sourcecode 1.31.32__tar.gz → 1.32.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {sourcecode-1.31.32 → sourcecode-1.32.0}/PKG-INFO +3 -3
- {sourcecode-1.31.32 → sourcecode-1.32.0}/README.md +2 -2
- sourcecode-1.32.0/docs/PRODUCT_AUDIT.md +170 -0
- sourcecode-1.32.0/docs/USER_GUIDE.md +371 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/pyproject.toml +1 -1
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/__init__.py +1 -1
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/cli.py +98 -51
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/license.py +107 -16
- {sourcecode-1.31.32 → sourcecode-1.32.0}/.agents/skills/source-command-gsd-join-discord/SKILL.md +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/.agents/skills/source-command-gsd-review-backlog/SKILL.md +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/.agents/skills/source-command-gsd-workstreams/SKILL.md +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/.continue-here.md +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/.github/workflows/build-windows.yml +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/.gitignore +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/.ruff.toml +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/.sourcecode-cache/snapshot-3b5997a-fa5c742c.json +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/AUDIT_REAL_REPOS.md +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/AUDIT_v1.31.23.md +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/CHANGELOG.md +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/CONTRIBUTING.md +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/LICENSE +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/SECURITY.md +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/docs/PRODUCT_TIERS.md +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/docs/privacy.md +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/docs/schema.md +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/raw +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/run_cli.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/adaptive_scanner.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/architecture_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/architecture_summary.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/ast_extractor.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/cache.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/canonical_ir.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/classifier.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/code_notes_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/confidence_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/context_scorer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/context_summarizer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/contract_model.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/contract_pipeline.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/coverage_parser.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/dependency_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/__init__.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/base.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/csproj_parser.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/dart.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/dotnet.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/elixir.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/go.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/heuristic.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/hybrid.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/java.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/jvm_ext.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/nodejs.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/parsers.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/php.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/project.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/python.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/ruby.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/rust.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/systems.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/terraform.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/detectors/tooling.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/doc_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/entrypoint_classifier.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/env_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/file_classifier.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/flow_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/git_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/graph_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/mcp/__init__.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/mcp/onboarding/__init__.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/mcp/onboarding/applier.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/mcp/onboarding/backup.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/mcp/onboarding/detector.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/mcp/onboarding/planner.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/mcp/runner.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/mcp/server.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/mcp_nudge.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/metrics_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/output_budget.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/path_filters.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/pr_comment_renderer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/prepare_context.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/progress.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/ranking_engine.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/redactor.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/relevance_scorer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/repo_classifier.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/repository_ir.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/runtime_classifier.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/scanner.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/schema.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/semantic_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/serializer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/summarizer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/telemetry/__init__.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/telemetry/config.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/telemetry/consent.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/telemetry/events.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/telemetry/filters.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/telemetry/transport.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/tree_utils.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/src/sourcecode/workspace.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/__init__.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/conftest.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/coverage.xml +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/fastapi_app/pyproject.toml +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/fastapi_app/src/main.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/go_service/cmd/api/main.go +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/go_service/go.mod +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/jacoco.xml +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/latin1_sample.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/latin1_sample_iso.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/lcov.info +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/nextjs_app/app/page.tsx +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/nextjs_app/package.json +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/nextjs_app/pnpm-lock.yaml +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/pnpm_monorepo/apps/web/app/page.tsx +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/pnpm_monorepo/apps/web/package.json +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/pnpm_monorepo/packages/api/main.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/pnpm_monorepo/packages/api/pyproject.toml +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/pnpm_monorepo/pnpm-workspace.yaml +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/pom.xml +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/ausente/application/service/FindAusenteService.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/ausente/domain/entities/Ausente.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/ausente/infrastructure/rest/AusenteRestController.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/autocoberturas/application/service/FindAutocoberturasService.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/autocoberturas/domain/entities/Autocoberturas.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/autocoberturas/infrastructure/rest/AutocoberturasRestController.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/calendarioTrabajador/application/service/FindCalendarioTrabajadorService.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/calendarioTrabajador/domain/entities/CalendarioTrabajador.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/calendarioTrabajador/infrastructure/rest/CalendarioTrabajadorRestController.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/departamento/application/service/FindDepartamentoService.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/departamento/domain/entities/Departamento.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/departamento/infrastructure/rest/DepartamentoRestController.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/empleado/application/service/FindEmpleadoService.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/empleado/domain/entities/Empleado.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/empleado/infrastructure/rest/EmpleadoRestController.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/DemoApplication.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/config/FilterConfig.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/domain/Health.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/mapper/HealthMapper.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/repository/HealthRepository.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/service/HealthService.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/web/HealthRestController.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/web/NominaRestController.java +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/resources/application-dev.yml +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/resources/application.yml +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/fixtures/spring_boot_minimal/src/main/resources/mapper/HealthMapper.xml +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_architecture_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_architecture_summary.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_ast_extractor.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_audit_fixes.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_audit_sas_v2.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_block1_reliability.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_block2_coverage.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_block5_quality.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_broadleaf_fixes.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_bug_fixes_v1302.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_bug_fixes_v13115.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_bug_fixes_v1312.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_bug_fixes_v13122.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_bug_fixes_v1313.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_bug_fixes_v13130.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_bug_fixes_v1321.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_bug_fixes_v16.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_bug_fixes_v2.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_cache.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_canonical_ir.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_classifier.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_cli.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_code_notes_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_context_scorer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_contract_pipeline.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_coverage_parser.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_cross_consistency.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_dependency_analyzer_node_python.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_dependency_analyzer_polyglot.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_dependency_schema.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_detector_dotnet.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_detector_go_rust_java.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_detector_nodejs.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_detector_php_ruby_dart.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_detector_python.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_detector_universal_managed.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_detector_universal_systems.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_detectors_base.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_doc_analyzer_jsdom.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_doc_analyzer_python.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_encoding_regression.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_enterprise_benchmarks.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_graph_analyzer_polyglot.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_graph_analyzer_python_node.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_graph_schema.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_hybrid_inference.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_integration.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_integration_dependencies.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_integration_detection.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_integration_docs.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_integration_graph_modules.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_integration_lqn.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_integration_metrics.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_integration_multistack.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_integration_semantics.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_integration_universal.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_java_spring_integration.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_mcp_nudge.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_mcp_runner.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_mcp_serve.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_mcp_tools.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_metrics_analyzer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_output_ux.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_packaging.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_phase1_improvements.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_pipeline_integrity.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_real_projects.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_redactor.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_repository_ir.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_scanner.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_schema.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_schema_normalization.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_scoring_calibration.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_semantic_analyzer_node.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_semantic_analyzer_python.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_semantic_import_resolution.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_semantic_schema.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_signal_hierarchy.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_summarizer.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_surface_honesty.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_task_differentiation.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_telemetry.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_v131_improvements.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_v1_10_regressions.py +0 -0
- {sourcecode-1.31.32 → sourcecode-1.32.0}/tests/test_workspace_analyzer.py +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: sourcecode
|
|
3
|
-
Version: 1.
