sourcecode 1.31.32__tar.gz → 1.32.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (235) hide show
  1. {sourcecode-1.31.32 → sourcecode-1.32.1}/PKG-INFO +3 -3
  2. {sourcecode-1.31.32 → sourcecode-1.32.1}/README.md +2 -2
  3. sourcecode-1.32.1/docs/PRODUCT_AUDIT.md +170 -0
  4. sourcecode-1.32.1/docs/USER_GUIDE.md +371 -0
  5. {sourcecode-1.31.32 → sourcecode-1.32.1}/pyproject.toml +1 -1
  6. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/__init__.py +1 -1
  7. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/architecture_analyzer.py +64 -15
  8. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/classifier.py +4 -0
  9. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/cli.py +100 -53
  10. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/context_summarizer.py +1 -0
  11. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/dependency_analyzer.py +3 -3
  12. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/java.py +6 -1
  13. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/license.py +107 -16
  14. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/prepare_context.py +7 -1
  15. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/repository_ir.py +6 -1
  16. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/summarizer.py +1 -0
  17. {sourcecode-1.31.32 → sourcecode-1.32.1}/.agents/skills/source-command-gsd-join-discord/SKILL.md +0 -0
  18. {sourcecode-1.31.32 → sourcecode-1.32.1}/.agents/skills/source-command-gsd-review-backlog/SKILL.md +0 -0
  19. {sourcecode-1.31.32 → sourcecode-1.32.1}/.agents/skills/source-command-gsd-workstreams/SKILL.md +0 -0
  20. {sourcecode-1.31.32 → sourcecode-1.32.1}/.continue-here.md +0 -0
  21. {sourcecode-1.31.32 → sourcecode-1.32.1}/.github/workflows/build-windows.yml +0 -0
  22. {sourcecode-1.31.32 → sourcecode-1.32.1}/.gitignore +0 -0
  23. {sourcecode-1.31.32 → sourcecode-1.32.1}/.ruff.toml +0 -0
  24. {sourcecode-1.31.32 → sourcecode-1.32.1}/.sourcecode-cache/snapshot-3b5997a-fa5c742c.json +0 -0
  25. {sourcecode-1.31.32 → sourcecode-1.32.1}/AUDIT_REAL_REPOS.md +0 -0
  26. {sourcecode-1.31.32 → sourcecode-1.32.1}/AUDIT_v1.31.23.md +0 -0
  27. {sourcecode-1.31.32 → sourcecode-1.32.1}/CHANGELOG.md +0 -0
  28. {sourcecode-1.31.32 → sourcecode-1.32.1}/CONTRIBUTING.md +0 -0
  29. {sourcecode-1.31.32 → sourcecode-1.32.1}/LICENSE +0 -0
  30. {sourcecode-1.31.32 → sourcecode-1.32.1}/SECURITY.md +0 -0
  31. {sourcecode-1.31.32 → sourcecode-1.32.1}/docs/PRODUCT_TIERS.md +0 -0
  32. {sourcecode-1.31.32 → sourcecode-1.32.1}/docs/privacy.md +0 -0
  33. {sourcecode-1.31.32 → sourcecode-1.32.1}/docs/schema.md +0 -0
  34. {sourcecode-1.31.32 → sourcecode-1.32.1}/raw +0 -0
  35. {sourcecode-1.31.32 → sourcecode-1.32.1}/run_cli.py +0 -0
  36. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/adaptive_scanner.py +0 -0
  37. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/architecture_summary.py +0 -0
  38. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/ast_extractor.py +0 -0
  39. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/cache.py +0 -0
  40. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/canonical_ir.py +0 -0
  41. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/code_notes_analyzer.py +0 -0
  42. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/confidence_analyzer.py +0 -0
  43. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/context_scorer.py +0 -0
  44. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/contract_model.py +0 -0
  45. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/contract_pipeline.py +0 -0
  46. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/coverage_parser.py +0 -0
  47. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/__init__.py +0 -0
  48. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/base.py +0 -0
  49. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/csproj_parser.py +0 -0
  50. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/dart.py +0 -0
  51. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/dotnet.py +0 -0
  52. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/elixir.py +0 -0
  53. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/go.py +0 -0
  54. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/heuristic.py +0 -0
  55. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/hybrid.py +0 -0
  56. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/jvm_ext.py +0 -0
  57. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/nodejs.py +0 -0
  58. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/parsers.py +0 -0
  59. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/php.py +0 -0
  60. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/project.py +0 -0
  61. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/python.py +0 -0
  62. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/ruby.py +0 -0
  63. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/rust.py +0 -0
  64. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/systems.py +0 -0
  65. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/terraform.py +0 -0
  66. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/detectors/tooling.py +0 -0
  67. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/doc_analyzer.py +0 -0
  68. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/entrypoint_classifier.py +0 -0
  69. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/env_analyzer.py +0 -0
  70. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/file_classifier.py +0 -0
  71. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/flow_analyzer.py +0 -0
  72. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/git_analyzer.py +0 -0
  73. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/graph_analyzer.py +0 -0
  74. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/mcp/__init__.py +0 -0
  75. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/mcp/onboarding/__init__.py +0 -0
  76. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/mcp/onboarding/applier.py +0 -0
  77. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/mcp/onboarding/backup.py +0 -0
  78. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/mcp/onboarding/detector.py +0 -0
  79. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/mcp/onboarding/planner.py +0 -0
  80. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/mcp/runner.py +0 -0
  81. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/mcp/server.py +0 -0
  82. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/mcp_nudge.py +0 -0
  83. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/metrics_analyzer.py +0 -0
  84. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/output_budget.py +0 -0
  85. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/path_filters.py +0 -0
  86. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/pr_comment_renderer.py +0 -0
  87. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/progress.py +0 -0
  88. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/ranking_engine.py +0 -0
  89. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/redactor.py +0 -0
  90. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/relevance_scorer.py +0 -0
  91. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/repo_classifier.py +0 -0
  92. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/runtime_classifier.py +0 -0
  93. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/scanner.py +0 -0
  94. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/schema.py +0 -0
