pyproject.toml

[project]
name = "agentic-ai-evaluation-bootcamp-202602"
version = "0.1.1"
description = "Vector Institute Agentic AI Evaluation Bootcamp 202602"
readme = "README.md"
authors = [ {name = "Vector AI Engineering", email = "ai_engineering@vectorinstitute.ai"} ]
license = "Apache-2.0"
requires-python = ">=3.12,<4.0"
dependencies = [
    "aieng-eval-agents>=0.1.0",
    "aiohttp>=3.13.4", # CVE-2026-34513/34514/34515/34516/34517/34518/34519/34520/34525, CVE-2026-22815: multiple DoS/security fixes in 3.13.4
    "beautifulsoup4>=4.13.4",
    "datasets>=3.6.0",
    "e2b-code-interpreter>=2.4.1",
    "langfuse>=3.10.3,<4.0.0",
    "lxml>=6.0.0",
    "nest-asyncio>=1.6.0",
    "numpy<2.3.0",
    "plotly>=6.5.0",
    "pydantic>=2.12.4",
    "pydantic-settings>=2.7.0",
    "pydantic-ai-slim[logfire]>=1.26.0",
    "scikit-learn>=1.7.0",
    "urllib3>=2.6.3",
    "openpyxl>=3.1.5",
    "authlib>=1.6.11", # CVE-2026-28802: alg:none JWT bypass fixed in 1.6.7; GHSA-jj8c-mmj3-mmgv: CSRF protection bypass fixed in 1.6.11
    "cryptography>=46.0.7", # CVE-2026-34073: DNS name constraint bypass fixed in 46.0.6; CVE-2026-39892: buffer overflow fixed in 46.0.7
    "filelock>=3.20.3",
    "pyasn1>=0.6.3", # CVE-2026-30922: DoS via uncontrolled recursion fixed in 0.6.3
    "virtualenv>=20.36.1",
    "tenacity>=9.1.2",
    "certifi>=2026.1.4",
    "pillow>=12.2.0", # CVE-2026-40192: FITS decompression bomb fixed in 12.2.0
    "pypdf>=6.10.2", # CVE-2026-28804: ASCIIHexDecode DoS fixed in 6.7.5; CVE-2026-33123: array-based stream DoS fixed in 6.9.1; CVE-2026-40260: XMP metadata memory DoS fixed in 6.10.0; GHSA-jj6c-8h6c-hppx/GHSA-4pxv-j86v-mhcw/GHSA-7gw9-cf7v-778f/GHSA-x284-j5p8-9c5p: DoS via crafted PDFs fixed in 6.10.2
    "python-multipart>=0.0.26", # CVE-2026-40347: multipart parsing DoS fixed in 0.0.26
]

[dependency-groups]
dev = [
    "aieng-platform-onboard>=0.6.3",
    "mypy>=1.19.0",
    "codecov>=2.1.13",
    "ipykernel>=7.1.0",
    "ipython>=9.8.0",
    "ipywidgets>=8.1.7",
    "jupyter>=1.1.1",
    "jupyterlab>=4.4.8",
    "nbqa>=1.9.1",
    "pip>=26.1", # Pinning version to address vulnerability GHSA-6vgw-5pg2-w6jp, CVE-2026-3219
    "pip-audit>=2.9.0",
    "pre-commit>=4.2.0",
    "pytest>=9.0.3", # CVE-2025-71176: tmp dir privilege escalation fixed in 9.0.3
    "pytest-asyncio>=0.26.0",
    "pytest-cov>=6.1.1",
    "pytest-mock>=3.14.0",
    "ruff>=0.14.7",
    "transformers>=4.57.3",
    "pandas-stubs>=2.3.3.260113",
]
docs = [
    "jinja2>=3.1.6", # Pinning version to address vulnerability GHSA-cpwx-vrp4-4pq7
    "mkdocs>=1.6.0",
    "mkdocs-material>=9.6.15",
    "mkdocstrings>=1.0.0",
    "mkdocstrings-python>=2.0.1",
    "ipykernel>=7.1.0",
    "ipython>=9.8.0",
]
web-search = [
    "google-cloud-firestore>=2.21.0",
    "fastapi[standard]>=0.116.1",
    "google-genai>=1.46.0",
    "python-multipart>=0.0.26", # CVE-2026-40347: DoS via crafted multipart preamble/epilogue fixed in 0.0.26
    "simplejson>=3.20.2",
]