|
|
3
|
+
Version: 1.32.0
|
|
4
4
|
Summary: Deterministic codebase context for AI coding agents
|
|
5
5
|
License: Apache License
|
|
6
6
|
Version 2.0, January 2004
|
|
@@ -225,7 +225,7 @@ Description-Content-Type: text/markdown
|
|
|
225
225
|
|
|
226
226
|
**AI-ready change intelligence for Java/Spring enterprise monoliths.**
|
|
227
227
|
|
|
228
|
-

|
|
229
229
|

|
|
230
230
|
|
|
231
231
|
---
|
|
@@ -263,7 +263,7 @@ pipx install sourcecode
|
|
|
263
263
|
|
|
264
264
|
```bash
|
|
265
265
|
sourcecode version
|
|
266
|
-
# sourcecode 1.
|
|
266
|
+
# sourcecode 1.32.0
|
|
267
267
|
```
|
|
268
268
|
|
|
269
269
|
---
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
**AI-ready change intelligence for Java/Spring enterprise monoliths.**
|
|
4
4
|
|
|
5
|
-

|
|
6
6
|

|
|
7
7
|
|
|
8
8
|
---
|
|
@@ -40,7 +40,7 @@ pipx install sourcecode
|
|
|
40
40
|
|
|
41
41
|
```bash
|
|
42
42
|
sourcecode version
|
|
43
|
-
# sourcecode 1.
|
|
43
|
+
# sourcecode 1.32.0
|
|
44
44
|
```
|
|
45
45
|
|
|
46
46
|
---
|
|
@@ -0,0 +1,170 @@
|
|
|
1
|
+
# Phase 1 — Product Intelligence Report
|
|
2
|
+
> Tested against: BroadleafCommerce (2,985 Java files), Keycloak (7,885 Java files), atlas-cli itself (Python/Typer).
|
|
3
|
+
> All findings from live CLI execution. No assumptions.
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## 1. What sourcecode is
|
|
8
|
+
|
|
9
|
+
A Python CLI that performs **static structural analysis** of Java/Spring/Maven codebases and produces **structured JSON** designed for direct injection into AI coding agents or consumption by CI/CD pipelines.
|
|
10
|
+
|
|
11
|
+
It builds a deterministic symbol graph (classes, methods, annotation roles, import/injection edges) and answers structural questions about that graph: who depends on what, what endpoints exist, what is risky to change.
|
|
12
|
+
|
|
13
|
+
**It is not:**
|
|
14
|
+
- A linter or static analyzer in the SonarQube sense
|
|
15
|
+
- An LLM wrapper — no AI calls, no network required
|
|
16
|
+
- A runtime or security scanner
|
|
17
|
+
- A polyglot tool (Spring-specific features are ~nil outside Java)
|
|
18
|
+
|
|
19
|
+
---
|
|
20
|
+
|
|
21
|
+
## 2. What it does extremely well
|
|
22
|
+
|
|
23
|
+
### Blast-radius analysis (`impact`)
|
|
24
|
+
Confirmed: `sourcecode impact ExtensionManager BroadleafCommerce` returned in <1s:
|
|
25
|
+
- `risk_level: high`, `risk_score: 100`
|
|
26
|
+
- 30 direct callers, 50 indirect callers, **106 endpoints affected**
|
|
27
|
+
|
|
28
|
+
This is the clearest "wow moment" in the product. Running it on `OrderPaymentServiceImpl` returned 15 direct callers + the exact payment workflow chain in the correct order. For an engineer about to refactor a service, this replaces 2–4 hours of manual graph tracing.
|
|
29
|
+
|
|
30
|
+
**Caveat found:** Targeting `Impl` classes returns only injection-free callers (often zero in Spring Boot). The tool must be targeted at the **interface**. `OrderService` not `OrderServiceImpl`. The CLI does not auto-suggest this — friction point.
