sourcecode 1.35.33__tar.gz → 1.35.34__tar.gz

{sourcecode-1.35.33 → sourcecode-1.35.34}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sourcecode
-Version: 1.35.33
+Version: 1.35.34
 Summary: Persistent structural context and ultra-fast repeated analysis for AI coding agents
 License-File: LICENSE
 Keywords: agents,ai,codebase,context,developer-tools,llm
@@ -114,9 +114,7 @@ pipx install sourcecode
 
 ```bash
 sourcecode version
-# sourcecode 1.35.33
-
-**v1.35.28** — 7 bug fixes: `rename-class` cross-package disambiguation (BUG-4), `rename-class` collision detection (BUG-2), `find_java_files` false positive on `com/test/` package paths (BUG-1), `cold-start --compact` correct key names (BUG-6), `@EnableMethodSecurity` no longer suppresses SEC-001 (BUG-3), `explain` @Entity stereotype detection (BUG-5), XML+annotation mixed security retagging (BUG-7).
+# sourcecode 1.35.34
 ```
 
 ---
@@ -136,6 +134,9 @@ sourcecode --agent
 # Blast radius: what breaks if this class changes?
 sourcecode impact OrderService /path/to/repo
 
+# Spring Boot 2→3 migration readiness: javax→jakarta blockers, removed APIs
+sourcecode migrate-check /path/to/repo
+
 # Spring semantic audit: TX anomalies + security surface (free)
 sourcecode spring-audit /path/to/repo
 
@@ -180,6 +181,9 @@ sourcecode cache warm
 
 # Clear cache
 sourcecode cache clear
+
+# Check RIS freshness relative to current git HEAD
+sourcecode cache freshness
 ```
 
 **`--no-cache`** bypasses both layers and forces a fresh scan. Use in CI or when you need to verify a fresh result.
@@ -337,9 +341,14 @@ Extracts all Spring MVC (`@GetMapping`, `@PostMapping`, `@RequestMapping`, etc.)
 
 ```bash
 sourcecode spring-audit /path/to/repo
-sourcecode spring-audit /path/to/repo --scope tx          # TX anomalies only
+sourcecode spring-audit /path/to/repo --scope tx           # TX anomalies only
 sourcecode spring-audit /path/to/repo --scope security     # security surface only
 sourcecode spring-audit /path/to/repo --min-severity high
+
+# CI/CD gate: exit 1 on any finding
+sourcecode spring-audit . --ci
+sourcecode spring-audit . --ci --min-severity high         # exit 1 only on high/critical
+sourcecode spring-audit . --ci --format github-comment     # Markdown output + exit 1
 ```
 
 Detects structural Spring anomalies that survive code review and tests, but cause production failures:
@@ -406,20 +415,59 @@ sourcecode cold-start /path/to/repo --compact   # ~10K token subset
 
 Returns the Repository Intelligence Snapshot (RIS) instantly — zero re-analysis. The RIS is built by a prior warm cache pass and includes stacks, entry points, endpoint surface, and Spring semantic signals. Status field: `cold_start_ready` | `cold_start_stale` | `no_ris`.
 
-Use `--compact` to get a ~10K token subset safe for direct LLM injection. Full snapshot can exceed 100K tokens on medium repos — use `--output FILE` for local search tooling.
+Use `--compact` to get a ~10K token subset safe for direct LLM injection. Full snapshot ranges from ~100K–200K tokens on medium repos — use `--output FILE` for local search tooling.
 
 ### `repo-ir` — symbol-level IR
 
 ```bash
-sourcecode repo-ir /path/to/repo --summary-only          # ~20K tokens
-sourcecode repo-ir /path/to/repo --since HEAD~1           # symbol-level diff
+sourcecode repo-ir /path/to/repo --summary-only                  # ~20K tokens
+sourcecode repo-ir /path/to/repo --since HEAD~1                   # symbol-level diff
 sourcecode repo-ir /path/to/repo --files src/.../OrderService.java
+sourcecode repo-ir /path/to/repo --max-nodes 200 --max-edges 500  # limit graph size
+sourcecode repo-ir /path/to/repo --output ir.json.gz --gzip       # compressed output (~70-80% smaller)
+sourcecode repo-ir /path/to/repo --include-tests                   # include test files
 ```
 
 Builds a deterministic symbol graph: classes, methods, import/injection edges, Spring roles, subsystems.
 
+**Size control flags:**
+
+| Flag | Description |
+|------|-------------|
+| `--summary-only` | Omit full graph nodes/edges; keep analysis summary, impact, and change_set (<300KB typical) |
+| `--max-nodes N` | Keep top N nodes by impact score |
+| `--max-edges N` | Keep top N edges (priority: edges between kept nodes) |
+| `--gzip` | Compress output with gzip. Requires `--output`. ~70–80% smaller. |
+| `--force` | Bypass the 50K-token size guard and emit output anyway |
+| `--include-tests` | Include test source files (excluded by default) |
+
 **Size warning:** Without `--summary-only`, output can exceed 1MB for mid-size repos. Always use `--summary-only` unless you need the full graph for downstream tooling.
 
+### `explain` — architectural summary for a class
+
+```bash
+sourcecode explain UserService
+sourcecode explain OrderController /path/to/repo
+sourcecode explain UserService --format json
+```
+
+Human-readable architectural summary derived entirely from static analysis: Spring stereotype, public methods, incoming callers, outgoing dependencies, events published/consumed, `@Transactional` boundaries, security constraints, and related REST endpoints. JAVA/SPRING ONLY.
+
+### `pr-impact` — PR blast-radius report
+
+```bash
+sourcecode pr-impact --files changed_files.txt
+sourcecode pr-impact /path/to/repo --files diff.txt --format json
+```
+
+Takes a file listing changed Java files (one path per line) and produces a consolidated report: modified classes, affected REST endpoints reachable through the call chain, direct callers of each changed class, event publishers/consumers triggered, `@Transactional` methods in changed classes, and a consolidated risk level (`CRITICAL` / `HIGH` / `MEDIUM` / `LOW`). JAVA/SPRING ONLY.
+
+```bash
+# Typical CI usage: pipe git diff to a file, then run
+git diff --name-only main | grep '\.java$' > changed.txt
+sourcecode pr-impact . --files changed.txt --format json
+```
+
 ### `onboard` — codebase orientation
 
