chore(deps): bump the python-deps group across 1 directory with 15 updates#14
Closed
dependabot[bot] wants to merge 186 commits into
Closed
chore(deps): bump the python-deps group across 1 directory with 15 updates#14dependabot[bot] wants to merge 186 commits into
dependabot[bot] wants to merge 186 commits into
Conversation
Documentació corregida i actualitzada: - API.md: Endpoints correctes amb /v1/, dual-key auth, X-API-Key headers - SECURITY.md: Configuració real (server.toml), paths correctes, MAX_SCAN_LENGTH - RAG.md: Sistema híbrid embeddings (nomic-embed-text 768d), 3 col·leccions, chunking en caràcters - USAGE.md: CLI real (memory recall/store/stats/cleanup, knowledge ingest), autenticació obligatòria - README.md: Stack correcte (Click+Rich), compatibilitat OpenAI parcial, SECURITY.md afegit Canvis principals documentació: - Models embeddings: Ollama nomic-embed-text (768 dims) + fallbacks documentats - Col·leccions Qdrant: nexe_chat_memory, nexe_documentation, user_knowledge - Thresholds diferenciats: 0.4 (docs), 0.35 (knowledge), 0.3 (memory) - Chunking: 1500/200 chars (text general), 800/100 (RAG endpoint) - Autenticació X-API-Key obligatòria a tots els endpoints /v1/* - CLI real: store|recall|stats|cleanup (no search/list/delete) - Paths correctes: storage/qdrant/, /v1/memory/*, /api/info Codi NEXE 0.8 complet afegit: - Core: FastAPI server, CLI, endpoints, loaders - Plugins: MLX, llama.cpp, Ollama, security, web UI - Memory: RAG system, embeddings, Qdrant integration - Personality: i18n, module management, configuration Eliminats: - PRODUCTION_PLAN.md - REVIEW_SUPERCONSULTOR_2026-01-31.md Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…cepts
- memory/rag/routers/endpoints.py: ALLOWED_UPLOAD_EXTENSIONS whitelist,
filename sanitization (Path.name) to prevent path traversal,
generic 500 error messages (no internal details exposed)
- core/endpoints/root.py: /health/ready returns only {status, timestamp}
to avoid exposing internal module list without auth
- plugins/web_ui_module/session_manager.py: implement cleanup_inactive()
with timedelta TTL to prevent session memory leak
- memory/memory/engines/persistence.py: QDRANT_API_KEY env var support
for authenticated Qdrant deployments
- core/endpoints/chat.py: log JSONDecodeError in Ollama stream,
handle asyncio.CancelledError on client disconnect
- plugins/web_ui_module/memory_helper.py: replace bare except with
except Exception + debug logging
- .env.example: document all env vars including QDRANT_API_KEY
- .dockerignore: exclude .env, storage/, venv/, .git/ from Docker image
- .github/workflows/ci.yml: pip-audit CVE scan + unit tests
- core/endpoints/tests/test_security.py: 14 security regression tests
Assisted by AI
- fastapi 0.109.0 → 0.128.8 (starlette 0.49.1+, tanca GHSA-2c2j + GHSA-7f5h) - uvicorn 0.27.0.post1 → 0.34.3 - pydantic 2.6.0 → 2.10.6 - python-multipart 0.0.6 → 0.0.22 (tanca GHSA-wp53-j4wj-2cfg) - httpx 0.26.0 → 0.27.2 - qdrant-client 1.12.0 → 1.13.3 - structlog 24.1.0 → 25.5.0 - tenacity 8.2.3 → 9.1.2 - python-dotenv 1.0.1 → 1.2.1 - huggingface_hub 0.20.3 → 0.36.2 - sentence-transformers 2.3.1 → 2.7.0 - pypdf 4.0.1 → 6.7.1 (tanca 7 CVEs GHSA-*) - numpy 1.26.4 mantingut (numpy 2.x breaking changes) - rich/typer mantinguts (cadena de compatibilitat) Verificat: pip-audit 0 vulnerabilitats, 14/14 tests passen Assisted by AI
… endpoints M-7: personality/i18n/i18n_manager.py i modular_i18n.py usaven 8 línies de codi duplicat per cercar server.toml. Ara deleguen a core.config.find_config_path (funció centralitzada ja existent). M-8: personality/i18n/__init__.py: _global_i18n = None s'inicialitzava lazy sense lock. Afegit threading.Lock + double-checked locking per evitar race condition en entorns async/multi-thread. T-3: memory/rag/tests/test_endpoints.py: 14 tests unitaris nous pels endpoints RAG (upload, search, add_document, whitelist extensions). Cobreixen: validació extensions, path traversal, errors 500 genèrics, resultats correctes, metadades invàlides, fitxers massa grans. Total tests: 28/28 passen. Assisted by AI
…p.state
- factory_state.py: eliminar 4 crides register_service() (codi mort)
- lifespan.py: sincronitzar app.state.config amb server_state.config en reload
- memory/module.py: substituir get_service() per get_i18n() i get_server_state()
- web_ui/manifest.py: substituir get_service("module_manager") per get_server_state()
- container.py: marcar com a DEPRECATED (mantingut per tests, eliminar en v0.9)
Resultat: font única per a cada objecte; desync config eliminat.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
