add full flow

.gitignore

@@ -9,4 +9,5 @@
 *__pycache__
 .python-version
 .vscode/
-.pytest_cache/
+.pytest_cache/
+uploads/

app.py

@@ -1,4 +1,6 @@
 import logging
+import shutil
+from pathlib import Path
 
 import gradio as gr
 from mcp import StdioServerParameters
@@ -27,6 +29,11 @@ logger = logging.getLogger(__name__)
 logger.setLevel(logging.INFO)
 logger.addHandler(logging.StreamHandler())
 
+# this is to use the gradio-upload-mcp server for file uploads
+uploads_dir = Path("uploads")
+uploads_dir.mkdir(exist_ok=True)
+uploads_dir = uploads_dir.resolve()
+
 
 def _monkeypatch_gradio_save_history():
     """Guard against non-int indices in Gradio's chat history saver.
@@ -59,8 +66,13 @@ def _monkeypatch_gradio_save_history():
 _monkeypatch_gradio_save_history()
 
 
-async def chat_fn(message, history):
+async def chat_fn(message, history, persisted_attachments=None):
     # parse incoming history is a list of dicts with 'role' and 'content' keys
+    from datetime import datetime
+
+    timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+    logger.info(f"Received message: {message}")
+    logger.info(f"History: {history}")
     if len(history) > 0:
         summarized_history = await summarize_chat_history(
             history,
@@ -69,17 +81,62 @@ async def chat_fn(message, history):
         )
     else:
         summarized_history = ""
+    incoming_attachments = message.get("files", []) if isinstance(message, dict) else []
+    persisted_attachments = persisted_attachments or []
+    # If no new attachments are provided, keep using the previously persisted ones.
+    attachments = incoming_attachments or persisted_attachments
+    latest_attachment = attachments[-1] if attachments else []
+
+    logger.info(f"Summarized chat history:\n{summarized_history}")
+    logger.info(f"With attachments: {attachments} (incoming: {incoming_attachments})")
+    logger.info(f"Latest attachment: {latest_attachment}")
+    logger.info(f"Persisted attachments: {persisted_attachments}")
 
+    # if attachements are present message is a dict with 'text' and 'files' keys
+    message = message.get("text", "") if isinstance(message, dict) else message
+    # overwrite messages with the text content only
     message = message.strip()
     rewritten_message, is_rewritten_good = await qn_rewriter(
         message, summarized_history
     )
+
     if is_rewritten_good:
         logger.info(f"Rewritten question: {rewritten_message}")
     else:
         logger.info(f"Using original question: {message}")
         rewritten_message = None
     # Collect events from the agent run
+    # add chat summary to message
+    message = f"""
+        CHAT SUMMARY SO FAR:
+        {summarized_history}
+        CURRENT QUESTION FROM USER:
+        {message}
+        """
+    if len(attachments) > 0:
+        message += """Attached FILE:\n"""
+        # use the last file from the list of files only, as
+        # the single file is expected to be a pyproject.toml
+        # copy to uploads directory
+        if latest_attachment:
+            # take the last uploaded file
+            source_file = latest_attachment
+            file_name = f"{timestamp}_{Path(latest_attachment).name}"
+        elif len(persisted_attachments) > 0:
+            # take the last persisted file if no new uploads
+            source_file = persisted_attachments[-1]
+            file_name = f"{timestamp}_{Path(persisted_attachments[-1]).name}"
+        else:
+            source_file = None
+            file_name = None
+
+        logger.info(f"Copying uploaded file {source_file} to {uploads_dir}")
+        shutil.copy(source_file, uploads_dir / file_name)
+        message += f"""
+            FILE PATH: {uploads_dir / file_name}\n
+            """
+    logger.info(f"Final message to agent:\n{message}")
+    # Run the package discovery agent to build context
     context = agent.discover_package_info(
         user_input=message, reframed_question=rewritten_message
     )
@@ -94,12 +151,11 @@ async def chat_fn(message, history):
     return {
         "role": "assistant",
         "content": qa_answer,
-    }
+    }, attachments
 
 
 if __name__ == "__main__":
-    logger.info("Starting MCP client for GitHub MCP server")
-    logger.info(f"Using toolsets: {GITHUB_TOOLSETS}")
+    logger.info("Starting MCP client...")
 
     try:
         gh_mcp_params = StdioServerParameters(
@@ -125,12 +181,31 @@ if __name__ == "__main__":
             },
         )
         pypi_mcp_params = dict(
-            url="https://mcp-1st-birthday-pypi-mcp.hf.space/gradio_api/mcp/",
+            # url="https://mcp-1st-birthday-pypi-mcp.hf.space/gradio_api/mcp/",
+            url="https://mcp-1st-birthday-uv-pypi-mcp.hf.space/gradio_api/mcp/",
             transport="streamable-http",
         )
+        upload_mcp_params = StdioServerParameters(
+            command="uvx",
+            args=[
+                "--from",
+                "gradio[mcp]",
+                "gradio",
+                "upload-mcp",
+                # Base must be the Gradio root; upload-mcp adds
+                # /gradio_api/upload.
+                # The docs are misleading here, it has gradio_api/upload as the base.
+                "https://mcp-1st-birthday-uv-pypi-mcp.hf.space/",
+                uploads_dir.as_posix(),
+            ],
+        )
 
         pypi_mcp_client = MCPClient(
-            server_parameters=[pypi_mcp_params, gh_mcp_params],
+            server_parameters=[
+                pypi_mcp_params,
+                gh_mcp_params,
+                upload_mcp_params,
+            ],
             structured_output=True,
         )
 