  95. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/semantic_analyzer.py +0 -0
  96. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/serializer.py +0 -0
  97. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/telemetry/__init__.py +0 -0
  98. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/telemetry/config.py +0 -0
  99. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/telemetry/consent.py +0 -0
  100. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/telemetry/events.py +0 -0
  101. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/telemetry/filters.py +0 -0
  102. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/telemetry/transport.py +0 -0
  103. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/tree_utils.py +0 -0
  104. {sourcecode-1.31.32 → sourcecode-1.32.1}/src/sourcecode/workspace.py +0 -0
  105. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/__init__.py +0 -0
  106. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/conftest.py +0 -0
  107. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/coverage.xml +0 -0
  108. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/fastapi_app/pyproject.toml +0 -0
  109. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/fastapi_app/src/main.py +0 -0
  110. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/go_service/cmd/api/main.go +0 -0
  111. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/go_service/go.mod +0 -0
  112. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/jacoco.xml +0 -0
  113. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/latin1_sample.java +0 -0
  114. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/latin1_sample_iso.java +0 -0
  115. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/lcov.info +0 -0
  116. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/nextjs_app/app/page.tsx +0 -0
  117. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/nextjs_app/package.json +0 -0
  118. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/nextjs_app/pnpm-lock.yaml +0 -0
  119. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/pnpm_monorepo/apps/web/app/page.tsx +0 -0
  120. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/pnpm_monorepo/apps/web/package.json +0 -0
  121. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/pnpm_monorepo/packages/api/main.py +0 -0
  122. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/pnpm_monorepo/packages/api/pyproject.toml +0 -0
  123. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/pnpm_monorepo/pnpm-workspace.yaml +0 -0
  124. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/pom.xml +0 -0
  125. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/ausente/application/service/FindAusenteService.java +0 -0
  126. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/ausente/domain/entities/Ausente.java +0 -0
  127. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/ausente/infrastructure/rest/AusenteRestController.java +0 -0
  128. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/autocoberturas/application/service/FindAutocoberturasService.java +0 -0
  129. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/autocoberturas/domain/entities/Autocoberturas.java +0 -0
  130. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/autocoberturas/infrastructure/rest/AutocoberturasRestController.java +0 -0
  131. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/calendarioTrabajador/application/service/FindCalendarioTrabajadorService.java +0 -0
  132. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/calendarioTrabajador/domain/entities/CalendarioTrabajador.java +0 -0
  133. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/calendarioTrabajador/infrastructure/rest/CalendarioTrabajadorRestController.java +0 -0
  134. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/departamento/application/service/FindDepartamentoService.java +0 -0
  135. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/departamento/domain/entities/Departamento.java +0 -0
  136. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/departamento/infrastructure/rest/DepartamentoRestController.java +0 -0
  137. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/empleado/application/service/FindEmpleadoService.java +0 -0
  138. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/empleado/domain/entities/Empleado.java +0 -0
  139. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/ddd/empleado/infrastructure/rest/EmpleadoRestController.java +0 -0
  140. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/DemoApplication.java +0 -0
  141. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/config/FilterConfig.java +0 -0
  142. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/domain/Health.java +0 -0
  143. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/mapper/HealthMapper.java +0 -0
  144. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/repository/HealthRepository.java +0 -0
  145. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/service/HealthService.java +0 -0
  146. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/web/HealthRestController.java +0 -0
  147. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/java/com/example/demo/web/NominaRestController.java +0 -0
  148. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/resources/application-dev.yml +0 -0
  149. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/resources/application.yml +0 -0
  150. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/fixtures/spring_boot_minimal/src/main/resources/mapper/HealthMapper.xml +0 -0
  151. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_architecture_analyzer.py +0 -0
  152. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_architecture_summary.py +0 -0
  153. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_ast_extractor.py +0 -0
  154. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_audit_fixes.py +0 -0
  155. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_audit_sas_v2.py +0 -0
  156. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_block1_reliability.py +0 -0
  157. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_block2_coverage.py +0 -0
  158. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_block5_quality.py +0 -0
  159. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_broadleaf_fixes.py +0 -0
  160. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_bug_fixes_v1302.py +0 -0
  161. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_bug_fixes_v13115.py +0 -0
  162. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_bug_fixes_v1312.py +0 -0
  163. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_bug_fixes_v13122.py +0 -0
  164. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_bug_fixes_v1313.py +0 -0
  165. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_bug_fixes_v13130.py +0 -0
  166. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_bug_fixes_v1321.py +0 -0
  167. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_bug_fixes_v16.py +0 -0
  168. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_bug_fixes_v2.py +0 -0
  169. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_cache.py +0 -0
  170. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_canonical_ir.py +0 -0
  171. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_classifier.py +0 -0
  172. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_cli.py +0 -0
  173. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_code_notes_analyzer.py +0 -0
