Metadata-Version: 2.4
Name: depinsight
Version: 0.1.0
Summary: AI-powered Python dependency analyzer — detect breaking changes, evaluate upgrade safety, and auto-fix deprecated APIs
Project-URL: Homepage, https://github.com/Narsi12/dep-analyzer
Project-URL: Documentation, https://github.com/Narsi12/dep-analyzer#readme
Project-URL: Bug Tracker, https://github.com/Narsi12/dep-analyzer/issues
Project-URL: Changelog, https://github.com/Narsi12/dep-analyzer/releases
Author: Dep Analyzer Contributors
License-Expression: MIT
Keywords: analysis,analyzer,ast,breaking-changes,cli,code-analysis,dependencies,dependency,dependency-checker,django,flask,migration,package-manager,pyproject,python,requests,requirements,requirements-txt,safe-upgrade,sqlalchemy,static-analysis,upgrade
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Software Development
Classifier: Topic :: Software Development :: Code Generators
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Topic :: Software Development :: Quality Assurance
Classifier: Topic :: Utilities
Classifier: Typing :: Typed
Requires-Python: >=3.10
Requires-Dist: networkx>=3.0
Requires-Dist: packaging>=23.0
Requires-Dist: pyyaml>=6.0
Requires-Dist: requests>=2.28
Requires-Dist: rich>=13.0
Requires-Dist: tomli>=2.0; python_version < '3.11'
Requires-Dist: typer>=0.9.0
Provides-Extra: ai
Requires-Dist: anthropic>=0.40; extra == 'ai'
Requires-Dist: openai>=1.0; extra == 'ai'
Provides-Extra: all-ai
Requires-Dist: anthropic>=0.40; extra == 'all-ai'
Requires-Dist: boto3>=1.34; extra == 'all-ai'
Requires-Dist: openai>=1.0; extra == 'all-ai'
Provides-Extra: anthropic
Requires-Dist: anthropic>=0.40; extra == 'anthropic'
Provides-Extra: bedrock
Requires-Dist: boto3>=1.34; extra == 'bedrock'
Provides-Extra: dev
Requires-Dist: mypy>=1.0; extra == 'dev'
Requires-Dist: pytest-cov>=4.0; extra == 'dev'
Requires-Dist: pytest>=7.0; extra == 'dev'
Requires-Dist: ruff>=0.1; extra == 'dev'
Provides-Extra: openai
Requires-Dist: openai>=1.0; extra == 'openai'
Provides-Extra: pdf
Requires-Dist: fpdf2>=2.7; extra == 'pdf'
Provides-Extra: pipdeptree
Requires-Dist: pipdeptree>=2.9; extra == 'pipdeptree'
Description-Content-Type: text/markdown

# Dependency Hell Analyzer

**AI-powered Python dependency analyzer** — detect breaking changes before upgrading, evaluate upgrade safety using real AST-level code analysis, and auto-fix deprecated APIs with a diff preview.

> Stop guessing if `pip install --upgrade django` will break your project.
> Know exactly what breaks, why, and how to fix it — before you upgrade.

```bash
pip install dep-analyzer
dep-analyzer check         # scan all dependencies for breaking changes
dep-analyzer impact django==4.0   # deep impact analysis for one package
dep-analyzer fix --dry-run        # preview auto-fixes before applying
```

---

## Why dep-analyzer?

Most dependency tools tell you **a new version exists**.
dep-analyzer tells you **if upgrading will break your code** — and fixes it.

| Feature | dep-analyzer | pip-audit | Dependabot | safety |
|---------|:---:|:---:|:---:|:---:|
| Detects breaking API changes | YES | - | - | - |
| Analyzes actual code usage (AST) | YES | - | - | - |
| Call-level argument validation | YES | - | - | - |
| Auto-fix deprecated imports | YES | - | - | - |
| Confidence scoring | YES | - | - | - |
| AI-powered migration hints | YES | - | - | - |
| PDF health report | YES | - | - | - |

---

## Installation

```bash
# Base (no AI)
pip install dep-analyzer

# With AI providers
pip install "dep-analyzer[anthropic]"   # Claude
pip install "dep-analyzer[openai]"      # GPT + Azure OpenAI
pip install "dep-analyzer[bedrock]"     # AWS Bedrock
pip install "dep-analyzer[all-ai]"      # All providers

# With PDF export
pip install "dep-analyzer[pdf]"

# Everything
pip install "dep-analyzer[all-ai,pdf]"
```

