This folder contains the Python workspace tooling for dependency maintenance:
- validating runtime dependency lower and upper bounds
- refreshing exact dev dependency pins
- writing dependency validation reports for local runs and workflows
Run the commands below from the python/ directory.
-
validate_dependency_bounds.py- Main entrypoint for dependency-bound workflows.
- Supports
test,lower,upper, andbothmodes. testruns workspace-wide smoke validation at the lower and upper ends of the currently allowed ranges.lower,upper, andbothdispatch to the lower/upper optimizer implementations for one package.
-
upgrade_dev_dependencies.py- Refreshes exact dev dependency pins across the root
pyproject.tomland packagepyproject.tomlfiles. - Reuses the same version-selection logic as the upper-bound tooling so direct dev-tooling refreshes and dependency-range expansion stay consistent.
- Refreshes exact dev dependency pins across the root
-
_dependency_bounds_lower_impl.py- Package-scoped lower-bound optimizer.
- Tries older dependency versions within the currently allowed line and keeps the oldest passing lower bound.
- Writes
dependency-lower-bound-results.jsonin this folder by default.
-
_dependency_bounds_upper_impl.py- Package-scoped upper-bound optimizer.
- Tries newer dependency versions within candidate lines and keeps the newest passing upper bound.
- Also contains shared parsing/rewrite helpers reused by
upgrade_dev_dependencies.py. - Writes
dependency-range-results.jsonin this folder by default.
-
_dependency_bounds_runtime.py- Shared helper used by the validators to build isolated
uv runcommands. - Reattaches the repo-wide toolchain (
ruff,pyright,pytest,poethepoet, and related helpers) inside temporary environments so package tasks behave the same way they do in the workspace.
- Shared helper used by the validators to build isolated
These are the normal user-facing entrypoints:
uv run poe upgrade-dev-dependency-pins
uv run poe upgrade-dev-dependencies
uv run poe validate-dependency-bounds-test
uv run poe validate-dependency-bounds-test --package core
uv run poe validate-dependency-bounds-project --mode both --package core --dependency "<dependency-name>"upgrade-dev-dependency-pinsonly refreshes exact dev pins inpyproject.tomlfiles.upgrade-dev-dependenciesrefreshes dev pins (using task above), runsuv lock --upgrade, reinstalls from the frozen lockfile, then runscheck,typing, andtest.validate-dependency-bounds-testruns the repo-wide lower/upper smoke gate.validate-dependency-bounds-projectis the single package-scoped task; use--mode lower,--mode upper, or--mode bothfor the target package/dependency pair. Its--packageargument defaults to*, and--dependencyis optional, so automation can also use it for repo-wide upper-bound runs.
These workflows call the Poe tasks:
-
.github/workflows/python-dependency-range-validation.yml- Trigger:
workflow_dispatch - Runs
uv run poe validate-dependency-bounds-project --mode upper --package "*" - Uploads
python/scripts/dependencies/dependency-range-results.json - Creates issues for failing candidate versions and opens/updates a PR for passing range updates
- Trigger:
-
.github/workflows/python-dev-dependency-upgrade.yml- Trigger:
workflow_dispatch - Runs
uv run poe upgrade-dev-dependencies - Commits any resulting
pyproject.toml/uv.lockchanges and opens/updates a PR
- Trigger:
These are useful for debugging or targeted manual runs:
python -m scripts.dependencies.upgrade_dev_dependencies --dry-run --version-source lock
python -m scripts.dependencies.validate_dependency_bounds --mode test --package core --dry-run
python -m scripts.dependencies.validate_dependency_bounds --mode both --package core --dependencies openai --dry-run
python -m scripts.dependencies._dependency_bounds_lower_impl --packages core --dependencies openai --dry-run
python -m scripts.dependencies._dependency_bounds_upper_impl --packages core --dependencies openai --dry-runUse the direct lower/upper implementation modules mainly for debugging or development of the optimizers themselves. For normal usage, prefer the Poe tasks or validate_dependency_bounds.py.
The validators write JSON reports into this folder:
dependency-bounds-test-results.jsondependency-lower-bound-results.jsondependency-range-results.json
These report files are ignored by git.