Skip to content

fix(deps): require anyio>=4.10 so the daytona SDK imports#826

Open
xdotli wants to merge 2 commits into
release/0.7from
fix/daytona-anyio-import
Open

fix(deps): require anyio>=4.10 so the daytona SDK imports#826
xdotli wants to merge 2 commits into
release/0.7from
fix/daytona-anyio-import

Conversation

@xdotli

@xdotli xdotli commented Jun 24, 2026

Copy link
Copy Markdown
Member

Problem

httpx-ws (a transitive dep of the daytona SDK) needs anyio.AsyncContextManagerMixin, which was added in anyio 4.9. The lock pinned anyio 4.8.0, so on release/0.7:

>>> from daytona import Daytona
AttributeError: module 'anyio' has no attribute 'AsyncContextManagerMixin'

This breaks all live Daytona sandbox use whenever the sandbox-daytona extra is installed — i.e. every Daytona-backed eval on release/0.7.

Fix

  • Bump the floor anyio>=4.0anyio>=4.9.
  • Refresh the lock surgically (uv lock --upgrade-package anyio): anyio 4.8.0 → 4.14.0 (also drops the now-unneeded sniffio sub-dep). No other packages move.

Verification

With sandbox-daytona synced:

  • from daytona import Daytona
  • import benchflow

Notes

  • Diff is minimal: pyproject.toml (specifier) + uv.lock (anyio stanza only).
  • main is affected identically (also locks anyio 4.8.0) and can cherry-pick this commit.
  • Extracted from the unpushed chore/0.7-strip-shapes branch, where this fix was bundled inside a larger OSWorld-evaluator commit; split out here so it can land independently.

httpx-ws (a transitive dep of the daytona SDK) needs
anyio.AsyncContextManagerMixin, added in anyio 4.9. The lock pinned
anyio 4.8.0, so `from daytona import Daytona` raised AttributeError —
breaking all live Daytona sandbox use whenever the sandbox-daytona
extra is installed.

Bump the floor to anyio>=4.9 and refresh the lock (4.8.0 -> 4.14.0).
Surgical change: only the anyio stanza + specifier. Verified
`from daytona import Daytona` and `import benchflow` both succeed with
the sandbox-daytona extra synced.

(main is affected identically and can cherry-pick this.)
@greptile-apps

greptile-apps Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR fixes a hard import failure of the daytona SDK on release/0.7 by tightening the anyio lower-bound from >=4.0 to >=4.10 (the version that introduced AsyncContextManagerMixin, required by the transitive httpx-ws dependency) and refreshing only the anyio entry in the lock file.

  • pyproject.toml: Constraint changed to anyio>=4.10 with an inline comment explaining the httpx-ws/AsyncContextManagerMixin requirement.
  • uv.lock: anyio resolved version moves 4.8.0 → 4.14.0; sniffio is removed as a sub-dependency (anyio 4.14 no longer pulls it in). No other packages are affected.

Note: the PR description still references >=4.9, but the committed code correctly uses >=4.10, consistent with where AsyncContextManagerMixin was actually introduced.

Confidence Score: 5/5

Safe to merge — the change is a minimal, targeted dependency floor bump that directly fixes a hard import failure with no other packages affected.

The fix is surgical: only the anyio specifier and its single lock entry change. The chosen floor (4.10) correctly matches where AsyncContextManagerMixin was introduced, and the resolved version (4.14.0) is well above that floor. No logic code is touched, and the lock diff confirms no transitive packages were moved other than the removal of sniffio, which anyio 4.14 no longer depends on.

No files require special attention.

