-
Notifications
You must be signed in to change notification settings - Fork 24
Expand file tree
/
Copy pathpyproject.toml
More file actions
109 lines (98 loc) · 4.16 KB
/
pyproject.toml
File metadata and controls
109 lines (98 loc) · 4.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
[project]
name = "backgroundagent"
version = "0.1.0"
description = "Background coding agent — runs tasks in isolated cloud environments and produces pull requests"
requires-python = ">=3.13"
dependencies = [
"boto3==1.43.9", #https://pypi.org/project/boto3/
# Vestigial from the parked AgentCore Identity flow (Phase 2.0a).
# Phase 2.0b reads per-workspace Linear OAuth tokens directly from
# Secrets Manager because AgentCore Identity's USER_FEDERATION
# flow has an open service-side bug (see memory/project_oauth_2_0b.md).
# Kept here so the workload-token bridge in `server.py` still
# imports cleanly when Phase 2.0c eventually resumes the
# AgentCore Identity path. The bridge is now wrapped in
# try/except (ImportError, AttributeError), so removing this dep
# would degrade gracefully — but for now we keep the dep to
# preserve the clean code path.
"bedrock-agentcore==1.9.1", #https://pypi.org/project/bedrock-agentcore/
"claude-agent-sdk==0.2.82", #https://github.com/anthropics/claude-agent-sdk-python/releases/tag/v0.2.82
"requests==2.34.2", #https://pypi.org/project/requests/
"fastapi==0.136.1", #https://pypi.org/project/fastapi/
"uvicorn==0.47.0", #https://pypi.org/project/uvicorn/
"aws-opentelemetry-distro==0.17.0", #https://pypi.org/project/aws-opentelemetry-distro/
"mcp==1.27.1", #https://pypi.org/project/mcp/
# CEDAR ENGINE PARITY — DO NOT BUMP IN ISOLATION.
# cedarpy (Python, agent runtime) and @cedar-policy/cedar-wasm (TypeScript,
# CDK Lambdas) are two language bindings over the same Cedar Rust core.
# Even patch-version drift between the bindings can produce divergent
# (decision, matching_rule_ids) on the same (policy, input) — a class
# of bug invisible to per-side unit tests. The contracts/cedar-parity/
# golden fixtures are how CI catches divergence; if you bump cedarpy
# you MUST bump @cedar-policy/cedar-wasm to a tested-compatible version
# in cdk/package.json AND refresh the parity fixtures, in the same
# commit. See docs/design/CEDAR_HITL_GATES.md §15.6 (decision #23) and
# the parity-contract banner in mise.toml.
"cedarpy==4.8.3", #https://github.com/k9securityio/cedar-py — EXACT pin (no ^/~), parity with @cedar-policy/cedar-wasm@4.8.2 (both Cedar Rust 4.8.2)
]
[tool.uv]
constraint-dependencies = [
"pyjwt>=2.13.0", # PYSEC-2026-175/177/178/179 — transitive via mcp; remove when mcp bumps floor (#267)
]
[tool.bandit]
exclude_dirs = ["tests", ".venv"]
skips = [
"B101", # assert_used — tests use assert, ruff S101 handles per-file
"B602", # subprocess shell=True — needed for shell tool execution
"B603", # subprocess calls — needed for shell tool execution
"B607", # partial executable paths — sh -c pattern is safe
"B701", # jinja2_autoescape_false — templates are LLM prompts, not web HTML
]
[dependency-groups]
dev = [
"ruff",
"ty",
"pytest",
"pygments==2.20.0",
"pytest-cov==7.1.0",
]
[tool.ruff]
target-version = "py313"
line-length = 100
[tool.ruff.lint]
select = [
"E", # pycodestyle errors
"W", # pycodestyle warnings
"F", # pyflakes
"I", # isort
"B", # flake8-bugbear
"S", # flake8-bandit (security)
"UP", # pyupgrade
"SIM", # flake8-simplify
"TCH", # flake8-type-checking
"RUF", # ruff-specific rules
]
ignore = [
"S603", # subprocess call — allowed for agent CLI operations
"S607", # partial executable path — agent relies on PATH for git, gh, mise
]
[tool.ruff.lint.per-file-ignores]
"src/entrypoint.py" = ["E402"] # re-export shim: importlib.reload() call must precede re-export from-imports
"src/system_prompt.py" = ["E501"] # long prompt strings
"src/prompts/*.py" = ["E501"] # long prompt strings
"tests/**" = ["S101", "S106", "S108", "E402"] # assert; test tokens; /tmp paths; importorskip
[tool.pytest.ini_options]
testpaths = ["tests"]
pythonpath = ["src"]
[tool.coverage.run]
branch = true
source = ["src"]
relative_files = true
[tool.coverage.report]
fail_under = 72
precision = 2
show_missing = true
skip_covered = true
[tool.ty.environment]
python-version = "3.13"
extra-paths = ["src"]