sourcecode 1.46.0__tar.gz → 1.50.0__tar.gz

{sourcecode-1.46.0 → sourcecode-1.50.0}/CHANGELOG.md

@@ -1,5 +1,99 @@
 # Changelog
 
+## [1.50.0] — 2026-06-17
+
+### Fixed
+- **F-1 — `impact-chain` confidence no longer capped at `medium` by informational
+  warnings.** Confidence was computed as `medium` whenever *any* warning was present, but
+  the CH-001a/b interface↔implementation expansion notices ("Interface implementation
+  expansion: added N symbols…") are appended on every Spring interface/impl query — the
+  overwhelmingly common case — so a clean exact/`class_expanded` resolution could never
+  report `high`. The signal was meaningless: `medium` meant "normal", not "degraded".
+
+  Fix: track a `confidence_reducing` flag set only by genuinely degrading conditions
+  (hub-guard capped traversal); informational expansion notices no longer affect
+  confidence. `partial` resolution and blind-spot guards (CH-003/CH-005) still degrade as
+  before. Verified on shopizer: `impact-chain ProductService` now reports `confidence:high`
+  (was `medium`) while still surfacing the expansion notice. 2 regression tests
+  (`TestConfidenceNotCappedByInfoWarnings`): expansion warning keeps `high`, hub-guard
+  truncation still caps to `medium`.
+
+  Closes the v1.47.0 field-benchmark backlog (F-3 → CH-006 v1.48.0, F-2 → v1.49.0,
+  F-1 → this release).
+
+## [1.49.0] — 2026-06-17
+
+### Added
+- **F-2 — honest WebFlux / functional-routing signal in `endpoints`.** The endpoint
+  surface models annotation-based routing (`@RequestMapping`/`@GetMapping`, JAX-RS) only.
+  Routes registered via the functional DSL (`route().GET("/path", handler)` /
+  `RouterFunction` / `CustomEndpoint`) were silently invisible — the v1.47.0 field
+  benchmark found `endpoints` returned **0** for all of halo (a reactive app with 168
+  functional registrations across 51 files), which an agent could misread as "this app
+  exposes no endpoints". `endpoints` now detects functional routing and reports a
+  `functional_routing` block (`files`, `route_registrations`, `modeled: false`) plus a
+  warning; when the annotation surface is empty but functional routes exist, the warning
+  explicitly says not to read it as "no endpoints".
+
+  Deliberately does **not** synthesize endpoint entries: the literal DSL paths are
+  relative (real paths depend on `nest()`/group-version prefixes unresolvable statically),
+  and emitting partial paths would mislead more than an empty surface (same false-positive
+  hazard CH-006 just removed). Full functional-route modeling is a separate effort.
+  Validated: halo → 168 registrations surfaced; shopizer (annotation MVC) → no false
+  trigger, 286 endpoints unchanged. 3 regression tests
+  (`test_functional_routing_surface.py`).
+
+## [1.48.0] — 2026-06-17
+
+### Fixed
+- **CH-006 — hub-interface caller over-expansion (false-positive callers) in
+  `impact-chain`.** `implements` and `extends` are structural type declarations, not
+  calls, but they were being traversed in the caller BFS. The reverse edge on an
+  interface/base lists its implementors/subclasses, so querying a class that implements a
+  high-fanout in-repo interface attributed **every sibling implementor** as a "direct
+  caller". Found in the v1.47.0 field benchmark: `impact-chain ThumbnailEndpoint` on halo
+  reported 42 direct callers — the other 42 `CustomEndpoint` implementors, none of which
+  call it — inflating a leaf endpoint to `risk:high`. The shopizer monolith had the same
+  pattern via its shared `Mapper<E,D>` base (45 phantom mapper callers on `ProductService`).
+
+  Fix: add `implements`/`extends` to the BFS edge-skip set. This is loss-free — the wanted
+  interface→implementation expansion (CH-001a/b) flows through `ImplementationGraph`
+  indices, not these reverse-graph edges, and real callers travel `injects`/`calls` edges.
+  Verified on both repos: halo `ThumbnailEndpoint` 42→0 false callers (`risk:high`→`low`);
+  shopizer `ProductService` real callers preserved (32 direct unchanged) while 45 phantom
+  `Mapper` callers — confirmed to have zero references to the queried symbol — were dropped.
+  2 regression tests (`TestHubInterfaceOverExpansion`): sibling implementors excluded, real
+  `injects` caller through a shared interface preserved.
+
+  Complements CH-005: that guard handles *external* supertypes (under-reporting); CH-006
+  handles *in-repo high-fanout* supertypes (over-reporting). False positives are worse than
+  an empty result — they actively misdirect a change — so this is the higher-leverage half.
+
+## [1.47.0] — 2026-06-17
+
+### Added
+- **CH-005 — framework/external-interface DI blind-spot detection in `impact-chain`.**
+  When a queried class has an empty blast radius *and* implements/extends an external
+  framework supertype (one the in-repo `ImplementationGraph` deliberately drops — e.g.
+  Spring Security's `RedirectStrategy`, a servlet `Filter`), `impact-chain` now positively
+  detects it instead of silently reporting `0 callers / risk:low` at `confidence=high`.
+  Such classes are wired by framework DI/config and invoked polymorphically through the
+  external type, so no in-repo edge names their methods — the empty result is an
+  unmodeled-edge blind spot, not proof of dead code. The query now:
+  - drops `confidence` to `low`,
+  - exposes `metadata.blind_spots` (`framework_di`) and `metadata.external_supertypes`,
+  - emits a `CH-005` warning pointing the agent to search DI/security/config wiring for
+    the supertype to recover the real callers.
+
+  Inert marker interfaces (`Serializable`, `Cloneable`, `Externalizable`) are excluded —
+  they carry no methods, so no polymorphic dispatch and no hidden blast radius.
+
+  This converts a dangerous false negative ("looks safe to change") into an honest "look
+  further" signal. It does **not** recover the real callers (they flow through framework
+  wiring the static call-graph never traverses); that is a separate, larger effort.
+  Mirrors the existing CH-003 value-type guard. Validated end-to-end on BroadleafCommerce
+  (`LocalRedirectStrategy` → flagged; `FieldDaoImpl` with 16 real callers → not flagged).
+
 ## [1.46.0] — 2026-06-16
 