Important Files Changed

Filename Overview
pyproject.toml Floor constraint tightened from anyio>=4.0 to anyio>=4.10 with an explanatory comment; fixes the un-importable daytona SDK issue.
uv.lock Surgical lock refresh: anyio bumped 4.8.0→4.14.0, sniffio sub-dep removed (no longer required by anyio 4.14), requires-dist specifier updated to >=4.10; no other packages changed.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[benchflow\nsandbox-daytona extra] -->|imports| B[daytona SDK]
    B -->|transitive dep| C[httpx-ws]
    C -->|requires| D[anyio.AsyncContextManagerMixin]
    D -->|introduced in| E[anyio 4.10.0]

    subgraph before["Before (broken)"]
        F["anyio>=4.0\nlock: 4.8.0\n❌ no AsyncContextManagerMixin"]
    end

    subgraph after["After (fixed)"]
        G["anyio>=4.10\nlock: 4.14.0\n✅ AsyncContextManagerMixin present"]
    end

    F -.->|AttributeError on import| B
    G -.->|import succeeds| B
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[benchflow\nsandbox-daytona extra] -->|imports| B[daytona SDK]
    B -->|transitive dep| C[httpx-ws]
    C -->|requires| D[anyio.AsyncContextManagerMixin]
    D -->|introduced in| E[anyio 4.10.0]

    subgraph before["Before (broken)"]
        F["anyio>=4.0\nlock: 4.8.0\n❌ no AsyncContextManagerMixin"]
    end

    subgraph after["After (fixed)"]
        G["anyio>=4.10\nlock: 4.14.0\n✅ AsyncContextManagerMixin present"]
    end

    F -.->|AttributeError on import| B
    G -.->|import succeeds| B
Loading

Reviews (2): Last reviewed commit: "fix(deps): require anyio 4.10 for Dayton..." | Re-trigger Greptile

Comment thread pyproject.toml Outdated
Comment on lines +11 to +13
# httpx-ws (transitive via the daytona SDK) needs anyio>=4.9 for
# AsyncContextManagerMixin; anyio 4.8 makes the daytona SDK un-importable.
"anyio>=4.9",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 AsyncContextManagerMixin was introduced in anyio 4.10.0, not 4.9. The official anyio changelog lists it under the 4.10.0 release. Setting the floor to anyio>=4.9 still allows a resolver to pick anyio==4.9.x, which would reproduce the exact AttributeError: module 'anyio' has no attribute 'AsyncContextManagerMixin' this PR is trying to prevent.

Suggested change
# httpx-ws (transitive via the daytona SDK) needs anyio>=4.9 for
# AsyncContextManagerMixin; anyio 4.8 makes the daytona SDK un-importable.
"anyio>=4.9",
# httpx-ws (transitive via the daytona SDK) needs anyio>=4.10 for
# AsyncContextManagerMixin (added in 4.10.0); anyio 4.8/4.9 makes the
# daytona SDK un-importable.
"anyio>=4.10",

@bingran-you bingran-you added bug Something isn't working P1 Important debt — must fix soon, but does not block the current release. area:sandbox Issue / PR lives primarily in the "sandbox" subsystem. review:pending PR is ready-for-review, no reviewer engagement yet. labels Jun 24, 2026
@bingran-you

Copy link
Copy Markdown
Collaborator

Automation update (2026-06-24): pushed f23ecf2d to address the Greptile dependency-floor finding.

What changed:

  • raised the declared anyio floor from >=4.9 to >=4.10 in pyproject.toml;
  • updated the corresponding uv.lock package metadata specifier;
  • kept the locked runtime at anyio==4.14.0, so the lock remains surgical.

Validation on the updated PR head:

  • uv lock --locked -> passed
  • uv sync --extra dev --extra sandbox-daytona --locked -> passed
  • uv run python -m pytest tests/test_cli_daytona.py -q -> 4 passed
  • uv run ruff check pyproject.toml tests/test_cli_daytona.py src/benchflow/sandbox/daytona.py src/benchflow/cli/main.py -> passed
  • uv run python - <<'PY' ... import anyio; import daytona ... PY -> AsyncContextManagerMixin present and daytona import OK

I also tried a targeted uv run ty check src/benchflow/sandbox/daytona.py src/benchflow/cli/main.py tests/test_cli_daytona.py; it still fails on pre-existing release-branch Daytona typing issues unrelated to this dependency-only diff, so I did not widen this PR.

