fix: preserve ONNX external data in HF streaming

[mldangelo-oai]

Summary

• Preserve safe, declared ONNX external_data companions during Hugging Face streaming downloads.
• Download sidecars only after parsing the parent ONNX with load_external_data=False, require repo-listing membership, and keep them beside the parent until the parent scan completes.
• Keep unsafe, missing, or oversized sidecars fail-closed/visible through existing scanner checks and download budgets.

Root Cause

HF streaming selected files by scanner-owned suffix/content routing. BAAI/bge-m3 declares onnx/model.onnx_data from onnx/model.onnx, but .onnx_data is not a scanner extension, so streaming downloaded only model.onnx. The ONNX scanner then resolved the declared sidecar relative to the streamed temp path and reported a false missing-external-data warning. Local scans did not warn because the sibling file was present.

Security Tradeoffs

• Traversal, Windows absolute, backslash, missing, and non-repo-listed external paths are not downloaded or normalized into safe-looking files; OnnxScanner still sees the original model metadata and reports the existing CVE/missing checks.
• Sidecar sizes are fetched from the pinned revision and counted against max_size before download, then verified after materialization.
• Context sidecars are not yielded as standalone model scans; they are cleaned up when the generator advances/closes after the parent scan.

Pinned BGE-M3 QA

Pinned revision: BAAI/bge-m3@5617a9f61b028005a4858fdac845db406aefb181.

Pre-fix confirmation on the pinned main SHA 2f782ba1f18ab5aac4716c8c7ac6f0a16f0c6f60:

PROMPTFOO_DISABLE_TELEMETRY=1 uv run python <pinned streaming reproduction>

Outcome: streaming scanned only onnx/model.onnx (724923 bytes), exited 1, and emitted External data reference found (file may not be present): 'model.onnx_data' (389 tensors affected).

Post-fix live test:

MODELAUDIT_RUN_REAL_HF_BGE_M3=1 PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest tests/utils/sources/test_huggingface.py::TestModelDownloadStreaming::test_download_model_streaming_real_bge_m3_onnx_external_data_pinned -q

Outcome: 1 passed in 14.34s.

Post-fix streaming/local comparison script outcome:

revision 5617a9f61b028005a4858fdac845db406aefb181
sidecar_bytes 2266820608
stream_exit 2 stream_success False stream_files 1 stream_bytes 724923
stream_missing_resolved_size_weight (0, 1, 389, 1)
local_success False local_checks 400 local_bytes 724923
local_missing_resolved_size_weight (0, 1, 389, 1)

The remaining exit 2 is the existing ONNX weight-distribution coverage outcome and now matches local behavior; the missing-sidecar warning is gone.

Validation

PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest tests/utils/sources/test_huggingface.py::TestModelDownloadStreaming -k 'onnx_external_data or bge_m3' -q
PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest tests/test_streaming_scan.py -k 'hf_onnx' -q
PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest tests/utils/sources/test_huggingface.py tests/test_streaming_scan.py -q --maxfail=1
PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest tests/scanners/test_onnx_scanner.py -k 'external_data' -q --maxfail=1
uv run ruff check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
uv run ruff format --check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
uv run mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest -n auto -m "not slow and not integration" --maxfail=1
git diff --check

Outcomes: focused suites passed; full mypy passed (474 source files); full non-slow/non-integration pytest passed (18065 passed, 793 skipped, 31 warnings in 780.49s); Ruff and diff checks passed.

Follow-up Validation (4ed5fd2)

Resolved the three follow-up P2 threads:

• Selected ONNX sidecars that appear before the parent are tracked in downloaded_selected_paths, so they are not re-downloaded or counted twice under an exact max_size budget.
• HF cache .onnx snapshot aliases now keep scan identity by snapshot context, while ordinary non-sharded HF cache aliases still scan and dedupe by blob path.
• Trusted ONNX external-data symlink exceptions now require lexical snapshots/<revision>/... aliases for the same cache root/revision; arbitrary directories under models--* retain CVE-2026-34447 checks.

Pinned XLM-R streaming/local QA:

repo FacebookAI/xlm-roberta-large@c23d21b0620b635a76227c604d44e43a9f0ee389
model_size 545850
sidecar_size 2235363328
exact_max_size 2235909178
stream_summary {'success': False, 'exit': 2, 'checks': 400, 'issues': 1, 'bytes_scanned': 545850, 'files_scanned': 1, 'failed_external': 0, 'passed_external': 1, 'size_failures': 0, 'cves': []}
stream_cache_remaining_bytes 442
local_summary {'success': False, 'exit': 2, 'checks': 12, 'issues': 1, 'bytes_scanned': 2235909178, 'files_scanned': 2, 'failed_external': 0, 'passed_external': 1, 'size_failures': 0, 'cves': []}
local_download_bytes 2235909620
elapsed_seconds 29.86
ru_maxrss_kb 142528

