` | `json` | Output format. JSON preferred in pipelines. |
+| `--output` | `-o` | `PATH` | stdout | Write output to a file instead of stdout. |
+| `--copy` | `-c` | flag | off | Copy output to clipboard after a successful run. |
+| `--no-redact` | | flag | off | Disable automatic secret redaction. Output may contain sensitive values. |
+| `--version` | `-v` | flag | — | Show version and exit. |
 
 ---
 

sourcecode-1.13.0/README.md

@@ -0,0 +1,114 @@
+# sourcecode
+
+**Deterministic codebase context for AI coding agents.**
+
+![Version](https://img.shields.io/badge/version-1.0.0-blue)
+![Status](https://img.shields.io/badge/status-MVP-orange)
+![Python](https://img.shields.io/badge/python-3.10%2B-green)
+
+---
+
+## What is it?
+
+`sourcecode` analyzes a repository and produces a structured context map (JSON or YAML) designed to be consumed by AI agents or language models. It solves the "stuff the whole repo into the prompt" problem by instead producing a deterministic extract: entry points, dependencies, stacks, inline annotations, environment variables, and git activity. It is an MVP tool under active evolution — the semantic analysis and module graph features work but have known limitations that are explicitly documented below.
+
+---
+
+## Installation
+
+**Prerequisites:** Python 3.10+
+
+```bash
+pip install sourcecode
+# or with pipx for isolation:
+pipx install sourcecode
+```
+
+Verify installation:
+
+```bash
+sourcecode version
+# sourcecode 1.0.0
+```
+
+---
+
+## Quickstart
+
+The primary command — a high-signal, low-noise summary for Java/Spring codebases:
+
+```bash
+sourcecode --compact
+# ~600-800 tokens: stack, entry points, dependencies, risk flags, confidence.
+
+sourcecode --compact --git-context
+# Adds git hotspots and uncommitted file count.
+
+sourcecode --compact --copy
+# Copies the result to clipboard.
+```
+
+Example output for a Spring Boot project:
+
+```json
+{
+  "project_type": "api",
+  "stacks": [{ "stack": "java", "frameworks": ["Spring Boot", "MyBatis"] }],
+  "entry_points": {
+    "bootstrap": ["src/main/java/io/spring/RealWorldApplication.java"],
+    "security": ["src/main/java/io/spring/api/security/WebSecurityConfig.java"],
+    "controllers": { "count": 8, "sample": [...] }
+  },
+  "key_dependencies": [
+    { "name": "org.mybatis.spring.boot:mybatis-spring-boot-starter",
+      "version": "2.2.2", "risk_flags": ["spring-boot-2.x-eol"] }
+  ],
+  "language_version": "11",
+  "deployment": { "spring_boot_version": "2.6.3" },
+  "mybatis": { "mapper_interfaces": 4, "xml_files": 4 },
+  "confidence_summary": { "overall": "high" }
+}
+```
+
+For full structured output with per-file contracts and signals, use `--agent`:
+
+```bash
+sourcecode --agent
+```
+
+---
+
+## Flags reference
+
+### Global options
+
+| Flag | Alias | Type | Default | Description |
+|------|-------|------|---------|-------------|
+| `--compact` | | flag | off | **Recommended.** ~600-800 token summary: stack, entry points, deps, risk flags, confidence. |
+| `--git-context` | `-g` | flag | off | Adds git hotspots (top changed files), branch, uncommitted file count. Use with `--compact`. |
+| `--agent` | | flag | off | Full structured JSON for AI agents. Auto-enables dependency, env-var, and code-notes analysis. |
+| `--changed-only` | | flag | off | Limit output to git-modified files (staged, unstaged, untracked). |
+| `--depth` | | `INT [1–20]` | `4` | File tree traversal depth. Java projects auto-adjust to 12. |
+| `--format` | `-f` | `json\|yaml` | `json` | Output format. JSON preferred in pipelines. |
+| `--output` | `-o` | `PATH` | stdout | Write output to a file instead of stdout. |
+| `--copy` | `-c` | flag | off | Copy output to clipboard after a successful run. |
+| `--no-redact` | | flag | off | Disable automatic secret redaction. Output may contain sensitive values. |
+| `--version` | `-v` | flag | — | Show version and exit. |
+
+---
+
+## Subcommands
+
+### `prepare-context TASK [PATH]`
+
+Generates task-specific context for AI agents.
+
+| Task | Description | Status |
+|------|-------------|--------|
+| `explain` | Architecture, entry points, key dependencies | ✅ CORE |
+| `fix-bug` | Files prioritized by risk, inline annotations | ✅ CORE |
+| `onboard` | Full context for new agents or developers | ✅ CORE |
+| `delta` | Incremental context: only files changed in git | ✅ CORE |
+| `refactor` | Structural problems, improvement opportunities | 🧪 EXP |
+| `generate-tests` | Files without tests, coverage gap analysis | 🧪 EXP |
+| `review-pr` | Changed files + architectural impact | 🧪 EXP |

