PyPI - sourcecode - Versions diffs - 1.30.0__tar.gz → 1.30.1__tar.gz - Mend

sourcecode 1.30.0tar.gz → 1.30.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (190) hide show

sourcecode-1.30.1/.continue-here.md ADDED Viewed

@@ -0,0 +1,129 @@
+# Continue Here — atlas-cli session 6
+**Paused:** 2026-05-16 (sesión 6)
+**Repo:** `/Users/user/Downloads/atlas-cli`
+**Branch:** master
+**Último commit:** `772a01e` (fix false positives review-pr)
+**Working tree:** DIRTY — `src/sourcecode/prepare_context.py` modificado (28 ins / 8 del), sin commit
+---
+## Lo que se hizo esta sesión
+### Fix 1 — `review-pr` false positive cuando `since=None`
+Commit `772a01e` (ya en repo). Root cause: `_get_git_changed_files(since=None)` usaba `HEAD~1` como default → devolvía archivos del último commit committeado → `review-pr` los trataba como "PR diff". Fix: nuevo método `_get_uncommitted_changed_files()` llamado desde gate review-pr cuando `since=None`. Tests actualizados en `test_v1_10_regressions.py` para mockear el nuevo método.
+---
+### Fix 2 — BFS over-expansion en `_build_delta_impact` (SIN COMMIT — PENDIENTE)
+**Problema confirmado en `~/Documents/workspace/spring-boot-realworld-example-app`:**
+Con 2 archivos cambiados (`User.java`, `ArticleFavorite.java`), `review-pr` devolvía 24 `relevant_files` incluyendo todos los controllers REST, todos los GraphQL resolvers, y 2 test files.
+**3 bugs identificados y corregidos:**
+| Bug | Línea orig | Descripción | Fix |
+|-----|-----------|-------------|-----|
+| Tests en `_bfs_collected` | ~2081 | `_bfs_collected.append()` fuera de `if not _is_test:` → TestHelper.java, ArticleApiTest.java incluidos | Movido dentro del bloque |
+| Sin per-hop cap | ~2091 | `_max_results` (8) limitaba solo el frontier, no `_bfs_collected`. Hop-1 llenaba los 20 slots, expulsando hop-2/3 | Nuevo `_hop_bfs_staged`: acumula por hop, ordena por score desc, extiende con `[:_max_results]` |
+| Sin truncation guard | — | Sin señal cuando expansión excesiva | Flag `_expansion_truncated` + mensaje `truncated_dependency_graph` en `analysis_gaps` cuando `len(relevant) > 40` |
+**Resultado smoke test:**
+| Métrica | Antes | Después |
+|---------|-------|---------|
+| `relevant_files` total | 24 | 14 |
+| Tests incluidos | 2 | **0** |
+| GraphQL resolvers | 8 | **0** |
+| REST controllers | 7 | 5 (top-5 score) |
+| Security hop-1 legítimos | 3 | 3 |
+| JwtTokenFilter (hop-2) | 1 | 1 |
+| WebSecurityConfig (hop-3) | 0 | 1 |
+**Tests:** 771 passed, 3 skipped
+---
+## Estado de tests al pausar
+```
+771 passed, 3 skipped
+```
+Pre-existing failures (excluidos del run):
+- `test_block2_coverage.py::test_java_marked_unsupported` — DocRecord bug en doc_analyzer.py
+- `test_dependency_analyzer_node_python.py::test_python_requirements_without_lockfile_keeps_declared_versions` — typer version mismatch
+- `test_packaging.py::test_console_script_reports_version` — installed v1.29 vs source v1.30 (se resolverá al reinstalar post-commit)