|
|
31
|
+
|
|
32
|
+
### Endpoint extraction (`endpoints`)
|
|
33
|
+
Confirmed: 613 Spring MVC + JAX-RS endpoints extracted from Keycloak in <1s. 110 from BroadleafCommerce. Zero false positives observed in sample. This is legitimately useful for auditing API surface before migrations.
|
|
34
|
+
|
|
35
|
+
### Stack detection + entry point mapping (`--compact`, `--agent`)
|
|
36
|
+
Correctly identified:
|
|
37
|
+
- Keycloak: Quarkus + Jakarta EE, @QuarkusMain, 40+ entry points ranked by type
|
|
38
|
+
- BroadleafCommerce: Spring Boot + Spring MVC, 41 @Transactional boundaries
|
|
39
|
+
- atlas-cli itself: Python + Typer
|
|
40
|
+
|
|
41
|
+
Architecture classification is less reliable: Quarkus SPI model classified as "layered" (inaccurate). Spring layered apps classified correctly.
|
|
42
|
+
|
|
43
|
+
### Symptom-driven bug triage (`fix-bug --symptom`)
|
|
44
|
+
Tested with `--symptom "payment"` on BroadleafCommerce. Top results:
|
|
45
|
+
- `OrderPaymentDaoImpl`, `SecureOrderPaymentDaoImpl`, `DefaultPaymentGatewayCheckoutService` — all directly correct
|
|
46
|
+
|
|
47
|
+
Evidence chain in `symptom_explain` shows: keyword match → content match → path match → git history. Signal quality is high for specific symptoms.
|
|
48
|
+
|
|
49
|
+
### Coupling detection (`modernize`)
|
|
50
|
+
Correctly identified `ExtensionManager` (in_degree: 209) and `Order` (in_degree: 251) as highest-risk nodes. `dead_zone_candidates` includes `ProcessURLAction`, `RequestContext` — classes with zero callers. This is accurate and immediately actionable.
|
|
51
|
+
|
|
52
|
+
### Performance
|
|
53
|
+
- Cached (content-hash): ~0.17s for both 3K-file and 7K-file repos
|
|
54
|
+
- Cold scan: ~2.9s (BroadleafCommerce), ~9.0s (Keycloak)
|
|
55
|
+
- These numbers are remarkable for the scale. No competitor does Java structural analysis this fast.
|
|
56
|
+
|
|
57
|
+
---
|
|
58
|
+
|
|
59
|
+
## 3. What it does poorly / gaps
|
|
60
|
+
|
|
61
|
+
### review-pr — LOW confidence is common
|
|
62
|
+
Tested on both repos. Output consistently shows `"confidence": "LOW"` on the `summary` field. `analysis_limiter.missing_signals: ["dependency_graph"]` explains it — the PR diff analysis doesn't have the full symbol graph available for role classification. For validator classes (not annotated), it falls back to `"classification_method": "git_diff_only"`. The output is still useful (changed files, test coverage, modules) but the low confidence signal is jarring.
|
|
63
|
+
|
|
64
|
+
### Impl vs interface confusion
|
|
65
|
+
`impact OrderServiceImpl` → `0 direct_callers`. No auto-correction. For users unfamiliar with Spring DI traversal patterns, this looks broken. The README explains it, but a first-time user will be confused.
|
|
66
|
+
|
|
67
|
+
### `hotspot_candidates` empty in annotation-heavy codebases
|
|
68
|
+
`modernize` on BroadleafCommerce returned `hotspot_candidates` with only 2 entries despite the repo having obvious hotspots. In annotation-heavy codebases, the highest-coupled nodes are `@AdminPresentationClass` (285 in_degree), `Order` (251), `AdminPresentation` (228) — but these are annotation types and JPA entities, not services/controllers, so they don't qualify for `hotspot_candidates`. `high_coupling_nodes` shows them correctly. The README warns about this; the CLI output doesn't explain it.
|
|
69
|
+
|
|
70
|
+
### No automatic "here's what to do next" nudge in edge cases
|
|
71
|
+
When `impact` returns `direct_callers: []`, no suggestion to try the interface. When `hotspot_candidates` is empty, no pointer to `high_coupling_nodes`. These silent empty states feel like failures rather than "try X instead."
|
|
72
|
+
|
|
73
|
+
### `project_summary` pulled from README
|
|
74
|
+
Keycloak's summary is marketing copy ("provides user federation, strong authentication...") not an architectural description. Misleading when fed to agents.
|
|
75
|
+
|
|
76
|
+
### Architecture classification unreliable for SPI/plugin patterns
|
|
77
|
+
Quarkus extension model, OSGi, SPI-heavy architectures all get classified as "layered." Confidence correctly downgraded to `medium`, but the label is wrong.
|
|
78
|
+
|
|
79
|
+
### No non-Java codebase analysis
|
|
80
|
+
Outside Java/Spring, you get stack detection and file structure but no endpoint extraction, no impact analysis, no transactional boundary detection. For polyglot repos it's partial at best.
|
|
81
|
+
|
|
82
|
+
---
|
|
83
|
+
|
|
84
|
+
## 4. Unique differentiators
|
|
85
|
+
|
|
86
|
+
1. **Speed at scale**: No other static analysis tool returns Java structural analysis for 7K+ files in <10s cold. This is an architectural achievement.
|
|
87
|
+
2. **Spring DI-aware traversal**: Understanding `@Autowired` interface injection is genuinely rare in open-source tooling. Most grep/AST tools return 0 callers on interface-injected Spring services.
