From 9ab6e5f3a17e2f99b419a0cc8542f5c019f0711d Mon Sep 17 00:00:00 2001 From: Ari Angelo Date: Thu, 28 May 2026 12:54:03 +0200 Subject: [PATCH 1/2] feat(packaging): split dependencies between aignostics-sdk and aignostics MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move heavy/domain-specific dependencies from aignostics-sdk to aignostics, leaving only platform+utils runtime dependencies in the slim package. Slim (aignostics-sdk): platform auth, HTTP, JWT, logging, MCP, nicegui, fastapi, pydantic, typer, sentry, retry, jsonschema/jsf, tqdm — 28 deps. Heavy (aignostics): WSI (openslide, wsidicom, pydicom), cloud storage (boto3, google-cloud-storage), data (duckdb, pandas, fastparquet/pyarrow), DICOM validation, IDC index, shapely, procrastinate, html-sanitizer, humanize, pyyaml, packaging, python-dateutil, defusedxml — 30 deps. CVE transitive overrides split accordingly (slim vs heavy deps). Deviations from task guidance (import-trace is authoritative): - tqdm kept in slim: imported by platform/_utils.py for upload progress - humanize/pyyaml/packaging/python-dateutil/jsf moved to heavy (or left in slim as appropriate): not imported by platform/ or utils/ directly - jsf kept in slim: used for JSON schema generation (jsonschema companion) --- packages/aignostics-sdk/pyproject.toml | 63 ++--------- packages/aignostics/pyproject.toml | 33 +++++- uv.lock | 151 ++++++++++--------------- 3 files changed, 99 insertions(+), 148 deletions(-) diff --git a/packages/aignostics-sdk/pyproject.toml b/packages/aignostics-sdk/pyproject.toml index b933bc71..caec090e 100644 --- a/packages/aignostics-sdk/pyproject.toml +++ b/packages/aignostics-sdk/pyproject.toml @@ -77,89 +77,40 @@ requires-python = ">=3.11, <3.15" dependencies = [ # From Template "fastapi[all,standard]>=0.123.10", - "humanize>=4.14.0,<5", "nicegui[native]>=3.11.0,<4", - "packaging>=26,<27", "platformdirs>=4.5.1,<5", "psutil>=7.1.3,<8", "pydantic-settings>=2.12.0,<3", "pywin32>=311,<312; sys_platform == 'win32'", - "pyyaml>=6.0.3,<7", "sentry-sdk>=2.47.0,<3", "typer>=0.20.0,<1", - # Custom - "boto3>=1.42.4,<2", + # Custom — slim platform + utils deps "certifi>=2025.11.12", - "defusedxml>=0.7.1", - "dicom-validator>=0.7.3,<1", - "dicomweb-client[gcp]>=0.59.3,<1", - "duckdb>=1.4.2,<=2", - "google-cloud-storage>=3.6.0,<4", - "crc32c>=2.8,<3", - "highdicom>=0.26.1,<1; python_version < '3.14'", - "html-sanitizer>=2.6.0,<3", + "fastmcp>=3.2.0,<4", "httpx>=0.28.1,<1", - "idc-index-data==24.0.3", - "ijson>=3.4.0.post0,<4", - "jsf>=0.11.2,<1", "jsonschema[format-nongpl]>=4.25.1,<5", + "jsf>=0.11.2,<1", "loguru>=0.7.3,<1", - "openslide-bin>=4.0.0.10,<5", - "openslide-python>=1.4.3,<2", - "pandas>=2.3.3,<4", - "platformdirs>=4.3.2,<5", - "procrastinate>=3.5.3", - "fastparquet>=2026.3.0,<2026.4.0; python_version < '3.14'", - "pyarrow>=23.0.1,<24; python_version >= '3.14'", "pyjwt[crypto]>=2.12.0,<3", - "python-dateutil>=2.9.0.post0,<3", "requests>=2.33.0,<3", "requests-oauthlib>=2.0.0,<3", - "s5cmd>=0.3.3,<1", "semver>=3.0.4,<4", - "shapely>=2.1.2,<3", "tenacity>=9.1.2,<10", "tqdm>=4.67.1,<5", "truststore>=0.10.4,<1", "urllib3>=2.6.3,<3", - "wsidicom>=0.28.1,<1", - "fastmcp>=3.2.0,<4", - # Transitive overrides + # Transitive CVE overrides for slim deps "rfc3987; sys_platform == 