@@ -139,6 +214,9 @@ if __name__ == "__main__":
             model_id=AGENT_MODEL,
         )
 
+        # Gradio chat interface state to persist uploaded files
+        files_state = gr.State([])
+
         with pypi_mcp_client as toolset:
             logger.info("MCP clients connected successfully")
 
@@ -148,19 +226,54 @@ if __name__ == "__main__":
             )
             # link package_agent to the chat function
 
+            # attach files from local machine
             demo = gr.ChatInterface(
                 fn=chat_fn,
+                chatbot=gr.Chatbot(
+                    height=600,
+                    type="messages",
+                ),
                 title="Package Upgrade Advisor",
                 type="messages",
+                # additional_inputs_accordion="Attach pyproject.toml file",
+                textbox=gr.MultimodalTextbox(
+                    label="pyproject.toml",
+                    file_types=[".toml"],
+                    file_count="single",
+                    min_width=100,
+                    sources="upload",
+                    inputs=files_state,
+                ),
+                additional_inputs=[files_state],
+                additional_outputs=[files_state],
                 save_history=True,
                 examples=[
                     ["Tell me about the 'requests' package. How to use it with JSON ?"],
                     [get_example_requirements_question()],
                     [get_example_pyproject_question()],
                     ["Which version of 'pandas' is compatible with 'numpy' 2.0?"],
+                    [
+                        {
+                            "text": """Can I upgrade my dependencies from
+                                       the attached pyproject.toml to work with
+                                       python 3.14? Any suggestions on
+                                       potential issues I should be aware of?""",
+                            "files": ["tests/test2.toml"],
+                        }
+                    ],
                 ],
+                stop_btn=True,
+                theme="compact",
             )
             demo.launch()
 
     finally:
-        logger.info("Disconnecting MCP client")
+        logger.info("Cleaning up MCP client resources")
+        # remove contents of uploads_dir
+        for f in uploads_dir.iterdir():
+            try:
+                f.unlink()
+            except Exception:
+                logger.exception(f"Failed to delete uploaded file: {f}")
+
+        logger.info("Shutdown complete.")

poetry.lock

@@ -142,6 +142,29 @@ files = [
     {file = "backports_asyncio_runner-1.2.0.tar.gz", hash = "sha256:a5aa7b2b7d8f8bfcaa2b57313f70792df84e32a2a746f585213373f900b42162"},
 ]
 
+[[package]]
+name = "beautifulsoup4"
+version = "4.14.2"
+description = "Screen-scraping library"
+optional = false
+python-versions = ">=3.7.0"
+groups = ["main"]
+files = [
+    {file = "beautifulsoup4-4.14.2-py3-none-any.whl", hash = "sha256:5ef6fa3a8cbece8488d66985560f97ed091e22bbc4e9c2338508a9d5de6d4515"},
+    {file = "beautifulsoup4-4.14.2.tar.gz", hash = "sha256:2a98ab9f944a11acee9cc848508ec28d9228abfd522ef0fad6a02a72e0ded69e"},
+]
+
+[package.dependencies]
+soupsieve = ">1.2"
+typing-extensions = ">=4.0.0"
+
+[package.extras]
+cchardet = ["cchardet"]
+chardet = ["chardet"]
+charset-normalizer = ["charset-normalizer"]
+html5lib = ["html5lib"]
+lxml = ["lxml"]
+
 [[package]]
 name = "brotli"
 version = "1.2.0"
@@ -1320,6 +1343,22 @@ profiling = ["gprof2dot"]
 rtd = ["ipykernel", "jupyter_sphinx", "mdit-py-plugins (>=0.5.0)", "myst-parser", "pyyaml", "sphinx", "sphinx-book-theme (>=1.0,<2.0)", "sphinx-copybutton", "sphinx-design"]
 testing = ["coverage", "pytest", "pytest-cov", "pytest-regressions", "requests"]
 
+[[package]]
+name = "markdownify"
+version = "1.2.2"
+description = "Convert HTML to markdown."
+optional = false
+python-versions = "*"
+groups = ["main"]
+files = [
+    {file = "markdownify-1.2.2-py3-none-any.whl", hash = "sha256:3f02d3cc52714084d6e589f70397b6fc9f2f3a8531481bf35e8cc39f975e186a"},
+    {file = "markdownify-1.2.2.tar.gz", hash = "sha256:b274f1b5943180b031b699b199cbaeb1e2ac938b75851849a31fd0c3d6603d09"},
+]
+
+[package.dependencies]
+beautifulsoup4 = ">=4.9,<5"
+six = ">=1.15,<2"
+
 [[package]]
 name = "markupsafe"
 version = "3.0.3"
@@ -2864,6 +2903,18 @@ files = [
     {file = "socksio-1.0.0.tar.gz", hash = "sha256:f88beb3da5b5c38b9890469de67d0cb0f9d494b78b106ca1845f96c10b91c4ac"},
 ]
 
+[[package]]
+name = "soupsieve"
+version = "2.8"
+description = "A modern CSS selector implementation for Beautiful Soup."
+optional = false
+python-versions = ">=3.9"
+groups = ["main"]
+files = [
+    {file = "soupsieve-2.8-py3-none-any.whl", hash = "sha256:0cc76456a30e20f5d7f2e14a98a4ae2ee4e5abdc7c5ea0aafe795f344bc7984c"},
+    {file = "soupsieve-2.8.tar.gz", hash = "sha256:e2dd4a40a628cb5f28f6d4b0db8800b8f581b65bb380b97de22ba5ca8d72572f"},
+]
+
 [[package]]
 name = "sse-starlette"
 version = "3.0.3"
@@ -3174,6 +3225,35 @@ h2 = ["h2 (>=4,<5)"]
 socks = ["pysocks (>=1.5.6,!=1.5.7,<2.0)"]
 zstd = ["zstandard (>=0.18.0)"]
 
+[[package]]
+name = "uv"
+version = "0.9.11"
+description = "An extremely fast Python package and project manager, written in Rust."
+optional = false
+python-versions = ">=3.8"
+groups = ["main"]
+files = [
+    {file = "uv-0.9.11-py3-none-linux_armv6l.whl", hash = "sha256:803f85cf25ab7f1fca10fe2e40a1b9f5b1d48efc25efd6651ba3c9668db6a19e"},
+    {file = "uv-0.9.11-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:6a31b0bd4eaec59bf97816aefbcd75cae4fcc8875c4b19ef1846b7bff3d67c70"},
+    {file = "uv-0.9.11-py3-none-macosx_11_0_arm64.whl", hash = "sha256:48548a23fb5a103b8955dfafff7d79d21112b8e25ce5ff25e3468dc541b20e83"},
+    {file = "uv-0.9.11-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.musllinux_1_1_aarch64.whl", hash = "sha256:cb680948e678590b5960744af2ecea6f2c0307dbb74ac44daf5c00e84ad8c09f"},
+    {file = "uv-0.9.11-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:9ef1982295e5aaf909a9668d6fb6abfc5089666c699f585a36f3a67f1a22916a"},
+    {file = "uv-0.9.11-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:92ff773aa4193148019533c55382c2f9c661824bbf0c2e03f12aeefc800ede57"},
+    {file = "uv-0.9.11-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:70137a46675bbecf3a8b43d292a61767f1b944156af3d0f8d5986292bd86f6cf"},
+    {file = "uv-0.9.11-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:b5af9117bab6c4b3a1cacb0cddfb3cd540d0adfb13c7b8a9a318873cf2d07e52"},
+    {file = "uv-0.9.11-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8cc86940d9b3a425575f25dc45247be2fb31f7fed7bf3394ae9daadd466e5b80"},
+    {file = "uv-0.9.11-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e97906ca1b90dac91c23af20e282e2e37c8eb80c3721898733928a295f2defda"},
+    {file = "uv-0.9.11-py3-none-manylinux_2_28_aarch64.whl", hash = "sha256:d901269e1db72abc974ba61d37be6e56532e104922329e0b553d9df07ba224be"},
+    {file = "uv-0.9.11-py3-none-manylinux_2_31_riscv64.whl", hash = "sha256:8abfb7d4b136de3e92dd239ea9a51d4b7bbb970dc1b33bec84d08facf82b9a6e"},
+    {file = "uv-0.9.11-py3-none-musllinux_1_1_armv7l.whl", hash = "sha256:1f8afc13b3b94bce1e72514c598d41623387b2b61b68d7dbce9a01a0d8874860"},
+    {file = "uv-0.9.11-py3-none-musllinux_1_1_i686.whl", hash = "sha256:7d414cfa410f1850a244d87255f98d06ca61cc13d82f6413c4f03e9e0c9effc7"},
+    {file = "uv-0.9.11-py3-none-musllinux_1_1_x86_64.whl", hash = "sha256:edc14143d0ba086a7da4b737a77746bb36bc00e3d26466f180ea99e3bf795171"},
+    {file = "uv-0.9.11-py3-none-win32.whl", hash = "sha256:af5fd91eecaa04b4799f553c726307200f45da844d5c7c5880d64db4debdd5dc"},
+    {file = "uv-0.9.11-py3-none-win_amd64.whl", hash = "sha256:c65a024ad98547e32168f3a52360fe73ff39cd609a8fb9dd2509aac91483cfc8"},
+    {file = "uv-0.9.11-py3-none-win_arm64.whl", hash = "sha256:4907a696c745703542ed2559bdf5380b92c8b1d4bf290ebfed45bf9a2a2c6690"},
+    {file = "uv-0.9.11.tar.gz", hash = "sha256:605a7a57f508aabd029fc0c5ef5c60a556f8c50d32e194f1a300a9f4e87f18d4"},
+]
+
 [[package]]
 name = "uvicorn"
 version = "0.38.0"
@@ -3276,4 +3356,4 @@ files = [
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.10,<3.15"
-content-hash = "cb3d331a7047ab0fb7e4a97e59ef8a75933ee86e4ac6e126fa8ec67299925aa5"
+content-hash = "8c1bb4d6fd49cbec6bfde5966b6f2490e520425a5c5e491617163b523ec7f85f"

