sourcecode 1.53.0__py3-none-any.whl → 1.55.0__py3-none-any.whl

sourcecode/__init__.py

@@ -1,3 +1,3 @@
 """sourcecode — Deterministic codebase context maps for AI coding agents."""
 
-__version__ = "1.53.0"
+__version__ = "1.55.0"

sourcecode/cli.py

@@ -4137,6 +4137,82 @@ def _directory_hashes(file_list: "list[str]", root: "Path") -> "dict[str, str]":
     return out
 
 
+# Architectural layer directory names used to recognize a layered module
+# (DDD / hexagonal). The module *root* is the directory directly above the
+# shallowest layer dir, so symbols living in domain/application/infrastructure
+# subdirs all roll up to one module — a consumer counts modules, not leaf dirs.
+_LAYER_MARKERS: "frozenset[str]" = frozenset({
+    "domain", "application", "infrastructure",
+    "interfaces", "presentation", "adapters", "ports", "api",
+})
+# Core DDD layers — presence of >=2 marks a module as DDD-layered vs flat/legacy.
+_DDD_CORE_LAYERS: "frozenset[str]" = frozenset({
+    "domain", "application", "infrastructure",
+})
+
+
+def _module_root_of(leaf_dir: "str") -> "tuple[str, str | None]":
+    """Map a leaf source directory to its architectural module root.
+
+    For a layered module ``<root>/<layer>/...`` the root is the path above the
+    shallowest recognized layer dir, and the layer name is returned alongside.
+    Flat directories (no layer marker) are their own root with a ``None`` layer.
+    Pure-structural — no file reads.
+    """
+    parts = leaf_dir.split("/")
+    for i, seg in enumerate(parts):
+        if seg.lower() in _LAYER_MARKERS:
+            return "/".join(parts[:i]) or ".", seg.lower()
+    return leaf_dir, None
+
+
+def _detect_module_roots(by_directory: "dict[str, list]") -> "dict":
+    """Roll leaf source dirs up to architectural module roots and classify them.
+
+    Resolves the leaf-directory-vs-module mismatch in the C4 component view: a
+    DDD module split across ``domain/`` / ``application/`` / ``infrastructure/``
+    subdirs is reported once, with its layers and a structural ``pattern``
+    (``layered`` when it carries >=2 core DDD layers, else ``flat``). Gives a
+    downstream consumer a verifiable module enumeration and a DDD-vs-legacy
+    signal instead of forcing it to infer module boundaries from directory names.
+    """
+    roots: "dict[str, dict]" = {}
+    for leaf, symbols in by_directory.items():
+        root, layer = _module_root_of(leaf)
+        slot = roots.setdefault(
+            root, {"layers": set(), "symbol_count": 0, "leaf_dirs": 0}
+        )
+        if layer:
+            slot["layers"].add(layer)
+        slot["symbol_count"] += len(symbols)
+        slot["leaf_dirs"] += 1
+
+    modules: "list[dict]" = []
+    layered = flat = 0
+    for root in sorted(roots):
+        s = roots[root]
+        pattern = "layered" if len(s["layers"] & _DDD_CORE_LAYERS) >= 2 else "flat"
+        if pattern == "layered":
+            layered += 1
+        else:
+            flat += 1
+        modules.append({
+            "root": root,
+            "pattern": pattern,
+            "layers": sorted(s["layers"]),
+            "symbol_count": s["symbol_count"],
+            "leaf_dir_count": s["leaf_dirs"],
+        })
+    return {
+        "modules": modules,
+        "summary": {
+            "module_count": len(modules),
+            "layered_module_count": layered,
+            "flat_module_count": flat,
+        },
+    }
+
+
 def _build_c4_export(
     root: "Path",
     file_list: "list[str]",
@@ -4155,6 +4231,9 @@ def _build_c4_export(
     """
     by_directory = _group_symbols_by_directory(nodes)
     module_graph = _build_module_graph(nodes, edges)
+    # Architectural module-root rollup + DDD/legacy classification, so a
+    # consumer counts/classifies modules instead of inferring them from leaf dirs.
+    module_graph["module_roots"] = _detect_module_roots(by_directory)
     api_surface = _group_endpoints_by_controller(endpoints)
     containers = _detect_containers(root)
 

sourcecode/contract_pipeline.py

@@ -634,11 +634,13 @@ def _find_symbol_files(
     try:
         result = subprocess.run(
             [
-                "grep", "-rl",
+                "grep", "-rlF",
                 "--include=*.ts", "--include=*.tsx",
                 "--include=*.js", "--include=*.jsx",
                 "--include=*.py", "--include=*.java",
-                symbol, ".",
+                # -e guards a symbol that begins with '-' from being parsed as a
+                # flag; -- terminates options so the search root can't be either.
+                "-e", symbol, "--", ".",
             ],
             cwd=str(root),
             capture_output=True,

sourcecode/license.py

@@ -45,7 +45,33 @@ _DEFAULT_SUPABASE_URL: str = "https://qkndlmyekvujjdgthtmz.supabase.co"
 # Paste your project's anon key here so `sourcecode activate` works out of the
 # box; env var still overrides for testing against another project.
 _DEFAULT_SUPABASE_ANON_KEY: str = "sb_publishable_qiJFLWjbBbTqjg-fb0mAGA_cl8PBOKH"
-_SUPABASE_URL: str = os.environ.get("SOURCECODE_SUPABASE_URL", _DEFAULT_SUPABASE_URL)
+def _safe_supabase_url(override: "Optional[str]") -> str:
+    """Validate the SOURCECODE_SUPABASE_URL override before trusting it.
+
+    The license key is POSTed to this host, so a plaintext ``http://`` endpoint
+    would expose the credential on the wire. Allow ``https://`` to any host, and
+    ``http://`` only to loopback (Supabase local dev serves on
+    ``http://127.0.0.1:54321``). Anything else is rejected back to the default.
+    """
+    if not override or override == _DEFAULT_SUPABASE_URL:
+        return _DEFAULT_SUPABASE_URL
+    from urllib.parse import urlparse
+
+    parsed = urlparse(override)
+    host = (parsed.hostname or "").lower()
+    is_loopback = host in {"localhost", "127.0.0.1", "::1"}
+    if parsed.scheme == "https" or (parsed.scheme == "http" and is_loopback):
+        return override
+    sys.stderr.write(
+        f"[sourcecode] WARNING: ignoring SOURCECODE_SUPABASE_URL={override!r} — "
+        "must be https:// (or http:// to localhost). Using the default endpoint "
+        "to avoid sending the license key over plaintext.\n"
+    )
+    sys.stderr.flush()
+    return _DEFAULT_SUPABASE_URL
+
+
+_SUPABASE_URL: str = _safe_supabase_url(os.environ.get("SOURCECODE_SUPABASE_URL"))
 _SUPABASE_ANON_KEY: str = os.environ.get(
     "SOURCECODE_SUPABASE_ANON_KEY",
     _DEFAULT_SUPABASE_ANON_KEY,
@@ -152,12 +178,35 @@ _license_data: Optional[dict] = None
 is_pro: bool = False
 
 
+def _secure_dir() -> None:
+    """Create ~/.sourcecode owner-only (0700). Holds the license secret.
+
+    ``mkdir(mode=...)`` is ignored when the dir already exists, so chmod
+    unconditionally. Best-effort: a chmod failure (e.g. Windows) is non-fatal.
+    """
+    try:
+        _LICENSE_DIR.mkdir(parents=True, exist_ok=True)
+        os.chmod(_LICENSE_DIR, 0o700)
+    except OSError:
+        pass
+
+
 def _write_license_file(data: dict) -> None:
-    """Atomically write license data via tmp file + rename."""
+    """Atomically write license data via tmp file + rename, owner-only (0600).
+
+    The payload contains the Pro ``license_key`` and account email, so the file
+    must not be world/group-readable on shared hosts. Permissions are set on the
+    tmp file *before* the rename so there is no readable window at the final path.
+    """
+    _secure_dir()
     payload = json.dumps(data, indent=2, ensure_ascii=False).encode("utf-8")
     tmp = _LICENSE_FILE.with_suffix(".tmp")
     try:
         tmp.write_bytes(payload)
+        try:
+            os.chmod(tmp, 0o600)
+        except OSError:
+            pass
         tmp.replace(_LICENSE_FILE)
     except Exception:
         try:
@@ -192,7 +241,7 @@ def check_delta_free_tier(repo_path: str) -> "tuple[bool, int, int]":
     new_used = used + 1
     runs[key] = new_used
     try:
-        _LICENSE_DIR.mkdir(parents=True, exist_ok=True)
+        _secure_dir()
         tmp = _DELTA_RUNS_FILE.with_suffix(".tmp")
         tmp.write_text(json.dumps(runs, indent=2, ensure_ascii=False), encoding="utf-8")
         tmp.replace(_DELTA_RUNS_FILE)
@@ -506,7 +555,7 @@ def activate_license(license_key: str) -> None:
         _emit_telemetry("activation", feature="key", success=False, error_kind="NotPro")
         _fail("not_pro", "This license is not a Pro license.")
 
