Skip to content

Releases: codellm-devkit/codeanalyzer-python

v1.0.1

Choose a tag to compare

@github-actions github-actions released this 15 Jul 21:31
16e765a

Install codeanalyzer-python v1.0.1

Shell script (installs the canpy CLI via uv / pipx / pip):

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codellm-devkit/codeanalyzer-python/releases/latest/download/canpy-installer.sh | sh

PyPI:

pip install codeanalyzer-python==1.0.1

For the optional live Neo4j push (--emit neo4j --neo4j-uri ...):

pip install 'codeanalyzer-python[neo4j]==1.0.1'

Download

File Description
codeanalyzer_python-1.0.1-py3-none-any.whl Python wheel
codeanalyzer_python-1.0.1.tar.gz Source distribution
canpy-installer.sh Shell installer (uv / pipx / pip)
schema.json Neo4j schema contract

What's Changed

🛠 Other Changes

  • fix(determinism): byte-identical analysis output for identical runs by @rahlk in #101

Full Changelog: v1.0.0...v1.0.1

v1.0.0

Choose a tag to compare

@github-actions github-actions released this 15 Jul 00:28
d477207

Install codeanalyzer-python v1.0.0

Shell script (installs the canpy CLI via uv / pipx / pip):

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codellm-devkit/codeanalyzer-python/releases/latest/download/canpy-installer.sh | sh

PyPI:

pip install codeanalyzer-python==1.0.0

For the optional live Neo4j push (--emit neo4j --neo4j-uri ...):

pip install 'codeanalyzer-python[neo4j]==1.0.0'

Download

File Description
codeanalyzer_python-1.0.0-py3-none-any.whl Python wheel
codeanalyzer_python-1.0.0.tar.gz Source distribution
canpy-installer.sh Shell installer (uv / pipx / pip)
schema.json Neo4j schema contract

What's Changed

🛠 Other Changes

  • v2 Stage 5: docs, versioning (1.0.0 / schema 2.0.0), hand-off by @rahlk in #88
  • Level-3: native dataflow graphs (CFG/PDG/SDG/CPG) and backward slicing by @rahlk in #68

Full Changelog: v0.3.1...v1.0.0

v0.3.1

Choose a tag to compare

@github-actions github-actions released this 14 Jul 16:36
252de1e

Install codeanalyzer-python v0.3.1

Shell script (installs the canpy CLI via uv / pipx / pip):

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codellm-devkit/codeanalyzer-python/releases/latest/download/canpy-installer.sh | sh

PyPI:

pip install codeanalyzer-python==0.3.1

For the optional live Neo4j push (--emit neo4j --neo4j-uri ...):

pip install 'codeanalyzer-python[neo4j]==0.3.1'

Download

File Description
codeanalyzer_python-0.3.1-py3-none-any.whl Python wheel
codeanalyzer_python-0.3.1.tar.gz Source distribution
canpy-installer.sh Shell installer (uv / pipx / pip)
schema.json Neo4j schema contract

What's Changed

🛠 Other Changes

  • ci(release): auto-open a python-sdk incorporation issue on release by @rahlk in #53
  • ci(release): announce releases in repo and org discussions by @rahlk in #55
  • ci(release): reuse CLDK_AUTH_TOKEN for the python-sdk issue job by @rahlk in #56
  • chore: track repo CLAUDE.md with release-announcement cleanup playbook by @rahlk in #59
  • feat: add canpy --version flag by @rahlk in #63
  • chore: remove tracked .python-version by @rahlk in #64
  • refactor: consolidate neo4j schema into a single place by @georgesafta in #60
  • fix: anchor callee inference at the attribute name, not the call-expression start by @rahlk in #89
  • fix: deliver the stranded #90 relative-project_dir fix to main by @rahlk in #92
  • fix: strip only the terminal .py suffix in path-derived fallback signatures by @rahlk in #96
  • feat: v1 audit remediation — initializers, structured arguments, provenance, import resolution (schema 1.2.0) by @rahlk in #95

New Contributors

Full Changelog: v0.3.0...v0.3.1

v0.3.0

Choose a tag to compare

@github-actions github-actions released this 27 Jun 17:29
4629155

Install codeanalyzer-python v0.3.0

Shell script (installs the canpy CLI via uv / pipx / pip):

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codellm-devkit/codeanalyzer-python/releases/latest/download/canpy-installer.sh | sh

PyPI:

pip install codeanalyzer-python==0.3.0

For the optional live Neo4j push (--emit neo4j --neo4j-uri ...):

pip install 'codeanalyzer-python[neo4j]==0.3.0'

Download

File Description
codeanalyzer_python-0.3.0-py3-none-any.whl Python wheel
codeanalyzer_python-0.3.0.tar.gz Source distribution
canpy-installer.sh Shell installer (uv / pipx / pip)
schema.json Neo4j schema contract

What's Changed

🛠 Other Changes

  • PyCG sharding: Jedi planner + adaptive decomposition of runaways by @rahlk in #49
  • Level 2: replace CodeQL with PyCG, add coupling-aware adaptive sharding by @rahlk in #50
  • Merge pull request #49 from codellm-devkit/feat/jedi-shard-planner by @rahlk in #51
  • fix(venv): use only the vendored uv, drop system-PATH fallback by @rahlk in #52