 ```bash
@@ -453,6 +501,98 @@ sourcecode modernize /path/to/repo
 
 High-coupling nodes (high fan-in = risky to change), dead zone candidates (isolated symbols), subsystem tangles.
 
+### `migrate-check` — Spring Boot 2→3 migration readiness
+
+```bash
+sourcecode migrate-check /path/to/repo
+sourcecode migrate-check . --min-severity high
+sourcecode migrate-check . --format text
+sourcecode migrate-check . --output migration.json
+```
+
+Detects migration blockers across Java source files, Spring XML config files, and Maven/Gradle build files. 27 rules organized by target:
+
+**Jakarta namespace (MIG-001..009) — javax→jakarta**
+
+| Rule | Severity | Pattern |
+|------|----------|---------|
+| `MIG-001` | critical | `javax.persistence` import — JPA will not compile |
+| `MIG-002` | high | `javax.servlet` import — Servlet API changed |
+| `MIG-003` | high | `javax.validation` import — Bean Validation changed |
+| `MIG-004` | high | `javax.transaction` import — TX API changed |
+| `MIG-006` | medium | `javax.annotation` import — CDI annotations changed |
+| `MIG-007` | medium | `javax.inject` import — DI annotations changed |
+| `MIG-008` | medium | `javax.ws.rs` import — JAX-RS changed |
+| `MIG-009` | medium | `javax.jms` import — JMS API changed |
+
+**Spring Security 6 (MIG-005, MIG-019, MIG-020)**
+
+| Rule | Severity | Pattern |
+|------|----------|---------|
+| `MIG-005` | high | `extends WebSecurityConfigurerAdapter` — removed in Spring Security 6 |
+| `MIG-019` | high | SpringFox / `@EnableSwagger2` — incompatible with Spring Boot 3 |
+| `MIG-020` | high | `antMatchers()` / `authorizeRequests()` — replaced in Spring Security 6 |
+
+**Java version compatibility (MIG-010..025)**
+
+| Rule | Severity | Pattern |
+|------|----------|---------|
+| `MIG-010` | critical | `SecurityManager` / `AccessController` — removed in Java 17 (JEP 411) |
+| `MIG-011` | high | `sun.*` / `com.sun.net.*` internal API imports — strong encapsulation since Java 9 |
+| `MIG-012` | high | Nashorn `ScriptEngine` — removed in Java 15 |
+| `MIG-013` | high | `sun.misc.Unsafe` — requires `--add-opens` on Java 9+ |
+| `MIG-014` | medium | `setAccessible(true)` — may throw `InaccessibleObjectException` on Java 17+ |
+| `MIG-015` | medium | `finalize()` override — deprecated for removal since Java 18 |
+| `MIG-016` | low | `java.util.Date` / `Calendar` / `SimpleDateFormat` — use `java.time` |
+| `MIG-021` | high | `javax.xml.bind` (JAXB) — removed from JDK in Java 11 |
+| `MIG-022` | high | `javax.xml.ws` (JAX-WS) — removed from JDK in Java 11 |
+| `MIG-023` | critical | `org.omg.*` / CORBA APIs — removed from JDK in Java 11 |
+| `MIG-024` | medium | `Thread.stop()` / `Thread.suspend()` / `Thread.resume()` — deprecated for removal |
+| `MIG-025` | medium | `ReflectionFactory` / `MethodHandles.privateLookupIn` — JPMS deep-reflection risk |
+
+**Spring XML config (MIG-030..032)**
+
+| Rule | Severity | Pattern |
+|------|----------|---------|
+| `MIG-030` | high | `javax.*` class reference in Spring XML bean definitions |
+| `MIG-031` | high | `<http auto-config>` or versioned spring-security ≤5 schema in XML |
+| `MIG-032` | high | `web.xml` with Servlet ≤4 namespace — must migrate to `jakarta.ee` |
+
+**Build file dependencies (MIG-040..043)**
+
+| Rule | Severity | Pattern |
+|------|----------|---------|
+| `MIG-040` | high | `io.springfox` dependency — incompatible with Spring Boot 3 |
+| `MIG-041` | high | Hibernate 5.x explicitly pinned — Spring Boot 3 requires Hibernate 6 |
+| `MIG-042` | medium | ByteBuddy < 1.12.x — may not support Java 17+ strong encapsulation |
+| `MIG-043` | high | EhCache 2.x (`net.sf.ehcache`) — incompatible with Spring Boot 3 |
+
+Each finding includes `severity`, `title`, `source_file`, `first_line`, `explanation`, `fix_hint`, `migration_target`, and `openrewrite_recipe` (when an automated recipe exists).
+
+### `rename-class` — Java class rename
+
+```bash
+sourcecode rename-class . --from ServiceA --to ServiceB
+sourcecode rename-class /path/to/repo --from OrderManager --to OrderService
+sourcecode rename-class . --from OldName --to NewName --dry-run
+sourcecode rename-class . --from OldName --to NewName --no-tests   # src/main only
+```
+
+Renames a Java class safely throughout the repository: declaration, constructor, all import statements, type references (fields, params, return types), `extends`/`implements`, generics, casts, and Spring `@Qualifier` names. Renames the physical `.java` file. Emits a structured change audit trail (`file`, `before_lines`, `after_lines`, `intent`, `diff`).
+
+Use `--dry-run` to preview changes without writing to disk.
+
+### `chunk-file` — split large Java files for agent consumption
+
+```bash
+sourcecode chunk-file BigService.java
+sourcecode chunk-file BigService.java --max-lines 300
+sourcecode chunk-file BigService.java --chunk 5          # read chunk 5 only
+sourcecode chunk-file BigService.java --metadata-only    # boundaries only, no content
+```
+
+Splits a large Java file at method/class boundaries so AI agents can read files with 10K–25K+ lines in context-sized pieces. Each chunk includes `chunk_id`, `start_line`, `end_line`, `chunk_type`, symbol name, a `context_header` (package + class + imports summary), and `content`. A `size_warning` flag marks methods that exceed `--max-lines` and cannot be split further.
+
 ### `prepare-context` — task-specific context
 
