Python: Improve dependency recipe lock file handling and version normalization (#6752)

* Normalize bare version constraints in Python dependency recipes

Bare version strings like `2.28.0` passed to `AddDependency`,
`UpgradeDependencyVersion`, `UpgradeTransitiveDependencyVersion`, and
`ChangeDependency` were concatenated directly with the package name,
producing invalid PEP 508 specs such as `requests2.28.0`. A shared
`PyProjectHelper.normalizeVersionConstraint()` now prefixes `>=` when
no comparison operator is present.

Also parse `uv.lock` in `PythonRewriteRpc.parseProject()` via the
standard `TomlParser` so that lock files are included in the source set
and can be updated by dependency-management recipes.

* Fix handle_parse_project not passing relativeTo to parse_python_file

The Python RPC server's handle_parse_project extracted relative_to from
the request but never forwarded it, producing absolute source paths.
Now defaults to project_path (matching the JS implementation) and passes
it through so source paths are relative.

Also strengthened ParseProjectIntegTest to assert full relative paths.

* Seed existing uv.lock during lock regeneration for minimal updates

When regenerating uv.lock after dependency changes, seed the temp
directory with the existing lock file so `uv lock` performs a minimal
update rather than re-resolving every dependency from scratch.

Also extend TomlParser to accept uv.lock files, allowing the scanner
phase of dependency recipes to capture existing lock contents.

* Share lock file state across recipes via ExecutionContextView

Move lock file maps (updatedLockFiles, existingLockContents) from
per-recipe accumulators into a shared PythonDependencyExecutionContextView.
This allows sequential recipes in a CompositeRecipe to correctly build on
each other's lock regeneration results.

Also extract maybeUpdateUvLock helper in PyProjectHelper that handles
idempotent uv.lock updates with content normalization for round-trip
stability across recipe cycles.

Author: knutwannheden

rewrite-python/rewrite/src/rewrite/rpc/server.py

@@ -350,7 +350,7 @@ def handle_parse_project(params: dict) -> List[dict]:
 
     project_path = params.get('projectPath', '.')
     exclusions = params.get('exclusions', ['__pycache__', '.venv', 'venv', '.git', '.tox', '*.egg-info'])
-    relative_to = params.get('relativeTo')
+    relative_to = params.get('relativeTo') or project_path
 
     results = []
 
@@ -362,7 +362,7 @@ def handle_parse_project(params: dict) -> List[dict]:
             if file.endswith('.py'):
                 path = os.path.join(root, file)
                 try:
-                    result = parse_python_file(path)
+                    result = parse_python_file(path, relative_to)
                     results.append(result)
                 except Exception as e:
                     logger.error(f"Error parsing {path}: {e}")

rewrite-python/src/integTest/java/org/openrewrite/python/ParseProjectIntegTest.java

@@ -112,6 +112,10 @@ void parsesNestedDirectories() throws IOException {
                 .collect(Collectors.toList());
 
         assertThat(sources).hasSize(2);
+        // Source paths must be relative to the project directory
+        assertThat(sources)
+                .extracting(sf -> sf.getSourcePath().toString())
+                .containsExactlyInAnyOrder("top.py", "subpackage/nested.py");
     }
 
     @Test

rewrite-python/src/main/java/org/openrewrite/python/AddDependency.java

@@ -21,6 +21,7 @@
 import org.openrewrite.*;
 import org.openrewrite.marker.Markers;
 import org.openrewrite.python.internal.PyProjectHelper;
+import org.openrewrite.python.internal.PythonDependencyExecutionContextView;
 import org.openrewrite.python.marker.PythonResolutionResult;
 import org.openrewrite.toml.TomlIsoVisitor;
 import org.openrewrite.toml.tree.Space;
@@ -95,7 +96,6 @@ public String getDescription() {
 
     static class Accumulator {
         final Set<String> projectsToUpdate = new HashSet<>();
-        final Map<String, String> updatedLockFiles = new HashMap<>();
     }
 