N-1: server.toml → production, debug=false, reload=false N-2: system.py → PID i kill commands eliminats de respostes HTTP N-3: memory/api/v1.py → str(e) → error genèric + exc_info=True N-4: manifest.py → path traversal /ui/static/ bloquejat (resolve+startswith) N-5: session cleanup asyncio periòdic (cada hora, TTL 24h) N-6: system health → versió llegida de config (no hardcoded "0.7.1") N-7+N-8: manifest.py → import duplicat + _initialized eliminats Tests: +35 (test_security_n_series.py), total 49 passed Docs: SECURITY.md secció N-series afegida Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- security_logger/logger.py: hostname nexe-server → server-nexe - RUNTIME_CONTRACT.md: nexe.core.server_nexe → core.app (mòdul real) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- manifest.toml (×8): server.nexe/ → server-nexe/ (comentaris i paths) - nexe script: path hardcodat /NatSytem/server-nexe → /NatSytem/Nexe/server-nexe Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- cli/output.py: banner title server.nexe → server-nexe - security/manifest.py: comentari server.nexe root → server-nexe root Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- setup.sh: comprovació Python >=3.10 amb missatge clar (brew install python@3.11) (python-multipart==0.0.22 i altres deps requereixen Python 3.10+) - install_nexe.py: logo tagline traduït a català Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- 14 strings hardcoded ara passen per t() (ca/es/en)
- Afegides 37 claus noves a les 3 traduccions:
- Pantalla selecció de models (mida, model, motor)
- Descàrrega Ollama/GGUF/MLX (progress steps)
- Metal fallback (opcions, missatges d'error)
- rec_label ara usa t('size_small/medium/large')
- "Motors:" ara usa t('engines_label')
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Prova python3.11/3.12/3.10, paths Homebrew (/opt/homebrew), i /usr/local/bin abans de caure a python3 del sistema. Usa PYTHON_BIN per llançar install_nexe.py. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ZIP de GitHub no preserva permisos d'execució. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- MODEL_CATALOG: lang i description ara dicts {ca/es/en} per a 7 models
- Afegides claus disk_label i fits_tight a les 3 traduccions
- Display: usa model['lang'][LANG], model['description'][LANG]
- "💾 Disc:" → t('disk_label') (Disc/Disco/Disk)
- "Pot anar just" → t('fits_tight')
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
install_nexe.py: - Strings embeddings download/validation ara usen t() - Passa NEXE_LANG com a env var al subprocess d'ingesta - Afegides claus: embeddings_*, processing_knowledge_*, knowledge_indexed_ok core/ingest/ingest_knowledge.py: - Afegit _I18N dict + _t() que llegeix NEXE_LANG - Tots els missatges ara multilingüe (ca/es/en) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- knowledge/: 9 documents amb capçalera # === METADATA RAG === (id, abstract, tags, chunk_size, priority). README.md mogut de l'arrel a knowledge/ i ara és ingestable (id: nexe-overview, P1). - Exclusió README.md eliminada dels 4 punts d'ingestió (lifespan, cli, ingest_knowledge, install_nexe). - header_parser.py: fix _extract_header — blank lines seguides de comentaris de secció (# ===) ja no trenquen el parsing. - OpenAPI: summary= afegit als 33 endpoints; tags= a routers sense etiquetar (system, modules); descripció global enriquida a factory_app.py. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Docs moguts a knowledge/ca/ (estructura multi-idioma). El glob **/*.md ja era recursiu, cap canvi de codi a ingestió. - knowledge/en/ pot afegir-se quan calgui. - chat.py: cerca user_knowledge filtra per lang=NEXE_LANG (default 'ca') via filter_metadata — usa FieldCondition Qdrant existent. Cada idioma de servidor retorna només docs en el seu idioma. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- chat.py: llegeix idioma de req.app.state.i18n.current_language en runtime (p.ex. "ca-ES" → "ca"). Fallback: NEXE_LANG env → "ca". Aix\xed el selector d'idioma del servidor afecta la cerca RAG immediatament. - Afegides carpetes knowledge/es/ i knowledge/en/ (buides) per docs futurs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- knowledge/es/: 9 documents traduïts (API, ARCHITECTURE, INSTALLATION, LIMITATIONS, PLUGINS, RAG, README, SECURITY, USAGE) - knowledge/en/: 9 documents traduïts - Capçaleres RAG actualitzades: lang ca→es/en, abstract i tags traduïts - Termes tècnics, blocs de codi, paths i URLs preservats intactes - 27/27 documents passen validació parse_rag_header Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- core/ingest/ingest_knowledge.py: usa knowledge/{NEXE_LANG}/ si existeix
- core/lifespan.py: aplica mateix filtre de llengua a auto-ingest startup
- core/cli/cli.py: aplica filtre de llengua a 'nexe knowledge ingest'
- install_nexe.py: detecta subcarpeta de llengua per comptatge de fitxers
- knowledge/*.md: eliminats de l'arrel (moviment completat a knowledge/ca/)
- requirements.txt: qdrant-client==1.13.3 → >=1.17.0
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
profiles.py: - CONSUMER: gemma2:2b → phi3.5 (Phi-3.5 Mini 3.8B, millor instruccions) - PRO: llama3.2:3b → llama3.1:8b (adequat per 16-32GB RAM) secondary: gemma2:9b → mistral:7b | embedding: nomic → all-MiniLM-L6-v2 context_window: 16384 → 32768 - ULTRA: llama3.1:8b → llama3.1:70b (qualitat màxima per >32GB) secondary: mistral-nemo:12b → mixtral:8x7b embedding: mxbai-embed-large → all-MiniLM-L6-v2 context_window: 32768 → 65536 registry.py — afegits 4 nous models: - salamandra2b (BSC/AINA, Ollama, llengües ibèriques) - salamandra7b (BSC/AINA, Ollama+GGUF, el millor per català) - mistral7b (MLX+Ollama+GGUF, equilibri qualitat/velocitat) - llama3.1-70b (MLX+Ollama+GGUF, qualitat professional) - mixtral (MLX+Ollama+GGUF, MoE 8x7B) server.toml: - secondary: "mistral-nemo:12b" → "" (engine-specific, no