Labels are now set to bug / P1 / area:sandbox / review:pending. Still needs normal human review/CI before merge.

@bingran-you bingran-you added the status:blocked Waiting on external dependency. Add a comment explaining why. label Jun 24, 2026
@bingran-you

Copy link
Copy Markdown
Collaborator

Additional workflow note: GitHub currently reports no checks on this PR because the branch targets release/0.7, while .github/workflows/test.yml only runs on PRs targeting main. I added status:blocked so this does not look merge-ready until a human decides whether to retarget/recreate this through main or run an equivalent release-line validation path.

@bingran-you bingran-you changed the title fix(deps): require anyio>=4.9 so the daytona SDK imports fix(deps): require anyio>=4.10 so the daytona SDK imports Jun 24, 2026
@bingran-you

Copy link
Copy Markdown
Collaborator

Triage: the greptile P1 (anyio>=4.9 still allows 4.9.x, reproducing the AsyncContextManagerMixin AttributeError) is already resolved on the current headpyproject.toml:13 pins anyio>=4.10 with an explanatory comment, matching the PR title and the anyio 4.10.0 changelog. The finding was against an earlier commit.

Diff vs release/0.7 is the single intended one-line floor bump (anyio>=4.0>=4.10). Content looks merge-ready; no CI checks are reported on this branch (release/0.7 base) — worth confirming the 0.7 line's required checks run before merge. cc @xdotli (release/0.7 owner).

@bingran-you

Copy link
Copy Markdown
Collaborator

Automation user-simulation review (2026-06-26): dependency fix is valid; process gate remains.

I tested the PR in an isolated worktree with a fresh sandbox-daytona sync:

uv sync --project /tmp/benchflow-pr-sims/pr826 --extra sandbox-daytona --extra dev --locked
uv run --project /tmp/benchflow-pr-sims/pr826 python - <<'PY'
import anyio
from daytona import Daytona
import benchflow
print('anyio_mixin', hasattr(anyio, 'AsyncContextManagerMixin'))
print('daytona_import', Daytona.__name__)
print('benchflow_import', benchflow.__version__)
PY
# anyio_mixin True
# daytona_import Daytona
# benchflow_import 0.6.2

A separate subagent also reproduced the dependency-floor behavior: anyio==4.8.0 fails on direct from daytona import Daytona, while anyio==4.10.0 succeeds. The diff is dependency metadata only (pyproject.toml + uv.lock), and I do not see a thermo-nuclear code-quality or CLI/SDK regression blocker.

Remaining gate is procedural: this targets release/0.7, and GitHub is still not reporting the normal PR check suite for that base. Keep status:blocked until the release-line owner either runs/records equivalent validation or retargets/recreates the fix through the checked path.

@bingran-you

Copy link
Copy Markdown
Collaborator

Users Simulation refresh (2026-06-26): dependency fix still validates; process gate remains.

The isolated PR simulation confirmed the intended fix: anyio>=4.10 is sufficient for the Daytona SDK import path, benchflow.sandbox.daytona imports cleanly, build_sync_client(api_key="dummy-key") constructs without creating a sandbox, and the CLI help paths still load.

Checks recorded:

uv sync --locked --extra dev --extra sandbox-daytona
uv run python -c 'from importlib import metadata; import anyio; print(metadata.version("anyio"), hasattr(anyio, "AsyncContextManagerMixin"))'
uv run python -c 'import benchflow.sandbox.daytona as d; print(hasattr(d, "build_sync_client"))'
uv run benchflow --help
uv run benchflow sandbox --help
uv run benchflow eval --help
uv run python -m pytest tests/test_base_install_imports.py tests/test_cli_daytona.py tests/test_cli_misc.py tests/test_env_setup.py -k 'daytona_module_imports_without_tenacity or daytona_without_sdk_fails_fast_with_install_hint or environment_list_uses_daytona_import_compat or test_benchflow_version_flag or test_benchflow_run_command_is_removed'

No thermo-nuclear code-quality blocker found in the two-file dependency diff. I left status:blocked in place because this PR targets release/0.7 and GitHub still reports no normal checks for that base; that is a release-line process gate, not a simulation failure in the dependency fix.

