Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
93 changes: 42 additions & 51 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,69 +1,60 @@
```

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: .gitignore is wrapped in fenced code block markers.

The opening ``` on line 1 (and the closing marker at EOF) makes ignore patterns literal, so entries such as .env, `env/`, `.huggingface/`, and cache files may not be ignored. Combined with the removed `.env.*`, `.envrc`, `.pem`, `.key`, and provider credential patterns, this can allow secrets or runtime artifacts to be committed.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

# Python
Comment on lines +1 to 2

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Markdown code block backticks (```) have been accidentally added to the beginning and end of the .gitignore file. This can interfere with git's pattern matching and should be removed.

# Python

__pycache__/
*.py[cod]
*$py.class
.pytest_cache/
pytest-cache-files-*/
.mypy_cache/
.ruff_cache/
.coverage
.coverage.*
htmlcov/
.tox/
.nox/

# Packaging/build artifacts
*.so
.Python
build/
develop-eggs/
dist/
*.egg-info/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST

# Virtual environments
.venv/
venv/
# Virtual Environment
env/
venv/
ENV/
env.bak/
venv.bak/

# Local secrets and credentials
.venv/
.env

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Restore ignores for env-style secret files

The new root ignore list only keeps .env, dropping the previous .env.*, .envrc, key/cert, HF cache, and Modal credential ignores. In this repo credentials are expected to live in local env/secret files, so files such as .env.local, .env.production, .modal.toml, or *.pem will now show up as untracked and can be accidentally committed; restore those secret patterns.

Useful? React with 👍 / 👎.

.env.*
!.env.example
.envrc
*.pem
*.key
*.p12
*.pfx
.huggingface/
.cache/huggingface/
.hf-upload-cache/
.modal.toml
.netrc
.pypirc

# App/runtime outputs
.gradio/
.playwright-mcp/
server*.log
*.log
outputs/
nexus-visual-weaver-command-center*.png

# Codex/local tool state
.codex-home/
outputs/moodboards/*/.codex-home/
# IDE
.vscode/
.idea/

# Notebooks/docs build
.ipynb_checkpoints/
docs/_build/
site/
# Logs
*.log
logs/
Comment on lines +36 to +38

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Ignore generated runtime outputs

This replacement ignore list omits outputs/, even though the app writes generated PNGs under outputs/runtime and export packets under outputs/exports. After a normal local run those generated artifacts and audit JSON files will appear as untracked and can be accidentally committed, so restore the runtime output ignore patterns.

Useful? React with 👍 / 👎.


# OS/editor noise
# OS
.DS_Store
Thumbs.db
.idea/
.vscode/
tempCodeRunnerFile.py

# Testing
.coverage
htmlcov/
.coverage.*
.cache
.pytest_cache/
.hypothesis/

# Security
ops_audit/build_logs.txt
ops_audit/run_logs.txt

# Modal
.modal/
modal_storage/

```
Empty file added =1.12.0
Empty file.
Empty file added =11.1.0
Empty file.
13 changes: 13 additions & 0 deletions =4.57.1
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
usage: transformers <command> [<args>]

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

This file appears to have been created accidentally (likely due to a CLI redirect typo or copy-paste error) and contains the help output of the transformers CLI. It should be deleted from the repository.


positional arguments:
{chat,convert,download,env,run,serve,add-new-model-like,add-fast-image-processor}
transformers command helpers
convert CLI tool to run convert model from original author
checkpoints to Transformers PyTorch checkpoints.
run Run a pipeline through the CLI
serve CLI tool to run inference requests through REST and
GraphQL endpoints.

options:
-h, --help show this help message and exit
40 changes: 40 additions & 0 deletions NEXUS_Visual_Weaver/.coderabbit.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
language: en-US
early_access: false
reviews:
profile: assertive
request_changes_workflow: true
high_level_summary: true
high_level_summary_instructions: |
Summarize this PR as work on NEXUS Visual Weaver, a Hugging Face Build Small
Hackathon Gradio command-center for governed visual creation. Lead with
user-facing dashboard/workflow impact, then model-governance impact, then
security/export-gate impact, then verification evidence.

Preserve these project anchors in summaries when relevant:
- FLUX.2 is the pinned image-generation lane.
- NVIDIA LocateAnything-3B is the pinned grounding lane.
- ST3GG is the always-on security/export gate.
- Adult Mode must remain opt-in and must not disable provenance, consent,
age, export, dataset-partition, or ST3GG gates.
- ModelRelay/GMR helper rotation is quota-aware and only applies to helper
lanes, not pinned core lanes.

Avoid marketing filler, poems, exaggerated claims, or claims that provider
calls actually ran unless tests or logs prove it. Distinguish implemented
runtime behavior from dry-run preview surfaces and planning scaffolds.
poem: false
review_status: true
collapse_walkthrough: false
path_filters:
- "!outputs/**"
- "!**/__pycache__/**"
- "!pytest-cache-files-*/**"
path_instructions:
- path: "src/nexus_visual_weaver/**"
instructions: "Focus on Gradio runtime correctness, defensive security gates, model-lane governance, parameter-budget logic, and test coverage for fallback behavior."
- path: "app.py"
instructions: "Check that UI callbacks update the intended regions, never leak secrets, and keep Adult Mode security gates active."
- path: "tests/**"
instructions: "Prefer focused regression tests for workflow routing, ST3GG evidence, catalog filtering, and ModelRelay quota behavior."
chat:
auto_reply: true
9 changes: 9 additions & 0 deletions NEXUS_Visual_Weaver/.env.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Copy to .env locally or configure these as Hugging Face Space secrets.
# Never commit real values.

HF_TOKEN=
MODAL_TOKEN_ID=
MODAL_TOKEN_SECRET=
OPENAI_API_KEY=
NEXUS_PORT=7860

11 changes: 11 additions & 0 deletions NEXUS_Visual_Weaver/.gitattributes
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
* text=auto eol=lf
*.py text eol=lf
*.md text eol=lf
*.yml text eol=lf
*.yaml text eol=lf
*.json text eol=lf
*.png binary
*.jpg binary
*.jpeg binary
*.webp binary

2 changes: 2 additions & 0 deletions NEXUS_Visual_Weaver/.github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
* @specimba

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: CODEOWNERS file is nested and will not be applied.

GitHub CODEOWNERS must live at repository root .github/CODEOWNERS, /CODEOWNERS, or docs/CODEOWNERS; this nested path will not enforce review ownership.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.


19 changes: 19 additions & 0 deletions NEXUS_Visual_Weaver/.github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
## What Changed
-

## Why
-

## Safety Gates
- [ ] No secrets, tokens, generated auth folders, or provider credentials are committed.
- [ ] Adult catalog behavior remains opt-in and does not disable ST3GG, consent, provenance, export, or dataset gates.
- [ ] Pinned lanes remain pinned: FLUX.2 image generation, LocateAnything grounding, ST3GG security.
- [ ] Generated outputs, moodboards, logs, caches, and local previews stay untracked.

## Verification
- [ ] `python -m compileall app.py src tests`
- [ ] `python -m pytest -q tests -p no:cacheprovider --basetemp=C:\tmp\pytest-nvw-full`

## Screenshots / Notes
-

43 changes: 43 additions & 0 deletions NEXUS_Visual_Weaver/.github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: CI

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: GitHub Actions workflow is nested and will not run.

GitHub only discovers workflows under the repository-root .github/workflows directory. This file is under NEXUS_Visual_Weaver/.github/workflows, so CI will not execute. If moved to the root, the install/compile/test steps also need working-directory: NEXUS_Visual_Weaver or path-prefixed commands.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.


on:
pull_request:
push:
branches:
- main

permissions:
contents: read

jobs:
test:
name: Python tests
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
cache: pip

- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install -r requirements.txt

- name: Compile
run: python -m compileall app.py src tests

- name: Import app
env:
NEXUS_DISABLE_REAL_HF: "1"
run: python -c "import app; print('app import ok')"

- name: Test
env:
NEXUS_DISABLE_REAL_HF: "1"
PYTEST_DISABLE_PLUGIN_AUTOLOAD: "1"
run: python -m pytest -q tests -p no:cacheprovider
69 changes: 69 additions & 0 deletions NEXUS_Visual_Weaver/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
# Python
__pycache__/
*.py[cod]
*$py.class
.pytest_cache/
pytest-cache-files-*/
.mypy_cache/
.ruff_cache/
.coverage
.coverage.*
htmlcov/
.tox/
.nox/

# Packaging/build artifacts
build/
dist/
*.egg-info/
.eggs/
*.egg
MANIFEST

# Virtual environments
.venv/
venv/
env/
ENV/
env.bak/
venv.bak/

# Local secrets and credentials
.env
.env.*
!.env.example
.envrc
*.pem
*.key
*.p12
*.pfx
.huggingface/
.cache/huggingface/
.hf-upload-cache/
.modal.toml
.netrc
.pypirc

# App/runtime outputs
.gradio/
.playwright-mcp/
server*.log
*.log
outputs/
nexus-visual-weaver-command-center*.png

# Codex/local tool state
.codex-home/
outputs/moodboards/*/.codex-home/

# Notebooks/docs build
.ipynb_checkpoints/
docs/_build/
site/

# OS/editor noise
.DS_Store
Thumbs.db
.idea/
.vscode/
tempCodeRunnerFile.py
31 changes: 31 additions & 0 deletions NEXUS_Visual_Weaver/AGENTS.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# AGENTS.md

## Operating Rules

- Keep changes scoped and verifiable.
- Prefer focused tests over broad, slow runs.
- Do not launch long-running local servers unless the user asks for visual validation.
- Do not commit generated outputs, local logs, caches, preview artifacts, or credentials.
- Use Hugging Face Space secrets and local `.env` files for provider credentials.
- Preserve the pinned lanes unless the user explicitly approves a model-governance change:
- FLUX.2 for image generation
- LocateAnything-3B for grounding
- ST3GG for security/export review

## Verification

Use these gates before claiming completion:

```powershell
python -m compileall app.py src tests
$env:PYTEST_DISABLE_PLUGIN_AUTOLOAD='1'
python -m pytest -q tests -p no:cacheprovider --basetemp=C:\tmp\pytest-nvw-full
```

## Review Focus

- Gradio callback wiring and region updates.
- Adult Mode starts off and never disables safety gates.
- ModelRelay respects parameter, license, quota, cooldown, and pinned-lane rules.
- ST3GG scan results do not expose payload bytes or raw hidden content.

Loading
Loading