security: extend cooldown exempt list with prime-pydantic-config

[burnpiro]

What

Reformats the existing exclude-newer-package inline table into a section and adds prime-pydantic-config (the only first-party PI package in renderers' uv tree closure besides renderers itself).

[tool.uv.exclude-newer-package]
fastokens             = false  # (existing — fastokens 0.2.0 carve-out)
prime-pydantic-config = false  # ← new

Why

Part 1 of a 3-phase supply-chain hardening rolling out across PrimeIntellect repos. renderers already had the cooldown — this PR just completes the canonical first-party exempt set for packages this project actually depends on.

Notes

• Lock not regenerated due to a pre-existing hatch-vcs issue with the local checkout's tag state (0.1.8.dev37 can't be bumped). The pyproject change is correct and will apply on the next successful uv lock after the tag situation is sorted.
• Trimmed: only packages in renderers' actual closure are listed.

🤖 Generated with Claude Code

---

Note

Medium Risk
Narrows the 7-day supply-chain cooldown for a runtime dependency (prime-pydantic-config); intentional first-party carve-out but weakens the gate for that package.

Overview
Tightens uv supply-chain policy in pyproject.toml by pinning required-version = ">=0.11.1" so the "7 days" exclude-newer cooldown is parsed correctly (older uv can skip the policy silently).

The inline exclude-newer-package map is moved to a dedicated [tool.uv.exclude-newer-package] section. prime-pydantic-config = false is added next to the existing fastokens exemption so first-party PI packages in this repo’s dependency tree can resolve without the 7-day gate; comments document why each package is exempt.

^{Reviewed by Cursor Bugbot for commit 9f3b24c. Bugbot is set up for automated code reviews on this repo. Configure here.}

Note

Exempt prime-pydantic-config from the 7-day uv dependency cooldown

Adds prime-pydantic-config to the tool.uv.exclude-newer-package exemptions in pyproject.toml, alongside the existing exemption. Also sets a minimum uv version requirement of >=0.11.1 to support the per-package exemption syntax.

^{Macroscope summarized 9f3b24c.}

[macroscopeapp]

Approvability

Verdict: Approved

This PR modifies build tooling configuration (uv package manager settings) to add a first-party package to the dependency cooldown exempt list and enforce a minimum uv version for correct parsing. No runtime code is affected - changes only impact dependency resolution during builds.

^{You can customize Macroscope's approvability policy. Learn more.}