sourcecode 1.44.0__py3-none-any.whl → 1.45.0__py3-none-any.whl

sourcecode/__init__.py

@@ -1,3 +1,3 @@
 """sourcecode — Deterministic codebase context maps for AI coding agents."""
 
-__version__ = "1.44.0"
+__version__ = "1.45.0"

sourcecode/cli.py

@@ -3685,6 +3685,10 @@ def impact_cmd(
         "-c",
         help="Copy output to system clipboard after a successful run. No-op when --output is used or clipboard is unavailable.",
     ),
+    no_cache: bool = typer.Option(
+        False, "--no-cache",
+        help="Accepted for compatibility; this command always reads fresh source (no snapshot cache). No-op.",
+    ),
 ) -> None:
     """Blast-radius analysis: who calls this class and what breaks if it changes?
 
@@ -3836,6 +3840,10 @@ def endpoints_cmd(
         None, "--limit", "-n",
         help="Maximum number of endpoints to return.",
     ),
+    no_cache: bool = typer.Option(
+        False, "--no-cache",
+        help="Accepted for compatibility; this command always reads fresh source (no snapshot cache). No-op.",
+    ),
 ) -> None:
     """Extract REST API endpoint surface from Java source files.
 
@@ -3899,13 +3907,26 @@ def endpoints_cmd(
     if limit is not None and limit > 0:
         endpoints_list = endpoints_list[:limit]
     if path_prefix or controller or limit is not None:
+        # Preserve the repo-wide aggregates before overwriting them with the
+        # filtered counts, so a --limit/--filter request stays internally
+        # coherent (total must match the security counters it is reported with).
+        _no_sec_before = data.get("no_security_signal")
+        _undoc_before = data.get("undocumented")
+        _no_sec_after = sum(
+            1 for e in endpoints_list
+            if e.get("security", {}).get("policy") == "none_detected"
+        )
         data["endpoints"] = endpoints_list
         data["total"] = len(endpoints_list)
+        data["no_security_signal"] = _no_sec_after
+        data["undocumented"] = _no_sec_after
         data["_filter"] = {
             "path_prefix": path_prefix,
             "controller": controller,
             "limit": limit,
             "total_before_filter": _total_before,
+            "no_security_signal_before_filter": _no_sec_before,
+            "undocumented_before_filter": _undoc_before,
         }
 
     output = _serialize_dict(data, format)
@@ -3948,6 +3969,10 @@ def validation_cmd(
         False, "--gaps-only",
         help="Report only endpoints/fields with no declared validation (the gaps section).",
     ),
+    no_cache: bool = typer.Option(
+        False, "--no-cache",
+        help="Accepted for compatibility; this command always reads fresh source (no snapshot cache). No-op.",
+    ),
 ) -> None:
     """Map request-body validation per endpoint (constraints + custom validators).
 
@@ -3997,14 +4022,21 @@ def validation_cmd(
             g for g in data.get("gaps", [])
             if str(g.get("path", "")).startswith(path_prefix)
         ]
+    _note = data.get("note")
     if gaps_only:
         data = {
             "gaps": data.get("gaps", []),
             "summary": data.get("summary", {}),
         }
+        if _note:
+            data["note"] = _note
 
     output = _serialize_dict(data, format)
     _summary = data.get("summary", {})
+    # Human-facing heads-up when the result is empty purely because no OpenAPI
+    # spec was found — otherwise the all-zero JSON reads as a false negative.
+    if _note:
+        typer.echo(f"Note: {_note}", err=True)
     _emit_command_output(
         output, output_path, copy,
         success_msg=f"Validation surface written to {output_path} "
@@ -4133,6 +4165,10 @@ def spring_audit_cmd(
         "--ci/--no-ci",
         help="Exit with code 1 if any findings at or above --min-severity are found. For CI/CD gates.",
     ),
+    no_cache: bool = typer.Option(
+        False, "--no-cache",
+        help="Accepted for compatibility; this command always reads fresh source (no snapshot cache). No-op.",
+    ),
 ) -> None:
     """Spring semantic audit: TX anomalies (TX-001..005) + security surface (SEC-001..003).
 