{sourcecode-1.11.0 → sourcecode-1.13.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "sourcecode"
-version = "1.11.0"
+version = "1.13.0"
 description = "Deterministic codebase context for AI coding agents"
 readme = "README.md"
 requires-python = ">=3.9"

{sourcecode-1.11.0 → sourcecode-1.13.0}/src/sourcecode/__init__.py

@@ -1,3 +1,3 @@
 """sourcecode — Deterministic codebase context maps for AI coding agents."""
 
-__version__ = "1.11.0"
+__version__ = "1.13.0"

{sourcecode-1.11.0 → sourcecode-1.13.0}/src/sourcecode/architecture_summary.py

@@ -173,7 +173,7 @@ class ArchitectureSummarizer:
             fw_names = list(dict.fromkeys(fw_names))[:3]  # dedup, preserve order
         else:
             # Filter out frameworks from auxiliary or tooling stacks (docs/, benchmarks/, etc.)
-            fw_names = [
+            fw_names = list(dict.fromkeys(
                 f.name
                 for s in sm.stacks
                 if not self._is_tooling_path(s.root or "")
@@ -181,7 +181,7 @@ class ArchitectureSummarizer:
                 and not self._is_auxiliary_path(s.root or "")
                 and not self._is_auxiliary_path(s.workspace or "")
                 for f in s.frameworks[:2]
-            ][:3]
+            ))[:3]
 
         fw_str = f" using {', '.join(fw_names)}" if fw_names else ""
         if runtime:
@@ -288,7 +288,7 @@ class ArchitectureSummarizer:
 
     def _summarize_java_entry(self, path: str, content: str, stacks: list[StackDetection]) -> list[str]:
         lines: list[str] = []
-        frameworks = [f.name for stack in stacks for f in stack.frameworks]
+        frameworks = list(dict.fromkeys(f.name for stack in stacks for f in stack.frameworks))
         if frameworks:
             lines.append(f"Frameworks detectados: {', '.join(frameworks)}.")
         annotations = re.findall(r"@(SpringBootApplication|QuarkusMain|MicronautApplication|Application)\b", content)

{sourcecode-1.11.0 → sourcecode-1.13.0}/src/sourcecode/classifier.py

@@ -150,9 +150,18 @@ class TypeClassifier:
             score = {"low": 0, "medium": 1, "high": 2}.get(stack.confidence, 0)
             manifest_weight = 1 if stack.manifests else 0
             priority = 0
-            if project_type in {"webapp", "fullstack"} and stack.stack in {"nodejs", "elixir"} or project_type == "api" and stack.stack in _API_STACKS or project_type == "cli" and any(
-                framework.name in _CLI_FRAMEWORKS for framework in stack.frameworks
-            ) or project_type == "cli" and stack.stack in {"cpp", "dotnet"}:
+            # Backend server-side stacks with manifest evidence outrank frontend stacks
+            # in fullstack projects (e.g. Java+Spring wins over nodejs+Angular).
+            if (project_type in {"fullstack", "api"}
+                    and stack.stack in _API_STACKS
+                    and stack.manifests):
+                priority = 4
+            elif (project_type in {"webapp", "fullstack"} and stack.stack in {"nodejs", "elixir"}
+                  or project_type == "api" and stack.stack in _API_STACKS
+                  or project_type == "cli" and any(
+                      framework.name in _CLI_FRAMEWORKS for framework in stack.frameworks
+                  )
+                  or project_type == "cli" and stack.stack in {"cpp", "dotnet"}):
                 priority = 3
             return (priority, score, manifest_weight)
 

