feat(python): upgrade to Python 3.14

[saidsef]

What this does

Upgrades the project to Python 3.14. The .python-version and Dockerfile already targeted 3.14 — this brings the rest of the project in sync and cleans up patterns that accumulated as the project grew from 3.9 → 3.12 → 3.14.

Dependency changes

• Dropped requests in favour of httpx (which was already the only HTTP client used by fastmcp)
• Replaced mypy with pyright — fastmcp itself ships pyright-compatible stubs, and pyright handles PEP 695 syntax better
• Relaxed exact pins on fastmcp[apps] and uv

Typing

• Optional[X] → X | None, Dict[K, V] → dict[K, V] throughout
• TypedDicts rewritten as PEP 695 functional type aliases (type X = TypedDict(...))

Code cleanup

• IPIntegration.__init__ simplified: 12 lines → 2 using or fallbacks
• IPIntegration.get_ipv6_info now uses a context manager for the httpx client and drops the urllib3 monkey-patch
• _PermissiveGitHubProvider moved to module level (was defined inside get_oauth_verifier())
• Fixed a bug where add_pr_comments called httpx.get with a json= kwarg (should be httpx.post)

What might break

• Projects depending on Python < 3.14 can no longer run this
• Any downstream code that imported from requests directly via this package will break (none in-tree)

---

Bugs fixed during review

Tool registration broken in Python 3.14

The register_tools() method used inspect.ismethod() to detect bound methods, but Python 3.14 changed the behavior — bound methods now return False. This caused all 20 MCP tools to be silently skipped during registration.

Fix: Changed inspect.isfunction(method) or inspect.ismethod(method) → inspect.isroutine(method) which works for both.

ResponseCachingMiddleware causing tools/list to fail

The ResponseCachingMiddleware was added with ttl=0 to disable caching, but FastMCP 3.2.4 rejects ttl=0 as invalid, causing every tools/list request to fail with "TTL is invalid" error.

Fix: Removed the middleware entirely since tool list changes are detectable via the listChanged capability.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics -5 complexity

Metric	Results
Complexity	-5

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 43 package(s) with unknown licenses.
• ⚠️ 2 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

pyproject.toml

Package	Version	License	Issue Type
httpx	>= 0.28.1	Null	Unknown License

requirements.txt

Package	Version	License	Issue Type
authlib	1.7.0	Null	Unknown License
cachetools	7.0.6	Null	Unknown License
click	8.3.3	Null	Unknown License
cryptography	47.0.0	Null	Unknown License
cyclopts	4.11.0	Null	Unknown License
fastmcp	3.2.4	Null	Unknown License
griffelib	2.0.2	Null	Unknown License
idna	3.13	Null	Unknown License
joserfc	1.6.4	Null	Unknown License
opentelemetry-api	1.41.1	Null	Unknown License
packaging	26.2	Null	Unknown License
prefab-ui	0.19.1	Null	Unknown License
pydantic	2.13.3	Null	Unknown License
pytest	9.0.3	Null	Unknown License
ruff	0.15.12	Null	Unknown License
sse-starlette	3.4.1	Null	Unknown License
uv	0.11.7	Null	Unknown License
uvicorn	0.46.0	Null	Unknown License
zipp	3.23.1	Null	Unknown License
certifi	2026.4.22	Null	Unknown License

uv.lock

Package	Version	License	Issue Type
authlib	1.7.0	Null	Unknown License
cachetools	7.0.6	Null	Unknown License
click	8.3.3	Null	Unknown License
cryptography	47.0.0	Null	Unknown License
cyclopts	4.11.0	Null	Unknown License
docstring-parser	0.18.0	Null	Unknown License
fastmcp	3.2.4	Null	Unknown License
griffelib	2.0.2	Null	Unknown License
idna	3.13	Null	Unknown License
joserfc	1.6.4	Null	Unknown License
opentelemetry-api	1.41.1	Null	Unknown License
packaging	26.2	Null	Unknown License
prefab-ui	0.19.1	Null	Unknown License
pydantic	2.13.3	Null	Unknown License
pydantic-settings	2.14.0	Null	Unknown License
pytest	9.0.3	Null	Unknown License
ruff	0.15.12	Null	Unknown License
sse-starlette	3.4.1	Null	Unknown License
uv	0.11.7	Null	Unknown License
uvicorn	0.46.0	Null	Unknown License
zipp	3.23.1	Null	Unknown License
certifi	2026.4.22	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/httpx	>= 0.28.1	Unknown	Unknown
pip/authlib	1.7.0	Unknown	Unknown
pip/cachetools	7.0.6	Unknown	Unknown
pip/certifi	2026.4.22	🟢 6.6	Details Check Score Reason Maintained 🟢 10 10 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 5 Found 1/2 approved changesets -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/click	8.3.3	Unknown	Unknown
pip/cryptography	47.0.0	Unknown	Unknown
pip/cyclopts	4.11.0	Unknown	Unknown
pip/fastmcp	3.2.4	Unknown	Unknown
pip/griffelib	2.0.2	Unknown	Unknown
pip/idna	3.13	Unknown	Unknown
pip/iniconfig	2.3.0	Unknown	Unknown
pip/joserfc	1.6.4	Unknown	Unknown
pip/nodeenv	1.10.0	⚠️ 2.8	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 1 Found 5/30 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/opentelemetry-api	1.41.1	Unknown	Unknown
pip/packaging	26.2	Unknown	Unknown
pip/pluggy	1.6.0	Unknown	Unknown
pip/prefab-ui	0.19.1	Unknown	Unknown
pip/pydantic	2.13.3	Unknown	Unknown
pip/pydantic-core	2.46.3	🟢 6.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pyright	1.1.409	🟢 3.5	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pytest	9.0.3	Unknown	Unknown
pip/ruff	0.15.12	Unknown	Unknown
pip/sse-starlette	3.4.1	Unknown	Unknown
pip/uv	0.11.7	Unknown	Unknown
pip/uvicorn	0.46.0	Unknown	Unknown
pip/zipp	3.23.1	Unknown	Unknown
pip/authlib	1.7.0	Unknown	Unknown
pip/cachetools	7.0.6	Unknown	Unknown
pip/certifi	2026.4.22	🟢 6.6	Details Check Score Reason Maintained 🟢 10 10 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 5 Found 1/2 approved changesets -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/click	8.3.3	Unknown	Unknown
pip/cryptography	47.0.0	Unknown	Unknown
pip/cyclopts	4.11.0	Unknown	Unknown
pip/docstring-parser	0.18.0	Unknown	Unknown
pip/fastmcp	3.2.4	Unknown	Unknown
pip/griffelib	2.0.2	Unknown	Unknown
pip/idna	3.13	Unknown	Unknown
pip/iniconfig	2.3.0	Unknown	Unknown
pip/joserfc	1.6.4	Unknown	Unknown
pip/nodeenv	1.10.0	⚠️ 2.8	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 1 Found 5/30 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/opentelemetry-api	1.41.1	Unknown	Unknown
pip/packaging	26.2	Unknown	Unknown
pip/pluggy	1.6.0	Unknown	Unknown
pip/prefab-ui	0.19.1	Unknown	Unknown
pip/pydantic	2.13.3	Unknown	Unknown
pip/pydantic-core	2.46.3	🟢 6.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pydantic-settings	2.14.0	Unknown	Unknown
pip/pyright	1.1.409	🟢 3.5	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pytest	9.0.3	Unknown	Unknown
pip/ruff	0.15.12	Unknown	Unknown
pip/sse-starlette	3.4.1	Unknown	Unknown
pip/uv	0.11.7	Unknown	Unknown
pip/uvicorn	0.46.0	Unknown	Unknown
pip/zipp	3.23.1	Unknown	Unknown

Scanned Files

• pyproject.toml
• requirements.txt
• uv.lock

The merge-base changed after approval.