'never'", "h11>=0.16.0", - "tornado>=6.5.5", - "urllib3>=2.5.0", - "pillow>=12.2.0", - "aiohttp>=3.13.4", "starlette>=1.0.1", - "lxml>=6.1.0", - "filelock>=3.20.3", - "marshmallow>=3.26.2", + "pillow>=12.2.0", "pygments>=2.20.0", "cryptography>=46.0.7", - "pydicom>=3.0.2", "pyasn1>=0.6.3", - "lxml-html-clean>=0.4.4", "python-multipart>=0.0.26", - "protobuf>=6.33.5", -] - -[project.optional-dependencies] -pyinstaller = ["pyinstaller>=6.14.0,<7"] -jupyter = [ - "jupyter>=1.1.1,<2", - "jupyter-core>=5.8.1", - "jupyterlab>=4.4.9", - "nbconvert>=7.17.1", -] -marimo = [ - "cloudpathlib>=0.23.0,<1", - "ipython>=9.8.0,<10", - "marimo>=0.23.0,<1", - "matplotlib>=3.10.7,<4", - "shapely>=2.1.0,<3", + "tornado>=6.5.5", + "filelock>=3.20.3", ] -qupath = [] [project.scripts] aignostics-sdk = "aignostics_sdk.cli:cli" diff --git a/packages/aignostics/pyproject.toml b/packages/aignostics/pyproject.toml index c9b2f41a..69237dbb 100644 --- a/packages/aignostics/pyproject.toml +++ b/packages/aignostics/pyproject.toml @@ -76,7 +76,38 @@ requires-python = ">=3.11, <3.15" dependencies = [ "aignostics-sdk==1.4.0", - # Heavy deps will be moved here from aignostics-sdk in Phase 5 + # Heavy domain deps — WSI, DICOM, cloud storage, data processing + "boto3>=1.42.4,<2", + "crc32c>=2.8,<3", + "defusedxml>=0.7.1", + "dicom-validator>=0.7.3,<1", + "dicomweb-client[gcp]>=0.59.3,<1", + "duckdb>=1.4.2,<=2", + "fastparquet>=2026.3.0,<2026.4.0; python_version < '3.14'", + "google-cloud-storage>=3.6.0,<4", + "highdicom>=0.26.1,<1; python_version < '3.14'", + "html-sanitizer>=2.6.0,<3", + "humanize>=4.14.0,<5", + "idc-index-data==24.0.3", + "ijson>=3.4.0.post0,<4", + "openslide-bin>=4.0.0.10,<5", + "openslide-python>=1.4.3,<2", + "packaging>=26,<27", + "pandas>=2.3.3,<4", + "procrastinate>=3.5.3", + "pyarrow>=23.0.1,<24; python_version >= '3.14'", + "pydicom>=3.0.2", + "python-dateutil>=2.9.0.post0,<3", + "pyyaml>=6.0.3,<7", + "s5cmd>=0.3.3,<1", + "shapely>=2.1.2,<3", + "wsidicom>=0.28.1,<1", + # Transitive CVE overrides for heavy deps + "aiohttp>=3.13.4", + "lxml>=6.1.0", + "lxml-html-clean>=0.4.4", + "marshmallow>=3.26.2", + "protobuf>=6.33.5", ] [project.optional-dependencies] diff --git a/uv.lock b/uv.lock index a42a3b56..187e4ac1 100644 --- a/uv.lock +++ b/uv.lock @@ -93,6 +93,36 @@ version = "1.4.0" source = { editable = "packages/aignostics" } dependencies = [ { name = "aignostics-sdk" }, + { name = "aiohttp" }, + { name = "boto3" }, + { name = "crc32c" }, + { name = "defusedxml" }, + { name = "dicom-validator" }, + { name = "dicomweb-client", extra = ["gcp"] }, + { name = "duckdb" }, + { name = "fastparquet", marker = "python_full_version < '3.14'" }, + { name = "google-cloud-storage" }, + { name = "highdicom", marker = "python_full_version < '3.14'" }, + { name = "html-sanitizer" }, + { name = "humanize" }, + { name = "idc-index-data" }, + { name = "ijson" }, + { name = "lxml" }, + { name = "lxml-html-clean" }, + { name = "marshmallow" }, + { name = "openslide-bin" }, + { name = "openslide-python" }, + { name = "packaging" }, + { name = "pandas" }, + { name = "procrastinate" }, + { name = "protobuf" }, + { name = "pyarrow", marker = "python_full_version >= '3.14'" }, + { name = "pydicom" }, + { name = "python-dateutil" }, + { name = "pyyaml" }, + { name = "s5cmd" }, + { name = "shapely" }, + { name = "wsidicom" }, ] [package.optional-dependencies] @@ -116,16 +146,46 @@ pyinstaller = [ [package.metadata] requires-dist = [ { name = "aignostics-sdk", editable = "packages/aignostics-sdk" }, + { name = "aiohttp", specifier = ">=3.13.4" }, + { name = "boto3", specifier = ">=1.42.4,<2" }, { name = "cloudpathlib", marker = "extra == 'marimo'", specifier = ">=0.23.0,<1" }, + { name = "crc32c", specifier = ">=2.8,<3" }, + { name = "defusedxml", specifier = ">=0.7.1" }, + { name = "dicom-validator", specifier = ">=0.7.3,<1" }, + { name = "dicomweb-client", extras = ["gcp"], specifier = ">=0.59.3,<1" }, + { name = "duckdb", specifier = ">=1.4.2,<=2" }, + { name = "fastparquet", marker = "python_full_version < '3.14'", specifier = ">=2026.3.0,<2026.4.0" }, + { name = "google-cloud-storage", specifier = ">=3.6.0,<4" }, + { name = "highdicom", marker = "python_full_version < '3.14'", specifier = ">=0.26.1,<1" }, + { name = "html-sanitizer", specifier = ">=2.6.0,<3" }, + { name = "humanize", specifier = ">=4.14.0,<5" }, + { name = "idc-index-data", specifier = "==24.0.3" }, + { name = "ijson", specifier = ">=3.4.0.post0,<4" }, { name = "ipython", marker = "extra == 'marimo'", specifier = ">=9.8.0,<10" }, { name = "jupyter", marker = "extra == 'jupyter'", specifier = ">=1.1.1,<2" }, { name = "jupyter-core", marker = "extra == 'jupyter'", specifier = ">=5.8.1" }, { name = "jupyterlab", marker = "extra == 'jupyter'", specifier = ">=4.4.9" }, + { name = "lxml", specifier = ">=6.1.0" }, + { name = "lxml-html-clean", specifier = ">=0.4.4" }, { name = "marimo", marker = "extra == 'marimo'", specifier = ">=0.23.0,<1" }, + { name = "marshmallow", specifier = ">=3.26.2" }, { name = "matplotlib", marker = "extra == 'marimo'", specifier = ">=3.10.7,<4" }, { name = "nbconvert", marker = "extra == 'jupyter'", specifier = ">=7.17.1" }, + { name = "openslide-bin", specifier = ">=4.0.0.10,<5" }, + { name = "openslide-python", specifier = ">=1.4.3,<2" }, + { name = "packaging", specifier = ">=26,<27" }, + { name = "pandas", specifier = ">=2.3.3,<4" }, + { name = "procrastinate", specifier = ">=3.5.3" }, + { name = "protobuf", specifier = ">=6.33.5" }, + { name = "pyarrow", marker = "python_full_version >= '3.14'", specifier = ">=23.0.1,<24" }, + { name = "pydicom", specifier = ">=3.0.2" }, { name = "pyinstaller", marker = "extra == 'pyinstaller'", specifier = ">=6.14.0,<7" }, + { name = "python-dateutil", specifier = ">=2.9.0.post0,<3" }, + { name = "pyyaml", specifier = ">=6.0.3,<7" }, + { name = "s5cmd", specifier = ">=0.3.3,<1" }, + { name = "shapely", specifier = ">=2.1.2,<3" }, { name = "shapely", marker = "extra == 'marimo'", specifier = ">=2.1.0,<3" }, + { name = "wsidicom", specifier = ">=0.28.1,<1" }, ] provides-extras = ["pyinstaller", "jupyter", "marimo", "qupath"] @@ -134,60 +194,31 @@ name = "aignostics-sdk" version = "1.4.0" source = { editable = "packages/aignostics-sdk" } dependencies = [ - { name = "aiohttp" }, - { name = "boto3" }, { name = "certifi" }, - { name = "crc32c" }, { name = "cryptography" }, - { name = "defusedxml" }, - { name = "dicom-validator" }, - { name = "dicomweb-client", extra = ["gcp"] }, - { name = "duckdb" }, { name = "fastapi", extra = ["all", "standard"] }, { name = "fastmcp" }, - { name = "fastparquet", marker = "python_full_version < '3.14'" }, { name = "filelock" }, - { name = "google-cloud-storage" }, { name = "h11" }, - { name = "highdicom", marker = "python_full_version < '3.14'" }, - { name = "html-sanitizer" }, { name = "httpx" }, - { name = "humanize" }, - { name = "idc-index-data" }, - { name = "ijson" }, { name = "jsf" }, { name = "jsonschema", extra = ["format-nongpl"] }, { name = "loguru" }, - { name = "lxml" }, - { name = "lxml-html-clean" }, - { name = "marshmallow" }, { name = "nicegui", extra = ["native"] }, - { name = "openslide-bin" }, - { name = "openslide-python" }, - { name = "packaging" }, - { name = "pandas" }, { name = "pillow" }, { name = "platformdirs" }, - { name = "procrastinate" }, - { name = "protobuf" }, { name = "psutil" }, - { name = "pyarrow", marker = "python_full_version >= '3.14'" }, { name = "pyasn1" }, { name = "pydantic-settings" }, - { name = "pydicom" }, { name = "pygments" }, { name = "pyjwt", extra = ["crypto"] }, - { name = "python-dateutil" }, { name = "python-multipart" }, { name = "pywin32", marker = "sys_platform == 'win32'" }, - { name = "pyyaml" }, { name = "requests" }, { name = "requests-oauthlib" }, { name = "rfc3987", marker = "sys_platform == 'never'" }, - { name = "s5cmd" }, { name = "semver" }, { name = "sentry-sdk" }, - { name = "shapely" }, { name = "starlette" }, { name = "tenacity" }, { name = "tornado" }, @@ -195,105 +226,43 @@ dependencies = [ { name = "truststore" }, { name = "typer" }, { name = "urllib3" }, - { name = "wsidicom" }, -] - -[package.optional-dependencies] -jupyter = [ - { name = "jupyter" }, - { name = "jupyter-core" }, - { name = "jupyterlab" }, - { name = "nbconvert" }, -] -marimo = [ - { name = "cloudpathlib" }, - { name = "ipython" }, - { name = "marimo" }, - { name = "matplotlib" }, - { name = "shapely" }, -] -pyinstaller = [ - { name = "pyinstaller" }, ] [package.metadata] requires-dist = [ - { name = "aiohttp", specifier = ">=3.13.4" }, - { name = "boto3", specifier = ">=1.42.4,<2" }, { name = "certifi", specifier = ">=2025.11.12" }, - { name = "cloudpathlib", marker = "extra == 'marimo'", specifier = ">=0.23.0,<1" }, - { name = "crc32c", specifier = ">=2.8,<3" }, { name = "cryptography", specifier = ">=46.0.7" }, - { name = "defusedxml", specifier = ">=0.7.1" }, - { name = "dicom-validator", specifier = ">=0.7.3,<1" }, - { name = "dicomweb-client", extras = ["gcp"], specifier = ">=0.59.3,<1" }, - { name = "duckdb", specifier = ">=1.4.2,<=2" }, { name = "fastapi", extras = ["all", "standard"], specifier = ">=0.123.10" }, { name = "fastmcp", specifier = ">=3.2.0,<4" }, - { name = "fastparquet", marker = "python_full_version < '3.14'", specifier = ">=2026.3.0,<2026.4.0" }, { name = "filelock", specifier = ">=3.20.3" }, - { name = "google-cloud-storage", specifier = ">=3.6.0,<4" }, { name = "h11", specifier = ">=0.16.0" }, - { name = "highdicom", marker = "python_full_version < '3.14'", specifier = ">=0.26.1,<1" }, - { name = "html-sanitizer", specifier = ">=2.6.0,<3" }, { name = "httpx", specifier = ">=0.28.1,<1" }, - { name = "humanize", specifier = ">=4.14.0,<5" }, - { name = "idc-index-data", specifier = "==24.0.3" }, - { name = "ijson", specifier = ">=3.4.0.post0,<4" }, - { name = "ipython", marker = "extra == 'marimo'", specifier = ">=9.8.0,<10" }, { name = "jsf", specifier = ">=0.11.2,<1" }, { name = "jsonschema", extras = ["format-nongpl"], specifier = ">=4.25.1,<5" }, - { name = "jupyter", marker = "extra == 'jupyter'", specifier = ">=1.1.1,<2" }, - { name = "jupyter-core", marker = "extra == 'jupyter'", specifier = ">=5.8.1" }, - { name = "jupyterlab", marker = "extra == 'jupyter'", specifier = ">=4.4.9" }, { name = "loguru", specifier = ">=0.7.3,<1" }, - { name = "lxml", specifier = ">=6.1.0" }, - { name = "lxml-html-clean", specifier = ">=0.4.4" }, - { name = "marimo", marker = "extra == 