---

## Quick Start

```bash
cd your-python-project

dep-analyzer scan          # discover all files and dependencies
dep-analyzer check         # check all deps for breaking changes
dep-analyzer fix --dry-run # preview safe auto-fixes
dep-analyzer fix           # apply fixes with confirmation
dep-analyzer report --pdf  # export full health report as PDF
```

---

## How It Works

dep-analyzer goes beyond version checking:

1. **AST scan** — parses every `.py` file to find what APIs are actually called
2. **Call-level analysis** — inspects function arguments, not just imports
3. **Breaking changes database** — matches usage against curated rules per package/version
4. **Confidence scoring** — `HIGH` (argument-level), `MEDIUM` (inferred), `LOW` (import-only)
5. **AI layer** — optional LLM explanation and migration hints via your own API key

```
import requests                          # import detected
requests.get(url, timeout=10)            # call-level: timeout present
→ SAFE (HIGH confidence)                 # correct verdict, no false alarm
```

```
from django.conf.urls import url         # import detected
url(r'^about/$', views.about)            # call detected
→ HIGH RISK — removed in Django 4.0     # actionable alert
→ Fix: use django.urls.path             # auto-fixable
```

---

## Commands

### `dep-analyzer check` — Scan all dependencies

```bash
dep-analyzer check
dep-analyzer check --fail-on HIGH    # exit 2 if HIGH risk (CI/CD)
dep-analyzer check --format json
```

Output:
```
Package     Version     Status   Used/Safe/Risky   Notes
django      >=3.2,<4.0  HIGH     Used:2 Safe:0 Risky:2
requests    ==2.28.0    SAFE     Used:1 Safe:1 Risky:0
celery      >=4.4       NONE     -
```

Exit codes: `0` = clean, `1` = medium warnings, `2` = high/critical failures

---

### `dep-analyzer impact` — Deep analysis for one package

```bash
dep-analyzer impact django==4.0
dep-analyzer impact requests==3.0 --ai
dep-analyzer impact flask==3.0 --ai --provider openai --model gpt-4o
dep-analyzer impact sqlalchemy==2.0 --format json
```

Shows:
- Relevant breaking changes (filtered to what your code actually uses)
- Ignored APIs (in database but not in your codebase)
- Upgrade Safety verdict: `SAFE TO UPGRADE` / `REVIEW NEEDED` / `UNSAFE`
- Recommended testing level
- AI-powered migration hints (with `--ai`)

---

### `dep-analyzer fix` — Auto-fix deprecated APIs

```bash
dep-analyzer fix --dry-run          # preview diff, no changes
dep-analyzer fix                    # interactive: confirm per file
dep-analyzer fix --yes              # apply all without prompting
dep-analyzer fix --package django   # fix one package only
```

Fix flow:
```
12 rules available → 7 applicable fixes in 2 files

--- views.py (before)
+++ views.py (after)
- from django.utils.encoding import force_text
+ from django.utils.encoding import force_str
- from django.conf.urls import url
+ from django.urls import re_path

Apply 7 fix(es) to 2 file(s)? [y/n]: y

Fixed 2 file(s), 7 change(s)
  django: 5   celery: 2
Backups: 2 .bak file(s) created
```

---

### `dep-analyzer report` — Full health report

```bash
dep-analyzer report
dep-analyzer report --pdf
dep-analyzer report --pdf --pdf-out /tmp/report.pdf
dep-analyzer report --ai --pdf
```

Includes: scan summary, dependency risks, module coupling metrics, health score (0–100), optional AI summary, optional PDF export.

---

### Other commands

```bash
dep-analyzer scan                    # scan files and list dependencies
dep-analyzer coupling                # module coupling: Ca, Ce, instability
dep-analyzer coupling --ai           # AI coupling summary
dep-analyzer trace django            # trace all usages of a package
dep-analyzer graph                   # dependency graph
dep-analyzer setup                   # configure AI provider (interactive)
dep-analyzer setup --show            # show current config
```

---

## AI Providers (Bring Your Own Key)

dep-analyzer is free. AI features use your own API key — you pay only for what you use.