 Low-level access to all tasks with full options:

{sourcecode-1.35.33 → sourcecode-1.35.34}/README.md

@@ -76,9 +76,7 @@ pipx install sourcecode
 
 ```bash
 sourcecode version
-# sourcecode 1.35.33
-
-**v1.35.28** — 7 bug fixes: `rename-class` cross-package disambiguation (BUG-4), `rename-class` collision detection (BUG-2), `find_java_files` false positive on `com/test/` package paths (BUG-1), `cold-start --compact` correct key names (BUG-6), `@EnableMethodSecurity` no longer suppresses SEC-001 (BUG-3), `explain` @Entity stereotype detection (BUG-5), XML+annotation mixed security retagging (BUG-7).
+# sourcecode 1.35.34
 ```
 
 ---
@@ -98,6 +96,9 @@ sourcecode --agent
 # Blast radius: what breaks if this class changes?
 sourcecode impact OrderService /path/to/repo
 
+# Spring Boot 2→3 migration readiness: javax→jakarta blockers, removed APIs
+sourcecode migrate-check /path/to/repo
+
 # Spring semantic audit: TX anomalies + security surface (free)
 sourcecode spring-audit /path/to/repo
 
@@ -142,6 +143,9 @@ sourcecode cache warm
 
 # Clear cache
 sourcecode cache clear
+
+# Check RIS freshness relative to current git HEAD
+sourcecode cache freshness
 ```
 
 **`--no-cache`** bypasses both layers and forces a fresh scan. Use in CI or when you need to verify a fresh result.
@@ -299,9 +303,14 @@ Extracts all Spring MVC (`@GetMapping`, `@PostMapping`, `@RequestMapping`, etc.)
 
