sourcecode 1.41.0__py3-none-any.whl → 1.42.0__py3-none-any.whl

sourcecode/__init__.py

@@ -1,3 +1,3 @@
 """sourcecode — Deterministic codebase context maps for AI coding agents."""
 
-__version__ = "1.41.0"
+__version__ = "1.42.0"

sourcecode/repository_ir.py

@@ -134,6 +134,10 @@ _CLASS_DECL_RE = re.compile(
 _METHOD_DECL_RE = re.compile(
     r'^(?P<modifiers>(?:(?:public|private|protected|static|final|synchronized'
     r'|abstract|default|native|strictfp|override)\s+)*)'
+    # Inline (modifier-position) annotations, e.g. `public @ResponseBody Vets foo()`
+    # or `@Valid`, `@Nonnull`. Without this the whole declaration fails to match and
+    # the method (its endpoint + return-type edge) is silently dropped (CH-003/Fase 22).
+    r'(?P<inline_anns>(?:@[\w.]+(?:\s*\([^)]*\))?\s+)*)'
     r'(?:<[\w,\s?]+>\s+)?'
     r'(?P<return_type>(?:void|boolean|byte|char|short|int|long|float|double|String|[\w.<>\[\]?,]+)\s+)'
     r'(?P<name>[a-z_]\w*)\s*\(',
@@ -830,6 +834,11 @@ def _extract_symbols(
                 if mname not in _JAVA_KEYWORDS:
                     fqn = f"{class_fqn}#{mname}"
                     modifiers = _parse_modifier_str(mth_m.group("modifiers") or "")
+                    # Fold modifier-position inline annotations into pending_anns so
+                    # symbol_kind / endpoint detection see them (e.g. @ResponseBody).
+                    for _inl in re.findall(r'@[\w.]+', mth_m.group("inline_anns") or ""):
+                        if _inl not in pending_anns:
+                            pending_anns.append(_inl)
                     used = _resolve_types_from_text(stripped, import_map)
                     conf = "high" if ("public" in modifiers or pending_anns) else "medium"
 
@@ -1330,6 +1339,32 @@ def _build_relations(
                     evidence={"type": "annotation", "value": ann},
                 ))
 
+    # ── Type-usage: return-type edges (CH-003 / Fase 22) ──────────────────────
+    # A method's declared return type is a real dependency edge the call/DI graph
+    # misses: for a value/DTO/response type returned (esp. @ResponseBody) by a
+    # controller handler, this is the ONLY link from the type back to its endpoint.
+    # method → returnTypeFQN, type="returns".  Resolution reuses _resolve_dep_type,
+    # so only in-repo / imported types produce edges (primitives & void are skipped).
+    _PRIMITIVE_RETURNS: frozenset[str] = frozenset({
+        "void", "boolean", "byte", "char", "short", "int", "long", "float",
+        "double", "String", "Object",
+    })
+    for sym in symbols:
+        if sym.type != "method" or not sym.return_type:
+            continue
+        _ret_base = re.sub(r'<.*', '', sym.return_type).replace("[]", "").strip()
+        if not _ret_base or _ret_base in _PRIMITIVE_RETURNS or not _ret_base[0].isupper():
+            continue
+        _ret_fqn = _resolve_dep_type(_ret_base)
+        if _ret_fqn and _ret_fqn != _enclosing_class(sym.symbol):
+            edges.append(RelationEdge(
+                from_symbol=sym.symbol,
+                to_symbol=_ret_fqn,
+                type="returns",
+                confidence="high",
+                evidence={"type": "return_type", "value": sym.return_type},
+            ))
+
     _class_syms = [s for s in symbols if s.type in ("class", "interface") and "#" not in s.symbol]
 
     # Strip comments before event scanning to prevent Javadoc examples from
@@ -1425,6 +1460,46 @@ def _build_relations(
                     evidence={"type": "signature", "value": f"{ev_label}<{event_simple}>"},
                 ))
 