     @Override
@@ -108,7 +108,16 @@ public TreeVisitor<?, ExecutionContext> getScanner(Accumulator acc) {
         return new TomlIsoVisitor<ExecutionContext>() {
             @Override
             public Toml.Document visitDocument(Toml.Document document, ExecutionContext ctx) {
-                if (!document.getSourcePath().toString().endsWith("pyproject.toml")) {
+                String sourcePath = document.getSourcePath().toString();
+
+                if (sourcePath.endsWith("uv.lock")) {
+                    PythonDependencyExecutionContextView.view(ctx).getExistingLockContents().put(
+                            PyProjectHelper.correspondingPyprojectPath(sourcePath),
+                            document.printAll());
+                    return document;
+                }
+
+                if (!sourcePath.endsWith("pyproject.toml")) {
                     return document;
                 }
                 Optional<PythonResolutionResult> resolution = document.getMarkers()
@@ -124,7 +133,7 @@ public Toml.Document visitDocument(Toml.Document document, ExecutionContext ctx)
                     return document;
                 }
 
-                acc.projectsToUpdate.add(document.getSourcePath().toString());
+                acc.projectsToUpdate.add(sourcePath);
                 return document;
             }
         };
@@ -142,10 +151,9 @@ public Toml.Document visitDocument(Toml.Document document, ExecutionContext ctx)
                 }
 
                 if (sourcePath.endsWith("uv.lock")) {
-                    String pyprojectPath = PyProjectHelper.correspondingPyprojectPath(sourcePath);
-                    String newContent = acc.updatedLockFiles.get(pyprojectPath);
-                    if (newContent != null) {
-                        return PyProjectHelper.reparseToml(document, newContent);
+                    Toml.Document updatedLock = PyProjectHelper.maybeUpdateUvLock(document, ctx);
+                    if (updatedLock != null) {
+                        return updatedLock;
                     }
                 }
 
@@ -155,7 +163,7 @@ public Toml.Document visitDocument(Toml.Document document, ExecutionContext ctx)
     }
 
     private Toml.Document addDependencyToPyproject(Toml.Document document, ExecutionContext ctx, Accumulator acc) {
-        String pep508 = version != null ? packageName + version : packageName;
+        String pep508 = version != null ? packageName + PyProjectHelper.normalizeVersionConstraint(version) : packageName;
 
         Toml.Document updated = (Toml.Document) new TomlIsoVisitor<ExecutionContext>() {
             @Override
@@ -228,7 +236,7 @@ public Toml.Array visitArray(Toml.Array array, ExecutionContext ctx) {
         }.visitNonNull(document, ctx);
 
         if (updated != document) {
-            updated = PyProjectHelper.regenerateLockAndRefreshMarker(updated, acc.updatedLockFiles);
+            updated = PyProjectHelper.regenerateLockAndRefreshMarker(updated, ctx);
         }
 
         return updated;

rewrite-python/src/main/java/org/openrewrite/python/ChangeDependency.java

@@ -23,6 +23,7 @@
 import org.openrewrite.ScanningRecipe;
 import org.openrewrite.TreeVisitor;
 import org.openrewrite.python.internal.PyProjectHelper;
+import org.openrewrite.python.internal.PythonDependencyExecutionContextView;
 import org.openrewrite.python.marker.PythonResolutionResult;
 import org.openrewrite.toml.TomlIsoVisitor;
 import org.openrewrite.toml.tree.Toml;
@@ -74,7 +75,6 @@ public String getDescription() {
 
     static class Accumulator {
         final Set<String> projectsToUpdate = new HashSet<>();
-        final Map<String, String> updatedLockFiles = new HashMap<>();
     }
 
     @Override
@@ -87,7 +87,16 @@ public TreeVisitor<?, ExecutionContext> getScanner(Accumulator acc) {
         return new TomlIsoVisitor<ExecutionContext>() {
             @Override
             public Toml.Document visitDocument(Toml.Document document, ExecutionContext ctx) {
-                if (!document.getSourcePath().toString().endsWith("pyproject.toml")) {
+                String sourcePath = document.getSourcePath().toString();
+
+                if (sourcePath.endsWith("uv.lock")) {
+                    PythonDependencyExecutionContextView.view(ctx).getExistingLockContents().put(
+                            PyProjectHelper.correspondingPyprojectPath(sourcePath),
+                            document.printAll());
+                    return document;
+                }
+
+                if (!sourcePath.endsWith("pyproject.toml")) {
                     return document;
                 }
                 Optional<PythonResolutionResult> resolution = document.getMarkers()
@@ -98,7 +107,7 @@ public Toml.Document visitDocument(Toml.Document document, ExecutionContext ctx)
 
