Skip to content

Update from task dc3a28fd-ec82-4a91-ba68-bd7b992b7fa6#9

Merged
specimba merged 1 commit into
mainfrom
hugging-face-spaces-setup-b7fa6
Jun 15, 2026
Merged

Update from task dc3a28fd-ec82-4a91-ba68-bd7b992b7fa6#9
specimba merged 1 commit into
mainfrom
hugging-face-spaces-setup-b7fa6

Conversation

@specimba

@specimba specimba commented Jun 15, 2026

Copy link
Copy Markdown
Owner

This PR was created by qwen-chat coder for task dc3a28fd-ec82-4a91-ba68-bd7b992b7fa6.

Note

Add NEXUS Visual Weaver image generation app with Modal GPU deployment and CI pipeline

  • Introduces the NEXUS_Visual_Weaver package with modules for prompt scoring/refinement (taste.py), wardrobe outfit graph construction (wardrobe.py), LoRA adapter loading (lora_adapter.py), and a Gradio-based command center UI (app.py)
  • Adds Modal deployment entrypoints: modal_beast_runner.py serves the Gradio app as an ASGI endpoint on an A100-80GB GPU, modal_nexus_refine_v2.py runs FLUX.1-Kontext-dev image refinement, and modal_train_nexus_couture_lora.py provides a LoRA training skeleton
  • Adds a GitHub Actions CI workflow (ci.yml) that installs dependencies, byte-compiles sources, runs an import smoke test, and executes pytest on pushes to main and PRs
  • Vendors large portions of pip internals and third-party packages (rich, requests, resolvelib, distlib, cachecontrol, platformdirs, truststore, idna, msgpack) into env/lib/python3.12/site-packages/
  • Risk: several modules (exporter.py, lora_adapter.py, model_relay.py, render.py, catalog.py) contain syntax errors or reference undefined symbols, causing ImportError or SyntaxError at import time and disabling significant portions of the package

Macroscope summarized 60a01d7.

* **Title:** Initialize NEXUS Visual Weaver Command Center

* **Key features implemented:**
  - Added core application file `app.py` implementing the Gradio-based command center UI with sections for Forge, Wardrobe, Lore, Models, Security, and Runs.
  - Implemented core logic in `src/nexus_visual_weaver/` for catalog, export, grounding, Hugging Face runtime, LoRA adapter, lore, model relay, planning, provider runtime, rendering, schema, security (ST3GG), styles, taste, wardrobe, and workflow management.
  - Added comprehensive test suite in `tests/` covering app callbacks, command center logic, exporter, Hugging Face runtime, LoRA adapter, model relay, and provider runtime functionalities.
  - Included documentation (`AGENTS.md`, `README.md`, `SECURITY.md`, `docs/`) detailing operating rules, setup, security policy, hackathon evaluation, handoffs, release workflow, and submission assets.
  - Configured CI/CD with `.github/workflows/ci.yml` and code review automation via `.coderabbit.yaml`.
  - Added example assets, taste profiles, and ST3GG examples in `assets/`.
  - Set up Modal Forge scripts (`modal_nexus_refine_v2.py`, `modal_train_nexus_couture_lora.py`) for offline processing.
  - Defined pull request template and various configuration files (`.env.example`, `.gitattributes`, `.gitignore`, `LICENSE`, `ops_audit/file_tree.txt`, `pytest.ini`, `requirements.txt`).
@qodo-code-review

Copy link
Copy Markdown

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

@vercel

vercel Bot commented Jun 15, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
nexus-visual-weaver-hr Error Error Jun 15, 2026 8:53pm

Request Review

@coderabbitai

coderabbitai Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Too many files!

This PR contains 289 files, which is 139 over the limit of 150.

To get a review, narrow the scope:
• coderabbit review --type committed # exclude uncommitted changes
• coderabbit review --dir # limit to a subdirectory
• coderabbit review --base # compare against a closer base

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 189ee25f-a8cf-4f43-90aa-fb44349699cb

📥 Commits

Reviewing files that changed from the base of the PR and between 2fb8626 and 60a01d7.

⛔ Files ignored due to path filters (11)
  • NEXUS_Visual_Weaver/assets/readme/blackwell-runtime.png is excluded by !**/*.png
  • NEXUS_Visual_Weaver/assets/readme/governance-workflow.png is excluded by !**/*.png
  • NEXUS_Visual_Weaver/assets/readme/live-command-surface.png is excluded by !**/*.png
  • NEXUS_Visual_Weaver/assets/readme/model-catalog.png is excluded by !**/*.png
  • NEXUS_Visual_Weaver/assets/readme/real-flux-artifact.png is excluded by !**/*.png
  • NEXUS_Visual_Weaver/assets/readme/runtime-telemetry.png is excluded by !**/*.png
  • NEXUS_Visual_Weaver/assets/readme/wardrobe-controls.png is excluded by !**/*.png
  • NEXUS_Visual_Weaver/tests/fixtures/sample.png is excluded by !**/*.png
  • NEXUS_Visual_Weaver/tests/fixtures/st3gg_blocked_trailing.png is excluded by !**/*.png
  • NEXUS_Visual_Weaver/tests/fixtures/st3gg_safe_clean.png is excluded by !**/*.png
  • env/lib/python3.12/site-packages/pip/_vendor/certifi/cacert.pem is excluded by !**/*.pem
📒 Files selected for processing (289)
  • .gitignore
  • =1.12.0
  • =11.1.0
  • =4.57.1
  • NEXUS_Visual_Weaver/.coderabbit.yaml
  • NEXUS_Visual_Weaver/.env.example
  • NEXUS_Visual_Weaver/.gitattributes
  • NEXUS_Visual_Weaver/.github/CODEOWNERS
  • NEXUS_Visual_Weaver/.github/pull_request_template.md
  • NEXUS_Visual_Weaver/.github/workflows/ci.yml
  • NEXUS_Visual_Weaver/.gitignore
  • NEXUS_Visual_Weaver/AGENTS.md
  • NEXUS_Visual_Weaver/LICENSE
  • NEXUS_Visual_Weaver/README.md
  • NEXUS_Visual_Weaver/SECURITY.md
  • NEXUS_Visual_Weaver/app.py
  • NEXUS_Visual_Weaver/assets/st3gg_examples.json
  • NEXUS_Visual_Weaver/assets/taste_profile.json
  • NEXUS_Visual_Weaver/docs/HACKATHON_EVALUATION.md
  • NEXUS_Visual_Weaver/docs/HANDOFF_FINAL_HACKATHON.md
  • NEXUS_Visual_Weaver/docs/HANDOFF_QUOTA_EXHAUST_V4_2.md
  • NEXUS_Visual_Weaver/docs/MODAL_FORGE.md
  • NEXUS_Visual_Weaver/docs/RELEASE_WORKFLOW.md
  • NEXUS_Visual_Weaver/docs/SUBMISSION_ASSETS.md
  • NEXUS_Visual_Weaver/docs/SUBMISSION_AUDIT.md
  • NEXUS_Visual_Weaver/examples/modal_forge_status.json
  • NEXUS_Visual_Weaver/modal_nexus_refine_v2.py
  • NEXUS_Visual_Weaver/modal_train_nexus_couture_lora.py
  • NEXUS_Visual_Weaver/ops_audit/agents.md
  • NEXUS_Visual_Weaver/ops_audit/build_logs.txt
  • NEXUS_Visual_Weaver/ops_audit/file_tree.txt
  • NEXUS_Visual_Weaver/ops_audit/gradio_api_info.json
  • NEXUS_Visual_Weaver/ops_audit/run_logs.txt
  • NEXUS_Visual_Weaver/ops_audit/timestamp_utc.txt
  • NEXUS_Visual_Weaver/pytest.ini
  • NEXUS_Visual_Weaver/requirements.txt
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/__init__.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/catalog.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/exporter.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/grounding.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/hf_runtime.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/lora_adapter.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/lore.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/model_relay.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/planner.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/provider_runtime.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/render.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/schema.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/security.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/styles.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/taste.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/wardrobe.py
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/workflow.py
  • NEXUS_Visual_Weaver/static/operator_embed.html
  • NEXUS_Visual_Weaver/tests/test_app_callbacks.py
  • NEXUS_Visual_Weaver/tests/test_command_center.py
  • NEXUS_Visual_Weaver/tests/test_exporter.py
  • NEXUS_Visual_Weaver/tests/test_hf_runtime.py
  • NEXUS_Visual_Weaver/tests/test_lora_adapter.py
  • NEXUS_Visual_Weaver/tests/test_model_relay.py
  • NEXUS_Visual_Weaver/tests/test_provider_runtime.py
  • env/bin/Activate.ps1
  • env/bin/activate
  • env/bin/activate.csh
  • env/bin/activate.fish
  • env/bin/pip
  • env/bin/pip3
  • env/bin/pip3.12
  • env/bin/python
  • env/bin/python3
  • env/bin/python3.12
  • env/lib/python3.12/site-packages/pip-25.0.1.dist-info/AUTHORS.txt
  • env/lib/python3.12/site-packages/pip-25.0.1.dist-info/INSTALLER
  • env/lib/python3.12/site-packages/pip-25.0.1.dist-info/LICENSE.txt
  • env/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA
  • env/lib/python3.12/site-packages/pip-25.0.1.dist-info/RECORD
  • env/lib/python3.12/site-packages/pip-25.0.1.dist-info/REQUESTED
  • env/lib/python3.12/site-packages/pip-25.0.1.dist-info/WHEEL
  • env/lib/python3.12/site-packages/pip-25.0.1.dist-info/entry_points.txt
  • env/lib/python3.12/site-packages/pip-25.0.1.dist-info/top_level.txt
  • env/lib/python3.12/site-packages/pip/__init__.py
  • env/lib/python3.12/site-packages/pip/__main__.py
  • env/lib/python3.12/site-packages/pip/__pip-runner__.py
  • env/lib/python3.12/site-packages/pip/_internal/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/build_env.py
  • env/lib/python3.12/site-packages/pip/_internal/cache.py
  • env/lib/python3.12/site-packages/pip/_internal/cli/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/cli/autocompletion.py
  • env/lib/python3.12/site-packages/pip/_internal/cli/base_command.py
  • env/lib/python3.12/site-packages/pip/_internal/cli/cmdoptions.py
  • env/lib/python3.12/site-packages/pip/_internal/cli/command_context.py
  • env/lib/python3.12/site-packages/pip/_internal/cli/index_command.py
  • env/lib/python3.12/site-packages/pip/_internal/cli/main.py
  • env/lib/python3.12/site-packages/pip/_internal/cli/main_parser.py
  • env/lib/python3.12/site-packages/pip/_internal/cli/parser.py
  • env/lib/python3.12/site-packages/pip/_internal/cli/progress_bars.py
  • env/lib/python3.12/site-packages/pip/_internal/cli/req_command.py
  • env/lib/python3.12/site-packages/pip/_internal/cli/spinners.py
