fix: allow Swift providers without Python privacy caps#118
Open
hankbobtheresearchoor wants to merge 1 commit into
Open
fix: allow Swift providers without Python privacy caps#118hankbobtheresearchoor wants to merge 1 commit into
hankbobtheresearchoor wants to merge 1 commit into
Conversation
Swift providers do not embed a Python runtime, so python_runtime_locked and dangerous_modules_blocked are not meaningful privacy capabilities for backend=mlx-swift. Preserve those checks for the legacy inprocess-mlx backend while requiring Swift providers to keep the in-process/no-proxy, anti-debug, core-dump, and env-scrubbed invariants.
|
@hankbobtheresearchoor is attempting to deploy a commit to the EigenLabs Team on Vercel. A member of the Team first needs to authorize it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the Swift provider private-text routability gate uncovered during cross-device E2E profiling against #110.
Swift providers report
backend == "mlx-swift"and correctly set Python-specific privacy capability fields to false because they do not embed a Python runtime:python_runtime_locked=falsedangerous_modules_blocked=falseThe coordinator was still requiring those fields for all private-text backends, which made Swift providers connect, pass runtime manifest verification, pass attestation challenge verification, and appear in
/v1/providers/attestation— but remain absent from/v1/modelsand unroutable.This keeps the Python runtime checks for the legacy
inprocess-mlxbackend and uses the Swift-relevant invariants formlx-swift:Validation
go test ./internal/registry -run 'SwiftProvider|LegacyMLXProviderRequiresPythonPrivacyCaps|ProviderWithoutManifestCheck|ProviderPartialPrivacyCaps' -vgo test ./internal/registry ./internal/api -vgit diff --checkContext
This is targeted at PR #110 (
swift-provider). The issue reproduced on the two-machine rig with the Swift provider on the Mac Mini:/healthshowed a connected provider and attestation/runtime verification passed, but/v1/modelswas empty until the coordinator privacy gate became backend-aware.