# Dependencies for the IMI Library app (the downloadable bundle).
# This file is bundled in the download zip and is exactly what end users pip-install.
# Keep it to ONLY what the BUNDLED code imports: scripts/deploy-ci.sh ships app/ plus a
# subset of pipeline/ (extract_audio, transcribe, enrich, canonical, database, utils).
# Heavy local ML (music detection, voiceprint speaker ID) runs only in the operator's
# full pipeline install, NOT in this bundle — those packages must not be listed here. #392
fastapi==0.136.1  # SECURITY (MAL-2026-4750): 0.136.3 is malicious (sneaks in 'fastar'); do not bump without re-auditing
uvicorn[standard]>=0.47.0
jinja2>=3.1.6
python-dotenv>=1.2.2
httpx>=0.28.1
assemblyai>=0.64.3
anthropic>=0.104.1
supabase>=2.30.0
numpy<3.0
pyyaml>=6.0.2  # pipeline/enrich/patterns/loader.py imports yaml (unguarded)