@@ -4315,6 +4351,10 @@ def migrate_check_cmd(
         help="Minimum severity to include: critical, high, medium, or low (default).",
         show_default=True,
     ),
+    no_cache: bool = typer.Option(
+        False, "--no-cache",
+        help="Accepted for compatibility; this command always reads fresh source (no snapshot cache). No-op.",
+    ),
 ) -> None:
     """Spring Boot 2→3 migration readiness: detect javax→jakarta namespace blockers.
 
@@ -4423,6 +4463,10 @@ def impact_chain_cmd(
         help="Query type: impact (default) or events.",
         show_default=True,
     ),
+    no_cache: bool = typer.Option(
+        False, "--no-cache",
+        help="Accepted for compatibility; this command always reads fresh source (no snapshot cache). No-op.",
+    ),
 ) -> None:
     """Spring impact-chain: systemic blast radius of a symbol with TX/SEC enrichment.
 
@@ -6135,8 +6179,19 @@ def cache_clear_cmd(
     _clear_ris = include_ris or all_
     if not yes:
         _ris_note = " (including RIS)" if _clear_ris else " (RIS preserved — use --all to also clear it)"
-        import click as _click
-        _click.confirm(f"Delete all cache files for {target}{_ris_note}?", abort=True, err=True)
+        # P1: never block on stdin in a non-interactive context (CI, MCP, pipes).
+        # The interactive prompt is only meaningful on a TTY; elsewhere it would
+        # hang indefinitely waiting for input. Treat non-interactive as confirmed
+        # (clear is idempotent cleanup; RIS is preserved unless --all is passed).
+        if sys.stdin.isatty():
+            import click as _click
+            _click.confirm(f"Delete all cache files for {target}{_ris_note}?", abort=True, err=True)
+        else:
+            typer.echo(
+                f"Non-interactive: clearing cache for {target}{_ris_note}. "
+                "Pass --yes to silence this notice.",
+                err=True,
+            )
     removed = _cm.clear(target, clear_ris=_clear_ris)
     typer.echo(f"Removed {removed} file(s).", err=True)
 

sourcecode/mcp/orchestrator.py

@@ -6,6 +6,29 @@ Converts the MCP from a flat tool collection into a guided agent operating syste
 - run_pr_review_flow: auto-chains delta + review_pr + blast radius
 - run_bug_investigation_flow: auto-chains fix_bug + impact + IR context
 - run_feature_flow: auto-chains context + endpoints + delta + structural awareness
+
+TODO — planned high-value Java/Spring flow presets (audit 2026-06-16, repo SAINT):
+  These extend the existing orchestrator; they are NOT yet implemented.
+
+  1. TODO: implement later — run_migrate_flow
+     Preset wrapping `migrate-check`. Primary high-value entry point for
+     Spring Boot 2→3 planning (audit: produces 1,356-file prioritized
+     inventory in ~6s — the strongest determinante win). Should surface
+     readiness_score, blocking count, per-target breakdown (jakarta /
+     spring_security_6 / java_11) and estimated_effort_days.
+
+  2. TODO: implement later — run_security_audit_flow
+     Preset wrapping `spring-audit` + `endpoints`. Auto-handle the
+     config-less case: when no sourcecode.config.json is present and the
+     repo carries custom security annotations, emit a fallback WARNING +
+     hint to add sourcecode.config.json (customAnnotations) rather than
+     returning a misleading 100% none_detected result.
+
+  3. TODO: implement later — extend R2 orchestration rule (apply_orchestration_rules)
+     Inject preset (1)/(2) when detected intent maps to migration or
+     security audit, mirroring the existing R2 java_no_endpoints rule.
+     Requires new INTENT_MIGRATION / INTENT_SECURITY_AUDIT constants +
+     _INTENT_PATTERNS entries + WORKFLOW_SEQUENCES / FLOW_RUNNERS wiring.
 """
 from __future__ import annotations
 

sourcecode/validation_surface.py

@@ -302,4 +302,19 @@ def build_validation_surface(
     spec_path = endpoints_data.get("openapi_spec")
     if spec_path:
         result["openapi_spec"] = spec_path
+    else:
+        # No OpenAPI spec on disk / under target/generated-sources. Declarative
+        # DTO constraints cannot be recovered, so a sea of zeros here is expected
+        # and NOT a sign the repo lacks validation — it just isn't OpenAPI-driven.
+        # Surface this explicitly so the result is not silently misread as
+        # "no validation anywhere".
+        result["openapi_spec"] = None
+        result["note"] = (
+            "No OpenAPI spec found (no spec on disk or under "
+            "target/generated-sources). Declarative DTO constraints cannot be "
+            "recovered; only source-declared custom validators are reported. "
+            "Body-endpoint and validated-field counts will read zero unless an "
+            "OpenAPI spec is present — this is expected, not a missing-validation "
+            "finding."
+        )
     return result

