# Aegis Production Requirements

# Web framework
fastapi>=0.111.0
uvicorn[standard]>=0.30.0

# Async database
sqlalchemy[asyncio]>=2.0.25
asyncpg>=0.29.0
pgvector>=0.2.4

# Validation
pydantic>=2.7.0
pydantic-settings>=2.3.0

# OpenAI
openai>=1.35.0

# Observability (optional OTEL bridge)
opentelemetry-api>=1.27.0
opentelemetry-sdk>=1.27.0

# Optional: Redis for distributed rate limiting
# redis>=5.0.0

# Optional: Structured logging
# structlog>=24.0.0

# Development
python-dotenv>=1.0.0

# Testing
pytest>=8.0.0
pytest-asyncio>=0.23.0
httpx>=0.27.0

# Transitive dependency security floors (OpenSSF Scorecard / OSV)
# Pulled in transitively (idna<-httpx, pygments<-pytest, tqdm<-openai); the loose
# upstream bounds otherwise let known-vulnerable old versions resolve. These floors
# pin to the first patched release of each advisory.
idna>=3.15        # GHSA-65pc-fj4g-8rjx
pygments>=2.20.0  # PYSEC-2023-117, GHSA-5239-wwwm-4pmq
tqdm>=4.66.3      # PYSEC-2017-74, GHSA-g7vv-2v7x-gj9p