 ```bash
 sourcecode spring-audit /path/to/repo
-sourcecode spring-audit /path/to/repo --scope tx          # TX anomalies only
+sourcecode spring-audit /path/to/repo --scope tx           # TX anomalies only
 sourcecode spring-audit /path/to/repo --scope security     # security surface only
 sourcecode spring-audit /path/to/repo --min-severity high
+
+# CI/CD gate: exit 1 on any finding
+sourcecode spring-audit . --ci
+sourcecode spring-audit . --ci --min-severity high         # exit 1 only on high/critical
+sourcecode spring-audit . --ci --format github-comment     # Markdown output + exit 1
 ```
 
 Detects structural Spring anomalies that survive code review and tests, but cause production failures:
@@ -368,20 +377,59 @@ sourcecode cold-start /path/to/repo --compact   # ~10K token subset
 
 Returns the Repository Intelligence Snapshot (RIS) instantly — zero re-analysis. The RIS is built by a prior warm cache pass and includes stacks, entry points, endpoint surface, and Spring semantic signals. Status field: `cold_start_ready` | `cold_start_stale` | `no_ris`.
 
-Use `--compact` to get a ~10K token subset safe for direct LLM injection. Full snapshot can exceed 100K tokens on medium repos — use `--output FILE` for local search tooling.
+Use `--compact` to get a ~10K token subset safe for direct LLM injection. Full snapshot ranges from ~100K–200K tokens on medium repos — use `--output FILE` for local search tooling.
 
 ### `repo-ir` — symbol-level IR
 
 ```bash
-sourcecode repo-ir /path/to/repo --summary-only          # ~20K tokens
-sourcecode repo-ir /path/to/repo --since HEAD~1           # symbol-level diff
+sourcecode repo-ir /path/to/repo --summary-only                  # ~20K tokens
+sourcecode repo-ir /path/to/repo --since HEAD~1                   # symbol-level diff
 sourcecode repo-ir /path/to/repo --files src/.../OrderService.java
+sourcecode repo-ir /path/to/repo --max-nodes 200 --max-edges 500  # limit graph size
+sourcecode repo-ir /path/to/repo --output ir.json.gz --gzip       # compressed output (~70-80% smaller)
+sourcecode repo-ir /path/to/repo --include-tests                   # include test files
 ```
 
 Builds a deterministic symbol graph: classes, methods, import/injection edges, Spring roles, subsystems.
 
+**Size control flags:**
+
+| Flag | Description |
+|------|-------------|
+| `--summary-only` | Omit full graph nodes/edges; keep analysis summary, impact, and change_set (<300KB typical) |
+| `--max-nodes N` | Keep top N nodes by impact score |
+| `--max-edges N` | Keep top N edges (priority: edges between kept nodes) |
+| `--gzip` | Compress output with gzip. Requires `--output`. ~70–80% smaller. |
+| `--force` | Bypass the 50K-token size guard and emit output anyway |
+| `--include-tests` | Include test source files (excluded by default) |
+
 **Size warning:** Without `--summary-only`, output can exceed 1MB for mid-size repos. Always use `--summary-only` unless you need the full graph for downstream tooling.
 
+### `explain` — architectural summary for a class
+
+```bash
+sourcecode explain UserService
+sourcecode explain OrderController /path/to/repo
+sourcecode explain UserService --format json
+```
+
+Human-readable architectural summary derived entirely from static analysis: Spring stereotype, public methods, incoming callers, outgoing dependencies, events published/consumed, `@Transactional` boundaries, security constraints, and related REST endpoints. JAVA/SPRING ONLY.
+
+### `pr-impact` — PR blast-radius report
+
+```bash
+sourcecode pr-impact --files changed_files.txt
+sourcecode pr-impact /path/to/repo --files diff.txt --format json
+```
+
+Takes a file listing changed Java files (one path per line) and produces a consolidated report: modified classes, affected REST endpoints reachable through the call chain, direct callers of each changed class, event publishers/consumers triggered, `@Transactional` methods in changed classes, and a consolidated risk level (`CRITICAL` / `HIGH` / `MEDIUM` / `LOW`). JAVA/SPRING ONLY.
+
+```bash
+# Typical CI usage: pipe git diff to a file, then run
+git diff --name-only main | grep '\.java$' > changed.txt
+sourcecode pr-impact . --files changed.txt --format json
+```
+
 ### `onboard` — codebase orientation
 
 ```bash
@@ -415,6 +463,98 @@ sourcecode modernize /path/to/repo
 
 High-coupling nodes (high fan-in = risky to change), dead zone candidates (isolated symbols), subsystem tangles.
 