{sourcecode-1.44.0.dist-info → sourcecode-1.45.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sourcecode
-Version: 1.44.0
+Version: 1.45.0
 Summary: Persistent structural context and ultra-fast repeated analysis for AI coding agents
 License-File: LICENSE
 Keywords: agents,ai,codebase,context,developer-tools,llm
@@ -40,7 +40,7 @@ Description-Content-Type: text/markdown
 
 **Persistent structural context and ultra-fast repeated analysis for AI coding agents.**
 
-![Version](https://img.shields.io/badge/version-1.44.0-blue)
+![Version](https://img.shields.io/badge/version-1.45.0-blue)
 ![Python](https://img.shields.io/badge/python-3.9%2B-green)
 
 ---

{sourcecode-1.44.0.dist-info → sourcecode-1.45.0.dist-info}/RECORD

@@ -1,4 +1,4 @@
-sourcecode/__init__.py,sha256=KCoWiYA4njgsXUEDMnmPU0kheOgqm-RpLky5FPkilQw,103
+sourcecode/__init__.py,sha256=r64WSv9Pulq3yQh1i31dLAG4Q5FJDkTYFw7e54HHTsc,103
 sourcecode/adaptive_scanner.py,sha256=XffluXKzJUXrMtjEiAOnSNPZnztdIcts17T9ouHeID0,10521
 sourcecode/architecture_analyzer.py,sha256=liCwQmLgb5vplohy8arjYxs_HOIv5C9MjLh_gY6bc5Q,44115
 sourcecode/architecture_summary.py,sha256=z34_6v7cSwy98cof2UVciGho7SCrZ93tiqMmq5WNzRQ,20405
@@ -7,7 +7,7 @@ sourcecode/cache.py,sha256=1V3vsaODAa2UBJAC0xpvxpmRdriCezQx5Q8JCcfgziE,31892
 sourcecode/canonical_ir.py,sha256=DEwucOPJguLsVtg5cV8mWXNi112l5jmBhv73KGGebVk,24849
 sourcecode/cir_graphs.py,sha256=9G0HHj1kw2325IDyzo2OpX73BNswEckecf4MZUXB4JM,12078
 sourcecode/classifier.py,sha256=hKzg-nQ47htqqIUzSGvYxv15cXrA3KgICTwJmdqal0o,8095
-sourcecode/cli.py,sha256=fefdVZZtivOormvfKQ4dwW7K3ZDH3Eai5BxPN7Vau2M,254762
+sourcecode/cli.py,sha256=ne0Ok-IYVn5-_sg4XLm5CS6jn58z78RezFbc9DOdOFE,257430
 sourcecode/code_notes_analyzer.py,sha256=EJemNCNc9Dn-1RZYu-aNbK0ELzmsyC4s6FdHi3XyNEI,9392
 sourcecode/confidence_analyzer.py,sha256=_jckZSxksV-OU38vbkxfVNBnWCtlCq8Vwfg23x1uspA,19054
 sourcecode/context_scorer.py,sha256=QpChSpsmaAYz91rXA4Ue5xzQmNz_ZboZN09YOHScq1U,14679
@@ -61,7 +61,7 @@ sourcecode/spring_semantic.py,sha256=O1nKSGVzlukuxLHQVuCPxc-XrcrMFxwlHA20_dmEGgM
 sourcecode/spring_tx_analyzer.py,sha256=FdFcyqPp3aT9oJ-PKrnXcTA6s69wdvzG-NBm0GMGPTU,30717
 sourcecode/summarizer.py,sha256=zgdps7yS2IktAbWe7IWz0oUcr3QIuNPRGrsScbZ4R1g,21797
 sourcecode/tree_utils.py,sha256=8GAkIfQAsvtEudIeW1l4ooH_oRtrWR8cpJQJsEa_Pfw,2093
-sourcecode/validation_surface.py,sha256=gTYGX5L6uLxRd9VlJ5l8lJ7VJc9Gls4YuUnYXWDDCOY,11892