pyproject.toml

@@ -19,6 +19,8 @@ dependencies = [
     "typer[all] (>=0.20.0,<0.21.0)",
     "gradio (>=5.49.1,<6.0.0)",
     "ddgs (>=9.9.1,<10.0.0)",
+    "uv (>=0.9.11,<0.10.0)",
+    "markdownify (>=1.2.2,<2.0.0)",
 ]
 
 

src/upgrade_advisor/agents/gh.py

@@ -1,24 +0,0 @@
-import logging
-
-from smolagents import CodeAgent
-
-logger = logging.getLogger(__name__)
-logger.setLevel(logging.INFO)
-logger.addHandler(logging.StreamHandler())
-
-
-class GitHubAgent:
-    """Agent that interacts with GitHub repositories using MCP tools."""
-
-    def __init__(self, model, tools=None):
-        self.model = model
-        if tools is None:
-            tools = []
-            logger.info("No tools provided; initializing with an empty toolset.")
-        self.agent = CodeAgent(
-            tools=tools,
-            model=model,
-            max_steps=10,
-            additional_authorized_imports=["json", "datetime", "math", "git"],
-        )
-        logger.info(f"GitHubAgent initialized with model and tools: {tools}.")

src/upgrade_advisor/agents/package.py

@@ -1,8 +1,8 @@
 import json
 import logging
-from typing import Iterator, Optional
+from pathlib import Path
+from typing import Iterator
 
-from pydantic import BaseModel
 from smolagents import CodeAgent
 from smolagents.mcp_client import MCPClient
 
@@ -14,28 +14,15 @@ from ..schema import (  # noqa
     PackageVersionResponseSchema,
 )
 from .prompts import get_package_discovery_prompt
+from .tools import ReadUploadFileTool
 
 logger = logging.getLogger(__name__)
 logger.setLevel(logging.INFO)
 logger.addHandler(logging.StreamHandler())
 logger.addHandler(logging.FileHandler("package_agent.log"))
 
-tool_schemas = {
-    # pypi_search returns full PyPI payload with info + releases
-    "PyPI_MCP_pypi_search": PackageSearchResponseSchema,  # corrected schema
-    "PyPI_MCP_pypi_search_version": PackageVersionResponseSchema,
-    "PyPI_MCP_resolve_repo_from_url": GithubRepoSchema,
-    "PyPI_MCP_github_repo_and_releases": PackageGitHubandReleasesSchema,
-}
 
-
-def map_tool_call_to_schema(tool_name: str) -> Optional[type[BaseModel]]:
-    return tool_schemas.get(tool_name, None)
-
-
-# TODO: The response from the agent is not being properly
-# parsed into the expected schema.
-# See https://github.com/huggingface/smolagents/pull/1660
+UPLOADS_DIR = Path("uploads").resolve()
 
 
 class PackageDiscoveryAgent:
@@ -44,11 +31,16 @@ class PackageDiscoveryAgent:
     def __init__(self, model, tools=None):
         self.model = model
         if tools is None:
-            tools = []
+            tool_list: list = []
             logger.info("No tools provided; initializing with an empty toolset.")
+        else:
+            tool_list = list(tools)
+
+        # additional custom tools
+        tool_list.append(ReadUploadFileTool(upload_root=UPLOADS_DIR))
 
         self.agent = CodeAgent(
-            tools=tools,
+            tools=tool_list,
             model=model,
             max_steps=10,
             add_base_tools=True,
@@ -61,9 +53,18 @@ class PackageDiscoveryAgent:
                 "typing",
                 "ast",
                 "packaging.version",
+                "packaging.specifiers",
+                "packaging.requirements",
+                "markdownify",
+                "sys",
+                "tomli",
+                "requests",
             ],
         )
-        logger.info(f"PackageDiscoveryAgent initialized with model and tools: {tools}.")
+        logger.info(
+            f"""PackageDiscoveryAgent initialized with model and tools: \n
+            {[tool.name for tool in tool_list]}."""
+        )
 
     def _discover_package_info(
         self, user_input: str, reframed_question: str = None

src/upgrade_advisor/agents/prompts.py

@@ -1,8 +1,12 @@
+import datetime
+
+
 def get_package_discovery_prompt(
     original_question: str, reframed_question: str = None
 ) -> str:
+    today_date = datetime.date.today().isoformat()
     user_input = f"""
-    USER QUESTION:
+    DETAILS OF THE DEVELOPER QUESTION:
     {original_question}
     """
     if reframed_question:
@@ -14,20 +18,38 @@ def get_package_discovery_prompt(
     packages.
     Your goal is to find relevant metadata about Python packages using the
     available tools and to compile a structured summary of your findings based
-    on the user's question.
+    on the user's question. If the user asks about upgrade recommendations,
+    compatibility issues, known bugs, or best practices, you should gather
+    relevant data and provide clear, actionable advice. You must verify the
+    compatibility of packages with specific Python versions or other packages
+    using the appropriate tools.
 
