forked from OpenHands/software-agent-sdk
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpyproject.toml
More file actions
125 lines (112 loc) · 3.3 KB
/
pyproject.toml
File metadata and controls
125 lines (112 loc) · 3.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# UV workspace configuration
[tool.uv.workspace]
members = ["openhands-sdk", "openhands-tools", "openhands-workspace", "openhands-agent-server"]
# Security: Enforce minimum versions for transitive dependencies with known CVEs
[tool.uv]
constraint-dependencies = [
"starlette>=0.49.1", # CVE-2025-62727
"aiohttp>=3.13.3", # CVE-2025-69223 + 7 others
"urllib3>=2.6.3", # CVE-2026-21441, CVE-2025-66471, CVE-2025-66418
"protobuf>=6.33.5", # CVE-2026-0994
"pillow>=12.1.1", # CVE-2026-25990
"orjson>=3.11.7", # CVE-2025-67221
"rich>=14.3.3", # Version 14.3.2 essentially has a denial-of-service vulnerability which is outlined in https://github.com/Textualize/rich/issues/3958
]
# Workspace sources for intra-repo dependencies
[tool.uv.sources]
openhands-sdk = { workspace = true }
openhands-tools = { workspace = true }
openhands-workspace = { workspace = true }
openhands-agent-server = { workspace = true }
[dependency-groups]
dev = [
"pre-commit>=4.3.0",
"packaging>=24.2",
"psutil>=7.0.0",
"pyright[nodejs]>=1.1.405",
"pytest>=8.4.1",
"pytest-cov>=5.0.0",
"ruff>=0.12.10",
"pycodestyle>=2.12.0",
"pytest-asyncio>=1.1.0",
"pytest-forked>=1.6.0",
"pytest-xdist>=3.6.0",
"tabulate>=0.9.0",
"pyinstaller>=6.16.0",
"streamlit>=1.49.1",
"pytest-timeout>=2.4.0",
"griffe[pypi]>=2.0.0",
]
# Ruff configuration
[tool.ruff]
target-version = "py313"
line-length = 88
[tool.ruff.format]
quote-style = "double"
indent-style = "space"
[tool.ruff.lint]
select = [
"E", # pycodestyle errors
"F", # pyflakes (includes F841: unused-variable)
"I", # isort
"UP", # pyupgrade
"ARG", # flake8-unused-arguments
]
# Enforce rules that catch mutable defaults and related pitfalls
# - B006: mutable-argument-default
# - B008: function-call-in-default-argument
# - B039: mutable-contextvar-default
# - RUF012: mutable-class-default
extend-select = ["B006", "B008", "B039", "RUF012"]
[tool.ruff.lint.per-file-ignores]
# Test files often have unused arguments (fixtures, mocks, interface implementations)
"tests/**/*.py" = ["ARG"]
# Allowlist safe default calls for flake8-bugbear rules (e.g., FastAPI Depends)
[tool.ruff.lint.flake8-bugbear]
extend-immutable-calls = [
"fastapi.Depends",
"fastapi.params.Depends",
]
[tool.ruff.lint.isort]
known-first-party = ["openhands"]
combine-as-imports = true
force-single-line = false
lines-after-imports = 2
# Pytest configuration
[tool.pytest.ini_options]
testpaths = [
"tests"
]
python_files = ["test_*.py"]
python_classes = ["Test*"]
python_functions = ["test_*"]
addopts = "-v --tb=short"
asyncio_mode = "auto"
# Pyright configuration for PEP 420 namespace packages
# This is needed for VSCode to properly resolve imports across multiple packages in the monorepo
[tool.pyright]
include = [
"openhands-sdk",
"openhands-tools",
"openhands-workspace",
"openhands-agent-server",
"examples",
"tests",
"scripts"
]
extraPaths = [
"openhands-sdk",
"openhands-tools",
"openhands-workspace",
"openhands-agent-server"
]
venvPath = "."
venv = ".venv"
pythonVersion = "3.13"
useLibraryCodeForTypes = true
typeCheckingMode = "standard"
[[tool.uv.index]]
name = "testpypi"
url = "https://test.pypi.org/simple/"
publish-url = "https://test.pypi.org/legacy/"
explicit = true