v0.3.1 — litellm moved to optional extra

What changed

litellm was declared as a core dependency, but it's used in only one place (ContractedLLM in integrations/litellm_wrapper.py) and is structurally a peer of the langchain, langgraph, google-adk, and claude-agent-sdk integrations — which are all already optional. Treating it as required pulled in ~70 hard-pinned transitive dependencies (including aiohttp==3.13.3 with several active CVEs) for every install, even when users were integrating with a different framework entirely.

Install

• Bare install: pip install ai-agent-contracts — now ~90% smaller dependency graph
• With LiteLLM: pip install ai-agent-contracts[litellm]
• With any other integration: pip install ai-agent-contracts[langchain], [langgraph], [google-adk], [claude-agent-sdk]

Migration

If you were installing ai-agent-contracts (no extras) and using ContractedLLM or ContractExecutor, switch to pip install ai-agent-contracts[litellm]. Importing ContractedLLM when litellm is not installed now yields None at import time rather than a hard ImportError, matching the behavior of the other optional integrations. A new LITELLM_AVAILABLE flag is exported for runtime capability checks.

CI

The security job now scans the base install surface only. Optional integration extras can pull in pinned graphs outside our control; users who opt into them accept the associated risk. The base scan guarantees the default install is audited on every push.

All 711 tests pass; ruff, format, and strict mypy clean.

See CHANGELOG.md for details.