{sourcecode-1.11.0 → sourcecode-1.13.0}/src/sourcecode/cli.py

@@ -141,10 +141,14 @@ def _check_pipeline_coherence(sm: "SourceMap") -> list[str]:  # type: ignore[nam
 _HELP = """\
 Compressed AI-ready context for Java/Spring enterprise codebases.
 
+[bold]Primary usage:[/bold]
+  sourcecode --compact                  high-signal summary (~600-800 tokens)
+  sourcecode --compact --git-context    include git hotspots and uncommitted files
+
 [bold]Examples:[/bold]
   sourcecode saint-server --compact
+  sourcecode . --compact --git-context --copy
   sourcecode . --changed-only --git-context
-  sourcecode saint-server --symbol SeguridadRestController
   sourcecode prepare-context onboard saint-server
   sourcecode prepare-context delta . --since main
 
@@ -565,7 +569,8 @@ def main(
     symbol: Optional[str] = typer.Option(
         None,
         "--symbol",
-        help="Extract context for a specific symbol: defining file + all importers.",
+        hidden=True,
+        help="Extract context for a specific symbol (Python/TS/JS only — not supported for Java).",
     ),
     max_importers: int = typer.Option(
         50,
@@ -586,10 +591,10 @@ def main(
 
     \b
     Examples:
-      sourcecode                        analyze current directory
-      sourcecode /path/to/repo          analyze specific path
-      sourcecode --agent                agent-optimized output
-      sourcecode --agent --git-context  include git activity signals
+      sourcecode --compact              high-signal summary (recommended)
+      sourcecode --compact --git-context  include git hotspots
+      sourcecode /path/to/repo --compact  analyze specific path
+      sourcecode --agent                agent-optimized output (full detail)
     """
     # First-run consent (skip for telemetry/version/config subcommands)
     if ctx.invoked_subcommand not in ("telemetry", "version", "config"):
@@ -700,6 +705,11 @@ def main(
     elif mode not in _CONTRACT_MODES and mode != "raw":
         mode = "contract"   # unknown → safe default
 
+    # --changed-only forces compact output to bound size; full contract/raw scan
+    # of a large repo produces 100KB+ even with only 2 changed files.
+    if changed_only and not compact and not agent:
+        compact = True
+
     # Legacy flags imply raw mode unless --mode was explicitly overridden.
     # --format yaml and --graph-modules are now compatible with contract_view:
     #   yaml is a serialization format (not an output-section flag)
@@ -764,6 +774,16 @@ def main(
     _java_min_depth = 12
     effective_depth = max(depth, _java_min_depth) if _is_java and depth < _java_min_depth else depth
 