+---
+## Decisiones técnicas de esta sesión
+- **`_get_uncommitted_changed_files()`**: Método extraído para que sea mockeado en tests. Delta sigue usando HEAD~1 — correcto, no afectado.
+- **`_hop_bfs_staged` per-hop cap**: Elegido sobre threshold de score porque 0.30 seguía incluyendo GraphQL (score 0.32). Cap determinístico.
+- **`_bfs_cap = sum(budget[0])`**: 8+6+4=18, derivado de `_BFS_HOP_BUDGET`, no hardcodeado.
+- **WebSecurityConfig sigue apareciendo (hop-3)**: Legítimo. Cadena real: JwtService→JwtTokenFilter→WebSecurityConfig. Para eliminar: reducir `_BFS_HOP_BUDGET` a 2 hops.
+---
+## Pendiente / próximos pasos
+1. **COMMIT fix BFS** — diff listo, tests verdes:
+   ```bash
+   cd /Users/user/Downloads/atlas-cli
+   git add src/sourcecode/prepare_context.py
+   git commit -m "fix: BFS over-expansion en review-pr — per-hop cap, tests excluidos, truncation guard"
+   ```
+2. **Opcional — reducir a 2 hops** si se quiere eliminar WebSecurityConfig (hop-3):
+   Cambiar `_BFS_HOP_BUDGET` en `prepare_context.py` de 3 a 2 elementos.
+3. **Opcional — cross-module guard en BFS**: No incluir archivos cuyo módulo (`_extract_ddd_domain`) difiere del módulo de los changed files. Eliminaría AuthorizationService/JwtService (módulo "service" ≠ "user"/"favorite") de hop-1.
+4. **Smoke test `delta`** con BFS fix (verificar no afectado):
+   ```bash
+   cd ~/Documents/workspace/spring-boot-realworld-example-app
+   sourcecode prepare-context delta . --since HEAD~1 2>&1 | python3 -c "import json,sys; d=json.load(sys.stdin); print('relevant_files:', len(d.get('relevant_files', [])))"
+   ```
+5. **Smoke tests sesiones anteriores** (saint-server) — ver handoff sesión 4/5.
+---
+## Para retomar
+```bash
+cd /Users/user/Downloads/atlas-cli
+git log --oneline -3
+# debe mostrar:
+# 772a01e (fix) corrigiendo bug que identificaba falsos positivos en review-pr
+# 5c06ef3 (feature) implementando mejoras significativas en prepare-context review-pr
+# e5a1a05 corrigiendo bug en delta --since en windows
+git diff --stat HEAD
+# debe mostrar: prepare_context.py | 36 +++--- (BFS fix pendiente de commit)
+# Tests
+python3 -m pytest tests/ \
+  --ignore=tests/test_block2_coverage.py \
+  --ignore=tests/test_packaging.py \
+  --deselect=tests/test_dependency_analyzer_node_python.py::test_python_requirements_without_lockfile_keeps_declared_versions \
+  -q
+# Expected: 771 passed, 3 skipped
+# Smoke test review-pr
+cd ~/Documents/workspace/spring-boot-realworld-example-app
+sourcecode prepare-context review-pr . 2>&1 | python3 -c "
+import json, sys
+d = json.load(sys.stdin)
+print('relevant_files:', len(d.get('relevant_files', [])))
+for f in d.get('relevant_files', []):
+    print(' ', f.get('score'), f.get('path').split('/')[-1])
+"
+# Expected: 14 files, no tests, no GraphQL
+```
+---
+*Pausado 2026-05-16 sesión 6 — gsd:pause-work*

