From f75e11403a24449373bd51b0a0342382a0c45bb6 Mon Sep 17 00:00:00 2001
From: eavanvalkenburg <github@vanvalkenburg.eu>
Date: Tue, 24 Mar 2026 17:26:31 +0100
Subject: [PATCH 1/2] pin litellm

---
 .worktrees/devui_datastar                 |  1 +
 .worktrees/issue-4675-duplicate-telemetry |  1 +
 .worktrees/issue-4676-a2a-sdk-update      |  1 +
 python/pyproject.toml                     |  4 ++
 python/uv.lock                            | 62 +++++++++++++++++++++--
 5 files changed, 66 insertions(+), 3 deletions(-)
 create mode 160000 .worktrees/devui_datastar
 create mode 160000 .worktrees/issue-4675-duplicate-telemetry
 create mode 160000 .worktrees/issue-4676-a2a-sdk-update

diff --git a/.worktrees/devui_datastar b/.worktrees/devui_datastar
new file mode 160000
index 0000000000..bf8d9672e1
--- /dev/null
+++ b/.worktrees/devui_datastar
@@ -0,0 +1 @@
+Subproject commit bf8d9672e147c42696a5a17b0ed37878196b6715
diff --git a/.worktrees/issue-4675-duplicate-telemetry b/.worktrees/issue-4675-duplicate-telemetry
new file mode 160000
index 0000000000..55cc6e85c0
--- /dev/null
+++ b/.worktrees/issue-4675-duplicate-telemetry
@@ -0,0 +1 @@
+Subproject commit 55cc6e85c08db4d7795a48e85261655efd895409
diff --git a/.worktrees/issue-4676-a2a-sdk-update b/.worktrees/issue-4676-a2a-sdk-update
new file mode 160000
index 0000000000..c551983295
--- /dev/null
+++ b/.worktrees/issue-4676-a2a-sdk-update
@@ -0,0 +1 @@
+Subproject commit c5519832953763b847b7cacc515edb78cf50d28d
diff --git a/python/pyproject.toml b/python/pyproject.toml
index f955062de1..b2dc74572e 100644
--- a/python/pyproject.toml
+++ b/python/pyproject.toml
@@ -49,6 +49,9 @@ dev = [
 [tool.uv]
 package = false
 prerelease = "if-necessary-or-explicit"
+# Keep transitive litellm pinned to a known-good wheel so compromised releases
+# cannot be selected during lock or sync.
+constraint-dependencies = ["litellm==1.82.1"]
 environments = [
     "sys_platform == 'darwin'",
     "sys_platform == 'linux'",
@@ -83,6 +86,7 @@ agent-framework-redis = { workspace = true }
 agent-framework-github-copilot = { workspace = true }
 agent-framework-claude = { workspace = true }
 agent-framework-orchestrations = { workspace = true }
+litellm = { url = "https://files.pythonhosted.org/packages/57/77/0c6eca2cb049793ddf8ce9cdcd5123a35666c4962514788c4fc90edf1d3b/litellm-1.82.1-py3-none-any.whl" }
 
 [tool.ruff]
 line-length = 120
diff --git a/python/uv.lock b/python/uv.lock
index f55686893e..c56865b72b 100644
--- a/python/uv.lock
+++ b/python/uv.lock
@@ -51,6 +51,7 @@ members = [
     "agent-framework-purview",
     "agent-framework-redis",
 ]
+constraints = [{ name = "litellm", url = "https://files.pythonhosted.org/packages/57/77/0c6eca2cb049793ddf8ce9cdcd5123a35666c4962514788c4fc90edf1d3b/litellm-1.82.1-py3-none-any.whl" }]
 
 [[package]]
 name = "a2a-sdk"
@@ -3102,7 +3103,7 @@ wheels = [
 [[package]]
 name = "litellm"
 version = "1.82.1"
-source = { registry = "https://pypi.org/simple" }
+source = { url = "https://files.pythonhosted.org/packages/57/77/0c6eca2cb049793ddf8ce9cdcd5123a35666c4962514788c4fc90edf1d3b/litellm-1.82.1-py3-none-any.whl" }
 dependencies = [
     { name = "aiohttp", marker = "sys_platform == 'darwin' or sys_platform == 'linux' or sys_platform == 'win32'" },
     { name = "click", marker = "sys_platform == 'darwin' or sys_platform == 'linux' or sys_platform == 'win32'" },
@@ -3117,9 +3118,8 @@ dependencies = [
     { name = "tiktoken", marker = "sys_platform == 'darwin' or sys_platform == 'linux' or sys_platform == 'win32'" },
     { name = "tokenizers", marker = "sys_platform == 'darwin' or sys_platform == 'linux' or sys_platform == 'win32'" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/34/bd/6251e9a965ae2d7bc3342ae6c1a2d25dd265d354c502e63225451b135016/litellm-1.82.1.tar.gz", hash = "sha256:bc8427cdccc99e191e08e36fcd631c93b27328d1af789839eb3ac01a7d281890", size = 17197496, upload-time = "2026-03-10T09:10:04.438Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/57/77/0c6eca2cb049793ddf8ce9cdcd5123a35666c4962514788c4fc90edf1d3b/litellm-1.82.1-py3-none-any.whl", hash = "sha256:a9ec3fe42eccb1611883caaf8b1bf33c9f4e12163f94c7d1004095b14c379eb2", size = 15341896, upload-time = "2026-03-10T09:10:00.702Z" },
+    { url = "https://files.pythonhosted.org/packages/57/77/0c6eca2cb049793ddf8ce9cdcd5123a35666c4962514788c4fc90edf1d3b/litellm-1.82.1-py3-none-any.whl", hash = "sha256:a9ec3fe42eccb1611883caaf8b1bf33c9f4e12163f94c7d1004095b14c379eb2" },
 ]
 
 [package.optional-dependencies]
@@ -3151,6 +3151,62 @@ proxy = [
     { name = "websockets", marker = "sys_platform == 'darwin' or sys_platform == 'linux' or sys_platform == 'win32'" },
 ]
 
+[package.metadata]
+requires-dist = [
+    { name = "a2a-sdk", marker = "python_full_version >= '3.10' and extra == 'extra-proxy'", specifier = ">=0.3.22,<0.4.0" },
+    { name = "aiohttp", specifier = ">=3.10" },
+    { name = "apscheduler", marker = "extra == 'proxy'", specifier = ">=3.10.4,<4.0.0" },
+    { name = "azure-identity", marker = "(python_full_version >= '3.9' and extra == 'extra-proxy') or (python_full_version >= '3.9' and extra == 'proxy')", specifier = ">=1.15.0,<2.0.0" },
+    { name = "azure-keyvault-secrets", marker = "extra == 'extra-proxy'", specifier = ">=4.8.0,<5.0.0" },
+    { name = "azure-storage-blob", marker = "extra == 'proxy'", specifier = ">=12.25.1,<13.0.0" },
+    { name = "backoff", marker = "extra == 'proxy'" },
+    { name = "boto3", marker = "extra == 'proxy'", specifier = ">=1.40.76,<2.0.0" },
+    { name = "click" },
+    { name = "cryptography", marker = "extra == 'proxy'" },
+    { name = "diskcache", marker = "extra == 'caching'", specifier = ">=5.6.1,<6.0.0" },
+    { name = "fastapi", marker = "extra == 'proxy'", specifier = ">=0.120.1" },
+    { name = "fastapi-sso", marker = "extra == 'proxy'", specifier = ">=0.16.0,<0.17.0" },
+    { name = "fastuuid", specifier = ">=0.13.0" },
+    { name = "google-cloud-aiplatform", marker = "extra == 'google'", specifier = ">=1.38.0" },
+    { name = "google-cloud-iam", marker = "extra == 'extra-proxy'", specifier = ">=2.19.1,<3.0.0" },
+    { name = "google-cloud-kms", marker = "extra == 'extra-proxy'", specifier = ">=2.21.3,<3.0.0" },
+    { name = "grpcio", marker = "python_full_version >= '3.14' and extra == 'grpc'", specifier = ">=1.75.0" },
+    { name = "grpcio", marker = "python_full_version < '3.14' and extra == 'grpc'", specifier = ">=1.62.3,!=1.68.*,!=1.69.*,!=1.70.*,!=1.71.0,!=1.71.1,!=1.72.0,!=1.72.1,!=1.73.0" },
+    { name = "gunicorn", marker = "extra == 'proxy'", specifier = ">=23.0.0,<24.0.0" },
+    { name = "httpx", specifier = ">=0.23.0" },
+    { name = "importlib-metadata", specifier = ">=6.8.0" },
+    { name = "jinja2", specifier = ">=3.1.2,<4.0.0" },
+    { name = "jsonschema", specifier = ">=4.23.0,<5.0.0" },
+    { name = "litellm-enterprise", marker = "extra == 'proxy'", specifier = ">=0.1.33,<0.2.0" },
+    { name = "litellm-proxy-extras", marker = "extra == 'proxy'", specifier = ">=0.4.53,<0.5.0" },
+    { name = "mcp", marker = "python_full_version >= '3.10' and extra == 'proxy'", specifier = ">=1.25.0,<2.0.0" },
+    { name = "mlflow", marker = "python_full_version >= '3.10' and extra == 'mlflow'", specifier = ">3.1.4" },
+    { name = "numpydoc", marker = "extra == 'utils'" },
+    { name = "openai", specifier = ">=2.8.0" },
+    { name = "orjson", marker = "extra == 'proxy'", specifier = ">=3.9.7,<4.0.0" },
+    { name = "polars", marker = "python_full_version >= '3.10' and extra == 'proxy'", specifier = ">=1.31.0,<2.0.0" },
+    { name = "prisma", marker = "extra == 'extra-proxy'", specifier = ">=0.11.0,<0.12.0" },
+    { name = "pydantic", specifier = ">=2.5.0,<3.0.0" },
+    { name = "pyjwt", marker = "python_full_version >= '3.9' and extra == 'proxy'", specifier = ">=2.10.1,<3.0.0" },
+    { name = "pynacl", marker = "extra == 'proxy'", specifier = ">=1.5.0,<2.0.0" },
+    { name = "pyroscope-io", marker = "sys_platform != 'win32' and extra == 'proxy'", specifier = ">=0.8,<0.9" },
+    { name = "python-dotenv", specifier = ">=0.2.0" },
+    { name = "python-multipart", marker = "extra == 'proxy'", specifier = ">=0.0.20" },
+    { name = "pyyaml", marker = "extra == 'proxy'", specifier = ">=6.0.1,<7.0.0" },
+    { name = "redisvl", marker = "python_full_version >= '3.9' and python_full_version < '3.14' and extra == 'extra-proxy'", specifier = ">=0.4.1,<0.5.0" },
+    { name = "resend", marker = "extra == 'extra-proxy'", specifier = ">=0.8.0" },
+    { name = "rich", marker = "extra == 'proxy'", specifier = ">=13.7.1,<14.0.0" },
+    { name = "rq", marker = "extra == 'proxy'" },
+    { name = "semantic-router", marker = "python_full_version >= '3.9' and python_full_version < '3.14' and extra == 'semantic-router'", specifier = ">=0.1.12" },
+    { name = "soundfile", marker = "extra == 'proxy'", specifier = ">=0.12.1,<0.13.0" },
+    { name = "tiktoken", specifier = ">=0.7.0" },
+    { name = "tokenizers" },
+    { name = "uvicorn", marker = "extra == 'proxy'", specifier = ">=0.32.1,<1.0.0" },
+    { name = "uvloop", marker = "sys_platform != 'win32' and extra == 'proxy'", specifier = ">=0.21.0,<0.22.0" },
+    { name = "websockets", marker = "extra == 'proxy'", specifier = ">=15.0.1,<16.0.0" },
+]
+provides-extras = ["caching", "extra-proxy", "google", "grpc", "mlflow", "proxy", "semantic-router", "utils"]
+
 [[package]]
 name = "litellm-enterprise"
 version = "0.1.34"

From b1219b88e451fad9cf8ce3d57da85a65c942f62f Mon Sep 17 00:00:00 2001
From: eavanvalkenburg <github@vanvalkenburg.eu>
Date: Tue, 24 Mar 2026 17:30:27 +0100
Subject: [PATCH 2/2] Remove accidental worktree gitlinks

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .worktrees/devui_datastar                 | 1 -
 .worktrees/issue-4675-duplicate-telemetry | 1 -
 .worktrees/issue-4676-a2a-sdk-update      | 1 -
 3 files changed, 3 deletions(-)
 delete mode 160000 .worktrees/devui_datastar
 delete mode 160000 .worktrees/issue-4675-duplicate-telemetry
 delete mode 160000 .worktrees/issue-4676-a2a-sdk-update

diff --git a/.worktrees/devui_datastar b/.worktrees/devui_datastar
deleted file mode 160000
index bf8d9672e1..0000000000
--- a/.worktrees/devui_datastar
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit bf8d9672e147c42696a5a17b0ed37878196b6715
diff --git a/.worktrees/issue-4675-duplicate-telemetry b/.worktrees/issue-4675-duplicate-telemetry
deleted file mode 160000
index 55cc6e85c0..0000000000
--- a/.worktrees/issue-4675-duplicate-telemetry
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 55cc6e85c08db4d7795a48e85261655efd895409
diff --git a/.worktrees/issue-4676-a2a-sdk-update b/.worktrees/issue-4676-a2a-sdk-update
deleted file mode 160000
index c551983295..0000000000
--- a/.worktrees/issue-4676-a2a-sdk-update
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit c5519832953763b847b7cacc515edb78cf50d28d