 ### Added

{sourcecode-1.46.0 → sourcecode-1.50.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sourcecode
-Version: 1.46.0
+Version: 1.50.0
 Summary: Persistent structural context and ultra-fast repeated analysis for AI coding agents
 License-File: LICENSE
 Keywords: agents,ai,codebase,context,developer-tools,llm
@@ -40,7 +40,7 @@ Description-Content-Type: text/markdown
 
 **Persistent structural context and ultra-fast repeated analysis for AI coding agents.**
 
-![Version](https://img.shields.io/badge/version-1.46.0-blue)
+![Version](https://img.shields.io/badge/version-1.50.0-blue)
 ![Python](https://img.shields.io/badge/python-3.9%2B-green)
 
 ---
@@ -368,6 +368,8 @@ sourcecode endpoints /path/to/repo --output endpoints.json
 
 Extracts all Spring MVC (`@GetMapping`, `@PostMapping`, `@RequestMapping`, etc.) and JAX-RS (`@GET`, `@POST`, `@Path`) endpoint methods. Returns HTTP method, path, controller class, and handler method.
 
+**Functional / WebFlux routing (honest limitation).** Routes registered via the functional DSL — `route().GET("/path", handler)` / `RouterFunction` / `CustomEndpoint`, common in reactive Spring apps — are **not** modeled (their real paths depend on `nest()`/group-version prefixes that can't be resolved statically). Rather than emit partial paths that would mislead, the output reports a `functional_routing` block (`files`, `route_registrations`, `modeled: false`) plus a warning. When the annotation surface is empty but functional routes exist, the warning explicitly tells you not to read it as "no endpoints". Annotation-based (MVC/JAX-RS) repos are unaffected.
+
 **Custom security annotations.** Enterprise repos often guard endpoints with a bespoke annotation instead of `@PreAuthorize`/`@Secured`. Drop a `sourcecode.config.json` at the repo root to teach the scanner about it — otherwise those endpoints report `policy: "none_detected"`:
 
 ```json
@@ -435,6 +437,12 @@ Unlike `impact` (which traces the caller graph), `impact-chain` builds on the Sp
 | `security_surfaces` | Per-endpoint security policy + SEC finding IDs |
 | `impact_findings` | TX-001..005 and SEC-001..003 findings that touch the call chain |
 | `risk_level` | `critical` \| `high` \| `medium` \| `low` |
+| `confidence` | `high` \| `medium` \| `low` — `low` on a detected blind spot, `medium` on partial resolution or capped traversal. Informational interface↔impl expansion notices do **not** lower it, so a clean resolved query stays `high`. |
+| `metadata.blind_spots` | `framework_di` and/or `value_type` when an empty result is unmodeled-edge driven, not real dead code |
+
+**Framework/DI blind spot (CH-005).** An empty blast radius is ambiguous: genuinely unused, or invoked through an edge the static graph does not model. When the target class implements/extends an **external** framework type (e.g. Spring Security's `RedirectStrategy`, a servlet `Filter`) it is typically wired by framework DI/config and invoked polymorphically — no in-repo edge names its methods, so `direct_callers` is `0`. Rather than report that as `risk:low` at high confidence (a dangerous false negative that reads as "safe to change"), `impact-chain` detects the external supertype, drops `confidence` to `low`, lists it in `metadata.external_supertypes`, and emits a `CH-005` warning telling you to search the DI/security/config wiring for the supertype. Inert markers (`Serializable`, `Cloneable`) are excluded.
+
+**Caller precision (CH-006).** `implements`/`extends` are structural type declarations, not calls — so they are excluded from the caller graph. Querying a class that implements a high-fanout interface (e.g. a 40-implementor `CustomEndpoint` or a shared `Mapper<E,D>` base) does **not** report its sibling implementors as callers; only real `injects`/`calls` edges count. This prevents a leaf class from being inflated to a large false blast radius.
 
 **Event topology** — query the publisher/consumer graph for a Spring event class:
 

{sourcecode-1.46.0 → sourcecode-1.50.0}/README.md

@@ -2,7 +2,7 @@
 
 **Persistent structural context and ultra-fast repeated analysis for AI coding agents.**
 
-![Version](https://img.shields.io/badge/version-1.46.0-blue)
+![Version](https://img.shields.io/badge/version-1.50.0-blue)
 ![Python](https://img.shields.io/badge/python-3.9%2B-green)
 
 ---
@@ -330,6 +330,8 @@ sourcecode endpoints /path/to/repo --output endpoints.json
 
 Extracts all Spring MVC (`@GetMapping`, `@PostMapping`, `@RequestMapping`, etc.) and JAX-RS (`@GET`, `@POST`, `@Path`) endpoint methods. Returns HTTP method, path, controller class, and handler method.
 
+**Functional / WebFlux routing (honest limitation).** Routes registered via the functional DSL — `route().GET("/path", handler)` / `RouterFunction` / `CustomEndpoint`, common in reactive Spring apps — are **not** modeled (their real paths depend on `nest()`/group-version prefixes that can't be resolved statically). Rather than emit partial paths that would mislead, the output reports a `functional_routing` block (`files`, `route_registrations`, `modeled: false`) plus a warning. When the annotation surface is empty but functional routes exist, the warning explicitly tells you not to read it as "no endpoints". Annotation-based (MVC/JAX-RS) repos are unaffected.
+
 **Custom security annotations.** Enterprise repos often guard endpoints with a bespoke annotation instead of `@PreAuthorize`/`@Secured`. Drop a `sourcecode.config.json` at the repo root to teach the scanner about it — otherwise those endpoints report `policy: "none_detected"`:
 
 ```json
@@ -397,6 +399,12 @@ Unlike `impact` (which traces the caller graph), `impact-chain` builds on the Sp
 | `security_surfaces` | Per-endpoint security policy + SEC finding IDs |
 | `impact_findings` | TX-001..005 and SEC-001..003 findings that touch the call chain |
 | `risk_level` | `critical` \| `high` \| `medium` \| `low` |
+| `confidence` | `high` \| `medium` \| `low` — `low` on a detected blind spot, `medium` on partial resolution or capped traversal. Informational interface↔impl expansion notices do **not** lower it, so a clean resolved query stays `high`. |
+| `metadata.blind_spots` | `framework_di` and/or `value_type` when an empty result is unmodeled-edge driven, not real dead code |
+
+**Framework/DI blind spot (CH-005).** An empty blast radius is ambiguous: genuinely unused, or invoked through an edge the static graph does not model. When the target class implements/extends an **external** framework type (e.g. Spring Security's `RedirectStrategy`, a servlet `Filter`) it is typically wired by framework DI/config and invoked polymorphically — no in-repo edge names its methods, so `direct_callers` is `0`. Rather than report that as `risk:low` at high confidence (a dangerous false negative that reads as "safe to change"), `impact-chain` detects the external supertype, drops `confidence` to `low`, lists it in `metadata.external_supertypes`, and emits a `CH-005` warning telling you to search the DI/security/config wiring for the supertype. Inert markers (`Serializable`, `Cloneable`) are excluded.
+
+**Caller precision (CH-006).** `implements`/`extends` are structural type declarations, not calls — so they are excluded from the caller graph. Querying a class that implements a high-fanout interface (e.g. a 40-implementor `CustomEndpoint` or a shared `Mapper<E,D>` base) does **not** report its sibling implementors as callers; only real `injects`/`calls` edges count. This prevents a leaf class from being inflated to a large false blast radius.
 
 **Event topology** — query the publisher/consumer graph for a Spring event class:
 

{sourcecode-1.46.0 → sourcecode-1.50.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "sourcecode"
-version = "1.46.0"
+version = "1.50.0"
 description = "Persistent structural context and ultra-fast repeated analysis for AI coding agents"
 readme = "README.md"
 requires-python = ">=3.9"

{sourcecode-1.46.0 → sourcecode-1.50.0}/src/sourcecode/__init__.py

@@ -1,3 +1,3 @@
 """sourcecode — Deterministic codebase context maps for AI coding agents."""
 
-__version__ = "1.46.0"
+__version__ = "1.50.0"

{sourcecode-1.46.0 → sourcecode-1.50.0}/src/sourcecode/repository_ir.py

@@ -3829,6 +3829,18 @@ def extract_java_endpoints(root: Path) -> "dict[str, Any]":
     all_symbols: list[SymbolRecord] = []
     extends_map: dict[str, str] = {}
 
+    # F-2: detect WebFlux / functional (RouterFunction) routing. Such routes register
+    # via a fluent DSL (route().GET("/path", handler)) instead of @RequestMapping
+    # annotations, so the annotation-based surface built below does not see them. We
+    # deliberately do NOT synthesize endpoint entries: the literal paths here are
+    # relative (the real path includes nest()/group-version prefixes that cannot be
+    # resolved statically), and emitting partial paths would mislead more than an empty
+    # surface. Instead we count them and surface an honest limitation so a zero/partial
+    # annotation surface is never read as "this app exposes no endpoints".
+    _FN_ROUTE_RE = _re.compile(r'\.(?:GET|POST|PUT|DELETE|PATCH|HEAD|OPTIONS)\s*\(\s*"')
+    _fn_route_files: set[str] = set()
+    _fn_route_count = 0
+
     for jf in java_files:
         try:
             source = jf.read_text(encoding="utf-8", errors="replace")
@@ -3838,6 +3850,11 @@ def extract_java_endpoints(root: Path) -> "dict[str, Any]":
             rel = str(jf.relative_to(root)).replace("\\", "/")
         except ValueError:
             rel = str(jf).replace("\\", "/")
+        if "RouterFunction" in source or "RequestPredicates" in source:
+            _fn_hits = len(_FN_ROUTE_RE.findall(source))
+            if _fn_hits:
+                _fn_route_files.add(rel)
+                _fn_route_count += _fn_hits
         _, symbols, _ = _extract_symbols(source, rel, extra_capture=_extra_capture)
         for sym in symbols:
             all_symbols.append(sym)
@@ -4045,6 +4062,26 @@ def extract_java_endpoints(root: Path) -> "dict[str, Any]":
         result["spec_sourced_endpoints"] = len(_spec_endpoints)
         if _openapi_spec_path:
             result["openapi_spec"] = _openapi_spec_path
+    # F-2: surface functional/RouterFunction routing as an honest limitation. Not modeled
+    # in the surface above; counted so an empty/partial annotation surface is not misread.
+    if _fn_route_count:
+        result["functional_routing"] = {
+            "files": len(_fn_route_files),
+            "route_registrations": _fn_route_count,
+            "modeled": False,
+        }
+        _fr_msg = (
+            f"{_fn_route_count} functional route registration(s) across "
+            f"{len(_fn_route_files)} file(s) use WebFlux/RouterFunction routing "
+            f'(route().GET("/path", handler)), which is NOT modeled here — this surface '
+            f"covers annotation-based (@RequestMapping/@GetMapping) endpoints only."
+        )
+        if not endpoints:
+            _fr_msg += (
+                " This surface is EMPTY despite functional routes being present — "
+                "do NOT read it as 'no endpoints'; the app's HTTP surface is unmodeled."
+            )
+        result.setdefault("warnings", []).append(_fr_msg)
     return result
 
 