+### `migrate-check` — Spring Boot 2→3 migration readiness
+
+```bash
+sourcecode migrate-check /path/to/repo
+sourcecode migrate-check . --min-severity high
+sourcecode migrate-check . --format text
+sourcecode migrate-check . --output migration.json
+```
+
+Detects migration blockers across Java source files, Spring XML config files, and Maven/Gradle build files. 27 rules organized by target:
+
+**Jakarta namespace (MIG-001..009) — javax→jakarta**
+
+| Rule | Severity | Pattern |
+|------|----------|---------|
+| `MIG-001` | critical | `javax.persistence` import — JPA will not compile |
+| `MIG-002` | high | `javax.servlet` import — Servlet API changed |
+| `MIG-003` | high | `javax.validation` import — Bean Validation changed |
+| `MIG-004` | high | `javax.transaction` import — TX API changed |
+| `MIG-006` | medium | `javax.annotation` import — CDI annotations changed |
+| `MIG-007` | medium | `javax.inject` import — DI annotations changed |
+| `MIG-008` | medium | `javax.ws.rs` import — JAX-RS changed |
+| `MIG-009` | medium | `javax.jms` import — JMS API changed |
+
+**Spring Security 6 (MIG-005, MIG-019, MIG-020)**
+
+| Rule | Severity | Pattern |
+|------|----------|---------|
+| `MIG-005` | high | `extends WebSecurityConfigurerAdapter` — removed in Spring Security 6 |
+| `MIG-019` | high | SpringFox / `@EnableSwagger2` — incompatible with Spring Boot 3 |
+| `MIG-020` | high | `antMatchers()` / `authorizeRequests()` — replaced in Spring Security 6 |
+
+**Java version compatibility (MIG-010..025)**
+
+| Rule | Severity | Pattern |
+|------|----------|---------|
+| `MIG-010` | critical | `SecurityManager` / `AccessController` — removed in Java 17 (JEP 411) |
+| `MIG-011` | high | `sun.*` / `com.sun.net.*` internal API imports — strong encapsulation since Java 9 |
+| `MIG-012` | high | Nashorn `ScriptEngine` — removed in Java 15 |
+| `MIG-013` | high | `sun.misc.Unsafe` — requires `--add-opens` on Java 9+ |
+| `MIG-014` | medium | `setAccessible(true)` — may throw `InaccessibleObjectException` on Java 17+ |
+| `MIG-015` | medium | `finalize()` override — deprecated for removal since Java 18 |
+| `MIG-016` | low | `java.util.Date` / `Calendar` / `SimpleDateFormat` — use `java.time` |
+| `MIG-021` | high | `javax.xml.bind` (JAXB) — removed from JDK in Java 11 |
+| `MIG-022` | high | `javax.xml.ws` (JAX-WS) — removed from JDK in Java 11 |
+| `MIG-023` | critical | `org.omg.*` / CORBA APIs — removed from JDK in Java 11 |
+| `MIG-024` | medium | `Thread.stop()` / `Thread.suspend()` / `Thread.resume()` — deprecated for removal |
+| `MIG-025` | medium | `ReflectionFactory` / `MethodHandles.privateLookupIn` — JPMS deep-reflection risk |
+
+**Spring XML config (MIG-030..032)**
+
+| Rule | Severity | Pattern |
+|------|----------|---------|
+| `MIG-030` | high | `javax.*` class reference in Spring XML bean definitions |
+| `MIG-031` | high | `<http auto-config>` or versioned spring-security ≤5 schema in XML |
+| `MIG-032` | high | `web.xml` with Servlet ≤4 namespace — must migrate to `jakarta.ee` |
+
+**Build file dependencies (MIG-040..043)**
+
+| Rule | Severity | Pattern |
+|------|----------|---------|
+| `MIG-040` | high | `io.springfox` dependency — incompatible with Spring Boot 3 |
+| `MIG-041` | high | Hibernate 5.x explicitly pinned — Spring Boot 3 requires Hibernate 6 |
+| `MIG-042` | medium | ByteBuddy < 1.12.x — may not support Java 17+ strong encapsulation |
+| `MIG-043` | high | EhCache 2.x (`net.sf.ehcache`) — incompatible with Spring Boot 3 |
+
+Each finding includes `severity`, `title`, `source_file`, `first_line`, `explanation`, `fix_hint`, `migration_target`, and `openrewrite_recipe` (when an automated recipe exists).
+
+### `rename-class` — Java class rename
+
+```bash
+sourcecode rename-class . --from ServiceA --to ServiceB
+sourcecode rename-class /path/to/repo --from OrderManager --to OrderService
+sourcecode rename-class . --from OldName --to NewName --dry-run
+sourcecode rename-class . --from OldName --to NewName --no-tests   # src/main only
+```
+
+Renames a Java class safely throughout the repository: declaration, constructor, all import statements, type references (fields, params, return types), `extends`/`implements`, generics, casts, and Spring `@Qualifier` names. Renames the physical `.java` file. Emits a structured change audit trail (`file`, `before_lines`, `after_lines`, `intent`, `diff`).
+
+Use `--dry-run` to preview changes without writing to disk.
+
+### `chunk-file` — split large Java files for agent consumption
+
+```bash
+sourcecode chunk-file BigService.java
+sourcecode chunk-file BigService.java --max-lines 300
+sourcecode chunk-file BigService.java --chunk 5          # read chunk 5 only
+sourcecode chunk-file BigService.java --metadata-only    # boundaries only, no content
+```
+
+Splits a large Java file at method/class boundaries so AI agents can read files with 10K–25K+ lines in context-sized pieces. Each chunk includes `chunk_id`, `start_line`, `end_line`, `chunk_type`, symbol name, a `context_header` (package + class + imports summary), and `content`. A `size_warning` flag marks methods that exceed `--max-lines` and cannot be split further.
+
 ### `prepare-context` — task-specific context
 
 Low-level access to all tasks with full options:

{sourcecode-1.35.33 → sourcecode-1.35.34}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "sourcecode"
-version = "1.35.33"
+version = "1.35.34"
 description = "Persistent structural context and ultra-fast repeated analysis for AI coding agents"
 readme = "README.md"
 requires-python = ">=3.9"

{sourcecode-1.35.33 → sourcecode-1.35.34}/src/sourcecode/__init__.py

@@ -1,3 +1,3 @@
 """sourcecode — Deterministic codebase context maps for AI coding agents."""
 
