codeanalyzer-python 0.1.14__tar.gz → 0.2.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/.gitignore +4 -0
  2. codeanalyzer_python-0.2.1/PKG-INFO +415 -0
  3. codeanalyzer_python-0.2.1/README.md +379 -0
  4. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/__main__.py +108 -6
  5. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/core.py +100 -18
  6. codeanalyzer_python-0.2.1/codeanalyzer/neo4j/__init__.py +46 -0
  7. codeanalyzer_python-0.2.1/codeanalyzer/neo4j/bolt.py +234 -0
  8. codeanalyzer_python-0.2.1/codeanalyzer/neo4j/catalog.py +245 -0
  9. codeanalyzer_python-0.2.1/codeanalyzer/neo4j/cypher.py +138 -0
  10. codeanalyzer_python-0.2.1/codeanalyzer/neo4j/emit.py +74 -0
  11. codeanalyzer_python-0.2.1/codeanalyzer/neo4j/project.py +330 -0
  12. codeanalyzer_python-0.2.1/codeanalyzer/neo4j/rows.py +181 -0
  13. codeanalyzer_python-0.2.1/codeanalyzer/neo4j/schema.py +39 -0
  14. codeanalyzer_python-0.2.1/codeanalyzer/options/__init__.py +3 -0
  15. codeanalyzer_python-0.2.1/codeanalyzer/options/options.py +45 -0
  16. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/schema/__init__.py +2 -0
  17. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/schema/py_schema.py +15 -0
  18. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/semantic_analysis/codeql/codeql_analysis.py +109 -27
  19. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/pyproject.toml +22 -4
  20. codeanalyzer_python-0.2.1/schema-uml.drawio +103 -0
  21. codeanalyzer_python-0.2.1/schema.neo4j.json +280 -0
  22. codeanalyzer_python-0.1.14/PKG-INFO +0 -392
  23. codeanalyzer_python-0.1.14/README.md +0 -359
  24. codeanalyzer_python-0.1.14/codeanalyzer/options/__init__.py +0 -3
  25. codeanalyzer_python-0.1.14/codeanalyzer/options/options.py +0 -24
  26. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/LICENSE +0 -0
  27. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/NOTICE +0 -0
  28. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/__init__.py +0 -0
  29. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/config/__init__.py +0 -0
  30. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/config/config.py +0 -0
  31. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/jedi/__init__.py +0 -0
  32. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/jedi/jedi.py +0 -0
  33. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/py.typed +0 -0
  34. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/semantic_analysis/__init__.py +0 -0
  35. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/semantic_analysis/call_graph.py +0 -0
  36. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/semantic_analysis/codeql/__init__.py +0 -0
  37. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/semantic_analysis/codeql/codeql_exceptions.py +0 -0
  38. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/semantic_analysis/codeql/codeql_loader.py +0 -0
  39. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/semantic_analysis/codeql/codeql_query_runner.py +0 -0
  40. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/syntactic_analysis/__init__.py +0 -0
  41. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/syntactic_analysis/exceptions.py +0 -0
  42. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/syntactic_analysis/symbol_table_builder.py +0 -0
  43. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/utils/__init__.py +0 -0
  44. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/utils/logging.py +0 -0
  45. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/codeanalyzer/utils/progress_bar.py +0 -0
  46. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/test/fixtures/whole_applications/xarray/LICENSE +0 -0
  47. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/test/fixtures/whole_applications/xarray/README.md +0 -0
  48. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/test/fixtures/whole_applications/xarray/properties/README.md +0 -0
  49. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/test/fixtures/whole_applications/xarray/xarray/datatree_/LICENSE +0 -0
  50. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/test/fixtures/whole_applications/xarray/xarray/datatree_/README.md +0 -0
  51. {codeanalyzer_python-0.1.14 → codeanalyzer_python-0.2.1}/test/fixtures/whole_applications/xarray/xarray/datatree_/docs/README.md +0 -0
@@ -180,3 +180,7 @@ analysis.json
180
180
 
181
181
  # UV
182
182
  uv.lock
183
+
184
+ # Node / Astro docs-site build artifacts (never commit these)
185
+ node_modules/
186
+ .astro/
@@ -0,0 +1,415 @@
1
+ Metadata-Version: 2.4
2
+ Name: codeanalyzer-python
3
+ Version: 0.2.1
4
+ Summary: Static Analysis on Python source code using Jedi, CodeQL and Treesitter — emits analysis.json or a Neo4j property graph.
5
+ Author-email: Rahul Krishna <i.m.ralk@gmail.com>
6
+ License-File: LICENSE
7
+ License-File: NOTICE
8
+ Requires-Python: >=3.9
9
+ Requires-Dist: jedi<0.20.0,>=0.18.0; python_version < '3.11'
10
+ Requires-Dist: jedi<=0.19.2; python_version >= '3.11'
11
+ Requires-Dist: msgpack<1.0.7,>=1.0.0; python_version < '3.11'
12
+ Requires-Dist: msgpack<2.0.0,>=1.0.7; python_version >= '3.11'
13
+ Requires-Dist: networkx<3.2.0,>=2.6.0; python_version < '3.11'
14
+ Requires-Dist: networkx<4.0.0,>=3.0.0; python_version >= '3.11'
15
+ Requires-Dist: numpy<1.24.0,>=1.21.0; python_version < '3.11'
16
+ Requires-Dist: numpy<2.0.0,>=1.24.0; python_version >= '3.11' and python_version < '3.12'
17
+ Requires-Dist: numpy<2.0.0,>=1.26.0; python_version >= '3.12'
18
+ Requires-Dist: packaging>=25.0
19
+ Requires-Dist: pandas<2.0.0,>=1.3.0; python_version < '3.11'
20
+ Requires-Dist: pandas<3.0.0,>=2.0.0; python_version >= '3.11'
21
+ Requires-Dist: pydantic<2.0.0,>=1.8.0; python_version < '3.11'
22
+ Requires-Dist: pydantic<3.0.0,>=2.0.0; python_version >= '3.11'
23
+ Requires-Dist: ray<3.0.0,>=2.10.0; python_version >= '3.11'
24
+ Requires-Dist: ray==2.0.0; python_version < '3.11'
25
+ Requires-Dist: requests<3.0.0,>=2.20.0; python_version >= '3.11'
26
+ Requires-Dist: rich<14.0.0,>=12.6.0; python_version < '3.11'
27
+ Requires-Dist: rich<15.0.0,>=14.0.0; python_version >= '3.11'
28
+ Requires-Dist: typer<1.0.0,>=0.9.0; python_version < '3.11'
29
+ Requires-Dist: typer<2.0.0,>=0.9.0; python_version >= '3.11'
30
+ Requires-Dist: typing-extensions<5.0.0,>=4.0.0; python_version < '3.11'
31
+ Requires-Dist: typing-extensions<6.0.0,>=4.5.0; python_version >= '3.11'
32
+ Requires-Dist: uv>=0.5.0
33
+ Provides-Extra: neo4j
34
+ Requires-Dist: neo4j<6.0.0,>=5.0.0; extra == 'neo4j'
35
+ Description-Content-Type: text/markdown
36
+
37
+ <div align="center">
38
+
39
+ <img src="https://github.com/codellm-devkit/codeanalyzer-python/blob/main/docs/assets/logo.png?raw=true" alt="CodeLLM-DevKit" />
40
+
41
+ # codeanalyzer-python (`canpy`)
42
+
43
+ **A Python static-analysis toolkit — the CLDK backend that emits a canonical symbol table and call graph, as `analysis.json` or a Neo4j property graph.**
44
+
45
+ [![PyPI](https://img.shields.io/pypi/v/codeanalyzer-python?style=for-the-badge&logo=pypi&logoColor=white)](https://pypi.org/project/codeanalyzer-python/)
46
+ [![Python](https://img.shields.io/pypi/pyversions/codeanalyzer-python?style=for-the-badge&logo=python&logoColor=white)](https://pypi.org/project/codeanalyzer-python/)
47
+ [![GitHub release](https://img.shields.io/github/v/release/codellm-devkit/codeanalyzer-python?style=for-the-badge&logo=github&label=GitHub&color=2dba4e)](https://github.com/codellm-devkit/codeanalyzer-python/releases/latest)
48
+ [![Release](https://img.shields.io/github/actions/workflow/status/codellm-devkit/codeanalyzer-python/release.yml?style=for-the-badge&label=release&logo=githubactions&logoColor=white)](https://github.com/codellm-devkit/codeanalyzer-python/actions/workflows/release.yml)
49
+ [![License](https://img.shields.io/badge/License-Apache%202.0-blue?style=for-the-badge)](./LICENSE)
50
+
51
+ </div>
52
+
53
+ ---
54
+
55
+ `canpy` is a static analyzer for Python built on [Jedi](https://jedi.readthedocs.io/), with optional
56
+ [CodeQL](https://codeql.github.com/)-resolved call edges and
57
+ [Tree-sitter](https://tree-sitter.github.io/) parsing. It produces the canonical CodeLLM-DevKit
58
+ (CLDK) `analysis.json` — a symbol table plus a call graph — and can project that same analysis into a
59
+ **Neo4j property graph**. It is the Python backend behind
60
+ [CLDK](https://github.com/codellm-devkit/python-sdk), mirroring its
61
+ [TypeScript](https://github.com/codellm-devkit/codeanalyzer-typescript) (`cants`) and
62
+ [Java](https://github.com/codellm-devkit/codeanalyzer-java) siblings.
63
+
64
+ Every run produces a symbol table **and** a call graph. Edges come from Jedi's lexical resolution by
65
+ default; `--codeql` resolves additional edges (RPC / third-party / dynamically-dispatched targets)
66
+ and merges them with the Jedi-derived edges, also backfilling callees Jedi could not resolve.
67
+
68
+ ## Table of Contents
69
+
70
+ - [Features](#features)
71
+ - [Installation](#installation)
72
+ - [Prerequisites](#prerequisites)
73
+ - [Install via pip (PyPI)](#install-via-pip-pypi)
74
+ - [Install via shell script](#install-via-shell-script)
75
+ - [Install via Homebrew](#install-via-homebrew)
76
+ - [Build from source](#build-from-source)
77
+ - [Usage](#usage)
78
+ - [Options](#options)
79
+ - [Examples](#examples)
80
+ - [Output targets](#output-targets)
81
+ - [`analysis.json` (default)](#analysisjson-default)
82
+ - [Neo4j graph](#neo4j-graph)
83
+ - [Schema contract](#schema-contract)
84
+ - [Development](#development)
85
+ - [License](#license)
86
+
87
+ ## Features
88
+
89
+ - **Symbol table** — modules, classes, functions, methods, variables, decorators, imports, and
90
+ docstrings, with precise source spans.
91
+ - **Call graph** — Jedi's lexical resolver by default, with optional **CodeQL**-resolved edges
92
+ (`--codeql`) for RPC / third-party / dynamically-dispatched targets, merged with the Jedi edges;
93
+ CodeQL also backfills callees Jedi could not resolve.
94
+ - **Neo4j output** — project the analysis into a labeled property graph: a self-contained
95
+ `graph.cypher` snapshot, or an **incremental** push to a live database over Bolt.
96
+ - **Versioned schema** — a machine-readable, version-stamped Neo4j schema contract (`--emit schema`),
97
+ checked in as `schema.neo4j.json` and shipped with every release.
98
+ - **Incremental cache** — per-file results are cached under `.codeanalyzer`; `--lazy` (default)
99
+ reuses them, `--eager` forces a clean rebuild. `--ray` distributes the work across cores.
100
+ - **Compact output** — canonical `analysis.json`, or binary `analysis.msgpack` for smaller artifacts.
101
+
102
+ ## Installation
103
+
104
+ ### Prerequisites
105
+
106
+ - **Python 3.10 or newer.**
107
+ - A C toolchain and the `venv` / development headers — the analyzer builds an isolated virtual
108
+ environment per project (via Python's `venv`) so Jedi can resolve types and imports:
109
+
110
+ ```sh
111
+ # Ubuntu / Debian
112
+ sudo apt install python3-venv python3-dev build-essential
113
+
114
+ # Fedora / RHEL / CentOS
115
+ sudo dnf group install "Development Tools" && sudo dnf install python3-venv python3-devel
116
+
117
+ # macOS
118
+ xcode-select --install
119
+ ```
120
+
121
+ ### Install via pip (PyPI)
122
+
123
+ ```sh
124
+ pip install codeanalyzer-python
125
+ canpy --help
126
+ ```
127
+
128
+ For the optional **live Neo4j push** (`--emit neo4j --neo4j-uri …`), install the `neo4j` extra:
129
+
130
+ ```sh
131
+ pip install 'codeanalyzer-python[neo4j]'
132
+ ```
133
+
134
+ ### Install via shell script
135
+
136
+ Install the CLI as an isolated tool with the one-line installer (provisions via uv / pipx / pip):
137
+
138
+ ```sh
139
+ curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codellm-devkit/codeanalyzer-python/releases/latest/download/canpy-installer.sh | sh
140
+ ```
141
+
142
+ ### Install via Homebrew
143
+
144
+ ```sh
145
+ brew install codellm-devkit/tap/codeanalyzer-python
146
+ ```
147
+
148
+ The formula depends on [uv](https://docs.astral.sh/uv/) and installs `canpy` as an isolated,
149
+ version-pinned uv tool (the package and its dependencies are resolved and cached on first run).
150
+
151
+ ### Build from source
152
+
153
+ This project uses [uv](https://docs.astral.sh/uv/) for dependency management.
154
+
155
+ ```sh
156
+ git clone https://github.com/codellm-devkit/codeanalyzer-python
157
+ cd codeanalyzer-python
158
+ uv sync --all-groups
159
+ uv run canpy --help
160
+ ```
161
+
162
+ ## Usage
163
+
164
+ ```sh
165
+ canpy --input /path/to/python/project
166
+ ```
167
+
168
+ With no `--output`, the analysis is printed to stdout as compact JSON; with `--output <dir>` it is
169
+ written to `analysis.json` (or `graph.cypher` for `--emit neo4j`, or `analysis.msgpack` with
170
+ `--format msgpack`) in that directory.
171
+
172
+ ### Options
173
+
174
+ <!-- BEGIN canpy-help -->
175
+
176
+ ```text
177
+ $ canpy --help
178
+
179
+ Usage: canpy [OPTIONS] COMMAND [ARGS]...
180
+
181
+ Static Analysis on Python source code using Jedi, CodeQL and Tree sitter.
182
+
183
+ ╭─ Options ────────────────────────────────────────────────────────────────────╮
184
+ │ --input -i PATH Path to the │
185
+ │ project root │
186
+ │ directory (not │
187
+ │ required for │
188
+ │ --emit schema). │
189
+ │ --output -o PATH Output directory │
190
+ │ for artifacts. │
191
+ │ --format -f [json|msgpack] Output format for │
192
+ │ --emit json: json │
193
+ │ or msgpack. │
194
+ │ [default: json] │
195
+ │ --emit [json|neo4j|sche Output target: │
196
+ │ ma] json │
197
+ │ (analysis.json, │
198
+ │ default) | neo4j │
199
+ │ (graph.cypher or │
200
+ │ live Bolt push) | │
201
+ │ schema (the Neo4j │
202
+ │ schema.json │
203
+ │ contract). │
204
+ │ [default: json] │
205
+ │ --app-name TEXT Logical │
206
+ │ application name │
207
+ │ for the graph │
208
+ │ :PyApplication │
209
+ │ anchor (default: │
210
+ │ input dir name). │
211
+ │ --neo4j-uri TEXT Push the graph to │
212
+ │ a live Neo4j over │
213
+ │ Bolt │
214
+ │ (incremental); │
215
+ │ omit to write │
216
+ │ graph.cypher. │
217
+ │ [env var: │
218
+ │ NEO4J_URI] │
219
+ │ --neo4j-user TEXT Neo4j username. │
220
+ │ [env var: │
221
+ │ NEO4J_USERNAME] │
222
+ │ [default: neo4j] │
223
+ │ --neo4j-password TEXT Neo4j password. │
224
+ │ Prefer the env │
225
+ │ var over the flag │
226
+ │ (the flag is │
227
+ │ visible in shell │
228
+ │ history / process │
229
+ │ list). │
230
+ │ [env var: │
231
+ │ NEO4J_PASSWORD] │
232
+ │ [default: neo4j] │
233
+ │ --neo4j-database TEXT Neo4j database │
234
+ │ name (default: │
235
+ │ server default). │
236
+ │ [env var: │
237
+ │ NEO4J_DATABASE] │
238
+ │ --codeql --no-codeql Enable │
239
+ │ CodeQL-based │
240
+ │ analysis. │
241
+ │ [default: │
242
+ │ no-codeql] │
243
+ │ --ray --no-ray Enable Ray for │
244
+ │ distributed │
245
+ │ analysis. │
246
+ │ [default: no-ray] │
247
+ │ --eager --lazy Enable eager or │
248
+ │ lazy analysis. │
249
+ │ Defaults to lazy. │
250
+ │ [default: lazy] │
251
+ │ --skip-tests --include-tests Skip test files │
252
+ │ in analysis. │
253
+ │ [default: │
254
+ │ skip-tests] │
255
+ │ --no-venv --venv Skip virtualenv │
256
+ │ creation and │
257
+ │ dependency │
258
+ │ installation; │
259
+ │ resolve imports │
260
+ │ against the │
261
+ │ ambient Python │
262
+ │ environment │
263
+ │ instead. │
264
+ │ [default: venv] │
265
+ │ --file-name PATH Analyze only the │
266
+ │ specified file │
267
+ │ (relative to │
268
+ │ input directory). │
269
+ │ --cache-dir -c PATH Directory to │
270
+ │ store analysis │
271
+ │ cache. Defaults │
272
+ │ to │
273
+ │ '.codeanalyzer' │
274
+ │ in the input │
275
+ │ directory. │
276
+ │ --clear-cache --keep-cache Clear cache after │
277
+ │ analysis. By │
278
+ │ default, cache is │
279
+ │ retained. │
280
+ │ [default: │
281
+ │ keep-cache] │
282
+ │ -v INTEGER Increase │
283
+ │ verbosity: -v, │
284
+ │ -vv, -vvv │
285
+ │ [default: 0] │
286
+ │ --help Show this message │
287
+ │ and exit. │
288
+ ╰──────────────────────────────────────────────────────────────────────────────╯
289
+ ```
290
+
291
+ <!-- END canpy-help -->
292
+
293
+ ### Examples
294
+
295
+ 1. **Basic analysis to stdout, or to a file:**
296
+ ```sh
297
+ canpy --input ./my-python-project # compact JSON on stdout
298
+ canpy --input ./my-python-project --output ./out # → ./out/analysis.json
299
+ ```
300
+
301
+ 2. **Binary output (msgpack):**
302
+ ```sh
303
+ canpy --input ./my-python-project --output ./out --format msgpack # → ./out/analysis.msgpack
304
+ ```
305
+
306
+ 3. **Resolve extra call edges with CodeQL:**
307
+ ```sh
308
+ canpy --input ./my-python-project --codeql
309
+ ```
310
+ By default, edges come from Jedi's lexical analysis. Adding `--codeql` resolves additional edges
311
+ (including RPC / third-party / dynamically-dispatched targets) and merges them with the
312
+ Jedi-derived edges; CodeQL also backfills resolved callees Jedi could not resolve. CodeQL
313
+ integration is experimental; the CLI is downloaded into `<cache_dir>/codeql/` on first use.
314
+
315
+ 4. **Emit a Neo4j snapshot, or push to a live database:**
316
+ ```sh
317
+ canpy --input ./my-python-project --emit neo4j --output ./out # → ./out/graph.cypher
318
+ canpy --input ./my-python-project --emit neo4j \
319
+ --neo4j-uri bolt://localhost:7687 --neo4j-user neo4j --neo4j-password secret
320
+ ```
321
+
322
+ 5. **Emit the Neo4j schema contract:**
323
+ ```sh
324
+ canpy --emit schema # print schema.json to stdout (no project needed)
325
+ canpy --emit schema --output ./out # → ./out/schema.json
326
+ ```
327
+
328
+ 6. **Force a clean rebuild with a custom cache directory:**
329
+ ```sh
330
+ canpy --input ./my-python-project --eager --cache-dir /path/to/custom-cache
331
+ ```
332
+
333
+ ## Output targets
334
+
335
+ `canpy` builds one analysis in memory and can emit it three ways (`--emit`):
336
+
337
+ ### `analysis.json` (default)
338
+
339
+ A `PyApplication` document — the canonical CLDK contract:
340
+
341
+ ```jsonc
342
+ {
343
+ "symbol_table": { /* file path → module (classes, functions, variables, imports, …) */ },
344
+ "call_graph": [ /* CALL_DEP edges: { source, target, weight, provenance } keyed by callable signature */ ]
345
+ }
346
+ ```
347
+
348
+ By default this is printed to stdout in JSON; with `--output` it is written to `analysis.json` (or
349
+ `analysis.msgpack` with `--format msgpack`, a more compact binary format).
350
+
351
+ ### Neo4j graph
352
+
353
+ `--emit neo4j` projects the same analysis into a labeled property graph. Every node label is
354
+ `Py`-prefixed and every relationship type is `PY_`-prefixed (e.g. `:PyClass`, `PY_CALLS`) so multiple
355
+ language analyzers can share one database without label or relationship-type collisions. Declarations
356
+ are keyed by their signature under a shared `:PySymbol` label; calls, imports, inheritance,
357
+ decorators, and call sites are relationships:
358
+
359
+ - **Without `--neo4j-uri`** — writes a self-contained `graph.cypher` (constraints + indexes, a scoped
360
+ wipe, then batched `MERGE`s). Load it with `cypher-shell < graph.cypher`. Needs no extra
361
+ dependencies.
362
+ - **With `--neo4j-uri`** — pushes to a live Neo4j over Bolt **incrementally**: only modules whose
363
+ content hash changed are rewritten, and on a full run modules whose source file vanished are
364
+ pruned. Requires the `neo4j` extra. Every graph carries a `schema_version` on its `:PyApplication`
365
+ node.
366
+
367
+ Call-graph endpoints that aren't present in the symbol table (third-party / framework / RPC targets)
368
+ are materialized as `:PyExternal` ghost nodes, mirroring the analyzer's own ghost-node behaviour.
369
+
370
+ The connection options also read from the standard Neo4j environment variables — `NEO4J_URI`,
371
+ `NEO4J_USERNAME`, `NEO4J_PASSWORD`, `NEO4J_DATABASE` — when the corresponding flag is omitted (an
372
+ explicit flag wins). Prefer the env var for the password so it doesn't land in shell history or the
373
+ process list:
374
+
375
+ ```sh
376
+ export NEO4J_URI=bolt://localhost:7687
377
+ export NEO4J_PASSWORD=secret
378
+ canpy -i ./my-project --emit neo4j # credentials picked up from the environment
379
+ ```
380
+
381
+ ### Schema contract
382
+
383
+ `--emit schema` writes the machine-readable, version-stamped Neo4j schema (`schema.json`: node labels,
384
+ relationships, properties, constraints, and indexes). It needs no project and is checked into the repo
385
+ as `schema.neo4j.json` and bundled in every release as a GitHub Release asset, so a consumer can
386
+ validate producer/consumer compatibility without invoking the tool. The shape of the contract matches
387
+ the [`codeanalyzer-typescript`](https://github.com/codellm-devkit/codeanalyzer-typescript) backend.
388
+
389
+ A UML of the `analysis.json` schema (the `PyApplication` containment tree) is checked in as
390
+ [`schema-uml.drawio`](./schema-uml.drawio), and the property-graph schema as
391
+ [`neo4j-schema.drawio`](./neo4j-schema.drawio).
392
+
393
+ ## Development
394
+
395
+ This project uses [uv](https://docs.astral.sh/uv/).
396
+
397
+ ```sh
398
+ uv sync --all-groups
399
+ uv run canpy --input /path/to/project # run from source
400
+ uv run canpy --emit schema > schema.neo4j.json # regenerate the checked-in schema contract
401
+ uv run python scripts/update_readme.py # regenerate the canpy --help block above
402
+ uv run pytest # run the test suite
403
+ ```
404
+
405
+ The Neo4j schema-conformance test always runs. The Neo4j **bolt** integration test spins up a real
406
+ Neo4j via [Testcontainers](https://testcontainers.com/) and is **opt-in** — it needs a container
407
+ runtime (Docker or Podman) and is enabled with an environment variable:
408
+
409
+ ```sh
410
+ RUN_CONTAINER_TESTS=1 uv run pytest test/test_neo4j_bolt.py -s
411
+ ```
412
+
413
+ ## License
414
+
415
+ Apache 2.0 — see [LICENSE](./LICENSE).