hardcoded) - embedding: "mxbai-embed-large" → "all-MiniLM-L6-v2" (model real del sistema) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…EFAULT_MODEL Problema: _forward_to_ollama usava NEXE_DEFAULT_MODEL que pot contenir una URL HuggingFace (per llama_cpp/mlx), causant fallback silenciós al primer model disponible d'Ollama sense cap avís. Solució: - Prioritat nova: request.model > NEXE_OLLAMA_MODEL > NEXE_DEFAULT_MODEL (si no és URL/path) > config > "llama3.2" - NEXE_DEFAULT_MODEL amb URLs o paths locals s'ignora per Ollama - install_nexe.py escriu NEXE_OLLAMA_MODEL quan l'engine és ollama - _update_env_model_config gestiona NEXE_OLLAMA_MODEL en actualitzacions - Retrocompatible: instal·lacions existents amb NEXE_DEFAULT_MODEL=nom-ollama segueixen funcionant Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
llama_cpp_module/config.py: - chat_format default: "gemma" → "chatml" (2 llocs: dataclass + from_env) - valid_formats ampliat: afegits "llama-3" i "phi-3" install_nexe.py: - MODEL_CATALOG: camp "chat_format" a cada model GGUF · phi35/salamandra2b/salamandra7b: "chatml" · mistral7b/mixtral: "mistral" · llama31_8b/llama31_70b: "llama-3" - generate_env_file: escriu NEXE_LLAMA_CPP_CHAT_FORMAT per engine llama_cpp - _update_env_model_config: actualitza NEXE_LLAMA_CPP_CHAT_FORMAT en reinstal·lació MLX: no requereix canvis — mlx-lm llegeix el chat template del tokenizer Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…Server Nexe server.toml — 6 prompts nous [personality.prompt]: - ca_small / ca_full: Nexe com a expert de Server Nexe en català - es_small / es_full: versió castellà - en_small / en_full: versió anglès - small (~100 tok): per a models ≤4B (Phi-3.5, Salamandra 2B) - full (~200 tok): per a models 7B+ (Llama 3.1, Mistral, Salamandra 7B) core/endpoints/chat.py — _get_system_prompt(): - Selecciona prompt per lang (NEXE_LANG/i18n) + tier (NEXE_PROMPT_TIER) - Injecta system prompt automàticament si la request no en porta cap - RAG context sempre s'afegeix al system message (index 0) plugins/web_ui_module/manifest.py: - base_system_prompt llegit de server.toml via _get_system_prompt() - Fallback al mínim hardcoded si config no disponible install_nexe.py: - MODEL_CATALOG: camp "prompt_tier" a cada model (small/full) - generate_env_file + _update_env_model_config: escriuen NEXE_PROMPT_TIER Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
El filtre de knowledge docs usava i18n.current_language ("en-US" per
defecte del mòdul i18n) en lloc de NEXE_LANG ("ca"). Aixó feia que
el filtre metadata{"lang":"en"} no coincidís amb els docs indexats
{"lang":"ca"}, retornant 0 resultats de user_knowledge.
Fix: _server_lang es determina amb os.getenv("NEXE_LANG","ca") fora
del bloc use_rag, garantint que sempre estigui disponible per al
system prompt i que el filtre RAG sigui correcte.
- Tokens de prompt: 142 → 621 (context RAG real injectat)
- user_knowledge: 0 → 3 resultats per query de documentació
- .gitignore: COMMANDS.md i personality/.module_cache.json
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
El codi d'ingestió exclou explícitament README.md. Eliminem els 3 fitxers (ca/en/es) per evitar confusió. Les capçaleres RAG als 24 documents (8 per idioma) ja estaven afegides en sessió anterior. Verificat: 24/24 capçaleres ✓ (parse_rag_header sense errors) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
El codi d'ingestió NO exclou README.md (filtra només fitxers .hidden). El README conté info valuosa: overview del projecte, backends disponibles, estat actual i roadmap. Capçalera RAG: id=nexe-overview, P1, vàlida. Ara tenim 9 documents per idioma (8 docs + README). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
chat.py:
- Auto-save no es disparava mai: buscava choices[] (format OpenAI) però
Ollama retorna message.content (format natiu). Fix: fallback a
response.get("message",{}).get("content","") quan choices està buit.
- Verificat: 💾 logs de save apareixen correctament
server.toml prompts (small, ca/es/en):
- Explicita que [CONTEXT MEMÒRIA] conté converses anteriors, no sols docs
- "Usa-la com si fos la teva pròpia memòria" per millorar recall de noms
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Tests unitaris generats per Claude Opus 4.6 amb sistema multi-agent paral·lel (10 agents, 5 fases). 3.912 tests passant, 0 failures. Inclou fixes menors a producció: - web_ui_module/manifest.py: fix bug data→request (rag_threshold) - core/lifespan.py: ModuleManager persistent entre cicles lifespan - core/middleware.py: CSRF exempt per API endpoints autenticats - dev-tools/conftest.py: web_ui_module als approved modules Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Endpoint /ui/backends: llista Ollama, MLX i Llama.cpp amb els seus models - Endpoint /ui/backend: canvi de backend/model en runtime - Selector dropdown al sidebar per canviar backend i model - Badge RAG (lila) a les stats de cada missatge (quantes memòries usades) - Token [MODEL:...] per mostrar el model realment usat a les stats - Pre-selecció automàtica del model actiu al carregar la UI
El model ara rep [DOCUMENTACIÓ TÈCNICA] i [MEMÒRIA DE L'USUARI] com a blocs separats, perquè pugui distingir entre knowledge base i records personals de l'usuari.