     The user may ask about package metadata, compatibility, known issues,
     upgrade recommendations, and best practices. For example, they may ask:
     - "What are the known issues with pandas version 1.2.0?"
     - "Is there a newer version of requests that fixes security vulnerabilities?"
     - "What are the upgrade recommendations for Django from 2.x to 3.x?"
-    - "Given my requirements.txt, is there something I should be aware of
+    - "Given my pyproject.toml, is there something I should be aware of
     before upgrading numpy to the latest version?"
     - "From my pyproject.toml, can you suggest any package upgrades or
     compatibility considerations if I upgrade scipy to version 1.7.0?"
+    - "Based on my pyproject.toml, are my current package versions compatible
+    with python 3.14?"
+    - "How to safely upgrade the packages in pyproject.toml to their highest
+    versions without breaking my project?"
+
+    Your knowledge cutoff may prevent you from knowing what's recent.
+    Always use the current date (ISO format YYYY-MM-DD): {today_date}
+    when reasoning about dates and
+    releases. Some tools also provide you the release date information, which
+    you can transform to ISO format and make comparisons.
 
     The first step to tackle such questions is to gather relevant data about the
-    packages involved using the available MCP tools. Use the tools to fetch
+    packages involved using the available MCP tools. Some tools like the
+    `resolve_environment`
+    can directly analyze a pyproject.toml content to find
+    compatibility issues and upgrade suggestions.
+    Use the tools to fetch
     package metadata, version history, release notes, compatibility info, and
     known issues. Then, analyze the collected data to identify any potential
     issues, improvements, or recommendations related to the user's question.
@@ -39,29 +61,30 @@ def get_package_discovery_prompt(
     `ast.literal_eval(tool_result)` to convert string representations of
     Python data structures into actual dicts/lists.
     - Always keep tool results as Python dicts/lists. Do not serialize them!!
+    - Make sure the dict also contains a "reasoning" field that explains
+    how you arrived at your final answer. Do not omit this field. Do not
+    mention the tool names, rather what the tool helped you discover.
     - Return the final structured object using: final_answer(<python_dict>)
     - Ensure the returned object STRICTLY matches the expected schema for that tool.
       Do not add or rename keys. Keep value types correct.
+    - To read the contents of any uploaded files, call the `read_upload_file` tool
+    with the path you received (direct file IO like `open()` is blocked).
 
     {user_input}
 
     HINTS:
     - MCP tool outputs are often structured (Python dict/list). Use them directly.
-    - If you get a string result, call _to_mapping(result) BEFORE indexing
+    - If you get a string result, make sure to convert it to a Python dict/list before indexing
     like result["info"].
+    - To send pyproject.toml content to the `resolve_environment` tool, you
+    will need to use the `upload_file_to_gradio` tool first to upload the file.
     - Also be careful of the types. Some fields may be optional or missing.
     Some fields are ints/floats.
     - Always prefer MCP tool data over web search data for package metadata.
     - However, If you decide to use the `web_search`, you must ONLY rely on the
-    official package website, PyPI page, or official GitHub repo.
-    - Your knowledge cutoff may prevent you from knowing what's recent.
-    So use the `time` module to get
-    the current date if needed to reason about versions or releases.
+    official package website, PyPI page, or official GitHub repo. 
     - NEVER fabricate data. If you cannot find the info, say so.
-    - For parsing version numbers, use the `packaging.version` module.
-    - Never use ast/json modules outside the helpers; import them once at
-    the top and only call _to_mapping / _extract_version_fallback.
+    - For parsing version numbers, use the `packaging.version` module. 
     - When you have gathered the required info, call final_answer with
-    the BEST structured object
-      that answers the user query according to the appropriate schema.
+    the BEST structured object that answers the user query according to the appropriate schema.
     """

src/upgrade_advisor/agents/tools.py

@@ -0,0 +1,56 @@
+import logging
+from pathlib import Path
+
+from smolagents.tools import Tool
+
+logger = logging.getLogger(__name__)
+logger.setLevel(logging.INFO)
+logger.addHandler(logging.StreamHandler())
+
+
+class ReadUploadFileTool(Tool):
+    """Tool to safely read files saved in the `uploads` directory."""
+
+    name = "read_upload_file"
+    description = """
+        Read a user-uploaded text file from the uploads directory.
+        Input: `path` should be the absolute path you received (or a filename)
+        under the `uploads` folder. Returns the file contents as text."""
+    inputs = {
+        "path": {
+            "type": "string",
+            "description": "Absolute or relative path to the uploaded file \
+                that is present under the `uploads` directory.",
+        }
+    }
+    output_type = "string"
+
+    def __init__(self, upload_root: Path):
+        self.upload_root = upload_root.resolve()
+        super().__init__()
+
+    def forward(self, path: str) -> str:
+        file_path = Path(path).expanduser()
+        if not file_path.is_absolute():
+            file_path = self.upload_root / file_path
+
+        try:
+            resolved = file_path.resolve()
+        except FileNotFoundError as exc:
+            raise FileNotFoundError(f"File not found: {file_path}") from exc
+
+        if not resolved.exists():
+            raise FileNotFoundError(f"File not found: {resolved}")
+
+        try:
+            resolved.relative_to(self.upload_root)
+        except ValueError as exc:
+            raise ValueError(
+                f"Refusing to read '{resolved}': \
+                    not inside uploads directory {self.upload_root}"
+            ) from exc
+
+        if resolved.is_dir():
+            raise IsADirectoryError(f"Refusing to read directory: {resolved}")
+
+        return resolved.read_text(encoding="utf-8")

src/upgrade_advisor/chat/prompts.py

@@ -14,6 +14,8 @@ def result_package_summary_prompt(
 
     Requirements:
     - Do not add speculation, hedging, or disclaimers.
+    - Do not try to fix numbers, dates, package names, or versions unless
+    they are clearly typos.
     - Do not mention the CONTEXT, your knowledge cutoff, or phrases like "according
       to the provided context."
     - DO NOT refer to the CONTEXT as "context" in your answer, just use

src/upgrade_advisor/schema/schema.py

@@ -83,6 +83,41 @@ class ErrorResponseSchema(BaseModel):
     error: str = Field(..., description="Error message")
 
 
+class ResolvedDep(BaseModel):
+    name: str = Field(..., description="Name of the resolved dependency")
+    version: str = Field(..., description="Version of the resolved dependency")
+    via: List[str] = Field(
+        ..., description="List of packages that required this dependency"
+    )
+
+    metainfo: Optional[str] = Field(
+        None, description="Additional metadata information about the dependency"
+    )
+
+    def update_indirect_dep(self, indirect_dep: str):
+        """Updates the via list with an indirect dependency."""
+        self.via.append(indirect_dep)
+
+
+class ResolveResult(BaseModel):
+    deps: Dict[str, ResolvedDep] = Field(
+        ..., description="Mapping of package names to their resolved dependencies"
+    )
+
+
+class UVResolutionResultSchema(BaseModel):
+    python_version: str = Field(..., description="Python version used for resolution")
+    uv_version: str = Field(
+        ..., description="Version of the uv tool used for resolution"
+    )
+    errored: bool = Field(
+        ..., description="Indicates if there was an error during resolution"
+    )
+    output: ResolveResult = Field(
+        ..., description="Output in validated ResolveResult format"
+    )
+
+
 if __name__ == "__main__":
     # Example usage
     example_package_info = PackageInfoSchema(

tests/test1.toml

@@ -0,0 +1,24 @@
+[project]
+name = "test-package"
+version = "0.1.0"
+description = ""
+authors = [
+    { name = "Geevarghese George", email = "4496097+thatgeeman@users.noreply.github.com" },
+]
+license = { text = "MIT License" }
+requires-python = ">=3.10"
+dependencies = [
+    "gradio (>=5.49.1,<6.0.0)",
+    "mcp (>=1.21.1,<2.0.0)",
+    "pytest (>=9.0.1,<10.0.0)",
+    "pytest-asyncio (>=1.3.0,<2.0.0)",
+]
+
+
+[build-system]
+requires = ["poetry-core>=2.0.0,<3.0.0"]
+build-backend = "poetry.core.masonry.api"
+
+[tool.poetry]
+package-mode = true
+packages = [{ include = "src/server" }, { include = "src/tools" }]

tests/test2.toml

@@ -0,0 +1,272 @@
+[build-system]
+requires = ["pdm-backend"]
+build-backend = "pdm.backend"
+
+[project]
+name = "fastapi"
+dynamic = ["version"]
+description = "FastAPI framework, high performance, easy to learn, fast to code, ready for production"
+readme = "README.md"
+license = "MIT"
+license-files = ["LICENSE"]
+requires-python = ">=3.8"
+authors = [
+    { name = "Sebastián Ramírez", email = "tiangolo@gmail.com" },
+]
+classifiers = [
+    "Intended Audience :: Information Technology",
+    "Intended Audience :: System Administrators",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python",
+    "Topic :: Internet",
+    "Topic :: Software Development :: Libraries :: Application Frameworks",
+    "Topic :: Software Development :: Libraries :: Python Modules",
+    "Topic :: Software Development :: Libraries",
+    "Topic :: Software Development",
+    "Typing :: Typed",
+    "Development Status :: 4 - Beta",
+    "Environment :: Web Environment",
+    "Framework :: AsyncIO",
+    "Framework :: FastAPI",
+    "Framework :: Pydantic",
+    "Framework :: Pydantic :: 1",
+    "Framework :: Pydantic :: 2",
+    "Intended Audience :: Developers",
+    "Programming Language :: Python :: 3 :: Only",
+    "Programming Language :: Python :: 3.8",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: 3.14",
+    "Topic :: Internet :: WWW/HTTP :: HTTP Servers",
+    "Topic :: Internet :: WWW/HTTP",
+]
+dependencies = [
+    "starlette>=0.40.0,<0.51.0",
+    "pydantic>=1.7.4,!=1.8,!=1.8.1,!=2.0.0,!=2.0.1,!=2.1.0,<3.0.0",
+    "typing-extensions>=4.8.0",
+    "annotated-doc>=0.0.2",
+]
+
+[project.urls]
+Homepage = "https://github.com/fastapi/fastapi"
+Documentation = "https://fastapi.tiangolo.com/"
+Repository = "https://github.com/fastapi/fastapi"
+Issues = "https://github.com/fastapi/fastapi/issues"
+Changelog = "https://fastapi.tiangolo.com/release-notes/"
+
+[project.optional-dependencies]
+
+standard = [
+    "fastapi-cli[standard] >=0.0.8",
+    # For the test client
+    "httpx >=0.23.0,<1.0.0",
+    # For templates
+    "jinja2 >=3.1.5",
+    # For forms and file uploads
+    "python-multipart >=0.0.18",
+    # To validate email fields
+    "email-validator >=2.0.0",
+    # Uvicorn with uvloop
+    "uvicorn[standard] >=0.12.0",
+    # TODO: this should be part of some pydantic optional extra dependencies
+    # # Settings management
+    # "pydantic-settings >=2.0.0",
+    # # Extra Pydantic data types
+    # "pydantic-extra-types >=2.0.0",
+]
+
+standard-no-fastapi-cloud-cli = [
+    "fastapi-cli[standard-no-fastapi-cloud-cli] >=0.0.8",
+    # For the test client
+    "httpx >=0.23.0,<1.0.0",
+    # For templates
+    "jinja2 >=3.1.5",
+    # For forms and file uploads
+    "python-multipart >=0.0.18",
+    # To validate email fields
+    "email-validator >=2.0.0",
+    # Uvicorn with uvloop
+    "uvicorn[standard] >=0.12.0",
+    # TODO: this should be part of some pydantic optional extra dependencies
+    # # Settings management
+    # "pydantic-settings >=2.0.0",
+    # # Extra Pydantic data types
+    # "pydantic-extra-types >=2.0.0",
+]
+
+all = [
+    "fastapi-cli[standard] >=0.0.8",
+    # # For the test client
+    "httpx >=0.23.0,<1.0.0",
+    # For templates
+    "jinja2 >=3.1.5",
+    # For forms and file uploads
+    "python-multipart >=0.0.18",
+    # For Starlette's SessionMiddleware, not commonly used with FastAPI
+    "itsdangerous >=1.1.0",
+    # For Starlette's schema generation, would not be used with FastAPI
+    "pyyaml >=5.3.1",
+    # For UJSONResponse
+    "ujson >=4.0.1,!=4.0.2,!=4.1.0,!=4.2.0,!=4.3.0,!=5.0.0,!=5.1.0",
+    # For ORJSONResponse
+    "orjson >=3.2.1",
+    # To validate email fields
+    "email-validator >=2.0.0",
+    # Uvicorn with uvloop
+    "uvicorn[standard] >=0.12.0",
+    # Settings management
+    "pydantic-settings >=2.0.0",
+    # Extra Pydantic data types
+    "pydantic-extra-types >=2.0.0",
+]
+
+[project.scripts]
+fastapi = "fastapi.cli:main"
+
+[tool.pdm]
+version = { source = "file", path = "fastapi/__init__.py" }
+distribution = true
+
+[tool.pdm.build]
+source-includes = [
+    "tests/",
+    "docs_src/",
+    "requirements*.txt",
+    "scripts/",
+    # For a test
+    "docs/en/docs/img/favicon.png",
+    ]
+
+[tool.tiangolo._internal-slim-build.packages.fastapi-slim.project]
+name = "fastapi-slim"
+
+[tool.mypy]
+plugins = ["pydantic.mypy"]
+strict = true
+
+[[tool.mypy.overrides]]
+module = "fastapi.concurrency"
+warn_unused_ignores = false
+ignore_missing_imports = true
+
+[[tool.mypy.overrides]]
+module = "fastapi.tests.*"
+ignore_missing_imports = true
+check_untyped_defs = true
+
+[[tool.mypy.overrides]]
+module = "docs_src.*"
+disallow_incomplete_defs = false
+disallow_untyped_defs = false
+disallow_untyped_calls = false
+
+[tool.pytest.ini_options]
+addopts = [
+  "--strict-config",
+  "--strict-markers",
+  "--ignore=docs_src",
+]
+xfail_strict = true
+junit_family = "xunit2"
+filterwarnings = [
+    "error",
+    'ignore:starlette.middleware.wsgi is deprecated and will be removed in a future release\..*:DeprecationWarning:starlette',
+    # see https://trio.readthedocs.io/en/stable/history.html#trio-0-22-0-2022-09-28
+    "ignore:You seem to already have a custom.*:RuntimeWarning:trio",
+    # TODO: remove after upgrading SQLAlchemy to a version that includes the following changes
+    # https://github.com/sqlalchemy/sqlalchemy/commit/59521abcc0676e936b31a523bd968fc157fef0c2
+    'ignore:datetime\.datetime\.utcfromtimestamp\(\) is deprecated and scheduled for removal in a future version\..*:DeprecationWarning:sqlalchemy',
+    # Trio 24.1.0 raises a warning from attrs
+    # Ref: https://github.com/python-trio/trio/pull/3054
+    # Remove once there's a new version of Trio
+    'ignore:The `hash` argument is deprecated*:DeprecationWarning:trio',
+    # Ignore flaky coverage / pytest warning about SQLite connection, only applies to Python 3.13 and Pydantic v1
+    'ignore:Exception ignored in. <sqlite3\.Connection object.*:pytest.PytestUnraisableExceptionWarning',
+]
+
+[tool.coverage.run]
+parallel = true
+data_file = "coverage/.coverage"
+source = [
+    "docs_src",
+    "tests",
+    "fastapi"
+]
+context = '${CONTEXT}'
+dynamic_context = "test_function"
+omit = [
+    "docs_src/response_model/tutorial003_04.py",
+    "docs_src/response_model/tutorial003_04_py310.py",
+]
+
+[tool.coverage.report]
+show_missing = true
+sort = "-Cover"
+
+[tool.coverage.html]
+show_contexts = true
+
+[tool.ruff.lint]
+select = [
+    "E",  # pycodestyle errors
+    "W",  # pycodestyle warnings
+    "F",  # pyflakes
+    "I",  # isort
+    "B",  # flake8-bugbear
+    "C4",  # flake8-comprehensions
+    "UP",  # pyupgrade
+]
+ignore = [
+    "E501",  # line too long, handled by black
+    "B008",  # do not perform function calls in argument defaults
+    "C901",  # too complex
+    "W191",  # indentation contains tabs
+]
+
+[tool.ruff.lint.per-file-ignores]
+"__init__.py" = ["F401"]
+"docs_src/dependencies/tutorial007.py" = ["F821"]
+"docs_src/dependencies/tutorial008.py" = ["F821"]
+"docs_src/dependencies/tutorial009.py" = ["F821"]
+"docs_src/dependencies/tutorial010.py" = ["F821"]
+"docs_src/custom_response/tutorial007.py" = ["B007"]
+"docs_src/dataclasses/tutorial003.py" = ["I001"]
+"docs_src/path_operation_advanced_configuration/tutorial007.py" = ["B904"]
+"docs_src/path_operation_advanced_configuration/tutorial007_pv1.py" = ["B904"]
+"docs_src/custom_request_and_route/tutorial002.py" = ["B904"]
+"docs_src/dependencies/tutorial008_an.py" = ["F821"]
+"docs_src/dependencies/tutorial008_an_py39.py" = ["F821"]
+"docs_src/query_params_str_validations/tutorial012_an.py" = ["B006"]
+"docs_src/query_params_str_validations/tutorial012_an_py39.py" = ["B006"]
+"docs_src/query_params_str_validations/tutorial013_an.py" = ["B006"]
+"docs_src/query_params_str_validations/tutorial013_an_py39.py" = ["B006"]
+"docs_src/security/tutorial004.py" = ["B904"]
+"docs_src/security/tutorial004_an.py" = ["B904"]
+"docs_src/security/tutorial004_an_py310.py" = ["B904"]
+"docs_src/security/tutorial004_an_py39.py" = ["B904"]
+"docs_src/security/tutorial004_py310.py" = ["B904"]
+"docs_src/security/tutorial005.py" = ["B904"]
+"docs_src/security/tutorial005_an.py" = ["B904"]
+"docs_src/security/tutorial005_an_py310.py" = ["B904"]
+"docs_src/security/tutorial005_an_py39.py" = ["B904"]
+"docs_src/security/tutorial005_py310.py" = ["B904"]
+"docs_src/security/tutorial005_py39.py" = ["B904"]
+"docs_src/dependencies/tutorial008b.py" = ["B904"]
+"docs_src/dependencies/tutorial008b_an.py" = ["B904"]
+"docs_src/dependencies/tutorial008b_an_py39.py" = ["B904"]
+
+
+[tool.ruff.lint.isort]
+known-third-party = ["fastapi", "pydantic", "starlette"]
+
+[tool.ruff.lint.pyupgrade]
+# Preserve types, even if a file imports `from __future__ import annotations`.
+keep-runtime-typing = true
+
+[tool.inline-snapshot]
+# default-flags=["fix"]
+# default-flags=["create"]