{sourcecode-1.30.0 → sourcecode-1.30.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sourcecode
-Version: 1.30.0
+Version: 1.30.1
 Summary: Deterministic codebase context for AI coding agents
 License:                                  Apache License
                                    Version 2.0, January 2004
@@ -221,7 +221,7 @@ Description-Content-Type: text/markdown
 **Compressed AI-ready context for Java/Spring enterprise codebases.**
-![Version](https://img.shields.io/badge/version-1.30.0-blue)
+![Version](https://img.shields.io/badge/version-1.30.1-blue)
 ![Python](https://img.shields.io/badge/python-3.10%2B-green)
 ---
@@ -255,7 +255,7 @@ pipx install sourcecode
 ```bash
 sourcecode version
-# sourcecode 1.30.0
+# sourcecode 1.30.1
 ```
 ---

{sourcecode-1.30.0 → sourcecode-1.30.1}/README.md RENAMED Viewed

@@ -2,7 +2,7 @@
 **Compressed AI-ready context for Java/Spring enterprise codebases.**
-![Version](https://img.shields.io/badge/version-1.30.0-blue)
+![Version](https://img.shields.io/badge/version-1.30.1-blue)
 ![Python](https://img.shields.io/badge/python-3.10%2B-green)
 ---
@@ -36,7 +36,7 @@ pipx install sourcecode
 ```bash
 sourcecode version
-# sourcecode 1.30.0
+# sourcecode 1.30.1
 ```
 ---

{sourcecode-1.30.0 → sourcecode-1.30.1}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "sourcecode"
-version = "1.30.0"
+version = "1.30.1"
 description = "Deterministic codebase context for AI coding agents"
 readme = "README.md"
 requires-python = ">=3.9"

{sourcecode-1.30.0 → sourcecode-1.30.1}/src/sourcecode/__init__.py RENAMED Viewed

@@ -1,3 +1,3 @@
 """sourcecode — Deterministic codebase context maps for AI coding agents."""
-__version__ = "1.30.0"
+__version__ = "1.30.1"

{sourcecode-1.30.0 → sourcecode-1.30.1}/src/sourcecode/prepare_context.py RENAMED Viewed