…dates Updates the requirements on [uvicorn[standard]](https://github.com/Kludex/uvicorn), [pydantic](https://github.com/pydantic/pydantic), [tomli](https://github.com/hukkin/tomli), [httpx](https://github.com/encode/httpx), [click](https://github.com/pallets/click), [rich](https://github.com/Textualize/rich), [typer](https://github.com/fastapi/typer), [pyyaml](https://github.com/yaml/pyyaml), [numpy](https://github.com/numpy/numpy), [prometheus-client](https://github.com/prometheus/client_python), [psutil](https://github.com/giampaolo/psutil), [huggingface-hub](https://github.com/huggingface/huggingface_hub), [pypdf](https://github.com/py-pdf/pypdf), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) and [pytest-cov](https://github.com/pytest-dev/pytest-cov) to permit the latest version. Updates `uvicorn[standard]` from 0.34.3 to 0.39.0 - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.34.3...0.39.0) Updates `pydantic` from 2.10.6 to 2.12.5 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.10.6...v2.12.5) Updates `tomli` from 2.0.1 to 2.4.0 - [Changelog](https://github.com/hukkin/tomli/blob/master/CHANGELOG.md) - [Commits](hukkin/tomli@2.0.1...2.4.0) Updates `httpx` from 0.27.2 to 0.28.1 - [Release notes](https://github.com/encode/httpx/releases) - [Changelog](https://github.com/encode/httpx/blob/master/CHANGELOG.md) - [Commits](encode/httpx@0.27.2...0.28.1) Updates `click` from 8.1.7 to 8.1.8 - [Release notes](https://github.com/pallets/click/releases) - [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst) - [Commits](pallets/click@8.1.7...8.1.8) Updates `rich` from 13.7.0 to 14.3.3 - [Release notes](https://github.com/Textualize/rich/releases) - [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md) - [Commits](Textualize/rich@v13.7.0...v14.3.3) Updates `typer` from 0.9.0 to 0.23.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.9.0...0.23.2) Updates `pyyaml` from 6.0.1 to 6.0.3 - [Release notes](https://github.com/yaml/pyyaml/releases) - [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES) - [Commits](yaml/pyyaml@6.0.1...6.0.3) Updates `numpy` from 1.26.4 to 2.0.2 - [Release notes](https://github.com/numpy/numpy/releases) - [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst) - [Commits](numpy/numpy@v1.26.4...v2.0.2) Updates `prometheus-client` from 0.19.0 to 0.24.1 - [Release notes](https://github.com/prometheus/client_python/releases) - [Commits](prometheus/client_python@v0.19.0...v0.24.1) Updates `psutil` from 5.9.8 to 7.2.2 - [Changelog](https://github.com/giampaolo/psutil/blob/master/docs/changelog.rst) - [Commits](giampaolo/psutil@release-5.9.8...release-7.2.2) Updates `huggingface-hub` from 0.36.2 to 1.7.1 - [Release notes](https://github.com/huggingface/huggingface_hub/releases) - [Commits](huggingface/huggingface_hub@v0.36.2...v1.7.1) Updates `pypdf` from 6.7.5 to 6.9.0 - [Release notes](https://github.com/py-pdf/pypdf/releases) - [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md) - [Commits](py-pdf/pypdf@6.7.5...6.9.0) Updates `pytest-asyncio` to 1.2.0 - [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases) - [Commits](pytest-dev/pytest-asyncio@v0.23.0...v1.2.0) Updates `pytest-cov` to 7.0.0 - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v5.0.0...v7.0.0) --- updated-dependencies: - dependency-name: uvicorn[standard] dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: pydantic dependency-version: 2.12.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: tomli dependency-version: 2.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: httpx dependency-version: 0.28.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: click dependency-version: 8.1.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-deps - dependency-name: rich dependency-version: 14.3.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-deps - dependency-name: typer dependency-version: 0.23.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: pyyaml dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-deps - dependency-name: numpy dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-deps - dependency-name: prometheus-client dependency-version: 0.24.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: psutil dependency-version: 7.2.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-deps - dependency-name: huggingface-hub dependency-version: 1.7.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-deps - dependency-name: pypdf dependency-version: 6.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: pytest-asyncio dependency-version: 1.2.0 dependency-type: direct:production dependency-group: python-deps - dependency-name: pytest-cov dependency-version: 7.0.0 dependency-type: direct:production dependency-group: python-deps ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
jgoy-labs
added a commit
that referenced
this pull request
Apr 12, 2026