-    _LICENSE_DIR.mkdir(parents=True, exist_ok=True)
+    _secure_dir()
     now = datetime.now(timezone.utc).isoformat()
     data = {
         "license_key": license_key,

{sourcecode-1.53.0.dist-info → sourcecode-1.55.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sourcecode
-Version: 1.53.0
+Version: 1.55.0
 Summary: Persistent structural context and ultra-fast repeated analysis for AI coding agents
 License-File: LICENSE
 Keywords: agents,ai,codebase,context,developer-tools,llm
@@ -40,7 +40,7 @@ Description-Content-Type: text/markdown
 
 **Persistent structural context and ultra-fast repeated analysis for AI coding agents.**
 
-![Version](https://img.shields.io/badge/version-1.53.0-blue)
+![Version](https://img.shields.io/badge/version-1.55.0-blue)
 ![Python](https://img.shields.io/badge/python-3.9%2B-green)
 
 ---
@@ -404,7 +404,7 @@ Emits **structured, tool-agnostic** codebase views as plain JSON/YAML — the ki
 | `--by-directory` | One group per source directory, each symbol with a `source_file:line` reference. |
 | `--module-graph` | `{nodes, edges, summary}` — directories as modules, inter-module dependencies rolled up from class-level relation edges with hit counts + edge types. |
 | `--integrations` | Outbound integrations (`RestTemplate`, `WebClient`, `@FeignClient`, `LdapTemplate`, `JmsTemplate`, ActiveMQ) with `file:line` evidence and a literal `target` URL/name when present. |
-| `--c4` | Unified document: `c4.{context, containers, components, code}` + `api_surface` + a `manifest` with per-directory content hashes for **incremental** consumers (skip directories whose hash is unchanged). |
+| `--c4` | Unified document: `c4.{context, containers, components, code}` + `api_surface` + a `manifest` with per-directory content hashes for **incremental** consumers (skip directories whose hash is unchanged). `components.module_roots` rolls leaf source dirs up to architectural module roots and classifies each `layered` (DDD: ≥2 of `domain`/`application`/`infrastructure`) vs `flat` (legacy/flat package), with a verifiable `module_count` — so a consumer enumerates real modules instead of inferring boundaries from leaf directories. |
 
 The section flags compose (pass several for one multi-section document); `--c4` assembles the full export on its own. URLs assembled at runtime yield `target: null` (honest absence, never a guess); containers are derived from build files (Maven/Gradle) and reported as a limitation when none are found.
 

{sourcecode-1.53.0.dist-info → sourcecode-1.55.0.dist-info}/RECORD

@@ -1,4 +1,4 @@
-sourcecode/__init__.py,sha256=iHGCfyboU5livWODKEj-u8oT6BwJInerv6YHn28vXno,103
+sourcecode/__init__.py,sha256=Ii3NgTGWcclYkr3nNfo2p3kxEPuBIM33XeG_rUFCIeU,103
 sourcecode/adaptive_scanner.py,sha256=XffluXKzJUXrMtjEiAOnSNPZnztdIcts17T9ouHeID0,10521
 sourcecode/architecture_analyzer.py,sha256=liCwQmLgb5vplohy8arjYxs_HOIv5C9MjLh_gY6bc5Q,44115
 sourcecode/architecture_summary.py,sha256=z34_6v7cSwy98cof2UVciGho7SCrZ93tiqMmq5WNzRQ,20405
@@ -7,13 +7,13 @@ sourcecode/cache.py,sha256=1V3vsaODAa2UBJAC0xpvxpmRdriCezQx5Q8JCcfgziE,31892
 sourcecode/canonical_ir.py,sha256=DEwucOPJguLsVtg5cV8mWXNi112l5jmBhv73KGGebVk,24849
 sourcecode/cir_graphs.py,sha256=9G0HHj1kw2325IDyzo2OpX73BNswEckecf4MZUXB4JM,12078
 sourcecode/classifier.py,sha256=hKzg-nQ47htqqIUzSGvYxv15cXrA3KgICTwJmdqal0o,8095
-sourcecode/cli.py,sha256=IZ_TcUzd-rUFoIYMgkOcGP-FqiYoOGPxZ3sjPkEp4OM,272648
+sourcecode/cli.py,sha256=PpqOLcYhNljXCJ0V_RjO9RgsgjzgtDK5jIDTqI3Hk6k,275872
 sourcecode/code_notes_analyzer.py,sha256=EJemNCNc9Dn-1RZYu-aNbK0ELzmsyC4s6FdHi3XyNEI,9392
 sourcecode/confidence_analyzer.py,sha256=_jckZSxksV-OU38vbkxfVNBnWCtlCq8Vwfg23x1uspA,19054
 sourcecode/context_scorer.py,sha256=QpChSpsmaAYz91rXA4Ue5xzQmNz_ZboZN09YOHScq1U,14679
 sourcecode/context_summarizer.py,sha256=zlbm8ytdvJToohU108-dwBmEl52xl0gXpf6PZBOW_2A,6540
 sourcecode/contract_model.py,sha256=nRxJKPMs1VHwFTa8AVXhGmaLjti3Lr2sjHDpWgv1bfE,3917
-sourcecode/contract_pipeline.py,sha256=gvTdDniedm_mjq4vaHqnBY2UkQ0s00gtXqzTLILNXHc,28719
+sourcecode/contract_pipeline.py,sha256=bNn9SYtwfI1CGKlYGxewexlp7_IWhpwSCae-BMuuVwQ,28895
 sourcecode/coverage_parser.py,sha256=q0LeZJaX1bnntLu-ImksdBsMlpsVmk_iUfSaB4eaJGo,19702
 sourcecode/dependency_analyzer.py,sha256=qEnRiKFkleZJyLf_DyznJbWD1GJ881iG4RRDqH9oGQ4,61524
 sourcecode/doc_analyzer.py,sha256=05bjTUbDbmnbajD_cgRnACzS8T7xxBKVX4CjkJlhZg8,24411
@@ -29,7 +29,7 @@ sourcecode/fqn_utils.py,sha256=XLU7zDkNBXz_RZkIUNfpPmp1nekWtqP-fxV92tDV1vg,2158
 sourcecode/git_analyzer.py,sha256=JStxTQXNjBWi_wLdwhsZs9mT-v50cSJIz4Agzn6Kh9I,13362
 sourcecode/graph_analyzer.py,sha256=DHR8fY69oU_Pi4SYaWboX6EoEFrctQKB9dsjpqwGMzw,62403
 sourcecode/integration_detector.py,sha256=ZJqrGwvZ4ee2JTGhlazKk67aZi173HxkhNpl8Yntpd8,6503
-sourcecode/license.py,sha256=i_X1bYdobL_z9OVuLiycnWEFSaaNhcKKuTd6G55U3_k,20747
+sourcecode/license.py,sha256=JD-1pnH_2XR9lKr9p9KQZn9U31I9e5o6GYsN1XCVccw,22577
 sourcecode/mcp_nudge.py,sha256=5ELU_ixzh6uA83NXLOZT8h00OhL53okfQdji3jyKOjg,2917
 sourcecode/metrics_analyzer.py,sha256=m0ENgtqKeBL17kUIK3fmGkgo7UfXBNHxCMj0H_Y5K7c,22750
 sourcecode/migrate_check.py,sha256=H8iy7Vk8cGL0dnR3ZkFPS20CtfF5LJWuzQVQE4awQ9s,56192
@@ -102,8 +102,8 @@ sourcecode/telemetry/consent.py,sha256=wLMvGNJeSSyZoNkQXpoUioY6mMv4Qdvuw7S9jAEWn
 sourcecode/telemetry/events.py,sha256=LtzYfaX9Ilckj5PTvAcTpDa9mLqDsYPDUiDkRa58piY,2580
 sourcecode/telemetry/filters.py,sha256=NHa5T-6DaZduQPFuC34jOqHWQgSizM-Ygq8aZ4j19ng,5834
 sourcecode/telemetry/transport.py,sha256=4gGHsq0WeY9VywEZXA3vUxykfiYnw9uuqfjAAec7F8o,1681
-sourcecode-1.53.0.dist-info/METADATA,sha256=Ahvq7n0P2M28DyG8mqksS-g11VTDnqDCjdPSZ23NjH0,36719
-sourcecode-1.53.0.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
-sourcecode-1.53.0.dist-info/entry_points.txt,sha256=ex3F9rmbXeyDIoFQHtkEqTsKSaJow8F0LrVu8XfIktQ,57
-sourcecode-1.53.0.dist-info/licenses/LICENSE,sha256=7DdHrU9Z_3e7dSvq4ISijZNjnuHo5NIHNiHDouMQ9JU,10491
-sourcecode-1.53.0.dist-info/RECORD,,
+sourcecode-1.55.0.dist-info/METADATA,sha256=uMl86Jm5iDPg0LDJ1QTmuLuEuiuqaihtwbuh0D_N06k,37049
+sourcecode-1.55.0.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
+sourcecode-1.55.0.dist-info/entry_points.txt,sha256=ex3F9rmbXeyDIoFQHtkEqTsKSaJow8F0LrVu8XfIktQ,57
+sourcecode-1.55.0.dist-info/licenses/LICENSE,sha256=7DdHrU9Z_3e7dSvq4ISijZNjnuHo5NIHNiHDouMQ9JU,10491
+sourcecode-1.55.0.dist-info/RECORD,,