Update pyproject.toml to use PEP-621 dependency specification

[jameskrach]

• Updates pyproject.toml to use the PEP-621 specification format for optional dependencies
• Removes upper bounds on all version specifications
• Updates all workflows to use solely uv instead of poetry and uv
• Updates ruff version to >=0.12.3 and addresses some new minor linter errors

Summary by CodeRabbit

• Chores
  • Consolidated development and notebook-related dependencies into a single optional "dev" group for easier installation and management.
  • Updated dependency listings and version ranges for improved clarity and compatibility.
  • Improved test dependency installation process in the continuous integration workflow.
  • Transitioned all workflows and scripts from Poetry to the new "uv" tool for environment setup, dependency management, and command execution.
  • Enhanced testing by adding specific warning message checks for out-of-bound parameter scenarios.

[coderabbitai]

Walkthrough

The pyproject.toml file was updated to remove the [tool.poetry.group.dev] and [tool.poetry.group.nbtools] dependency groups. A new [project.optional-dependencies] table was introduced, consolidating all development and notebook-related dependencies under a single dev group with explicit version constraints and environment markers. The Python version requirement was loosened to ">=3.9" without an upper bound. The build system was switched from Poetry to uv_build. GitHub Actions workflows and shell scripts were modified to replace Poetry commands with uv equivalents, and the .gitignore was updated to ignore uv.lock. Test warnings were refined to check for specific messages.

Changes

File	Change Summary
pyproject.toml	Removed [tool.poetry] and optional groups; added [project.optional-dependencies] with consolidated dev group; loosened Python version; switched build backend to uv_build.
.github/workflows/*.yml	Replaced Poetry setup and commands with uv setup and commands across all workflows (tests, docs, lint, publish). Updated checkout and action versions.
scripts/*.sh	Replaced poetry run prefixes with uv run for running ruff and pre-commit commands.
.gitignore	Added uv.lock to ignored files.
.pre-commit-config.yaml	Updated ruff-pre-commit repository revision from v0.6.6 to v0.12.3.
bayes_opt/init.py	Reordered entries in __all__ list without adding or removing exports.
bayes_opt/constraint.py	Changed array reshape syntax in ConstraintModel.approx method from tuple concatenation to argument unpacking.
bayes_opt/exception.py	Reordered NotUniqueError in __all__ list without other code changes.
tests/test_seq_domain_red.py	Added specific warning message matches in tests for bounds exceeding global limits.
tests/test_target_space.py	Added specific warning message matches in tests for points outside parameter bounds.

Possibly related issues

• Add developer instructions #585: This PR directly addresses the issue by replacing Poetry-specific dependency groups with a PEP-621-compliant [project.optional-dependencies] table, consolidating development dependencies and switching workflows to use uv.

Poem

In the garden of toml, dependencies bloom,
Old groups are pruned, making space in the room.
Now dev tools unite, together they thrive,
With one single group, our workflow’s alive!
🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 44ba539 and 9d28aed.

📒 Files selected for processing (1)

• .github/workflows/run_tests.yml (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/run_tests.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: Python 3.12 - numpy >=2
• GitHub Check: Python 3.13 - numpy >=2
• GitHub Check: Python 3.12 - numpy >=1.25,<2
• GitHub Check: Python 3.9 - numpy >=1.25,<2
• GitHub Check: Python 3.11 - numpy >=1.25,<2
• GitHub Check: Python 3.10 - numpy >=2
• GitHub Check: Python 3.10 - numpy >=1.25,<2
• GitHub Check: Python 3.11 - numpy >=2
• GitHub Check: Python 3.9 - numpy >=2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (2)

pyproject.toml (1)

19-26: Upper bounds clash with newly-added requirements.txt

[project.dependencies] still caps NumPy and SciPy to <2.0.0, yet the freshly-added requirements.txt pins them to 2.x. Decide which source of truth wins and adjust one of them. At the moment a user installing with Poetry and a user installing from the flat file will end up with divergent ABI versions.

requirements-dev.txt (1)

1-145: Huge fully-pinned dev snapshot will rot quickly

A 400-line frozen list is excellent for archival reproduction but painful to maintain manually. Recommend:

1. Generate it via poetry export --with dev (or pip-compile).
2. Commit it as requirements-dev.lock plus a short, readable requirements-dev.in so humans review only meaningful changes.
3. Refresh automatically in CI (e.g. Renovate).

This keeps dev envs in sync without trapping the project on months-old packages.

🧹 Nitpick comments (4)

requirements.txt (1)

1-6: Add environment markers to model Python-specific constraints

The pyproject.toml correctly downgrades to NumPy 1.x / SciPy 1.x for Python < 3.13. Pinning unconditional 2.x here silently drops that safety net.