… nous Release consolidada v0.9.0 resultant de dues fases de treball: ## Fase 1 — Sprints 0-4 vacances 2-5 abril (42 bugs) Coordinat per Uatu amb Claude Opus 4.6 en sessions independents: - **Sprint 0-1**: memoria v1 (Qdrant embedded singleton, SessionManager v1) - **Sprint 2**: fix critic tray.py bloqueja teclat (_RamMonitor background) - **Sprint 3**: 13 bugs test instal·lacio neta + 5 fixes installer - #12 guard thinking+MEM_SAVE, #13 labels col·leccions, #14 pantalla benvinguda clickable, #15 i18n general, #16 tray nom+versio, #17 tray link web, #20 SEC-004 MIME validation - Installer: select_model() prompt_tier+chat_format, validacio Metal MLX - **Sprint 4**: refactoring — helpers extrets (ollama_helpers.py, tray_monitor.py, lifespan_modules.py), DEFAULT_VECTOR_SIZE constant, i18n get_message() complet - **Director 01/04**: 5 UX features (copy, sidebar, rename, donate, X doc) + 3 memory fixes (MEM_SAVE post-render strip, XSS fix, race condition Lock, [MEM:N] token mismatch) Auditoria global final APTE (Claude Opus 4.6 independent, 2026-04-02). ## Fase 2 — HOMAD 2026-04-06 (27 bugs + Ollama GUI) 3 blocs de bugs del fitxer bugs-server-nexe.md (pre-release test): **Bloc 1 — Critics (5)** - #7 Reinstal·lacio 3 modes (wipe/overwrite/backup) + stop server + Keychain - #8 TOCTOU master key (os.open atomic) - #10 DreamingCycle connection leak (6/6 funcions) - #29 Phi-3.5 fora del cataleg - Ollama GUI: ollama serve headless (no open -a Ollama al Dock) **Bloc 2 — Mitjana (12)** - #21 validate_string_input API v1 - #22 auth 21 endpoints + docs gated - #17 MEM_SAVE injection strict (whitelist Unicode, blacklist) - #32 history_floor context budget - #15 Ollama breaker semantic (4xx no infra) - #16 SessionManager RLock reentrant - #19 MLX cache singleton double-checked locking - #11 Bootstrap token renewal + retry backoff (1,5,30) - #13 Qdrant pool flush + logger.warning - #20 Module cycles consumer + startup summary - #9 SQL MIN portable (Python min()) - #28 Installer --skip-model-download **Bloc 3 — Baixa (11)** - #3 HF_TOKEN warning silenciat - #4 ANSI constants buides sense TTY - #5 Qdrant didactic isatty guards - #6 warnings position_ids + Some weights filtered - #12 discover_modules early return - #14 TQDM_DISABLE runtime servidor - #18 encoding fallback utf-8 → cp1252 → latin-1 - #23 Ollama no silent fallback → HTTPException 404 - #26 _backend_model_exists best-effort + logger mitigant - #27 _BACKEND_ALIASES backwards-compat - #30 Info.plist LSUIElement=false verificats Workflow HOMAD: Dev paral·lels (Opus) + 9 passades Consultor independents amb Dev D intermedi per findings. Tot verificat al codi real. ## Pytest consolidat **4389 passed**, 7 fails pre-existents (test_chat_unit::test_long_text_truncated, test_root::test_enabled_modules, test_security::test_long_context_truncated, 4× test_memory_helper_async::TestGetMemoryApi), 0 regressions. ## Fitxers nous - core/endpoints/chat_engines/ollama_helpers.py (Sprint 4) - core/lifespan_modules.py (Sprint 4) - installer/tray_monitor.py (Sprint 4) - installer/installer_reinstall.py (Bloc 1 Bug 7) ## Stats - 61 fitxers modificats (57 codi/knowledge/tests/installer/personality + README.md + 3 nous) - +1870 / -674 linies ## Version bump v0.8.5 → v0.9.0 (cataleg, pyproject, README, CHANGELOG, index.html, footer) ## Post-release pendent - Build DMG v0.9.0 (/dmg-nexe) amb tots els fixes - Notaritzacio Apple (re-firma si cal) - Test manual DMG per Bug 30 (icona Dock) + smoke tests release - Webs .org i .com ja desplegades per Uatu durant vacances NO PUSH en aquest commit — pendent OK explicit Jordi per al tag v0.9.0 final i push a GitHub release.
jgoy-labs
added a commit
that referenced
this pull request
Apr 12, 2026
… nous Release consolidada v0.9.0 resultant de dues fases de treball: ## Fase 1 — Sprints 0-4 vacances 2-5 abril (42 bugs) Coordinat en sessions independents: - **Sprint 0-1**: memoria v1 (Qdrant embedded singleton, SessionManager v1) - **Sprint 2**: fix critic tray.py bloqueja teclat (_RamMonitor background) - **Sprint 3**: 13 bugs test instal·lacio neta + 5 fixes installer - #12 guard thinking+MEM_SAVE, #13 labels col·leccions, #14 pantalla benvinguda clickable, #15 i18n general, #16 tray nom+versio, #17 tray link web, #20 SEC-004 MIME validation - Installer: select_model() prompt_tier+chat_format, validacio Metal MLX - **Sprint 4**: refactoring — helpers extrets (ollama_helpers.py, tray_monitor.py, lifespan_modules.py), DEFAULT_VECTOR_SIZE constant, i18n get_message() complet - **Director 01/04**: 5 UX features (copy, sidebar, rename, donate, X doc) + 3 memory fixes (MEM_SAVE post-render strip, XSS fix, race condition Lock, [MEM:N] token mismatch) Auditoria global final APTE (2026-04-02). ## Fase 2 — HOMAD 2026-04-06 (27 bugs + Ollama GUI) 3 blocs de bugs del fitxer bugs-server-nexe.md (pre-release test): **Bloc 1 — Critics (5)** - #7 Reinstal·lacio 3 modes (wipe/overwrite/backup) + stop server + Keychain - #8 TOCTOU master key (os.open atomic) - #10 DreamingCycle connection leak (6/6 funcions) - #29 Phi-3.5 fora del cataleg - Ollama GUI: ollama serve headless (no open -a Ollama al Dock) **Bloc 2 — Mitjana (12)** - #21 validate_string_input API v1 - #22 auth 21 endpoints + docs gated - #17 MEM_SAVE injection strict (whitelist Unicode, blacklist) - #32 history_floor context budget - #15 Ollama breaker semantic (4xx no infra) - #16 SessionManager RLock reentrant - #19 MLX cache singleton double-checked locking - #11 Bootstrap token renewal + retry backoff (1,5,30) - #13 Qdrant pool flush + logger.warning - #20 Module cycles consumer + startup summary - #9 SQL MIN portable (Python min()) - #28 Installer --skip-model-download **Bloc 3 — Baixa (11)** - #3 HF_TOKEN warning silenciat - #4 ANSI constants buides sense TTY - #5 Qdrant didactic isatty guards - #6 warnings position_ids + Some weights filtered - #12 discover_modules early return - #14 TQDM_DISABLE runtime servidor - #18 encoding fallback utf-8 → cp1252 → latin-1 - #23 Ollama no silent fallback → HTTPException 404 - #26 _backend_model_exists best-effort + logger mitigant - #27 _BACKEND_ALIASES backwards-compat - #30 Info.plist LSUIElement=false verificats Workflow HOMAD: Dev paral·lels (Opus) + 9 passades Consultor independents amb Dev D intermedi per findings. Tot verificat al codi real. ## Pytest consolidat **4389 passed**, 7 fails pre-existents (test_chat_unit::test_long_text_truncated, test_root::test_enabled_modules, test_security::test_long_context_truncated, 4× test_memory_helper_async::TestGetMemoryApi), 0 regressions. ## Fitxers nous - core/endpoints/chat_engines/ollama_helpers.py (Sprint 4) - core/lifespan_modules.py (Sprint 4) - installer/tray_monitor.py (Sprint 4) - installer/installer_reinstall.py (Bloc 1 Bug 7) ## Stats - 61 fitxers modificats (57 codi/knowledge/tests/installer/personality + README.md + 3 nous) - +1870 / -674 linies ## Version bump v0.8.5 → v0.9.0 (cataleg, pyproject, README, CHANGELOG, index.html, footer) ## Post-release pendent - Build DMG v0.9.0 (/dmg-nexe) amb tots els fixes - Notaritzacio Apple (re-firma si cal) - Test manual DMG per Bug 30 (icona Dock) + smoke tests release - Webs .org i .com ja desplegades durant vacances NO PUSH en aquest commit — pendent OK explicit Jordi per al tag v0.9.0 final i push a GitHub release.
jgoy-labs
added a commit
that referenced
this pull request
May 14, 2026
…1 Cluster 7) 9 independent assignment/arg-type findings closed via minimal annotations or casts (no behavioural change): - installer/installer_catalog_data.py:450 — cast(str, value) after truthy guard (#1) - core/config.py:115 — pre-declare found_path: Optional[Path] before if/else branch (#4) - core/cli/client.py:46 — declare self._ssl_context: Optional[ ssl.SSLContext] = None before populating in if-branch (#13) - core/cli/output.py:33 — annotate module-level console: Any to bridge the dual-decl Console / FallbackConsole (#14) - core/resources.py:110 — cast(Any, resource_path) so Path() accepts the importlib.resources Traversable that exposes __fspath__ (#17) - core/resilience/circuit_breaker.py:76 — annotate __lock_loop: Optional[asyncio.AbstractEventLoop] = None (#18) - core/dependencies.py:43-44 — annotate rate_limit_tracker / start_rate_limit_cleanup_task as Optional[Any] = None in the import fallback (#29, #30) - core/cli/cli.py:215 — annotate found: list[tuple[str, Optional[str], list[int]]] = [] (#62)
jgoy-labs
added a commit
that referenced
this pull request
May 16, 2026
… nous Release consolidada v0.9.0 resultant de dues fases de treball: ## Fase 1 — Sprints 0-4 vacances 2-5 abril (42 bugs) Coordinat en sessions independents: - **Sprint 0-1**: memoria v1 (Qdrant embedded singleton, SessionManager v1) - **Sprint 2**: fix critic tray.py bloqueja teclat (_RamMonitor background) - **Sprint 3**: 13 bugs test instal·lacio neta + 5 fixes installer - #12 guard thinking+MEM_SAVE, #13 labels col·leccions, #14 pantalla benvinguda clickable, #15 i18n general, #16 tray nom+versio, #17 tray link web, #20 SEC-004 MIME validation - Installer: select_model() prompt_tier+chat_format, validacio Metal MLX - **Sprint 4**: refactoring — helpers extrets (ollama_helpers.py, tray_monitor.py, lifespan_modules.py), DEFAULT_VECTOR_SIZE constant, i18n get_message() complet - **Director 01/04**: 5 UX features (copy, sidebar, rename, donate, X doc) + 3 memory fixes (MEM_SAVE post-render strip, XSS fix, race condition Lock, [MEM:N] token mismatch) Auditoria global final APTE (2026-04-02). ## Fase 2 — HOMAD 2026-04-06 (27 bugs + Ollama GUI) 3 blocs de bugs del fitxer bugs-server-nexe.md (pre-release test): **Bloc 1 — Critics (5)** - #7 Reinstal·lacio 3 modes (wipe/overwrite/backup) + stop server + Keychain - #8 TOCTOU master key (os.open atomic) - #10 DreamingCycle connection leak (6/6 funcions) - #29 Phi-3.5 fora del cataleg - Ollama GUI: ollama serve headless (no open -a Ollama al Dock) **Bloc 2 — Mitjana (12)** - #21 validate_string_input API v1 - #22 auth 21 endpoints + docs gated - #17 MEM_SAVE injection strict (whitelist Unicode, blacklist) - #32 history_floor context budget - #15 Ollama breaker semantic (4xx no infra) - #16 SessionManager RLock reentrant - #19 MLX cache singleton double-checked locking - #11 Bootstrap token renewal + retry backoff (1,5,30) - #13 Qdrant pool flush + logger.warning - #20 Module cycles consumer + startup summary - #9 SQL MIN portable (Python min()) - #28 Installer --skip-model-download **Bloc 3 — Baixa (11)** - #3 HF_TOKEN warning silenciat - #4 ANSI constants buides sense TTY - #5 Qdrant didactic isatty guards - #6 warnings position_ids + Some weights filtered - #12 discover_modules early return - #14 TQDM_DISABLE runtime servidor - #18 encoding fallback utf-8 → cp1252 → latin-1 - #23 Ollama no silent fallback → HTTPException 404 - #26 _backend_model_exists best-effort + logger mitigant - #27 _BACKEND_ALIASES backwards-compat - #30 Info.plist LSUIElement=false verificats Workflow HOMAD: Dev paral·lels (Opus) + 9 passades Consultor independents amb Dev D intermedi per findings. Tot verificat al codi real. ## Pytest consolidat **4389 passed**, 7 fails pre-existents (test_chat_unit::test_long_text_truncated, test_root::test_enabled_modules, test_security::test_long_context_truncated, 4× test_memory_helper_async::TestGetMemoryApi), 0 regressions. ## Fitxers nous - core/endpoints/chat_engines/ollama_helpers.py (Sprint 4) - core/lifespan_modules.py (Sprint 4) - installer/tray_monitor.py (Sprint 4) - installer/installer_reinstall.py (Bloc 1 Bug 7) ## Stats - 61 fitxers modificats (57 codi/knowledge/tests/installer/personality + README.md + 3 nous) - +1870 / -674 linies ## Version bump v0.8.5 → v0.9.0 (cataleg, pyproject, README, CHANGELOG, index.html, footer) ## Post-release pendent - Build DMG v0.9.0 (/dmg-nexe) amb tots els fixes - Notaritzacio Apple (re-firma si cal) - Test manual DMG per Bug 30 (icona Dock) + smoke tests release - Webs .org i .com ja desplegades durant vacances NO PUSH en aquest commit — pendent OK explicit Jordi per al tag v0.9.0 final i push a GitHub release.
jgoy-labs
added a commit
that referenced
this pull request
May 16, 2026
…1 Cluster 7) 9 independent assignment/arg-type findings closed via minimal annotations or casts (no behavioural change): - installer/installer_catalog_data.py:450 — cast(str, value) after truthy guard (#1) - core/config.py:115 — pre-declare found_path: Optional[Path] before if/else branch (#4) - core/cli/client.py:46 — declare self._ssl_context: Optional[ ssl.SSLContext] = None before populating in if-branch (#13) - core/cli/output.py:33 — annotate module-level console: Any to bridge the dual-decl Console / FallbackConsole (#14) - core/resources.py:110 — cast(Any, resource_path) so Path() accepts the importlib.resources Traversable that exposes __fspath__ (#17) - core/resilience/circuit_breaker.py:76 — annotate __lock_loop: Optional[asyncio.AbstractEventLoop] = None (#18) - core/dependencies.py:43-44 — annotate rate_limit_tracker / start_rate_limit_cleanup_task as Optional[Any] = None in the import fallback (#29, #30) - core/cli/cli.py:215 — annotate found: list[tuple[str, Optional[str], list[int]]] = [] (#62)
jgoy-labs
added a commit
that referenced
this pull request
May 16, 2026
…1 Cluster 7) 9 independent assignment/arg-type findings closed via minimal annotations or casts (no behavioural change): - installer/installer_catalog_data.py:450 — cast(str, value) after truthy guard (#1) - core/config.py:115 — pre-declare found_path: Optional[Path] before if/else branch (#4) - core/cli/client.py:46 — declare self._ssl_context: Optional[ ssl.SSLContext] = None before populating in if-branch (#13) - core/cli/output.py:33 — annotate module-level console: Any to bridge the dual-decl Console / FallbackConsole (#14) - core/resources.py:110 — cast(Any, resource_path) so Path() accepts the importlib.resources Traversable that exposes __fspath__ (#17) - core/resilience/circuit_breaker.py:76 — annotate __lock_loop: Optional[asyncio.AbstractEventLoop] = None (#18) - core/dependencies.py:43-44 — annotate rate_limit_tracker / start_rate_limit_cleanup_task as Optional[Any] = None in the import fallback (#29, #30) - core/cli/cli.py:215 — annotate found: list[tuple[str, Optional[str], list[int]]] = [] (#62)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updates the requirements on uvicorn[standard], pydantic, tomli, httpx, click, rich, typer, pyyaml, numpy, prometheus-client, psutil, huggingface-hub, pypdf, pytest-asyncio and pytest-cov to permit the latest version.
Updates
uvicorn[standard]from 0.34.3 to 0.39.0Release notes
Sourced from uvicorn[standard]'s releases.
... (truncated)
Changelog
Sourced from uvicorn[standard]'s changelog.
