feat: add static dependency analysis module and update metadata handling

[ogabrielluiz]

Summary by CodeRabbit

• New Features

  • Added automatic extraction and reporting of external package dependencies (with versions) to component metadata across all starter projects.
  • Dependency analysis now enriches component metadata, making it easier to identify required packages for each component.

• Refactor

  • Centralized and improved metadata enrichment for custom components, including robust error handling during dependency analysis.

• Style

  • Reformatted several JSON configuration files for improved readability and consistency.

• Tests

  • Introduced comprehensive unit tests to verify dependency analysis and metadata integration for custom components.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

A new Python module for static dependency analysis was introduced, enabling extraction of external package dependencies (with version info) from component source code. Existing utility functions were refactored to centralize metadata enrichment, now including dependency metadata. Multiple starter project JSONs were updated to explicitly list component dependencies. Comprehensive unit tests for dependency analysis and metadata integration were added.

Changes

File(s)	Change Summary
src/backend/base/langflow/custom/dependency_analyzer.py	New module: Provides AST-based analysis of Python code to extract/classify import dependencies and versions.
src/backend/base/langflow/custom/utils.py	Refactored: Centralized component metadata enrichment, now including dependency analysis and error handling.
src/backend/tests/unit/custom/test_utils_metadata.py	Added: Unit tests for dependency analysis, error handling, and metadata integration in custom components.
src/backend/base/langflow/initial_setup/starter_projects/*.json	Added/updated: Explicit "dependencies" metadata fields (package names/versions/counts) to component definitions.
src/backend/base/langflow/initial_setup/starter_projects/Sequential Tasks Agents.json	Reformatted: JSON arrays/objects reformatted for readability; some dependency metadata added.
src/backend/base/langflow/initial_setup/starter_projects/Youtube Analysis.json	Reformatted: JSON arrays/objects reformatted for readability.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant CustomComponent
    participant build_component_metadata
    participant dependency_analyzer

    User->>CustomComponent: Provides component code
    CustomComponent->>build_component_metadata: Request metadata enrichment
    build_component_metadata->>dependency_analyzer: analyze_component_dependencies(code)
    dependency_analyzer->>build_component_metadata: Returns dependency list
    build_component_metadata->>CustomComponent: Adds dependency metadata to component

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch add-deps-metadata

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 11

♻️ Duplicate comments (31)

src/backend/base/langflow/initial_setup/starter_projects/Memory Chatbot.json (1)

989-997: Same nesting issue as above

The Memory component repeats the double-nested dependencies key and again lists langflow, leading to the same concerns already raised for ChatInput.

src/backend/base/langflow/initial_setup/starter_projects/Invoice Summarizer.json (2)

690-702: Same nesting concern as above

The Needle component repeats the dependencies.dependencies pattern; apply whichever structure you decide on consistently across components.

---

911-919: Same nesting concern as above

ChatInput’s metadata shows the double-nesting pattern; keep the schema uniform with the resolution adopted for the other components.

src/backend/base/langflow/initial_setup/starter_projects/Simple Agent.json (1)

362-370: Same schema issue as above

The dependencies.dependencies double-nesting recurs here; apply the same flattening refactor for consistency.

src/backend/base/langflow/initial_setup/starter_projects/Travel Planning Agents.json (3)

542-558: Same schema issue as above

The ChatOutput component repeats the same nested pattern; please apply the flattening fix here as well.

---

1306-1314: Same schema issue as above

CalculatorComponent inherits the same redundant structure; align with the flattened format.

---

1473-1485: Same schema issue as above

SearchComponent metadata repeats the nested dependencies block; flatten it for consistency.

src/backend/base/langflow/initial_setup/starter_projects/Market Research.json (2)

868-885: Duplicate of earlier comment about redundant nesting of the “dependencies” object – applies here as well.

---

1237-1253: Duplicate of earlier comment about redundant nesting of the “dependencies” object – applies here as well.

src/backend/base/langflow/initial_setup/starter_projects/Twitter Thread Generator.json (6)

608-616: Same concern as earlier about duplicated single-item dependency blocks.

---

1061-1069: Same concern as earlier about duplicated single-item dependency blocks.

---

1178-1186: Same concern as earlier about duplicated single-item dependency blocks.

---

1295-1303: Same concern as earlier about duplicated single-item dependency blocks.

---

1412-1420: Same concern as earlier about duplicated single-item dependency blocks.

---

1529-1537: Same concern as earlier about duplicated single-item dependency blocks.

src/backend/base/langflow/initial_setup/starter_projects/Social Media Agent.json (3)

379-403: Same structural comment as above

The redundancy and manual total_dependencies issue are repeated here.

---

697-705: Same structural comment as above

Applies to the ChatInput node’s dependency block as well.

---

1021-1037: Same structural comment as above

Applies to the ChatOutput node’s dependency block.

src/backend/base/langflow/initial_setup/starter_projects/Custom Component Generator.json (1)

1938-1946: Same structural nit as above

The ChatInput block repeats the “object‐containing‐object” pattern called out for the previous component. Please apply the same flattening there for consistency.

src/backend/base/langflow/initial_setup/starter_projects/Hybrid Search RAG.json (5)

528-536: Same observation as above – consider flattening the nested "dependencies" key to avoid a dependencies.dependencies access path.

---

719-735: Same observation as above – consider flattening the nested "dependencies" key to avoid a dependencies.dependencies access path.

---

1042-1049: Same observation as above – consider flattening the nested "dependencies" key to avoid a dependencies.dependencies access path.

---

1246-1266: Same observation as above – consider flattening the nested "dependencies" key to avoid a dependencies.dependencies access path.

---

2651-2667: Same observation as above – consider flattening the nested "dependencies" key to avoid a dependencies.dependencies access path.

src/backend/base/langflow/initial_setup/starter_projects/Meeting Summary.json (6)

647-663: Same structural / validation remarks as above.

---

969-985: Same structural / validation remarks as above.

---

1291-1307: Same structural / validation remarks as above.

---

1791-1798: Same structural / validation remarks as above.

---

2130-2137: Same structural / validation remarks as above.

---

2557-2572: Same structural / validation remarks as above.

src/backend/base/langflow/initial_setup/starter_projects/Search agent.json (1)

294-302: Same schema comment applies here – see previous note about removing the extra “dependencies” key.

🧹 Nitpick comments (35)

src/backend/base/langflow/initial_setup/starter_projects/SEO Keyword Generator.json (1)

566-582: Avoid double-nesting under metadata.dependencies

The new structure

"metadata": {
  "dependencies": {
    "dependencies": [ ... ],
    "total_dependencies": 3
  }
}

introduces a redundant dependencies key that forces callers to use
node["metadata"]["dependencies"]["dependencies"] to access the list.
Unless the backend schema explicitly requires this extra level, flattening the object keeps the shape cleaner and easier to consume:

-          "dependencies": {
-            "dependencies": [
+          "dependencies": {
+            "items": [
               …
             ],
-            "total_dependencies": 3
+            "total": 3
           },

Consider adopting a single-level object (or rename the inner array to items) across all starter-project JSONs for consistency.

src/backend/base/langflow/initial_setup/starter_projects/Text Sentiment Analysis.json (2)

715-733: Nested “dependencies” object is overly verbose and risks confusion

Inside metadata.dependencies you again nest a dependencies key whose value is the array of packages.
That double-nesting (metadata.dependencies.dependencies) is redundant and makes downstream access cumbersome (metadata.dependencies.dependencies[0]…). Consider flattening to either:

"metadata": {
  "code_hash": "…",
  "dependencies": [
    { "name": "orjson",  "version": "3.10.15" },
    { "name": "fastapi", "version": "0.115.13" },
    { "name": "langflow","version": "1.5.0.post1" }
  ],
  "total_dependencies": 3
}

or keep the object but rename the inner key (e.g. packages).
This small change reduces field-path length and eliminates a naming collision.

---

1045-1061: Duplicate dependency declarations—consider centralising to avoid drift

The exact same dependency block appears in multiple ChatOutput nodes.
If future updates change versions, every copy must be edited, which is error-prone. Storing the list once (e.g. at project root or via a shared component reference) and referencing it from nodes would honour DRY and guarantee consistency across the flow file.

Ensure other components with identical runtime needs aren’t silently diverging in their declared versions.

src/backend/base/langflow/initial_setup/starter_projects/Youtube Analysis.json (1)

2048-2048: Typo: “YoutTube” → “YouTube” in README note

Tiny nit but worth fixing to keep the quick-start polished.

- - If you don't have a YoutTube API key, create one in the ...
+ - If you don't have a YouTube API key, create one in the ...

src/backend/base/langflow/initial_setup/starter_projects/Pokédex Agent.json (2)

116-124: Version pin may be too restrictive

langflow is locked to the exact patch release 1.5.0.post1. Unless a strict reproducibility requirement exists, consider loosening to a compatible-range spec (e.g., >=1.5,<2) so starter projects don’t break when critical patch releases land.

---

861-881: Missing lockfile / hash for security-sensitive HTTP stack

httpx, aiofiles, and validators are network-facing; pinning exact versions is good, but add a hash-based lockfile (e.g., requirements.txt with --hash) or SBOM entry so downstream consumers can verify integrity.

src/backend/base/langflow/initial_setup/starter_projects/Financial Report Parser.json (2)

486-494: Missing dependency: pydantic is used transitively

Although ChatInput itself imports only langflow, its runtime path relies on Pydantic models provided by langflow.
For consistency with the other nodes and to prevent surprises when Langflow’s optional dependencies are split in future releases, consider listing the indirect runtime-critical dependency explicitly (same reasoning applied to StructuredOutputComponent below).