                 PythonResolutionResult marker = resolution.get();
                 if (marker.findDependencyInAnyScope(oldPackageName) != null) {
-                    acc.projectsToUpdate.add(document.getSourcePath().toString());
+                    acc.projectsToUpdate.add(sourcePath);
                 }
                 return document;
             }
@@ -117,10 +126,9 @@ public Toml.Document visitDocument(Toml.Document document, ExecutionContext ctx)
                 }
 
                 if (sourcePath.endsWith("uv.lock")) {
-                    String pyprojectPath = PyProjectHelper.correspondingPyprojectPath(sourcePath);
-                    String newContent = acc.updatedLockFiles.get(pyprojectPath);
-                    if (newContent != null) {
-                        return PyProjectHelper.reparseToml(document, newContent);
+                    Toml.Document updatedLock = PyProjectHelper.maybeUpdateUvLock(document, ctx);
+                    if (updatedLock != null) {
+                        return updatedLock;
                     }
                 }
 
@@ -160,7 +168,7 @@ public Toml.Literal visitLiteral(Toml.Literal literal, ExecutionContext ctx) {
                     sb.append('[').append(extras).append(']');
                 }
                 if (newVersion != null) {
-                    sb.append(newVersion);
+                    sb.append(PyProjectHelper.normalizeVersionConstraint(newVersion));
                 } else {
                     // Preserve the original version constraint
                     String originalVersion = extractVersionConstraint(spec, depName);
@@ -178,7 +186,7 @@ public Toml.Literal visitLiteral(Toml.Literal literal, ExecutionContext ctx) {
         }.visitNonNull(document, ctx);
 
         if (updated != document) {
-            updated = PyProjectHelper.regenerateLockAndRefreshMarker(updated, acc.updatedLockFiles);
+            updated = PyProjectHelper.regenerateLockAndRefreshMarker(updated, ctx);
         }
 
         return updated;

rewrite-python/src/main/java/org/openrewrite/python/RemoveDependency.java

@@ -20,6 +20,7 @@
 import org.jspecify.annotations.Nullable;
 import org.openrewrite.*;
 import org.openrewrite.python.internal.PyProjectHelper;
+import org.openrewrite.python.internal.PythonDependencyExecutionContextView;
 import org.openrewrite.python.marker.PythonResolutionResult;
 import org.openrewrite.toml.TomlIsoVisitor;
 import org.openrewrite.toml.tree.Space;
@@ -84,7 +85,6 @@ public String getDescription() {
 
     static class Accumulator {
         final Set<String> projectsToUpdate = new HashSet<>();
-        final Map<String, String> updatedLockFiles = new HashMap<>();
     }
 
     @Override
@@ -97,7 +97,16 @@ public TreeVisitor<?, ExecutionContext> getScanner(Accumulator acc) {
         return new TomlIsoVisitor<ExecutionContext>() {
             @Override
             public Toml.Document visitDocument(Toml.Document document, ExecutionContext ctx) {
-                if (!document.getSourcePath().toString().endsWith("pyproject.toml")) {
+                String sourcePath = document.getSourcePath().toString();
+
+                if (sourcePath.endsWith("uv.lock")) {
+                    PythonDependencyExecutionContextView.view(ctx).getExistingLockContents().put(
+                            PyProjectHelper.correspondingPyprojectPath(sourcePath),
+                            document.printAll());
+                    return document;
+                }
+
+                if (!sourcePath.endsWith("pyproject.toml")) {
                     return document;
                 }
                 Optional<PythonResolutionResult> resolution = document.getMarkers()
@@ -113,7 +122,7 @@ public Toml.Document visitDocument(Toml.Document document, ExecutionContext ctx)
                     return document;
                 }
 
-                acc.projectsToUpdate.add(document.getSourcePath().toString());
+                acc.projectsToUpdate.add(sourcePath);
                 return document;
             }
         };
@@ -131,10 +140,9 @@ public Toml.Document visitDocument(Toml.Document document, ExecutionContext ctx)
                 }
 
                 if (sourcePath.endsWith("uv.lock")) {
-                    String pyprojectPath = PyProjectHelper.correspondingPyprojectPath(sourcePath);
-                    String newContent = acc.updatedLockFiles.get(pyprojectPath);
-                    if (newContent != null) {
-                        return PyProjectHelper.reparseToml(document, newContent);
+                    Toml.Document updatedLock = PyProjectHelper.maybeUpdateUvLock(document, ctx);
+                    if (updatedLock != null) {
+                        return updatedLock;
                     }
                 }
 