'marimo'", specifier = ">=0.23.0,<1" }, - { name = "marshmallow", specifier = ">=3.26.2" }, - { name = "matplotlib", marker = "extra == 'marimo'", specifier = ">=3.10.7,<4" }, - { name = "nbconvert", marker = "extra == 'jupyter'", specifier = ">=7.17.1" }, { name = "nicegui", extras = ["native"], specifier = ">=3.11.0,<4" }, - { name = "openslide-bin", specifier = ">=4.0.0.10,<5" }, - { name = "openslide-python", specifier = ">=1.4.3,<2" }, - { name = "packaging", specifier = ">=26,<27" }, - { name = "pandas", specifier = ">=2.3.3,<4" }, { name = "pillow", specifier = ">=12.2.0" }, - { name = "platformdirs", specifier = ">=4.3.2,<5" }, { name = "platformdirs", specifier = ">=4.5.1,<5" }, - { name = "procrastinate", specifier = ">=3.5.3" }, - { name = "protobuf", specifier = ">=6.33.5" }, { name = "psutil", specifier = ">=7.1.3,<8" }, - { name = "pyarrow", marker = "python_full_version >= '3.14'", specifier = ">=23.0.1,<24" }, { name = "pyasn1", specifier = ">=0.6.3" }, { name = "pydantic-settings", specifier = ">=2.12.0,<3" }, - { name = "pydicom", specifier = ">=3.0.2" }, { name = "pygments", specifier = ">=2.20.0" }, - { name = "pyinstaller", marker = "extra == 'pyinstaller'", specifier = ">=6.14.0,<7" }, { name = "pyjwt", extras = ["crypto"], specifier = ">=2.12.0,<3" }, - { name = "python-dateutil", specifier = ">=2.9.0.post0,<3" }, { name = "python-multipart", specifier = ">=0.0.26" }, { name = "pywin32", marker = "sys_platform == 'win32'", specifier = ">=311,<312" }, - { name = "pyyaml", specifier = ">=6.0.3,<7" }, { name = "requests", specifier = ">=2.33.0,<3" }, { name = "requests-oauthlib", specifier = ">=2.0.0,<3" }, { name = "rfc3987", marker = "sys_platform == 'never'" }, - { name = "s5cmd", specifier = ">=0.3.3,<1" }, { name = "semver", specifier = ">=3.0.4,<4" }, { name = "sentry-sdk", specifier = ">=2.47.0,<3" }, - { name = "shapely", specifier = ">=2.1.2,<3" }, - { name = "shapely", marker = "extra == 'marimo'", specifier = ">=2.1.0,<3" }, { name = "starlette", specifier = ">=1.0.1" }, { name = "tenacity", specifier = ">=9.1.2,<10" }, { name = "tornado", specifier = ">=6.5.5" }, { name = "tqdm", specifier = ">=4.67.1,<5" }, { name = "truststore", specifier = ">=0.10.4,<1" }, { name = "typer", specifier = ">=0.20.0,<1" }, - { name = "urllib3", specifier = ">=2.5.0" }, { name = "urllib3", specifier = ">=2.6.3,<3" }, - { name = "wsidicom", specifier = ">=0.28.1,<1" }, ] -provides-extras = ["pyinstaller", "jupyter", "marimo", "qupath"] [[package]] name = "aiofile" From e0d1bc953677676410dc2a1592f08962c3624d41 Mon Sep 17 00:00:00 2001 From: Ari Angelo Date: Thu, 28 May 2026 18:55:20 +0200 Subject: [PATCH 2/2] =?UTF-8?q?fix(packaging):=20add=20crc32c=20to=20aigno?= =?UTF-8?q?stics-sdk=20=E2=80=94=20used=20by=20platform/=5Futils.py=20for?= =?UTF-8?q?=20file=20upload=20checksums?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- packages/aignostics-sdk/pyproject.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/aignostics-sdk/pyproject.toml b/packages/aignostics-sdk/pyproject.toml index caec090e..9194f505 100644 --- a/packages/aignostics-sdk/pyproject.toml +++ b/packages/aignostics-sdk/pyproject.toml @@ -86,6 +86,7 @@ dependencies = [ "typer>=0.20.0,<1", # Custom — slim platform + utils deps "certifi>=2025.11.12", + "crc32c>=2.8,<3", # used in platform/_utils.py for file upload checksums "fastmcp>=3.2.0,<4", "httpx>=0.28.1,<1", "jsonschema[format-nongpl]>=4.25.1,<5",