MethodAtlas API

MethodAtlas is a command-line tool and library for scanning Java test source trees, extracting structured metadata about JUnit 5 test methods, and optionally enriching that metadata with AI-generated security classification suggestions.

The tool parses source files without compiling them, which allows it to run against any Java project regardless of build setup. For each discovered test method it reports the fully qualified class name, method name, inclusive line count, and any JUnit @Tag values already present in the source. When AI enrichment is enabled, it also produces suggested security tags, a human-readable @DisplayName, an explanatory rationale, and an optional confidence score.

Key Capabilities

• Source-level test inventory — discovers @Test, @ParameterizedTest, @RepeatedTest, @TestFactory, and @TestTemplate methods without symbol resolution or compilation.
• Multiple output formats — CSV (default), plain text, and SARIF 2.1.0 for direct integration with GitHub Code Scanning and other SAST tooling.
• AI-assisted security classification — submits each test class to a configurable AI provider (Ollama, OpenAI, OpenRouter, Anthropic, or auto-detected) and returns per-method security relevance, taxonomy tags, and reasoning.
• Source write-back — the -apply-tags mode inserts AI-generated @DisplayName and @Tag annotations directly into the source files using a lexical-preserving printer.
• Manual AI workflow — a two-phase prepare/consume mode for operators who interact with an AI through a chat interface rather than a direct API.
• Content fingerprinting — optional SHA-256 content hash per class enables incremental scanning and result traceability across runs.
• YAML configuration — scan settings can be stored in a shared configuration file and overridden selectively on the command line.

Package Structure

org.egothor.methodatlas

Core application layer. Contains the main entry point (MethodAtlasApp), command-line argument parsing (CliArgs, CliConfig), output rendering (OutputEmitter, SarifEmitter), annotation inspection (AnnotationInspector), and source write-back (TagApplier).

org.egothor.methodatlas.ai

AI integration layer. Defines the provider-agnostic AiSuggestionEngine contract, provider client implementations (OllamaClient, OpenAiCompatibleClient, AnthropicClient), the controlled security taxonomy (DefaultSecurityTaxonomy, OptimizedSecurityTaxonomy), prompt construction (PromptBuilder), and the manual workflow engines (ManualPrepareEngine, ManualConsumeEngine).

License

Copyright © 2026 Egothor
Copyright © 2026 Accenture

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this software except in compliance with the License. You may obtain a copy of the License at

https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Packages

Package	Description
org.egothor.methodatlas	Provides the core command-line utility for analyzing Java test sources and producing structured metadata about JUnit test methods.
org.egothor.methodatlas.ai	AI integration layer for MethodAtlas providing automated security classification of JUnit test methods.