  174. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_context_scorer.py +0 -0
  175. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_contract_pipeline.py +0 -0
  176. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_coverage_parser.py +0 -0
  177. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_cross_consistency.py +0 -0
  178. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_dependency_analyzer_node_python.py +0 -0
  179. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_dependency_analyzer_polyglot.py +0 -0
  180. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_dependency_schema.py +0 -0
  181. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_detector_dotnet.py +0 -0
  182. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_detector_go_rust_java.py +0 -0
  183. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_detector_nodejs.py +0 -0
  184. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_detector_php_ruby_dart.py +0 -0
  185. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_detector_python.py +0 -0
  186. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_detector_universal_managed.py +0 -0
  187. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_detector_universal_systems.py +0 -0
  188. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_detectors_base.py +0 -0
  189. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_doc_analyzer_jsdom.py +0 -0
  190. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_doc_analyzer_python.py +0 -0
  191. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_encoding_regression.py +0 -0
  192. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_enterprise_benchmarks.py +0 -0
  193. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_graph_analyzer_polyglot.py +0 -0
  194. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_graph_analyzer_python_node.py +0 -0
  195. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_graph_schema.py +0 -0
  196. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_hybrid_inference.py +0 -0
  197. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_integration.py +0 -0
  198. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_integration_dependencies.py +0 -0
  199. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_integration_detection.py +0 -0
  200. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_integration_docs.py +0 -0
  201. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_integration_graph_modules.py +0 -0
  202. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_integration_lqn.py +0 -0
  203. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_integration_metrics.py +0 -0
  204. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_integration_multistack.py +0 -0
  205. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_integration_semantics.py +0 -0
  206. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_integration_universal.py +0 -0
  207. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_java_spring_integration.py +0 -0
  208. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_mcp_nudge.py +0 -0
  209. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_mcp_runner.py +0 -0
  210. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_mcp_serve.py +0 -0
  211. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_mcp_tools.py +0 -0
  212. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_metrics_analyzer.py +0 -0
  213. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_output_ux.py +0 -0
  214. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_packaging.py +0 -0
  215. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_phase1_improvements.py +0 -0
  216. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_pipeline_integrity.py +0 -0
  217. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_real_projects.py +0 -0
  218. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_redactor.py +0 -0
  219. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_repository_ir.py +0 -0
  220. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_scanner.py +0 -0
  221. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_schema.py +0 -0
  222. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_schema_normalization.py +0 -0
  223. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_scoring_calibration.py +0 -0
  224. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_semantic_analyzer_node.py +0 -0
  225. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_semantic_analyzer_python.py +0 -0
  226. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_semantic_import_resolution.py +0 -0
  227. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_semantic_schema.py +0 -0
  228. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_signal_hierarchy.py +0 -0
  229. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_summarizer.py +0 -0
  230. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_surface_honesty.py +0 -0
  231. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_task_differentiation.py +0 -0
  232. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_telemetry.py +0 -0
  233. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_v131_improvements.py +0 -0
  234. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_v1_10_regressions.py +0 -0
  235. {sourcecode-1.31.32 → sourcecode-1.32.1}/tests/test_workspace_analyzer.py +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: sourcecode
3
- Version: 1.31.32
3
+ Version: 1.32.1
4
4
  Summary: Deterministic codebase context for AI coding agents
5
5
  License: Apache License
6
6
  Version 2.0, January 2004
@@ -225,7 +225,7 @@ Description-Content-Type: text/markdown
225
225
 
226
226
  **AI-ready change intelligence for Java/Spring enterprise monoliths.**
227
227
 
228
- ![Version](https://img.shields.io/badge/version-1.31.32-blue)
228
+ ![Version](https://img.shields.io/badge/version-1.32.0-blue)
229
229
  ![Python](https://img.shields.io/badge/python-3.10%2B-green)
230
230
 
231
231
  ---
@@ -263,7 +263,7 @@ pipx install sourcecode
263
263
 
264
264
  ```bash
265
265
  sourcecode version
266
- # sourcecode 1.31.32
266
+ # sourcecode 1.32.0
267
267
  ```
268
268
 
269
269
  ---
@@ -2,7 +2,7 @@
2
2
 
3
3
  **AI-ready change intelligence for Java/Spring enterprise monoliths.**
4
4
 
5
- ![Version](https://img.shields.io/badge/version-1.31.32-blue)
5
+ ![Version](https://img.shields.io/badge/version-1.32.0-blue)
6
6
  ![Python](https://img.shields.io/badge/python-3.10%2B-green)
7
7
 
8
8
  ---
@@ -40,7 +40,7 @@ pipx install sourcecode
40
40
 
41
41
  ```bash
42
42
  sourcecode version
43
- # sourcecode 1.31.32
43
+ # sourcecode 1.32.0
44
44
  ```
45
45
 
46
46
  ---
@@ -0,0 +1,170 @@
1
+ # Phase 1 — Product Intelligence Report
2
+ > Tested against: BroadleafCommerce (2,985 Java files), Keycloak (7,885 Java files), atlas-cli itself (Python/Typer).
3
+ > All findings from live CLI execution. No assumptions.
4
+
5
+ ---
6
+
7
+ ## 1. What sourcecode is
8
+
9
+ A Python CLI that performs **static structural analysis** of Java/Spring/Maven codebases and produces **structured JSON** designed for direct injection into AI coding agents or consumption by CI/CD pipelines.
10
+
11
+ It builds a deterministic symbol graph (classes, methods, annotation roles, import/injection edges) and answers structural questions about that graph: who depends on what, what endpoints exist, what is risky to change.