|
|
88
|
+
3. **Deterministic, content-hash-cached output**: Safe for CI/CD. Same input = same output. Most AI-context tools are non-deterministic.
|
|
89
|
+
4. **Token-bounded by design**: Every AI-facing mode is size-bounded. Direct injection without overflow risk.
|
|
90
|
+
5. **No external dependencies**: No API keys, no network, no Docker. `pip install sourcecode` and it works offline. Privacy constraint satisfied for enterprise customers.
|
|
91
|
+
6. **MCP integration**: Already live — `mcp serve`, `mcp init`, `mcp status`. Works with Claude Desktop and Cursor. Makes sourcecode a context server for agentic workflows.
|
|
92
|
+
|
|
93
|
+
---
|
|
94
|
+
|
|
95
|
+
## 5. Ideal user profile
|
|
96
|
+
|
|
97
|
+
**Primary:**
|
|
98
|
+
- Senior/staff engineer on a Java/Spring monolith (3K–20K Java files)
|
|
99
|
+
- Using AI coding agents (Claude Code, GitHub Copilot, Cursor) for development
|
|
100
|
+
- Working in a team where "what breaks if I change X" takes 30min+ manually
|
|
101
|
+
- Pre-refactor safety checks, PR reviews, or onboarding to unfamiliar codebases
|
|
102
|
+
|
|
103
|
+
**Secondary:**
|
|
104
|
+
- Tech lead running a modernization initiative (coupling analysis, dead zone detection)
|
|
105
|
+
- Platform engineer adding a PR risk gate to CI pipeline
|
|
106
|
+
- Developer relations / new hire onboarding context generation
|
|
107
|
+
|
|
108
|
+
**Not a fit:**
|
|
109
|
+
- Frontend/React/TypeScript shops (Spring-specific features don't apply)
|
|
110
|
+
- Teams without Java/Spring codebases
|
|
111
|
+
- Teams looking for code quality / lint / style tooling
|
|
112
|
+
|
|
113
|
+
---
|
|
114
|
+
|
|
115
|
+
## 6. Real-world use cases (top 10)
|
|
116
|
+
|
|
117
|
+
1. **Pre-refactor check**: "I'm about to change `OrderService` — what endpoints break?" → `impact`
|
|
118
|
+
2. **New codebase onboarding**: "What is this 3,000-class repo and where do I start?" → `onboard`
|
|
119
|
+
3. **AI agent session start**: "Give me bounded context for Claude" → `--agent` or `--compact`
|
|
120
|
+
4. **Bug triage**: "NPE in checkout — which files are involved?" → `fix-bug --symptom "NullPointerException checkout"`
|
|
121
|
+
5. **PR review augmentation**: "Does this PR have test coverage? What's the blast radius?" → `review-pr`
|
|
122
|
+
6. **API surface audit**: "What endpoints does this service expose before migration?" → `endpoints`
|
|
123
|
+
7. **Modernization planning**: "What's the most dangerous class to refactor?" → `modernize`
|
|
124
|
+
8. **CI/CD PR gate**: Parse `ci_decision` and `test_coverage_risk` fields in pipeline
|
|
125
|
+
9. **Security pre-audit**: "What endpoints exist and which have `@PreAuthorize`?" → `endpoints` + `--compact`
|
|
126
|
+
10. **MCP context server**: Give an AI agent access to live structural analysis without token-stuffing
|
|
127
|
+
|
|
128
|
+
---
|
|
129
|
+
|
|
130
|
+
## 7. Non-use cases
|
|
131
|
+
|
|
132
|
+
- Code quality / style / lint (use Checkstyle, SonarQube)
|
|
133
|
+
- Security vulnerability scanning (use OWASP Dependency-Check, Snyk)
|
|
134
|
+
- Runtime performance analysis (use JProfiler, async-profiler)
|
|
135
|
+
- Non-Java codebases for structural analysis
|
|
136
|
+
- Teams looking for "AI that writes code" (sourcecode produces context *for* AI, not code)
|
|
137
|
+
- Dynamic/runtime behavior analysis
|
|
138
|
+
|
|
139
|
+
---
|
|
140
|
+
|
|
141
|
+
## 8. "Wow moments"
|
|
142
|
+
|
|
143
|
+
1. `sourcecode impact ExtensionManager` → "106 endpoints affected, risk: HIGH" in <1s on a 3K-file repo
|
|
144
|
+
2. `sourcecode endpoints keycloak` → 613 endpoints extracted from a 7,885-file repo in <1s
|
|
145
|
+
3. `sourcecode fix-bug --symptom "payment"` → top result is `OrderPaymentDaoImpl`, `DefaultPaymentGatewayCheckoutService` — correct without any AI
|
|
146
|
+
4. `sourcecode --compact` on Keycloak (7,885 files) → 9s cold, 0.17s cached, complete structural summary
|
|
147
|
+
5. `sourcecode modernize BroadleafCommerce` → identifies `ExtensionManager` as highest-risk node (209 dependents), exactly matches intuition of experienced engineers on the codebase
|
|
148
|
+
|
|
149
|
+
---
|
|
150
|
+
|
|
151
|
+
## 9. Friction points in UX/CLI
|
|
152
|
+
|
|
153
|
+
1. `impact OrderServiceImpl` → `direct_callers: []` with no suggestion to try `OrderService` — looks broken
|
|
154
|
+
2. `review-pr` `"confidence": "LOW"` on every commit — alarming label for a legitimate result
|
|
155
|
+
3. `hotspot_candidates: []` in annotation-heavy repos — no explanation, no fallback
|
|
156
|
+
4. `--compact` vs `--agent` — unclear when to use which without reading docs
|
|
157
|
+
5. No `--help` shortcut that explains the Spring interface vs impl distinction
|
|
158
|
+
6. `project_summary` sourced from README marketing copy — not architectural description
|
|
159
|
+
7. `fix-bug` output can be very large without `--output` flag — no token budget warning in terminal
|
|
160
|
+
|
|
161
|
+
---
|
|
162
|
+
|
|
163
|
+
## 10. Suggested positioning (1–2 lines)
|
|
164
|
+
|
|
165
|
+
> Instant blast-radius analysis and AI-ready structural context for Java/Spring monoliths.