  • env/lib/python3.12/site-packages/pip/_internal/cli/status_codes.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/cache.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/check.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/completion.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/configuration.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/debug.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/download.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/freeze.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/hash.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/help.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/index.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/inspect.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/install.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/list.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/search.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/show.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/uninstall.py
  • env/lib/python3.12/site-packages/pip/_internal/commands/wheel.py
  • env/lib/python3.12/site-packages/pip/_internal/configuration.py
  • env/lib/python3.12/site-packages/pip/_internal/distributions/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/distributions/base.py
  • env/lib/python3.12/site-packages/pip/_internal/distributions/installed.py
  • env/lib/python3.12/site-packages/pip/_internal/distributions/sdist.py
  • env/lib/python3.12/site-packages/pip/_internal/distributions/wheel.py
  • env/lib/python3.12/site-packages/pip/_internal/exceptions.py
  • env/lib/python3.12/site-packages/pip/_internal/index/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/index/collector.py
  • env/lib/python3.12/site-packages/pip/_internal/index/package_finder.py
  • env/lib/python3.12/site-packages/pip/_internal/index/sources.py
  • env/lib/python3.12/site-packages/pip/_internal/locations/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/locations/_distutils.py
  • env/lib/python3.12/site-packages/pip/_internal/locations/_sysconfig.py
  • env/lib/python3.12/site-packages/pip/_internal/locations/base.py
  • env/lib/python3.12/site-packages/pip/_internal/main.py
  • env/lib/python3.12/site-packages/pip/_internal/metadata/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/metadata/_json.py
  • env/lib/python3.12/site-packages/pip/_internal/metadata/base.py
  • env/lib/python3.12/site-packages/pip/_internal/metadata/importlib/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/metadata/importlib/_compat.py
  • env/lib/python3.12/site-packages/pip/_internal/metadata/importlib/_dists.py
  • env/lib/python3.12/site-packages/pip/_internal/metadata/importlib/_envs.py
  • env/lib/python3.12/site-packages/pip/_internal/metadata/pkg_resources.py
  • env/lib/python3.12/site-packages/pip/_internal/models/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/models/candidate.py
  • env/lib/python3.12/site-packages/pip/_internal/models/direct_url.py
  • env/lib/python3.12/site-packages/pip/_internal/models/format_control.py
  • env/lib/python3.12/site-packages/pip/_internal/models/index.py
  • env/lib/python3.12/site-packages/pip/_internal/models/installation_report.py
  • env/lib/python3.12/site-packages/pip/_internal/models/link.py
  • env/lib/python3.12/site-packages/pip/_internal/models/scheme.py
  • env/lib/python3.12/site-packages/pip/_internal/models/search_scope.py
  • env/lib/python3.12/site-packages/pip/_internal/models/selection_prefs.py
  • env/lib/python3.12/site-packages/pip/_internal/models/target_python.py
  • env/lib/python3.12/site-packages/pip/_internal/models/wheel.py
  • env/lib/python3.12/site-packages/pip/_internal/network/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/network/auth.py
  • env/lib/python3.12/site-packages/pip/_internal/network/cache.py
  • env/lib/python3.12/site-packages/pip/_internal/network/download.py
  • env/lib/python3.12/site-packages/pip/_internal/network/lazy_wheel.py
  • env/lib/python3.12/site-packages/pip/_internal/network/session.py
  • env/lib/python3.12/site-packages/pip/_internal/network/utils.py
  • env/lib/python3.12/site-packages/pip/_internal/network/xmlrpc.py
  • env/lib/python3.12/site-packages/pip/_internal/operations/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/operations/check.py
  • env/lib/python3.12/site-packages/pip/_internal/operations/freeze.py
  • env/lib/python3.12/site-packages/pip/_internal/operations/install/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/operations/install/editable_legacy.py
  • env/lib/python3.12/site-packages/pip/_internal/operations/install/wheel.py
  • env/lib/python3.12/site-packages/pip/_internal/operations/prepare.py
  • env/lib/python3.12/site-packages/pip/_internal/pyproject.py
  • env/lib/python3.12/site-packages/pip/_internal/req/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/req/constructors.py
  • env/lib/python3.12/site-packages/pip/_internal/req/req_file.py
  • env/lib/python3.12/site-packages/pip/_internal/req/req_install.py
  • env/lib/python3.12/site-packages/pip/_internal/req/req_set.py
  • env/lib/python3.12/site-packages/pip/_internal/req/req_uninstall.py
  • env/lib/python3.12/site-packages/pip/_internal/resolution/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/resolution/base.py
  • env/lib/python3.12/site-packages/pip/_internal/resolution/legacy/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/resolution/legacy/resolver.py
  • env/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/base.py
  • env/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/candidates.py
  • env/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/factory.py
  • env/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py
  • env/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/provider.py
  • env/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/reporter.py
  • env/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/requirements.py
  • env/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/resolver.py