@@ -200,7 +208,7 @@ public Toml.Array visitArray(Toml.Array array, ExecutionContext ctx) {
         }.visitNonNull(document, ctx);
 
         if (updated != document) {
-            updated = PyProjectHelper.regenerateLockAndRefreshMarker(updated, acc.updatedLockFiles);
+            updated = PyProjectHelper.regenerateLockAndRefreshMarker(updated, ctx);
         }
 
         return updated;

rewrite-python/src/main/java/org/openrewrite/python/UpgradeDependencyVersion.java

@@ -20,6 +20,7 @@
 import org.jspecify.annotations.Nullable;
 import org.openrewrite.*;
 import org.openrewrite.python.internal.PyProjectHelper;
+import org.openrewrite.python.internal.PythonDependencyExecutionContextView;
 import org.openrewrite.python.marker.PythonResolutionResult;
 import org.openrewrite.toml.TomlIsoVisitor;
 import org.openrewrite.toml.tree.Toml;
@@ -88,7 +89,6 @@ public String getDescription() {
 
     static class Accumulator {
         final Set<String> projectsToUpdate = new HashSet<>();
-        final Map<String, String> updatedLockFiles = new HashMap<>();
     }
 
     @Override
@@ -101,7 +101,16 @@ public TreeVisitor<?, ExecutionContext> getScanner(Accumulator acc) {
         return new TomlIsoVisitor<ExecutionContext>() {
             @Override
             public Toml.Document visitDocument(Toml.Document document, ExecutionContext ctx) {
-                if (!document.getSourcePath().toString().endsWith("pyproject.toml")) {
+                String sourcePath = document.getSourcePath().toString();
+
+                if (sourcePath.endsWith("uv.lock")) {
+                    PythonDependencyExecutionContextView.view(ctx).getExistingLockContents().put(
+                            PyProjectHelper.correspondingPyprojectPath(sourcePath),
+                            document.printAll());
+                    return document;
+                }
+
+                if (!sourcePath.endsWith("pyproject.toml")) {
                     return document;
                 }
                 Optional<PythonResolutionResult> resolution = document.getMarkers()
@@ -120,11 +129,11 @@ public Toml.Document visitDocument(Toml.Document document, ExecutionContext ctx)
                 }
 
                 // Skip if the version constraint already matches
-                if (newVersion.equals(dep.getVersionConstraint())) {
+                if (PyProjectHelper.normalizeVersionConstraint(newVersion).equals(dep.getVersionConstraint())) {
                     return document;
                 }
 
-                acc.projectsToUpdate.add(document.getSourcePath().toString());
+                acc.projectsToUpdate.add(sourcePath);
                 return document;
             }
         };
@@ -142,10 +151,9 @@ public Toml.Document visitDocument(Toml.Document document, ExecutionContext ctx)
                 }
 
                 if (sourcePath.endsWith("uv.lock")) {
-                    String pyprojectPath = PyProjectHelper.correspondingPyprojectPath(sourcePath);
-                    String newContent = acc.updatedLockFiles.get(pyprojectPath);
-                    if (newContent != null) {
-                        return PyProjectHelper.reparseToml(document, newContent);
+                    Toml.Document updatedLock = PyProjectHelper.maybeUpdateUvLock(document, ctx);
+                    if (updatedLock != null) {
+                        return updatedLock;
                     }
                 }
 
@@ -208,7 +216,7 @@ private String buildNewSpec(String oldSpec, String depName) {
                 if (extras != null) {
                     sb.append('[').append(extras).append(']');
                 }
-                sb.append(newVersion);
+                sb.append(PyProjectHelper.normalizeVersionConstraint(newVersion));
                 if (marker != null) {
                     sb.append("; ").append(marker);
                 }
@@ -217,7 +225,7 @@ private String buildNewSpec(String oldSpec, String depName) {
         }.visitNonNull(document, ctx);
 
         if (updated != document) {
-            updated = PyProjectHelper.regenerateLockAndRefreshMarker(updated, acc.updatedLockFiles);
+            updated = PyProjectHelper.regenerateLockAndRefreshMarker(updated, ctx);
         }
 
         return updated;