-numpy==2.3.1
-scipy==1.16.0
+numpy==2.3.1 ; python_version >= "3.13"
+numpy==1.26.4 ; python_version <  "3.13"
+scipy==1.16.0 ; python_version >= "3.13"
+scipy==1.11.4 ; python_version <  "3.13"

pyproject.toml (3)

28-35: Pinning one package with == but leaving the rest floating is inconsistent

In dev you pin ruff==0.6.6 but allow pytest, coverage, etc. to float. Either:

1. Adopt a freeze-everything philosophy (create/export a lock file), or
2. Keep all optional-dependency ranges flexible and rely on the lock produced by the installer (Poetry, PDM, etc.).

Mixing approaches invites non-reproducible CI failures.

---

36-47: Consider extracting the notebook / docs stack into its own docs group

nbtools currently bundles runtime notebook dependencies with Sphinx extensions. Splitting those into nb and docs (or re-using the growing “docs” convention) keeps environments lean: users who only want to run notebooks do not need to pull in the entire Sphinx tool-chain.

---

49-55: Redundant [tool.poetry] section can be dropped

Poetry ≥ 1.4 fully understands PEP-621 metadata. Keeping only requires-poetry under [tool.poetry] is fine, but packages can be moved to [tool.poetry.dynamic] or declared via the new packages = [...] key in [tool.poetry.dependencies] for clarity. Removing the legacy table eliminates ambiguity about which metadata Poetry ultimately reads.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d60b99d and d8ac119.

📒 Files selected for processing (3)

• pyproject.toml (1 hunks)
• requirements-dev.txt (1 hunks)
• requirements.txt (1 hunks)

🔇 Additional comments (1)

requirements.txt (1)

1-6: Review Comment Update: Version Pins Don’t Actually Conflict with pyproject.toml Constraints
The numpy and scipy pins in requirements.txt are within the bounds declared in pyproject.toml—numpy has no upper‐bound and scipy<2.0.0, so scipy==1.16.0 is allowed. The main risk is that those exact versions may not yet exist on PyPI, leading to install failures.

• pyproject.toml declares:

• "numpy>=1.25; python_version<'3.13'" and "numpy>=2.1.3; python_version>='3.13'"
• "scipy>=1.0.0,<2.0.0; python_version<'3.13'" and "scipy>=1.14.1,<2.0.0; python_version>='3.13'"
  • Neither package pin exceeds an upper bound, but pinning unreleased versions will break installs.

To ensure reproducible, working installs, generate your requirements.txt directly from Poetry’s lock file rather than hand-pinning:

poetry export --without-hashes --only main -f requirements.txt > requirements.txt

Likely an incorrect or invalid review comment.

[till-m]

Hey @jameskrach,

thanks for taking charge here! As already mentioned elsewhere, I think cleaning up the project file is necessary!
Please have a look at the test failure -- this may already be fixed by merging the dependency groups.

[till-m]

FYI for anyone who hasn't contributed yet (i.e. some commit on master) I need to manually approve workflows, but I'll keep an eye on this PR :)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

pyproject.toml (1)

39-40: Avoid hard-pinning ruff to an exact patch version
Locking ruff to 0.6.6 prevents bug-fix & security updates from reaching consumers. A conservative upper bound is usually sufficient (e.g. <0.7) while still allowing patch-level upgrades.

-    "ruff==0.6.6",
+    "ruff>=0.6.6,<0.7",

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d8ac119 and 1e950c6.

📒 Files selected for processing (1)

• pyproject.toml (1 hunks)

🔇 Additional comments (2)

pyproject.toml (2)

28-45: Consolidation of dev extras matches prior feedback – good catch
Merging the former dev and nbtools groups into a single [project.optional-dependencies].dev extra keeps the file PEP-621-compliant and removes duplication, exactly as requested in the earlier review by @till-m.

---

19-26: Double-check future-proof markers for Python 3.13
numpy>=2.1.3 and scipy>=1.14.1 are pinned for python_version>='3.13', but wheels for 3.13 may not exist the moment 3.13 is released. This can break pip install for early adopters. Please verify build availability or consider a laxer fallback until the ecosystem stabilises.

[jameskrach]

Also, one last comment I'd request you consider: the original dependency versions were specified using caret constraints, which cannot be expressed in the standard format from PEP-440. I've translated those to equivalent constraints in this PR, but I would request you consider removing the upper bounds on your dependency constraints entirely.

The reasons for doing so are best articulated by this quite lengthy post, but in short, upper bound constraints could cause breakages that downstream users are unable to resolve themselves, whereas without upper bound constraints, users can always simply downgrade to the last known working version of a dependency.

[till-m]

Feel free to drop the carets :)

Moreover, I think the rabbit might be right and ruff is too tightly version-constrained (and should probably be higher, the current version is seemingly 0.12.3). Could you also look into that?