{sourcecode-1.46.0 → sourcecode-1.50.0}/src/sourcecode/spring_impact.py

@@ -44,7 +44,18 @@ _SCHEMA_VERSION = "1.0"
 #                Only appears on class nodes, never method nodes. Including it
 #                chains through DTOs and entities that merely reference the service
 #                type, inflating caller counts without semantic value.
-_SKIP_EDGE_TYPES: frozenset[str] = frozenset({"contained_in", "imports"})
+# implements /  — CH-006: structural type declarations, NOT calls. The reverse edge
+# extends        on an interface/base lists its implementors/subclasses; an
+#                implementor does not *call* the interface by virtue of implementing
+#                it. Traversing these attributes every SIBLING implementor of a shared
+#                interface as a "caller". On a high-fanout in-repo hub interface (e.g.
+#                halo's CustomEndpoint, 43 implementors) this turned a leaf endpoint
+#                into 42 false direct callers / risk:high. Interface→impl expansion that
+#                IS wanted (CH-001a/b) flows through ImplementationGraph indices, not
+#                through these reverse-graph edges, so excluding them here is loss-free.
+_SKIP_EDGE_TYPES: frozenset[str] = frozenset(
+    {"contained_in", "imports", "implements", "extends"}
+)
 
 # Max BFS depth guard — caller growth is bounded per _bfs_callers
 _BFS_DEFAULT_DEPTH = 4
@@ -148,6 +159,68 @@ _STEREOTYPE_ANNOTATIONS = frozenset({
 _VALUE_TYPE_KINDS = frozenset({"class", "enum", "record"})
 
 
+# ---------------------------------------------------------------------------
+# CH-005 — framework/external-interface DI blind-spot detection
+# ---------------------------------------------------------------------------
+# When a class implements/extends a type that is NOT an in-repo symbol (a
+# framework or library supertype — e.g. Spring Security's RedirectStrategy, a
+# servlet Filter, a JPA base), the class is typically invoked polymorphically
+# *through that external type* and wired by framework DI/config. No in-repo call
+# edge ever names the impl's own method, and ImplementationGraph.build()
+# deliberately drops external supertypes (cir_graphs: `to_fqn not in
+# known_symbols` → skipped), so CH-001b cannot expand to the interface. Result:
+# impact-chain reports 0 callers / risk:low at confidence=high — a dangerous
+# false negative, since the real blast radius flows through framework wiring the
+# static call-graph never traverses. Detect the external supertype positively,
+# warn, and downgrade confidence (parallel to the CH-003 value-type guard).
+#
+# Inert marker interfaces carry no methods → no polymorphic dispatch → no hidden
+# blast radius, so they are excluded to avoid firing on plain Serializable DTOs.
+_INERT_MARKER_SUPERTYPES = frozenset({
+    "Serializable", "java.io.Serializable",
+    "Cloneable", "java.lang.Cloneable",
+    "Externalizable", "java.io.Externalizable",
+})
+
+
+def _external_supertypes(cir, class_fqn: str) -> list[str]:
+    """Return supertypes of class_fqn that are NOT in-repo symbols.
+
+    Reads raw implements/extends edges from cir.dependencies and keeps only those
+    whose target cannot be resolved to a single in-repo class (i.e. framework /
+    library types). Mirrors ImplementationGraph's resolution rules (exact FQN
+    match, then unambiguous simple-name match) so the internal/external split is
+    identical. Inert marker interfaces are dropped. Order-preserving, deduped.
+    """
+    deps = getattr(cir, "dependencies", None) or []
+    known: set[str] = set(getattr(cir, "symbols", None) or [])
+    simple_to_fqn: dict[str, list[str]] = {}
+    for sym in known:
+        if "#" not in sym and "." in sym:
+            simple_to_fqn.setdefault(sym.rsplit(".", 1)[1], []).append(sym)
+
+    external: list[str] = []
+    for edge in deps:
+        if edge.get("type") not in ("implements", "extends"):
+            continue
+        frm = normalize_owner_fqn((edge.get("from") or "").strip())
+        if frm != class_fqn:
+            continue
+        to = (edge.get("to") or "").strip()
+        if not to or ">" in to or "<" in to:
+            continue
+        simple = to.rsplit(".", 1)[1] if "." in to else to
+        if simple in _INERT_MARKER_SUPERTYPES or to in _INERT_MARKER_SUPERTYPES:
+            continue
+        # Internal if it resolves to exactly one in-repo class (exact or simple-name).
+        if to in known:
+            continue
+        if len(simple_to_fqn.get(simple, [])) == 1:
+            continue
+        external.append(to)
+    return list(dict.fromkeys(external))
+
+
 def _is_unmodeled_value_type(cir, class_fqn: str, model) -> bool:
     """True iff class_fqn is positively a plain value/DTO type whose blast radius
     flows only through type-usage edges the impact graph does not model.
@@ -605,6 +678,12 @@ class ImpactOrchestrator:
         t0 = time.monotonic()
         depth = max(1, min(depth, _BFS_HARD_LIMIT))
         warnings: list[str] = []
+        # F-1: not every warning degrades confidence. The CH-001a/b interface↔impl
+        # expansion notices are INFORMATIONAL (they describe normal, correct operation)
+        # and previously forced every Spring interface/impl query — the common case — down
+        # to confidence=medium permanently. Only genuinely degrading conditions (capped
+        # traversal) set this flag; resolution=="partial" is handled separately below.
+        confidence_reducing = False
 