-__version__ = "1.35.33"
+__version__ = "1.35.34"

{sourcecode-1.35.33 → sourcecode-1.35.34}/src/sourcecode/cli.py

@@ -3466,21 +3466,34 @@ def repo_ir_cmd(
         _ir_tokens_est = _ir_size // 4
         # P1-C: abort when estimated tokens > 50K unless --force or --output is given.
         if _ir_tokens_est > 50_000 and not force:
+            if summary_only:
+                _hint = (
+                    "Use --max-nodes N --max-edges N to cap graph size, "
+                    "--output FILE to save to disk, or --force to bypass this guard."
+                )
+            else:
+                _hint = (
+                    "Use --summary-only (~5K tokens), --max-nodes N --max-edges N, "
+                    "--output FILE to save to disk, or --force to bypass this guard."
+                )
             _emit_error_json(
                 "OUTPUT_TOO_LARGE",
                 f"Estimated output is ~{_ir_tokens_est // 1000}K tokens — too large for most LLM context windows.",
-                hint=(
-                    "Use --summary-only (~5K tokens), --max-nodes N --max-edges N, "
-                    "--output FILE to save to disk, or --force to bypass this guard."
-                ),
+                hint=_hint,
                 expected="Output under 50K estimated tokens.",
             )
             raise typer.Exit(1)
         if _ir_tokens_est > 10_000:
-            sys.stderr.write(
-                f"[repo-ir] ~{_ir_tokens_est // 1000}K tokens — "
-                "use --summary-only or --output FILE for smaller output.\n"
-            )
+            if summary_only:
+                sys.stderr.write(
+                    f"[repo-ir] ~{_ir_tokens_est // 1000}K tokens — "
+                    "use --max-nodes N --max-edges N or --output FILE for smaller output.\n"
+                )
+            else:
+                sys.stderr.write(
+                    f"[repo-ir] ~{_ir_tokens_est // 1000}K tokens — "
+                    "use --summary-only or --output FILE for smaller output.\n"
+                )
             sys.stderr.flush()
         try:
             sys.stdout.buffer.write(output.encode("utf-8"))
@@ -3590,6 +3603,15 @@ def impact_cmd(
             sys.stderr.flush()
         target, path = str(path), _target_as_path
 
+    if not target.strip():
+        _emit_error_json(
+            INVALID_INPUT_CODE,
+            "Class name must not be empty.",
+            hint="Pass a class name or FQN. Example: sourcecode impact OrderService .",
+            expected="A non-empty class name or FQN.",
+        )
+        raise typer.Exit(1)
+
     root = path.resolve()
     if not root.is_dir():
         _emit_error_json(
@@ -3718,6 +3740,15 @@ def endpoints_cmd(
       sourcecode endpoints . --controller LiquidacionJornada
       sourcecode endpoints . --limit 10
     """
+    if format not in ("json", "yaml"):
+        _emit_error_json(
+            INVALID_INPUT_CODE,
+            f"Invalid format '{format}'.",
+            hint="format must be: json or yaml.",
+            expected="json | yaml",
+        )
+        raise typer.Exit(code=1)
+
     target = path.resolve()
     if not target.exists() or not target.is_dir():
         _emit_error_json(
@@ -4258,6 +4289,15 @@ def impact_chain_cmd(
     from sourcecode.spring_impact import run_impact_chain
     from sourcecode.spring_findings import SpringAuditResult
 
+    if not symbol.strip():
+        _emit_error_json(
+            INVALID_INPUT_CODE,
+            "Symbol name must not be empty.",
+            hint="Pass a class name or FQN. Example: sourcecode impact-chain OrderService .",
+            expected="A non-empty class name or FQN.",
+        )
+        raise typer.Exit(code=1)
+
     _VALID_TYPES = ("impact", "events")
     if query_type not in _VALID_TYPES:
         _emit_error_json(
@@ -4427,10 +4467,10 @@ def pr_impact_cmd(
         )
         raise typer.Exit(code=1)
 
-    if not files.exists():
+    if not files.exists() or files.is_dir():
         _emit_error_json(
             INVALID_INPUT_CODE,
-            f"--files '{files}' does not exist. Expected a text file listing changed file paths (one per line), not a directory or class name.",
+            f"--files '{files}' does not exist or is a directory. Expected a text file listing changed file paths (one per line).",
             path=str(files),
             hint=(
                 "Create a file with one changed Java file path per line, then pass it with --files. "
@@ -4568,6 +4608,15 @@ def explain_cmd(
     from sourcecode.spring_model import SpringSemanticModel
     from sourcecode.explain import explain_class
 
+    if not class_name.strip():
+        _emit_error_json(
+            INVALID_INPUT_CODE,
+            "Class name must not be empty.",
+            hint="Pass a class name. Example: sourcecode explain UserService .",
+            expected="A non-empty class name.",
+        )
+        raise typer.Exit(code=1)
+
     target = path.resolve()
     if not target.exists() or not target.is_dir():
         _emit_error_json(
@@ -5122,7 +5171,7 @@ def rename_class_cmd(
         help="Output format: json (default) or yaml.",
     ),
 ) -> None:
-    """Rename a Java class throughout the repository (BLOCKER-A fix).
+    """Rename a Java class throughout the repository.
 