---

1323-1339: Redundant nesting under "dependencies"

Inside the metadata block you have:

"dependencies": {
  "dependencies": [ ... ],
  "total_dependencies": 3
}

The duplicated key name makes the JSON a little awkward to traverse (metadata.dependencies.dependencies).
Unless this double-nesting is required by an existing schema, consider flattening to:

"dependencies": [
  { "name": "pydantic", "version": "2.10.6" },
  { "name": "trustcall", "version": "0.0.39" },
  { "name": "langflow", "version": "1.5.0.post1" }
],
"total_dependencies": 3

src/backend/base/langflow/initial_setup/starter_projects/Invoice Summarizer.json (1)

309-325: Avoid double-nesting of the dependency list

metadata.dependencies already conveys the idea of “dependencies”, yet a second "dependencies" key is introduced immediately inside it, leading to an awkward access path metadata.dependencies.dependencies.
Unless the consumer code explicitly requires this extra level, flattening makes the structure easier to read and less error-prone.

Example flattening:

-              "dependencies": {
-                "dependencies": [
+              "dependencies": [
                   {
                     "name": "orjson",
                     "version": "3.10.15"
                   },
                   {
                     "name": "fastapi",
                     "version": "0.115.13"
                   },
                   {
                     "name": "langflow",
                     "version": "1.5.0.post1"
                   }
-                ],
-                "total_dependencies": 3
-              },
+              ],
+              "total_dependencies": 3,

Please verify whether the downstream parser can handle this flatter shape; if so, prefer it for clarity.
Also note the langflow version (1.5.0.post1) is higher than the last_tested_version field (1.4.3) at line 1759 – double-check compatibility.

src/backend/base/langflow/initial_setup/starter_projects/Sequential Tasks Agents.json (3)

2812-2837: Yfinance component pulls in a large transitive set – reconsider pinning every leaf

yfinance==0.2.50, langchain_core==0.3.66, pydantic==2.10.6, … are all locked here. If strict reproducibility is the goal, fine – otherwise you can omit patch versions (or drop the pin altogether) and let the dependency analyzer surface the resolved graph automatically. This keeps the starter JSON smaller and avoids routine bumps in future PRs.

---

1800-1817: Field names drift: input_types vs inputTypes

Inside component templates you now use snake-case input_types, while edge/handle payloads still use camel-case inputTypes.
If both spellings aren’t normalised downstream you’ll get mismatched wiring in the UI. A quick grep across the backend for ["\']input_types["\'] vs inputTypes will confirm.

---

1-3950: Consider generating starter JSONs, not hand-editing

The diff is ~4 000 lines of structural re-formatting. In future, exporting these flows from Langflow or a small code-gen script will avoid noise and the risk of manual typos (e.g. exotic œ characters in edge IDs) while keeping reviews focused on substantive changes.

src/backend/base/langflow/initial_setup/starter_projects/Simple Agent.json (2)

195-203: Avoid redundant double-nesting under metadata.dependencies

"metadata": { "dependencies": { "dependencies": [...] } } creates an extra, unnecessary level.
Unless a downstream consumer explicitly expects dependencies.dependencies, flattening keeps the schema small and predictable.

-              "dependencies": {
-                "dependencies": [
+              "dependencies": [
                   {
                     "name": "langflow",
                     "version": "1.5.0.post1"
                   }
-                ],
-                "total_dependencies": 1
-              },
+              ],
+              "total_dependencies": 1,

Flatten here (and in the other components below) to reduce JSON depth and cognitive overhead.

---

1564-1588: Handle null version for bs4 explicitly

A null value may trip simple semver parsers. If the intent is “any version”, prefer an empty string or omit the version key altogether:

-                  {
-                    "name": "bs4",
-                    "version": null
-                  },
+                  { "name": "bs4" },

Guarding against null avoids downstream TypeError: expected str, got NoneType.

src/backend/base/langflow/initial_setup/starter_projects/Price Deal Finder.json (2)

797-813: Consistency nit – deeply nested dependencies.dependencies key

The structure

"dependencies": {
  "dependencies": [ … ],
  "total_dependencies": 3
}

is slightly redundant (dependencies.dependencies). Consider flattening to

"dependencies": [
  … 
],
"total_dependencies": 3

to avoid stutter and simplify downstream JSONPath queries.

---

1215-1231: Duplicate dependency declarations across components

Both AgentQL and TavilySearchComponent declare identical versions of httpx, loguru, and langflow. If multiple components are always shipped together, you can deduplicate by hoisting common deps to a project-level manifest and leaving component-level lists for truly unique requirements.

src/backend/base/langflow/initial_setup/starter_projects/Market Research.json (1)

198-208: Flatten nested “dependencies” object to avoid redundant keys

The new structure embeds a dependencies list inside another dependencies key:

"dependencies": {
  "dependencies": [ ... ],
  "total_dependencies": 1
}

This double-nesting makes downstream parsing awkward (node.metadata.dependencies.dependencies), duplicates the word “dependencies”, and is inconsistent with common conventions (e.g., pyproject.toml → tool.poetry.dependencies). A flatter shape is easier to consume:

-  "metadata": {
-    "code_hash": "...",
-    "dependencies": {
-      "dependencies": [
-        { "name": "langflow", "version": "1.5.0.post1" }
-      ],
-      "total_dependencies": 1
-    },
-    "module": "..."
-  }
+  "metadata": {
+    "code_hash": "...",
+    "dependencies": [
+      { "name": "langflow", "version": "1.5.0.post1" }
+    ],
+    "total_dependencies": 1,
+    "module": "..."
+  }

Unless another consumer requires the current shape, consider flattening now before it becomes a public contract.

src/backend/base/langflow/initial_setup/starter_projects/Twitter Thread Generator.json (1)

287-295: Reduce redundancy & tighten schema for dependency metadata

Every node copies the exact same single-item dependency block.
Carrying the same data N times inflates the JSON and invites drift.

Consider:

1. Keeping a single project_dependencies section at the root, or
2. In-node metadata:
   "dependencies": ["langflow==1.5.0.post1"] – flatten the now-redundant inner key.

This keeps payloads leaner and the schema simpler without losing information.

src/backend/base/langflow/initial_setup/starter_projects/Social Media Agent.json (1)

148-172: Flatten metadata.dependencies to avoid redundant nesting and manual counts

metadata.dependencies currently has an extra wrapper object:

"dependencies": {
  "dependencies": [ ... ],
  "total_dependencies": 5
}

Two small issues arise:

1. The inner key repeats the outer one – consumers must drill down two levels for the actual list.
2. total_dependencies is a denormalised, manually-maintained field that can silently drift from the list length.

Consider collapsing to a single array and letting tooling compute the count when needed:

-              "dependencies": {
-                "dependencies": [
+              "dependencies": [
                   { "name": "apify_client",         "version": "1.11.0" },
                   { "name": "langchain_community",  "version": "0.3.21" },
                   { "name": "langchain_core",       "version": "0.3.66" },
                   { "name": "pydantic",             "version": "2.10.6" },
                   { "name": "langflow",             "version": "1.5.0.post1" }
-                ],
-                "total_dependencies": 5
-              },
+              ],

This simplifies JSON structure, eliminates redundancy, and removes a field prone to becoming stale.

src/backend/base/langflow/initial_setup/starter_projects/News Aggregator.json (1)

209-225: Avoid redundant nesting inside dependencies metadata

The structure

"dependencies": {
  "dependencies": [ ... ],
  "total_dependencies": 3
}

adds an unnecessary level and duplicates the word dependencies. Consumers now have to read metadata.dependencies.dependencies, which is awkward and error-prone.

Flattening the array at the first level (and deriving the count where needed) keeps the schema simpler and self-explanatory.

-              "dependencies": {
-                "dependencies": [
+              "dependencies": [
                   { "name": "httpx",   "version": "0.27.2" },
                   { "name": "loguru",  "version": "0.7.3" },
                   { "name": "langflow", "version": "1.5.0.post1" }
-                ],
-                "total_dependencies": 3
-              },
+              ],

src/backend/base/langflow/initial_setup/starter_projects/Nvidia Remix.json (4)

236-244: Potential Langflow version mismatch and redundant key structure

lf_version is 1.4.2, yet the dependency list pins langflow to 1.5.0.post1.
Please confirm that the starter project is expected to run with the newer Langflow package while still declaring an older lf_version. If this is unintentional, align the versions or add a comment explaining the discrepancy.

In addition, the inner object repeats the word “dependencies”:

"dependencies": {
  "dependencies": [ … ],
  "total_dependencies": 1
}

Using a different key such as "packages" (or removing the outer wrapper altogether) would avoid the tautological naming and make downstream parsing less error-prone.

---

562-577: Verify package pinning & key duplication

1. The same lf_version ≠ langflow version mismatch noted above occurs here.
2. Confirm that the exact versions of orjson (3.10.15) and fastapi (0.115.13) exist on PyPI and are compatible with each other and the declared Langflow version.
3. Consider renaming the inner "dependencies" array key to avoid the double‐nesting redundancy.