|
|
166
|
+
> Run before every refactor, every PR, every AI agent session.
|
|
167
|
+
|
|
168
|
+
Or more aggressive:
|
|
169
|
+
|
|
170
|
+
> Before you change a Spring service, know exactly what breaks. sourcecode maps the blast radius in seconds.
|
|
@@ -0,0 +1,371 @@
|
|
|
1
|
+
# sourcecode — User Guide
|
|
2
|
+
|
|
3
|
+
**sourcecode** analyzes Java/Spring/Maven repositories and produces structured JSON for AI coding agents and CI/CD pipelines. It answers two questions: *what breaks if I change X* and *what does this codebase do*.
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## What is it
|
|
8
|
+
|
|
9
|
+
A local CLI. No API keys. No network calls. No account required.
|
|
10
|
+
|
|
11
|
+
It builds a deterministic symbol graph (classes, annotations, injection edges, HTTP routes) from your repository's source files and answers structural questions about that graph. All analysis is static — it reads code, not runtime behavior.
|
|
12
|
+
|
|
13
|
+
**Optimized for:** Spring Boot / Spring MVC monoliths. JAX-RS (Quarkus, Jersey) endpoint extraction at ~65% recall. Stack detection works on any codebase.
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## Installation
|
|
18
|
+
|
|
19
|
+
```bash
|
|
20
|
+
# macOS / Linux via Homebrew (recommended)
|
|
21
|
+
brew tap haroundominique/sourcecode
|
|
22
|
+
brew install sourcecode
|
|
23
|
+
|
|
24
|
+
# pip / pipx
|
|
25
|
+
pip install sourcecode
|
|
26
|
+
pipx install sourcecode # isolated install, no venv needed
|
|
27
|
+
|
|
28
|
+
# Verify
|
|
29
|
+
sourcecode version
|
|
30
|
+
# sourcecode 1.32.0
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
Requires Python 3.10+.
|
|
34
|
+
|
|
35
|
+
---
|
|
36
|
+
|
|
37
|
+
## License activation (Pro features)
|
|
38
|
+
|
|
39
|
+
Free features work immediately after install. Pro commands (`impact`, `review-pr`, `fix-bug`, `modernize`, `generate-tests`) require an active license.
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
sourcecode activate SC-XXXX-XXXX-XXXX
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
On success:
|
|
46
|
+
|
|
47
|
+
```json
|
|
48
|
+
{"status": "activated", "plan": "pro", "features": ["impact", "review-pr", "fix-bug", "modernize", "generate-tests"]}
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
License is cached in `~/.sourcecode/license.json` and re-validated every 24 hours. Works offline after first activation — network errors keep the cached state.
|
|
52
|
+
|
|
53
|
+
---
|
|
54
|
+
|
|
55
|
+
## Core commands
|
|
56
|
+
|
|
57
|
+
### `sourcecode --compact`
|
|
58
|
+
|
|
59
|
+
High-signal structural summary. Use at the start of any AI agent session.
|
|
60
|
+
|
|
61
|
+
```bash
|
|
62
|
+
sourcecode /path/to/repo --compact
|
|
63
|
+
sourcecode . --compact --git-context # includes commit hotspots
|
|
64
|
+
sourcecode . --compact --copy # copy to clipboard
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
Output (~2,500–4,000 tokens): detected stacks, entry points, dependencies, transactional boundaries (Spring), env vars, confidence level, analysis gaps.
|
|
68
|
+
|
|
69
|
+
### `sourcecode --agent`
|
|
70
|
+
|
|
71
|
+
More structured version of `--compact`. Designed for AI agent system prompt injection.
|
|
72
|
+
|
|
73
|
+
```bash
|
|
74
|
+
sourcecode /repo --agent --output context.json
|
|
75
|
+
cat context.json | claude -p "Explain the architecture"
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
Output (~4,500–5,500 tokens): project identity, entry points, file relevance ranking, architecture classification, confidence.
|
|
79
|
+
|
|
80
|
+
### `sourcecode onboard`
|
|
81
|
+
|
|
82
|
+
Full structural context for an unfamiliar codebase. Answers: "What is this repo and where do I start?"
|
|
83
|
+
|
|
84
|
+
```bash
|
|
85
|
+
sourcecode onboard /path/to/repo
|
|
86
|
+
sourcecode onboard . --llm-prompt # appends a ready-to-use prompt
|
|
87
|
+
sourcecode onboard . --output onboard.json
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
Output: architecture summary, subsystems, key entry points, hotspots, tech-debt signals, analysis gaps.
|
|
91
|
+
|
|
92
|
+
### `sourcecode endpoints`
|
|
93
|
+
|
|
94
|
+
Extract all REST endpoints from Spring MVC and JAX-RS annotations.
|
|
95
|
+
|
|
96
|
+
```bash
|
|
97
|
+
sourcecode endpoints /path/to/repo
|
|
98
|
+
sourcecode endpoints . --format yaml
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
Output: list of `{method, path, controller, handler}`. Covers `@GetMapping`, `@PostMapping`, `@PutMapping`, `@DeleteMapping`, `@PatchMapping`, `@RequestMapping`, `@GET`, `@POST`, `@PUT`, `@DELETE`, `@PATCH` + `@Path`.
|
|
102
|
+
|
|
103
|
+
**Note:** JAX-RS sub-resource locator pattern (endpoints mounted dynamically via factory methods) is not individually counted — ~65% recall for JAX-RS.
|
|
104
|
+
|
|
105
|
+
### `sourcecode impact` [Pro]
|
|
106
|
+
|
|
107
|
+
Blast-radius analysis: who depends on a class and what breaks if it changes.
|
|
108
|
+
|
|
109
|
+
```bash
|
|
110
|
+
sourcecode impact OrderService /repo
|
|
111
|
+
sourcecode impact OrderService . --depth 6
|
|
112
|
+
sourcecode impact org.example.UserService /repo # FQN form
|
|
113
|
+
sourcecode impact UserService.java /repo # file form
|
|
114
|
+
```
|
|
115
|
+
|
|
116
|
+
Output: `direct_callers`, `indirect_callers` (BFS to `--depth`), `endpoints_affected`, `transactional_boundaries_touched`, `risk_score` (0–100), `risk_level` (low/medium/high).
|
|
117
|
+
|
|
118
|
+
**Critical:** In Spring Boot, always target the **interface**, not the implementation.
|
|
119
|
+
|
|
120
|
+
```bash
|
|
121
|
+
sourcecode impact OrderService /repo # ✓ correct — returns callers via @Autowired
|
|
122
|
+
sourcecode impact OrderServiceImpl /repo # ✗ wrong — returns 0 callers (DI blindness)
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
If you get `direct_callers: []` with `resolution: exact` for a `@Service` class, re-run with the interface name.
|
|
126
|
+
|
|
127
|
+
### `sourcecode fix-bug` [Pro]
|
|
128
|
+
|
|
129
|
+
Risk-ranked file list correlated to a bug symptom.
|
|
130
|
+
|
|
131
|
+
```bash
|
|
132
|
+
sourcecode fix-bug /repo --symptom "NullPointerException in checkout"
|
|
133
|
+
sourcecode fix-bug . --symptom "payment timeout"
|
|
134
|
+
sourcecode fix-bug . --symptom "OIDC token refresh fails after realm update"
|
|
135
|
+
```
|
|
136
|
+
|
|
137
|
+
Output: `relevant_files` (ranked by symptom match evidence), `suspected_areas` with evidence chain (keyword → path → content → git correlation).
|
|
138
|
+
|
|
139
|
+
**Best results with specific symptoms.** Generic symptoms ("error", "bug") return noisy file lists.
|
|
140
|
+
|
|
141
|
+
### `sourcecode review-pr` [Pro]
|
|
142
|
+
|
|
143
|
+
PR diff analysis: changed files, test coverage gaps, blast radius of changed classes.
|
|
144
|
+
|
|
145
|
+
```bash
|
|
146
|
+
sourcecode review-pr . --since main
|
|
147
|
+
sourcecode review-pr . --since origin/main --format github-comment
|
|
148
|
+
sourcecode review-pr . --since HEAD~3 --output review.json
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
Output: `changed_files`, `review_hotspots`, `suggested_review_order`, `test_coverage_risk`, `impact_summary`, `ci_decision`.
|
|
152
|
+
|
|
153
|
+
Parse `ci_decision` and `test_coverage_risk` for automated CI gates:
|
|
154
|
+
|
|
155
|
+
```bash
|
|
156
|
+
DECISION=$(jq -r '.ci_decision' review.json)
|
|
157
|
+
RISK=$(jq -r '.test_coverage_risk.risk_level' review.json)
|
|
158
|
+
```
|
|
159
|
+
|
|
160
|
+
### `sourcecode modernize` [Pro]
|
|
161
|
+
|
|
162
|
+
Identifies coupling hotspots, dead zones, and cross-module tangles.
|
|
163
|
+
|
|
164
|
+
```bash
|
|
165
|
+
sourcecode modernize /path/to/repo
|
|
166
|
+
```
|
|
167
|
+
|
|
168
|
+
Output:
|
|
169
|
+
- `high_coupling_nodes` — classes with highest fan-in degree (risky to change)
|
|
170
|
+
- `hotspot_candidates` — services/controllers with high coupling (subset of above)
|
|
171
|
+
- `dead_zone_candidates` — classes with zero callers (safe to remove)
|
|
172
|
+
- `cross_module_tangles` — packages with bidirectional coupling
|
|
173
|
+
|
|
174
|
+
**Note:** In annotation-heavy codebases, `hotspot_candidates` may be empty — annotation types and JPA entities dominate the coupling graph but don't qualify as hotspots. Check `high_coupling_nodes` directly.
|
|
175
|
+
|
|
176
|
+
---
|
|
177
|
+
|
|
178
|
+
## Typical workflows
|
|
179
|
+
|
|
180
|
+
### Onboarding a new codebase (you or an AI agent)
|
|
181
|
+
|
|
182
|
+
```bash
|
|
183
|
+
# Step 1: get bounded context
|
|
184
|
+
sourcecode onboard /repo
|
|
185
|
+
|
|
186
|
+
# Step 2: understand the entry points + architecture
|
|
187
|
+
sourcecode /repo --compact
|
|
188
|
+
|
|
189
|
+
# Step 3: pipe to an AI agent
|
|
190
|
+
sourcecode /repo --agent | claude -p "Explain the main request flow through this service"
|
|
191
|
+
```
|
|
192
|
+
|
|
193
|
+
### Pre-refactor safety check
|
|
194
|
+
|
|
195
|
+
```bash
|
|
196
|
+
# Always target the interface in Spring Boot repos:
|
|
197
|
+
sourcecode impact OrderService /repo
|
|
198
|
+
|
|
199
|
+
# Parse the risk level programmatically:
|
|
200
|
+
sourcecode impact OrderService /repo | jq '{risk_level, risk_score, direct_callers_count: (.direct_callers | length), endpoints_count: (.endpoints_affected | length)}'
|
|
201
|
+
|
|
202
|
+
# If touching a very large hub interface, use depth=1 for speed:
|
|
203
|
+
sourcecode impact KeycloakSession /repo --depth 1
|
|
204
|
+
```
|
|
205
|
+
|
|
206
|
+
### Bug triage
|
|
207
|
+
|
|
208
|
+
```bash
|
|
209
|
+
# Specific symptoms → best signal:
|
|
210
|
+
sourcecode fix-bug /repo --symptom "NullPointerException OrderService.findOrderById line 234"
|
|
211
|
+
|
|
212
|
+
# Save full output for complex bugs:
|
|
213
|
+
sourcecode fix-bug /repo --symptom "payment gateway timeout" --output triage.json
|
|
214
|
+
|
|
215
|
+
# Top files will include:
|
|
216
|
+
# - symptom_match: direct keyword/path match
|
|
217
|
+
# - suspected_areas: annotations + evidence chain
|
|
218
|
+
# - relevant_files: risk-ranked by composite score
|
|
219
|
+
```
|
|
220
|
+
|
|
221
|
+
### PR review
|
|
222
|
+
|
|
223
|
+
```bash
|
|
224
|
+
# JSON output for automated gates:
|
|
225
|
+
sourcecode review-pr . --since origin/main --output review.json
|
|
226
|
+
jq '{ci_decision, test_coverage_risk, impact_summary}' review.json
|
|
227
|
+
|
|
228
|
+
# Markdown comment for GitHub:
|
|
229
|
+
sourcecode review-pr . --since main --format github-comment
|
|
230
|
+
|
|
231
|
+
# Specific range:
|
|
232
|
+
sourcecode review-pr . --since HEAD~5
|
|
233
|
+
```
|
|
234
|
+
|
|
235
|
+
### Understand the REST API surface
|
|
236
|
+
|
|
237
|
+
```bash
|
|
238
|
+
sourcecode endpoints /repo
|
|
239
|
+
sourcecode endpoints /repo | jq '.endpoints | map(select(.method == "POST"))' # POST endpoints only
|
|
240
|
+
sourcecode endpoints /repo --output endpoints.json
|
|
241
|
+
```
|
|
242
|
+
|
|
243
|
+
### MCP server (AI agent integration)
|
|
244
|
+
|
|
245
|
+
```bash
|
|
246
|
+
# One-time setup (Claude Desktop / Cursor):
|
|
247
|
+
sourcecode mcp init
|
|
248
|
+
|
|
249
|
+
# Verify setup:
|
|
250
|
+
sourcecode mcp status
|
|
251
|
+
|
|
252
|
+
# Start server manually:
|
|
253
|
+
sourcecode mcp serve
|
|
254
|
+
|
|
255
|
+
# Remove:
|
|
256
|
+
sourcecode mcp remove
|
|
257
|
+
```
|
|
258
|
+
|
|
259
|
+
The MCP server exposes structural analysis tools to AI agents without requiring the agent to call the CLI directly. Claude Desktop and Cursor can query impact, endpoints, and context through the MCP protocol.
|
|
260
|
+
|
|
261
|
+
---
|
|
262
|
+
|
|
263
|
+
## Output schema
|
|
264
|
+
|
|
265
|
+
All commands output structured JSON to stdout unless `--output` is specified.
|
|
266
|
+
|
|
267
|
+
Common fields:
|
|
268
|
+
- `schema_version` — format version
|
|
269
|
+
- `confidence_summary.overall` — `high` / `medium` / `low`
|
|
270
|
+
- `analysis_gaps` — list of what could not be analyzed and why
|
|
271
|
+
|
|
272
|
+
Java/Spring-specific fields (when detected):
|
|
273
|
+
- `transactional_boundaries` — classes annotated with `@Transactional`
|
|
274
|
+
- `language_version` — from `maven.compiler.source`
|
|
275
|
+
- `deployment.spring_boot_version`
|
|
276
|
+
- `deployment.packaging` — `jar` or `war`
|
|
277
|
+
- `mybatis` — mapper interface/XML pairing summary
|
|
278
|
+
|
|
279
|
+
### Output modes
|
|
280
|
+
|
|
281
|
+
| Mode | When to use | Token size |
|
|
282
|
+
|------|-------------|-----------|
|
|
283
|
+
| `--compact` | AI session start, high-level overview | 2,500–4,000 |
|
|
284
|
+
| `--agent` | AI agent system prompt injection | 4,500–5,500 |
|
|
285
|
+
| `onboard` | Task-structured agent/developer onboarding | ~2,600 |
|
|
286
|
+
| `fix-bug` (trimmed) | Bug triage with token budget | ~4,600 |
|
|
287
|
+
| `--full` | Remove truncation limits | unlimited |
|
|
288
|
+
|
|
289
|
+
---
|
|
290
|
+
|
|
291
|
+
## Caching
|
|
292
|
+
|
|
293
|
+
Analysis is cached by content hash. Unchanged files do not re-scan.