@@ -1605,6 +1605,78 @@ class TaskContextBuilder:
         # Binaries, images, lock files — treat as noise (closed taxonomy: no unknown_*)
         return {"artifact_type": "ide_noise", "risk_areas": [], "impact_level": "noise", "is_noise": True, "module": module, "confidence": "low"}
+    def _classify_diff_severity(self, path: str, since: Optional[str]) -> str:
+        """Classify the semantic severity of a file's diff to gate BFS expansion.
+        Returns: 'trivial' | 'field_change' | 'api_change' | 'security_change' | 'unknown'
+        - trivial: only comments/whitespace changed — no BFS expansion seeded
+        - field_change: field/attribute declarations changed — hop-1 only, no hop-2+ frontier
+        - api_change: method signatures or class structure changed — full BFS
+        - security_change: auth/security keywords in changed lines — full BFS + security chain
+        - unknown: diff unreadable — treated as api_change (safe default)
+        """
+        import subprocess as _subprocess
+        import re as _re
+        try:
+            if since:
+                cmd = ["git", "diff", since, "HEAD", "--", path]
+            else:
+                cmd = ["git", "diff", "HEAD", "--", path]
+            result = _subprocess.run(
+                cmd, capture_output=True, text=True, timeout=5,
+                cwd=str(self.root), encoding="utf-8", errors="ignore",
+            )
+            diff_text = result.stdout
+        except Exception:
+            return "unknown"
+        if not diff_text.strip():
+            return "unknown"
+        changed_lines = [
+            line[1:] for line in diff_text.splitlines()
+            if line.startswith(("+", "-")) and not line.startswith(("+++", "---"))
+        ]
+        if not changed_lines:
+            return "trivial"
+        suffix = Path(path).suffix.lower()
+        if suffix in (".java", ".kt"):
+            _TRIVIAL  = _re.compile(r'^\s*(?://|/\*|\*)')
+            _FIELD    = _re.compile(r'^\s*(?:private|protected|public|final|static)\s+\w[\w<>, ]*\s+\w+\s*[;=]')
+            _API      = _re.compile(r'^\s*(?:public|protected)\s+\S.*\(')
+            # Exclude 'password', 'role', 'permission' — these are common field names
+            # in domain models and don't indicate auth logic changes. Keep mechanism
+            # keywords: jwt, auth (as class prefix), token, credential, encrypt, decrypt, oauth.
+            _SECURITY = _re.compile(r'\b(?:jwt|auth|token|credential|encrypt|decrypt|oauth|saml|ldap|principal|Security)\b')
+            _STRUCT   = _re.compile(r'^\s*(?:class|interface|enum|record|import|package)\s')
+        elif suffix == ".py":
+            _TRIVIAL  = _re.compile(r'^\s*#')
+            _FIELD    = _re.compile(r'^\s*(?:self\.\w+\s*=|\w+:\s*\w)')
+            _API      = _re.compile(r'^\s*def\s+\w')
+            _SECURITY = _re.compile(r'\b(?:jwt|auth|token|credential|encrypt|decrypt|oauth|saml|ldap|principal|security)\b', _re.IGNORECASE)
+            _STRUCT   = _re.compile(r'^\s*(?:class|import|from)\s')
+        elif suffix in (".ts", ".tsx", ".js", ".jsx", ".mjs"):
+            _TRIVIAL  = _re.compile(r'^\s*(?://|/\*|\*)')
+            _FIELD    = _re.compile(r'^\s*(?:private|readonly|public)?\s*\w+[?!]?\s*[=:]')
+            _API      = _re.compile(r'^\s*(?:(?:public|private|protected|async|export)\s+)*(?:function\s+\w|\w+\s*\()')
+            _SECURITY = _re.compile(r'\b(?:jwt|auth|token|credential|encrypt|decrypt|oauth|saml|ldap|principal|security)\b', _re.IGNORECASE)
+            _STRUCT   = _re.compile(r'^\s*(?:class|interface|import|export\s+(?:class|interface|type))\s')
+        else:
+            return "unknown"
+        if any(_SECURITY.search(line) for line in changed_lines):
+            return "security_change"
+        if any(_API.match(line) or _STRUCT.match(line) for line in changed_lines):
+            return "api_change"
+        if any(_FIELD.match(line) for line in changed_lines):
+            return "field_change"
+        if all(_TRIVIAL.match(line) or not line.strip() for line in changed_lines):
+            return "trivial"
+        return "field_change"  # safe default: treat unknown non-trivial as field-level
     def _scan_import_dependents(
         self,
         changed_paths: list[str],
@@ -1888,6 +1960,16 @@ class TaskContextBuilder:
             f: self._classify_changed_file(f) for f in changed_files
         }
+        # ── Step 1b: classify diff severity to gate BFS expansion ─────────────
+        # trivial   → no BFS seeding (comments/whitespace only)
+        # field_change → hop-1 BFS only, deps excluded from hop-2+ frontier
+        # api_change   → full BFS (method signature or class structure changed)
+        # security_change → full BFS + security chain allowed cross-module
+        # unknown   → treated as api_change (safe default)
+        diff_severities: dict[str, str] = {
+            f: self._classify_diff_severity(f, since) for f in changed_files
+        }
         # ── Step 2: build relevant_files from the changed set ─────────────────
         relevant: list[RelevantFile] = []
         why: dict[str, str] = {}
@@ -2004,9 +2086,12 @@ class TaskContextBuilder:
         ]
         _bfs_seen: set[str] = {rf.path for rf in relevant}
+        # trivial changes (comments/whitespace only) don't seed BFS — nothing structural
+        # to propagate, so excluding them prevents false expansion on cosmetic commits
         _bfs_frontier: list[str] = [
             f for f in changed_files
             if Path(f).suffix.lower() in _BFS_SCANNABLE
+            and diff_severities.get(f, "unknown") != "trivial"
         ]
         # (max results added from this hop, max_candidates scanned per seed)
@@ -2035,6 +2120,8 @@ class TaskContextBuilder:
             # collect (score, path) pairs for this hop to build the next frontier
             _hop_scored: list[tuple[float, str]] = []
+            # per-hop staging list — capped at _max_results before merging into _bfs_collected
+            _hop_bfs_staged: list[tuple[int, float, str, RelevantFile]] = []
             for _seed_path, _dep_paths in _hop_dep_map.items():
                 _seed_atype = (
@@ -2042,6 +2129,9 @@ class TaskContextBuilder:
                     if _seed_path in classifications
                     else self._classify_changed_file(_seed_path)["artifact_type"]
                 )
+                # diff severity for original changed files only (hop-1 seeds);
+                # hop-2+ seeds are dep files not in diff_severities → "unknown"
+                _seed_severity = diff_severities.get(_seed_path, "unknown")
                 for _dep_path in _dep_paths:
                     if _dep_path in _bfs_seen:
                         continue
@@ -2052,9 +2142,29 @@ class TaskContextBuilder:
                         continue
                     _dep_atype = _dep_cls["artifact_type"]
+                    _dep_module = _dep_cls["module"]
+                    # Cross-module gating: if dep lives in a different domain module,
+                    # only allow it if:
+                    #   hop-1 AND dep_atype is explicitly in seed's _EXPANSION_TARGETS
+                    # For hop-2+, cross-module deps are always excluded — transitives
+                    # must stay within the changed modules to avoid system-wide explosion.
+                    _is_cross_module = bool(_dep_module) and _dep_module not in affected_modules_set
+                    if _is_cross_module:
+                        _seed_expansion = _EXPANSION_TARGETS.get(_seed_atype, frozenset())
+                        # security_change seeds are allowed to cross into the security chain
+                        # even when their base expansion targets don't include those types
+                        if _seed_severity == "security_change":
+                            _seed_expansion = _seed_expansion | frozenset({"security", "spring_config", "config"})
+                        if _hop_num >= 2 or _dep_atype not in _seed_expansion:
+                            continue
                     _dep_score_base = _ARTIFACT_SCORE.get(_dep_atype, 0.45)
                     # score decays 30% per hop so transitives rank below direct dependents
-                    _dep_score = round(_dep_score_base * (0.70 ** _hop_num), 2)
+                    # cross-module deps get additional 40% penalty so same-module files
+                    # always rank higher in the per-hop cap
+                    _cross_module_factor = 0.60 if _is_cross_module else 1.0
+                    _dep_score = round(_dep_score_base * (0.70 ** _hop_num) * _cross_module_factor, 2)
                     _dep_role = _role_in_system(_dep_path, _dep_atype, _dep_path in ep_paths)
                     _why_str = (
@@ -2069,27 +2179,44 @@ class TaskContextBuilder:
                         f" ({_seed_atype}) | score: {_dep_score:.2f}"
                     )
                     why[_dep_path] = _why_str
-                    # Tests are consumers, not structural dependencies — exclude from import graph.
-                    # They remain in relevant_files but must not seed further BFS hops.
+                    # Tests import production code but are not structural dependencies —
+                    # exclude from graph, frontier, and bfs_collected entirely.
                     _is_test = _dep_atype == "test"
                     if not _is_test:
                         graph_edges.append({
                             "from": _seed_path, "to": _dep_path,
                             "edge_type": "import_dependency", "hop": _hop_num,
                         })
-                        _hop_scored.append((_dep_score, _dep_path))
-                    _bfs_collected.append((_hop_num, _dep_score, _dep_path, RelevantFile(
-                        path=_dep_path, role=_dep_role, score=_dep_score,
-                        reason=_reason, why=_why_str,
-                    )))
+                        # field_change seeds don't propagate to hop-2+ frontier:
+                        # a field-level change (getter, attribute) is collected at hop-1
+                        # but its callers are not recursively expanded further
+                        if _seed_severity != "field_change":
+                            _hop_scored.append((_dep_score, _dep_path))
+                        _hop_bfs_staged.append((_hop_num, _dep_score, _dep_path, RelevantFile(
+                            path=_dep_path, role=_dep_role, score=_dep_score,
+                            reason=_reason, why=_why_str,
+                        )))
+            # Per-hop cap: keep only the top-_max_results by score before merging.
+            # Prevents a single high-fanout seed (e.g. User.java imported by every
+            # controller) from flooding _bfs_collected and pushing out hop-2/3 results.
+            _hop_bfs_staged.sort(key=lambda x: (-x[1], x[2]))
+            _bfs_collected.extend(_hop_bfs_staged[:_max_results])
             # next frontier = top-N files by score from this hop
             _hop_scored.sort(key=lambda x: -x[0])
             _bfs_frontier = [p for _, p in _hop_scored[:_max_results]]
-        # merge into relevant: closer hops first, then higher score; cap total at 20
+        # merge into relevant: closer hops first, then higher score; cap total at 18
         _bfs_collected.sort(key=lambda x: (x[0], -x[1], x[2]))
-        relevant.extend(rf for _, _, _, rf in _bfs_collected[:20])
+        _bfs_cap = sum(budget[0] for budget in _BFS_HOP_BUDGET)  # 8+6+4 = 18
+        relevant.extend(rf for _, _, _, rf in _bfs_collected[:_bfs_cap])
+        # Truncation guard: flag excess expansion — gap message added in Step 6.
+        _EXPANSION_HARD_LIMIT = 40
+        _expansion_truncated = len(relevant) > _EXPANSION_HARD_LIMIT
+        if _expansion_truncated:
+            relevant = relevant[:_EXPANSION_HARD_LIMIT]
         # ── Step 3d: per-file impact scores, change_type, system_impact ─────────
         # Downstream fanout: count graph edges originating from each changed file
@@ -2263,6 +2390,11 @@ class TaskContextBuilder:
         analysis_gaps: list[str] = [
             f"Related file expansion: type-aware chain expansion + {_bfs_note} + module/directory heuristics",
         ]
+        if _expansion_truncated:
+            analysis_gaps.insert(0,
+                f"truncated_dependency_graph: expansion exceeded {_EXPANSION_HARD_LIMIT} nodes"
+                " — lower-priority files omitted. Narrow scope with --since <ref> for precision."
+            )
         if noise_count > 0 and meaningful > 0:
             analysis_gaps.append(
                 f"{noise_count} IDE/tooling file(s) in diff excluded from impact analysis"

sourcecode-1.30.0/.continue-here.md DELETED Viewed

@@ -1,118 +0,0 @@
-# Continue Here — atlas-cli session 5
-**Paused:** 2026-05-16 (sesión 5)
-**Repo:** `/Users/user/Downloads/atlas-cli`
-**Branch:** master
-**Commits esta sesión:** `e5a1a05` + `5c06ef3` (ambos committed, working tree limpio)
----
-## Lo que se hizo esta sesión
-### Fix 1 — Windows encoding crash en `--since` (`e5a1a05`)
-**Root cause:** `_get_available_refs()` en `prepare_context.py` llamaba `subprocess.run(text=True)` sin `encoding=` — usaba cp1252 en Windows. Byte 0x8d → `UnicodeDecodeError` no capturado. Además `r.stdout.splitlines()` sin guard → `AttributeError` si stdout fuera None.
-**Fix:** dos líneas en `prepare_context.py:2309-2315`:
-```python
-encoding="utf-8", errors="replace",   # añadido
-(r.stdout or "").splitlines()          # guard añadido
-```
-**Tests añadidos:** `tests/test_encoding_regression.py` — clase `TestGetAvailableRefsWindowsEncoding` (4 casos: stdout=None, bytes inválidos, ref inexistente, returncode!=0).
----
-### Fix 2 — `review-pr` reescrito como pipeline delta-first (`5c06ef3`)
-**Problema:** `review-pr` devolvía output genérico de repo completo sin diff real. Inútil para CI/PR review.
-**Cambios:**
-| Archivo | Qué cambió |
-|---------|-----------|
-| `prepare_context.py` | Gate 5d: 3 errores tempranos (no_git_repo, no_diff, git_ref_not_found). Reutiliza `_build_delta_impact`. Deriva security_impact/transactional_impact/test_coverage_risk del análisis delta. 7 nuevos campos en TaskOutput. |
-| `cli.py` | Content map review-pr. Bloque output PR-específico. Error JSON + exit(1). Help text. |
-| `test_v1_10_regressions.py` | 3 tests viejos (comportamiento genérico) reemplazados por 4 nuevos (gate git + mocks). |
-**Nuevos campos en output:**
-```json
-{
-  "review_type": "pull_request",
-  "ci_decision": "analysis_success",
-  "base_ref": "origin/main",
-  "changed_files": [...],
-  "affected_modules": [...],
-  "security_impact": {"affected_resources": [...], "risk_level": "high"},
-  "transactional_impact": {"affected_transactions": [...], "risk": "..."},
-  "test_coverage_risk": {"changed_files_without_tests": [...], "risk_level": "medium"},
-  "review_hotspots": [...],
-  "suggested_review_order": [...]
-}
-```
-**GitHub Actions ready:**
-```yaml
-- run: sourcecode prepare-context review-pr . --since origin/main --output review.json
-# exit 1 si no hay diff o ref no existe
-```
----
-## Estado de tests al pausar
-```
-770 passed, 3 skipped
-```
-Fallos pre-existentes (no relacionados, ya presentes antes de esta sesión):
-- `test_block2_coverage.py::test_java_marked_unsupported` — `DocRecord.__init__` bug en `doc_analyzer.py`
-- `test_dependency_analyzer_node_python.py::test_python_requirements_without_lockfile` — typer version mismatch
----
-## Pendiente / próximos pasos opcionales
-1. **Smoke test review-pr en saint-server real con diff:**
-   ```bash
-   cd saint-server
-   git checkout -b test-review-pr
-   # modificar un controller
-   sourcecode prepare-context review-pr . --since main --output /tmp/review.json
-   cat /tmp/review.json | python3 -c "import json,sys; d=json.load(sys.stdin); print('sections:', list(d.keys()))"
-   ```
-2. **Verificar `security_impact` detecta correctamente:** cambiar un `SecurityConfig.java` y comprobar que aparece en `security_impact.affected_resources`.
-3. **`suggested_review_order` calidad:** verificar que el orden security→controller→service es correcto en PR reales con múltiples tipos de archivos.
-4. **`test_coverage_risk` stem matching sin normalización:** el gap entre `generate-tests` (normaliza `TestFoo→Foo`) y `review-pr` (stem directo). Si da falsos "untested", añadir normalización.
-5. **Agent token reduction** (trabajo sesiones anteriores): smoke test pendiente en saint-server — ver handoff sesión 4 para comandos.
----
-## Para retomar
-```bash
-cd /Users/user/Downloads/atlas-cli
-git log --oneline -3
-# debe mostrar:
-# 5c06ef3 (feature) implementando mejoras significativas en prepare-context review-pr...
-# e5a1a05 corrigiendo bug en delta --since en windows
-# f1cb001 corrigiendo bug --agent que duplicaba tokens sin justificación
-python3 -m pytest tests/ \
-  --ignore=tests/test_block2_coverage.py \
-  --deselect=tests/test_dependency_analyzer_node_python.py::test_python_requirements_without_lockfile_keeps_declared_versions \
-  -q
-# Expected: 770 passed, 3 skipped
-# Smoke test review-pr
-sourcecode prepare-context review-pr . --since HEAD~1 --output /tmp/review.json
-python3 -c "import json; d=json.load(open('/tmp/review.json')); print(list(d.keys()))"
-```
----
-*Pausado 2026-05-16 sesión 5 — gsd:pause-work*