From ba0a65861177e590ee776d47d008e23785b40478 Mon Sep 17 00:00:00 2001
From: Mondo Diaz <armando.m.diaz@boeing.com>
Date: Mon, 2 Feb 2026 16:26:18 -0600
Subject: [PATCH] Fix dependency graph error for invalid version constraints

When a dependency has an invalid version constraint like '>=' (without
a version number), the resolver now treats it as a wildcard and returns
the latest available version instead of failing with 'Dependency not found'.

This handles malformed metadata that may have been stored from PyPI packages.
---
 backend/app/dependencies.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/backend/app/dependencies.py b/backend/app/dependencies.py
index 24569fe..c696b97 100644
--- a/backend/app/dependencies.py
+++ b/backend/app/dependencies.py
@@ -358,7 +358,15 @@ def _resolve_version_constraint(
     try:
         specifier = SpecifierSet(constraint)
     except InvalidSpecifier:
-        # Invalid constraint, try as exact version
+        # Invalid constraint (e.g., ">=" without version) - treat as wildcard
+        # This can happen with malformed metadata from PyPI packages
+        latest = db.query(PackageVersion).filter(
+            PackageVersion.package_id == package.id,
+        ).order_by(PackageVersion.created_at.desc()).first()
+        if latest:
+            artifact = db.query(Artifact).filter(Artifact.id == latest.artifact_id).first()
+            if artifact:
+                return (artifact.id, latest.version, artifact.size)
         return None
 
     # Get all versions for this package