---

1919-1931: Consistency check for EmbeddingModel dependencies

The array length (2) matches total_dependencies, so the count is correct.
However, the lf_version / langflow version mismatch and duplicate key structure raised in earlier hunks apply here as well.

---

2225-2236: FAISS component – same concerns

Same comments as above:
• Confirm Langflow version alignment.
• Consider renaming the inner "dependencies" key.

src/backend/base/langflow/initial_setup/starter_projects/SaaS Pricing.json (1)

736-744: Redundant nesting and self-dependency

Same nesting issue as above. Additionally, listing langflow as a dependency inside a LangFlow-shipped component may be misleading; consumers already require LangFlow to load the starter project. Consider removing or marking it internal to avoid circular/duplicate requirement tracking.

src/backend/base/langflow/initial_setup/starter_projects/Instagram Copywriter.json (1)

802-810: Redundant duplication of the key name “dependencies”

Inside the dependencies object you have a nested "dependencies" array, resulting in "dependencies": { "dependencies": [...] }.
You may want to flatten or rename one level to avoid tautology and deep-nesting for simple look-ups, e.g.:

-  "dependencies": {
-    "dependencies": [
+  "dependencies": [
     { "name": "langflow", "version": "1.5.0.post1" }
-    ],
-    "total_dependencies": 1
-  }
+  ],
+  "total_dependencies": 1

Not critical, but worth streamlining for consumers that parse this metadata.

src/backend/base/langflow/initial_setup/starter_projects/Custom Component Generator.json (1)

241-249: Nested dependencies key is redundant and increases JSON depth

Inside metadata.dependencies you nest another dependencies list rather than storing the list directly:

"dependencies": {
  "dependencies": [
    ...
  ],
  "total_dependencies": 1
}

Unless consumers of this file expect the extra nesting, consider the flatter structure below to avoid one useless level of indirection:

-  "dependencies": {
-    "dependencies": [
+  "dependencies": [
       { "name": "langflow", "version": "1.5.0.post1" }
-    ],
-    "total_dependencies": 1
-  }
+  ],
+  "total_dependencies": 1

src/backend/base/langflow/initial_setup/starter_projects/Research Agent.json (1)

1271-1287: Cross-component dependency drift risk

Three hard-pinned packages (httpx, loguru, langflow) are introduced here. Because every component now embeds its own pinned versions, the overall environment may easily become inconsistent (e.g., two components pin different patch versions of the same library).

Consider one of the following:

1. Keep only the name here and let a central lock-file (e.g., starter_projects/requirements.txt or Poetry group) dictate the exact version, or
2. Add CI that validates all metadata.dependencies.*.version pins across starter projects are identical.

This prevents silent conflicts during pip install.

src/backend/base/langflow/initial_setup/starter_projects/Research Translation Loop.json (3)

1080-1088: Duplication of identical dependency blocks

The exact same {langflow==1.5.0.post1} list is repeated across multiple component metadata nodes (Parser, Loop, Converter, …). Consider referencing a shared constant or omitting component-local metadata when no extra packages are required to avoid bloating the JSON.

---

1264-1272: Minor: total_dependencies can be computed

Storing an explicit count risks drifting out of sync when the list is edited. Consumers can call len(dependencies) instead; you can drop the redundant field.

---

1686-1694: Keep metadata lean

For utility components like TypeConverterComponent that rely only on core langflow, the added dependency block does not provide extra information and inflates the template size. Feel free to omit it unless downstream tooling strictly requires the field.

src/backend/base/langflow/initial_setup/starter_projects/Hybrid Search RAG.json (1)

209-217: Flatten the dependency structure inside metadata

metadata.dependencies currently contains a second-level key also called "dependencies".
This produces a slightly awkward access path (metadata.dependencies.dependencies) and forces consumers to remember two counters (total_dependencies vs list length).

A flatter shape is easier to work with and avoids the stutter:

-              "dependencies": {
-                "dependencies": [
+              "dependencies": {
+                "packages": [
                   {
                     "name": "langflow",
                     "version": "1.5.0.post1"
                   }
                 ],
-                "total_dependencies": 1
+                "total_packages": 1
               },

If you keep the current naming, please ensure downstream code isn’t already relying on the eventual key path before changing it.

src/backend/base/langflow/initial_setup/starter_projects/Search agent.json (1)

107-119: Avoid double-nesting: flatten the dependency list

metadata.dependencies.dependencies is redundant – the inner object repeats the “dependencies” key.
A flatter structure is easier to consume:

-  "dependencies": {
-    "dependencies": [
+  "dependencies": [
       { "name": "langflow", "version": "1.5.0.post1" },
       { "name": "scrapegraph_py", "version": "1.12.0" }
-    ],
-    "total_dependencies": 2
-  }
+  ],
+  "total_dependencies": 2

Apply the same pattern everywhere to keep the schema consistent.

src/backend/base/langflow/initial_setup/starter_projects/Vector Store RAG.json (2)

324-332: Avoid double-nesting under the same key name

Inside metadata.dependencies you again use the property name "dependencies".
e.g.

"metadata": {
  "dependencies": {
    "dependencies": [ … ]
  }
}

This repetition is confusing and makes programmatic access awkward (.metadata.dependencies.dependencies).
Consider flattening or renaming the inner array holder to something like "packages":

-  "dependencies": {
-    "dependencies": [
+  "dependencies": {
+    "packages": [
       …
     ],
-    "total_dependencies": 4
+    "total": 4
   }

A one-line change in the consumer code will keep the structure clearer and future-proof.

Also applies to: 808-819, 1110-1124, 1443-1455, 1992-2004, 2778-2797, 3575-3594

---

1440-1457: Duplicate component blocks—consider DRY’ing the JSON

Two separate blocks for OpenAIEmbeddingsComponent are identical except for a few surrounding attributes. If no per-instance override is required, referencing a single shared definition (or using a helper to inject the metadata during export) would reduce maintenance overhead.

Also applies to: 1989-2006

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fe1e45c and 929407b.

📒 Files selected for processing (34)

• src/backend/base/langflow/custom/dependency_analyzer.py (1 hunks)
• src/backend/base/langflow/custom/utils.py (6 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Basic Prompt Chaining.json (2 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Basic Prompting.json (2 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Blog Writer.json (4 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Custom Component Generator.json (3 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Document Q&A.json (2 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Financial Report Parser.json (3 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Hybrid Search RAG.json (6 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Image Sentiment Analysis.json (3 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Instagram Copywriter.json (4 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Invoice Summarizer.json (3 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Market Research.json (4 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Meeting Summary.json (7 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Memory Chatbot.json (3 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/News Aggregator.json (4 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Nvidia Remix.json (5 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Pokédex Agent.json (3 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Portfolio Website Code Generator.json (3 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Price Deal Finder.json (4 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Research Agent.json (3 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Research Translation Loop.json (6 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/SEO Keyword Generator.json (1 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/SaaS Pricing.json (2 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Search agent.json (3 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Sequential Tasks Agents.json (82 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Simple Agent.json (4 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Social Media Agent.json (4 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Text Sentiment Analysis.json (2 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Travel Planning Agents.json (4 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Twitter Thread Generator.json (8 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Vector Store RAG.json (7 hunks)
• src/backend/base/langflow/initial_setup/starter_projects/Youtube Analysis.json (72 hunks)
• src/backend/tests/unit/custom/test_utils_metadata.py (1 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

{src/backend/**/*.py,tests/**/*.py,Makefile}

📄 CodeRabbit Inference Engine (.cursor/rules/backend_development.mdc)

{src/backend/**/*.py,tests/**/*.py,Makefile}: Run make format_backend to format Python code before linting or committing changes
Run make lint to perform linting checks on backend Python code

Files:

• src/backend/tests/unit/custom/test_utils_metadata.py
• src/backend/base/langflow/custom/dependency_analyzer.py
• src/backend/base/langflow/custom/utils.py

src/backend/tests/unit/**/*.py

📄 CodeRabbit Inference Engine (.cursor/rules/backend_development.mdc)

Test component integration within flows using create_flow, build_flow, and get_build_events utilities

Files:

• src/backend/tests/unit/custom/test_utils_metadata.py

src/backend/tests/**/*.py

📄 CodeRabbit Inference Engine (.cursor/rules/testing.mdc)

src/backend/tests/**/*.py: Unit tests for backend code must be located in the 'src/backend/tests/' directory, with component tests organized by component subdirectory under 'src/backend/tests/unit/components/'.
Test files should use the same filename as the component under test, with an appropriate test prefix or suffix (e.g., 'my_component.py' → 'test_my_component.py').
Use the 'client' fixture (an async httpx.AsyncClient) for API tests in backend Python tests, as defined in 'src/backend/tests/conftest.py'.
When writing component tests, inherit from the appropriate base class in 'src/backend/tests/base.py' (ComponentTestBase, ComponentTestBaseWithClient, or ComponentTestBaseWithoutClient) and provide the required fixtures: 'component_class', 'default_kwargs', and 'file_names_mapping'.
Each test in backend Python test files should have a clear docstring explaining its purpose, and complex setups or mocks should be well-commented.
Test both sync and async code paths in backend Python tests, using '@pytest.mark.asyncio' for async tests.
Mock external dependencies appropriately in backend Python tests to isolate unit tests from external services.
Test error handling and edge cases in backend Python tests, including using 'pytest.raises' and asserting error messages.
Validate input/output behavior and test component initialization and configuration in backend Python tests.
Use the 'no_blockbuster' pytest marker to skip the blockbuster plugin in tests when necessary.
Be aware of ContextVar propagation in async tests; test both direct event loop execution and 'asyncio.to_thread' scenarios to ensure proper context isolation.
Test error handling by mocking internal functions using monkeypatch in backend Python tests.
Test resource cleanup in backend Python tests by using fixtures that ensure proper initialization and cleanup of resources.
Test timeout and performance constraints in backend Python tests using 'asyncio.wait_for' and timing assertions.
Test Langflow's Messag...