[till-m]

@jameskrach to fix the problem, I think this line should change from

        poetry export -f requirements.txt --with dev,nbtools --without-hashes --output requirements-dev.txt

to

        poetry export -f requirements.txt --extras dev --without-hashes --output requirements-dev.txt

and similarly for the other workflows (or, alternatively, we switch to using uv everywhere in the workflows).

[jameskrach]

Updated the upper bound constraints and the workflow. Didn't have a chance to change the poetry thing to uv, but that may also involve changing some other things. I can look at it either later or in a follow-up PR if you like.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1e950c6 and 8593e7d.

📒 Files selected for processing (2)

• .github/workflows/run_tests.yml (1 hunks)
• pyproject.toml (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• pyproject.toml

[till-m]

Hey @jameskrach, it should indeed be --extras not --with :) you were quicker than I was apparently

[coderabbitai]

Actionable comments posted: 2

🔭 Outside diff range comments (1)

.github/workflows/run_tests.yml (1)

21-25: Potential NumPy ≥ 2 incompatibility with Python 3.9

NumPy 2.0 is dropping support for some older Python versions; final wheels may require ≥3.10. You already exclude 3.13+<2, but the reverse (3.9 + >=2) can still appear and break the matrix.

        exclude:
+          - python-version: "3.9"
+            numpy-version: ">=2"

🧹 Nitpick comments (9)

.pre-commit-config.yaml (1)

8-9: Add a trailing newline to satisfy linters

yamllint is already flagging “no new line character at the end of file”.
Appending a single \n keeps CI happy and avoids needless diffs later.

-    rev: v0.12.3
+    rev: v0.12.3
+

scripts/format.sh (1)

4-5: Order of commands leads to double work

ruff format writes changes, then ruff check --fix may re-write the same files.
Running check --fix first (or dropping --fix here) avoids two formatting passes and speeds CI.

-uv run ruff format bayes_opt tests
-uv run ruff check bayes_opt --fix
+uv run ruff check bayes_opt --fix
+uv run ruff format bayes_opt tests

scripts/check_precommit.sh (1)

4-5: Consider skipping pre-commit install in CI runs

pre-commit install writes to .git/hooks, which is irrelevant in CI and costs ~1 s.
pre-commit run … works fine without it.

-uv run pre-commit install

If the script is only for local dev keep it, otherwise you can drop it when invoking in pipelines.

scripts/check.sh (1)

4-5: Pass --config pyproject.toml explicitly for forward-compat

ruff auto-detects config today, but the project just switched to PEP-621 layout;
being explicit avoids surprises if the file is relocated.

-uv run ruff format --check bayes_opt tests
-uv run ruff check bayes_opt tests
+uv run ruff format --check --config pyproject.toml bayes_opt tests
+uv run ruff check --config pyproject.toml bayes_opt tests

.github/workflows/build_docs.yml (3)

21-25: Pin setup-uv major version to avoid breaking changes

astral-sh/setup-uv@v6 is fine today, but GitHub-Action major bumps can introduce breaking changes.
Sticking to the major tag and a minor pin (e.g. v6.0.1) keeps the workflow reproducible, aligning with the PR’s reproducibility goal.

-      - name: Install uv
-        uses: astral-sh/setup-uv@v6
+      - name: Install uv
+        uses: astral-sh/[email protected]

---

30-30: uv sync --extra dev fails if the extra is renamed

The extra is hard-coded; if the optional-dependency key changes (e.g., dev ➜ docs) docs will stop building.
Consider reusing a shared env var (defined in pyproject.toml or a matrix) to keep this DRY.

---

34-34: Parallel Sphinx build could speed up CI

make github defaults to a single process.
Adding SPHINXOPTS="-j auto" leverages parallel cores at no extra cost:

-          uv run make github
+          uv run make github SPHINXOPTS="-j auto"

.github/workflows/run_tests.yml (1)

34-35: uv add after uv sync defeats reproducibility

uv sync installs the locked set, then uv add mutates the environment ad-hoc, bypassing the lock file and creating network churn for every CI run.
Prefer a fully-locked path:

1. Add a separate extra (e.g. numpy2) in pyproject.toml and lock it once.
2. In CI, call uv sync --extra dev --extra numpy2.

This keeps builds hermetic and cache-friendly.

.github/workflows/format_and_lint.yml (1)

16-22: Cache opportunity for faster lint jobs

Because uv sync will fetch all packages on every run, you can shave ~30-40 s off the job by adding the built-in cache:

- name: Install uv
  uses: astral-sh/setup-uv@v6
  with:
    python-version: "3.9"
+    cache: true        # enables automatic ~/.cache/uv caching

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3e48bed and 73ba3ae.