     \b
     Renames a Java class safely:
@@ -5133,7 +5182,7 @@ def rename_class_cmd(
       - Updates extends / implements
       - Updates generics, casts, Spring @Qualifier names
       - Renames the physical .java file
-      - Emits a structured change audit trail (BLOCKER-C)
+      - Emits a structured change audit trail
 
     \b
     Examples:
@@ -5244,7 +5293,7 @@ def chunk_file_cmd(
         help="Copy output to clipboard after a successful run.",
     ),
 ) -> None:
-    """Split a large Java file into semantic chunks for AI agent consumption (BLOCKER-B fix).
+    """Split a large Java file into semantic chunks for AI agent consumption.
 
     \b
     Splits a Java file at method/class boundaries so AI agents can read
@@ -5278,6 +5327,16 @@ def chunk_file_cmd(
         )
         raise typer.Exit(1)
 
+    if abs_file.suffix != ".java":
+        _emit_error_json(
+            INVALID_INPUT_CODE,
+            f"'{abs_file.name}' is not a Java file. chunk-file only supports .java files.",
+            path=str(abs_file),
+            hint="Pass a .java source file.",
+            expected="A .java file path.",
+        )
+        raise typer.Exit(1)
+
     result = chunk_java_file(abs_file, max_lines=max_lines, include_content=not metadata_only)
 
     if chunk_id is not None:

{sourcecode-1.35.33 → sourcecode-1.35.34}/src/sourcecode/detectors/java.py

@@ -111,6 +111,8 @@ class JavaDetector(AbstractDetector):
             manifests.append("pom.xml")
             pom_path = context.root / "pom.xml"
             frameworks.extend(self._frameworks_from_pom(pom_path))
+            for child_pom in self._get_child_pom_paths(pom_path):
+                frameworks.extend(self._frameworks_from_pom(child_pom))
             meta = self._parse_pom_metadata(pom_path)
             if meta.get("language_version"):
                 language_version = meta["language_version"]
@@ -232,6 +234,26 @@ class JavaDetector(AbstractDetector):
         _SKIP = frozenset({"test", "it", "integration"})
         return [p for p in profiles if p.lower() not in _SKIP]
 
+    def _get_child_pom_paths(self, root_pom: Path) -> list[Path]:
+        """Return pom.xml paths for direct Maven child modules declared in <modules>."""
+        try:
+            tree = ElementTree.parse(root_pom)
+        except (OSError, ElementTree.ParseError):
+            return []
+        root_elem = tree.getroot()
+        ns_match = _NS_TAG_RE.match(root_elem.tag)
+        ns = ns_match.group(0) if ns_match else ""
+        modules_elem = root_elem.find(f"{ns}modules")
+        if modules_elem is None:
+            return []
+        result = []
+        for mod in modules_elem.findall(f"{ns}module"):
+            if mod.text:
+                child_pom = root_pom.parent / mod.text.strip() / "pom.xml"
+                if child_pom.exists():
+                    result.append(child_pom)
+        return result
+
     def _frameworks_from_pom(self, path: Path) -> list[FrameworkDetection]:
         try:
             tree = ElementTree.parse(path)
@@ -289,7 +311,14 @@ class JavaDetector(AbstractDetector):
             frameworks.append(FrameworkDetection(name="Micronaut", source=source))
         if "io.vertx" in text or "vertx" in text:
             frameworks.append(FrameworkDetection(name="Vert.x", source=source))
-        if "jakarta.ee" in text or "javax.ws.rs" in text:
+        if (
+            "jakarta.ee" in text
+            or "javax.ws.rs-api" in text   # JAX-RS 2.x spec; excludes jsr311-api (1.x API-only jar)
+            or "jakarta.ws.rs" in text      # Jakarta namespace (EE 9+)
+            or "javaee-api" in text         # full Java EE platform
+            or "jakartaee-api" in text      # full Jakarta EE platform
+            or "resteasy" in text           # RESTEasy (JBoss JAX-RS impl)
+        ):
             frameworks.append(FrameworkDetection(name="Jakarta EE", source=source))
         if "mybatis" in text:
             frameworks.append(FrameworkDetection(name="MyBatis", source=source))

{sourcecode-1.35.33 → sourcecode-1.35.34}/src/sourcecode/prepare_context.py

@@ -2464,7 +2464,7 @@ class TaskContextBuilder:
                 # Java-aware algorithm (Fix #2): find Service/RestController/Repository/Mapper
                 # files with no matching test pair in src/test/**
                 _JAVA_TARGET_SUFFIXES = (
-                    "Service.java", "RestController.java",
+                    "Service.java", "Controller.java", "RestController.java",
                     "Repository.java", "Mapper.java",
                 )
                 # Build set of test stems (FooTest → Foo, FooIT → Foo, etc.)