| Provider  | Install                   | Typical cost per scan | Setup |
|-----------|---------------------------|-----------------------|-------|
| Anthropic | `dep-analyzer[anthropic]` | ~$0.01 (Haiku)        | `DEP_ANALYZER_API_KEY` |
| OpenAI    | `dep-analyzer[openai]`    | ~$0.01 (gpt-4o-mini)  | `DEP_ANALYZER_API_KEY` |
| Azure     | `dep-analyzer[openai]`    | varies by deployment  | `DEP_ANALYZER_AZURE_*` |
| Bedrock   | `dep-analyzer[bedrock]`   | ~$0.01                | AWS credential chain   |

Configure via `.env` file (auto-created on first run) or the setup wizard:

```bash
dep-analyzer setup
```

```env
DEP_ANALYZER_PROVIDER=azure
DEP_ANALYZER_API_KEY=your-key
DEP_ANALYZER_AZURE_ENDPOINT=https://<resource>.cognitiveservices.azure.com/
DEP_ANALYZER_AZURE_DEPLOYMENT=gpt-4o
DEP_ANALYZER_AZURE_API_VERSION=2024-02-01
```

---

## CI/CD Integration

### GitHub Actions

```yaml
steps:
  - uses: actions/checkout@v4
  - name: Check dependencies
    run: |
      pip install dep-analyzer
      dep-analyzer check --fail-on HIGH
```

### Pre-commit hook

```bash
pip install pre-commit
pre-commit install
```

`.pre-commit-config.yaml`:
```yaml
repos:
  - repo: local
    hooks:
      - id: dep-analyzer-check
        name: Dependency Hell Analyzer
        entry: dep-analyzer check
        language: system
        types: [python]
        pass_filenames: false
        args: [--fail-on, HIGH]
```

---

## Local Development & Testing

```bash
git clone https://github.com/Narsi12/dep-analyzer.git
cd "dep-analyzer"
pip install -e ".[all-ai,pdf]"
```

Run end-to-end tests against the built-in fixture project:

```bash
# 1. Scan
dep-analyzer scan --repo tests/fixtures/simple_project

# 2. Check all dependencies
dep-analyzer check --repo tests/fixtures/simple_project

# 3. Impact analysis
dep-analyzer impact requests==3.0 --repo tests/fixtures/simple_project
dep-analyzer impact django==4.0 --repo tests/fixtures/simple_project

# 4. Fix (preview)
dep-analyzer fix --repo tests/fixtures/simple_project --dry-run

# 5. Fix (apply)
dep-analyzer fix --repo tests/fixtures/simple_project --yes

# 6. Verify idempotency
dep-analyzer fix --repo tests/fixtures/simple_project --dry-run
# Expected: "No files need fixing."

# 7. Coupling
dep-analyzer coupling --repo tests/fixtures/simple_project

# 8. Report
dep-analyzer report --repo tests/fixtures/simple_project

# 9. PDF report
dep-analyzer report --repo tests/fixtures/simple_project --pdf

# 10. AI analysis (requires .env)
dep-analyzer impact requests==3.0 --repo tests/fixtures/simple_project --ai
dep-analyzer report --repo tests/fixtures/simple_project --ai --pdf
```

---

## Supported Packages (Breaking Changes Database)

| Package    | Versions with rules    |
|------------|------------------------|
| Django     | 2.0, 3.0, 4.0, 5.0     |
| Flask      | 2.0, 2.3, 3.0          |
| SQLAlchemy | 1.4, 2.0               |
| Celery     | 5.0, 5.3               |
| Requests   | 3.0                    |
| FastAPI    | 0.89, 0.95, 0.100–0.112|

Adding support for more packages is easy — each package is a single YAML file in `data/breaking_changes/`.

---

## Understanding Output

### Severity

| Level    | Meaning                                       |
|----------|-----------------------------------------------|
| SAFE     | Usage verified safe — no action needed        |
| LOW      | Minor risk — worth reviewing                  |
| MEDIUM   | Deprecated API — plan migration               |
| HIGH     | Removed API confirmed in use — will break     |
| CRITICAL | Multiple removed APIs across many files       |

### Confidence

| Level  | How determined                                    |
|--------|---------------------------------------------------|
| HIGH   | Argument-level — call and args directly inspected |
| MEDIUM | Call detected but args not conclusive             |
| LOW    | Import matched only — no call detected            |

### Upgrade Safety

| Verdict          | Meaning                                       |
|------------------|-----------------------------------------------|
| SAFE TO UPGRADE  | All usages verified, no risky calls found     |
| REVIEW NEEDED    | Dynamic imports or low-confidence matches     |
| UNSAFE           | Confirmed breaking API in active use          |

---

## License

MIT — free to use, modify, and distribute.