12
+
13
+ **It is not:**
14
+ - A linter or static analyzer in the SonarQube sense
15
+ - An LLM wrapper — no AI calls, no network required
16
+ - A runtime or security scanner
17
+ - A polyglot tool (Spring-specific features are ~nil outside Java)
18
+
19
+ ---
20
+
21
+ ## 2. What it does extremely well
22
+
23
+ ### Blast-radius analysis (`impact`)
24
+ Confirmed: `sourcecode impact ExtensionManager BroadleafCommerce` returned in <1s:
25
+ - `risk_level: high`, `risk_score: 100`
26
+ - 30 direct callers, 50 indirect callers, **106 endpoints affected**
27
+
28
+ This is the clearest "wow moment" in the product. Running it on `OrderPaymentServiceImpl` returned 15 direct callers + the exact payment workflow chain in the correct order. For an engineer about to refactor a service, this replaces 2–4 hours of manual graph tracing.
29
+
30
+ **Caveat found:** Targeting `Impl` classes returns only injection-free callers (often zero in Spring Boot). The tool must be targeted at the **interface**. `OrderService` not `OrderServiceImpl`. The CLI does not auto-suggest this — friction point.
31
+
32
+ ### Endpoint extraction (`endpoints`)
33
+ Confirmed: 613 Spring MVC + JAX-RS endpoints extracted from Keycloak in <1s. 110 from BroadleafCommerce. Zero false positives observed in sample. This is legitimately useful for auditing API surface before migrations.
34
+
35
+ ### Stack detection + entry point mapping (`--compact`, `--agent`)
36
+ Correctly identified:
37
+ - Keycloak: Quarkus + Jakarta EE, @QuarkusMain, 40+ entry points ranked by type
38
+ - BroadleafCommerce: Spring Boot + Spring MVC, 41 @Transactional boundaries
39
+ - atlas-cli itself: Python + Typer
40
+
41
+ Architecture classification is less reliable: Quarkus SPI model classified as "layered" (inaccurate). Spring layered apps classified correctly.
42
+
43
+ ### Symptom-driven bug triage (`fix-bug --symptom`)
44
+ Tested with `--symptom "payment"` on BroadleafCommerce. Top results:
45
+ - `OrderPaymentDaoImpl`, `SecureOrderPaymentDaoImpl`, `DefaultPaymentGatewayCheckoutService` — all directly correct
46
+
47
+ Evidence chain in `symptom_explain` shows: keyword match → content match → path match → git history. Signal quality is high for specific symptoms.
48
+
49
+ ### Coupling detection (`modernize`)
50
+ Correctly identified `ExtensionManager` (in_degree: 209) and `Order` (in_degree: 251) as highest-risk nodes. `dead_zone_candidates` includes `ProcessURLAction`, `RequestContext` — classes with zero callers. This is accurate and immediately actionable.
51
+
52
+ ### Performance
53
+ - Cached (content-hash): ~0.17s for both 3K-file and 7K-file repos
54
+ - Cold scan: ~2.9s (BroadleafCommerce), ~9.0s (Keycloak)
55
+ - These numbers are remarkable for the scale. No competitor does Java structural analysis this fast.
56
+
57
+ ---
58
+
59
+ ## 3. What it does poorly / gaps
60
+
61
+ ### review-pr — LOW confidence is common
62
+ Tested on both repos. Output consistently shows `"confidence": "LOW"` on the `summary` field. `analysis_limiter.missing_signals: ["dependency_graph"]` explains it — the PR diff analysis doesn't have the full symbol graph available for role classification. For validator classes (not annotated), it falls back to `"classification_method": "git_diff_only"`. The output is still useful (changed files, test coverage, modules) but the low confidence signal is jarring.
63
+
64
+ ### Impl vs interface confusion
65
+ `impact OrderServiceImpl` → `0 direct_callers`. No auto-correction. For users unfamiliar with Spring DI traversal patterns, this looks broken. The README explains it, but a first-time user will be confused.
66
+
67
+ ### `hotspot_candidates` empty in annotation-heavy codebases
68
+ `modernize` on BroadleafCommerce returned `hotspot_candidates` with only 2 entries despite the repo having obvious hotspots. In annotation-heavy codebases, the highest-coupled nodes are `@AdminPresentationClass` (285 in_degree), `Order` (251), `AdminPresentation` (228) — but these are annotation types and JPA entities, not services/controllers, so they don't qualify for `hotspot_candidates`. `high_coupling_nodes` shows them correctly. The README warns about this; the CLI output doesn't explain it.
69
+
70
+ ### No automatic "here's what to do next" nudge in edge cases
71
+ When `impact` returns `direct_callers: []`, no suggestion to try the interface. When `hotspot_candidates` is empty, no pointer to `high_coupling_nodes`. These silent empty states feel like failures rather than "try X instead."
72
+
73
+ ### `project_summary` pulled from README
74
+ Keycloak's summary is marketing copy ("provides user federation, strong authentication...") not an architectural description. Misleading when fed to agents.
75
+
76
+ ### Architecture classification unreliable for SPI/plugin patterns
77
+ Quarkus extension model, OSGi, SPI-heavy architectures all get classified as "layered." Confidence correctly downgraded to `medium`, but the label is wrong.
78
+
79
+ ### No non-Java codebase analysis
80
+ Outside Java/Spring, you get stack detection and file structure but no endpoint extraction, no impact analysis, no transactional boundary detection. For polyglot repos it's partial at best.
81
+
82
+ ---
83
+
84
+ ## 4. Unique differentiators
85
+
86
+ 1. **Speed at scale**: No other static analysis tool returns Java structural analysis for 7K+ files in <10s cold. This is an architectural achievement.
87
+ 2. **Spring DI-aware traversal**: Understanding `@Autowired` interface injection is genuinely rare in open-source tooling. Most grep/AST tools return 0 callers on interface-injected Spring services.
88
+ 3. **Deterministic, content-hash-cached output**: Safe for CI/CD. Same input = same output. Most AI-context tools are non-deterministic.
89
+ 4. **Token-bounded by design**: Every AI-facing mode is size-bounded. Direct injection without overflow risk.
90
+ 5. **No external dependencies**: No API keys, no network, no Docker. `pip install sourcecode` and it works offline. Privacy constraint satisfied for enterprise customers.
91
+ 6. **MCP integration**: Already live — `mcp serve`, `mcp init`, `mcp status`. Works with Claude Desktop and Cursor. Makes sourcecode a context server for agentic workflows.
92
+
93
+ ---
94
+
95
+ ## 5. Ideal user profile
96
+
97
+ **Primary:**
98
+ - Senior/staff engineer on a Java/Spring monolith (3K–20K Java files)
99
+ - Using AI coding agents (Claude Code, GitHub Copilot, Cursor) for development
100
+ - Working in a team where "what breaks if I change X" takes 30min+ manually
101
+ - Pre-refactor safety checks, PR reviews, or onboarding to unfamiliar codebases
102
+
103
+ **Secondary:**
104
+ - Tech lead running a modernization initiative (coupling analysis, dead zone detection)
105
+ - Platform engineer adding a PR risk gate to CI pipeline
106
+ - Developer relations / new hire onboarding context generation
107
+
108
+ **Not a fit:**
109
+ - Frontend/React/TypeScript shops (Spring-specific features don't apply)
110
+ - Teams without Java/Spring codebases
111
+ - Teams looking for code quality / lint / style tooling
112
+
113
+ ---
114
+
115
+ ## 6. Real-world use cases (top 10)
116
+
117
+ 1. **Pre-refactor check**: "I'm about to change `OrderService` — what endpoints break?" → `impact`
118
+ 2. **New codebase onboarding**: "What is this 3,000-class repo and where do I start?" → `onboard`
119
+ 3. **AI agent session start**: "Give me bounded context for Claude" → `--agent` or `--compact`
120
+ 4. **Bug triage**: "NPE in checkout — which files are involved?" → `fix-bug --symptom "NullPointerException checkout"`
121
+ 5. **PR review augmentation**: "Does this PR have test coverage? What's the blast radius?" → `review-pr`
122
+ 6. **API surface audit**: "What endpoints does this service expose before migration?" → `endpoints`
123
+ 7. **Modernization planning**: "What's the most dangerous class to refactor?" → `modernize`
124
+ 8. **CI/CD PR gate**: Parse `ci_decision` and `test_coverage_risk` fields in pipeline
125
+ 9. **Security pre-audit**: "What endpoints exist and which have `@PreAuthorize`?" → `endpoints` + `--compact`
126
+ 10. **MCP context server**: Give an AI agent access to live structural analysis without token-stuffing
127
+
128
+ ---
129
+
130
+ ## 7. Non-use cases
131
+
132
+ - Code quality / style / lint (use Checkstyle, SonarQube)
133
+ - Security vulnerability scanning (use OWASP Dependency-Check, Snyk)
134
+ - Runtime performance analysis (use JProfiler, async-profiler)
135
+ - Non-Java codebases for structural analysis
136
+ - Teams looking for "AI that writes code" (sourcecode produces context *for* AI, not code)
137
+ - Dynamic/runtime behavior analysis
138
+
139
+ ---
140
+
141
+ ## 8. "Wow moments"
142
+
143
+ 1. `sourcecode impact ExtensionManager` → "106 endpoints affected, risk: HIGH" in <1s on a 3K-file repo
144
+ 2. `sourcecode endpoints keycloak` → 613 endpoints extracted from a 7,885-file repo in <1s
145
+ 3. `sourcecode fix-bug --symptom "payment"` → top result is `OrderPaymentDaoImpl`, `DefaultPaymentGatewayCheckoutService` — correct without any AI
146
+ 4. `sourcecode --compact` on Keycloak (7,885 files) → 9s cold, 0.17s cached, complete structural summary
147
+ 5. `sourcecode modernize BroadleafCommerce` → identifies `ExtensionManager` as highest-risk node (209 dependents), exactly matches intuition of experienced engineers on the codebase
148
+
149
+ ---
150
+
151
+ ## 9. Friction points in UX/CLI
152
+
153
+ 1. `impact OrderServiceImpl` → `direct_callers: []` with no suggestion to try `OrderService` — looks broken
154
+ 2. `review-pr` `"confidence": "LOW"` on every commit — alarming label for a legitimate result
155
+ 3. `hotspot_candidates: []` in annotation-heavy repos — no explanation, no fallback
156
+ 4. `--compact` vs `--agent` — unclear when to use which without reading docs
157
+ 5. No `--help` shortcut that explains the Spring interface vs impl distinction
158
+ 6. `project_summary` sourced from README marketing copy — not architectural description
159
+ 7. `fix-bug` output can be very large without `--output` flag — no token budget warning in terminal
160
+
161
+ ---
162
+
163
+ ## 10. Suggested positioning (1–2 lines)
164
+
165
+ > Instant blast-radius analysis and AI-ready structural context for Java/Spring monoliths.
166
+ > Run before every refactor, every PR, every AI agent session.
167
+
168
+ Or more aggressive:
169
+
170
+ > Before you change a Spring service, know exactly what breaks. sourcecode maps the blast radius in seconds.
@@ -0,0 +1,371 @@
1
+ # sourcecode — User Guide
2
+
3
+ **sourcecode** analyzes Java/Spring/Maven repositories and produces structured JSON for AI coding agents and CI/CD pipelines. It answers two questions: *what breaks if I change X* and *what does this codebase do*.
4
+
5
+ ---
6
+
7
+ ## What is it
8
+
9
+ A local CLI. No API keys. No network calls. No account required.
10
+
11
+ It builds a deterministic symbol graph (classes, annotations, injection edges, HTTP routes) from your repository's source files and answers structural questions about that graph. All analysis is static — it reads code, not runtime behavior.
12
+
13
+ **Optimized for:** Spring Boot / Spring MVC monoliths. JAX-RS (Quarkus, Jersey) endpoint extraction at ~65% recall. Stack detection works on any codebase.
14
+
15
+ ---
16
+
17
+ ## Installation
18
+
19
+ ```bash
20
+ # macOS / Linux via Homebrew (recommended)
21
+ brew tap haroundominique/sourcecode
22
+ brew install sourcecode
23
+
24
+ # pip / pipx
25
+ pip install sourcecode
26
+ pipx install sourcecode # isolated install, no venv needed
27
+
28
+ # Verify
29
+ sourcecode version
30
+ # sourcecode 1.32.0
31
+ ```
32
+
33
+ Requires Python 3.10+.
34
+
35
+ ---
36
+
37
+ ## License activation (Pro features)
38
+
39
+ Free features work immediately after install. Pro commands (`impact`, `review-pr`, `fix-bug`, `modernize`, `generate-tests`) require an active license.
40
+
41
+ ```bash
42
+ sourcecode activate SC-XXXX-XXXX-XXXX
43
+ ```
44
+
45
+ On success:
46
+
47
+ ```json
48
+ {"status": "activated", "plan": "pro", "features": ["impact", "review-pr", "fix-bug", "modernize", "generate-tests"]}
49
+ ```
50
+
51
+ License is cached in `~/.sourcecode/license.json` and re-validated every 24 hours. Works offline after first activation — network errors keep the cached state.
52
+
53
+ ---
54
+
55
+ ## Core commands
56
+
57
+ ### `sourcecode --compact`
58
+
59
+ High-signal structural summary. Use at the start of any AI agent session.
60
+
61
+ ```bash
62
+ sourcecode /path/to/repo --compact
63
+ sourcecode . --compact --git-context # includes commit hotspots
64
+ sourcecode . --compact --copy # copy to clipboard
65
+ ```
66
+
67
+ Output (~2,500–4,000 tokens): detected stacks, entry points, dependencies, transactional boundaries (Spring), env vars, confidence level, analysis gaps.
68
+
69
+ ### `sourcecode --agent`
70
+
71
+ More structured version of `--compact`. Designed for AI agent system prompt injection.
72
+
73
+ ```bash
74
+ sourcecode /repo --agent --output context.json
75
+ cat context.json | claude -p "Explain the architecture"
76
+ ```
77
+
78
+ Output (~4,500–5,500 tokens): project identity, entry points, file relevance ranking, architecture classification, confidence.
79
+
80
+ ### `sourcecode onboard`
81
+
82
+ Full structural context for an unfamiliar codebase. Answers: "What is this repo and where do I start?"
83
+
84
+ ```bash
85
+ sourcecode onboard /path/to/repo
86
+ sourcecode onboard . --llm-prompt # appends a ready-to-use prompt
87
+ sourcecode onboard . --output onboard.json
88
+ ```
89
+
90
+ Output: architecture summary, subsystems, key entry points, hotspots, tech-debt signals, analysis gaps.
91
+
92
+ ### `sourcecode endpoints`
93
+
94
+ Extract all REST endpoints from Spring MVC and JAX-RS annotations.
95
+
96
+ ```bash
97
+ sourcecode endpoints /path/to/repo
98
+ sourcecode endpoints . --format yaml
99
+ ```
100
+
101
+ Output: list of `{method, path, controller, handler}`. Covers `@GetMapping`, `@PostMapping`, `@PutMapping`, `@DeleteMapping`, `@PatchMapping`, `@RequestMapping`, `@GET`, `@POST`, `@PUT`, `@DELETE`, `@PATCH` + `@Path`.
102
+
103
+ **Note:** JAX-RS sub-resource locator pattern (endpoints mounted dynamically via factory methods) is not individually counted — ~65% recall for JAX-RS.
104
+
105
+ ### `sourcecode impact` [Pro]
106
+
107
+ Blast-radius analysis: who depends on a class and what breaks if it changes.
108
+
109
+ ```bash
110
+ sourcecode impact OrderService /repo
111
+ sourcecode impact OrderService . --depth 6
112
+ sourcecode impact org.example.UserService /repo # FQN form
113
+ sourcecode impact UserService.java /repo # file form
114
+ ```
115
+
116
+ Output: `direct_callers`, `indirect_callers` (BFS to `--depth`), `endpoints_affected`, `transactional_boundaries_touched`, `risk_score` (0–100), `risk_level` (low/medium/high).
117
+
118
+ **Critical:** In Spring Boot, always target the **interface**, not the implementation.
119
+
120
+ ```bash
121
+ sourcecode impact OrderService /repo # ✓ correct — returns callers via @Autowired
122
+ sourcecode impact OrderServiceImpl /repo # ✗ wrong — returns 0 callers (DI blindness)
123
+ ```
124
+
125
+ If you get `direct_callers: []` with `resolution: exact` for a `@Service` class, re-run with the interface name.
126
+
127
+ ### `sourcecode fix-bug` [Pro]
128
+
129
+ Risk-ranked file list correlated to a bug symptom.
130
+
131
+ ```bash
132
+ sourcecode fix-bug /repo --symptom "NullPointerException in checkout"
133
+ sourcecode fix-bug . --symptom "payment timeout"
134
+ sourcecode fix-bug . --symptom "OIDC token refresh fails after realm update"
135
+ ```
136
+
137
+ Output: `relevant_files` (ranked by symptom match evidence), `suspected_areas` with evidence chain (keyword → path → content → git correlation).
138
+
139
+ **Best results with specific symptoms.** Generic symptoms ("error", "bug") return noisy file lists.
140
+
141
+ ### `sourcecode review-pr` [Pro]
142
+
143
+ PR diff analysis: changed files, test coverage gaps, blast radius of changed classes.
144
+
145
+ ```bash
146
+ sourcecode review-pr . --since main
147
+ sourcecode review-pr . --since origin/main --format github-comment
148
+ sourcecode review-pr . --since HEAD~3 --output review.json
149
+ ```
150
+
151
+ Output: `changed_files`, `review_hotspots`, `suggested_review_order`, `test_coverage_risk`, `impact_summary`, `ci_decision`.
152
+
153
+ Parse `ci_decision` and `test_coverage_risk` for automated CI gates:
154
+
155
+ ```bash
156
+ DECISION=$(jq -r '.ci_decision' review.json)
157
+ RISK=$(jq -r '.test_coverage_risk.risk_level' review.json)
158
+ ```
159
+
160
+ ### `sourcecode modernize` [Pro]
161
+
162
+ Identifies coupling hotspots, dead zones, and cross-module tangles.
163
+
164
+ ```bash
165
+ sourcecode modernize /path/to/repo
166
+ ```
167
+
168
+ Output:
169
+ - `high_coupling_nodes` — classes with highest fan-in degree (risky to change)
170
+ - `hotspot_candidates` — services/controllers with high coupling (subset of above)
171
+ - `dead_zone_candidates` — classes with zero callers (safe to remove)
172
+ - `cross_module_tangles` — packages with bidirectional coupling
173
+
174
+ **Note:** In annotation-heavy codebases, `hotspot_candidates` may be empty — annotation types and JPA entities dominate the coupling graph but don't qualify as hotspots. Check `high_coupling_nodes` directly.
175
+
176
+ ---
177
+
178
+ ## Typical workflows
179
+
180
+ ### Onboarding a new codebase (you or an AI agent)
181
+
182
+ ```bash
183
+ # Step 1: get bounded context
184
+ sourcecode onboard /repo
185
+
186
+ # Step 2: understand the entry points + architecture
187
+ sourcecode /repo --compact
188
+
189
+ # Step 3: pipe to an AI agent
190
+ sourcecode /repo --agent | claude -p "Explain the main request flow through this service"
191
+ ```
192
+
193
+ ### Pre-refactor safety check
194
+
195
+ ```bash
196
+ # Always target the interface in Spring Boot repos:
197
+ sourcecode impact OrderService /repo
198
+
199
+ # Parse the risk level programmatically:
200
+ sourcecode impact OrderService /repo | jq '{risk_level, risk_score, direct_callers_count: (.direct_callers | length), endpoints_count: (.endpoints_affected | length)}'
201
+
202
+ # If touching a very large hub interface, use depth=1 for speed:
203
+ sourcecode impact KeycloakSession /repo --depth 1
204
+ ```
205
+
206
+ ### Bug triage
207
+
208
+ ```bash
209
+ # Specific symptoms → best signal:
210
+ sourcecode fix-bug /repo --symptom "NullPointerException OrderService.findOrderById line 234"
211
+
212
+ # Save full output for complex bugs:
213
+ sourcecode fix-bug /repo --symptom "payment gateway timeout" --output triage.json
214
+
215
+ # Top files will include:
216
+ # - symptom_match: direct keyword/path match
217
+ # - suspected_areas: annotations + evidence chain
218
+ # - relevant_files: risk-ranked by composite score
219
+ ```
220
+
221
+ ### PR review
222
+
223
+ ```bash
224
+ # JSON output for automated gates:
225
+ sourcecode review-pr . --since origin/main --output review.json
226
+ jq '{ci_decision, test_coverage_risk, impact_summary}' review.json
227
+
228
+ # Markdown comment for GitHub:
229
+ sourcecode review-pr . --since main --format github-comment
230
+
231
+ # Specific range:
232
+ sourcecode review-pr . --since HEAD~5
233
+ ```
234
+
235
+ ### Understand the REST API surface
236
+
237
+ ```bash
238
+ sourcecode endpoints /repo
239
+ sourcecode endpoints /repo | jq '.endpoints | map(select(.method == "POST"))' # POST endpoints only
240
+ sourcecode endpoints /repo --output endpoints.json
241
+ ```
242
+
243
+ ### MCP server (AI agent integration)
244
+
245
+ ```bash
246
+ # One-time setup (Claude Desktop / Cursor):
247
+ sourcecode mcp init
248
+
249
+ # Verify setup:
250
+ sourcecode mcp status
251
+
252
+ # Start server manually:
253
+ sourcecode mcp serve
254
+
255
+ # Remove:
256
+ sourcecode mcp remove
257
+ ```
258
+
259
+ The MCP server exposes structural analysis tools to AI agents without requiring the agent to call the CLI directly. Claude Desktop and Cursor can query impact, endpoints, and context through the MCP protocol.
260
+
261
+ ---
262
+
263
+ ## Output schema
264
+
265
+ All commands output structured JSON to stdout unless `--output` is specified.
266
+
267
+ Common fields:
268
+ - `schema_version` — format version
269
+ - `confidence_summary.overall` — `high` / `medium` / `low`
270
+ - `analysis_gaps` — list of what could not be analyzed and why
271
+
272
+ Java/Spring-specific fields (when detected):
273
+ - `transactional_boundaries` — classes annotated with `@Transactional`
274
+ - `language_version` — from `maven.compiler.source`
275
+ - `deployment.spring_boot_version`
276
+ - `deployment.packaging` — `jar` or `war`
277
+ - `mybatis` — mapper interface/XML pairing summary
278
+
279
+ ### Output modes
280
+
281
+ | Mode | When to use | Token size |
282
+ |------|-------------|-----------|
283
+ | `--compact` | AI session start, high-level overview | 2,500–4,000 |
284
+ | `--agent` | AI agent system prompt injection | 4,500–5,500 |
285
+ | `onboard` | Task-structured agent/developer onboarding | ~2,600 |
286
+ | `fix-bug` (trimmed) | Bug triage with token budget | ~4,600 |
287
+ | `--full` | Remove truncation limits | unlimited |
288
+
289
+ ---
290
+
291
+ ## Caching
292
+
293
+ Analysis is cached by content hash. Unchanged files do not re-scan.
294
+
295
+ - Cache hit speedup: 13–33× depending on repo size
296
+ - BroadleafCommerce (2,985 files): 2.9s cold → 0.20s cached
297
+ - Keycloak (7,885 files): 9.0s cold → 0.27s cached
298
+ - Bypass: `sourcecode --no-cache`
299
+
300
+ The cache is stored locally. No content leaves your machine.
301
+
302
+ ---
303
+
304
+ ## Flags reference
305
+
306
+ | Flag | Short | Description |
307
+ |------|-------|-------------|
308
+ | `--compact` | | High-signal summary + transactional boundaries |
309
+ | `--agent` | | Structured JSON for AI agent injection |
310
+ | `--full` | | Remove truncation limits |
311
+ | `--git-context` | `-g` | Add commit hotspots and uncommitted file count |
312
+ | `--changed-only` | | Limit to git-modified files |
313
+ | `--depth N` | | Traversal depth (default: 4, max: 20) |
314
+ | `--format` | `-f` | `json` (default) or `yaml` |
315
+ | `--output` | `-o` | Write to file instead of stdout |
316
+ | `--no-cache` | | Force fresh analysis |
317
+ | `--copy` | `-c` | Copy output to clipboard |
318
+ | `--no-redact` | | Disable automatic secret redaction |
319
+ | `--exclude PATTERN` | | Skip directories matching pattern |
320
+ | `--version` | `-v` | Show version and exit |
321
+
322
+ ---
323
+
324
+ ## Troubleshooting
325
+
326
+ ### `impact` returns 0 callers for a @Service class
327
+
328
+ You're targeting the implementation. Spring Boot uses interface injection.
329
+
330
+ ```bash
331
+ # Wrong:
332
+ sourcecode impact UserServiceImpl /repo # 0 callers
333
+
334
+ # Correct:
335
+ sourcecode impact UserService /repo # real blast radius
336
+ ```
337
+
338
+ ### `hotspot_candidates` is empty after `modernize`
339
+
340
+ Check `high_coupling_nodes` instead. In annotation-heavy codebases, the highest-coupled symbols are annotation types and JPA entities, not services. These are excluded from `hotspot_candidates` by role filter.
341
+
342
+ ### `review-pr` shows `confidence: LOW`
343
+
344
+ Expected for small commits or commits touching files without annotation signals. The output is still accurate — low confidence means the role classification fell back to filename/git-diff only. Check `analysis_limiter.missing_signals` for details.
345
+
346
+ ### `endpoints` shows 0 for a Spring project
347
+
348
+ Most common causes:
349
+ 1. Endpoints use non-standard annotation composition (meta-annotations). Direct `@GetMapping` detection only.
350
+ 2. JAX-RS sub-resource locator pattern — endpoints mounted dynamically.
351
+ 3. Kotlin Spring controllers (Java-only analysis).
352
+
353
+ ### Cold scan is slow (>30s)
354
+
355
+ For very large repos (15K+ Java files), consider:
356
+ - `--fast` flag (skips deep content search): `sourcecode fix-bug --fast`
357
+ - `--exclude legacy,generated` to skip non-production code
358
+ - After first run, cache hits will be <1s
359
+
360
+ ---
361
+
362
+ ## Limitations
363
+
364
+ - Static analysis only — no runtime behavior, no bytecode analysis
365
+ - No semantic code understanding — reads structure, not logic
366
+ - Spring MVC layered apps: high accuracy. Quarkus SPI/plugin model: architecture classification may be inaccurate
367
+ - JAX-RS subresource locator pattern: ~65% endpoint recall
368
+ - `impact` on implementation classes returns implementation-specific callers only — always target the interface in Spring Boot
369
+ - `no_security_signal` on endpoints = no method-level annotations found. Does not mean the endpoint is unsecured (Spring Security filter chains are not analyzed)
370
+ - `project_summary` is extracted from README — may reflect marketing copy rather than architectural description
371
+ - Works offline; no AI inference — outputs structural facts, not quality judgments
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
4
4
 
5
5
  [project]
6
6
  name = "sourcecode"
7
- version = "1.31.32"
7
+ version = "1.32.1"
8
8
  description = "Deterministic codebase context for AI coding agents"
9
9
  readme = "README.md"
10
10
  requires-python = ">=3.9"
@@ -1,3 +1,3 @@
1
1
  """sourcecode — Deterministic codebase context maps for AI coding agents."""
2
2
 
3
- __version__ = "1.31.32"
3
+ __version__ = "1.32.1"