Files:

• src/backend/tests/unit/custom/test_utils_metadata.py

🧬 Code Graph Analysis (1)

src/backend/base/langflow/custom/utils.py (3)

src/backend/base/langflow/custom/dependency_analyzer.py (1)

• analyze_component_dependencies (122-143)

src/backend/base/langflow/custom/custom_component/custom_component.py (1)

• CustomComponent (35-541)

src/backend/base/langflow/template/frontend_node/custom_components.py (1)

• CustomComponentFrontendNode (45-70)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Optimize new Python code in this PR

🔇 Additional comments (66)

src/backend/base/langflow/initial_setup/starter_projects/SEO Keyword Generator.json (1)

573-575: fastapi 0.115.13 verified on PyPI – no change needed

Confirmed that version 0.115.13 is published and installable, so the dependency entry in src/backend/base/langflow/initial_setup/starter_projects/SEO Keyword Generator.json can remain as is.

src/backend/base/langflow/initial_setup/starter_projects/Basic Prompting.json (2)

121-129: Verify Langflow version alignment

langflow is pinned here to 1.5.0.post1, whereas the project-level last_tested_version a few lines below is 1.5.0.
Please confirm that post1 is the intended baseline and that the surrounding tooling (pip constraints, Docker image, CI cache, etc.) is aware of this exact build; otherwise dependency resolution in user environments could diverge.

---

628-644: Double-check pinned FastAPI / orjson versions

FastAPI 0.115.13 and orjson 3.10.15 look older than the current upstream releases.
Before merging, ensure these exact versions still receive security fixes and match the top-level requirements files; if not, consider bumping or using a compatible version range instead of hard pins to reduce future maintenance overhead.

src/backend/base/langflow/initial_setup/starter_projects/Youtube Analysis.json (2)

1661-1664: sender option values diverge from backend constants

The backend code uses the constants MESSAGE_SENDER_AI / MESSAGE_SENDER_USER, but the dropdown lists "Machine" / "User".
If these strings reach the server unchanged the value mapping will fail and could surface as message-routing bugs.

Please verify the intended vocabulary or add a mapping layer.

---

2754-2756: Same mismatch for ChatInput.sender options

ChatInput repeats the "Machine" / "User" values. Be sure the UI and backend agree on the canonical names.

src/backend/base/langflow/initial_setup/starter_projects/Basic Prompt Chaining.json (2)

675-692: Refactor nested dependencies structure for clarity

The current JSON uses a nested dependencies.dependencies array and a redundant total_dependencies field (which is derivable from the array length). Consider flattening to a single array and removing the count. It will simplify the schema and improve maintainability. You might also:

• Alphabetize entries (e.g. fastapi, langflow, orjson)
• Use semantic version specifiers (e.g. ~=) to ease future upgrades

File: src/backend/base/langflow/initial_setup/starter_projects/Basic Prompt Chaining.json
Lines: 675–692

-  "dependencies": {
-    "dependencies": [
+  "dependencies": [
       { "name": "fastapi",  "version": "0.115.13" },
       { "name": "langflow", "version": "1.5.0.post1" },
       { "name": "orjson",   "version": "3.10.15" }
-    ],
-    "total_dependencies": 3
-  },
+  ],

Please verify that any code or tooling consuming this schema is updated accordingly.

---

365-374: Consider flattening the dependencies structure

metadata.dependencies is itself an object that again contains a dependencies key, producing a slightly awkward metadata.dependencies.dependencies access pattern. Unless consumers explicitly expect this two-level nesting, flattening it avoids confusion and reduces the risk of bugs when the JSON is parsed elsewhere.

-              "dependencies": {
-                "dependencies": [
+              "dependencies": [
                   {
                     "name": "langflow",
                     "version": "1.5.0.post1"
                   }
-                ],
-                "total_dependencies": 1
-              },
+              ],

The list length can be derived at runtime, so storing total_dependencies is usually unnecessary.
Please verify how this field is consumed in the backend before adopting the change.

src/backend/base/langflow/initial_setup/starter_projects/Memory Chatbot.json (1)

470-486: fastapi 0.115.13 and orjson 3.10.15 are available on PyPI – no changes needed
Both versions have been confirmed to exist on PyPI; the starter project’s install will succeed as is.

src/backend/base/langflow/initial_setup/starter_projects/Pokédex Agent.json (1)

442-458: Double-check transitive overlap

fastapi already depends on orjson at compatible versions. Declaring both here is harmless but redundant; if the intent is minimal dependency surfaces, you could omit orjson and rely on the transitive pull.

src/backend/base/langflow/initial_setup/starter_projects/Financial Report Parser.json (1)

154-170: PyPI Version Check Passed

All pinned dependencies in src/backend/base/langflow/initial_setup/starter_projects/Financial Report Parser.json (lines 154–170) have been verified on PyPI:

• orjson==3.10.15
• fastapi==0.115.13
• langflow==1.5.0.post1

No further action required.

src/backend/base/langflow/initial_setup/starter_projects/Sequential Tasks Agents.json (1)

1914-1922: Verify pinned dependency versions

The new metadata.dependencies stanza is a welcome addition, but please double-check that the hard-pinned versions (langflow==1.5.0.post1 here and in other components) are still the ones shipped on PyPI. If the starter project lags behind the backend runtime, users will hit resolution conflicts the first time they pip install -r requirements.txt.

src/backend/base/langflow/initial_setup/starter_projects/Simple Agent.json (1)

689-705: Verify declared package versions actually exist

fastapi==0.115.13 and orjson==3.10.15 look forward-dated relative to currently published releases (latest FastAPI ~0.111.x at time of writing).
Pinning to non-existent versions will break automated installers that consume this metadata.

Action: double-check PyPI for the exact versions or relax to a compatible range (^0.111 etc.).

src/backend/base/langflow/initial_setup/starter_projects/Price Deal Finder.json (2)

141-149: Version mismatch between lf_version and declared dependency

The component reports lf_version "1.3.2" but the newly-added dependency pins langflow==1.5.0.post1.
If the runtime actually uses 1.3.2, this hard-pin will be silently ignored (or worse, lead to an unexpected upgrade when users run pip install). Please double-check which version is supposed to run in the starter project and align the numbers (or loosen the pin, e.g. >=1.3.2,<2).

---

466-482: Confirm completeness of dependency list

ChatOutput executes orjson.dumps, fastapi.encoders.jsonable_encoder, and plenty of langflow internals.
Make sure no other third-party packages are referenced at runtime (e.g. pydantic, typing_extensions). If the static analyser purposely filters transitive deps only to direct imports, disregard this note.

src/backend/base/langflow/initial_setup/starter_projects/Market Research.json (1)

510-526: Pinned PyPI Versions Verified

All three hard-pinned dependencies—fastapi==0.115.13, orjson==3.10.15, and langflow==1.5.0.post1—were confirmed to exist on PyPI. No changes are required.

src/backend/base/langflow/initial_setup/starter_projects/Twitter Thread Generator.json (1)

735-751: All pinned versions exist on PyPI
A check against PyPI confirms that both fastapi==0.115.13 and orjson==3.10.15 are valid releases. No changes are required.

• File: src/backend/base/langflow/initial_setup/starter_projects/Twitter Thread Generator.json (lines 735–751)

src/backend/base/langflow/initial_setup/starter_projects/News Aggregator.json (3)

582-590: ChatInput lists only langflow; likely missing external packages

ChatInput depends on core LangFlow internals but also imports modules such as langflow.base.data.utils, etc.
If the intention of this metadata is to capture external PyPI requirements, listing the project’s own distribution (langflow) adds no value, while omitting libraries (e.g. aiofiles, pydantic) that are imported indirectly.

Please double-check that the dependency extractor is filtering in/out the correct packages.

---

1255-1275: Pinned versions are valid on PyPI
All three packages—fastapi 0.115.13, pandas 2.2.3, and orjson 3.10.15—exist on PyPI and will resolve correctly. The original concern about unreleased versions can be ignored.

Likely an incorrect or invalid review comment.

---

933-949: fastapi version 0.115.13 is confirmed on PyPI—no change needed.
We’ve verified via the PyPI JSON API that release 0.115.13 exists.

src/backend/base/langflow/initial_setup/starter_projects/Portfolio Website Code Generator.json (2)

196-204: Eliminate redundant nesting and make room for version flexibility

The "dependencies" object repeats the "dependencies" key, resulting in
metadata.dependencies.dependencies[...].
This double-nesting is awkward to consume programmatically and adds no value.
Use a flatter structure or rename the inner list to something like "packages" and
move the count alongside it.