📒 Files selected for processing (15)

• .github/workflows/build_docs.yml (1 hunks)
• .github/workflows/format_and_lint.yml (1 hunks)
• .github/workflows/python-publish.yml (2 hunks)
• .github/workflows/run_tests.yml (2 hunks)
• .gitignore (1 hunks)
• .pre-commit-config.yaml (1 hunks)
• bayes_opt/__init__.py (1 hunks)
• bayes_opt/constraint.py (1 hunks)
• bayes_opt/exception.py (1 hunks)
• pyproject.toml (2 hunks)
• scripts/check.sh (1 hunks)
• scripts/check_precommit.sh (1 hunks)
• scripts/format.sh (1 hunks)
• tests/test_seq_domain_red.py (1 hunks)
• tests/test_target_space.py (2 hunks)

✅ Files skipped from review due to trivial changes (3)

• .gitignore
• bayes_opt/exception.py
• bayes_opt/init.py

🚧 Files skipped from review as they are similar to previous changes (1)

• pyproject.toml

🧰 Additional context used

🧠 Learnings (1)

bayes_opt/constraint.py (1)

Learnt from: till-m
PR: bayesian-optimization/BayesianOptimization#566
File: bayes_opt/target_space.py:114-116
Timestamp: 2025-05-30T08:08:06.867Z
Learning: The `.lb` property of the `ConstraintModel` class in bayes_opt is always an array, so `.size` calls on `constraint.lb` are always valid and will not raise AttributeError.

🧬 Code Graph Analysis (1)

tests/test_seq_domain_red.py (1)

bayes_opt/domain_reduction.py (1)

• _trim (158-241)

🪛 actionlint (1.7.7)

.github/workflows/python-publish.yml

23-23: shellcheck reported issue in this script: SC2086:info:1:20: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 YAMLlint (1.37.1)

.pre-commit-config.yaml

[error] 9-9: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (7)

bayes_opt/constraint.py (1)

243-243: LGTM: Clean syntax modernization.

The change from tuple concatenation to argument unpacking with the splat operator is a good improvement. Both approaches produce identical reshape results, but the new syntax is more readable and modern.

tests/test_seq_domain_red.py (2)

159-159: LGTM: Enhanced warning specificity

The addition of the match parameter ensures the test specifically catches warnings about parameter bounds exceeding global bounds, making the test more precise and robust.

---

166-166: LGTM: Consistent warning message validation

Good consistency with the previous test case - both scenarios (bounds in order and out of order) now validate the same specific warning message pattern.

tests/test_target_space.py (2)

128-128: LGTM: Improved test precision

Adding the match parameter ensures this test specifically validates warnings about parameters being outside bounds, making the test more reliable and specific.

---

212-212: LGTM: Consistent warning validation pattern

The warning message matching aligns well with the test context and maintains consistency with the similar change on line 128.

.pre-commit-config.yaml (1)

3-7: Verify Ruff hook IDs in .pre-commit-config.yaml

Ruff-pre-commit v0.12.0 renamed the formatter hook from ruff-format → ruff. If the IDs don’t match, the hooks will silently no-op.

· File: .pre-commit-config.yaml (lines 3–7)
· Current snippet:

  - id: ruff
    name: ruff-lint
  - id: ruff-format
    name: ruff-format
    args: [--check]

Run:

pre-commit run --all-files --show-diff-on-failure

and confirm that both the formatting and lint hooks actually execute. If either no-ops, update the id: values to the correct hook names for v0.12.3 (currently ruff and ruff-format).

.github/workflows/run_tests.yml (1)

20-25: Matrix includes unreleased Python 3.13 – confirm job stability

3.13 is still pre-release. A large share of dependencies (including NumPy) do not publish wheels for it yet, so the matrix cell may fail unexpectedly and mask real regressions in supported versions.
Unless you explicitly target the dev branch of CPython, consider dropping 3.13 (or marking the job as continue-on-error) until it reaches beta.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.80%. Comparing base (d60b99d) to head (9d28aed).
Report is 2 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #584      +/-   ##
==========================================
- Coverage   97.81%   97.80%   -0.01%     
==========================================
  Files          10       10              
  Lines        1188     1186       -2     
==========================================
- Hits         1162     1160       -2     
  Misses         26       26              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[till-m]

Generally LGTM! Only slightly worried about the publishing workflow as it's hard to test 😬

[till-m]

Thanks for this great PR @jameskrach! I will merge it on friday :)

[jameskrach]

Great! Thanks for being open to the contribution!

[jameskrach]

@till-m hey - any idea when you’ll create a release with this and the new serialization changes (#582)?

[till-m]

Usually I like to wait a bit longer with making releases, but if it matters to you I can do it now. Just let me know.

[jameskrach]

It would help me close out an issue on a project that uses this package, but it could wait a week or so if needed.

[till-m]

should be up on pypi now and on conda probably by tomorrow :)

[jameskrach]

Amazing - thank you again for all your help!