+sourcecode/validation_surface.py,sha256=_HiKeUuN8wk8V2pWp1TRcwB_BwxsxyFWTqzCKGx1B8M,12747
 sourcecode/version_check.py,sha256=CHp6ZxTIfo8kyHPCBgJA1uFC0xQCoXMuuOfrW8QTL8o,4942
 sourcecode/workspace.py,sha256=X_6NmNnitvT3_38V-JDChydo_sR68s249hLFlrQskU0,8271
 sourcecode/detectors/__init__.py,sha256=A0AACJFF6HWf_RgatNtWu3PUzstcKtIGM9f1PoFcJug,1987
@@ -86,7 +86,7 @@ sourcecode/detectors/systems.py,sha256=nYaKbGDFu0EOXFcd_1doWFT3tTUdkbxc2DjHUF5Tc
 sourcecode/detectors/terraform.py,sha256=cxORPR_zVLOJpHlh4e9JnFpkQsn_UnqMMom5yG65hZ4,1693
 sourcecode/detectors/tooling.py,sha256=8CKbtxwQoABP-WyBRNmdAmHDOvAH57AR1cF4UKuWEdQ,2074
 sourcecode/mcp/__init__.py,sha256=XU4HfRGbdid8wdUA0x_4f7uKZD1z3mv_XUY_WU_T9Mw,179
-sourcecode/mcp/orchestrator.py,sha256=BMi1D6liJHI3DXiaC8yeBLLP0wXajpCP3-vnRGqrvnw,26850
+sourcecode/mcp/orchestrator.py,sha256=luOglUaKPaMnsq9j3XI3D-P68ABURYpiP1fojK5LDi4,28177
 sourcecode/mcp/registry.py,sha256=8LxxalpJy1L_BrEfwiVfywFVOcJJMXLGusJaUGGH7Y4,65663
 sourcecode/mcp/runner.py,sha256=-Dp2qPGRkfNTVen6bKh7WtzQqpcEtsrXoiuajvshlKk,2866
 sourcecode/mcp/server.py,sha256=f4-k-nx2amhSghlM7EBeZWyqCMEAGodOgrYPdbIUK08,59891
@@ -101,8 +101,8 @@ sourcecode/telemetry/consent.py,sha256=wLMvGNJeSSyZoNkQXpoUioY6mMv4Qdvuw7S9jAEWn
 sourcecode/telemetry/events.py,sha256=LtzYfaX9Ilckj5PTvAcTpDa9mLqDsYPDUiDkRa58piY,2580
 sourcecode/telemetry/filters.py,sha256=NHa5T-6DaZduQPFuC34jOqHWQgSizM-Ygq8aZ4j19ng,5834
 sourcecode/telemetry/transport.py,sha256=4gGHsq0WeY9VywEZXA3vUxykfiYnw9uuqfjAAec7F8o,1681
-sourcecode-1.44.0.dist-info/METADATA,sha256=0xHtFeZJ0-CMPHbgVACahR0Z11bN0WooJP34TW2xA4g,32359
-sourcecode-1.44.0.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
-sourcecode-1.44.0.dist-info/entry_points.txt,sha256=ex3F9rmbXeyDIoFQHtkEqTsKSaJow8F0LrVu8XfIktQ,57
-sourcecode-1.44.0.dist-info/licenses/LICENSE,sha256=7DdHrU9Z_3e7dSvq4ISijZNjnuHo5NIHNiHDouMQ9JU,10491
-sourcecode-1.44.0.dist-info/RECORD,,
+sourcecode-1.45.0.dist-info/METADATA,sha256=24sPQbi_FdplZlmfRZ1zc3_gQPZEYwbs0HGCY4A59j8,32359
+sourcecode-1.45.0.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
+sourcecode-1.45.0.dist-info/entry_points.txt,sha256=ex3F9rmbXeyDIoFQHtkEqTsKSaJow8F0LrVu8XfIktQ,57
+sourcecode-1.45.0.dist-info/licenses/LICENSE,sha256=7DdHrU9Z_3e7dSvq4ISijZNjnuHo5NIHNiHDouMQ9JU,10491
+sourcecode-1.45.0.dist-info/RECORD,,