-  "dependencies": {
-    "dependencies": [
+  "dependencies": {
+    "packages": [
       { "name": "langflow", "version": "1.5.0.post1" }
     ],
-    "total_dependencies": 1
+    "total": 1
   },

Flattening also makes it easier to extend later with fields such as
"version_spec": ">=1.5,<2" instead of a hard pin.
[ suggest_essential_refactor ]

---

324-340: Pinned versions exist and installation will succeed

All three packages—fastapi==0.115.13, orjson==3.10.15, and langflow==1.5.0.post1—are available on PyPI. Installation with these exact pins will succeed without modification.

src/backend/base/langflow/initial_setup/starter_projects/Image Sentiment Analysis.json (2)

238-246: Dependency block looks consistent — no action needed

The list length (1) correctly matches total_dependencies, and the package string is syntactically valid.

---

555-571: No action needed: FastAPI and orjson versions are valid

Both orjson==3.10.15 and fastapi==0.115.13 have been confirmed to exist on PyPI and match recent releases. The versions in src/backend/base/langflow/initial_setup/starter_projects/Image Sentiment Analysis.json are correct as is.

src/backend/base/langflow/initial_setup/starter_projects/Nvidia Remix.json (1)

2574-2585: MCPTools component – version alignment

The MCPTools component repeats the version-mismatch pattern. Please verify that running Langflow 1.4.2 with langflow==1.5.0.post1 is intentional and safe.

src/backend/base/langflow/initial_setup/starter_projects/Instagram Copywriter.json (3)

321-329: Dependency block looks consistent 👍

The metadata addition follows the same schema introduced in other starter projects and the package/version pair is coherent with the project’s tested version (langflow==1.5.0.post1).

---

1626-1642: Good addition – external HTTP-centric deps declared

Declaring httpx and loguru up-front prevents surprises at runtime. Everything aligns with commonly available versions.

---

1086-1102: Verify FastAPI version pin

The entry "fastapi": "0.115.13" under "dependencies" looks invalid—FastAPI patch releases seldom exceed .3. Pinning to a non-existent version will break downstream installs. Please confirm on PyPI that 0.115.13 exists or update it to a valid release (e.g., 0.115.3).

Location:

• src/backend/base/langflow/initial_setup/starter_projects/Instagram Copywriter.json (lines 1086–1102)

src/backend/base/langflow/initial_setup/starter_projects/Custom Component Generator.json (1)

2264-2280: All pinned versions exist on PyPI – no changes needed

Both fastapi==0.115.13 and orjson==3.10.15 are valid releases on PyPI. You can safely keep these version pins as-is.

Likely an incorrect or invalid review comment.

src/backend/base/langflow/initial_setup/starter_projects/Research Agent.json (2)

481-489: Langflow version pin is ahead of last_tested_version – please confirm compatibility

langflow is pinned to 1.5.0.post1 while the project declaration (line 3126) still states it was last tested against 1.4.3.
If this flow is expected to work out-of-the-box for newcomers, the mismatch could introduce breakages or unexpected behaviour when the starter project is loaded on an older backend.

• Verify that the backend shipped with the starter projects has indeed been upgraded to ≥ 1.5.0.post1.
• If not, align either the last_tested_version field or the pinned dependency.

---

1689-1705: FastAPI 0.115.13 is valid on PyPI
Verification via curl/jq confirms that 0.115.13 exists in the FastAPI release list. No change required.

Likely an incorrect or invalid review comment.

src/backend/base/langflow/initial_setup/starter_projects/Research Translation Loop.json (1)

406-422: fastapi 0.115.13 validated as an official PyPI release

We queried PyPI’s JSON API and confirmed that fastapi 0.115.13 is listed among the published releases. No changes are needed.

src/backend/base/langflow/initial_setup/starter_projects/Search agent.json (1)

617-633: FastAPI 0.115.13 confirmed on PyPI – no changes needed

Both fastapi==0.115.13 and orjson==3.10.15 exist as declared, so the version in src/backend/base/langflow/initial_setup/starter_projects/Search agent.json (lines 617–633) is valid and can remain unchanged.

src/backend/base/langflow/initial_setup/starter_projects/Vector Store RAG.json (1)

321-329: Cross-check lf_version ↔ pinned langflow version

The nodes report lf_version values such as "1.1.1"/"1.2.0" while simultaneously declaring a dependency on "langflow" : "1.5.0.post1".
If lf_version is meant to indicate the runtime version of LangFlow, this mismatch can cause subtle runtime incompatibilities.

Please verify that either

1. the lf_version field is informational only (and can safely diverge), or
2. both fields are kept in lock-step.

A quick grep across starter projects for similar mismatches is advisable before release.

Also applies to: 805-816, 1109-1122, 1446-1452, 1995-2001, 2781-2795, 3578-3592

src/backend/base/langflow/initial_setup/starter_projects/Blog Writer.json (4)

356-364: LGTM! Clean dependency metadata addition.

The dependency metadata structure is well-formed and appropriately identifies the langflow framework dependency for the TextInputComponent.

---

481-497: LGTM! Comprehensive dependency metadata for ChatOutput.

The dependency list appropriately reflects the external packages needed by ChatOutput: JSON serialization (orjson), web framework (fastapi), and core framework (langflow). Version information is properly included.

---

821-829: LGTM! Appropriate dependency metadata for ParserComponent.

The single langflow dependency is correctly identified with proper version information for this parsing component.

---

1017-1041: LGTM! Comprehensive dependency tracking for URLComponent.

The dependency list accurately reflects the external packages needed for web scraping functionality. The null version for bs4 is acceptable as it may indicate version resolution limitations during analysis.

src/backend/base/langflow/custom/dependency_analyzer.py (6)

1-15: LGTM! Good version compatibility handling.

The module imports are appropriate and the fallback handling for sys.stdlib_module_names (Python 3.10+) is well-implemented. The fallback to builtin_module_names provides reasonable compatibility for older Python versions.

---

17-34: LGTM! Clean and well-designed data structures.

The DependencyInfo dataclass with frozen=True is appropriately immutable. The helper functions _top_level and _is_relative are simple and focused on their specific tasks.

---

36-68: LGTM! Robust AST visitor implementation.

The _ImportVisitor correctly handles both regular imports and from-imports, including proper relative import detection using node.level. The logic for reconstructing full module names and extracting top-level packages is sound.

---

70-87: LGTM! Robust version resolution with proper error handling.

The function appropriately attempts version resolution only for external packages and handles common exceptions gracefully. The error handling covers package not found, import errors, and attribute errors.

---

89-120: LGTM! Well-structured dependency analysis function.

The function properly parses AST, deduplicates dependencies by package name, and filters out standard library and local imports. The resolve_versions parameter provides good flexibility for different use cases.

---

122-144: LGTM! Robust wrapper function with comprehensive error handling.

The function provides a clean interface for component dependency analysis with excellent error handling. The fallback behavior ensures consistent return structure even when analysis fails, and the dependency filtering removes empty names appropriately.

src/backend/tests/unit/custom/test_utils_metadata.py (15)

145-147: LGTM! Well-structured test class for dependency analysis.

The test class is properly documented and follows pytest conventions.

---

148-155: LGTM! Good coverage of basic top-level package extraction.

The test properly validates the _top_level function with various import patterns including nested modules.

---

156-165: LGTM! Comprehensive relative import detection testing.

The test covers all relative import patterns (single dot, double dot, triple dot) and edge cases including None values.

---

166-192: LGTM! Thorough basic dependency analysis testing.

The test properly validates that:

• External dependencies (numpy, requests) are detected
• Standard library imports (os, sys, typing) are filtered out
• The function correctly processes mixed import statements

---

193-221: LGTM! Good test for optional dependency handling.

The test validates that dependencies in try-except blocks are still detected as regular dependencies, which aligns with the simplified analyzer approach mentioned in the AI summary.

---

222-253: LGTM! Comprehensive component dependency analysis test.

The test properly validates:

• Correct structure of returned dependency info
• Filtering of standard library imports
• Duplicate package prevention
• Proper handling of external dependencies

---

254-266: LGTM! Proper error handling validation.

The test ensures that invalid Python code doesn't crash the analyzer and returns appropriate fallback values.

---

267-280: LGTM! Simple but effective dataclass validation.

The test verifies the basic functionality of the DependencyInfo dataclass.

---

281-318: LGTM! Comprehensive test for dependency classification.

The test validates that the simplified analyzer correctly:

• Finds all external dependencies regardless of try-except wrapping
• Filters out standard library imports
• Marks all found dependencies as external (not local)

---

320-322: LGTM! Well-structured test class for metadata integration.

The test class properly focuses on testing the integration of dependency analysis with component metadata.

---

323-358: LGTM! Thorough metadata integration test.

The test properly validates that:

• All expected metadata fields are added (module, code_hash, dependencies)
• Dependency analysis is correctly integrated
• Standard library filtering works as expected

---

359-380: LGTM! Proper error handling test for metadata integration.

The test ensures that dependency analysis errors don't break metadata building and fallback values are properly set.

---

381-412: LGTM! Good test for external dependency detection.

The test validates that external dependencies (langflow) are properly detected while standard library imports are filtered out.

---

413-448: LGTM! Effective test for optional dependency handling in metadata.

The test confirms that optional dependencies in try-except blocks are properly detected and included in metadata.

---

449-507: LGTM! Excellent real-world component test.

The test uses realistic component code based on the LMStudio component and validates:

• Proper detection of external packages (httpx, langchain_openai, langflow)
• Correct filtering of standard library imports (typing, urllib)
• Complete metadata structure

This provides valuable integration testing with real component patterns.

src/backend/base/langflow/custom/utils.py (8)

2-2: LGTM! Good addition of future annotations import.

This import enables forward references and improves type safety, which is beneficial for the codebase.

---

12-12: LGTM! Proper type import organization.

The addition of Any to the typing imports is clean and follows good practices.

---

19-19: LGTM! Clean import of dependency analyzer.

The import statement properly adds the new dependency analysis functionality.

---

36-40: LGTM! Proper TYPE_CHECKING block usage.

The TYPE_CHECKING imports for UUID and CustomComponent follow best practices for avoiding circular imports while maintaining type safety.

---

486-488: LGTM! Clean integration of metadata building.

The call to build_component_metadata properly centralizes metadata enrichment and maintains the existing function signature and return behavior.

---

491-516: LGTM! Well-implemented metadata building function.

The function properly:

• Sets module metadata when provided
• Generates code hash for cache invalidation
• Integrates dependency analysis with proper error handling
• Uses appropriate logging for analysis failures
• Returns the enriched frontend node

The error handling is comprehensive, catching all relevant exception types and providing meaningful fallback values.

---

503-514: LGTM! Robust dependency analysis integration.

The dependency analysis integration includes:

• Proper exception handling for syntax and import errors
• Meaningful warning logs with component context
• Appropriate fallback values that maintain API consistency
• Clean separation of concerns

The error handling covers all the exception types that could arise from AST parsing and dependency analysis.

---

575-577: LGTM! Consistent metadata building integration.

The integration in build_custom_component_template properly uses the new helper function, maintaining consistency with the other template building function.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Avoid double nesting and ensure version consistency in the new dependencies metadata

1. The property is currently "dependencies": { "dependencies": [...] }, introducing an unnecessary level of nesting that complicates downstream parsing.
2. langflow 1.5.0.post1 is ahead of the last_tested_version (1.4.3) declared at the bottom of the file – this may break the starter project for users installing strictly-compatible versions.

Suggested minimal fix:

-              "dependencies": {
-                "dependencies": [
+              "dependencies": {
+                "packages": [
                   {
                     "name": "langflow",
                     "version": "1.5.0.post1"
                   }
-                ],
-                "total_dependencies": 1
+                ],
+                "total": 1
               },

Consider aligning the required langflow version with last_tested_version (or bumping that field) and applying the same shape to every starter-project file for consistency.

---

🏁 Script executed:

#!/bin/bash
# Show lines around the dependencies block
sed -n '140,170p' src/backend/base/langflow/initial_setup/starter_projects/Document\ Q&A.json
# Locate the last_tested_version field
grep -R '"last_tested_version"' -n src/backend/base/langflow/initial_setup/starter_projects/Document\ Q&A.json

Length of output: 618

---

🏁 Script executed:

#!/bin/bash
# Properly quote the path with spaces and special characters
FILE="src/backend/base/langflow/initial_setup/starter_projects/Document Q&A.json"

# Show lines around the dependencies block to verify nesting
sed -n '140,170p' "$FILE"

# Locate the last_tested_version field and its value
grep -R '"last_tested_version"' -n "$FILE"

Length of output: 1316

---

Refactor nested dependencies and sync Langflow version

The starter project’s metadata currently nests the array under "dependencies": { "dependencies": […] } and uses a "total_dependencies" key, while the locked langflow version (1.5.0.post1) exceeds the declared last_tested_version (1.4.3). To avoid downstream parsing complexity and prevent install-time breakage, please:

• In src/backend/base/langflow/initial_setup/starter_projects/Document Q&A.json, under metadata.dependencies:

• Rename the inner array key from dependencies to packages.
• Rename total_dependencies to total.
  • Align the required langflow version with last_tested_version (or bump that field) so they match.
  • Apply the same changes to every JSON in starter_projects for consistency.

Example diff for this file:

--- a/src/backend/base/langflow/initial_setup/starter_projects/Document Q&A.json
+++ b/src/backend/base/langflow/initial_setup/starter_projects/Document Q&A.json
@@ -145,9 +145,9 @@
               "metadata": {
                 "code_hash": "192913db3453",
-                "dependencies": {
-                  "dependencies": [
+                "dependencies": {
+                  "packages": [
                     {
                       "name": "langflow",
-                      "version": "1.5.0.post1"
+                      "version": "1.4.3"
                     }
-                ], "total_dependencies": 1
+                ], "total": 1
                 },
                 "module": "langflow.components.input_output.chat.ChatInput"
               },

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"dependencies": {
	"dependencies": [
	{
	"name": "langflow",
	"version": "1.5.0.post1"
	}
	],
	"total_dependencies": 1
	},
	"metadata": {
	"code_hash": "192913db3453",
	- "dependencies": {
	- "dependencies": [
	+ "dependencies": {
	+ "packages": [
	{
	"name": "langflow",
	- "version": "1.5.0.post1"
	+ "version": "1.4.3"
	}
	- ], "total_dependencies": 1
	+ ], "total": 1
	},
	"module": "langflow.components.input_output.chat.ChatInput"
	},

🤖 Prompt for AI Agents

In src/backend/base/langflow/initial_setup/starter_projects/Document Q&A.json
around lines 151 to 159, the dependencies object nests the array under
"dependencies" which should be renamed to "packages", and the key
"total_dependencies" should be renamed to "total" for clarity. Also, update the
langflow version from "1.5.0.post1" to match the last_tested_version "1.4.3" or
update last_tested_version to "1.5.0.post1" so they are consistent. Apply these
same changes to all JSON files in the starter_projects directory to maintain
uniformity.

[coderabbitai]

💡 Verification agent

❓ Verification inconclusive

Validate declared package versions & normalise schema

1. fastapi release numbers are <0.120.x> today – version 0.115.13 does not exist on PyPI (latest in that minor line is 0.115.2).
2. Same redundant nesting ("dependencies": { "dependencies": [...] }) as above.
3. orjson and fastapi are already transitive requirements of langflow; listing them here inflates the manifest and risks divergence.

Recommended diff:

-              "dependencies": {
-                "dependencies": [
+              "dependencies": {
+                "packages": [
                   { "name": "orjson",  "version": "3.10.15" },
-                  { "name": "fastapi", "version": "0.115.13" },
+                  { "name": "fastapi", "version": "0.115.2"  },
                   { "name": "langflow","version": "1.5.0.post1" }
-                ],
-                "total_dependencies": 3
+                ],
+                "total": 3
               },

If the intent is to surface only additional runtime requirements per-component, you can drop orjson / fastapi and rely on the project’s top-level dependency lock instead.

Please verify the version numbers against PyPI or your internal mirror.

---

Correct dependency schema and versions in Document Q&A starter project

The current manifest at src/backend/base/langflow/initial_setup/starter_projects/Document Q&A.json declares an invalid FastAPI version, uses nested dependencies keys, and redundantly lists transitive packages. Please update as follows:

• FastAPI 0.115.13 doesn’t exist on PyPI (latest in 0.115.x is 0.115.2)
• Flatten the schema to use "packages" and "total"
• Drop orjson/fastapi if they’re already pulled in by langflow (or accept the explicit list)

Recommended diff:

--- a/src/backend/base/langflow/initial_setup/starter_projects/Document Q&A.json
+++ b/src/backend/base/langflow/initial_setup/starter_projects/Document Q&A.json
@@ -455,9 +455,9 @@
-              "dependencies": {
-                "dependencies": [
+              "dependencies": {
+                "packages": [
                   { "name": "orjson",  "version": "3.10.15" },
-                  { "name": "fastapi", "version": "0.115.13" },
+                  { "name": "fastapi", "version": "0.115.2"  },
                   { "name": "langflow","version": "1.5.0.post1" }
-                ],
-                "total_dependencies": 3
+                ],
+                "total": 3
               },

If you intend only to surface non-langflow dependencies, you may remove orjson/fastapi entirely and rely on the top-level lock.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"dependencies": {
	"dependencies": [
	{
	"name": "orjson",
	"version": "3.10.15"
	},
	{
	"name": "fastapi",
	"version": "0.115.13"
	},
	{
	"name": "langflow",
	"version": "1.5.0.post1"
	}
	],
	"total_dependencies": 3
	},
	"dependencies": {
	"packages": [
	{
	"name": "orjson",
	"version": "3.10.15"
	},
	{
	"name": "fastapi",
	"version": "0.115.2"
	},
	{
	"name": "langflow",
	"version": "1.5.0.post1"
	}
	],
	"total": 3
	},

🤖 Prompt for AI Agents

In src/backend/base/langflow/initial_setup/starter_projects/Document Q&A.json
around lines 455 to 471, fix the dependency declaration by removing the nested
"dependencies" key and replacing it with a flat structure using "packages" and
"total". Correct the FastAPI version to a valid one like "0.115.2". Also, remove
orjson and fastapi from the list if they are already included transitively by
langflow, to avoid redundancy. Update the JSON schema accordingly to reflect
these changes.

[coderabbitai]

💡 Verification agent

❓ Verification inconclusive

Version mismatch between lf_version metadata and declared langflow dependency

All components keep "lf_version": "1.4.3" but now declare "langflow": "1.5.0.post1".
If users load this starter project in Langflow 1.4.x, pip will attempt to install 1.5.x at runtime, which may introduce incompatible APIs.

Confirm that the Starter Project is intended to target Langflow 1.5.x, and bump each component’s lf_version accordingly — or pin the dependency back to 1.4.3.

