codeanalyzer-python 0.1.12__tar.gz → 0.1.14__tar.gz

{codeanalyzer_python-0.1.12 → codeanalyzer_python-0.1.14}/.gitignore

@@ -176,6 +176,7 @@ cython_debug/
 # Project-specific files
 .codeanalyzer
 .vscode/
+analysis.json
 
 # UV
 uv.lock

{codeanalyzer_python-0.1.12 → codeanalyzer_python-0.1.14}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codeanalyzer-python
-Version: 0.1.12
+Version: 0.1.14
 Summary: Static Analysis on Python source code using Jedi, CodeQL and Treesitter.
 Author-email: Rahul Krishna <i.m.ralk@gmail.com>
 License-File: LICENSE
@@ -110,16 +110,15 @@ To view the available options and commands, run `codeanalyzer --help`. You shoul
 
 
 ╭─ Options ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
-│ *  --input           -i                  PATH            Path to the project root directory. [default: None] [required]   │
-│    --output          -o                  PATH            Output directory for artifacts. [default: None]                  │
-│    --format          -f                  [json|msgpack]  Output format: json or msgpack. [default: json]                  │
-│    --analysis-level  -a                  INTEGER         1: symbol table, 2: call graph. [default: 1]                     │
-│    --codeql              --no-codeql                     Enable CodeQL-based analysis. [default: no-codeql]               │
-│    --eager               --lazy                          Enable eager or lazy analysis. Defaults to lazy. [default: lazy] │
-│    --cache-dir       -c                  PATH            Directory to store analysis cache. [default: None]               │
-│    --clear-cache         --keep-cache                    Clear cache after analysis. [default: clear-cache]               │
-│                      -v                  INTEGER         Increase verbosity: -v, -vv, -vvv [default: 0]                   │
-│    --help                                                Show this message and exit.                                      │
+│ *  --input           -i                  PATH            Path to the project root directory. [default: None] [required]     │
+│    --output          -o                  PATH            Output directory for artifacts. [default: None]                    │
+│    --format          -f                  [json|msgpack]  Output format: json or msgpack. [default: json]                    │
+│    --codeql              --no-codeql                     Enable CodeQL-based analysis. [default: no-codeql]                 │
+│    --eager               --lazy                          Enable eager or lazy analysis. Defaults to lazy. [default: lazy]   │
+│    --cache-dir       -c                  PATH            Directory to store analysis cache. [default: None]                 │
+│    --clear-cache         --keep-cache                    Clear cache after analysis. [default: clear-cache]                 │
+│                      -v                  INTEGER         Increase verbosity: -v, -vv, -vvv [default: 0]                     │
+│    --help                                                Show this message and exit.                                        │
 ╰─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
 ```
 
@@ -145,25 +144,15 @@ To view the available options and commands, run `codeanalyzer --help`. You shoul
 
    This will save the analysis results in `analysis.msgpack` in the specified directory.
 
-3. **Toggle analysis levels with `--analysis-level`:**
-   ```bash
-   codeanalyzer --input ./my-python-project --analysis-level 1 # Symbol table only
-   ```
-   Call graph analysis can be enabled by setting the level to `2`:
-   ```bash
-   codeanalyzer --input ./my-python-project --analysis-level 2 # Symbol table + Call graph
-   ```
-   ***Note: The `--analysis-level=2` is not yet implemented in this version.***
-
-4. **Analysis with CodeQL enabled:**
+3. **Analysis with CodeQL enabled:**
    ```bash
    codeanalyzer --input ./my-python-project --codeql
    ```
-    This will perform CodeQL-based analysis in addition to the standard symbol table generation.
+   Every run produces a symbol table **and** a call graph. By default, edges come from Jedi's lexical analysis. Adding `--codeql` resolves additional edges (including RPC / third-party / dynamically-dispatched targets) and merges them with the Jedi-derived edges. CodeQL also backfills resolved callees on Jedi-emitted call sites where Jedi couldn't resolve them.
 
-    ***Note: Not yet fully implemented. Please refrain from using this option until further notice.***
+    ***Note: CodeQL integration is experimental. The CLI is downloaded into `<cache_dir>/codeql/` on first use and reused thereafter.***
 
-5. **Eager analysis with custom cache directory:**
+4. **Eager analysis with custom cache directory:**
    ```bash
    codeanalyzer --input ./my-python-project --eager --cache-dir /path/to/custom-cache
    ```
@@ -171,7 +160,7 @@ To view the available options and commands, run `codeanalyzer --help`. You shoul
 
     If you provide --cache-dir, the cache will be stored in that directory. If not specified, it defaults to `.codeanalyzer` in the current working directory (`$PWD`).
 
-6. **Quiet mode (minimal output):**
+5. **Quiet mode (minimal output):**
    ```bash
    codeanalyzer --input /path/to/my-python-project --quiet
    ```
@@ -269,7 +258,6 @@ To view the available options and commands, run `codeanalyzer --help`. You shoul
 │ *  --input           -i                  PATH     Path to the project root directory. [default: None] [required]   │
 │    --output          -o                  PATH     Output directory for artifacts. [default: None]                  │
 │    --format          -f           [json|msgpack]  Output format: json or msgpack. [default: json].                 │
-│    --analysis-level  -a                  INTEGER  1: symbol table, 2: call graph. [default: 1]                     │
 │    --codeql              --no-codeql              Enable CodeQL-based analysis. [default: no-codeql]               │
 │    --eager               --lazy                   Enable eager or lazy analysis. Defaults to lazy. [default: lazy] │
 │    --cache-dir       -c                  PATH     Directory to store analysis cache. [default: None]               │
@@ -294,25 +282,15 @@ To view the available options and commands, run `codeanalyzer --help`. You shoul
 
    Now, you can find the analysis results in `analysis.json` in the specified directory.
 
-2. **Toggle analysis levels with `--analysis-level`:**
-   ```bash
-   codeanalyzer --input ./my-python-project --analysis-level 1 # Symbol table only
-   ```
-   Call graph analysis can be enabled by setting the level to `2`:
-   ```bash
-   codeanalyzer --input ./my-python-project --analysis-level 2 # Symbol table + Call graph
-   ```
-   ***Note: The `--analysis-level=2` is not yet implemented in this version.***
-
-3. **Analysis with CodeQL enabled:**
+2. **Analysis with CodeQL enabled:**
    ```bash
    codeanalyzer --input ./my-python-project --codeql
    ```
-    This will perform CodeQL-based analysis in addition to the standard symbol table generation.
+   Every run produces a symbol table **and** a call graph. By default, edges come from Jedi's lexical analysis. Adding `--codeql` resolves additional edges (including RPC / third-party / dynamically-dispatched targets) and merges them with the Jedi-derived edges. CodeQL also backfills resolved callees on Jedi-emitted call sites where Jedi couldn't resolve them.
 
-    ***Note: Not yet fully implemented. Please refrain from using this option until further notice.***
+   ***Note: CodeQL integration is experimental. The CLI is downloaded into `<cache_dir>/codeql/` on first use and reused thereafter.***
 
-4. **Eager analysis with custom cache directory:**
+3. **Eager analysis with custom cache directory:**
    ```bash
    codeanalyzer --input ./my-python-project --eager --cache-dir /path/to/custom-cache
    ```
@@ -320,7 +298,7 @@ To view the available options and commands, run `codeanalyzer --help`. You shoul
 
     If you provide --cache-dir, the cache will be stored in that directory. If not specified, it defaults to `.codeanalyzer` in the current working directory (`$PWD`).
 
-5. **Save output in msgpack format:**
+4. **Save output in msgpack format:**
    ```bash
    codeanalyzer --input ./my-python-project --output /path/to/analysis-results --format msgpack
    ```

{codeanalyzer_python-0.1.12 → codeanalyzer_python-0.1.14}/README.md

@@ -77,16 +77,15 @@ To view the available options and commands, run `codeanalyzer --help`. You shoul
 
 
 ╭─ Options ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
-│ *  --input           -i                  PATH            Path to the project root directory. [default: None] [required]   │
-│    --output          -o                  PATH            Output directory for artifacts. [default: None]                  │
-│    --format          -f                  [json|msgpack]  Output format: json or msgpack. [default: json]                  │
-│    --analysis-level  -a                  INTEGER         1: symbol table, 2: call graph. [default: 1]                     │
-│    --codeql              --no-codeql                     Enable CodeQL-based analysis. [default: no-codeql]               │
-│    --eager               --lazy                          Enable eager or lazy analysis. Defaults to lazy. [default: lazy] │
-│    --cache-dir       -c                  PATH            Directory to store analysis cache. [default: None]               │
-│    --clear-cache         --keep-cache                    Clear cache after analysis. [default: clear-cache]               │
-│                      -v                  INTEGER         Increase verbosity: -v, -vv, -vvv [default: 0]                   │
-│    --help                                                Show this message and exit.                                      │
+│ *  --input           -i                  PATH            Path to the project root directory. [default: None] [required]     │
+│    --output          -o                  PATH            Output directory for artifacts. [default: None]                    │
+│    --format          -f                  [json|msgpack]  Output format: json or msgpack. [default: json]                    │
+│    --codeql              --no-codeql                     Enable CodeQL-based analysis. [default: no-codeql]                 │
+│    --eager               --lazy                          Enable eager or lazy analysis. Defaults to lazy. [default: lazy]   │
+│    --cache-dir       -c                  PATH            Directory to store analysis cache. [default: None]                 │
+│    --clear-cache         --keep-cache                    Clear cache after analysis. [default: clear-cache]                 │
+│                      -v                  INTEGER         Increase verbosity: -v, -vv, -vvv [default: 0]                     │
+│    --help                                                Show this message and exit.                                        │
 ╰─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
 ```
 
