{"id":50878441,"url":"https://github.com/dondindondev/agent-project-memory","last_synced_at":"2026-06-15T12:01:45.787Z","repository":{"id":362773789,"uuid":"1251336700","full_name":"donDinDonDev/agent-project-memory","owner":"donDinDonDev","description":"Local-first CLI that generates evidence-backed project memory for Java/Spring codebases.","archived":false,"fork":false,"pushed_at":"2026-06-05T20:10:32.000Z","size":434,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-06-05T22:08:45.077Z","etag":null,"topics":["cli","developer-tools","java","maven","project-memory","spring","static-analysis"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/donDinDonDev.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-05-27T13:31:27.000Z","updated_at":"2026-06-05T20:10:36.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/donDinDonDev/agent-project-memory","commit_stats":null,"previous_names":["dondindondev/agent-project-memory"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/donDinDonDev/agent-project-memory","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donDinDonDev%2Fagent-project-memory","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donDinDonDev%2Fagent-project-memory/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donDinDonDev%2Fagent-project-memory/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donDinDonDev%2Fagent-project-memory/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/donDinDonDev","download_url":"https://codeload.github.com/donDinDonDev/agent-project-memory/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donDinDonDev%2Fagent-project-memory/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34361403,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-15T02:00:07.085Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","developer-tools","java","maven","project-memory","spring","static-analysis"],"created_at":"2026-06-15T12:00:27.196Z","updated_at":"2026-06-15T12:01:45.774Z","avatar_url":"https://github.com/donDinDonDev.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# agent-project-memory\n\n`agent-project-memory` is a local-first CLI/devtool for generating evidence-backed\nproject memory for Java/Spring codebases.\n\nThe goal is to help developers and AI coding agents understand a legacy Java/Spring\nproject before changing it. The tool scans local Java source, standard Maven and bounded\nstatic Gradle Java/Spring layouts, standard Maven or Gradle test roots, and bounded\nlocal API-surface inputs, extracts deterministic facts, attaches evidence references,\nand writes Markdown/JSON artifacts that can be reviewed, versioned, and reused.\n\nThe current product focus is intentionally narrow:\n\n- Java/Spring codebases first.\n- Local repository analysis first.\n- Maven projects first, with bounded static Gradle Java/Spring layout support.\n- Deterministic source analysis as the source of truth.\n- Optional AI assistance later, outside the core analyzer.\n\nThe supported product line is a local-first CLI. Source code must not be sent to\nexternal services by default.\n\n## Requirements\n\n- Java 21.\n- Apache Maven 3.x.\n\n## Download\n\nPublished release artifacts are available on the\n[GitHub Releases page](https://github.com/donDinDonDev/agent-project-memory/releases).\n\nThe latest published release is `v1.2.0`. Its release artifact is\n`agent-project-memory-1.2.0.jar`; release assets use `SHA256SUMS` for optional checksum\nverification.\n\n```sh\nshasum -a 256 -c SHA256SUMS\njava -jar agent-project-memory-1.2.0.jar scan /path/to/java-spring-project\n```\n\nFor published releases, the supported installation path is the executable jar from\nGitHub Releases: download the jar, optionally verify `SHA256SUMS`, and run it with\n`java -jar`. The v1.x stable line keeps this release-jar path as the minimum planned\ndistribution path. Package-manager installs and a first-party installed\n`agent-project-memory` command are future distribution work and should not be assumed\navailable until a release note documents them.\n\n## Build And Test\n\nRun the test suite:\n\n```sh\nmvn test\n```\n\nBuild the packaged CLI jar:\n\n```sh\nmvn package\n```\n\n`mvn package` produces an executable shaded jar with dependencies and a CLI manifest at:\n\n```text\ntarget/agent-project-memory-1.2.0.jar\n```\n\nRelease artifact and checksum verification expectations are documented in\n[docs/development/RELEASE_PROCESS.md](docs/development/RELEASE_PROCESS.md).\n\n## Quick Start\n\nAfter `mvn package`, run a scan with the packaged CLI jar:\n\n```sh\njava -jar target/agent-project-memory-1.2.0.jar scan /path/to/java-spring-project\n```\n\nThe packaged CLI also supports help and version commands without scanning:\n\n```sh\njava -jar target/agent-project-memory-1.2.0.jar --help\njava -jar target/agent-project-memory-1.2.0.jar help\njava -jar target/agent-project-memory-1.2.0.jar scan --help\njava -jar target/agent-project-memory-1.2.0.jar --version\njava -jar target/agent-project-memory-1.2.0.jar version\n```\n\nCLI exit codes are stable for automation:\n\n- `0`: success, help, or version.\n- `1`: unexpected internal error.\n- `2`: usage error, such as an unknown command, unknown flag, or malformed command.\n- `3`: scan input error, such as a missing scan path, missing directory, or unsafe output\n  path.\n- `4`: invalid scan config.\n- `5`: output generation or write error.\n\nNormal scan stdout is concise and deterministic: it reports `.project-memory`\npreparation, generated file names with stable fact counts when outputs are written, and\na bounded diagnostics summary.