chore(wren-core-py): migrate from Poetry to uv

[ttw225]

What

core/wren-core-py is the only Python module still using Poetry; every
other module (core/wren, SDK CI) already uses uv. This migrates it to uv
so the whole repo shares one dependency manager. The build backend stays
maturin — only the dependency manager changes.

Why

Inherited from the wren-engine import: pyproject.toml already had a PEP 621
[project] table, but the legacy [tool.poetry] block was never removed
(stale version mismatch: [project] 0.6.0 vs [tool.poetry] 0.1.0). Poetry
here only managed 3 dev deps (maturin, pytest, ruff) — there's no technical
reason for it. Unifying on uv removes the repeated pipx install poetry steps
in CI and lets contributors build the whole Rust→bindings→CLI chain with just
uv + Rust + just.

Changes

• pyproject.toml — remove [tool.poetry] / [tool.poetry.*]; add
  [dependency-groups] dev with the same pins (maturin==1.9.4,
  pytest==8.4.2, ruff==0.13.1).
• Lockfile — replace poetry.lock with uv.lock.
• justfile & CI — uv sync --no-install-project + uv run --no-sync …
  for maturin/pytest/ruff. This mirrors poetry install --no-root: a plain
  uv sync builds the editable maturin extension during dependency install
  (redundant with the explicit maturin develop/build step), so
  --no-install-project skips that and --no-sync stops uv re-syncing before
  each tool run. CI uses --locked to enforce uv.lock.
• core-py-ci.yml / wren-ci.yml — add astral-sh/setup-uv, drop
  pipx install poetry.
• Docs — README.md, CONTRIBUTING.md, CLAUDE.md; remove the now-dead
  **/poetry.lock glob from .github/labeler.yml.

Notes

• Direct pins (maturin/pytest/ruff) are unchanged. Only pytest's transitive
  test-only deps drift in the new lock (iniconfig, packaging, pygments) —
  harmless for a migration.

Summary by CodeRabbit

Release Notes

• Chores

  • Migrated dependency management from Poetry to uv across development workflows, CI/CD pipelines, and build configurations
  • Updated auto-labeling configuration for dependency tracking

• Documentation

  • Updated development setup instructions and environment configuration guides to reflect new tooling

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• core/wren-core-py/uv.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 5ea54ef2-bf39-4ecf-9f29-f28a90754c87

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

This PR migrates the core/wren-core-py project from Poetry to Astral's uv package manager. The changes span project configuration, local development tooling, CI/CD pipelines, and developer documentation to consistently use uv for dependency management and command execution.

Changes

Poetry to uv Migration

Layer / File(s)	Summary
Dependency Configuration & Local Development core/wren-core-py/pyproject.toml, core/wren-core-py/justfile, core/wren-core-py/README.md	pyproject.toml transitions from Poetry metadata to PEP 621 format with [dependency-groups] for dev tools; justfile replaces poetry run with uv run --no-sync for build, develop, test, and format targets; README.md updates environment setup to install uv directly.
Developer Documentation & Conventions .claude/CLAUDE.md, core/wren-core-py/.claude/CLAUDE.md, CONTRIBUTING.md	Development guides updated to document that both core/wren-core-py and core/wren use uv; just install command references uv sync (deps only; --no-install-project) instead of Poetry.
CI/CD Pipeline Updates .github/workflows/core-py-ci.yml, .github/workflows/wren-ci.yml	core-py-ci.yml adds astral-sh/setup-uv action and replaces poetry install / poetry run with uv sync --locked --no-install-project and uv run --no-sync for maturin/pytest; wren-ci.yml applies the same pattern consistently across test-unit, test-connector, test-ui, and test-memory jobs for wheel builds.
Automated Labeling Rules .github/labeler.yml	Dependency labeler pattern updated to track **/uv.lock instead of **/poetry.lock for automatic dependency change detection.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested labels

core, python, ci, dependencies, documentation

Suggested reviewers

• PaulChen79
• goldmedal
• douenergy

Poem

🐰 From Poetry to uv, the toolchain takes flight,
Dependencies sync in lockstep so tight,
No more pipx whispers or poetry's song,
Just uv run commands all day long!
The wheels still turn, the tests still pass,
A migration as smooth as rabbit grass. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore(wren-core-py): migrate from Poetry to uv' directly and clearly describes the primary change in the PR—migrating the wren-core-py module from Poetry to uv dependency management.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

.github/workflows/core-py-ci.yml (1)

28-29: ⚡ Quick win

Consider pinning the setup-uv action to a commit SHA for supply chain security.