Full Changelog: v0.2.1...v0.3.0

v0.2.1

Choose a tag to compare

@github-actions github-actions released this 22 Jun 21:29
c02b92d

Install codeanalyzer-python v0.2.1

Shell script (installs the canpy CLI via uv / pipx / pip):

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codellm-devkit/codeanalyzer-python/releases/latest/download/canpy-installer.sh | sh

PyPI:

pip install codeanalyzer-python==0.2.1

For the optional live Neo4j push (--emit neo4j --neo4j-uri ...):

pip install 'codeanalyzer-python[neo4j]==0.2.1'

Download

File Description
codeanalyzer_python-0.2.1-py3-none-any.whl Python wheel
codeanalyzer_python-0.2.1.tar.gz Source distribution
canpy-installer.sh Shell installer (uv / pipx / pip)
schema.json Neo4j schema contract

What's Changed

🚀 Features

  • Analysis venv (uv + Jedi wiring), external_symbols, app-scoped prune, --no-venv (#44 #45 #46 #47) by @rahlk in #48

Full Changelog: v0.2.0...v0.2.1

v0.2.0

Choose a tag to compare

@github-actions github-actions released this 20 Jun 19:57
73e62a0

Install codeanalyzer-python v0.2.0

Shell script (installs the canpy CLI via uv / pipx / pip):

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codellm-devkit/codeanalyzer-python/releases/latest/download/canpy-installer.sh | sh

PyPI:

pip install codeanalyzer-python==0.2.0

For the optional live Neo4j push (--emit neo4j --neo4j-uri ...):

pip install 'codeanalyzer-python[neo4j]==0.2.0'

Download

File Description
codeanalyzer_python-0.2.0-py3-none-any.whl Python wheel
codeanalyzer_python-0.2.0.tar.gz Source distribution
canpy-installer.sh Shell installer (uv / pipx / pip)
schema.json Neo4j schema contract

What's Changed

🚀 Features

  • feature/neo4j: property-graph output with Py/PY_-namespaced schema; rename CLI to canpy by @rahlk in #33

🛠 Other Changes

  • Fix CodeQL call-graph edges dropped on (file, start_line) join miss (#25) by @rahlk in #26

New contributors and full diff: https://github.com/codellm-devkit/codeanalyzer-python/releases/tag/v0.2.0

v0.1.14

Choose a tag to compare

@github-actions github-actions released this 13 May 23:58
787daa3

Release Notes (from CHANGELOG.md)

Added

  • Call graph in analysis output: PyApplication.call_graph: List[PyCallEdge]. Every run now produces a call graph in addition to the symbol table. Edges carry source, target (both PyCallable.signature), weight, and provenance (jedi / codeql / joern).
  • call_graph module (codeanalyzer.semantic_analysis.call_graph) with to_digraph / from_digraph networkx adapters, jedi_call_graph_edges, and merge_edges. Endpoints absent from the symbol table become ghost nodes so RPC / third-party / framework edges are preserved.
  • CodeQL Python query rewritten against the CodeQL Python library (was Java idioms before). Resolves direct calls and constructor calls via ClassValue.lookup("__init__"), using the modern Value.getACall() predicate (CodeQL Python 7.x).
  • augment_call_sites: when --codeql is enabled, CodeQL backfills PyCallsite.callee_signature entries Jedi left unresolved.
  • resolve_unresolved_constructors: heuristic fallback that walks the symbol table by class short-name and scope to fill in constructor sites neither Jedi nor CodeQL resolved (common for classes nested inside functions/methods). Synthesizes <class>.__init__ signatures.
  • iter_classes_in_symbol_table: full recursive walker over classes — including inner classes, classes nested in functions, and classes nested in class methods.

Changed

  • BREAKING: Removed --analysis-level / analysis_level. The call graph is built unconditionally; use --codeql/--no-codeql to control CodeQL participation. Jedi-derived edges are always available.
  • Jedi constructor calls now resolve to <class>.__init__ (was: bare <class>). When script.infer() returns a class, the qualified name is rewritten to point at the constructor — matching where method PyCallables actually live in the symbol table. PyCallsite.is_constructor_call now reflects Jedi's type inference (was: method_name == "__init__", only true for explicit obj.__init__() calls).
  • _call_sites scope correctness: replaced naive ast.walk with _iter_calls_in_scope, which stops at nested FunctionDef / AsyncFunctionDef / ClassDef bodies (those have their own PyCallable.call_sites). Decorators, default arguments, return annotations, base classes and class keyword args are still walked since they execute in the enclosing scope. Previously, outer functions over-attributed every call from every nested definition.
  • CodeQL CLI binary is now downloaded into <cache_dir>/codeql/bin/ (per-project, respecting --cache-dir) and discovered before any CodeQL operation — including when the database cache is reused. The downloaded archive is removed after extraction.
  • CodeQLQueryRunner now accepts the resolved binary path instead of relying on PATH. The temporary .ql file is written inside a per-project qlpack (<cache_dir>/codeql/qlpack/) whose codeql/python-all dependency is resolved once via codeql pack install, eliminating the lockfile / search-path gymnastics.

Fixed

  • zipfile extraction dropped Unix permissions on the CodeQL CLI launcher, causing PermissionError on first query run. Entries are now extracted with their stored external_attr mode applied, plus a defensive chmod +x on the resolved binary.
  • rglob("codeql") matched the bundled codeql/codeql/ directory before the launcher file, returning a directory instead of an executable. Both CodeQLLoader and _ensure_codeql_bin now filter to is_file().
  • CodeQLQueryRunner crashed on subprocess errors with 'NoneType' object has no attribute 'stderr' because stderr=None returns None from communicate(). Now captures stderr=PIPE and decodes bytes safely.

Detailed Changes (auto-generated)

🚀 Features

  • Release 0.1.14: call graph + CodeQL integration

v0.1.13

Choose a tag to compare

@github-actions github-actions released this 22 Jul 21:53
v0.1.13
a1a3ca0

Release Notes (from CHANGELOG.md)

Improved

  • CLI Help Documentation: Comprehensive help text added for all command-line options
    • Added descriptive help messages for all CLI parameters including --output, --format, --analysis-level, etc.
    • Enhanced user experience with clear option descriptions in --help output
    • Improved CLI parameter organization using Annotated type hints for better maintainability
    • Added case-insensitive support for --format option
    • Updated verbosity option help to clearly indicate multiple usage (-v, -vv, -vvv)

Technical Details

  • Refactored CLI function signature to use consistent Annotated type hint pattern
  • Added comprehensive help text for all 12 command-line options
  • Improved code organization and type safety in CLI parameter definitions

Detailed Changes (auto-generated)

v0.1.12

Choose a tag to compare

@github-actions github-actions released this 21 Jul 19:40
v0.1.12
133baa8

Release Notes (from CHANGELOG.md)

Changed

  • BREAKING CHANGE: Refactored Codeanalyzer constructor to use AnalysisOptions dataclass in response to #12
    • Replaced multiple individual parameters with single AnalysisOptions object for cleaner API
    • Improved type safety and configuration management through centralized options structure
    • Enhanced maintainability and extensibility for future configuration additions
    • Updated CLI integration to create and pass AnalysisOptions instance
    • Maintained backward compatibility in terms of functionality while improving code architecture

Added

  • New AnalysisOptions dataclass in codeanalyzer.options module in response to #12
    • Centralized configuration structure with all analysis parameters
    • Type-safe configuration with proper defaults and validation
    • Support for OutputFormat enum integration
    • Clean separation between CLI and library configuration handling

Technical Details

  • Added new codeanalyzer.options package with AnalysisOptions dataclass
  • Updated Codeanalyzer.__init__() to accept single options parameter instead of 9 individual parameters
  • Modified CLI handler in __main__.py to create AnalysisOptions instance from command line arguments
  • Improved code organization and maintainability for configuration management
  • Enhanced API design following best practices for parameter object patterns

Detailed Changes (auto-generated)

v0.1.11

Choose a tag to compare

@github-actions github-actions released this 21 Jul 19:07
v0.1.11
09185c0

Release Notes (from CHANGELOG.md)

Fixed

  • CRITICAL: Fixed NumPy build failure on Python 3.12+ (addresses #19)
    • Updated NumPy dependency constraints to handle Python 3.12+ compatibility
    • Split NumPy version constraints into three tiers:
      • numpy>=1.21.0,<1.24.0 for Python < 3.11
      • numpy>=1.24.0,<2.0.0 for Python 3.11.x
      • numpy>=1.26.0,<2.0.0 for Python 3.12+ (requires NumPy 1.26+ which supports Python 3.12)
    • Resolves ModuleNotFoundError: No module named 'distutils' errors on Python 3.12+
    • Ensures compatibility with Python 3.12 which removed distutils from the standard library
  • Fixed Pydantic v1/v2 compatibility issues in JSON serialization throughout codebase
    • Added comprehensive Pydantic version detection and compatibility layer
    • Introduced model_dump_json() and model_validate_json() helper functions for cross-version compatibility
    • Fixed PyApplication.parse_raw() deprecated method usage (replaced with model_validate_json())
    • Updated CLI output methods to use compatible serialization functions
    • Resolved forward reference updates only for Pydantic v1 (v2 handles these automatically)

Changed

  • Enhanced Pydantic compatibility infrastructure in schema module
    • Added runtime Pydantic version detection using importlib.metadata
    • Created compatibility abstraction layer for JSON serialization/deserialization
    • Improved forward reference resolution logic to work with both Pydantic v1 and v2
    • Updated all JSON serialization calls to use new compatibility functions
    • Better error handling for missing Pydantic dependency

Technical Details

  • Added packaging dependency for robust version comparison
  • Enhanced schema module with runtime version detection and compatibility helpers
  • Updated core analysis caching system to use compatible Pydantic JSON methods
  • Improved CLI output formatting with cross-version Pydantic support

Detailed Changes (auto-generated)

🐛 Fixes