+    # ── Type-usage: instantiation edges (CH-003 / Fase 22) ────────────────────
+    # `new T(...)` couples the instantiating class to T — a type-usage edge the
+    # call/DI graph misses. Attributed at class level (one primary type per file,
+    # mirroring the publishes_event scan). Controllers are EXCLUDED: their value-type
+    # coupling is already covered precisely by `returns` edges, and a class-level
+    # edge from a controller would broaden a DTO's impact to every route on that
+    # controller (false breadth). Method-level attribution is a future refinement.
+    # Controller-like = class-level @RestController/@Controller OR a class that owns
+    # any endpoint-handler method (mappings are often only method-level).
+    _classes_with_endpoints = {
+        _enclosing_class(s.symbol) for s in symbols if s.symbol_kind == "endpoint"
+    }
+    _instantiating_controllers = {
+        s.symbol for s in symbols
+        if s.type in ("class", "interface")
+        and (
+            any(a in ("@RestController", "@Controller") for a in s.annotations)
+            or s.symbol in _classes_with_endpoints
+        )
+    }
+    _non_controller_classes = [
+        s for s in _class_syms if s.symbol not in _instantiating_controllers
+    ]
+    if _non_controller_classes:
+        _inst_targets: set[str] = set()
+        for _m in re.finditer(r'\bnew\s+([A-Z]\w*)\s*[(<]', _source_no_comments):
+            _t_fqn = _resolve_dep_type(_m.group(1))
+            if _t_fqn:
+                _inst_targets.add(_t_fqn)
+        for cls_sym in _non_controller_classes:
+            for _tgt in sorted(_inst_targets):
+                if _tgt != cls_sym.symbol:
+                    edges.append(RelationEdge(
+                        from_symbol=cls_sym.symbol,
+                        to_symbol=_tgt,
+                        type="instantiates",
+                        confidence="medium",
+                        evidence={"type": "method_call", "value": f"new {_tgt.split('.')[-1]}(...)"},
+                    ))
+
     seen: set[tuple[str, str, str]] = set()
     unique: list[RelationEdge] = []
     for e in edges:

sourcecode/spring_impact.py

@@ -129,6 +129,50 @@ class ImpactChainResult:
         return d
 
 
+# ---------------------------------------------------------------------------
+# CH-003 — value/DTO type blind-spot detection
+# ---------------------------------------------------------------------------
+# The impact graph models call + DI/injection edges but not *type-usage* edges
+# (constructor instantiation `new T()`, field/local-variable type, and method
+# return type incl. @ResponseBody). For a service/repository the call+DI edges
+# cover the real blast radius; for a value/DTO/response type they cover nothing,
+# so its impact is invisible — and an all-zero result reported at confidence=high
+# reads as "globally dead" (a dangerous false negative). Until type-usage edges
+# are modelled (Fase 22 / CH-002), positively identify plain value types and
+# downgrade confidence + warn instead of asserting an empty high-confidence result.
+_STEREOTYPE_ANNOTATIONS = frozenset({
+    "@Service", "@Repository", "@Controller", "@RestController",
+    "@Component", "@Configuration", "@ControllerAdvice",
+    "@RestControllerAdvice", "@Bean",
+})
+_VALUE_TYPE_KINDS = frozenset({"class", "enum", "record"})
+
+
+def _is_unmodeled_value_type(cir, class_fqn: str, model) -> bool:
+    """True iff class_fqn is positively a plain value/DTO type whose blast radius
+    flows only through type-usage edges the impact graph does not model.
+
+    Conservative: returns False whenever the type cannot be positively confirmed
+    (node metadata absent, stereotype annotation present, recognized Spring role,
+    or controller) so spine symbols and incomplete-IR cases keep legacy behaviour.
+    """
+    graph = (getattr(cir, "_raw_ir", None) or {}).get("graph") or {}
+    node = next((n for n in (graph.get("nodes") or []) if n.get("fqn") == class_fqn), None)
+    if node is None:
+        return False  # cannot confirm — stay conservative (preserves IC-V3)
+    if (node.get("symbol_kind") or node.get("type")) not in _VALUE_TYPE_KINDS:
+        return False  # interface / annotation / bean-method etc.
+    anns = node.get("annotations") or []
+    if any(a.split("(", 1)[0] in _STEREOTYPE_ANNOTATIONS for a in anns):
+        return False  # Spring stereotype bean — spine participant
+    if (node.get("role") or "other") != "other":
+        return False  # recognized Spring role (repository/service/controller/mapper)
+    controllers = getattr(getattr(model, "endpoint_index", None), "controller_fqns", frozenset())
+    if class_fqn in controllers:
+        return False
+    return True
+
+
 # ---------------------------------------------------------------------------
 # Symbol resolution
 # ---------------------------------------------------------------------------
@@ -706,9 +750,31 @@ class ImpactOrchestrator:
             impact_findings_raw,
         )
 
+        # CH-003: empty blast radius on a positively-identified value/DTO type is a
+        # type-usage blind spot, not proof of dead code — warn + drop confidence.
+        empty_blast = (
+            not direct_callers and not indirect_callers
+            and not endpoints_affected and not subtype_classes_added
+        )
+        value_type_blind_spot = (
+            empty_blast
+            and "#" not in resolved_symbol
+            and resolution != "not_found"
+            and _is_unmodeled_value_type(cir, resolved_symbol, model)
+        )
+        if value_type_blind_spot:
+            warnings.append(
+                "Type-usage edges not modeled (CH-003): this type's blast radius flows "
+                "through instantiation (new T()), field/local types, and method return "
+                "types (incl. @ResponseBody) — edges impact-chain does not yet track. "
+                "An empty result is NOT proof the type is unused."
+            )
+
         confidence: str
         if resolution == "not_found":
             confidence = "low"
+        elif value_type_blind_spot:
+            confidence = "low"
         elif resolution == "partial" or warnings:
             confidence = "medium"
         else:

{sourcecode-1.41.0.dist-info → sourcecode-1.42.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sourcecode
-Version: 1.41.0
+Version: 1.42.0
 Summary: Persistent structural context and ultra-fast repeated analysis for AI coding agents
 License-File: LICENSE
 Keywords: agents,ai,codebase,context,developer-tools,llm

{sourcecode-1.41.0.dist-info → sourcecode-1.42.0.dist-info}/RECORD

@@ -1,4 +1,4 @@
-sourcecode/__init__.py,sha256=O5H1yHp5Huzjec-tRroSc8Z3rDJeqdAGgZ9MFZAqxnY,103
+sourcecode/__init__.py,sha256=qXpArucbDluvdwLNZfPMDizlqCc5pgoRka_QbdanHCg,103
 sourcecode/adaptive_scanner.py,sha256=XffluXKzJUXrMtjEiAOnSNPZnztdIcts17T9ouHeID0,10521
 sourcecode/architecture_analyzer.py,sha256=liCwQmLgb5vplohy8arjYxs_HOIv5C9MjLh_gY6bc5Q,44115
 sourcecode/architecture_summary.py,sha256=z34_6v7cSwy98cof2UVciGho7SCrZ93tiqMmq5WNzRQ,20405
@@ -44,7 +44,7 @@ sourcecode/redactor.py,sha256=SB4hwIvg8h-hvcqKcDWaZvA-aSyn-at-BIRwa0tUv5E,3227
 sourcecode/relevance_scorer.py,sha256=0AgEt4KrV73nioMqBgjhGjtY7L2C7L7cSyKtj3IKcrw,9408
 sourcecode/rename_refactor.py,sha256=h6dNFlB9aZ_3q6heeHBkgXQeXaT03nvPSsYH6P8qxFg,12965
 sourcecode/repo_classifier.py,sha256=FG1vaWKdWXsWdl-S8hjVMiTqcwgaRXkDyvK4rPcOGtQ,22681
-sourcecode/repository_ir.py,sha256=-rHQSinIMEa6lcbPdyoJzYB-USB9yX_9bsaWJgJqwHs,202432
+sourcecode/repository_ir.py,sha256=iSxk1Z5QZehHOG05naDxtT1_vhyyyPHlqzNDoK0HXXg,206573
 sourcecode/ris.py,sha256=RcqLVwC-doFcKKViYDkCjZLBqf_wzLES7-F6vHEeWzE,20419
 sourcecode/runtime_classifier.py,sha256=uTAD6BDCiBLUZEDRfqk718kM4RTT_vAbfkcOI2_Xx58,18432
 sourcecode/scanner.py,sha256=WdOQ78mMzjR1NjmKTlbxdgwinnCTfAhxCVLBEFQiFHU,8899
@@ -54,7 +54,7 @@ sourcecode/semantic_analyzer.py,sha256=4OdG6tTSnTvq3_dSWMbQu8Ad1ndSCKeG-b9qM4hIx
 sourcecode/serializer.py,sha256=TGzftrSKitZrtl6Hh-R05s4KdTOxwTmph_lGDbo2Wzg,125015
 sourcecode/spring_event_topology.py,sha256=5_ON_21Le5zbG-1GRc5GLIi5HJfy_QjcXLVPC5WeUGQ,18055
 sourcecode/spring_findings.py,sha256=G7Or2lKBUQbcTDqudLvSs9XvNg_YoAa-_lBOG_ULs8E,5457
-sourcecode/spring_impact.py,sha256=pg_SWogs2ylNF-Tjz_6AgPtJGePrr3VQeyeFYK6-NzA,35228
+sourcecode/spring_impact.py,sha256=rUKSiCfXh9NpC9a97KvjCu6Kn8bYezTnMDY3F7sgtCI,38737
 sourcecode/spring_model.py,sha256=zOAgFmrRbG4a6KLm1TJl55aWMyPNsz3OS3FSczqPG6A,16594
 sourcecode/spring_security_audit.py,sha256=XtPJ1SXlZJ8k6VYmaWuAp7Bbir4UmreAL7doIGQ5I7o,20595
 sourcecode/spring_semantic.py,sha256=O1nKSGVzlukuxLHQVuCPxc-XrcrMFxwlHA20_dmEGgM,13307
@@ -101,8 +101,8 @@ sourcecode/telemetry/consent.py,sha256=wLMvGNJeSSyZoNkQXpoUioY6mMv4Qdvuw7S9jAEWn
 sourcecode/telemetry/events.py,sha256=LtzYfaX9Ilckj5PTvAcTpDa9mLqDsYPDUiDkRa58piY,2580
 sourcecode/telemetry/filters.py,sha256=NHa5T-6DaZduQPFuC34jOqHWQgSizM-Ygq8aZ4j19ng,5834
 sourcecode/telemetry/transport.py,sha256=4gGHsq0WeY9VywEZXA3vUxykfiYnw9uuqfjAAec7F8o,1681
-sourcecode-1.41.0.dist-info/METADATA,sha256=fbTRvu0l7OOyoWnIFFNkEmSfEPtFzg3uSNvD33MsbLU,32359
-sourcecode-1.41.0.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
-sourcecode-1.41.0.dist-info/entry_points.txt,sha256=ex3F9rmbXeyDIoFQHtkEqTsKSaJow8F0LrVu8XfIktQ,57
-sourcecode-1.41.0.dist-info/licenses/LICENSE,sha256=7DdHrU9Z_3e7dSvq4ISijZNjnuHo5NIHNiHDouMQ9JU,10491
-sourcecode-1.41.0.dist-info/RECORD,,
+sourcecode-1.42.0.dist-info/METADATA,sha256=-O4gIf7ctCGPrfXwVg1AeRL0b8K-w9ShFnpbLl4Nyj8,32359
+sourcecode-1.42.0.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
+sourcecode-1.42.0.dist-info/entry_points.txt,sha256=ex3F9rmbXeyDIoFQHtkEqTsKSaJow8F0LrVu8XfIktQ,57
+sourcecode-1.42.0.dist-info/licenses/LICENSE,sha256=7DdHrU9Z_3e7dSvq4ISijZNjnuHo5NIHNiHDouMQ9JU,10491
+sourcecode-1.42.0.dist-info/RECORD,,