sourcecode 1.50.0__py3-none-any.whl → 1.52.0__py3-none-any.whl

sourcecode/__init__.py

@@ -1,3 +1,3 @@
 """sourcecode — Deterministic codebase context maps for AI coding agents."""
 
-__version__ = "1.50.0"
+__version__ = "1.52.0"

sourcecode/migrate_check.py

@@ -536,6 +536,11 @@ _ALL_RULES: list[_Rule] = (
 
 SEVERITY_ORDER: dict[str, int] = {"critical": 0, "high": 1, "medium": 2, "low": 3}
 
+# G-1: cap on total readiness deduction from low-severity (advisory, non-blocking)
+# findings, so optional modernization cleanups cannot collapse the migration-readiness
+# headline on a repo with zero blockers. See MigrationReport.finalize.
+_LOW_SEVERITY_DEDUCTION_CAP: int = 15
+
 
 # ---------------------------------------------------------------------------
 # XML config rules (applied to Spring XML config files)
@@ -1022,11 +1027,17 @@ class MigrationReport:
             else:
                 low_files.add(f.source_file)
 
+        # G-1: low-severity findings are advisory (e.g. java.time modernization),
+        # not Boot-2→3 blockers. Cap their total contribution so a repo with zero
+        # blockers cannot score near zero on optional cleanups alone (mall: 96 low
+        # findings dragged readiness to 4/100 despite 0 blocking, already on Boot 3).
+        # Blockers (critical/high) stay uncapped — a genuinely blocked repo still
+        # floors at 0 (shopizer: 301 blocking → 0/100, unchanged).
         deduction = (
             len(critical_files) * 15
             + len(high_files) * 8
             + len(medium_files) * 3
-            + len(low_files) * 1
+            + min(len(low_files) * 1, _LOW_SEVERITY_DEDUCTION_CAP)
         )
         self.readiness_score = max(0, 100 - deduction)
 

sourcecode/repository_ir.py

@@ -1514,6 +1514,34 @@ def _build_relations(
                         evidence={"type": "method_call", "value": f"new {_tgt.split('.')[-1]}(...)"},
                     ))
 
+    # ── Static-utility calls: `Type.method(...)` edges (G-2 / static-call gap) ──
+    # A static call `AnnotationHelper.foo(...)` couples the calling class to the
+    # utility type, but the call/DI graph misses it: only an `imports` edge is
+    # recorded (and impact-chain skips imports), so a static helper showed 0
+    # callers and impact-chain reported a false-confident "no blast radius".
+    # Mirror the instantiation scan: regex over comment-stripped source, resolve the
+    # receiver type via the import map (so JDK/unresolved receivers like Math/LOGGER
+    # yield None and are skipped), attribute at class level. Unlike `instantiates`
+    # this INCLUDES controllers — a controller statically calling a utility is a real
+    # caller and has no `returns`-edge overlap. Emitted as `calls` (traversed by the
+    # caller BFS). Instance calls go through lower-case variables and never match.
+    if _class_syms:
+        _call_targets: set[str] = set()
+        for _m in re.finditer(r'\b([A-Z]\w*)\.\w+\s*\(', _source_no_comments):
+            _ct_fqn = _resolve_dep_type(_m.group(1))
+            if _ct_fqn:
+                _call_targets.add(_ct_fqn)
+        for cls_sym in _class_syms:
+            for _tgt in sorted(_call_targets):
+                if _tgt != cls_sym.symbol:
+                    edges.append(RelationEdge(
+                        from_symbol=cls_sym.symbol,
+                        to_symbol=_tgt,
+                        type="calls",
+                        confidence="medium",
+                        evidence={"type": "method_call", "value": f"{_tgt.split('.')[-1]}.…(…)"},
+                    ))
+
     seen: set[tuple[str, str, str]] = set()
     unique: list[RelationEdge] = []
     for e in edges:

sourcecode/spring_impact.py

@@ -872,10 +872,35 @@ class ImpactOrchestrator:
                 "An empty result is NOT proof the type is unused."
             )
 
+        # G-2 residual guard: something imports this symbol but no call/DI/instantiation
+        # edge resolved to it. With static-call edges now extracted, the common static
+        # utility case is covered; this catches what remains (static imports invoked
+        # without a qualifier, reflection, method references) — usages the call-graph
+        # cannot bind. An empty blast radius here is NOT proof of dead code, so it must
+        # not be reported as a high-confidence "safe to change".
+        unresolved_ref_blind_spot = False
+        if (
+            empty_blast
+            and class_level_seed
+            and not framework_di_blind_spot
+            and not value_type_blind_spot
+        ):
+            _rev = cir.reverse_graph.get(resolved_symbol) or {}
+            _importers = sorted(set(_rev.get("imports") or []))
+            if _importers:
+                unresolved_ref_blind_spot = True
+                warnings.append(
+                    f"Unresolved inbound references (G-2): {len(_importers)} in-repo "
+                    "file(s) import this symbol but no call/DI/instantiation edge "
+                    "resolves to it — the usage may be a static import, reflection, or "
+                    "method reference the call-graph does not model. 0 callers is NOT "
+                    "proof this symbol is unused."
+                )
+
         confidence: str
         if resolution == "not_found":
             confidence = "low"
-        elif framework_di_blind_spot or value_type_blind_spot:
+        elif framework_di_blind_spot or value_type_blind_spot or unresolved_ref_blind_spot:
             confidence = "low"
         elif resolution == "partial" or confidence_reducing:
             confidence = "medium"
@@ -908,6 +933,7 @@ class ImpactOrchestrator:
                 "blind_spots": (
                     (["framework_di"] if framework_di_blind_spot else [])
                     + (["value_type"] if value_type_blind_spot else [])
+                    + (["unresolved_refs"] if unresolved_ref_blind_spot else [])
                 ),
                 "external_supertypes": external_supertypes,
             },

{sourcecode-1.50.0.dist-info → sourcecode-1.52.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sourcecode
-Version: 1.50.0
+Version: 1.52.0
 Summary: Persistent structural context and ultra-fast repeated analysis for AI coding agents
 License-File: LICENSE
 Keywords: agents,ai,codebase,context,developer-tools,llm
@@ -40,7 +40,7 @@ Description-Content-Type: text/markdown
 
 **Persistent structural context and ultra-fast repeated analysis for AI coding agents.**
 
-![Version](https://img.shields.io/badge/version-1.50.0-blue)
+![Version](https://img.shields.io/badge/version-1.52.0-blue)
 ![Python](https://img.shields.io/badge/python-3.9%2B-green)
 
 ---
@@ -114,7 +114,7 @@ pipx install sourcecode
 
 ```bash
 sourcecode version
-# sourcecode 1.44.0
+# sourcecode 1.52.0
 ```
 
 ---

{sourcecode-1.50.0.dist-info → sourcecode-1.52.0.dist-info}/RECORD

@@ -1,4 +1,4 @@
-sourcecode/__init__.py,sha256=pCkOXPgXyXxjAbBGF1i4NrzrWef2vm102RXTjjOE8go,103
+sourcecode/__init__.py,sha256=8XptYH2PiICP1nTdw2tTbKDEi4obFtDz4W6P8xYYcOw,103
 sourcecode/adaptive_scanner.py,sha256=XffluXKzJUXrMtjEiAOnSNPZnztdIcts17T9ouHeID0,10521
 sourcecode/architecture_analyzer.py,sha256=liCwQmLgb5vplohy8arjYxs_HOIv5C9MjLh_gY6bc5Q,44115
 sourcecode/architecture_summary.py,sha256=z34_6v7cSwy98cof2UVciGho7SCrZ93tiqMmq5WNzRQ,20405
@@ -31,7 +31,7 @@ sourcecode/graph_analyzer.py,sha256=DHR8fY69oU_Pi4SYaWboX6EoEFrctQKB9dsjpqwGMzw,
 sourcecode/license.py,sha256=i_X1bYdobL_z9OVuLiycnWEFSaaNhcKKuTd6G55U3_k,20747
 sourcecode/mcp_nudge.py,sha256=5ELU_ixzh6uA83NXLOZT8h00OhL53okfQdji3jyKOjg,2917
 sourcecode/metrics_analyzer.py,sha256=m0ENgtqKeBL17kUIK3fmGkgo7UfXBNHxCMj0H_Y5K7c,22750
-sourcecode/migrate_check.py,sha256=vowVIAxVaHU8vhZUEt-HrWrWM38m6a5INHJQGjEg5E0,55390
+sourcecode/migrate_check.py,sha256=H8iy7Vk8cGL0dnR3ZkFPS20CtfF5LJWuzQVQE4awQ9s,56192
 sourcecode/openapi_surface.py,sha256=BTt0K-woZbkbWTN77IkqeBm_Okag9owR0848fmot8sk,16207
 sourcecode/output_budget.py,sha256=Js9yUlfQtPhqBl9R6wn_9UHVjjJc3GtLcqyfjf5t50Q,9869
 sourcecode/path_filters.py,sha256=EN1RGZRvLq5EcPgpjYV_IyCKVlAQQn2bbpEisQ5LpGg,3780
@@ -44,7 +44,7 @@ sourcecode/redactor.py,sha256=SB4hwIvg8h-hvcqKcDWaZvA-aSyn-at-BIRwa0tUv5E,3227
 sourcecode/relevance_scorer.py,sha256=0AgEt4KrV73nioMqBgjhGjtY7L2C7L7cSyKtj3IKcrw,9408
 sourcecode/rename_refactor.py,sha256=h6dNFlB9aZ_3q6heeHBkgXQeXaT03nvPSsYH6P8qxFg,12965
 sourcecode/repo_classifier.py,sha256=FG1vaWKdWXsWdl-S8hjVMiTqcwgaRXkDyvK4rPcOGtQ,22681
-sourcecode/repository_ir.py,sha256=eBC8Jh1rBH8xE46atHmdGNQxcjuROyUCr0iCuhqviUc,210340
+sourcecode/repository_ir.py,sha256=3phYLSMp0_hUDdXLBpE7J64H2yNhTSR_s3-rGqsToWk,211987
 sourcecode/ris.py,sha256=RcqLVwC-doFcKKViYDkCjZLBqf_wzLES7-F6vHEeWzE,20419
 sourcecode/runtime_classifier.py,sha256=uTAD6BDCiBLUZEDRfqk718kM4RTT_vAbfkcOI2_Xx58,18432
 sourcecode/scanner.py,sha256=WdOQ78mMzjR1NjmKTlbxdgwinnCTfAhxCVLBEFQiFHU,8899
@@ -54,7 +54,7 @@ sourcecode/semantic_analyzer.py,sha256=4OdG6tTSnTvq3_dSWMbQu8Ad1ndSCKeG-b9qM4hIx
 sourcecode/serializer.py,sha256=TGzftrSKitZrtl6Hh-R05s4KdTOxwTmph_lGDbo2Wzg,125015
 sourcecode/spring_event_topology.py,sha256=5_ON_21Le5zbG-1GRc5GLIi5HJfy_QjcXLVPC5WeUGQ,18055
 sourcecode/spring_findings.py,sha256=G7Or2lKBUQbcTDqudLvSs9XvNg_YoAa-_lBOG_ULs8E,5457
-sourcecode/spring_impact.py,sha256=WUbBw6Ne9esN_KczIs9BCJdRAmjDKtU6E2_auo-771s,44865
+sourcecode/spring_impact.py,sha256=5ooAVO-gg1rL-wRaT9_V8ra8edq5TAKu-kp4sAEoS_U,46343
 sourcecode/spring_model.py,sha256=zOAgFmrRbG4a6KLm1TJl55aWMyPNsz3OS3FSczqPG6A,16594
 sourcecode/spring_security_audit.py,sha256=XtPJ1SXlZJ8k6VYmaWuAp7Bbir4UmreAL7doIGQ5I7o,20595
 sourcecode/spring_semantic.py,sha256=O1nKSGVzlukuxLHQVuCPxc-XrcrMFxwlHA20_dmEGgM,13307
@@ -101,8 +101,8 @@ sourcecode/telemetry/consent.py,sha256=wLMvGNJeSSyZoNkQXpoUioY6mMv4Qdvuw7S9jAEWn
 sourcecode/telemetry/events.py,sha256=LtzYfaX9Ilckj5PTvAcTpDa9mLqDsYPDUiDkRa58piY,2580
 sourcecode/telemetry/filters.py,sha256=NHa5T-6DaZduQPFuC34jOqHWQgSizM-Ygq8aZ4j19ng,5834
 sourcecode/telemetry/transport.py,sha256=4gGHsq0WeY9VywEZXA3vUxykfiYnw9uuqfjAAec7F8o,1681
-sourcecode-1.50.0.dist-info/METADATA,sha256=AMKgfVLsoGpmtnK3Vk75eHizMToSqxiiPsoMzTA-res,34684
-sourcecode-1.50.0.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
-sourcecode-1.50.0.dist-info/entry_points.txt,sha256=ex3F9rmbXeyDIoFQHtkEqTsKSaJow8F0LrVu8XfIktQ,57
-sourcecode-1.50.0.dist-info/licenses/LICENSE,sha256=7DdHrU9Z_3e7dSvq4ISijZNjnuHo5NIHNiHDouMQ9JU,10491
-sourcecode-1.50.0.dist-info/RECORD,,
+sourcecode-1.52.0.dist-info/METADATA,sha256=ya3bHzj66Etk_azeGeoKctKhi1pxVxI_kKFJwoNF_pM,34684
+sourcecode-1.52.0.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
+sourcecode-1.52.0.dist-info/entry_points.txt,sha256=ex3F9rmbXeyDIoFQHtkEqTsKSaJow8F0LrVu8XfIktQ,57
+sourcecode-1.52.0.dist-info/licenses/LICENSE,sha256=7DdHrU9Z_3e7dSvq4ISijZNjnuHo5NIHNiHDouMQ9JU,10491
+sourcecode-1.52.0.dist-info/RECORD,,