Complete all deferred hardening items

1. PII in git: Removed 324MB AI/ directory (1012 files of user workout
   data) from git history via git-filter-repo. Added AI/ to .gitignore.

2. Python 3.9 EOL: Upgraded Dockerfile from python:3.9.13 to
   python:3.12-slim. Added build-essential and libpq-dev for C
   extension compilation. Changed netcat to netcat-openbsd (slim compat).

3. Stale dependencies: Updated all packages from 2023 pins to latest
   compatible versions. Django 4.2→5.2 LTS, celery 5.3→5.4+,
   gunicorn 20→23+, redis 4.6→5.0+, DRF 3.14→3.15+, whitenoise 6.4→6.7+,
   debug-toolbar 4.1→4.4+. Switched to >= ranges with upper bounds on
   major versions for celery, kombu, redis, and Django.

4. Retry loop cap: Reduced FINAL_CONFORMANCE_MAX_RETRIES from 4 to 2,
   capping worst-case recursive calls from 15 (3×5) to 9 (3×3).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Dockerfile

@@ -10,13 +10,14 @@ ENV NEXT_PUBLIC_API_URL=
 RUN rm -rf .next && npm run build
 
 # ---- Stage 2: Final image (Python + Node runtime) ----
-FROM python:3.9.13
+FROM python:3.12-slim
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 
 # System deps
 RUN apt-get update && apt-get install -y \
-    swig libssl-dev dpkg-dev netcat ffmpeg \
+    build-essential libpq-dev \
+    swig libssl-dev dpkg-dev netcat-openbsd ffmpeg \
     supervisor curl \
     && rm -rf /var/lib/apt/lists/*
 

generator/services/workout_generator.py

@@ -178,7 +178,7 @@ WORKING_PREFIX = "Working"
 
 # Final pass retries after full assembly (warmup + working + cooldown)
 # to guarantee conformance before returning a workout.
-FINAL_CONFORMANCE_MAX_RETRIES = 4
+FINAL_CONFORMANCE_MAX_RETRIES = 2
 
 
 # ======================================================================

requirements.txt

@@ -1,47 +1,46 @@
-amqp==5.1.1
+amqp>=5.2.0
-asgiref==3.7.2
+asgiref>=3.8.0
-async-timeout==4.0.2
+billiard>=4.2.0
-billiard==4.1.0
+celery>=5.4.0,<6.0
-celery==5.3.1
+click>=8.1.7
-click==8.1.3
+click-didyoumean>=0.3.1
-click-didyoumean==0.3.0
+click-plugins>=1.1.1
-click-plugins==1.1.1
+click-repl>=0.3.0
-click-repl==0.3.0
+defusedxml>=0.7.1
-defusedxml==0.7.1
+diff-match-patch>=20230430
-diff-match-patch==20230430
+Django>=5.2,<6.0
-Django==4.2.2
+django-debug-toolbar>=4.4.0
-django-debug-toolbar==4.1.0
+django-import-export>=4.0
-django-import-export==3.2.0
+django-push-notifications>=3.1.0
-django-push-notifications==3.0.0
+django-redis>=5.4.0
-django-redis==5.3.0
+djangorestframework>=3.15.0
-djangorestframework==3.14.0
+et-xmlfile>=2.0.0
-et-xmlfile==1.1.0
+gevent>=24.2.1
-gevent==22.10.1
+greenlet>=3.0.0
-greenlet==1.1.3.post0
+gunicorn>=23.0.0
-gunicorn==20.1.0
+kombu>=5.4.0,<6.0
-kombu==5.3.1
+MarkupPy>=1.14
-MarkupPy==1.14
+odfpy>=1.4.1
-odfpy==1.4.1
+openpyxl>=3.1.5
-openpyxl==3.1.2
+prompt-toolkit>=3.0.43
-prompt-toolkit==3.0.38
+psycopg2>=2.9.9
-psycopg2==2.9.6
+python-dateutil>=2.9.0
-python-dateutil==2.8.2
+pytz>=2024.1
-pytz==2023.3
+PyYAML>=6.0.1
-PyYAML==6.0
+redis>=5.0.0,<8.0
-redis==4.6.0
+six>=1.16.0
-six==1.16.0
+sqlparse>=0.5.0
-sqlparse==0.4.4
+tablib>=3.6.0
-tablib==3.5.0
+typing_extensions>=4.9.0
-typing_extensions==4.6.3
+tzdata>=2024.1
-tzdata==2023.3
+vine>=5.1.0
-vine==5.0.0
+wcwidth>=0.2.13
-wcwidth==0.2.6
+whitenoise>=6.7.0
-whitenoise==6.4.0
+xlrd>=2.0.1
-xlrd==2.0.1
+xlwt>=1.3.0
-xlwt==1.3.0
+zope.event>=5.0
-zope.event==5.0
+zope.interface>=6.4
-zope.interface==6.0
 python-ffmpeg-video-streaming>=0.1
-numpy>=1.24.0
+numpy>=1.26.0
-scikit-learn>=1.3.0
+scikit-learn>=1.4.0
-django-cors-headers>=4.3.0
+django-cors-headers>=4.4.0