+    if symbol is not None and _is_java:
+        typer.echo(
+            f"Error: --symbol is not supported for Java/JVM repositories. "
+            "Per-file AST extraction is unavailable for JVM — symbol search only works with Python, TypeScript, and JavaScript. "
+            "Alternatives: use --agent --compact to get file relevance scores, "
+            "or use --git-context to find recently changed files.",
+            err=True,
+        )
+        raise typer.Exit(code=1)
+
     # --agent: enable signal analyzers; output via agent_view (not compact)
     if agent:
         dependencies = True
@@ -1483,31 +1503,6 @@ def main(
             content = json.dumps(data, indent=2, ensure_ascii=False)
     elif agent:
         data = agent_view(sm)
-        # When contract pipeline ran (mode=contract, no legacy flags), include
-        # per-file contracts in agent output so agents get structural context.
-        # Remove file_relevance — contracts cover this signal with more detail.
-        if _is_contract_mode and sm.file_contracts:
-            from sourcecode.serializer import _serialize_contract_minimal
-            data.pop("file_relevance", None)
-            _MAX_AGENT_CONTRACTS = 10
-            _all_contracts = sm.file_contracts
-            _sorted = sorted(_all_contracts, key=lambda c: getattr(c, "relevance_score", 0.0), reverse=True)
-            _sampled = _sorted[:_MAX_AGENT_CONTRACTS]
-            _total_contracts = len(_all_contracts)
-            data["contracts"] = [_serialize_contract_minimal(c) for c in _sampled]
-            data["contracts_meta"] = {
-                "total": _total_contracts,
-                "shown": len(_sampled),
-                "truncated": _total_contracts > _MAX_AGENT_CONTRACTS,
-            }
-            if sm.contract_summary is not None:
-                cs = sm.contract_summary
-                data["contract_summary"] = {
-                    "files": cs.extracted_files,
-                    "total": cs.total_files,
-                }
-                if cs.method_breakdown:
-                    data["contract_summary"]["methods"] = cs.method_breakdown
         if not no_redact:
             data = redact_dict(data)
         content = json.dumps(data, indent=2, ensure_ascii=False)
@@ -1684,7 +1679,10 @@ def prepare_context_cmd(
         "project_summary": output.project_summary,
         "architecture_summary": output.architecture_summary,
         "confidence": output.confidence,
-        "relevant_files": [asdict(f) for f in output.relevant_files],
+        "relevant_files": [
+            {k: v for k, v in asdict(f).items() if v != ""}
+            for f in output.relevant_files
+        ],
         "why_these_files": output.why_these_files,
         "key_dependencies": output.key_dependencies,
     }

{sourcecode-1.11.0 → sourcecode-1.13.0}/src/sourcecode/detectors/java.py

@@ -37,8 +37,37 @@ _REQUEST_METHOD_VERB_RE = re.compile(
 # @M3FiltroSeguridad custom security annotation
 _M3_FILTRO_RE = re.compile(r'@M3FiltroSeguridad\b')
 _M3_FILTRO_PARAMS_RE = re.compile(
-    r'@M3FiltroSeguridad\s*\(\s*(?:nombreRecurso\s*=\s*"([^"]*)")?'
-    r'(?:[^)]*nivelRequerido\s*=\s*(\d+))?'
+    r'@M3FiltroSeguridad\s*\(\s*'
+    r'(?:nombreRecurso\s*=\s*(?:"([^"]*)"|([\w.]+)))?'  # group 1: string literal, group 2: constant ref
+    r'(?:[^)]*nivelRequerido\s*=\s*(\d+))?'  # group 3: nivel
+)
+
+# Security config detection
+_WEB_SECURITY_CONFIGURER_RE = re.compile(r'WebSecurityConfigurerAdapter\b')
+_SECURITY_FILTER_CHAIN_RE = re.compile(r'SecurityFilterChain\b')
+_SECURITY_CONFIG_ANNOTATION_RE = re.compile(r'@EnableWebSecurity\b')
+# JWT/token filter detection (files that process every request)
+_ONCE_PER_REQUEST_FILTER_RE = re.compile(r'extends\s+(?:OncePerRequestFilter|GenericFilterBean)\b')
+_JWT_FILTER_KEYWORDS_RE = re.compile(r'\b(?:jwt|token|bearer|authorization)\b', re.IGNORECASE)
+
+# @Transactional detection
+_TRANSACTIONAL_RE = re.compile(r'@Transactional\b')
+# Extracts class name: `public class Foo` or `class Foo`
+_CLASS_NAME_RE = re.compile(r'\bclass\s+([A-Z][A-Za-z0-9_]*)')
+
+# Gradle plugin Spring Boot version: id 'org.springframework.boot' version '2.6.3'
+_GRADLE_SB_PLUGIN_RE = re.compile(
+    r"""id\s*['"]\s*org\.springframework\.boot\s*['"]\s+version\s*['"]([\d.]+)['"']""",
+    re.IGNORECASE,
+)
+# Gradle Java version: sourceCompatibility = '11' or sourceCompatibility = JavaVersion.VERSION_11
+_GRADLE_JAVA_VERSION_RE = re.compile(
+    r"""(?:sourceCompatibility|targetCompatibility|javaVersion)\s*=\s*['"]?([0-9.]+)['"]?""",
+    re.IGNORECASE,
+)
+# JavaVersion.VERSION_11 form
+_GRADLE_JAVA_ENUM_RE = re.compile(
+    r"""(?:sourceCompatibility|targetCompatibility)\s*=\s*JavaVersion\.VERSION_(\d+)"""
 )
 
 
@@ -69,6 +98,12 @@ class JavaDetector(AbstractDetector):
         if "build.gradle" in context.manifests:
             manifests.append("build.gradle")
             frameworks.extend(self._frameworks_from_gradle(context.root / "build.gradle"))
+            if language_version is None:
+                try:
+                    gradle_content = "\n".join(read_text_lines(context.root / "build.gradle"))
+                    language_version = self._extract_gradle_java_version(gradle_content)
+                except OSError:
+                    pass
 
         # Detect app server from descriptor files
         all_paths = flatten_file_tree(context.file_tree)
@@ -81,6 +116,7 @@ class JavaDetector(AbstractDetector):
         spring_profiles = self._detect_spring_profiles(context.root, all_paths)
 
         entry_points = self._collect_entry_points(context)
+        transactional_classes = self._collect_transactional_classes(context, all_paths)
         stack = StackDetection(
             stack="java",
             detection_method="manifest",
@@ -91,6 +127,7 @@ class JavaDetector(AbstractDetector):
             packaging=packaging,
             app_server_hint=app_server_hint,
             spring_profiles=spring_profiles,
+            transactional_classes=transactional_classes,
         )
         return [stack], entry_points
 
@@ -196,8 +233,24 @@ class JavaDetector(AbstractDetector):
         return frameworks
 
     def _frameworks_from_gradle(self, path: Path) -> list[FrameworkDetection]:
-        content = "\n".join(read_text_lines(path)).lower()
-        return self._detect_jvm_frameworks(content, "build.gradle")
+        original = "\n".join(read_text_lines(path))
+        content = original.lower()
+        sb_version = self._extract_gradle_sb_version(original)
+        return self._detect_jvm_frameworks(content, "build.gradle", sb_version=sb_version)
+
+    def _extract_gradle_sb_version(self, content: str) -> str | None:
+        m = _GRADLE_SB_PLUGIN_RE.search(content)
+        return m.group(1) if m else None
+
+    def _extract_gradle_java_version(self, content: str) -> str | None:
+        m = _GRADLE_JAVA_ENUM_RE.search(content)
+        if m:
+            v = m.group(1)
+            return "1." + v if int(v) <= 8 else v
+        m = _GRADLE_JAVA_VERSION_RE.search(content)
+        if m:
+            return m.group(1)
+        return None
 
     def _detect_jvm_frameworks(self, text: str, source: str, *, sb_version: str | None = None) -> list[FrameworkDetection]:
         frameworks: list[FrameworkDetection] = []
@@ -319,7 +372,11 @@ class JavaDetector(AbstractDetector):
             return []
 
         # Quick pre-filter before running regexes
-        if ("Controller" not in content and "Filter" not in content
+        has_controller = "Controller" in content
+        has_filter = "Filter" in content
+        has_security = "WebSecurityConfigurerAdapter" in content or "SecurityFilterChain" in content or "EnableWebSecurity" in content
+        has_once_filter = "OncePerRequestFilter" in content or "GenericFilterBean" in content
+        if (not has_controller and not has_filter and not has_security
                 and "ControllerAdvice" not in content
                 and "M3FiltroSeguridad" not in content):
             return []
@@ -335,8 +392,8 @@ class JavaDetector(AbstractDetector):
             security_evidence = None
             m3_match = _M3_FILTRO_PARAMS_RE.search(content)
             if m3_match:
-                nombre = m3_match.group(1) or ""
-                nivel = m3_match.group(2) or ""
+                nombre = m3_match.group(1) or m3_match.group(2) or ""
+                nivel = m3_match.group(3) or ""
                 security_evidence = f"@M3FiltroSeguridad(nombreRecurso={nombre!r}, nivelRequerido={nivel})"
             return [EntryPoint(
                 path=rel_path, stack="java", kind="rest_controller",
@@ -360,8 +417,8 @@ class JavaDetector(AbstractDetector):
             security_evidence = None
             m3_match = _M3_FILTRO_PARAMS_RE.search(content)
             if m3_match:
-                nombre = m3_match.group(1) or ""
-                nivel = m3_match.group(2) or ""
+                nombre = m3_match.group(1) or m3_match.group(2) or ""
+                nivel = m3_match.group(3) or ""
                 security_evidence = f"@M3FiltroSeguridad(nombreRecurso={nombre!r}, nivelRequerido={nivel})"
             return [EntryPoint(
                 path=rel_path, stack="java", kind="mvc_controller",
@@ -379,6 +436,23 @@ class JavaDetector(AbstractDetector):
                 path=rel_path, stack="java", kind="filter",
                 source="annotation", confidence="medium",
             )]
+        if has_security and (
+            _WEB_SECURITY_CONFIGURER_RE.search(content)
+            or _SECURITY_CONFIG_ANNOTATION_RE.search(content)
+            or _SECURITY_FILTER_CHAIN_RE.search(content)
+        ):
+            return [EntryPoint(
+                path=rel_path, stack="java", kind="security_config",
+                source="annotation", confidence="high",
+                evidence="Spring Security configuration",
+            )]
+        if has_once_filter and _ONCE_PER_REQUEST_FILTER_RE.search(content):
+            is_jwt = bool(_JWT_FILTER_KEYWORDS_RE.search(content))
+            return [EntryPoint(
+                path=rel_path, stack="java", kind="security_filter",
+                source="annotation", confidence="high",
+                evidence="jwt_filter" if is_jwt else "request_filter",
+            )]
         return []
 
     def _parse_web_xml(self, abs_path: Path, rel_path: str) -> list[EntryPoint]:
@@ -412,3 +486,26 @@ class JavaDetector(AbstractDetector):
                 seen.add(framework.name)
                 result.append(framework)
         return result
+
+    def _collect_transactional_classes(self, context: DetectionContext, all_paths: list[str]) -> list[str]:
+        """Scan Java source files for @Transactional and return unique class names."""
+        classes: list[str] = []
+        seen: set[str] = set()
+        java_paths = [p for p in all_paths if p.endswith(".java") and "/test/" not in p and "/tests/" not in p]
+        for rel_path in java_paths[:_MAX_JAVA_ENTRY_SCAN]:
+            abs_path = context.root / rel_path
+            try:
+                if abs_path.stat().st_size > _MAX_FILE_SIZE:
+                    continue
+                content = abs_path.read_text(encoding="utf-8", errors="replace")
+            except OSError:
+                continue
+            if not _TRANSACTIONAL_RE.search(content):
+                continue
+            m = _CLASS_NAME_RE.search(content)
+            if m:
+                cls = m.group(1)
+                if cls not in seen:
+                    seen.add(cls)
+                    classes.append(cls)
+        return classes

{sourcecode-1.11.0 → sourcecode-1.13.0}/src/sourcecode/detectors/project.py

@@ -121,6 +121,7 @@ class ProjectDetector:
             packaging=stack.packaging,
             app_server_hint=stack.app_server_hint,
             spring_profiles=list(stack.spring_profiles),
+            transactional_classes=list(stack.transactional_classes),
         )
 
     def _merge_stack(self, current: StackDetection, incoming: StackDetection) -> StackDetection:
@@ -144,6 +145,8 @@ class ProjectDetector:
             current.app_server_hint = incoming.app_server_hint
         if incoming.spring_profiles and not current.spring_profiles:
             current.spring_profiles = list(incoming.spring_profiles)
+        if incoming.transactional_classes and not current.transactional_classes:
+            current.transactional_classes = list(incoming.transactional_classes)
         return current
 
     def _merge_frameworks(