-
Notifications
You must be signed in to change notification settings - Fork 48
Expand file tree
/
Copy pathpyproject.toml
More file actions
198 lines (188 loc) · 9.05 KB
/
Copy pathpyproject.toml
File metadata and controls
198 lines (188 loc) · 9.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
[build-system]
# setuptools >= 77 is required to emit the PEP 639 ``License-Expression``
# metadata field. The 12.47 wheel was built with an older setuptools and
# shipped to PyPI with empty license metadata (the ``Apache-2.0`` SPDX
# expression below got dropped).
requires = ["setuptools>=77.0", "wheel"]
build-backend = "setuptools.build_meta"
[project]
name = "roam-code"
version = "13.6.1"
description = "Local codebase intelligence for AI coding agents: structural repo map, change-safety gates, MCP security receipts, and tamper-evident ChangeEvidence packets. 100% local, zero API keys, zero network egress."
readme = "README.md"
requires-python = ">=3.10"
license = "Apache-2.0"
authors = [
{name = "Cranot"},
]
keywords = ["agent-os", "agentic-assurance", "ai-agents", "ai-coding", "audit-trail", "blast-radius", "change-evidence", "code-analysis", "code-review", "codebase-intelligence", "developer-tools", "evidence-compiler", "local-first", "mcp", "mcp-server", "model-context-protocol", "preflight", "sarif", "security", "software-architecture", "static-analysis", "tree-sitter"]
classifiers = [
"Development Status :: 5 - Production/Stable",
"Environment :: Console",
"Intended Audience :: Developers",
"Operating System :: OS Independent",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Programming Language :: Python :: 3.13",
"Topic :: Security",
"Topic :: Software Development",
"Topic :: Software Development :: Code Generators",
"Topic :: Software Development :: Quality Assurance",
"Topic :: Software Development :: Libraries :: Python Modules",
]
dependencies = [
"click>=8.0",
"tree-sitter>=0.23",
# Pinned upper bound: 1.6.3's cp312 wheel ships a manylinux_2_34
# tarball that fails to register the ``tree_sitter_language_pack``
# module post-install (CI run 25217131296). 1.6.2 (cp310-abi3) works
# cleanly across 3.10-3.13 (project floor since W44).
"tree-sitter-language-pack>=0.6,<1.6.3",
"networkx>=3.0",
# tomllib is stdlib on 3.11+. On 3.10 (our floor) we need the tomli
# backport so commands that parse pyproject.toml (orphan-imports
# dependency-allowlist filter, stale-refs config) keep working.
"tomli; python_version < '3.11'",
]
[project.urls]
Homepage = "https://roam-code.com/"
Documentation = "https://roam-code.com/docs/"
Repository = "https://github.com/Cranot/roam-code"
Issues = "https://github.com/Cranot/roam-code/issues"
Discussions = "https://github.com/Cranot/roam-code/discussions"
Changelog = "https://github.com/Cranot/roam-code/blob/main/CHANGELOG.md"
Pricing = "https://roam-code.com/pricing"
Security = "https://roam-code.com/security"
[project.scripts]
roam = "roam.cli:cli"
[project.optional-dependencies]
mcp = [
"fastmcp>=2.0",
]
semantic = [
"numpy>=1.24",
"onnxruntime>=1.16",
"tokenizers>=0.15",
]
leiden = [
# Strictly better community detection than Louvain (no badly-connected
# communities). Auto-detected at runtime; falls back to seeded Louvain
# when these aren't installed.
"igraph>=0.11",
"leidenalg>=0.10",
]
graph-fast = [
# rustworkx is a Rust-backed drop-in for many NetworkX algorithms;
# 3-100× speedup at >250k nodes per the v12.2 architecture review.
# Auto-detected via ``ROAM_GRAPH_BACKEND=rustworkx``.
"rustworkx>=0.14",
]
sbom = [
# CycloneDX 1.7 SBOM emit (with AIBOM extension) for `roam sbom`.
# Falls back to in-tree minimal emitter when not installed.
"cyclonedx-python-lib>=8.0",
]
learned = [
# LightGBM LambdaMART distillation for `roam retrieve --rerank learned`.
# Optional — current `--rerank fast` blend stays the default.
"lightgbm>=4.0",
]
typecheck = [
# W931: mypy convenience extras. Discovered during W919 / W925 type-annotation
# validation that there was no first-class way to install a typechecker into
# the `.venv` (`pip install -e .[typecheck]`). mypy is intentionally NOT a
# `dev` dependency because the test suite does not require it; treat it as
# an opt-in tool for type-stamping work. Pin to a recent stable; tightening
# the lower bound is fine when annotations need a newer mypy feature.
"mypy>=1.10",
]
dev = [
"pytest>=7.0",
"pytest-xdist>=3.0",
# pytest-asyncio is required by tests/test_taint_classifier.py — those
# tests use ``@pytest.mark.asyncio`` to verify the MCP-sampling-based
# taint classifier under a controlled async loop.
"pytest-asyncio>=0.23",
# scipy is required by ``nx.pagerank`` on networkx 3.x; without it,
# the personalized-pagerank tests exercise the degree-based fallback
# which doesn't honour ``alpha`` and trivially fails the
# alpha-override / chain-propagation invariants. Production users
# without scipy still get the (less accurate but correct) fallback.
"scipy>=1.11",
# fastmcp is required by tests that exercise the MCP server tool
# registry (``_TOOL_METADATA`` is empty without it because the
# decorator becomes a no-op).
"fastmcp>=2.0",
# PyYAML is the canonical parser for .roam/rules.yml + .roamignore-findings.
# In production it stays optional — the in-tree _parse_simple_yaml /
# _emit_simple_yaml fallback covers the documented shapes. Pinned here
# so the test suite has a consistent reference parser to assert against.
"pyyaml>=6.0",
"ruff>=0.4",
"build>=1.0",
"twine>=5.0",
# README/demo asset generation: dev/generate_terminal_demo_gif.py imports
# PIL directly. Keep it in the dev extra rather than the runtime package.
"pillow>=10.0",
]
[tool.setuptools.packages.find]
where = ["src"]
[tool.setuptools.package-data]
# v12.12.1 / 12.12.2 — without these, data files don't ship in the
# wheel. Pre-12.12.1 PyPI installs silently loaded zero taint rules;
# v12.12.1 fixed taint + extractors but still missed Jenkinsfile (no
# extension) and the MCP server card. v12.12.2 bundles every file
# under templates/ci/ (Jenkinsfile + the YAMLs) and ships the server
# card alongside the package so ``roam mcp --card`` works post-install.
"roam.security.taint_rules" = ["*.yaml", "*.yml"]
"roam.languages.extractors" = ["*.yaml", "*.yml"]
"roam.templates.ci" = ["*"]
# W554: ship the OSCAL control-mapping YAML in the wheel. Pre-W554 it lived
# at templates/audit-report/control-mapping.yaml outside the package, so
# `roam ci-setup --with-oscal` and `roam evidence-oscal` could not find it
# under a pip install. Resolved via importlib.resources at runtime.
"roam.templates.audit_report" = ["*.yaml", "*.yml"]
"roam" = ["mcp-server-card.json"]
[tool.pytest.ini_options]
testpaths = ["tests"]
# ``-p roam.testing.ci_xdist`` loads the CI auto-parallelism plugin (injects
# ``-n auto --dist loadgroup`` only when CI is set, xdist is importable, and
# no explicit -n/--dist was given — see that module's docstring for why the
# workflow file and a bare ``-n auto`` here are both unavailable channels).
# Requires roam to be installed (``pip install -e .``), which every test
# environment already needs because the tests import roam.
addopts = "-q --tb=short -p roam.testing.ci_xdist"
# W403: pytest-asyncio config options (asyncio_mode, asyncio_default_fixture_loop_scope)
# previously lived here, but they're only recognised when the optional
# pytest-asyncio plugin is installed (`pip install roam-code[dev]`). In minimal
# venvs without the plugin, pytest emits two PytestConfigWarnings every run.
# The plugin's defaults (strict mode, function-scoped event loop) match what
# our async tests in test_taint_classifier.py expect, and the `asyncio` marker
# below already handles the unknown-marker warning. Re-add scoped under
# `[tool.pytest-asyncio]` or here only if a future test depends on non-default
# behaviour.
markers = [
"smoke: fast, high-signal tests for local iteration",
"core: broader local suite for pre-push checks",
"slow: marks tests as slow (deselect with '-m \"not slow\"')",
"asyncio: marks async tests requiring pytest-asyncio (skip when missing)",
"git_history: tests that backdate fixture commits >365 days from now; auto-applies ROAM_GIT_SINCE=0 via tests/conftest.py to bypass W405 shallow-history default",
"xdist_group: pytest-xdist grouping marker — keeps marked tests on a single worker (used by tests/test_performance.py to serialize timing-sensitive perf suite). Registered here to silence PytestUnknownMarkWarning under default ``--dist=load``.",
]
[tool.ruff]
target-version = "py310"
line-length = 120
[tool.ruff.lint]
select = ["E", "F", "W", "I", "T20"]
ignore = [
"E402", # module-import-not-at-top — needed for sys.path manipulation in tests
"E501", # line-too-long — handled by ruff format; remaining are long strings/SQL
"E731", # lambda-assignment — used for concise dispatch tables
"E741", # ambiguous variable names (G, l, etc.) — common in graph code
]
[tool.ruff.lint.per-file-ignores]
"tests/**/*.py" = ["T201", "T203"]
"dev/**/*.py" = ["T201", "T203"]
"scripts/**/*.py" = ["T201", "T203"] # CLI scripts print progress/status by design