@bingran-you

Copy link
Copy Markdown
Collaborator

Users Simulation automation review (2026-06-27T12:21Z): ready for this simulation scope.

The dependency bump fixes the Daytona SDK import path. In a clean PR worktree, anyio exposed AsyncContextManagerMixin, from daytona import Daytona imported cleanly, and BenchFlow CLI smoke paths still worked.

Commands/evidence:

  • uv lock --check
  • uv sync --extra sandbox-daytona --locked
  • Python import smoke for anyio, benchflow, and daytona.Daytona
  • uv run benchflow --help
  • uv run benchflow sandbox list with and without shared Daytona credentials; without creds it exited through the guarded auth path, with creds it reached the live API and listed sandboxes.
  • uv run benchflow tasks init ..., uv run benchflow tasks check ..., uv run benchflow hub check --level inventory --tasks-per-dataset 1 --limit 1
  • uv run pytest tests/test_cli_daytona.py -q
  • uv run ruff check src/benchflow/cli/main.py src/benchflow/sandbox/daytona.py

Residual risk: I did not run a live Daytona create/exec or model-backed rollout; this validates the import/auth/listing regression surface rather than full sandbox lifecycle.

@bingran-you bingran-you added status:ready Triaged, unassigned, available to claim. and removed status:blocked Waiting on external dependency. Add a comment explaining why. labels Jun 27, 2026
@bingran-you

Copy link
Copy Markdown
Collaborator

Automation re-verification (2026-06-29): still ready, merge gate is human review.

Re-checked current head against base release/0.7: mergeable=MERGEABLE / mergeStateStatus=CLEAN. The P1 anyio>=4.9 floor fix that unblocks the Daytona SDK import is unchanged and still validates. No regression since 2026-06-27. Note: main is affected identically and can cherry-pick this commit. Holding on merge per the standing process gate — awaiting human approval.

@bingran-you

Copy link
Copy Markdown
Collaborator

Automation review (2026-06-30, follow-up): two merge-gate gaps surfaced.

  1. No CI signal on this PR. gh pr checks 826 reports no checks reported on fix/daytona-anyio-import. The base is release/0.7, whose workflow set (test.yml, integration-eval.yml) is narrower than main's, and nothing has executed against this head. The repo's "CI 全绿" merge gate cannot be evaluated until checks run — recommend rebasing on latest release/0.7 (or pushing a no-op commit) to trigger them before merge.

  2. The fix does not reach main. main's pyproject.toml still pins anyio>=4.0 (resolving anyio==4.8.0 in uv.lock), while this PR bumps to >=4.10 only on release/0.7. If the daytona SDK import requires anyio>=4.10 (per this PR's rationale), main-based environments are still exposed. Decision needed: should the same bump land on main as well, or is release/0.7 the only line that ships the daytona SDK?

Diff itself is correct and minimal (constraint + lockfile only). Blocking items are CI execution + the main-line decision above, not the change.

@bingran-you bingran-you added status:blocked Waiting on external dependency. Add a comment explaining why. and removed status:ready Triaged, unassigned, available to claim. labels Jun 30, 2026
@bingran-you

Copy link
Copy Markdown
Collaborator

Users Simulation review (2026-07-03): ready.

No blockers found. The dependency-floor change is narrow and the Daytona import path works in a clean PR worktree:

  • uv sync --extra dev --extra sandbox-daytona --locked -> resolved cleanly
  • anyio resolved to 4.14.0
  • import daytona succeeded (daytona==0.184.0)
  • uv run bench --help and uv run bench sandbox --help -> passed
  • Focused Daytona/base-install tests passed in subagent validation (tests/test_cli_daytona.py tests/test_base_install_imports.py -> 8 passed)

No trajectories were generated because this PR only changes dependency resolution/importability.

@bingran-you bingran-you removed the status:blocked Waiting on external dependency. Add a comment explaining why. label Jul 3, 2026
@bingran-you

Copy link
Copy Markdown
Collaborator

Automation label hygiene (2026-07-04): the dependency-floor diff still validates and remains narrow, but this PR targets release/0.7 and GitHub still reports no normal check suite on the head. Relabeling from status:ready to status:blocked so the merge gate is explicit: release-line owner needs to run/record equivalent CI or retarget/recreate through a checked path before merge. Keeping review:pending because the code diff itself is waiting on human release-line review.

@bingran-you bingran-you added the status:blocked Waiting on external dependency. Add a comment explaining why. label Jul 4, 2026
@bingran-you

Copy link
Copy Markdown
Collaborator

Users Simulation automation review (2026-07-04): code-ready by simulation on unchanged head f23ecf2d.

The dependency-floor fix still validates locally:

  • uv sync --extra dev --extra sandbox-daytona --locked resolved with anyio==4.14.0, daytona==0.184.0, and httpx-ws==0.9.0.
  • Direct imports passed: import daytona, import benchflow.sandbox.daytona.
  • benchflow --help loaded.
  • Focused checks passed: tests/test_base_install_imports.py -> 4 passed and tests/test_daytona_command_polling.py -> 1 passed.

This branch still targets release/0.7 and has no status-check rollup, so it remains a release/process review gate rather than a code-behavior blocker. For the automation label split, I’m moving it back to status:ready and keeping review:pending.

@bingran-you bingran-you added status:ready Triaged, unassigned, available to claim. and removed status:blocked Waiting on external dependency. Add a comment explaining why. labels Jul 4, 2026
@bingran-you bingran-you added the status:blocked Waiting on external dependency. Add a comment explaining why. label Jul 5, 2026 — with ChatGPT Codex Connector
@bingran-you bingran-you removed the status:ready Triaged, unassigned, available to claim. label Jul 5, 2026

Copy link
Copy Markdown
Collaborator

Automation status update (2026-07-05): leaving the code diff alone, but moving this from status:ready to status:blocked because it targets release/0.7 and currently has no GitHub check evidence on the head. The patch still looks narrow by inspection (anyio>=4.10 / lock refresh), but it needs release-line validation or a checked main-path decision before it is merge-safe.

@bingran-you

Copy link
Copy Markdown
Collaborator

Users Simulation automation review (2026-07-05): blocked on release-line process, not code behavior on head f23ecf2d474455c732a9f1bdda0cb19b0f62fcea.

The dependency fix itself validates: uv sync --extra dev --extra sandbox-daytona --locked resolved anyio==4.14.0 / daytona==0.184.0, Daytona import smoke passed, shared CLI surfaces passed (bench agent list, bench sandbox list, bench environment list, bench sandbox cleanup --dry-run --max-age 60), and focused Daytona/import tests passed (9 passed). No thermo-nuclear code blocker in the dependency-only diff.

The merge blocker is still external evidence: gh pr checks 826 reports no checks on the release/0.7 head. Keep this blocked until release-line validation is recorded or the fix is rerouted through a checked path.

Labels: status:blocked + review:pending.

@bingran-you

Copy link
Copy Markdown
Collaborator

Users Simulation automation review (2026-07-06): code-ready by simulation on head f23ecf2d, but still blocked as a release-line process gate.

Evidence:

  • Dependency/import validation passed in an isolated worktree: uv sync --extra dev --extra sandbox-daytona --locked resolved anyio==4.14.0 and daytona==0.184.0; import benchflow, _load_daytona_sdk(), and import daytona all passed.
  • CLI/sandbox smoke passed: bench --help, known-good task structural check, and Daytona sandbox object construction on a real example task.
  • Diff remains tight: pyproject.toml and uv.lock only, with no unrelated churn.

No code blocker found in the dependency fix itself. Keep status:blocked because this targets release/0.7 and live GitHub still has no check suite on the head; release-line owner needs equivalent CI/validation evidence or a checked-path retarget before merge.

@bingran-you

Copy link
Copy Markdown
Collaborator

Users Simulation automation review (2026-07-08): code-ready by simulation, still blocked on release-line process on head f23ecf2d474455c732a9f1bdda0cb19b0f62fcea.

Code evidence:

  • uv sync --extra dev --extra sandbox-daytona --locked passed in a fresh release-line checkout, resolving anyio==4.14.0 and daytona==0.184.0.
  • Direct import proof passed: from daytona import Daytona, hasattr(anyio, "AsyncContextManagerMixin"), and BenchFlow Daytona loader smoke all worked.
  • Focused tests passed: tests/test_base_install_imports.py, tests/test_cli_daytona.py, tests/test_daytona_command_polling.py, tests/test_sandbox_protocol.py (37 total focused tests across subagent/local validation).
  • CLI/static gates passed: bench sandbox --help, bench environment --help, ruff check ., ty check src/.

Thermo-nuclear review: no code-quality blocker. The diff is a narrow dependency floor + lockfile refresh.

Merge gate: this PR targets release/0.7 and still has no normal GitHub check rollup on the head, so I am keeping this as a release/process block rather than a code-behavior block. Release-line owner should record equivalent CI/validation evidence or reroute through a checked path before merge.

Labels: kept status:blocked / review:pending.

@bingran-you

Copy link
Copy Markdown
Collaborator

Users Simulation automation review (2026-07-10): code-ready by simulation, still blocked on release-line process on head f23ecf2d474455c732a9f1bdda0cb19b0f62fcea.

Verified today in an isolated worktree:

  • uv lock --check passed.
  • benchflow --help passed.
  • uv run --extra sandbox-daytona python ... successfully imported benchflow.sandbox.daytona._load_daytona_sdk() with daytona 0.184.0 and anyio 4.14.0.
  • Diff remains narrow: pyproject.toml + uv.lock only, lifting the dependency floor to the anyio version that supports the Daytona SDK import path.

Thermo-nuclear code-quality review: no structural concern; this is not a code blocker.

Merge gate remains: this PR targets release/0.7 and GitHub still reports no normal check-suite evidence on the head. Keeping status:blocked under the current automation rule because the PR is not ready to merge until release-line validation is recorded or the PR is retargeted/recreated through a checked path.

@bingran-you

Copy link
Copy Markdown
Collaborator

Users Simulation automation review (2026-07-11): code-ready by simulation, still blocked on release-line process on head f23ecf2d474455c732a9f1bdda0cb19b0f62fcea.

Evidence:

  • Diff vs release/0.7 remains surgical: pyproject.toml + uv.lock only, raising anyio from >=4.0 to >=4.10 and resolving the lock to anyio==4.14.0 with daytona==0.184.0.
  • Local validation passed: uv sync --extra dev --extra sandbox-daytona --locked, uv lock --check, bench --help, Daytona/anyio import smoke, focused Daytona/sandbox tests (236 passed), focused ruff, and ty check src.
  • Subagent import smoke also confirmed anyio 4.14.0 exposes AsyncContextManagerMixin, daytona 0.184.0 imports, from daytona import Daytona works, and benchflow.sandbox.daytona._load_daytona_sdk() populates the SDK references.

Thermo review: no code-quality blocker. No control-flow change, no abstraction churn, no branch/spaghetti growth, and no file-size regression.

Merge gate remains external: this PR targets release/0.7, GitHub still has an empty status-check rollup, and gh pr checks 826 reports no checks on fix/daytona-anyio-import. Keep status:blocked until the release-line owner records equivalent validation or reroutes the fix through a checked path.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:sandbox Issue / PR lives primarily in the "sandbox" subsystem. bug Something isn't working P1 Important debt — must fix soon, but does not block the current release. review:pending PR is ready-for-review, no reviewer engagement yet. status:blocked Waiting on external dependency. Add a comment explaining why.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants