# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: 2025-2026 Marcus Quinn

# AI DevOps Framework - Python Dependencies
# DSPy and DSPyGround integration requirements
#
# SECURITY: All versions pinned to exact versions (==) to prevent supply chain
# attacks via malicious PyPI uploads. See: LiteLLM supply chain incident
# (March 2026) where compromised v1.82.7/v1.82.8 contained credential stealers.
# Update versions deliberately via requirements-lock.txt, not automatically.

# Core DSPy packages (dspy-ai was a legacy alias, removed in favour of dspy)
dspy==3.1.0b1

# Core dependencies for AI/ML workflows
openai==2.8.0
litellm==1.79.3
pandas==2.3.3
numpy==2.0.2
requests==2.33.0

# Data processing and storage
datasets==4.4.1
diskcache==5.6.3  # KNOWN: CVE-2025-69872 — no patch available yet, monitor for update
joblib==1.5.2

# Optimization and experimentation
optuna==4.6.0
tenacity==9.1.2

# Utilities
rich==14.2.0
tqdm==4.67.1
python-dotenv==1.2.2
pydantic==2.12.4

# Optional: Browser automation (for Agno integration)
# playwright>=1.40.0
# selenium>=4.15.0
# beautifulsoup4>=4.12.0
# requests-html>=0.10.0

# Development and testing
# pytest>=7.4.0
# pytest-asyncio>=0.21.0
# black>=23.0.0
# flake8>=6.0.0