|
|
294
|
+
|
|
295
|
+
- Cache hit speedup: 13–33× depending on repo size
|
|
296
|
+
- BroadleafCommerce (2,985 files): 2.9s cold → 0.20s cached
|
|
297
|
+
- Keycloak (7,885 files): 9.0s cold → 0.27s cached
|
|
298
|
+
- Bypass: `sourcecode --no-cache`
|
|
299
|
+
|
|
300
|
+
The cache is stored locally. No content leaves your machine.
|
|
301
|
+
|
|
302
|
+
---
|
|
303
|
+
|
|
304
|
+
## Flags reference
|
|
305
|
+
|
|
306
|
+
| Flag | Short | Description |
|
|
307
|
+
|------|-------|-------------|
|
|
308
|
+
| `--compact` | | High-signal summary + transactional boundaries |
|
|
309
|
+
| `--agent` | | Structured JSON for AI agent injection |
|
|
310
|
+
| `--full` | | Remove truncation limits |
|
|
311
|
+
| `--git-context` | `-g` | Add commit hotspots and uncommitted file count |
|
|
312
|
+
| `--changed-only` | | Limit to git-modified files |
|
|
313
|
+
| `--depth N` | | Traversal depth (default: 4, max: 20) |
|
|
314
|
+
| `--format` | `-f` | `json` (default) or `yaml` |
|
|
315
|
+
| `--output` | `-o` | Write to file instead of stdout |
|
|
316
|
+
| `--no-cache` | | Force fresh analysis |
|
|
317
|
+
| `--copy` | `-c` | Copy output to clipboard |
|
|
318
|
+
| `--no-redact` | | Disable automatic secret redaction |
|
|
319
|
+
| `--exclude PATTERN` | | Skip directories matching pattern |
|
|
320
|
+
| `--version` | `-v` | Show version and exit |
|
|
321
|
+
|
|
322
|
+
---
|
|
323
|
+
|
|
324
|
+
## Troubleshooting
|
|
325
|
+
|
|
326
|
+
### `impact` returns 0 callers for a @Service class
|
|
327
|
+
|
|
328
|
+
You're targeting the implementation. Spring Boot uses interface injection.
|
|
329
|
+
|
|
330
|
+
```bash
|
|
331
|
+
# Wrong:
|
|
332
|
+
sourcecode impact UserServiceImpl /repo # 0 callers
|
|
333
|
+
|
|
334
|
+
# Correct:
|
|
335
|
+
sourcecode impact UserService /repo # real blast radius
|
|
336
|
+
```
|
|
337
|
+
|
|
338
|
+
### `hotspot_candidates` is empty after `modernize`
|
|
339
|
+
|
|
340
|
+
Check `high_coupling_nodes` instead. In annotation-heavy codebases, the highest-coupled symbols are annotation types and JPA entities, not services. These are excluded from `hotspot_candidates` by role filter.
|
|
341
|
+
|
|
342
|
+
### `review-pr` shows `confidence: LOW`
|
|
343
|
+
|
|
344
|
+
Expected for small commits or commits touching files without annotation signals. The output is still accurate — low confidence means the role classification fell back to filename/git-diff only. Check `analysis_limiter.missing_signals` for details.
|
|
345
|
+
|
|
346
|
+
### `endpoints` shows 0 for a Spring project
|
|
347
|
+
|
|
348
|
+
Most common causes:
|
|
349
|
+
1. Endpoints use non-standard annotation composition (meta-annotations). Direct `@GetMapping` detection only.
|
|
350
|
+
2. JAX-RS sub-resource locator pattern — endpoints mounted dynamically.
|
|
351
|
+
3. Kotlin Spring controllers (Java-only analysis).
|
|
352
|
+
|
|
353
|
+
### Cold scan is slow (>30s)
|
|
354
|
+
|
|
355
|
+
For very large repos (15K+ Java files), consider:
|
|
356
|
+
- `--fast` flag (skips deep content search): `sourcecode fix-bug --fast`
|
|
357
|
+
- `--exclude legacy,generated` to skip non-production code
|
|
358
|
+
- After first run, cache hits will be <1s
|
|
359
|
+
|
|
360
|
+
---
|
|
361
|
+
|
|
362
|
+
## Limitations
|
|
363
|
+
|
|
364
|
+
- Static analysis only — no runtime behavior, no bytecode analysis
|
|
365
|
+
- No semantic code understanding — reads structure, not logic
|
|
366
|
+
- Spring MVC layered apps: high accuracy. Quarkus SPI/plugin model: architecture classification may be inaccurate
|
|
367
|
+
- JAX-RS subresource locator pattern: ~65% endpoint recall
|
|
368
|
+
- `impact` on implementation classes returns implementation-specific callers only — always target the interface in Spring Boot
|
|
369
|
+
- `no_security_signal` on endpoints = no method-level annotations found. Does not mean the endpoint is unsecured (Spring Security filter chains are not analyzed)
|
|
370
|
+
- `project_summary` is extracted from README — may reflect marketing copy rather than architectural description
|
|
371
|
+
- Works offline; no AI inference — outputs structural facts, not quality judgments
|