Using astral-sh/setup-uv@v4 references a mutable tag. For stronger supply chain security, consider pinning to a specific commit SHA instead.

🔒 Example: Pin to commit SHA

-      - name: Install uv
-        uses: astral-sh/setup-uv@v4
+      - name: Install uv
+        uses: astral-sh/setup-uv@<commit-sha>  # v4

You can find the commit SHA for v4 at https://github.com/astral-sh/setup-uv/releases

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/core-py-ci.yml around lines 28 - 29, Replace the mutable
tag reference to the GitHub Action usage "astral-sh/setup-uv@v4" with a pinned
commit SHA to improve supply chain security; locate the workflow step that uses
"astral-sh/setup-uv@v4" and change it to the corresponding commit reference
(e.g., "astral-sh/setup-uv@<commit-sha>") for the v4 release you intend to use,
ensuring you copy the exact SHA from the action's release or tag page and update
any workflow documentation/comments accordingly.

Source: Linters/SAST tools

core/wren-core-py/pyproject.toml (1)

27-32: Check the pinned PyPI versions (core/wren-core-py/pyproject.toml:27-32)

• maturin==1.9.4, pytest==8.4.2, and ruff==0.13.1 all exist on PyPI.
• They’re not the latest releases (maturin 1.14.0, pytest 9.0.3, ruff 0.15.17); if the intent is “current,” bump the pins or document why these older versions are intentionally fixed.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@core/wren-core-py/pyproject.toml` around lines 27 - 32, The dev dependency
pins in dependency-groups -> dev (maturin==1.9.4, pytest==8.4.2, ruff==0.13.1)
are older than current PyPI releases; either update the pins to the desired
current versions (e.g., maturin 1.14.0, pytest 9.0.3, ruff 0.15.17) in
pyproject.toml or add a brief comment in the file explaining why these specific
older versions are intentionally fixed (compatibility/CI reproducibility),
referencing the dependency names maturin, pytest and ruff and the
dependency-groups dev section so reviewers can locate the change.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/core-py-ci.yml:
- Around line 28-29: Replace the mutable tag reference to the GitHub Action
usage "astral-sh/setup-uv@v4" with a pinned commit SHA to improve supply chain
security; locate the workflow step that uses "astral-sh/setup-uv@v4" and change
it to the corresponding commit reference (e.g.,
"astral-sh/setup-uv@<commit-sha>") for the v4 release you intend to use,
ensuring you copy the exact SHA from the action's release or tag page and update
any workflow documentation/comments accordingly.

In `@core/wren-core-py/pyproject.toml`:
- Around line 27-32: The dev dependency pins in dependency-groups -> dev
(maturin==1.9.4, pytest==8.4.2, ruff==0.13.1) are older than current PyPI
releases; either update the pins to the desired current versions (e.g., maturin
1.14.0, pytest 9.0.3, ruff 0.15.17) in pyproject.toml or add a brief comment in
the file explaining why these specific older versions are intentionally fixed
(compatibility/CI reproducibility), referencing the dependency names maturin,
pytest and ruff and the dependency-groups dev section so reviewers can locate
the change.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 9504a5eb-95a4-455e-9c01-e899c4d4d9b7

📥 Commits

Reviewing files that changed from the base of the PR and between 6e150e2 and 275a226.

⛔ Files ignored due to path filters (2)

• core/wren-core-py/poetry.lock is excluded by !**/*.lock
• core/wren-core-py/uv.lock is excluded by !**/*.lock

📒 Files selected for processing (9)

• .claude/CLAUDE.md
• .github/labeler.yml
• .github/workflows/core-py-ci.yml
• .github/workflows/wren-ci.yml
• CONTRIBUTING.md
• core/wren-core-py/.claude/CLAUDE.md
• core/wren-core-py/README.md
• core/wren-core-py/justfile
• core/wren-core-py/pyproject.toml

💤 Files with no reviewable changes (1)

• .github/labeler.yml