@@ -112,25 +111,15 @@ To view the available options and commands, run `codeanalyzer --help`. You shoul
 
    This will save the analysis results in `analysis.msgpack` in the specified directory.
 
-3. **Toggle analysis levels with `--analysis-level`:**
-   ```bash
-   codeanalyzer --input ./my-python-project --analysis-level 1 # Symbol table only
-   ```
-   Call graph analysis can be enabled by setting the level to `2`:
-   ```bash
-   codeanalyzer --input ./my-python-project --analysis-level 2 # Symbol table + Call graph
-   ```
-   ***Note: The `--analysis-level=2` is not yet implemented in this version.***
-
-4. **Analysis with CodeQL enabled:**
+3. **Analysis with CodeQL enabled:**
    ```bash
    codeanalyzer --input ./my-python-project --codeql
    ```
-    This will perform CodeQL-based analysis in addition to the standard symbol table generation.
+   Every run produces a symbol table **and** a call graph. By default, edges come from Jedi's lexical analysis. Adding `--codeql` resolves additional edges (including RPC / third-party / dynamically-dispatched targets) and merges them with the Jedi-derived edges. CodeQL also backfills resolved callees on Jedi-emitted call sites where Jedi couldn't resolve them.
 
-    ***Note: Not yet fully implemented. Please refrain from using this option until further notice.***
+    ***Note: CodeQL integration is experimental. The CLI is downloaded into `<cache_dir>/codeql/` on first use and reused thereafter.***
 
-5. **Eager analysis with custom cache directory:**
+4. **Eager analysis with custom cache directory:**
    ```bash
    codeanalyzer --input ./my-python-project --eager --cache-dir /path/to/custom-cache
    ```
@@ -138,7 +127,7 @@ To view the available options and commands, run `codeanalyzer --help`. You shoul
 
     If you provide --cache-dir, the cache will be stored in that directory. If not specified, it defaults to `.codeanalyzer` in the current working directory (`$PWD`).
 
-6. **Quiet mode (minimal output):**
+5. **Quiet mode (minimal output):**
    ```bash
    codeanalyzer --input /path/to/my-python-project --quiet
    ```
@@ -236,7 +225,6 @@ To view the available options and commands, run `codeanalyzer --help`. You shoul
 │ *  --input           -i                  PATH     Path to the project root directory. [default: None] [required]   │
 │    --output          -o                  PATH     Output directory for artifacts. [default: None]                  │
 │    --format          -f           [json|msgpack]  Output format: json or msgpack. [default: json].                 │
-│    --analysis-level  -a                  INTEGER  1: symbol table, 2: call graph. [default: 1]                     │
 │    --codeql              --no-codeql              Enable CodeQL-based analysis. [default: no-codeql]               │
 │    --eager               --lazy                   Enable eager or lazy analysis. Defaults to lazy. [default: lazy] │
 │    --cache-dir       -c                  PATH     Directory to store analysis cache. [default: None]               │
@@ -261,25 +249,15 @@ To view the available options and commands, run `codeanalyzer --help`. You shoul
 
    Now, you can find the analysis results in `analysis.json` in the specified directory.
 
-2. **Toggle analysis levels with `--analysis-level`:**
-   ```bash
-   codeanalyzer --input ./my-python-project --analysis-level 1 # Symbol table only
-   ```
-   Call graph analysis can be enabled by setting the level to `2`:
-   ```bash
-   codeanalyzer --input ./my-python-project --analysis-level 2 # Symbol table + Call graph
-   ```
-   ***Note: The `--analysis-level=2` is not yet implemented in this version.***
-
-3. **Analysis with CodeQL enabled:**
+2. **Analysis with CodeQL enabled:**
    ```bash
    codeanalyzer --input ./my-python-project --codeql
    ```
-    This will perform CodeQL-based analysis in addition to the standard symbol table generation.
+   Every run produces a symbol table **and** a call graph. By default, edges come from Jedi's lexical analysis. Adding `--codeql` resolves additional edges (including RPC / third-party / dynamically-dispatched targets) and merges them with the Jedi-derived edges. CodeQL also backfills resolved callees on Jedi-emitted call sites where Jedi couldn't resolve them.
 
-    ***Note: Not yet fully implemented. Please refrain from using this option until further notice.***
+   ***Note: CodeQL integration is experimental. The CLI is downloaded into `<cache_dir>/codeql/` on first use and reused thereafter.***
 
-4. **Eager analysis with custom cache directory:**
+3. **Eager analysis with custom cache directory:**
    ```bash
    codeanalyzer --input ./my-python-project --eager --cache-dir /path/to/custom-cache
    ```
@@ -287,7 +265,7 @@ To view the available options and commands, run `codeanalyzer --help`. You shoul
 
     If you provide --cache-dir, the cache will be stored in that directory. If not specified, it defaults to `.codeanalyzer` in the current working directory (`$PWD`).
 
-5. **Save output in msgpack format:**
+4. **Save output in msgpack format:**
    ```bash
    codeanalyzer --input ./my-python-project --output /path/to/analysis-results --format msgpack
    ```

{codeanalyzer_python-0.1.12 → codeanalyzer_python-0.1.14}/codeanalyzer/__main__.py

@@ -9,25 +9,75 @@ from codeanalyzer.config import OutputFormat
 from codeanalyzer.schema import model_dump_json
 from codeanalyzer.options import AnalysisOptions
 
+
 def main(
-    input: Annotated[Path, typer.Option("-i", "--input", help="Path to the project root directory.")],
-    output: Optional[Path] = typer.Option(None, "-o", "--output"),
-    format: OutputFormat = typer.Option(OutputFormat.JSON, "-f", "--format"),
-    analysis_level: int = typer.Option(1, "-a", "--analysis-level"),
-    using_codeql: bool = typer.Option(False, "--codeql/--no-codeql"),
-    using_ray: bool = typer.Option(False, "--ray/--no-ray"),
-    rebuild_analysis: bool = typer.Option(False, "--eager/--lazy"),
-    skip_tests: bool = typer.Option(True, "--skip-tests/--include-tests"),
-    file_name: Optional[Path] = typer.Option(None, "--file-name"),
-    cache_dir: Optional[Path] = typer.Option(None, "-c", "--cache-dir"),
-    clear_cache: bool = typer.Option(False, "--clear-cache/--keep-cache"),
-    verbosity: int = typer.Option(0, "-v", count=True),
+    input: Annotated[
+        Path, typer.Option("-i", "--input", help="Path to the project root directory.")
+    ],
+    output: Annotated[
+        Optional[Path],
+        typer.Option("-o", "--output", help="Output directory for artifacts."),
+    ] = None,
+    format: Annotated[
+        OutputFormat,
+        typer.Option(
+            "-f",
+            "--format",
+            help="Output format: json or msgpack.",
+            case_sensitive=False,
+        ),
+    ] = OutputFormat.JSON,
+    using_codeql: Annotated[
+        bool, typer.Option("--codeql/--no-codeql", help="Enable CodeQL-based analysis.")
+    ] = False,
+    using_ray: Annotated[
+        bool,
+        typer.Option("--ray/--no-ray", help="Enable Ray for distributed analysis."),
+    ] = False,
+    rebuild_analysis: Annotated[
+        bool,
+        typer.Option(
+            "--eager/--lazy",
+            help="Enable eager or lazy analysis. Defaults to lazy.",
+        ),
+    ] = False,
+    skip_tests: Annotated[
+        bool,
+        typer.Option(
+            "--skip-tests/--include-tests",
+            help="Skip test files in analysis.",
+        ),
+    ] = True,
+    file_name: Annotated[
+        Optional[Path],
+        typer.Option(
+            "--file-name",
+            help="Analyze only the specified file (relative to input directory).",
+        ),
+    ] = None,
+    cache_dir: Annotated[
+        Optional[Path],
+        typer.Option(
+            "-c",
+            "--cache-dir",
+            help="Directory to store analysis cache. Defaults to '.codeanalyzer' in the input directory.",
+        ),
+    ] = None,
+    clear_cache: Annotated[
+        bool,
+        typer.Option(
+            "--clear-cache/--keep-cache",
+            help="Clear cache after analysis. By default, cache is retained.",
+        ),
+    ] = False,
+    verbosity: Annotated[
+        int, typer.Option("-v", count=True, help="Increase verbosity: -v, -vv, -vvv")
+    ] = 0,
 ):
     options = AnalysisOptions(
         input=input,
         output=output,
         format=format,
-        analysis_level=analysis_level,
         using_codeql=using_codeql,
         using_ray=using_ray,
         rebuild_analysis=rebuild_analysis,
@@ -46,13 +96,17 @@ def main(
     if options.file_name is not None:
         full_file_path = options.input / options.file_name
         if not full_file_path.exists():
-            logger.error(f"Specified file '{options.file_name}' does not exist in '{options.input}'.")
+            logger.error(
+                f"Specified file '{options.file_name}' does not exist in '{options.input}'."
+            )
             raise typer.Exit(code=1)
         if not full_file_path.is_file():
             logger.error(f"Specified path '{options.file_name}' is not a file.")
             raise typer.Exit(code=1)
-        if not str(options.file_name).endswith('.py'):
-            logger.error(f"Specified file '{options.file_name}' is not a Python file (.py).")
+        if not str(options.file_name).endswith(".py"):
+            logger.error(
+                f"Specified file '{options.file_name}' is not a Python file (.py)."
+            )
             raise typer.Exit(code=1)
 
     with Codeanalyzer(options) as analyzer:
@@ -85,6 +139,7 @@ def _write_output(artifacts, output_dir: Path, format: OutputFormat):
             f"Compression ratio: {artifacts.get_compression_ratio():.1%} of JSON size"
         )
 
+
 app = typer.Typer(
     callback=main,
     name="codeanalyzer",

{codeanalyzer_python-0.1.12 → codeanalyzer_python-0.1.14}/codeanalyzer/core.py

@@ -9,7 +9,14 @@ from typing import Any, Dict, Optional, Union, List
 import ray
 from codeanalyzer.utils import logger
 from codeanalyzer.schema import PyApplication, PyModule, model_dump_json, model_validate_json
+from codeanalyzer.schema.py_schema import PyCallEdge
+from codeanalyzer.semantic_analysis.call_graph import (
+    jedi_call_graph_edges,
+    merge_edges,
+    resolve_unresolved_constructors,
+)
 from codeanalyzer.semantic_analysis.codeql import CodeQLLoader
+from codeanalyzer.semantic_analysis.codeql.codeql_analysis import CodeQL
 from codeanalyzer.semantic_analysis.codeql.codeql_exceptions import CodeQLExceptions
 from codeanalyzer.syntactic_analysis.exceptions import SymbolTableBuilderRayError
 from codeanalyzer.syntactic_analysis.symbol_table_builder import SymbolTableBuilder
@@ -49,7 +56,6 @@ class Codeanalyzer:
 
     def __init__(self, options: AnalysisOptions) -> None:
         self.options = options
-        self.analysis_depth = options.analysis_level
         self.project_dir = Path(options.input).resolve()
         self.skip_tests = options.skip_tests
         self.using_codeql = options.using_codeql
@@ -60,6 +66,7 @@ class Codeanalyzer:
         self.clear_cache = options.clear_cache
         self.db_path: Optional[Path] = None
         self.codeql_bin: Optional[Path] = None
+        self.codeql_packs_dir: Optional[Path] = None
         self.virtualenv: Optional[Path] = None
         self.using_ray: bool = options.using_ray
         self.file_name: Optional[Path] = options.file_name
@@ -292,6 +299,15 @@ class Codeanalyzer:
 
         if self.using_codeql:
             logger.info(f"(Re-)initializing CodeQL analysis for {self.project_dir}")
+
+            # Resolve the CLI binary before anything else uses it: DB build
+            # below needs it, and so does every subsequent query run.
+            self.codeql_bin = self._ensure_codeql_bin()
+            # Download the standard query library pack (idempotent). The
+            # CLI install ships only the language extractors; the
+            # ``codeql/python-all`` library pack must be fetched separately.
+            self.codeql_packs_dir = self._ensure_codeql_packs(self.codeql_bin)
+
             cache_root = self.cache_dir / "codeql"
             cache_root.mkdir(parents=True, exist_ok=True)
             self.db_path = cache_root / f"{self.project_dir.name}-db"
@@ -310,19 +326,6 @@ class Codeanalyzer:
             if self.rebuild_analysis or not is_cache_valid():
                 logger.info("Creating new CodeQL database...")
 
-                codeql_in_path = shutil.which("codeql")
-                if codeql_in_path:
-                    self.codeql_bin = Path(codeql_in_path)
-                else:
-                    self.codeql_bin = CodeQLLoader.download_and_extract_codeql(
-                        self.cache_dir / "codeql" / "bin"
-                    )
-
-                if not shutil.which(str(self.codeql_bin)):
-                    raise FileNotFoundError(
-                        f"CodeQL binary not executable: {self.codeql_bin}"
-                    )
-
                 cmd = [
                     str(self.codeql_bin),
                     "database",
@@ -375,8 +378,27 @@ class Codeanalyzer:
         # Build symbol table from cached application if available (if no available, the build a new one)
         symbol_table = self._build_symbol_table(cached_pyapplication.symbol_table if cached_pyapplication else {})
 
+        # Build the call graph in four steps:
+        #   1. Run CodeQL (when enabled). Produces resolved edges with
+        #      ``provenance=["codeql"]`` and augments ``PyCallsite``s
+        #      in-place — filling ``callee_signature`` for sites Jedi
+        #      couldn't resolve.
+        #   2. Heuristic fallback for constructor calls neither Jedi nor
+        #      CodeQL could resolve (commonly classes nested inside
+        #      functions). Walks the symbol table by class short-name +
+        #      scope and writes ``<class>.__init__`` into the site.
+        #   3. Derive Jedi edges from the now-fully-augmented symbol
+        #      table — these reflect every resolution the symbol table
+        #      contains, regardless of which pass put it there.
+        #   4. Merge with CodeQL edges; provenance unions for edges both
+        #      backends saw.
+        codeql_edges = self._get_call_graph(symbol_table, augment_sites=True)
+        resolve_unresolved_constructors(symbol_table)
+        jedi_edges = jedi_call_graph_edges(symbol_table)
+        call_graph = merge_edges(jedi_edges, codeql_edges)
+
         # Recreate pyapplication
-        app = PyApplication.builder().symbol_table(symbol_table).build()
+        app = PyApplication.builder().symbol_table(symbol_table).call_graph(call_graph).build()
         
         # Save to cache
         self._save_analysis_cache(app, cache_file)
@@ -579,7 +601,120 @@ class Codeanalyzer:
         logger.info("✅ Symbol table generation complete.")
         return symbol_table
 
-    def _get_call_graph(self) -> Dict[str, Any]:
-        """Retrieve call graph from CodeQL database."""
-        logger.warning("Call graph extraction not yet implemented.")
-        return {}
+    def _ensure_codeql_packs(self, codeql_bin: Path) -> Path:
+        """Materialize a qlpack that depends on ``codeql/python-all``.
+
+        The CodeQL CLI install ships only the language extractors — query
+        library packs (and their transitive dependencies like
+        ``codeql/concepts``) must be resolved separately. The canonical
+        way is to declare the dependency in a ``qlpack.yml`` and run
+        ``codeql pack install`` in that directory; CodeQL writes a
+        ``codeql-pack.lock.yml`` and downloads everything needed.
+
+        We do this once per project under ``<cache_dir>/codeql/qlpack/``
+        and return that directory. The query runner then writes its
+        temporary ``.ql`` file inside this pack — colocation makes
+        ``import python`` resolve without any ``--additional-packs`` or
+        ``--search-path`` gymnastics.
+        """
+        pack_dir = self.cache_dir / "codeql" / "qlpack"
+        pack_dir.mkdir(parents=True, exist_ok=True)
+        qlpack_yml = pack_dir / "qlpack.yml"
+        lock_file = pack_dir / "codeql-pack.lock.yml"
+
+        if not qlpack_yml.exists():
+            qlpack_yml.write_text(
+                "name: codeanalyzer-deps\n"
+                "version: 1.0.0\n"
+                "dependencies:\n"
+                '  codeql/python-all: "*"\n'
+            )
+
+        if lock_file.exists():
+            logger.debug(f"CodeQL pack dependencies already installed in {pack_dir}")
+            return pack_dir
+
+        logger.info(f"Installing CodeQL pack dependencies in {pack_dir}.")
+        proc = subprocess.Popen(
+            [str(codeql_bin), "pack", "install", str(pack_dir)],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+        )
+        _, err = proc.communicate()
+        if proc.returncode != 0:
+            raise CodeQLExceptions.CodeQLDatabaseBuildException(
+                f"Failed to install CodeQL pack dependencies:\n"
+                f"{(err or b'').decode(errors='replace')}"
+            )
+        return pack_dir
+
+    def _ensure_codeql_bin(self) -> Path:
+        """Locate (or download) the CodeQL CLI binary into the project cache.
+
+        Resolution order:
+          1. An existing binary inside ``<cache_dir>/codeql/bin/`` —
+             reused across runs on the same project.
+          2. ``codeql`` already on the user's PATH — picked up verbatim.
+          3. Otherwise, download into ``<cache_dir>/codeql/bin/``.
+
+        The project-local cache is preferred over PATH so the version we
+        installed earlier wins over whatever the OS ships — keeps behavior
+        deterministic when the user has both.
+        """
+        bin_root = self.cache_dir / "codeql" / "bin"
+        bin_root.mkdir(parents=True, exist_ok=True)
+
+        existing = next(
+            (p for p in bin_root.rglob("codeql") if p.is_file()),
+            None,
+        )
+        if existing and os.access(existing, os.X_OK):
+            logger.debug(f"Reusing cached CodeQL CLI at {existing}")
+            return existing.resolve()
+
+        on_path = shutil.which("codeql")
+        if on_path:
+            logger.debug(f"Using CodeQL CLI from PATH at {on_path}")
+            return Path(on_path)
+
+        logger.info(f"CodeQL CLI not found; downloading into {bin_root}.")
+        downloaded = CodeQLLoader.download_and_extract_codeql(bin_root)
+        if not downloaded.exists() or not os.access(downloaded, os.X_OK):
+            raise FileNotFoundError(
+                f"CodeQL binary not executable after download: {downloaded}"
+            )
+        return downloaded
+
+    def _get_call_graph(
+        self,
+        symbol_table: Dict[str, PyModule],
+        augment_sites: bool = False,
+    ) -> List[PyCallEdge]:
+        """Build CodeQL-resolved call edges and optionally augment sites.
+
+        Returns an empty list when CodeQL isn't enabled or the database
+        isn't available. Edges carry ``provenance=["codeql"]`` — merge
+        with Jedi-derived edges via ``call_graph.merge_edges``.
+
+        When ``augment_sites`` is True, also mutates
+        ``PyCallable.call_sites`` in the symbol table to backfill
+        ``callee_signature`` for sites Jedi couldn't resolve. The single
+        CodeQL query is shared (cached on the ``CodeQL`` instance) so
+        this costs no extra DB work.
+        """
+        if not self.using_codeql or self.db_path is None:
+            return []
+        try:
+            cq = CodeQL(
+                self.project_dir,
+                self.db_path,
+                codeql_bin=self.codeql_bin,
+                codeql_packs_dir=self.codeql_packs_dir,
+            )
+            edges = cq.build_call_graph_edges(symbol_table)
+            if augment_sites:
+                cq.augment_call_sites(symbol_table)
+            return edges
+        except Exception as exc:
+            logger.warning(f"CodeQL call-graph extraction failed: {exc}")
+            return []

{codeanalyzer_python-0.1.12 → codeanalyzer_python-0.1.14}/codeanalyzer/options/options.py

@@ -14,7 +14,6 @@ class AnalysisOptions:
     input: Path
     output: Optional[Path] = None
     format: OutputFormat = OutputFormat.JSON
-    analysis_level: int = 1
     using_codeql: bool = False
     using_ray: bool = False
     rebuild_analysis: bool = False

{codeanalyzer_python-0.1.12 → codeanalyzer_python-0.1.14}/codeanalyzer/schema/py_schema.py

@@ -339,9 +339,29 @@ class PyModule(BaseModel):
     file_size: Optional[int] = None
 
 
+@builder
+@msgpk
+class PyCallEdge(BaseModel):
+    """Identity-only call-graph edge with weight.
+
+    Mirrors Java's ``CallDependency``. ``source`` and ``target`` are
+    ``PyCallable.signature`` strings — nodes of the graph are the existing
+    ``PyCallable`` entries in the symbol table, not a separate vertex type.
+    Rich per-call metadata (receiver, arguments, location, ...) lives on
+    ``PyCallsite`` inside the source ``PyCallable.call_sites``.
+    """
+
+    source: str  # caller's PyCallable.signature
+    target: str  # callee's PyCallable.signature
+    type: Literal["CALL_DEP"] = "CALL_DEP"
+    weight: int = 1
+    provenance: List[Literal["jedi", "codeql", "joern"]] = []
+
+
 @builder
 @msgpk
 class PyApplication(BaseModel):
     """Represents a Python application."""
 
     symbol_table: Dict[str, PyModule]
+    call_graph: List[PyCallEdge] = []