claude
83b6b323c3
Build and Deploy Verso / deploy (push) Successful in 17m0s
Base image: add opencv-python-headless (cv2) and tqdm to the bundled scientific stack, and python3-venv (needed to build per-project venvs). Per-project dependencies: a project's requirements.txt is now installed into a venv cached by its sha256 (python3 -m venv --system-site-packages, so the bundled stack stays visible and only extra packages are installed); QuartoRunner points Quarto at it via QUARTO_PYTHON. A per-hash flock serialises concurrent builds; pip output is merged into output.log; on failure the render falls back to the base interpreter. Venvs live under PYTHON_VENVS_DIR (default /var/lib/overleaf/data/python-venvs). Gating: PythonVenvGate.userCanInstallPython restricts installs to the project owner + invited collaborators (ignorePublicAccess excludes anonymous/link users), threaded to CLSI as allowPythonInstall on the editor compile, presentation export, and publish paths. Behind OVERLEAF_ENABLE_PROJECT_PYTHON_VENV (enabled in the deployment). Design doc updated; Phase 2 (egress policy) and Phase 3 (venv eviction) remain. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>