/ pyproject.toml
pyproject.toml
1 [build-system] 2 requires = ["hatchling"] 3 build-backend = "hatchling.build" 4 5 [project] 6 name = "solace-agent-mesh" 7 dynamic = ["version"] 8 description = "Solace Agent Mesh is an open-source framework for building event-driven, multi-agent AI systems where specialized agents collaborate on complex tasks." 9 readme = "README.md" 10 requires-python = ">=3.10.16,<3.14" 11 license = { file = "LICENSE" } 12 authors = [ 13 { name="SolaceLabs", email="solacelabs@solace.com" }, 14 ] 15 classifiers = [ 16 "Programming Language :: Python :: 3", 17 "Programming Language :: Python :: 3.11", 18 "Programming Language :: Python :: 3.13", 19 "License :: OSI Approved :: Apache Software License", 20 "Operating System :: OS Independent", 21 "Topic :: Software Development :: Libraries :: Application Frameworks", 22 ] 23 dependencies = [ 24 "google-adk==1.18.0", 25 "a2a-sdk[http-server]==0.3.7", 26 "pydantic==2.11.9", 27 "click==8.1.8", 28 "python-dotenv==1.1.1", 29 "google-genai==1.49.0", 30 "httpx==0.28.1", 31 "jwcrypto==1.5.6", 32 "python-jwt==4.1.0", 33 "pyjwt>=2.12.0", # [CVE-2026-32597] Security fix: validates the crit (Critical) Header Parameter in JWS tokens (transitive from a2a-sdk, msal) 34 "asteval==1.0.6", 35 "pystache==0.6.8", 36 "python-liquid==2.1.0", 37 "pandas==2.3.2", 38 "numpy==2.2.6", 39 "plotly==6.3.0", 40 "kaleido==0.2.1", 41 "PyYAML==6.0.2", 42 "python-multipart==0.0.26", 43 "wheel==0.46.2", 44 "jaraco.context==6.1.0", 45 "protobuf==6.33.5", 46 "setuptools==80.10.2", 47 "markitdown[all]==0.1.4", 48 "jmespath==1.0.1", 49 "mermaid_cli==0.1.2", 50 "playwright==1.58.0", 51 "litellm==1.83.0", 52 "markdownify==1.2.0", 53 "beautifulsoup4==4.13.5", 54 "jsonpath-ng==1.7.0", 55 "pydub==0.25.1", 56 "toml==0.10.2", 57 "GitPython==3.1.45", 58 "Flask==3.1.3", 59 "flask-cors==6.0.1", 60 "werkzeug==3.1.6", 61 "fastapi==0.120.1", 62 "starlette==0.49.1", 63 "uvicorn[standard]==0.37.0", 64 "sse-starlette==3.0.2", 65 "itsdangerous==2.2.0", 66 "solace_ai_connector==3.3.10", 67 "holidays==0.81.0", 68 "rouge==1.0.1", 69 "SQLAlchemy==2.0.40", 70 "alembic==1.16.5", 71 "openai==2.8.0", # bumped from 1.99.9 — required by litellm==1.83.0 72 "rich==13.9.4", 73 "boto3==1.40.37", 74 "psycopg2-binary==2.9.10", 75 "azure-cognitiveservices-speech==1.41.1", 76 "cryptography==46.0.7", # [CVE-2026-39892] Security fix: addresses vulnerabilities in older versions (transitive dependency from multiple packages) 77 "pillow==12.2.0", # [CVE-2026-25990, CVE-2026-40192] Security fix: addresses vulnerabilities in older versions (transitive dependency from python-pptx) 78 "bm25s==0.2.14", 79 "pypdf==6.10.2", # [CVE-2026-40260, GHSA-jj6c-8h6c-hppx] Security fix: multiple vulnerabilities resolved in 6.10.2 80 "python-pptx==1.0.2", 81 "python-docx==1.2.0", 82 "google-cloud-storage==3.9.0", 83 "azure-identity>=1.17.0", 84 "azure-storage-blob==12.28.0", 85 "authlib>=1.6.9", # [CVE-2026-27962] Security fix: GHSA-wvwj-cvrp-7pv5 JWK Header Injection 86 "pyasn1>=0.6.3", # [CVE-2026-30922] Security fix: Prevents DoS via unbounded recursion in ASN.1 decoder 87 "cachetools==7.0.1", 88 "openfeature-sdk==0.8.4", 89 "filelock==3.20.3", 90 "uuid-utils>=0.11.1", 91 "nanoid==2.0.0", 92 "APScheduler==3.10.4", 93 "croniter==2.0.5", 94 ] 95 96 [project.optional-dependencies] 97 vertex = ["google-cloud-aiplatform==1.133.0"] 98 employee_tools = ["holidays==0.81.0"] 99 test = [ 100 "pytest-asyncio", 101 "pytest>=8.0.0", 102 "pytest-mock>=3.0.0", 103 "pytest-cov>=4.0.0", 104 "pytest-xdist>=3.5.0", 105 "pytest-httpx>=0.35.0", 106 "fastmcp>=3.2.0", # Upgrade to fix SSRF/path traversal (GHSA-vv7q-7jx5-f767) 107 "httpx>=0.25", 108 "respx", 109 "ruff", 110 "testcontainers[postgres,mysql]>=4.0.0", 111 "aiosqlite", 112 "psycopg2-binary", 113 "asyncpg", 114 "pymysql>=1.1.0", # Required for MySQL migration tests 115 ] 116 117 [tool.hatch.envs.hatch-test] 118 parallel = false 119 installer = "uv" 120 dependencies = [ 121 "solace-agent-mesh[vertex,employee_tools]", 122 "pytest-asyncio", 123 "pytest>=8.0.0", 124 "pytest-mock>=3.0.0", 125 "pytest-cov>=4.0.0", 126 "pytest-xdist>=3.5.0", 127 "pytest-httpx>=0.35.0", 128 "fastmcp>=3.2.0", # Upgrade to fix SSRF/path traversal (GHSA-vv7q-7jx5-f767) 129 "httpx>=0.25", 130 "respx", 131 "ruff", 132 "testcontainers[postgres,mysql]>=4.0.0", 133 "aiosqlite", 134 "psycopg2-binary", 135 "asyncpg", 136 "bm25s==0.2.14", 137 "pymysql>=1.1.0", # Required for MySQL testcontainers 138 "pypdf==6.10.2", 139 "python-pptx==1.0.2", 140 "python-docx==1.2.0", 141 "sam-test-infrastructure @ {root:uri}/tests/sam-test-infrastructure" 142 ] 143 post-install-commands = [ 144 "playwright install" 145 ] 146 147 [[tool.hatch.envs.hatch-test.matrix]] 148 python = ["3.10", "3.13"] 149 150 [tool.hatch.envs.hatch-test.scripts] 151 run = "pytest {args}" 152 run-cov = "coverage run -m pytest --cov=cli --cov=src {args}" 153 cov-combine = "coverage combine" 154 cov-report = "coverage report" 155 156 157 [project.urls] 158 Homepage = "https://github.com/SolaceLabs/solace-agent-mesh" 159 Repository = "https://github.com/SolaceLabs/solace-agent-mesh" 160 161 [project.scripts] 162 solace-agent-mesh = "solace_agent_mesh.cli.main:cli" 163 sam = "solace_agent_mesh.cli.main:cli" 164 165 [tool.ruff] 166 line-length = 88 167 select = ["E", "W", "F", "I", "UP", "B", "C4", "SIM"] 168 ignore = ["E501", "B008"] 169 170 [tool.ruff.format] 171 quote-style = "double" 172 173 [tool.pytest.ini_options] 174 asyncio_mode = "auto" 175 asyncio_default_fixture_loop_scope = "function" 176 addopts = "--tb=short --strict-markers --disable-warnings -p pytest_asyncio --ignore=tests/system --ignore=tests/stress" 177 testpaths = ["tests"] 178 pythonpath = [".", "src", "tests/sam-test-infrastructure/src"] 179 python_files = ["test_*.py", "*_test.py", "tests.py"] 180 python_classes = ["Test*"] 181 python_functions = ["test_*"] 182 markers = [ 183 "all: marks all tests", 184 "asyncio: marks tests as async (deselect with '-m \"not asyncio\"')", 185 "default: marks tests that are basic or foundational", 186 "stress: marks tests as stress tests (long-running, resource-intensive)", 187 "long_soak: marks tests as very long-running soak tests for memory leak detection", 188 189 # Core Components 190 # Markers for the main components of the Solace Agent Mesh. 191 "agent: marks tests related to the agent component", 192 "common: marks tests related to the common component", 193 "core_a2a: marks tests related to the core_a2a component", 194 "gateway: marks tests related to the gateway component", 195 196 # Common Components 197 # Markers for sub-components within the 'common' directory. 198 "middleware: marks tests related to the middleware component", 199 "server: marks tests related to the server component", 200 "services: marks tests related to the services", 201 202 # Features 203 # Markers for specific features. 204 "callbacks: marks tests related to agent callbacks", 205 "datapart: marks tests related to A2A DataPart objects", 206 "delegation: marks tests related to agent delegation", 207 "embeds: marks tests related to the embeds", 208 "mcp: marks tests related to mcp", 209 "notification: marks tests related to notifications", 210 "task_cancellation: marks tests related to task cancellation", 211 "proxy: marks tests related to the A2A proxy functionality", 212 "streaming: marks tests related to streaming messages", 213 "artifacts: marks tests related to artifact handling and services", 214 "workflows: marks tests related to workflow execution", 215 "map: marks tests for map (parallel iteration) workflows", 216 "switch: marks tests for switch (multi-way) workflow branching", 217 "loop: marks tests for loop workflow iteration", 218 "api: marks tests related to the API", 219 "tasks: marks tests related to task management", 220 "builtin_artifact_embeds: marks tests related to the builtin_artifact_embeds", 221 "projects: marks tests related to project management", 222 "default_agent: marks tests related to default agent functionality", 223 "crud: marks tests related to CRUD operations", 224 "templates: marks tests related to template operations", 225 "pagination: marks tests related to pagination functionality", 226 "security: marks tests related to security and authorization", 227 "error: marks tests related to error handling scenarios", 228 "validation: marks tests related to input validation", 229 "prompts: marks tests related to the prompts library feature", 230 "versioning: marks tests related to version management", 231 "search: marks tests related to search and filtering functionality", 232 233 # Agent Tools 234 # Markers for the built-in agent tools. 235 "tools: marks tests related to the agent tools", 236 "audio_tools: marks tests related to the audio_tools", 237 "peer_tool: marks tests for calling peer agents", 238 "parallel_tool: marks tests related to the parallel_tool", 239 "builtin_artifact_tools: marks tests related to the builtin_artifact_tools", 240 "builtin_data_analysis_tools: marks tests related to the builtin_data_analysis_tools", 241 "general_agent_tools: marks tests related to the general_agent_tools", 242 "image_tools: marks tests related to the image_tools", 243 "peer_agent_tool: marks tests related to the peer_agent_tool", 244 "web_tools: marks tests related to the web_tools", 245 "web_search: marks tests related to web search tools (Tavily, Google, Exa, Brave)", 246 "deep_research: marks tests related to deep research tool", 247 "dynamic_tools: marks tests related to the dynamic_tools", 248 "artifact_preloading: marks tests related to ArtifactContent type hint pre-loading", 249 "auth: marks tests associated with authentication and authorization", 250 "oauth: OAuth specific tests", 251 "error_handling: Tests related to error handling and recovery", 252 "cancellation: Tests related to task cancellation", 253 "headers: marks tests related to HTTP header handling", 254 "agent_card: marks tests related to agent card fetching and discovery", 255 "url: marks tests related to URL handling and routing", 256 "task: marks tests related to task invocation", 257 ] 258 259 [tool.hatch.metadata] 260 allow-direct-references = true 261 262 [tool.hatch.build.targets.wheel] 263 packages = ["src/solace_agent_mesh"] 264 265 [tool.hatch.build.targets.wheel.force-include] 266 "templates" = "solace_agent_mesh/templates" 267 "cli" = "solace_agent_mesh/cli" 268 "evaluation" = "solace_agent_mesh/evaluation" 269 "config_portal/frontend/static" = "solace_agent_mesh/config_portal/frontend/static" 270 "config_portal/backend" = "solace_agent_mesh/config_portal/backend" 271 "config_portal/__init__.py" = "solace_agent_mesh/config_portal/__init__.py" 272 "client/webui/frontend/static" = "solace_agent_mesh/client/webui/frontend/static" 273 "docs/build" = "solace_agent_mesh/assets/docs" 274 275 [tool.hatch.build.targets.sdist.force-include] 276 "config_portal/frontend/static" = "/assets/config_portal" 277 "client/webui/frontend/static" = "/assets/client/webui" 278 "docs/build" = "/assets/docs" 279 280 [tool.hatch.build.targets.sdist.hooks.custom] 281 path = ".github/helper_scripts/build_frontend.py" 282 283 [tool.hatch.build.targets.wheel.hooks.custom] 284 path = ".github/helper_scripts/build_frontend.py" 285 286 [tool.hatch.version] 287 path = "cli/__init__.py"