  • env/lib/python3.12/site-packages/pip/_internal/self_outdated_check.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/_jaraco_text.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/_log.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/appdirs.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/compat.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/compatibility_tags.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/datetime.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/deprecation.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/direct_url_helpers.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/egg_link.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/entrypoints.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/filesystem.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/filetypes.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/glibc.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/hashes.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/logging.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/misc.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/packaging.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/retry.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/setuptools_build.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/subprocess.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/temp_dir.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/unpacking.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/urls.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/virtualenv.py
  • env/lib/python3.12/site-packages/pip/_internal/utils/wheel.py
  • env/lib/python3.12/site-packages/pip/_internal/vcs/__init__.py
  • env/lib/python3.12/site-packages/pip/_internal/vcs/bazaar.py
  • env/lib/python3.12/site-packages/pip/_internal/vcs/git.py
  • env/lib/python3.12/site-packages/pip/_internal/vcs/mercurial.py
  • env/lib/python3.12/site-packages/pip/_internal/vcs/subversion.py
  • env/lib/python3.12/site-packages/pip/_internal/vcs/versioncontrol.py
  • env/lib/python3.12/site-packages/pip/_internal/wheel_builder.py
  • env/lib/python3.12/site-packages/pip/_vendor/__init__.py
  • env/lib/python3.12/site-packages/pip/_vendor/cachecontrol/__init__.py
  • env/lib/python3.12/site-packages/pip/_vendor/cachecontrol/_cmd.py
  • env/lib/python3.12/site-packages/pip/_vendor/cachecontrol/adapter.py
  • env/lib/python3.12/site-packages/pip/_vendor/cachecontrol/cache.py
  • env/lib/python3.12/site-packages/pip/_vendor/cachecontrol/caches/__init__.py
  • env/lib/python3.12/site-packages/pip/_vendor/cachecontrol/caches/file_cache.py
  • env/lib/python3.12/site-packages/pip/_vendor/cachecontrol/caches/redis_cache.py
  • env/lib/python3.12/site-packages/pip/_vendor/cachecontrol/controller.py
  • env/lib/python3.12/site-packages/pip/_vendor/cachecontrol/filewrapper.py
  • env/lib/python3.12/site-packages/pip/_vendor/cachecontrol/heuristics.py
  • env/lib/python3.12/site-packages/pip/_vendor/cachecontrol/py.typed
  • env/lib/python3.12/site-packages/pip/_vendor/cachecontrol/serialize.py
  • env/lib/python3.12/site-packages/pip/_vendor/cachecontrol/wrapper.py
  • env/lib/python3.12/site-packages/pip/_vendor/certifi/__init__.py
  • env/lib/python3.12/site-packages/pip/_vendor/certifi/__main__.py
  • env/lib/python3.12/site-packages/pip/_vendor/certifi/core.py
  • env/lib/python3.12/site-packages/pip/_vendor/certifi/py.typed
  • env/lib/python3.12/site-packages/pip/_vendor/distlib/__init__.py
  • env/lib/python3.12/site-packages/pip/_vendor/distlib/compat.py
  • env/lib/python3.12/site-packages/pip/_vendor/distlib/database.py
  • env/lib/python3.12/site-packages/pip/_vendor/distlib/index.py
  • env/lib/python3.12/site-packages/pip/_vendor/distlib/locators.py
  • env/lib/python3.12/site-packages/pip/_vendor/distlib/manifest.py
  • env/lib/python3.12/site-packages/pip/_vendor/distlib/markers.py
  • env/lib/python3.12/site-packages/pip/_vendor/distlib/metadata.py
  • env/lib/python3.12/site-packages/pip/_vendor/distlib/resources.py
  • env/lib/python3.12/site-packages/pip/_vendor/distlib/scripts.py
  • env/lib/python3.12/site-packages/pip/_vendor/distlib/util.py
  • env/lib/python3.12/site-packages/pip/_vendor/distlib/version.py
  • env/lib/python3.12/site-packages/pip/_vendor/distlib/wheel.py
  • env/lib/python3.12/site-packages/pip/_vendor/distro/__init__.py
  • env/lib/python3.12/site-packages/pip/_vendor/distro/__main__.py
  • env/lib/python3.12/site-packages/pip/_vendor/distro/distro.py
  • env/lib/python3.12/site-packages/pip/_vendor/distro/py.typed
  • env/lib/python3.12/site-packages/pip/_vendor/idna/__init__.py
  • env/lib/python3.12/site-packages/pip/_vendor/idna/codec.py
  • env/lib/python3.12/site-packages/pip/_vendor/idna/compat.py
  • env/lib/python3.12/site-packages/pip/_vendor/idna/core.py
  • env/lib/python3.12/site-packages/pip/_vendor/idna/idnadata.py
  • env/lib/python3.12/site-packages/pip/_vendor/idna/intranges.py
  • env/lib/python3.12/site-packages/pip/_vendor/idna/package_data.py
  • env/lib/python3.12/site-packages/pip/_vendor/idna/py.typed
  • env/lib/python3.12/site-packages/pip/_vendor/idna/uts46data.py
  • env/lib/python3.12/site-packages/pip/_vendor/msgpack/__init__.py
  • env/lib/python3.12/site-packages/pip/_vendor/msgpack/exceptions.py
  • env/lib/python3.12/site-packages/pip/_vendor/msgpack/ext.py
  • env/lib/python3.12/site-packages/pip/_vendor/msgpack/fallback.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/__init__.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/_elffile.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/_manylinux.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/_musllinux.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/_parser.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/_structures.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/_tokenizer.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/licenses/__init__.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/licenses/_spdx.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/markers.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/metadata.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/py.typed
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/requirements.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/specifiers.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/tags.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/utils.py
  • env/lib/python3.12/site-packages/pip/_vendor/packaging/version.py
  • env/lib/python3.12/site-packages/pip/_vendor/pkg_resources/__init__.py
  • env/lib/python3.12/site-packages/pip/_vendor/platformdirs/__init__.py

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • ✅ Review completed - (🔄 Check again to review again)
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch hugging-face-spaces-setup-b7fa6

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request bootstraps the NEXUS Visual Weaver project, a governed gothic couture visual creation command center built with Gradio. It introduces prompt refinement, image generation, ST3GG security scanning, and structured export packet generation. The review highlights several critical issues: the accidental commit of a full virtual environment (env/), a concurrency bottleneck in the Hugging Face runtime cache, formatting errors in .gitignore, an accidental file (=4.57.1), and a potential OverflowError in seed resolution.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread env/bin/activate
Comment on lines +1 to +2
# This file must be used with "source bin/activate" *from bash*
# You cannot run it directly

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

The entire virtual environment directory (env/) has been committed to the repository. Virtual environments contain platform-specific binaries and large dependency trees, and should never be tracked in version control. Please remove the env/ directory from git tracking using git rm -r --cached env/ and ensure it is ignored by .gitignore.

Comment on lines +145 to +152
with _PIPELINE_CACHE_LOCK:
cached = _PIPELINE_CACHE.get(repo_id)
if cached is not None:
return cached
pipe = pipeline_cls.from_pretrained(repo_id, torch_dtype=torch_module.bfloat16, token=token)
pipe.enable_model_cpu_offload()
_PIPELINE_CACHE[repo_id] = pipe
return pipe

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Holding the _PIPELINE_CACHE_LOCK during the entire from_pretrained call is a major concurrency bottleneck. Since from_pretrained performs heavy disk and network I/O (which can take minutes), any other thread attempting to retrieve an already cached model will be blocked. Instead, you should only hold the lock when checking the cache, release it during the model loading, and re-acquire it briefly to store the loaded model.

Suggested change
with _PIPELINE_CACHE_LOCK:
cached = _PIPELINE_CACHE.get(repo_id)
if cached is not None:
return cached
pipe = pipeline_cls.from_pretrained(repo_id, torch_dtype=torch_module.bfloat16, token=token)
pipe.enable_model_cpu_offload()
_PIPELINE_CACHE[repo_id] = pipe
return pipe
with _PIPELINE_CACHE_LOCK:
cached = _PIPELINE_CACHE.get(repo_id)
if cached is not None:
return cached
pipe = pipeline_cls.from_pretrained(repo_id, torch_dtype=torch_module.bfloat16, token=token)
pipe.enable_model_cpu_offload()
with _PIPELINE_CACHE_LOCK:
_PIPELINE_CACHE[repo_id] = pipe
return pipe

Comment thread .gitignore
Comment on lines +1 to 2
```
# Python

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Markdown code block backticks (```) have been accidentally added to the beginning and end of the .gitignore file. This can interfere with git's pattern matching and should be removed.

# Python

Comment thread =4.57.1
@@ -0,0 +1,13 @@
usage: transformers <command> [<args>]

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

This file appears to have been created accidentally (likely due to a CLI redirect typo or copy-paste error) and contains the help output of the transformers CLI. It should be deleted from the repository.

Comment on lines +245 to +253
def _resolve_seed(seed_value: Any) -> int:
"""Resolve user seed input. Empty or -1 means randomize."""
try:
if seed_value is None or str(seed_value).strip() == "":
return secrets.randbelow(1_000_000_000)
seed = int(float(seed_value))
except (TypeError, ValueError):
return secrets.randbelow(1_000_000_000)
return secrets.randbelow(1_000_000_000) if seed < 0 else seed

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The _resolve_seed function can raise an unhandled OverflowError if seed_value is a string representing infinity or NaN (e.g., "inf", "nan"), because int(float(seed_value)) will raise OverflowError which is not caught by except (TypeError, ValueError):. Adding OverflowError to the caught exceptions will prevent potential runtime crashes.

Suggested change
def _resolve_seed(seed_value: Any) -> int:
"""Resolve user seed input. Empty or -1 means randomize."""
try:
if seed_value is None or str(seed_value).strip() == "":
return secrets.randbelow(1_000_000_000)
seed = int(float(seed_value))
except (TypeError, ValueError):
return secrets.randbelow(1_000_000_000)
return secrets.randbelow(1_000_000_000) if seed < 0 else seed
def _resolve_seed(seed_value: Any) -> int:
"""Resolve user seed input. Empty or -1 means randomize."""
try:
if seed_value is None or str(seed_value).strip() == "":
return secrets.randbelow(1_000_000_000)
seed = int(float(seed_value))
except (TypeError, ValueError, OverflowError):
return secrets.randbelow(1_000_000_000)
return secrets.randbelow(1_000_000_000) if seed < 0 else seed

Comment thread .gitignore
@@ -1,69 +1,60 @@
```

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: .gitignore is wrapped in fenced code block markers.

The opening ``` on line 1 (and the closing marker at EOF) makes ignore patterns literal, so entries such as .env, `env/`, `.huggingface/`, and cache files may not be ignored. Combined with the removed `.env.*`, `.envrc`, `.pem`, `.key`, and provider credential patterns, this can allow secrets or runtime artifacts to be committed.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@@ -0,0 +1,43 @@
name: CI

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: GitHub Actions workflow is nested and will not run.

GitHub only discovers workflows under the repository-root .github/workflows directory. This file is under NEXUS_Visual_Weaver/.github/workflows, so CI will not execute. If moved to the root, the install/compile/test steps also need working-directory: NEXUS_Visual_Weaver or path-prefixed commands.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@@ -0,0 +1,2 @@
* @specimba

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: CODEOWNERS file is nested and will not be applied.

GitHub CODEOWNERS must live at repository root .github/CODEOWNERS, /CODEOWNERS, or docs/CODEOWNERS; this nested path will not enforce review ownership.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

evidence={"configured": False, "scan_gate": scan.get("export_gate", "pending")},
)

image_url = _image_data_url(image_path)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: Blocked ST3GG artifacts can still be sent to MiniCPM.

judge_with_minicpm receives the scan result but does not refuse uploads/generation when export_gate is blocked or review. scan_reference and run_weave can therefore upload files that ST3GG marked for review to an external provider before export gating is resolved.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

"""
parsed = urllib.parse.urlparse(url)
if parsed.scheme not in {"http", "https"} or not parsed.netloc:
raise ValueError(f"Invalid URL: expected http(s) URL with host, got {url!r}.")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: Invalid provider URL errors can leak credential-bearing URLs.

The ValueError includes the raw url argument. If MINICPM_BASE_URL or NEMOTRON_BASE_URL is configured with query-string credentials, that value can be returned in judge evidence and written into audit/export packets.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

target = (root / f"{run_id}.json").resolve(strict=False)
if not (target == root or _is_within(target, root)):
raise ValueError("Unsafe export target path.")
target.write_text(json.dumps(packet, indent=2, ensure_ascii=True), encoding="utf-8")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: Governed export packets are written with default file permissions.

target.write_text uses the process umask, so audit packets containing prompts, scan verdicts, model stack, and override reasons may be readable by other users on the same Space/container. Use a restricted mode such as 0600 after writing.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

reference_metadata = _reference_metadata(upload, reference_url, reference_scan)
generated_scan = _authoritative_generated_scan(state)
minicpm = None
if run is not None and reference_path:

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: Reference scan accepts an arbitrary path string and can send it to an external judge.

_file_path returns any string input as a path, and this callback passes it to judge_with_minicpm when a run exists. A public API caller could point this at any server-readable image path; validate that uploaded paths come from Gradio's upload temp directory and skip provider judging when ST3GG is not clear.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.


demo.launch(
server_name="0.0.0.0",
server_port=int(os.environ.get("NEXUS_PORT", os.environ.get("PORT", "7860"))),

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: Public Gradio launch enables MCP server without auth.

mcp_server=True exposes MCP tooling through the public app surface. Unless the Space is intentionally public and the exposed tools are safe, gate this behind authentication or disable it for production.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

Comment thread modal_beast_runner.py
"torchaudio",
extra_index_url="https://download.pytorch.org/whl/cu121",
)
.add_local_dir(

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: Modal deployment uses a hard-coded local workspace path.

.add_local_dir("/workspace/NEXUS_Visual_Weaver", ...) will fail outside this exact container and can silently package the wrong tree if another workspace exists. Use a repository-relative path or pass the project root explicitly.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

accelerate>=1.12.0
transformers>=4.57.1
Pillow>=11.1.0
git+https://github.com/huggingface/diffusers.git

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: Diffusers dependency is installed from unpinned GitHub main.

git+https://github.com/huggingface/diffusers.git can change without review and break CI/runtime unexpectedly. Pin to a release or commit hash for reproducible and auditable builds.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@kilo-code-bot

kilo-code-bot Bot commented Jun 15, 2026

Copy link
Copy Markdown

Code Review Summary

Status: 10 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 3
WARNING 7
SUGGESTION 0
Issue Details (click to expand)

CRITICAL

File Line Issue
.gitignore 1 .gitignore is wrapped in fenced code block markers, making ignore patterns literal and risking secret/runtime artifact commits.
NEXUS_Visual_Weaver/.github/workflows/ci.yml 1 GitHub Actions workflow is nested under NEXUS_Visual_Weaver/.github/workflows, so GitHub will not discover or run it.
NEXUS_Visual_Weaver/src/nexus_visual_weaver/provider_runtime.py 225 Blocked or review-required ST3GG artifacts can still be uploaded to MiniCPM before export gating is resolved.

WARNING

File Line Issue
NEXUS_Visual_Weaver/.github/CODEOWNERS 1 CODEOWNERS is nested and will not be applied by GitHub.
NEXUS_Visual_Weaver/src/nexus_visual_weaver/provider_runtime.py 124 Invalid provider URL errors include the raw URL and can leak credential-bearing base URLs.
NEXUS_Visual_Weaver/src/nexus_visual_weaver/exporter.py 344 Governed export packets are written with default file permissions instead of restricted audit permissions.
NEXUS_Visual_Weaver/app.py 643 Reference scan can accept arbitrary path strings and send server-readable images to an external judge.
NEXUS_Visual_Weaver/app.py 1099 mcp_server=True exposes MCP tooling through the public Gradio surface without authentication.
modal_beast_runner.py 32 Modal deployment uses a hard-coded /workspace/NEXUS_Visual_Weaver path that is not portable.
NEXUS_Visual_Weaver/requirements.txt 7 diffusers is installed from unpinned GitHub main, creating reproducibility and supply-chain risk.
Other Observations (not in diff)

Issues found in unchanged code that cannot receive inline comments:

File Line Issue
env/ n/a A vendored virtualenv and pip package tree is included in the PR; remove generated environment artifacts.
=1.12.0, =11.1.0, =4.57.1 n/a These root files appear to be accidental command-output artifacts and should be removed.
NEXUS_Visual_Weaver/ops_audit/* n/a Generated logs, file-tree snapshots, and audit artifacts are included in the PR.
PR scope n/a The PR contains hundreds of files, including generated/vendor content, which increases review and deployment risk.
Files Reviewed (8 files with inline issues)
  • .gitignore - 1 issue
  • NEXUS_Visual_Weaver/.github/workflows/ci.yml - 1 issue
  • NEXUS_Visual_Weaver/.github/CODEOWNERS - 1 issue
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/provider_runtime.py - 2 issues
  • NEXUS_Visual_Weaver/src/nexus_visual_weaver/exporter.py - 1 issue
  • NEXUS_Visual_Weaver/app.py - 2 issues
  • modal_beast_runner.py - 1 issue
  • NEXUS_Visual_Weaver/requirements.txt - 1 issue

Fix Link

Fix these issues in Kilo Cloud


Reviewed by nex-n2-pro:free · 7,091,866 tokens

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

version https://git-lfs.github.com/spec/v1

P2 Badge Commit real README image assets

This .png is a Git LFS pointer file, not image data, and the added .gitattributes only marks PNGs as binary rather than enabling LFS filters. The README embeds these screenshot assets, so most images render as broken pointer text in a normal checkout; add the actual PNGs or configure Git LFS correctly.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

server_name="0.0.0.0",
server_port=int(os.environ.get("NEXUS_PORT", os.environ.get("PORT", "7860"))),
quiet=True,
mcp_server=True,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Install MCP support before enabling MCP

For the Space/python app.py launch path, this unconditionally asks Gradio to start an MCP server, but the checked-in NEXUS_Visual_Weaver/requirements.txt installs plain gradio==6.12.0; Gradio documents the MCP extra (pip install "gradio[mcp]") as the prerequisite for mcp_server=True (docs). A fresh install from requirements will miss the mcp dependency and fail the app launch or lose MCP support, so either depend on gradio[mcp] or gate this flag.

Useful? React with 👍 / 👎.

Comment thread modal_beast_runner.py
Comment on lines +32 to +33
.add_local_dir(
"/workspace/NEXUS_Visual_Weaver",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Mount the actual checkout path

Running this script from the submitted checkout cannot build the Modal image: the added app is under /workspace/NEXUS-Visual-Weaver/NEXUS_Visual_Weaver, but add_local_dir points to /workspace/NEXUS_Visual_Weaver, which does not exist in this repo. Modal resolves this local path before upload, so the ASGI app never receives /root/nexus and import app fails; use a path relative to this file/checkout instead.

Useful? React with 👍 / 👎.

Comment thread env/pyvenv.cfg
Comment on lines +1 to +5
home = /usr/local/bin
include-system-site-packages = false
version = 3.12.10
executable = /usr/local/bin/python3.12
command = /usr/local/bin/python -m venv /workspace/env

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep the local virtualenv out of the commit

This commit tracks the generated env/ virtualenv even though .gitignore ignores it and AGENTS.md says not to commit generated outputs/caches. The pyvenv.cfg hard-codes /workspace/env and /usr/local/bin, and the tree vendors pip/site-packages, making the repo non-portable and inflating future diffs; remove env/ from version control and recreate it from requirements.

Useful? React with 👍 / 👎.

Comment thread .gitignore

# Local secrets and credentials
.venv/
.env

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Restore ignores for env-style secret files

The new root ignore list only keeps .env, dropping the previous .env.*, .envrc, key/cert, HF cache, and Modal credential ignores. In this repo credentials are expected to live in local env/secret files, so files such as .env.local, .env.production, .modal.toml, or *.pem will now show up as untracked and can be accidentally committed; restore those secret patterns.

Useful? React with 👍 / 👎.

Comment on lines +643 to +647
if run is not None and reference_path:
minicpm = judge_with_minicpm(
prompt=getattr(getattr(run, "refined_prompt", None), "refined", DEFAULT_PROMPT),
image_path=reference_path,
scan=reference_scan,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Block provider judging for unsafe references

When a reference upload has ST3GG findings, this still sends reference_path to MiniCPM as long as a run exists; judge_with_minicpm base64-encodes the local image bytes before posting to the provider. With provider secrets configured, a PNG with trailing data or another blocked image can leak the raw hidden payload to the external judge despite the ST3GG gate, so only judge references after a clear/purified scan.

Useful? React with 👍 / 👎.

Comment on lines +447 to +451
generated_scan = scan_file(generation.output_path) if generation.output_path else scan_file(None)
minicpm = judge_with_minicpm(
prompt=run.refined_prompt.refined,
image_path=generation.output_path,
scan=generated_scan,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Gate generated artifacts before provider upload

If ST3GG marks the generated artifact blocked or under review, this path still sends generation.output_path to MiniCPM; that provider helper base64-encodes the local image before posting it. With provider secrets configured, a generated PNG containing trailing data can leave the Space before purification or human export review, so skip external judging unless the generated scan is clear or uses a sanitized derivative.

Useful? React with 👍 / 👎.

checkpoint = operator_state.get("checkpoint", getattr(run.checkpoint, "recommendation", "pending") if run else "pending")
provider_state = str(operator_state.get("provider_state", "dry-run" if run else "idle"))
generation = operator_state.get("generation") or {}
generated_uri = _image_data_uri(generation.get("output_path")) if isinstance(generation, dict) else None

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Don't embed blocked artifact bytes in preview

The artifact preview embeds generation.output_path as a data URI without checking scan.export_gate. For a generated PNG that ST3GG blocks for trailing data, the browser receives the entire original file, including hidden trailing bytes, in the HTML before purification; render a placeholder or sanitized derivative until the scan is clear.

Useful? React with 👍 / 👎.

Comment on lines +153 to +157
return {
"source": "url",
"status": "metadata_only",
"domain": parsed.netloc.lower(),
"url_hash": url_hash,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Store only the hostname for reference URLs

For a pasted URL with userinfo in the authority, such as https://user:pass@shop.example/item, parsed.netloc records user:pass@shop.example as the domain and that value flows into state and export metadata. Since this helper promises metadata-only storage, use parsed.hostname (plus an allowed port if needed) so credentials embedded in a URL are not disclosed.

Useful? React with 👍 / 👎.

Comment on lines +362 to +365
return (
gr.update(interactive=generated and not checkpoint_approved and not exported),
gr.update(interactive=generated and checkpoint_approved and not exported),
gr.update(interactive=False),

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Enable the stop control while jobs are cancellable

The UI wires Stop Job with cancels=[run_click, run_submit], but _button_updates always returns interactive=False for the stop button. During long FLUX callbacks the button never becomes clickable, so users cannot cancel the queued/running generation despite the callback wiring; make it interactive while the provider state is active and before completion.

Useful? React with 👍 / 👎.

Comment on lines +61 to +64
# Load pipeline with caching
pipe = FluxKontextPipeline.from_pretrained(
"black-forest-labs/FLUX.1-Kontext-dev",
torch_dtype=torch.bfloat16,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep Modal refinement on the pinned FLUX.2 lane

This new Modal refinement job generates/edits images with FLUX.1-Kontext-dev, while the app governance pins image generation to FLUX.2. Running this helper produces artifacts outside the audited FLUX.2 lane and its license/relay assumptions, so switch it to the approved FLUX.2 runtime or keep the helper disabled until a model-governance change is approved.

Useful? React with 👍 / 👎.

@specimba specimba merged commit 8786498 into main Jun 15, 2026
5 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants