chore: bump deps + adopt pydantic-ai 1.79 patterns

[LukeMainwaring]

Summary

• Bumps backend + frontend dependencies to latest (pydantic-ai 1.77→1.79, next 16.2.2→16.2.3 with CVE-2026-23869 backport, axios 1.14→1.15 with two security fixes, ~12 other patch/minor bumps).
• Adopts the pydantic-ai 1.79 patterns that fit this codebase — native history_processors= parameter, Hooks capability for tool-failure recovery, and a pydantic_evals scaffold for tool-routing regression tests.
• Adds an optional AGENT_REASONING_EFFORT config knob (default off) wiring OpenAIResponsesModelSettings.openai_reasoning_effort through the agent, ready to experiment behind the new eval suite.

Changes

Dependency bumps (a82dd54)

• Backend: pydantic-ai 1.77→1.79, ruff 0.15.9→0.15.10, plus transitive refreshes (anthropic 0.91→0.93, openai 2.30→2.31, huggingface-hub 1.9→1.10, temporalio 1.24→1.25, etc.)
• Frontend: next 16.2.2→16.2.3, ai 6.0.151→6.0.156, @ai-sdk/react 3.0.153→3.0.158, @tanstack/react-query 5.96→5.97, react/react-dom 19.2.4→19.2.5, axios 1.14→1.15, lucide-react 1.7→1.8, @biomejs/biome 2.4.10→2.4.11, ultracite 7.4.3→7.4.4, plus postcss, @types/node
• docs/pydantic-ai-llms-full.txt refreshed — the upstream restructured from tutorial-first to reference-first, so the file shrank from 168k→74k lines. No APIs deprecated; content moved to the web docs site. See .claude/rules/backend/pydantic-ai.md for details.

Agent pattern adoption (1f06f5b)

• backend/src/cortexdj/agents/brain_agent.py — summarize_tool_results now registered via the native history_processors= Agent parameter instead of wrapped in HistoryProcessor(...) inside capabilities=[]. Matches every example in the updated upstream docs.
• backend/src/cortexdj/agents/hooks.py (new) — build_brain_agent_hooks() returns a Hooks capability with on_tool_execute_error as a safety net for unanticipated tool exceptions (anticipated Spotify/DB errors are still handled inside the tools themselves). The hook returns a structured {"error": "tool_failed", ...} recovery payload so the agent can apologize conversationally instead of crashing the Vercel AI SDK stream mid-response.
• backend/tests/evals/ (new directory):
  • test_prepare_tools.py — 8 deterministic TestModel-backed tests verifying PlaylistCapability.prepare_tools and ClassificationCapability.prepare_tools filter the offered tool set correctly when Spotify / EEG model are missing.
  • test_brain_agent_evals.py — 7 real-model tool-routing cases using pydantic_evals.Dataset/Case/Evaluator, gated behind @pytest.mark.eval.
  • backend/pyproject.toml adds pydantic-evals>=1.79.0 to dev deps, registers the eval marker, and sets addopts = "-m 'not eval'" so real-model tests are excluded from the default pytest run.
• backend/src/cortexdj/core/config.py — adds AGENT_REASONING_EFFORT: Literal["low","medium","high"] | None = None. When set, brain_agent.py threads it through OpenAIResponsesModelSettings(openai_reasoning_effort=...) via the model_settings= parameter. Default None preserves current behavior.
• .claude/rules/backend/pydantic-ai.md (new) — explains the upstream docs reorganization (llms-full.txt is now reference-only, tutorials live at ai.pydantic.dev) so future sessions don't grep for walkthroughs that have been moved out.
• backend/tests/test_brain_agent_hooks.py (new) — 4 unit tests for the recovery payload helper and the _recover_tool_error handler using real ToolCallPart/ToolDefinition instances.

Code review fixes (c3c39a0)

• hooks.py uses the public Hooks[AgentDeps](tool_execute_error=...) constructor form instead of the decorator, removing private-API access from tests.
• Dummy OPENAI_API_KEY moved to session-level backend/tests/conftest.py (eliminates noqa: E402 gymnastics in the evals conftest).
• tests/evals/conftest.py exposes fake_spotify_client() / fake_eeg_model() helpers via MagicMock(spec=...) so test intent is explicit and type-checked.
• test_brain_agent_evals.py — BrainAgentInput now carries with_spotify, so build_relaxation_playlist_needs_confirmation runs with a fake Spotify client and actually tests the confirmation flow instead of passing for the wrong reason (disconnected-refusal).
• brain_agent.py drops the explicit OpenAIResponsesModelSettings | None annotation (mypy infers it).
• DEVELOPMENT.md documents the -m eval two-tier test workflow under the Tests section.

Breaking Changes

None. Existing behavior is preserved across the board:

• history_processors= and HistoryProcessor(...) inside capabilities=[] are both valid; this PR swaps one for the other with no functional change.
• Hooks is additive — on_tool_execute_error only fires on unhandled exceptions; tools that return structured error dicts work unchanged.
• AGENT_REASONING_EFFORT defaults to None → no OpenAIResponsesModelSettings is constructed → agent behaves identically to before the PR unless the env var is explicitly set.
• addopts = "-m 'not eval'" excludes new eval-marked tests from the default pytest invocation; all existing tests still run.

Test Plan

• uv run --directory backend pytest → 57 passed, 1 deselected
• uv run --directory backend pre-commit run --all-files → all hooks pass (ruff, ruff-format, mypy)
• pnpm -C frontend lint → clean
• code-reviewer agent review applied (should-fixes + nice-to-haves)
• Manual smoke: `docker compose up -d` + `pnpm -C frontend dev`, send a 3-turn conversation invoking `analyze_session` + `build_mood_playlist` + `search_tracks` with a large result. Confirm UI streams cleanly and logfire spans show `summarize_tool_results` activity on turn ≥2.
• Manual smoke: force an unhandled exception in a tool (e.g. add a temporary `raise RuntimeError` inside `get_my_playlists`), confirm the agent responds with an apology instead of crashing the stream.
• Optional: `uv run --directory backend pytest -m eval tests/evals/` against real `gpt-5.4-mini` (requires `OPENAI_API_KEY`). Gated out of the default pytest run and CI; run manually or nightly.
• Optional experiment: set `AGENT_REASONING_EFFORT=medium` in `.env`, re-run the eval suite, compare tool-routing pass rate vs. default. Revert if no improvement.

🤖 Generated with Claude Code