\n\n`scan \u003cpath\u003e` validates that the path exists and is a directory, then creates or reuses:\n\n```text\n\u003cpath\u003e/.project-memory/\n```\n\nExisting unrelated contents inside `.project-memory/` are preserved. Generated files are\nrewritten deterministically when supported Maven module roots, source-visible Maven\nmetadata from module POMs, supported Gradle build files or static settings includes,\nsupported root source, test, or resource roots, supported config files, local\nOpenAPI/Swagger spec files, safe default-scope local Markdown documents, Spring\nrepository signals, Spring configuration surface signals, Spring behavior or messaging\nlistener signals, or Maven/Gradle module warnings are detected.\n\nWhen the scanned path has a root `pom.xml`, the current implementation discovers the\nscan root and root-declared Maven child modules, then runs the Spring MVC endpoint,\nSpring component, Spring repository signal, Spring configuration surface, Spring\nbehavior/messaging signal, Spring Security configuration warning, JPA entity, hidden\nHTTP surface warning, and tests inventory analyzers per supported module. For\nGradle inputs, the current implementation discovers accepted root Gradle build files,\nsimple static `settings.gradle` or `settings.gradle.kts` include declarations, and\nstandard Gradle Java/source/test/resource roots without executing Gradle or resolving an\neffective Gradle model. For\ncompatibility with earlier local source-root scans, a\nrepository without a root `pom.xml` but with supported root source, test, or resource roots is\nrepresented as the scan-root module with module discovery marked `not_detected`.\n\nThe analyzer extracts Spring MVC controllers and source-visible interface-declared\nSpring MVC mappings that can be uniquely bound to concrete handlers, direct Spring\nstereotype components on classes and interfaces, deterministic hidden HTTP surface\nwarnings, direct JPA entity annotations with conservative source-visible\nmapped-superclass identifier fields, standard Maven or Gradle test-root classes with\nconservative helper filtering, direct source-visible Maven metadata from module POMs,\ndirect source-visible Maven dependency and plugin declarations from module POMs, and\nbounded Gradle build layout observations, plus\npath-only standard resource-root and supported application/logging config-file\ninventory. It also emits direct source-visible `@Repository` repository surface facts\nand inferred source-visible Spring Data repository interface extension signals in a\nseparate Spring application surface section, with conservative inferred repository/entity\nlinks when a supported Spring Data generic type matches exactly one emitted entity fact,\nplus direct source-visible `@Configuration`\nclass, `@ConfigurationProperties` type, and `@Bean` method signals without runtime bean\ngraph or binding claims, direct source-visible `@Transactional`, `@Scheduled`, and\n`@EventListener` signals, and common source-visible Kafka/Rabbit listener annotation\nsignals without runtime transaction, scheduler, event delivery, message topology, or\nbroker behavior claims, plus source-visible Spring Security configuration warnings for\nsupported security annotations and `SecurityFilterChain` `@Bean` methods without\nsecurity policy, endpoint protection, authentication, authorization, filter-chain\nordering, vulnerability, or correctness claims. It also discovers common local\nOpenAPI/Swagger spec filenames as declared API\ninputs, extracts minimal spec-backed declared OpenAPI/Swagger operations, discovers\ngenerated-source/codegen root metadata without reading generated source contents, and\ndiscovers safe default-scope local Markdown document inventory with deterministic ATX heading\nreferences and bounded chunk references, with resolving document evidence for file,\nheading, chunk, and bounded reconciliation mention observations, plus conservative\n`documents.reconciliation` inspection hints for document-only endpoint-like path\nmentions, document-only module references, and source-backed API/module facts with no\nobvious default-scope document mention, plus compact local-document guide rendering from\nstructured document inventory, bounded heading/chunk references, and uncertain\nreconciliation hints, then writes:\n\n```text\n\u003cpath\u003e/.project-memory/project-map.json\n\u003cpath\u003e/.project-memory/endpoints.md\n\u003cpath\u003e/.project-memory/evidence-index.jsonl\n\u003cpath\u003e/.project-memory/agent-guide.md\n```\n\n`project-map.json` is the minimal stable machine-readable project map. Current\ndevelopment output uses `schema_version: \"1.0\"` and includes redacted scan metadata for\nsafe root-local config selection, detected root `pom.xml` build metadata when present,\naccepted Gradle build-file summary fields when present, Maven or Gradle module\ninventory,\nmodule-owned source-visible Maven metadata under\n`project.modules.items[].build_config.maven.metadata`, module-owned source-visible Maven\ndependency inventory under `project.modules.items[].build_config.maven.dependencies` and\n`dependency_management`, module-owned source-visible Maven plugin inventory under\n`project.modules.items[].build_config.maven.plugins` and `plugin_management`,\nmodule-owned bounded Gradle build-file orientation under\n`project.modules.items[].build_config.gradle`, compatibility source and test root\nsummaries, module-owned standard resource-root inventory under\n`project.modules.items[].build_config.resources`, module-owned path-only supported\napplication/logging config-file inventory under\n`project.modules.items[].build_config.config_files`, module-owned direct source-visible\nSpring Boot application signals under\n`project.modules.items[].build_config.spring_boot_applications`, API surface categories\nfor source-visible endpoint facts, local OpenAPI/Swagger spec file facts under\n`api_surface.openapi.spec_files`, minimal declared operation facts under\n`api_surface.openapi.operations`, top-level generated-source/codegen policy and\nmetadata-only root inventory under `generated_sources`, direct `module_id`\nfields on module-owned facts, Spring MVC endpoint facts, hidden HTTP surface,\ngenerated-source, and Maven module warnings that are not expanded into endpoint/API\nfacts, direct component inventory, direct JPA entity facts with bounded source-visible\nfield metadata, partial embedded/identifier signals, relationship metadata, and\nrepository/entity relation statuses for the current JPA/domain slice, a bounded\nsource-visible tests inventory with stable test IDs, module ownership, direct framework\nsignal classifications, supported JUnit test method annotations, direct Spring test\nslice annotations, conservative mock annotation signals, and conservative\ntested-subject relation/status rows, a top-level `quality` object with conservative\ntest-gap and change-risk planning hints,\nthe staged `spring_application_surface.repositories` repository signal inventory,\nthe staged `spring_application_surface.configuration` configuration class,\nconfiguration-properties, and bean method inventories,\n`spring_application_surface.behavior` transaction, scheduled, and event listener\ninventories, `spring_application_surface.messaging.listener_signals` inventories, and\n`spring_application_surface.security.configuration_warnings` warning-ID references, a\ntop-level `scan` object with redacted config, feature, path-policy, and diagnostic\nmetadata, and a top-level `documents` object with deterministic default-scope local\nMarkdown discovery policy metadata, document inventory, ATX heading references, and\nbounded chunk references, conservative low-confidence reconciliation hints, and evidence\nID references. The current Spring\napplication surface implementation emits\nrepository, configuration-surface, behavior, and messaging facts, plus Spring Security\nconfiguration warning references when bounded source-visible signals are detected. The\ncurrent v0.6 JPA/domain implementation emits field metadata for direct field-level\n`@Column`, `@Enumerated`, `@GeneratedValue`, and `@Version` annotations, direct\n`@Embeddable` facts, direct field-level `@Embedded`/`@EmbeddedId` signals, and direct\nclass-level `@IdClass` composite-id signals, direct source-visible relationship\nmetadata, conservative Spring Data repository/entity inferred relations, and quiet\nno-domain guide rendering without runtime schema, access-strategy, generated-identifier,\noptimistic-locking, composite-key, relationship target-resolution, repository runtime,\nor provider-default claims.\n`endpoints.md` is a deterministic API surface Markdown inventory that keeps\nsource-visible Spring MVC endpoints, declared OpenAPI operations, generated-source API\nsignals, repository-rest warnings, and hidden HTTP warnings in separate sections.\n`evidence-index.jsonl` contains source-backed evidence records referenced by generated\nfacts. `agent-guide.md` is a deterministic orientation guide generated only from the\nstructured project-map facts and evidence index.\n\nCompatibility and migration notes:\n\n- The v0.9-to-v1.0 output migration is limited to the normal generated\n  `project-map.json` marker moving from `schema_version: \"0.9\"` to `\"1.0\"`. The current\n  JSON shape and evidence semantics are preserved.\n- The v1.1 Gradle expansion keeps `schema_version: \"1.0\"` and adds Gradle and mixed\n  Maven/Gradle fields only where Gradle inputs are detected. Existing Maven fields and\n  evidence semantics are preserved.\n- The v1.2 generated-source/codegen expansion keeps `schema_version: \"1.0\"` and adds\n  top-level `generated_sources` policy and root metadata with\n  `content_status: \"not_scanned\"`. Generated-source content scanning remains\n  unavailable, and `features.generated_sources: true` remains invalid config.\n- Consumers that accept only known schema markers should add `\"1.0\"` for the preserved\n  v0.9 shape. Regenerate the four `.project-memory/` files together so JSON facts,\n  evidence IDs, and Markdown evidence references stay aligned.\n- `project-map.json` and `evidence-index.jsonl` are the stable machine-readable\n  outputs. `endpoints.md` and `agent-guide.md` are deterministic human-readable\n  presentations; their filenames, cautious categories, and evidence visibility are\n  documented expectations, while exact Markdown wording or layout may evolve.\n- Future breaking changes, deprecations, and required migration steps are documented in\n  the architecture contract, changelog, and release notes for the release that changes\n  behavior.\n\n## Future Installed Usage\n\nThe current supported path is the release jar documented above. The command forms below\ndescribe the intended installed-command UX for a future distribution channel; no\nfirst-party shell wrapper, Homebrew formula, JBang catalog, Maven Central CLI\ninstallation, SDKMAN/asdf plugin, native image, or container image is currently\npublished.\n\nFuture installed command:\n\n```sh\nagent-project-memory scan .\n```\n\nFuture installed help and version command forms:\n\n```sh\nagent-project-memory --help\nagent-project-memory help\nagent-project-memory scan --help\nagent-project-memory --version\nagent-project-memory version\n```\n\nThe same output files:\n\n```text\n.project-memory/project-map.json\n.project-memory/evidence-index.jsonl\n.project-memory/endpoints.md\n.project-memory/agent-guide.md\n```\n\nThese files are meant to give humans and coding agents a compact, evidence-backed map\nof the project: detected build layout, Spring MVC endpoints, generated-source/codegen\nmetadata, important components, and references back to the source files that prove each\nfact.\n\n## Public Documentation Map\n\nStart here:\n\n- v1.2 release summary: [docs/product/V1_2_RELEASE_NOTES.md](docs/product/V1_2_RELEASE_NOTES.md).\n- v1.1 release summary: [docs/product/V1_1_RELEASE_NOTES.md](docs/product/V1_1_RELEASE_NOTES.md).\n- v1.0 release summary: [docs/product/V1_0_RELEASE_NOTES.md](docs/product/V1_0_RELEASE_NOTES.md).\n- v0.9 release summary: [docs/product/V0_9_RELEASE_NOTES.md](docs/product/V0_9_RELEASE_NOTES.md).\n- v0.8 release summary: [docs/product/V0_8_RELEASE_NOTES.md](docs/product/V0_8_RELEASE_NOTES.md).\n- v0.7 release summary: [docs/product/V0_7_RELEASE_NOTES.md](docs/product/V0_7_RELEASE_NOTES.md).\n- v0.6 release summary: [docs/product/V0_6_RELEASE_NOTES.md](docs/product/V0_6_RELEASE_NOTES.md).\n- v0.5 release summary: [docs/product/V0_5_RELEASE_NOTES.md](docs/product/V0_5_RELEASE_NOTES.md).\n- v0.4 release summary: [docs/product/V0_4_RELEASE_NOTES.md](docs/product/V0_4_RELEASE_NOTES.md).\n- v0.3 release summary: [docs/product/V0_3_RELEASE_NOTES.md](docs/product/V0_3_RELEASE_NOTES.md).\n- v0.2 release summary: [docs/product/V0_2_RELEASE_NOTES.md](docs/product/V0_2_RELEASE_NOTES.md).\n- v0.1 release summary: [docs/product/V0_1_RELEASE_NOTES.md](docs/product/V0_1_RELEASE_NOTES.md).\n- v1.0 evaluation corpus summary:\n  [docs/development/evaluations/v1.0-evaluation-corpus_SUMMARY.md](docs/development/evaluations/v1.0-evaluation-corpus_SUMMARY.md).\n- v1.1 Gradle evaluation summary:\n  [docs/development/evaluations/v1.1-gradle-java-spring_SUMMARY.md](docs/development/evaluations/v1.1-gradle-java-spring_SUMMARY.md).\n- Product scope and boundaries: [docs/product/MVP_SPEC.md](docs/product/MVP_SPEC.md) and\n  [docs/product/NON_GOALS.md](docs/product/NON_GOALS.md).\n- Product direction and release tracks:\n  [docs/product/POST_V0_1_STRATEGY.md](docs/product/POST_V0_1_STRATEGY.md) and\n  [docs/product/ROADMAP.md](docs/product/ROADMAP.md).\n- Output and evidence contracts:\n  [docs/architecture/OUTPUT_CONTRACT.md](docs/architecture/OUTPUT_CONTRACT.md) and\n  [docs/architecture/EVIDENCE_MODEL.md](docs/architecture/EVIDENCE_MODEL.md).\n- Architecture overview:\n  [docs/architecture/ARCHITECTURE_OVERVIEW.md](docs/architecture/ARCHITECTURE_OVERVIEW.md) and\n  [docs/architecture/INGESTION_ARCHITECTURE.md](docs/architecture/INGESTION_ARCHITECTURE.md).\n- Roadmap: [docs/product/ROADMAP.md](docs/product/ROADMAP.md).\n- Changelog: [CHANGELOG.md](CHANGELOG.md).\n- Contributing, release process, and security:\n  [CONTRIBUTING.md](CONTRIBUTING.md),\n  [docs/development/RELEASE_PROCESS.md](docs/development/RELEASE_PROCESS.md), and\n  [SECURITY.md](SECURITY.md).\n\nPublic evaluation summaries are linked from the release notes as supporting detail.\n\n## What This Is Not\n\n`agent-project-memory` is not:\n\n- a generic AI documentation generator,\n- a repository chatbot,\n- a RAG system,\n- a SaaS product,\n- a hosted codebase wiki,\n- a tool that treats LLM output as the source of truth,\n- an automatic code modification system.\n\nAI may become an optional presentation or summarization layer later, but the core project\nmemory must come from deterministic analysis, explicit output contracts, and evidence\nreferences.\n\n## Project Status\n\nThe latest published release is `v1.2.0`. It ships an executable jar and `SHA256SUMS`\nasset. Local builds produce `target/agent-project-memory-1.2.0.jar`. Normal generated\n`project-map.json` files use\n`schema_version: \"1.0\"` as a stable-line marker. The v1.2 generated-source/codegen\nmetadata expansion is additive: existing Maven, Gradle, source-visible output, and\nevidence semantics are preserved, while generated-source roots are reported as\nmetadata-only inventory with `content_status: \"not_scanned\"`.\n\nThe current Java/Spring line includes module-aware Maven analysis, build/config\norientation, bounded static Gradle Java/Spring layout support, source-visible Spring\nMVC and application-surface signals, declared OpenAPI operations, bounded JPA/domain\nmetadata, source-visible test and quality planning signals, default-scope local Markdown\ndocument inventory, redacted scan metadata, safe root-local YAML config support, stable\nCLI help/version behavior, and documented release-jar verification.\n\nEarlier v0.x release notes remain available for historical scope, compatibility, and\nvalidation details. Future connector/import work remains a later optional adapter track\nand is not started.\n\nThe current implementation includes a Java 21 Maven-built CLI, root-declared Maven\nmodule discovery, bounded static Gradle root and multi-project discovery,\nJavaParser-backed Spring MVC endpoint extraction, source-visible interface mapping\nsupport when uniquely bindable, stable `project-map.json` and `evidence-index.jsonl`\noutputs, deterministic module-owned source-visible Maven metadata, dependency, and\nplugin extraction, deterministic bounded Gradle build-file and standard-root\norientation, deterministic direct Spring component and JPA entity inventories,\ndeterministic path-only resource-root and supported config-file\ndiscovery, deterministic hidden HTTP surface, generated-source, and Maven module\nwarnings, deterministic local OpenAPI/Swagger spec file discovery as declared API\ninputs, minimal deterministic OpenAPI/Swagger operation extraction as spec-backed\ndeclared operation facts, deterministic generated-source/codegen metadata-only\ninventory under `generated_sources`, a minimal deterministic tests inventory, deterministic\nrepository signal extraction for direct `@Repository` and supported Spring Data\nrepository interface extensions, deterministic configuration surface extraction for\ndirect `@Configuration`, direct `@Bean`, and direct `@ConfigurationProperties`\nobservations, deterministic behavior and messaging signal extraction for direct\n`@Transactional`, `@Scheduled`, `@EventListener`, and common Kafka/Rabbit listener\nannotations, deterministic Spring Security configuration warning extraction for\nsupported security annotations and `SecurityFilterChain` `@Bean` methods, deterministic\ndirect source-visible JPA field annotation extraction for `@Column`, `@Enumerated`,\n`@GeneratedValue`, and `@Version`, deterministic partial embedded and identifier model\nsignals for direct `@Embeddable`, `@Embedded`, `@EmbeddedId`, and `@IdClass`,\ndeterministic direct source-visible relationship metadata extraction for relationship\ncardinality, direct `mappedBy`, bounded `@JoinColumn` and `@JoinTable` metadata, and\ndirect relationship `optional`, `fetch`, `cascade`, and `orphanRemoval` attributes,\ndeterministic bounded tests inventory refinement for direct JUnit Jupiter/JUnit 4 test\nmethod annotations and direct JUnit/Spring Test framework signals where source origin is\ntrusted, direct Spring test slice annotation extraction for `@SpringBootTest`,\n`@WebMvcTest`, `@DataJpaTest`, and `@ContextConfiguration`, conservative\nsource-visible `@MockBean` and `@SpyBean` annotation signals on emitted test classes,\nconservative tested-subject relation/status rows from supported naming, exact\nproduction imports, direct field types, and direct Spring test slice class literals,\nconservative test-gap and change-risk planning hints from existing deterministic facts\nand inferred tested-subject relations, deterministic default-scope local Markdown\ndocument discovery, inventory, ATX heading references, and bounded chunk references with\nsafe path exclusions, aggregate caps, and no symlink following, conservative local\nMarkdown/code reconciliation hints kept under `documents.reconciliation`, deterministic\nroot-local `agent-project-memory.yml` config discovery with optional explicit\n`scan \u003cpath\u003e --config \u003crepo-relative-yaml\u003e` selection, safe config defaults, local\nMarkdown-only user include/exclude refinement, non-overridable built-in document safety\nexclusions, reserved generated-source and symlink-following modes rejected when enabled,\nredacted `scan` metadata and bounded diagnostics that avoid raw config values and raw\nuser path patterns,\n`endpoints.md`, and deterministic `agent-guide.md` generation from the\nstructured facts and evidence index, including module-grouped Spring application\nsurface guidance, bounded JPA field metadata, embedded/id, relationship metadata\nguidance, source-visible test method/framework/slice/mock/tested-subject guidance, and\nquality/change-risk planning guidance\nthat keeps extracted facts, inferred signals, relation statuses, uncertain targets,\nnot-analyzed statuses, and warnings separate.\n\nCurrent limitations:\n\n- Maven module support is limited to the scan root and modules declared directly under\n  the root `pom.xml` `\u003cmodules\u003e` section. It does not resolve Maven profiles, recursively\n  discover nested modules, reconstruct effective POMs, build dependency graphs, or run\n  Maven.\n- Maven metadata extraction is limited to direct source-visible module POM text for\n  `groupId`, `artifactId`, `version`, `packaging`, and parent coordinates. It preserves\n  property references and expressions as source-visible values and does not fill missing\n  coordinates from Maven defaults, parent inheritance, profiles, or effective POM data.\n- Maven dependency inventory is limited to direct source-visible module POM\n  `\u003cdependencies\u003e\u003cdependency\u003e` declarations and separate direct\n  `\u003cdependencyManagement\u003e\u003cdependencies\u003e\u003cdependency\u003e` management declarations. It\n  preserves direct `groupId`, `artifactId`, `version`, `scope`, `optional`, `type`, and\n  `classifier` text when present, preserves property references and expressions as\n  source-visible values, and does not resolve parent, managed, profile, effective, or\n  transitive dependency behavior.\n- Maven plugin inventory is limited to direct source-visible module POM\n  `\u003cbuild\u003e\u003cplugins\u003e\u003cplugin\u003e` declarations and separate direct\n  `\u003cbuild\u003e\u003cpluginManagement\u003e\u003cplugins\u003e\u003cplugin\u003e` management declarations. It preserves\n  direct plugin coordinates, bounded direct execution IDs, phases, goals, and conservative\n  configuration/generator signal names without storing arbitrary plugin configuration\n  values. It does not resolve plugin versions, reconstruct lifecycle bindings, inherit\n  executions, execute plugins, scan generated sources by default, parse OpenAPI\n  operations, or create generated API/endpoint facts from plugin signals.\n- Gradle support is limited to accepted root `settings.gradle`, `settings.gradle.kts`,\n  `build.gradle`, and `build.gradle.kts` files, project `build.gradle` or\n  `build.gradle.kts` files under supported Gradle project directories, simple static\n  string-literal settings includes, and standard Java/test/resource roots. It does not\n  execute Gradle, invoke the wrapper, use the Gradle Tooling API, evaluate build\n  scripts, resolve plugins, dependencies, repositories, tasks, effective models, custom\n  `sourceSets`, `projectDir` remapping, included builds, or Kotlin source structure.\n- Resource-root discovery is limited to standard `src/main/resources` and\n  `src/test/resources` roots under supported modules. Config-file discovery is limited\n  to supported Spring `application.properties`, `application.yml`, `application.yaml`,\n  profile-specific `application-*` variants, and supported logging configuration\n  filenames. It records paths and filename-derived metadata only; it does not parse or\n  output config keys, values, YAML nodes, XML elements, environment placeholders,\n  decrypted values, profile activation, or runtime configuration precedence.\n- Spring Boot application build/config signals are limited to direct source-visible\n  `@SpringBootApplication` annotations under supported production source roots and a\n  bounded source-visible `static void main(String[] args)` or varargs `main` method\n  signal on the annotated class. They do not prove executable jar packaging, active\n  profiles, runtime auto-configuration, component scanning results, bean graphs,\n  deployment behavior, or actual process entrypoint behavior.\n- Component inventory is limited to direct source-type-level `@Component`, `@Service`,\n  `@Repository`, `@Controller`, `@RestController`, and `@Configuration` annotations on\n  Java classes or interfaces under `src/main/java`. It does not infer repositories from\n  `extends JpaRepository` without a direct supported stereotype. Inferred Spring Data\n  repository interface extension signals live separately under\n  `spring_application_surface.repositories`, not in `components.items`.\n- Component analysis does not model Spring component scanning semantics, bean lifecycle,\n  bean names, scopes, conditional configuration, dependency injection, or autowiring graphs.\n- Spring application surface repository analysis is limited to repository signals:\n  direct source-visible `@Repository` observations and inferred source-visible Java\n  interfaces that directly extend a supported Spring Data repository base type visible\n  through a fully qualified name or explicit single-type import. Supported base types\n  are `org.springframework.data.repository.Repository`,\n  `org.springframework.data.repository.CrudRepository`,\n  `org.springframework.data.repository.PagingAndSortingRepository`,\n  `org.springframework.data.jpa.repository.JpaRepository`, and\n  `org.springframework.data.mongodb.repository.MongoRepository`. Repository/entity\n  relations are inferred only when a supported source-visible repository generic type\n  can be matched to exactly one emitted entity fact; missing, ambiguous, raw, wildcard,\n  nested, or otherwise unsupported generic shapes use explicit relation statuses and do\n  not emit relation objects. It does not perform dependency type solving, wildcard-import\n  fallback, runtime Spring Data reconstruction, query method parsing, database access\n  analysis, dependency graph analysis, or runtime repository/entity verification.\n- Spring application surface configuration analysis is limited to direct source-visible\n  `@Configuration` classes, direct source-visible `@ConfigurationProperties` types, and\n  direct source-visible `@Bean` methods visible through a fully qualified name or\n  explicit single-type import. It does not extract configuration file values, emit\n  `@ConfigurationProperties` `prefix` or `value` annotation values, prove binding\n  success, infer active profiles, reconstruct runtime bean graphs, infer effective bean\n  names, or model scopes, lifecycle, proxies, autowiring, or dependency graphs.\n- Spring application surface behavior analysis is limited to direct source-visible\n  Spring `@Transactional` annotations on Java types and methods, direct source-visible\n  Spring `@Scheduled` methods, and direct source-visible Spring `@EventListener`\n  methods visible through a fully qualified name or explicit single-type import. It\n  does not interpret transaction propagation, effective transaction managers, rollback\n  behavior, scheduler enablement, runtime registration, frequency correctness, cluster\n  behavior, event publication paths, listener ordering, transaction phases, event\n  delivery, or call graph effects.\n- Spring application surface messaging analysis is limited to direct source-visible\n  Spring Kafka `@KafkaListener`/`@KafkaListeners` and Spring AMQP Rabbit\n  `@RabbitListener`/`@RabbitListeners` annotations on Java types and methods visible\n  through a fully qualified name or explicit single-type import. It records annotation\n  presence and framework family only; it does not serialize topic, queue, exchange,\n  routing-key, or group-id annotation values, verify broker topology, infer consumer\n  groups, bindings, delivery semantics, or deployment configuration.\n- Spring application surface security analysis is limited to source-visible Spring\n  Security configuration warnings for supported direct security annotations and\n  `SecurityFilterChain` `@Bean` methods visible through a fully qualified name or\n  explicit single-type import. It records warning/change-risk signals only; it does not\n  analyze security policy, endpoint protection state, authentication behavior,\n  authorization behavior, runtime filter-chain ordering, vulnerabilities, or security\n  correctness.\n- Entity analysis is limited to direct class-level `@Entity`, direct class-level\n  `@Table(name = \"...\")`, field-level `@Id` declared on the entity class or on a\n  conservative source-visible `@MappedSuperclass` chain, field-level `@Column`,\n  `@Enumerated`, `@GeneratedValue`, and `@Version` annotations on direct entity fields,\n  direct `@Embeddable` classes, direct field-level `@Embedded` and `@EmbeddedId`\n  signals, direct class-level `@IdClass` signals, and field-level `@ManyToOne`,\n  `@OneToMany`, `@OneToOne`, and `@ManyToMany` annotations under `src/main/java`.\n- Entity field metadata is limited to supported direct field-level annotations on the\n  entity class. It records only bounded source-visible annotation attributes for\n  `@Column`, `@Enumerated`, and `@GeneratedValue`, plus direct `@Version` presence, and\n  does not fill runtime JPA defaults.\n- Entity relationship metadata is limited to supported direct field-level relationship\n  annotations and direct source-visible annotation attributes. It records cardinality\n  from the relationship annotation, direct string-literal `mappedBy`, bounded direct\n  `@JoinColumn` and `@JoinTable` metadata, and direct `optional`, `fetch`, `cascade`,\n  and `orphanRemoval` values when supported. Missing attributes remain `null` or empty\n  arrays, relationship targets remain declared-type-only and uncertain, and the output\n  does not claim ORM ownership correctness, foreign keys, join tables, database\n  constraints, fetch behavior, cascade behavior, provider defaults, or runtime ORM\n  behavior.\n- Entity embedded/id support is partial: it records direct `@Embeddable`,\n  `@Embedded`, `@EmbeddedId`, and `@IdClass` source-visible signals, links embedded\n  targets only when a unique local embeddable can be matched deterministically, and\n  marks unresolved embedded targets and `@IdClass` semantic reconstruction explicitly.\n- Entity analysis does not implement getter/property-access mapping, full composite-key\n  semantic reconstruction, schema generation, transactional semantics, symbol solving,\n  relationship target resolution, runtime repository/entity verification, or ORM runtime\n  behavior.\n- API surface spec discovery is limited to common local filenames such as\n  `openapi.yml`, `openapi.yaml`, `openapi.json`, `swagger.yml`, `swagger.yaml`, and\n  `swagger.json`. It records normalized repository-relative paths, format, spec kind,\n  bounded version signals when directly visible near the file header, module ownership\n  when the file is under a supported module, and `api_spec` evidence. Minimal operation\n  extraction reads bounded local YAML/JSON specs and records only declared path, HTTP\n  method, bounded `operationId`, bounded tags, `implementation_status: \"not_analyzed\"`,\n  and operation `api_spec` evidence. It does not validate the full spec, follow `$ref`,\n  fetch external schemas, claim implementation, treat symlink entries as spec files, or\n  scan generated-source roots. Invalid or unsupported specs degrade to warnings rather\n  than endpoint facts.\n- Generated-source/codegen metadata remains warning, inventory, and guide orientation\n  only. Generated roots are reported with `content_status: \"not_scanned\"` and\n  `source_origin: \"metadata_only\"`; generated-source contents are not read, do not\n  produce scanned-content evidence, and do not create endpoint, component, Spring/JPA,\n  test, or API implementation facts. `features.generated_sources: false` remains a\n  valid reserved config value, while `features.generated_sources: true` remains invalid\n  config.\n- Hidden HTTP surface and generated-source warnings are limited to OpenAPI/Swagger spec filename presence,\n  supported module `pom.xml` OpenAPI/Swagger Maven plugin declarations under\n  `\u003cbuild\u003e\u003cplugins\u003e` or `\u003cbuild\u003e\u003cpluginManagement\u003e\u003cplugins\u003e`, bounded Maven generator,\n  annotation-processor, generated-source configuration, and build-helper add-source\n  signals, common local generated-source root path presence such as\n  `target/generated-sources`, and direct `@RepositoryRestResource`. Generated-source path\n  warnings record the normalized path only and do not read generated source contents.\n  These warnings do not create endpoint facts, parse OpenAPI schemas, run Maven\n  generation, scan `target/generated-sources` by default, or reconstruct generated APIs.\n- Relationship facts preserve the declared field type and direct source-visible\n  relationship metadata only; target type resolution is explicitly marked uncertain.\n- Tests inventory is limited to test-like Java classes under supported standard Maven or\n  Gradle `src/test/java` roots; helper/support/configuration declarations without clear test\n  naming or direct test-class marker annotations are omitted. Test method inventory is\n  limited to directly declared methods with supported directly visible JUnit Jupiter or\n  JUnit 4 test annotations resolved from a fully qualified annotation name or explicit\n  single-type import. Lifecycle, setup, teardown, helper, support, and configuration\n  methods are not counted as test methods.\n- Test framework signals are limited to directly visible imports and annotations for\n  JUnit Jupiter, JUnit 4, and Spring Test signals where the source origin is trusted.\n  Import evidence is attached only to top-level emitted test classes; nested emitted\n  test classes use their own class or method annotation evidence. These signals do not\n  prove test engine execution, CI behavior, assertion behavior, runtime Spring context\n  startup, or coverage.\n- Spring test slice and mock annotation signals are limited to directly visible\n  supported annotations on emitted test classes. Direct slice annotation class literals\n  may contribute only conservative tested-subject relation/status rows. Slice/mock\n  signals do not reconstruct runtime Spring test contexts, prove MockMvc setup, bean\n  graph contents, database access, Mockito behavior, or slice correctness.\n- Tested-subject rows are conservative inferred/statused hints from supported naming\n  conventions, exact production-class imports, direct test field types, and direct\n  Spring test slice class literals against production classes in the same supported\n  module. Ambiguous, missing, unsupported, or absent signals are represented with\n  explicit relation statuses, low confidence, and uncertainty instead of coverage or\n  runtime claims.\n- Tests inventory does not claim code coverage, test execution results, behavioral\n  assertion analysis, call graph resolution, symbol solving, or complete subject mapping.\n- Quality test-gap and change-risk signals are conservative planning hints derived from\n  existing deterministic facts and inferred tested-subject relations. They do not claim\n  coverage, test execution, assertion behavior, CI results, runtime behavior, production\n  impact, vulnerability, correctness, business priority, or complete subject mapping.\n- `agent-guide.md` is generated from existing deterministic output facts only. It may\n  render compact local Markdown document inventory, bounded heading/chunk navigation\n  references, and uncertain reconciliation hints from structured `documents` facts, but\n  it does not render document bodies, summarize source files or local docs, infer\n  architecture layers, or add claims beyond extracted facts, explicit inferences, and\n  known uncertainty labels.\n- Local Markdown/document ingestion is limited to conservative default-scope document\n  inventory, deterministic ATX heading references, and bounded chunk references with\n  `content_status: \"not_serialized\"` and resolving `document` evidence for file,\n  heading, chunk, and bounded reconciliation mention observations. Reconciliation rows\n  are low-confidence uncertain inspection hints only; they do not prove stale\n  documentation, missing documentation, coverage, completeness, correctness, or source\n  and document agreement. The current implementation caps emitted local Markdown output\n  at 256 accepted documents, 16 MiB of aggregate accepted Markdown bytes, 4096 heading\n  references, 4096 chunk references, 2048 reconciliation mention observations, and 2048\n  reconciliation rows per scan; cap hits are reported as bounded non-fatal\n  `scan.diagnostics` items and do not create evidence records. The implementation\n  renders local-document guide sections only from structured document facts and\n  evidence; it does not read\n  hidden/private/generated/dependency/maintainer paths, follow symlinks, or summarize or\n  serialize document bodies.\n- Root-local scan configuration is limited to the safe YAML schema introduced in v0.9:\n  `version: 1`, optional `features.local_markdown`, reserved\n  `features.generated_sources: false` and `features.follow_symlinks: false`, and optional\n  `documents.include`/`documents.exclude` path rules. User include/exclude rules apply\n  only to local Markdown discovery through normalized repository-relative paths, cannot\n  override built-in safety exclusions, and are summarized only through redacted counts\n  and statuses in `scan` metadata.\n- `evidence-index.jsonl` currently contains root and child `pom.xml` `build_file`\n  evidence when present, accepted Gradle build-file and static include `build_file`\n  evidence when present, bounded source-visible Maven metadata, dependency, plugin, and\n  module declaration `build_file` evidence, path-oriented `config_file` evidence,\n  bounded Spring MVC endpoint, warning, component stereotype, JPA annotation, Spring\n  Boot application, Spring repository stereotype and interface signal, local\n  OpenAPI/Swagger `api_spec`, generated-source path `path_signal`, tests inventory\n  evidence, and local Markdown `document` evidence for accepted file, heading, chunk,\n  and bounded reconciliation mention observations.\n- The CLI uses only Java standard library argument handling.\n\nFor the concise v0.1 scope, evaluation summary, limitations, and validation surface, see\n[docs/product/V0_1_RELEASE_NOTES.md](docs/product/V0_1_RELEASE_NOTES.md).\n\n## License\n\nApache-2.0. See [LICENSE](LICENSE). Runtime dependency notices are summarized in\n[THIRD-PARTY-NOTICES.md](THIRD-PARTY-NOTICES.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdondindondev%2Fagent-project-memory","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdondindondev%2Fagent-project-memory","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdondindondev%2Fagent-project-memory/lists"}