Skip to content

dependencies

Scope: Runtime dependency allowlist.
Audience: Contributors and reviewers.
Guarantees: Allowlist covers project.dependencies.
Non-Goals: Dev dependency tracking.
Why: This doc exists to record its single responsibility for review.

Overview

This doc defines one responsibility.
Architecture components are defined in Architecture.
Read Threat Model before edits.
Read Docs Style for context.

Contracts

Each statement is a contract.
Contracts align with scripts/check_dependency_allowlist.py.
Contracts link to Threat Model and Docs Style.

Invariants

Invariants describe stable behavior.
Checks align with scripts/check_dependency_allowlist.py.
Invariants align with Threat Model.

Failure Modes

Failures are explicit and tested.
Failure coverage aligns with scripts/check_dependency_allowlist.py.
Failures align with Docs Style.

Extension Points

Extensions require tests and docs.
Extensions are tracked in Threat Model.
Extensions align with scripts/check_dependency_allowlist.py.

Exit Criteria

This doc becomes obsolete when the surface ends.
The replacement is linked in Docs Style.
Obsolete docs are removed.

Code refs: scripts/check_dependency_allowlist.py.
Allowlist:
- requests
- biopython
- numpy
- click
- fastapi
- uvicorn
- pydantic
- loguru
- slowapi
- boto3