         # ── 1. Resolve symbol ─────────────────────────────────────────────
         resolution, seed_fqns, sym_warnings = _resolve_symbol(symbol, cir.symbols)
@@ -702,6 +781,7 @@ class ImpactOrchestrator:
                 "Hub-class guard active: symbol has > 500 direct callers — "
                 "indirect caller traversal capped at depth=1."
             )
+            confidence_reducing = True  # capped traversal → result is incomplete
 
         # ── 3. Endpoints affected ─────────────────────────────────────────
         all_callers = direct_callers + indirect_callers
@@ -750,16 +830,38 @@ class ImpactOrchestrator:
             impact_findings_raw,
         )
 
-        # CH-003: empty blast radius on a positively-identified value/DTO type is a
-        # type-usage blind spot, not proof of dead code — warn + drop confidence.
+        # Empty blast radius is ambiguous: genuinely-unused code OR an unmodeled-edge
+        # blind spot. Two positively-detected blind spots reclassify it from a
+        # high-confidence "safe to change" into a low-confidence "look further".
         empty_blast = (
             not direct_callers and not indirect_callers
             and not endpoints_affected and not subtype_classes_added
         )
+        class_level_seed = "#" not in resolved_symbol and resolution != "not_found"
+
+        # CH-005: framework/external-interface DI blind spot. Checked first because
+        # its diagnosis (polymorphic invocation via an external supertype + framework
+        # wiring) is more specific than the value-type fallback for the same symbol.
+        external_supertypes: list[str] = []
+        if empty_blast and class_level_seed:
+            external_supertypes = _external_supertypes(cir, resolved_symbol)
+        framework_di_blind_spot = bool(external_supertypes)
+        if framework_di_blind_spot:
+            warnings.append(
+                "Framework/external-interface DI blind spot (CH-005): this class "
+                "implements/extends external type(s) [" + ", ".join(external_supertypes)
+                + "] and is likely invoked polymorphically through them and wired by "
+                "framework DI/config. The static call-graph has no in-repo edge naming "
+                "this class's methods, so 0 callers is NOT proof it is unused — search "
+                "DI/security/config wiring for the supertype to find the real callers."
+            )
+
+        # CH-003: empty blast radius on a positively-identified value/DTO type is a
+        # type-usage blind spot, not proof of dead code — warn + drop confidence.
         value_type_blind_spot = (
             empty_blast
-            and "#" not in resolved_symbol
-            and resolution != "not_found"
+            and class_level_seed
+            and not framework_di_blind_spot
             and _is_unmodeled_value_type(cir, resolved_symbol, model)
         )
         if value_type_blind_spot:
@@ -773,9 +875,9 @@ class ImpactOrchestrator:
         confidence: str
         if resolution == "not_found":
             confidence = "low"
-        elif value_type_blind_spot:
+        elif framework_di_blind_spot or value_type_blind_spot:
             confidence = "low"
-        elif resolution == "partial" or warnings:
+        elif resolution == "partial" or confidence_reducing:
             confidence = "medium"
         else:
             confidence = "high"
@@ -803,6 +905,11 @@ class ImpactOrchestrator:
                 "risk_score": risk_score,
                 "model_build_time_ms": model.build_time_ms,
                 "query_time_ms": elapsed_ms,
+                "blind_spots": (
+                    (["framework_di"] if framework_di_blind_spot else [])
+                    + (["value_type"] if value_type_blind_spot else [])
+                ),
+                "external_supertypes": external_supertypes,
             },
         )