codeanalyzer-python 0.3.0 is published on PyPI. It is a breaking release. python-sdk pins ==0.2.0 and will not work as-is against 0.3.0.
The break: 0.3.0 removes AnalysisOptions.using_codeql (CodeQL is replaced by PyCG) in favor of analysis_level: int. AnalysisOptions is a dataclass, so the current construction raises TypeError: unexpected keyword argument 'using_codeql'.
cldk/analysis/python/codeanalyzer/codeanalyzer.py:221
options = AnalysisOptions(..., using_codeql=self.use_codeql, ...)
Required changes:
1. pyproject.toml (two places):
"codeanalyzer-python==0.2.0" -> "codeanalyzer-python==0.3.0"
codeanalyzer-python = "0.2.0" -> codeanalyzer-python = "0.3.0"
2. cldk/analysis/python/codeanalyzer/codeanalyzer.py:221
using_codeql=self.use_codeql
->
analysis_level=2 if (self.analysis_level == AnalysisLevel.call_graph and self.use_codeql) else 1
(old "CodeQL on" maps to the new PyCG level 2; level 1 is Jedi only.
AnalysisLevel is already imported on line 63.)
No provenance code change needed. The Neo4j backend reads provenance generically (tuple(p.get("provenance", []))), and nothing filters on the literal "codeql". The codeql -> pycg rename passes through. The remaining use_codeql references are param names and docstrings (now misleading, optional to rename).
0.3.0 changelog:
[0.3.0] - 2026-06-27
Added
--analysis-level {1,2} (reintroduced): 1 is symbol table + Jedi call graph, 2 adds the PyCG call graph.- Coupling-aware PyCG sharding (
--pycg-shard) so level 2 scales to large apps. Shards are chosen by Jedi module coupling (SCC condensation, so import cycles never split, plus Louvain community detection) instead of a flat file count. PyCG runs on each shard inside a symlink mini-project that bounds it to that shard's files. Ray-parallel.
- Iterative decomposition of runaway shards. A shard whose PyCG fixpoint diverges past the wall-clock timeout is re-sharded at half the budget and re-run, down to a floor (10 files). The residue falls back to Jedi-only. On Odoo (1028 modules) this recovered 22210 PyCG edges versus 17149 for the best uniform ceiling, losing only 20 files.
- New flags:
--pycg-shard-strategy {jedi,package}, --pycg-shard-ceiling, --pycg-shard-timeout, --pycg-max-iter.
Changed
- BREAKING: CodeQL is replaced by PyCG as the level 2 call graph backend.
--codeql/--no-codeql removed in favor of --analysis-level. Edge provenance literal codeql becomes pycg. New dependency: pycg.
Fixed
- Shard planner keys its module graph by file path (module_name is only the file stem, so it collided and dropped files).
- PyCG no longer follows imports into an in-tree dependency venv (e.g.
.codeanalyzer/) during the whole-project level 2 run.
_uv_bin uses only the vendored uv, no system-PATH fallback.
codeanalyzer-python0.3.0 is published on PyPI. It is a breaking release. python-sdk pins==0.2.0and will not work as-is against 0.3.0.The break: 0.3.0 removes
AnalysisOptions.using_codeql(CodeQL is replaced by PyCG) in favor ofanalysis_level: int.AnalysisOptionsis a dataclass, so the current construction raisesTypeError: unexpected keyword argument 'using_codeql'.Required changes:
No provenance code change needed. The Neo4j backend reads
provenancegenerically (tuple(p.get("provenance", []))), and nothing filters on the literal"codeql". Thecodeql -> pycgrename passes through. The remaininguse_codeqlreferences are param names and docstrings (now misleading, optional to rename).0.3.0 changelog:
[0.3.0] - 2026-06-27
Added
--analysis-level {1,2}(reintroduced): 1 is symbol table + Jedi call graph, 2 adds the PyCG call graph.--pycg-shard) so level 2 scales to large apps. Shards are chosen by Jedi module coupling (SCC condensation, so import cycles never split, plus Louvain community detection) instead of a flat file count. PyCG runs on each shard inside a symlink mini-project that bounds it to that shard's files. Ray-parallel.--pycg-shard-strategy {jedi,package},--pycg-shard-ceiling,--pycg-shard-timeout,--pycg-max-iter.Changed
--codeql/--no-codeqlremoved in favor of--analysis-level. Edgeprovenanceliteralcodeqlbecomespycg. New dependency:pycg.Fixed
.codeanalyzer/) during the whole-project level 2 run._uv_binuses only the vendoreduv, no system-PATH fallback.