{sourcecode-1.35.33 → sourcecode-1.35.34}/src/sourcecode/rename_refactor.py

@@ -152,6 +152,9 @@ def _find_class_file(
     return None
 
 
+_PKG_IMPORT_RE = re.compile(r'^\s*(?:package|import)\s')
+
+
 def _apply_rename(source: str, old_name: str, new_name: str) -> str:
     """Apply word-boundary replacement for class name (PascalCase and camelCase forms)."""
     result = re.sub(r'\b' + re.escape(old_name) + r'\b', new_name, source)
@@ -159,7 +162,12 @@ def _apply_rename(source: str, old_name: str, new_name: str) -> str:
     old_camel = _to_camel(old_name)
     new_camel = _to_camel(new_name)
     if old_camel != old_name and old_camel in result:
-        result = re.sub(r'\b' + re.escape(old_camel) + r'\b', new_camel, result)
+        camel_re = re.compile(r'\b' + re.escape(old_camel) + r'\b')
+        lines = result.splitlines(keepends=True)
+        result = ''.join(
+            line if _PKG_IMPORT_RE.match(line) else camel_re.sub(new_camel, line)
+            for line in lines
+        )
 
     return result
 
@@ -193,7 +201,12 @@ def _apply_rename_refs_only(source: str, old_name: str, new_name: str) -> str:
     old_camel = _to_camel(old_name)
     new_camel = _to_camel(new_name)
     if old_camel != old_name and old_camel in result:
-        result = re.sub(r'\b' + re.escape(old_camel) + r'\b', new_camel, result)
+        camel_re = re.compile(r'\b' + re.escape(old_camel) + r'\b')
+        lines = result.splitlines(keepends=True)
+        result = ''.join(
+            line if _PKG_IMPORT_RE.match(line) else camel_re.sub(new_camel, line)
+            for line in lines
+        )
 
     return result
 

{sourcecode-1.35.33 → sourcecode-1.35.34}/src/sourcecode/repository_ir.py

@@ -23,6 +23,7 @@ from pathlib import Path
 from typing import Any, Optional
 
 from sourcecode.fqn_utils import normalize_owner_fqn as _normalize_owner_fqn
+from sourcecode.path_filters import is_test_path as _is_test_path
 
 # ---------------------------------------------------------------------------
 # Data classes — Phases 1–4
@@ -3582,13 +3583,37 @@ def find_java_files(root: Path, *, max_files: int = 8000, limitations: list[str]
         except ValueError:
             continue
         parts = rel.split("/")
-        # Skip test dirs
-        if (
-            "/src/test/" in rel or rel.startswith("src/test/")
-            or "/src/tests/" in rel or rel.startswith("src/tests/")
-            or rel.startswith("test/") or rel.startswith("tests/")
-        ):
-            continue
+        # Skip test dirs — use centralised is_test_path (consistent with
+        # extract_java_endpoints), guarded against false positives where a Java
+        # *package* is named "test" inside a production src/main/ source root.
+        if _is_test_path(rel):
+            _skip = True
+            # Prepend "/" so the check works whether or not rel has a leading slash.
+            _rel_sl = "/" + rel
+            if "/src/main/" in _rel_sl:
+                # is_test_path may fire on a package segment (e.g. com.example.test)
+                # rather than a true test module directory.  Only skip when the path
+                # prefix BEFORE src/main/ is itself a test path (meaning the whole
+                # module is a test module, not just a package named "test").
+                _prefix = _rel_sl.split("/src/main/")[0]
+                _prefix_parts = [p for p in _prefix.split("/") if p]
+                # A module is a test module if is_test_path says so OR if any
+                # module directory component starts with "test" (e.g. "test-framework",
+                # "test-providers", "testsuite") OR contains "test"/"tests" as a
+                # hyphen/underscore-separated word (e.g. "jobrunr-micronaut-tests").
+                _prefix_is_test = (
+                    _is_test_path(_prefix + "/x.java")
+                    or any(p.lower().startswith("test") for p in _prefix_parts)
+                    or any(
+                        w in {"test", "tests", "spec", "specs"}
+                        for p in _prefix_parts
+                        for w in p.lower().replace("-", " ").replace("_", " ").split()
+                    )
+                )
+                if not _prefix_is_test:
+                    _skip = False
+            if _skip:
+                continue
         # Skip vendor/generated/build dirs
         if any(part in _VENDOR_DIRS for part in parts[:-1]):
             continue