Persistent structural context and ultra-fast repeated analysis for AI coding agents
Project description
ASK Engine
ASK — Actionable Software Knowledge. Persistent structural intelligence for AI coding agents.
Context · Impact · Migration · Architecture · Review — everything from one structural model.
ASK Engine is the product. The CLI command is
ask. The legacysourcecodecommand still works as a deprecated alias (it prints a one-line notice and forwards toask) and remains the Python/PyPI package name for now. The authoritative version is whateverask versionreports. See docs/PRODUCT_IDENTITY.md.
The problem
Every time an AI coding agent starts a new session, it has to re-parse the repository from scratch. For a large Java or TypeScript monolith, that means 5–15 seconds per invocation. Multiply by dozens of agent turns per hour, and repo context acquisition becomes a real bottleneck — not just latency, but tokens, compute, and iteration velocity.
ASK Engine solves this with a persistent structural cache keyed on file content hashes. After the first scan, every subsequent invocation returns pre-built context in milliseconds. The repo doesn't change? The cache doesn't expire.
The cache is not a performance optimization. It is what makes ASK Engine usable as infrastructure rather than a one-off tool.
Proof — measured on real repos
| Repo | Size | Cold scan | Cache hit | Speedup |
|---|---|---|---|---|
| Keycloak | 7,885 Java files | 10.5s | 0.6s | ~17x |
| BroadleafCommerce | 2,985 Java files | 2.7s | 0.3s | ~9x |
Cache keyed on content hashes — invalidated only when source changes. On repeated agent sessions against the same codebase, nearly every invocation is a cache hit.
At 0.3s per call, ASK Engine becomes constant infrastructure inside agent loops — call it before every edit, every PR review, every test run, without batching or caching manually.
Install
# Homebrew (macOS / Linux)
brew tap haroundominique/sourcecode && brew install sourcecode
# pip / pipx
pipx install sourcecode # or: pip install sourcecode
ask version # ask 2.5.1
Package vs. command. The install package is named
sourcecodethis release (renaming the distribution is a separate, breaking change). Installing it gives you the canonicalaskcommand plus the deprecatedsourcecodealias.
Quickstart
# High-signal structural summary — warm cache ~0.3s, cold 2–10s
ask --compact
# Blast radius: what breaks if this class changes?
ask impact OrderService /path/to/repo
# Spring Boot 2→3 migration readiness (bounded decision summary)
ask migrate-check /path/to/repo --compact
# Spring semantic audit: TX anomalies + security surface
ask spring-audit /path/to/repo
# Onboard to an unfamiliar codebase
ask onboard /path/to/repo
# PR review: risk, test gaps, changed modules
ask review-pr /path/to/repo --since main
Full command reference: docs/USER_GUIDE.md.
Capabilities
Everything is computed from one cached structural model. Seven groups:
1 · Structural Context
Bounded, noise-free repo context designed to drop straight into an agent's context window.
ask --compact · ask --agent · ask onboard · ask cold-start
→ reference
2 · Impact Analysis
Blast radius from a class or interface — reverse dependencies, through Spring DI, to the HTTP endpoints a change reaches.
ask impact · ask impact-chain (TX/SEC-enriched) · ask pr-impact
→ reference
3 · Architecture Intelligence
The system map: module graph, dependency views, REST surface, per-class summaries, and a symbol-level IR for downstream tooling.
ask export · ask repo-ir · ask endpoints · ask explain
→ reference
4 · Migration & Modernization
Is this codebase ready to upgrade? Per-dimension readiness (Jakarta / Spring Boot / JDK / Hibernate), located blockers, and an effort estimate.
ask migrate-check · ask modernize
→ migrate-check reference · MODERNIZATION.md
5 · Spring Analysis
Deterministic Spring semantics: transactional anomalies (e.g. @Transactional on a private method = silent CGLIB no-op), security surface, request-body validation.
ask spring-audit · ask validation
→ reference
6 · Developer Workflows
The everyday loop: diff-based PR review, symptom-driven bug triage, and delta context for continuous agent runs.
ask review-pr · ask fix-bug · ask prepare-context
→ reference
7 · Utilities
ask rename-class (word-boundary Java rename) · ask chunk-file (split large files for agents) · ask cache (status / warm / clear / freshness)
→ reference
What it does — and doesn't
ASK Engine reduces exploration cost. It accelerates context acquisition and computes blast radius; it does not replace reading code — it reduces how often an agent needs to. All signals are static and deterministic (annotations, import graph, file structure) — no runtime analysis, no LLM guessing.
Honest limits worth knowing before you rely on it:
impacton an implementation class (OrderServiceImpl) returns 0 callers in Spring Boot — callers inject the interface. Always target the interface.no_security_signalon an endpoint means no recognized method-level annotation, not "unsecured" — Spring Security filter chains and custom authorization annotations show asno_security_signalunless taught via config (below).spring-audit/impact-chainare Java/Spring only; non-Java repos returnspring_detected: false.- Event topology (
--type events) resolves SpringApplicationEvent/@EventListenerchains only — not Kafka/RabbitMQ/Redis routes. - Architecture classification is tuned for Spring MVC layered apps; SPI/plugin models (e.g. Quarkus extensions) may be misclassified. JAX-RS subresource-locator endpoint recall is ~65%.
- Self-invocation
@Transactionalbypass (same-class call skipping the proxy) is not detected.
Pricing
🎉 Early-adoption: Pro is currently unlocked for everyone. Every install runs with full Pro entitlements — no size gate, no key. The tiers below describe the model the paywall will return to later.
Gating is by repo size and automation — never by command. Every command runs at full power on Free for small and mid-size repos; you upgrade when the work gets bigger or automated.
| Free — €0 | Pro — €19/mo · €190/yr per dev | |
|---|---|---|
| Repo size | ≤ 500 Java source files | > 500 Java files (enterprise monoliths) |
| Commands | All of them, full output | Same commands, unlocked at scale |
impact / fix-bug / review-pr / modernize |
✅ full on small repos | ✅ full on large repos (Free gets a capped preview) |
prepare-context delta |
30 free runs/repo | unlimited — CI/CD automation |
| MCP local server, offline, no data egress | ✅ | ✅ |
Non-Java repos are free at any size — the size limit counts Java source files only.
ASK Engine monetises enterprise Java monoliths. Activate with ask activate <key>.
Full breakdown: docs/PRODUCT_TIERS.md.
Configuration & privacy
ask config # version, config file path, telemetry status
ask telemetry disable # anonymous telemetry is on by default (opt-out)
Telemetry collects version, OS, commands, flags, duration, repo-size range, and errors —
no source code, paths, secrets, or output. Disable any time with
export SOURCECODE_TELEMETRY=0 (or DO_NOT_TRACK=1).
Custom security annotations. Teach endpoints, spring-audit, and explain about
project-specific authorization annotations via an optional sourcecode.config.json at the
repo root (otherwise they report policy: "none_detected"):
{
"customSecurityAnnotations": [
{ "fullyQualifiedName": "com.example.security.CustomSecurityAnnotation", "shortName": "CustomSecurityAnnotation" }
]
}
Matching endpoints report policy: "custom" and drop out of the no_security_signal count.
Documentation
| Doc | What it covers |
|---|---|
| USER_GUIDE.md | Full command reference, flags, output schema, workflows |
| migrate-check.md | Migration rule catalogue (MIG-001..043) + Hibernate stratification |
| MODERNIZATION.md | The modernization product: assess → understand → plan → execute |
| PRODUCT_TIERS.md | Free vs Pro, pricing model |
| DEMO-5MIN.md | A reproducible 5-minute demo |
| MANUAL-USUARIO.md | Guía de usuario en español |
| PRODUCT_IDENTITY.md | ask (command) vs sourcecode (package/alias) |
| privacy.md | Telemetry and data-handling policy |
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sourcecode-2.5.12.tar.gz.
File metadata
- Download URL: sourcecode-2.5.12.tar.gz
- Upload date:
- Size: 858.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1494ad7bd9c7933390b91488ba7d090608c6c4a57e99db00427cd01ef5fd434d
|
|
| MD5 |
a51c989754eeb24e1f9c216d199d3a5c
|
|
| BLAKE2b-256 |
191addfb0ad320e43bd40154f9898b80d6f2bf563670a5237b6dbe25bc5b795c
|
File details
Details for the file sourcecode-2.5.12-py3-none-any.whl.
File metadata
- Download URL: sourcecode-2.5.12-py3-none-any.whl
- Upload date:
- Size: 872.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4bdb293eebf3038dc8ef2b08d66283b61724bf460e4223f423a0010cd778415f
|
|
| MD5 |
4d9a6aca1b2b2706fc4d81765e059b1d
|
|
| BLAKE2b-256 |
325e86e70d54ee2c3f7a324bfb96b94473f30d1aa7bf190a08a14affbae4afc2
|