Commits
4f40b84Version 0.39.0 (#2770)5692dfcfix(websockets): Send close frame on ASGI return (#2769)4194764chore(deps): bump the github-actions group with 2 updates (#2763)d94bf28explicitly start ASGI run with empty context (#2742)8ae0bcbchore(deps): bump the github-actions group with 2 updates (#2748)4744ff9Add groups configuration for GitHub Actions (#2747)0391372chore(deps): bump astral-sh/setup-uv from 6.8.0 to 7.1.2 (#2746)69a6ae3Improve typing intest_http.py(#2740)3850ad6Version 0.38.0 (#2733)9b3f17aSupport Python 3.14 (#2723)Updates
pydanticfrom 2.10.6 to 2.12.5Release notes
Sourced from pydantic's releases.
... (truncated)
Changelog
Sourced from pydantic's changelog.
... (truncated)
Commits
bd2d0ddPrepare release v2.12.57d0302eDocument security implications when usingcreate_model()e9ef980Fix typo in Standard Library Types documentationf2c20c0Addpydantic-docsdev dependency, make use of versioning blocksa76c1aaUpdate documentation about JSON Schema8cbc72cAdd documentation about custom__init__()99eba59Add additional test forFieldInfo.get_default()c710769Special caseMISSINGsentinel insmart_deepcopy()20a9d77Do not delete mock validator/serializer inrebuild_dataclass()c86515aUpdate parts of the model andrevalidate_instancesdocumentationUpdates
tomlifrom 2.0.1 to 2.4.0Changelog
Sourced from tomli's changelog.
Commits
a678e6fBump version: 2.3.0 → 2.4.0b8a1358Tests: remove now needless "TOML compliance"->"burntsushi" format conversion4979375Update GitHub actionsf890dd1Update pre-commit hooksd9c65c3Add 2.4.0 change log0efe49dUpdate README for v2.4.09eb2125TOML 1.1: Make seconds optional in Date-Time and Time (#203)12314bdTOML 1.1: Add \xHH Unicode escape code to basic strings (#202)2a2aa62TOML 1.1: Allow newlines and trailing comma in inline tables (#200)38297f8Xfail on tests for TOML 1.1 features not yet supportedUpdates
httpxfrom 0.27.2 to 0.28.1Release notes
Sourced from httpx's releases.
Changelog
Sourced from httpx's changelog.
Commits
26d48e0Version 0.28.1 (#3445)89599a9Fixverify=False,cert=...case. (#3442)8ecb86fAdd test for request params behavior changes (#3364) (#3440)0cb7e5aBump the python-packages group with 11 updates (#3434)15e21e9Updating deprecated docstring Client() class (#3426)80960faVersion 0.28.0. (#3419)a33c878Fixextensionstype annotation. (#3380)ce7e14dError on verify as str. (#3418)47f4a96Handle empty zstd responses (#3412)189fc4bUpdate CHANGELOG.md, fix typo(s) (#3406)Updates
clickfrom 8.1.7 to 8.1.8Release notes
Sourced from click's releases.
Changelog
Sourced from click's changelog.
Commits
934813erelease version 8.1.8c23223bAdd links to third-party projects enhancing Click (#2815)822d4fdAdd links to third-party projects8e7bed0Break up arguments section (#2586)3241541Remove some typing hints.bed0377remove test pypi6534590update dev dependenciesb1e392efix typosfdc6b02Fix missing reset in isolation function (#2733)ffd43e9Fixed missing reset on _compat.should_strip_ansi.Updates
richfrom 13.7.0 to 14.3.3Release notes
Sourced from rich's releases.
... (truncated)
Changelog
Sourced from rich's changelog.
... (truncated)
Commits
ce01188Merge pull request #4008 from Textualize/bump143314a47c9bumpf54bfe0Merge pull request #4007 from Textualize/copilot/sub-pr-40067338cb9Merge pull request #4006 from Textualize/fix-grapheme-stuck905b397Update tests/test_cells.pyb031dcaUpdate tests/test_cells.pyf07a3fcAdd regression tests for VS16 after zero-width chars in split_graphemesb618cccspelling378c34bInitial plan87e7ca2refinements, and testsUpdates
typerfrom 0.9.0 to 0.23.2Release notes
Sourced from typer's releases.
... (truncated)
Changelog
Sourced from typer's changelog.
... (truncated)
Commits
2bf1e4d🔖 Release version 0.23.2b51b821📝 Update release notes459030e👷 Run tests with lower bound uv sync, update minimum dependencies (#1526)ccd7669📝 Update release notes5a13460⬆ Bump prek from 0.3.2 to 0.3.3 (#1545)54b4477📝 Update release notes3f25640✅ Monkeypatch console width to allow runningpytestdirectly (#1542)fc20e31📝 Update release notese5df3a5⬆ Bump ruff from 0.15.0 to 0.15.1 (#1541)d2d9f59🔖 Release version 0.23.1Updates
pyyamlfrom 6.0.1 to 6.0.3Release notes
Sourced from pyyaml's releases.
Changelog
Sourced from pyyaml's changelog.
Commits
49790e7Release 6.0.3 (#889)41309b0Release 6.0.2 (#819)dd9f0e16.0.2rc1 (#809)f5527a2disable CI trigger on PR editsb4d80a7Python 3.12 + musllinux_1_1_x86_64 wheel supportUpdates
numpyfrom 1.26.4 to 2.0.2Release notes
Sourced from numpy's releases.
... (truncated)
Commits
854252dMerge pull request #27280 from charris/prepare-2.0.2cffa071REL: Prepare for the NumPy 2.0.2 release [wheel build]1693029Merge pull request #27279 from charris/backport-27275da9f9c3BUG: Fix array_equal for numeric and non-numeric scalar typesee1cf96Merge pull request #27213 from charris/backport-27202