---

#!/bin/bash
rg -n '"lf_version"' -C1 src/backend/base/langflow/initial_setup/starter_projects

---

#!/bin/bash
# Search for lf_version in all starter project JSON files
rg -n --color=never '"lf_version"' -C1 src/backend/base/langflow/initial_setup/starter_projects

# Search for langflow dependency versions in the same files
rg -n --color=never '"langflow"' -C1 src/backend/base/langflow/initial_setup/starter_projects

---

#!/bin/bash
set -e

# List lf_version in all starter project JSON files
echo "=== lf_version entries ==="
rg -n '"lf_version"' -C1 src/backend/base/langflow/initial_setup/starter_projects

# List langflow dependency versions in all starter project JSON files
echo -e "\n=== langflow dependency versions ==="
rg -n '"name":\s*"langflow"' -C2 src/backend/base/langflow/initial_setup/starter_projects/*.json

---

Ensure Starter Projects target the correct Langflow version

The starter project JSON (src/backend/base/langflow/initial_setup/starter_projects/Image Sentiment Analysis.json) currently declares an lf_version of 1.4.3 in its metadata but lists "langflow": "1.5.0.post1" under dependencies. If someone opens this in Langflow 1.4.x, pip will upgrade Langflow to 1.5.x at runtime, which may break compatibility.

Please choose one of the following fixes:

• Bump every component’s "lf_version" metadata to 1.5.0.post1 so it matches the dependency.
• Or pin the "langflow" dependency back to 1.4.3 to align with the existing lf_version.

Files to update:

• src/backend/base/langflow/initial_setup/starter_projects/*.json
  • Update the "lf_version" field
  • Or adjust the "langflow" entry under "dependencies"

🤖 Prompt for AI Agents

In src/backend/base/langflow/initial_setup/starter_projects/Image Sentiment
Analysis.json around lines 1039 to 1055, the metadata field "lf_version" is set
to 1.4.3 but the "langflow" dependency is pinned to 1.5.0.post1, causing a
version mismatch. To fix this, either update the "lf_version" metadata to
1.5.0.post1 to match the dependency or change the "langflow" dependency version
back to 1.4.3 to align with the existing "lf_version". Ensure consistency
between these two version declarations to prevent runtime upgrade issues.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Consider flattening & validating the new dependency metadata structure

metadata.dependencies.dependencies introduces two consecutive keys named “dependencies”, producing a path like metadata.dependencies.dependencies[…].
That nesting is redundant and can be simplified to avoid deep-access boilerplate:

-              "dependencies": {
-                "dependencies": [
+              "dependencies": [
                   { "name": "assemblyai", "version": "0.35.1" },
                   { "name": "loguru",     "version": "0.7.3"  },
                   { "name": "langflow",   "version": "1.5.0.post1" }
-                ],
-                "total_dependencies": 3
-              },
+              ],
+              "total_dependencies": 3,

Flattening keeps semantic meaning while reducing one object layer and matches typical JSON API shapes (deps list + count).

In addition, please verify that all explicitly pinned versions exist on PyPI and are not yanked. FastAPI 0.115.13, for example, looks unusually high for the current series.

---

🏁 Script executed:

#!/usr/bin/env bash
# Verify every declared <name,version> in this file exists on PyPI
jq -r '..|objects|select(has("name") and has("version"))|"\(.name) \(.version)"' \
   src/backend/base/langflow/initial_setup/starter_projects/Meeting\ Summary.json |
while read -r pkg ver; do
  printf "%-15s %s\n" "$pkg" "$ver"
  curl -s "https://pypi.org/pypi/${pkg}/${ver}/json" | jq '.info.version' -e >/dev/null \
    || echo "  ❌  Version not found on PyPI"
done

Length of output: 2906

---

Flatten dependency metadata structure and confirm pinned versions

All explicitly pinned versions in this file exist on PyPI (no yanked or missing releases):

• assemblyai 0.35.1
• loguru 0.7.3
• langflow 1.5.0.post1
• orjson 3.10.15
• fastapi 0.115.13

To reduce redundant nesting in
src/backend/base/langflow/initial_setup/starter_projects/Meeting Summary.json (lines 318–334), update the JSON from:

-  "dependencies": {
-    "dependencies": [
-      { "name": "assemblyai", "version": "0.35.1" },
-      { "name": "loguru",     "version": "0.7.3"  },
-      { "name": "langflow",   "version": "1.5.0.post1" }
-    ],
-    "total_dependencies": 3
-  },

to:

+  "dependencies": [
+    { "name": "assemblyai", "version": "0.35.1" },
+    { "name": "loguru",     "version": "0.7.3"  },
+    { "name": "langflow",   "version": "1.5.0.post1" }
+  ],
+  "total_dependencies": 3,

This removes the extra dependencies nesting while preserving the count.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"dependencies": {
	"dependencies": [
	{
	"name": "assemblyai",
	"version": "0.35.1"
	},
	{
	"name": "loguru",
	"version": "0.7.3"
	},
	{
	"name": "langflow",
	"version": "1.5.0.post1"
	}
	],
	"total_dependencies": 3
	},
	"dependencies": [
	{
	"name": "assemblyai",
	"version": "0.35.1"
	},
	{
	"name": "loguru",
	"version": "0.7.3"
	},
	{
	"name": "langflow",
	"version": "1.5.0.post1"
	}
	],
	"total_dependencies": 3,

🤖 Prompt for AI Agents

In src/backend/base/langflow/initial_setup/starter_projects/Meeting Summary.json
around lines 318 to 334, the dependencies are nested unnecessarily inside a
"dependencies" key within another "dependencies" object. Flatten this structure
by removing the inner "dependencies" array and placing its items directly under
the outer "dependencies" key as an array. Keep the "total_dependencies" key
unchanged to preserve the count. Also, confirm that all pinned versions listed
(assemblyai 0.35.1, loguru 0.7.3, langflow 1.5.0.post1, orjson 3.10.15, fastapi
0.115.13) are correct and present on PyPI.

[coderabbitai]

🛠️ Refactor suggestion

Avoid redundant nesting and internal packages in the dependencies metadata

The structure

"dependencies": {
  "dependencies": [ ... ],
  "total_dependencies": 1
}

is unnecessarily nested and forces consumers to look up the same key twice.
Moreover, langflow is the host application itself, not an external runtime requirement – embedding it here creates circular coupling.

Consider flattening and restricting the field to external packages only:

-              "dependencies": {
-                "dependencies": [
-                  { "name": "langflow", "version": "1.5.0.post1" }
-                ],
-                "total_dependencies": 1
-              },
+              "dependencies": [
+                // external packages only
+              ],
+              "total_dependencies": 0,

This keeps the schema lean and prevents accidental self-dependency.

🤖 Prompt for AI Agents

In src/backend/base/langflow/initial_setup/starter_projects/Memory Chatbot.json
around lines 150 to 160, the dependencies metadata is redundantly nested under a
"dependencies" key containing another "dependencies" array, and it incorrectly
includes the host application "langflow" as a dependency. To fix this, flatten
the structure by removing the nested "dependencies" key and array, and exclude
"langflow" from the list so that only external runtime dependencies are listed,
keeping the metadata schema simple and avoiding circular self-dependency.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Verify versions & consider flattening dependencies structure

1. langflow is pinned to 1.5.0.post1, yet the surrounding template still reports lf_version: "1.4.3". Make sure the runtime environment really ships with 1.5.x; otherwise the starter project will break at load-time.
2. Double-nesting a list under the same key ("dependencies": { "dependencies": [...] }) is slightly awkward JSON design and makes programmatic access more verbose (obj["dependencies"]["dependencies"]). A flatter shape such as "deps": [...] or merging the list directly under "dependencies" would be cleaner.

Use the script below to prove the required versions exist on PyPI:

---

🏁 Script executed:

#!/usr/bin/env bash
pkgs=(
  "defusedxml==0.7.1"
  "langflow==1.5.0.post1"
)
for spec in "${pkgs[@]}"; do
  pkg="${spec%%==*}"; ver="${spec##*==}"
  if curl -s "https://pypi.org/pypi/${pkg}/${ver}/json" | jq .info.version >/dev/null; then
    echo "✅  $spec found"
  else
    echo "❌  $spec NOT found on PyPI"
  fi
done

Length of output: 452

---

🏁 Script executed:

#!/bin/bash
rg -n '"lf_version"' -C2 "src/backend/base/langflow/initial_setup/starter_projects/Research Translation Loop.json"

Length of output: 1253

---

Align lf_version with pinned Langflow version & simplify dependencies structure

Verified that both defusedxml==0.7.1 and langflow==1.5.0.post1 exist on PyPI. Please address the following in src/backend/base/langflow/initial_setup/starter_projects/Research Translation Loop.json:

• Update every occurrence of

  "lf_version": "1.4.3"

  to

  "lf_version": "1.5.0.post1"

• Flatten the nested dependencies object. For example, replace:

  "dependencies": {

• "dependencies": [

• "dependencies": [
  { "name": "defusedxml", "version": "0.7.1" },
  { "name": "langflow", "version": "1.5.0.post1" }
  ],
  "total_dependencies": 2
  },

with:
```json
"dependencies": [
  { "name": "defusedxml", "version": "0.7.1" },
  { "name": "langflow",  "version": "1.5.0.post1" }
],
"total_dependencies": 2,

This will ensure consistency between your template metadata and actual runtime versions, and make programmatic access to dependencies more straightforward.

🤖 Prompt for AI Agents

In src/backend/base/langflow/initial_setup/starter_projects/Research Translation
Loop.json around lines 232 to 244, update all instances of "lf_version" from
"1.4.3" to "1.5.0.post1" to match the pinned Langflow version. Additionally,
simplify the dependencies structure by removing the nested "dependencies" object
inside "dependencies" and instead make "dependencies" a flat array of dependency
objects, followed by the "total_dependencies" key. This will align versioning
and improve the structure for easier access.

[coderabbitai]

🛠️ Refactor suggestion

Version drift between lf_version and declared dependency

All components here still declare lf_version: "1.4.3" while pinning langflow to 1.5.0.post1. If the hosting runtime only bundles 1.4.x APIs, templates may fail when the newer code path is exercised.

Bring both values in sync or state a clear migration strategy.

🤖 Prompt for AI Agents

In src/backend/base/langflow/initial_setup/starter_projects/Research Translation
Loop.json around lines 734 to 742, the lf_version is set to "1.4.3" while the
langflow dependency is pinned to "1.5.0.post1", causing a version mismatch. To
fix this, update the lf_version value to match the langflow dependency version
"1.5.0.post1" or adjust both to the same compatible version. Ensure both
versions are consistent to prevent runtime API incompatibility issues.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Flatten the duplicated “dependencies” hierarchy & double-check version strings

The metadata.dependencies object itself contains another dependencies key that re-wraps the list, creating an unnecessary extra layer:

"dependencies": {
    "dependencies": [ ... ],
    "total_dependencies": 3
}

A flatter structure is less verbose and less error-prone to traverse:

-          "dependencies": {
-            "dependencies": [
-              { "name": "orjson",  "version": "3.10.15" },
-              { "name": "fastapi", "version": "0.115.13" },
-              { "name": "langflow","version": "1.5.0.post1" }
-            ],
-            "total_dependencies": 3
-          },
+          "dependencies": [
+            { "name": "orjson",  "version": "3.10.15" },
+            { "name": "fastapi", "version": "0.115.13" },
+            { "name": "langflow","version": "1.5.0.post1" }
+          ],
+          "total_dependencies": 3,

Also, please verify that fastapi==0.115.13 actually exists on PyPI—FastAPI’s current numbering seldom reaches a fourth segment.

---

🏁 Script executed:

#!/bin/bash
# Does the specified FastAPI version exist?
curl -s https://pypi.org/pypi/fastapi/json | jq -e '.releases["0.115.13"]' >/dev/null \
  && echo "Version exists 🟢" || echo "Version NOT found 🔴"

Length of output: 121

---

Flatten metadata.dependencies structure & confirmed FastAPI version

We’ve verified that fastapi==0.115.13 exists on PyPI, so let’s clean up the JSON by removing the extra nesting:

• File: src/backend/base/langflow/initial_setup/starter_projects/SaaS Pricing.json
Lines ~372–390

Apply this diff:

-          "metadata": {
-            "code_hash": "6f74e04e39d5",
-            "dependencies": {
-              "dependencies": [
-                { "name": "orjson",  "version": "3.10.15" },
-                { "name": "fastapi", "version": "0.115.13" },
-                { "name": "langflow","version": "1.5.0.post1" }
-              ],
-              "total_dependencies": 3
-            },
+          "metadata": {
+            "code_hash": "6f74e04e39d5",
+            "dependencies": [
+              { "name": "orjson",  "version": "3.10.15" },
+              { "name": "fastapi", "version": "0.115.13" },
+              { "name": "langflow","version": "1.5.0.post1" }
+            ],
+            "total_dependencies": 3,
           }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"metadata": {
	"code_hash": "6f74e04e39d5",
	"dependencies": {
	"dependencies": [
	{
	"name": "orjson",
	"version": "3.10.15"
	},
	{
	"name": "fastapi",
	"version": "0.115.13"
	},
	{
	"name": "langflow",
	"version": "1.5.0.post1"
	}
	],
	"total_dependencies": 3
	},
	"metadata": {
	"code_hash": "6f74e04e39d5",
	"dependencies": [
	{
	"name": "orjson",
	"version": "3.10.15"
	},
	{
	"name": "fastapi",
	"version": "0.115.13"
	},
	{
	"name": "langflow",
	"version": "1.5.0.post1"
	}
	],
	"total_dependencies": 3
	},

🤖 Prompt for AI Agents

In src/backend/base/langflow/initial_setup/starter_projects/SaaS Pricing.json
around lines 372 to 390, the metadata.dependencies field is unnecessarily nested
inside another dependencies key. Flatten this structure by removing the extra
dependencies nesting so that the list of dependencies and total_dependencies are
directly under metadata.dependencies. Also, confirm the FastAPI version remains
as 0.115.13.

[coderabbitai]

🛠️ Refactor suggestion

Avoid double-nesting the dependencies block

The new structure:

"dependencies": {
  "dependencies": [ ... ],
  "total_dependencies": 1
}

is redundant and error-prone (field name repeated, risk of counts getting out of sync).
Flatten to a single array and derive the count whenever it is needed:

-"dependencies": {
-  "dependencies": [
-    { "name": "langflow", "version": "1.5.0.post1" }
-  ],
-  "total_dependencies": 1
-},
+"dependencies": [
+  { "name": "langflow", "version": "1.5.0.post1" }
+],

Do the same for every component to keep the schema minimal and consistent.

🤖 Prompt for AI Agents

In src/backend/base/langflow/initial_setup/starter_projects/Travel Planning
Agents.json around lines 232 to 240, the "dependencies" field is double-nested
with a "dependencies" array inside a "dependencies" object, which is redundant.
Flatten this structure by removing the outer "dependencies" object and keeping
only a single "dependencies" array. Remove the "total_dependencies" field and
ensure the count is derived dynamically when needed. Apply this flattening
consistently to all similar components in the file.

[coderabbitai]

⚠️ Potential issue

Specify an explicit googleapiclient version instead of null

"version": null will break deterministic installs and may pull in an unexpected major version (or none at all). Pin to a known-good release or omit the field entirely if you intend to inherit the version elsewhere.

-                    "version": null
+                    "version": "2.101.0"  // ← example; adjust to the version you support

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In src/backend/base/langflow/initial_setup/starter_projects/Youtube
Analysis.json around lines 535 to 537, the "googleapiclient" dependency has its
"version" set to null, which can cause non-deterministic installs and unexpected
version pulls. Fix this by specifying a known stable version number for
"googleapiclient" or remove the "version" field entirely if the version is
managed elsewhere to ensure consistent dependency resolution.

[codeflash-ai]

⚡️ Codeflash found optimizations for this PR

📄 7,582% (75.82x) speedup for _classify_dependency in src/backend/base/langflow/custom/dependency_analyzer.py

⏱️ Runtime : 4.77 milliseconds → 62.1 microseconds (best of 123 runs)

I created a new dependent PR with the suggested changes. Please review:

• ⚡️ Speed up function _classify_dependency by 7,582% in PR #9192 (add-deps-metadata) #9193

If you approve, it will be merged into this PR (branch add-deps-metadata).

[codeflash-ai]

This PR is now faster! 🚀 @ogabrielluiz accepted my optimizations from:

• ⚡️ Speed up function _classify_dependency by 7,582% in PR #9192 (add-deps-metadata) #9193

[codeflash-ai]

This PR is now faster! 🚀 codeflash-ai[bot] accepted my code suggestion above.

[jordanrfrazier]

What's the behavior downstream of this decision to fallback rather than fail?

[ogabrielluiz]

Failing would be good in terms of finding errors faster but since this is not a feature that would break any functionality I didn't want it breaking anything else.

[codecov]

Codecov Report

❌ Patch coverage is 87.77778% with 11 lines in your changes missing coverage. Please review.
✅ Project coverage is 34.02%. Comparing base (bd1bec6) to head (9963c28).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...ackend/base/langflow/custom/dependency_analyzer.py	89.47%	8 Missing ⚠️
src/backend/base/langflow/custom/utils.py	78.57%	3 Missing ⚠️

❌ Your project status has failed because the head coverage (3.80%) is below the target coverage (10.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9192      +/-   ##
==========================================
+ Coverage   33.91%   34.02%   +0.10%     
==========================================
  Files        1197     1198       +1     
  Lines       56542    56619      +77     
  Branches     5335     5335              
==========================================
+ Hits        19175    19262      +87     
+ Misses      37297    37287      -10     
  Partials       70       70              

Flag	Coverage Δ
backend	56.31% <87.77%> (+0.13%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/backend/base/langflow/custom/utils.py	39.08% <78.57%> (+0.37%)	⬆️
...ackend/base/langflow/custom/dependency_analyzer.py	89.47% <89.47%> (ø)

... and 4 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codeflash-ai]

⚡️ Codeflash found optimizations for this PR

📄 358% (3.58x) speedup for _get_distribution_version in langflow/custom/dependency_analyzer.py

⏱️ Runtime : 2.60 milliseconds → 567 microseconds (best of 5 runs)

I created a new dependent PR with the suggested changes. Please review:

• ⚡️ Speed up function _get_distribution_version by 358% in PR #9192 (add-deps-metadata) #9531

If you approve, it will be merged into this PR (branch add-deps-metadata).