fix(packaging): add keyring to base install_requires so gaia connectors works on bare install (#1621)#1624
Conversation
…rs works on bare install (#1621) gaia connectors (list, status, …) is registered as a base CLI command — no [ui]/[api] gate — but its import chain (cli → gaia.connectors.store) reaches `import keyring` at module load time and at request time for OAuth token storage (#915). Because keyring was only declared in the [ui], [api], and [dev] extras, a plain `pip install amd-gaia` shipped a broken `gaia connectors` command that crashed with ModuleNotFoundError. Promoting keyring to install_requires is the correct tier match: the command is base, so its dependency must be too. keyring is featherweight (pure-Python; only jaraco.* transitive deps; the cryptography/SecretStorage chain is prebuilt or Linux-only), so the footprint cost is negligible against the transformers/accelerate base already declares. The extras ([ui], [api], [dev]) keep their own declarations independently — this is an addition to base, not a move. Defense-in-depth guarded-import error for the same issue lands separately in #1622.
Review: fix(packaging): add keyring to base install_requires (#1624)Approve. This correctly fixes a real crash: IssuesNone blocking. Two small observations, neither requiring a change: 🟢 Test relies on regex-parsing 🟢 PR description references a "guarded import in #1622" as defense-in-depth. Worth confirming that follow-up actually lands — today Strengths
VerdictApprove — ready to merge. Scope-clean (one dep line + one test), no security or breaking-change surface, no docs impact (dependency-only, no new CLI/SDK surface). No injection content observed in the diff. |
itomek-amd
left a comment
itomek-amd
left a comment
There was a problem hiding this comment.
Approving the base-dependency fix for #1621. gaia connectors is a base CLI command, so promoting keyring to base install_requires is the correct resolution — it makes connectors work on a bare pip install while the guarded import (#1622) remains as defense-in-depth.
Validated end-to-end before merge:
- Unit: new
test_base_keyring_dep.py(red→green) +test_api_extras.pyno regression;util/lint.py --allclean. - Bare-install proof:
pip install -e .(no extras) pullskeyring 25.7.0from base. - Real-world across platforms: a bare install resolves keyring and
gaia connectors list/statusworks on macOS (Keychain) and Linux+SecretService; on headless Linux/Docker the no-backend case fails with a clean actionable error rather than a traceback.
The extras retain their own keyring declaration, so #1617's [api] guard stays green.
2 participants
Closes #1621
Why this matters
gaia connectorsis a base CLI command, butkeyring— its OS credential-store backend for OAuth tokens (#915) — shipped only in the[ui]/[api]/[dev]extras. So a barepip install amd-gaiacrashedgaia connectors list/statuswith a rawModuleNotFoundError. This promoteskeyringto baseinstall_requires, matching the command's tier, so connectors works out of the box on every platform.Decision record (#1621, Option 1). keyring is featherweight (pure-Python +
jaraco.*; the cryptography/SecretStorage chain is Linux-only and ships as a prebuilt wheel) and base already pulls transformers/accelerate, so the added footprint is negligible — whereas a[connectors]extra (Option 2) would leave a base command needing an extra to avoid crashing. The guarded import in #1622 ships as defense-in-depth for stripped/minimal installs; the extras keep their own keyring declaration (so #1617's[api]guard stays green).Test plan
pytest tests/unit/test_base_keyring_dep.py— new regression guard: baseinstall_requiresdeclares keyringpytest tests/unit/test_api_extras.py— no regression; extras keep keyringutil/lint.py --allpip installpulls keyring +gaia connectors list/statusworks on macOS / Windows / Linux; guarded actionable error when keyring absent