# Human-edited dependency input.
# requirements.txt is a fully-pinned lockfile generated from THIS file
# via scripts/regenerate-lockfile.sh — never edit requirements.txt by
# hand. Add/remove deps here, then re-run the script.
#
# Why a lockfile: starlette 1.0 shipping in 2026-04 broke the dashboard
# because requirements.txt had no upper bounds and the next rebuild
# pulled the breaking version (TemplateResponse signature change). The
# lockfile + --require-hashes in the Dockerfile makes the build fully
# reproducible AND defends against compromised upstream mirrors.

fastapi
uvicorn[standard]
aiosqlite
httpx
pydantic-settings
jinja2
sse-starlette
asyncssh
itsdangerous>=2.1
bcrypt>=4.0,<5.0
python-multipart>=0.0.7