# Default dependency groups to be installed
[tool.uv]
default-groups = ["dev", "docs"]
# Override pinned transitive deps to patched versions (security)
override-dependencies = [
    "authlib>=1.6.11", # GHSA-jj8c-mmj3-mmgv: CSRF protection bypass; aieng-platform-onboard pins 1.6.9
]

[tool.uv.workspace]
members = [
  "aieng-eval-agents",
]

[tool.uv.sources]
aieng-eval-agents = { workspace = true }

[tool.ruff]
include = ["*.py", "pyproject.toml", "*.ipynb"]
line-length = 120

[tool.ruff.format]
quote-style = "double"
indent-style = "space"
docstring-code-format = true

[tool.ruff.lint]
select = [
    "A", # flake8-builtins
    "B", # flake8-bugbear
    "COM", # flake8-commas
    "C4", # flake8-comprehensions
    "RET", # flake8-return
    "SIM", # flake8-simplify
    "ICN", # flake8-import-conventions
    "Q", # flake8-quotes
    "RSE", # flake8-raise
    "D", # pydocstyle
    "E", # pycodestyle
    "F", # pyflakes
    "I", # isort
    "W", # pycodestyle
    "N", # pep8-naming
    "ERA", # eradicate
    "PL", # pylint
]
fixable = ["A", "B", "COM", "C4", "RET", "SIM", "ICN", "Q", "RSE", "D", "E", "F", "I", "W", "N", "ERA", "PL"]
ignore = [
    "B905", # `zip()` without an explicit `strict=` parameter
    "E501", # line too long
    "D203", # 1 blank line required before class docstring
    "D213", # Multi-line docstring summary should start at the second line
    "PLR2004", # Replace magic number with named constant
    "PLR0913", # Too many arguments
    "COM812", # Missing trailing comma
    "N999", # Number in module names.
    "ERA001", # Commented out lines.
]

# Ignore import violations in all `__init__.py` files.
# Ignore missing docstring in `__init__.py` files
# Ignore E402 in notebooks (imports not at top) as this is expected
[tool.ruff.lint.per-file-ignores]
"__init__.py" = ["E402", "F401", "F403", "F811", "D104"]
"*.ipynb" = ["E402", "D100", "D103"]



[tool.ruff.lint.pep8-naming]
ignore-names = ["X*", "setUp"]

[tool.ruff.lint.isort]
lines-after-imports = 2

[tool.ruff.lint.pydocstyle]
convention = "numpy"

[tool.ruff.lint.pycodestyle]
max-doc-length = 88

[tool.pytest.ini_options]
markers = [
    "integration_test: marks tests as integration tests",
]
asyncio_default_fixture_loop_scope = "function"
filterwarnings = [
    # Ignore deprecation warnings from google-adk/google-genai internal code
    "ignore:deprecated:DeprecationWarning:google.adk.runners",
    "ignore:Inheritance class AiohttpClientSession:DeprecationWarning:google.genai",
    "ignore:[EXPERIMENTAL] BaseAgentState:UserWarning:aieng.agent_evals.aml_investigation.workflow",
]

[tool.coverage]
    [tool.coverage.run]
    source=["aieng-eval-agents/aieng"]
    omit=["aieng-eval-agents/tests/*", "*__init__.py", "scripts/*"]

[tool.mypy]
mypy_path = "aieng-eval-agents"
namespace_packages = true
explicit_package_bases = true
exclude = ["tests/"]