Additional validation:

PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest tests/utils/sources/test_huggingface.py tests/test_streaming_scan.py -q --maxfail=1
# 360 passed, 1 skipped
PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest tests/scanners/test_onnx_scanner.py -k 'external_data or CVE202634447' -q --maxfail=1
# 16 passed, 233 deselected
PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest tests/test_core.py -k 'hf_snapshot or trusted_hf_alias or hf_shard or snapshot_alias' -q --maxfail=1
# 8 passed, 633 deselected
uv run ruff check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
# All checks passed
uv run ruff format --check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
# 419 files already formatted
uv run mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
# Success: no issues found in 474 source files
PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest -n auto -m "not slow and not integration" --maxfail=1
# 18554 passed, 793 skipped, 40 warnings in 780.18s
git diff --check
# clean

Follow-up Validation (da12fe6)

• Tightened HF cache external-data trust to per-file snapshots/<revision>/... symlink leaves; symlinked parent directories into blobs now retain CVE-2026-34447 coverage.
• Re-fetches previously yielded selected ONNX sidecars when delete_after_scan=True removed them before the parent ONNX scan, without double-counting the exact selected-file max-size budget.
• Added regressions for deleted selected sidecars and snapshot directory symlinks into cache blobs.
• Local validation: targeted new tests, affected HF/ONNX suites, ruff check --fix, ruff format --check, mypy, git diff --check, and PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest -n auto -m "not slow and not integration" --maxfail=1 (18556 passed, 793 skipped).

Final-head pinned XLM-R QA (da12fe667b743bad11e09caf5976ad7ad1291b84): FacebookAI/xlm-roberta-large@c23d21b0620b635a76227c604d44e43a9f0ee389, exact budget 2235909178 bytes. Streaming summary: files_scanned=1, bytes_scanned=545850, passed_external=1, failed_external=0, size_failures=0, cves=[], exit=2 only from existing fail-closed weight coverage. Local snapshot summary: files_scanned=2, bytes_scanned=2235909178, passed_external=1, failed_external=0, size_failures=0, cves=[], exit=2 for the same coverage reason. Resource evidence: elapsed_seconds=16.87, ru_maxrss_kb=154384, far below the 2.235 GB sidecar size.

[mldangelo-oai]

@codex review

[github-actions]

Workflow run and artifacts

Performance Benchmarks

Compared 12 shared benchmarks with a regression threshold of 15%.
Status: 0 regressions, 0 improved, 12 stable, 0 new, 0 missing.
Aggregate shared-benchmark median: 1.477s -> 1.504s (+1.8%).

Workload	Benchmark	Target	Size	Files	Baseline	Current	Change	Status
warm-cache-rescan	tests/benchmarks/test_scan_benchmarks.py::test_scan_warm_cached_repository_rescan	release-candidate	547.3 KiB	32	129.80ms	140.74ms	+8.4%	stable
nested-payload-review	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_nested_payload_review[nested_raw]	nested_raw	78 B	1	603.5us	579.1us	-4.1%	stable
padded-multi-stream-upload	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_padded_multi_stream_upload	multi_stream_padded	4.1 KiB	1	662.9us	639.0us	-3.6%	stable
mixed-model-repository	tests/benchmarks/test_scan_benchmarks.py::test_scan_release_candidate_repository	release-candidate	547.3 KiB	32	495.78ms	511.85ms	+3.2%	stable
direct-malicious-upload	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_direct_malicious_upload	malicious_reduce	52 B	1	529.9us	514.0us	-3.0%	stable
nested-payload-review	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_nested_payload_review[nested_base64]	nested_base64	98 B	1	602.1us	584.1us	-3.0%	stable
nested-payload-review	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_nested_payload_review[nested_hex]	nested_hex	130 B	1	632.8us	614.6us	-2.9%	stable
clean-training-checkpoint	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_clean_training_checkpoint	safe_large	278.2 KiB	1	110.72ms	109.00ms	-1.6%	stable
duplicate-heavy-registry	tests/benchmarks/test_scan_benchmarks.py::test_scan_duplicate_registry_snapshot	registry-snapshot	915.2 KiB	13	406.11ms	408.54ms	+0.6%	stable
single-checkpoint-preflight	tests/benchmarks/test_scan_benchmarks.py::test_scan_single_checkpoint_before_load	single_checkpoint.pkl	183.0 KiB	1	71.30ms	71.71ms	+0.6%	stable
suspicious-pickle-intake	tests/benchmarks/test_scan_benchmarks.py::test_scan_suspicious_pickle_intake	suspicious-intake	183.8 KiB	4	146.42ms	145.69ms	-0.5%	stable
chunked-upload-stream	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_chunked_upload_stream	chunked_stream	278.2 KiB	1	113.60ms	113.37ms	-0.2%	stable

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b7e346ab85

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. 👍

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. You're on a roll.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

Additional pinned QA: FacebookAI/xlm-roberta-large@c23d21b0620b635a76227c604d44e43a9f0ee389 includes onnx/model.onnx plus a declared 2.235 GB onnx/model.onnx_data, but origin/main reports the sidecar as possibly absent. Please run streaming and local-directory scans against the PR head and confirm the false missing-sidecar warning is gone while missing, escaping, swapped, and oversized controls still fail closed. Auto-merge is paused pending this proof.

[mldangelo-oai]

Pinned XLM-R ONNX external_data QA on exact PR head 7975772a514ffbe534a3f4b2b48e25b535c8a679.

Target:

• FacebookAI/xlm-roberta-large@c23d21b0620b635a76227c604d44e43a9f0ee389
• Remote metadata confirmed: onnx/model.onnx = 545850 bytes, onnx/model.onnx_data = 2235363328 bytes.

Commands run:

git fetch origin main
git fetch origin mdangelo/codex/hf-fp-t08-onnx-external-data-streaming-20260610
gh pr view 1635 --repo promptfoo/modelaudit --json headRefOid,headRefName,baseRefOid,mergeStateStatus,reviewDecision,url
PROMPTFOO_DISABLE_TELEMETRY=1 uv run python - <<'PY'
# HfApi().repo_info(repo_id, revision=revision, files_metadata=True)
# patch _list_repo_files_with_timeout -> (repo_files, revision, None)
# scan_model_streaming(download_model_streaming(url, cache_dir=None, max_size=2236000000,
#   timeout_seconds=7200, scannable_extensions={'.onnx'}, scannable_scanner_ids={'onnx'}),
#   timeout=7200, delete_after_scan=False, cache_enabled=False, scanners=['onnx'], skip_file_types=False)
PY
PROMPTFOO_DISABLE_TELEMETRY=1 uv run python - <<'PY'
# scan_model_directory_or_file('~/.cache/huggingface/hub/models--FacebookAI--xlm-roberta-large/snapshots/c23d21b0620b635a76227c604d44e43a9f0ee389/onnx',
#   cache_enabled=False, scanners=['onnx'], skip_file_types=False)
PY

Terminal outcomes:

• Streaming HF ONNX-only scan: scanner_names=['onnx'], files_scanned=1, bytes_scanned=545850, issue_count=1, failed_check_count=1, exit_code=2.
  • External Data Reference Check: resolved model.onnx_data = 1, missing model.onnx_data = 0.
  • External Data Size Validation: passed 389, failed 0.
  • Only failed check was unrelated fail-closed coverage: Weight Distribution Analysis Coverage / onnx_weight_distribution_analysis_incomplete / partial_initializer_coverage.
  • Peak RSS proxy: self 130052 KiB, child 127408 KiB.
• Local-directory ONNX-only scan over the cached snapshot .../snapshots/c23d21b0620b635a76227c604d44e43a9f0ee389/onnx: scanner_names=['onnx'], files_scanned=2, bytes_scanned=2235909178, issue_count=1, failed_check_count=1, exit_code=2.
  • External Data Reference Check: resolved model.onnx_data = 1, missing model.onnx_data = 0.
  • External Data Size Validation: passed 1, failed 0 after aggregation.
  • Only failed check was the same unrelated fail-closed weight-distribution coverage check.
  • Peak RSS proxy: self 140588 KiB, child 0 KiB.

Bounded-read evidence: the ONNX parent is parsed with load_external_data=False; sidecar validation uses Hugging Face size metadata and filesystem stat() on the downloaded sidecar. The 2.235 GB sidecar was resolved without reading it into Python scanner memory; the RSS numbers above stay far below sidecar size.

Controls preserved:

PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest -q tests/test_streaming_scan.py::test_scan_model_directory_hf_cache_onnx_external_data_uses_snapshot_alias tests/test_streaming_scan.py::test_scan_model_streaming_hf_onnx_external_data_sidecar_matches_local_directory tests/test_streaming_scan.py::test_scan_model_streaming_hf_onnx_missing_external_data_still_warns tests/test_streaming_scan.py::test_scan_model_streaming_hf_onnx_escaping_external_data_remains_cve tests/utils/sources/test_huggingface.py::TestModelDownloadStreaming::test_download_model_streaming_preserves_onnx_external_data_before_parent_yield tests/utils/sources/test_huggingface.py::TestModelDownloadStreaming::test_download_model_streaming_preserves_content_routed_renamed_onnx_external_data tests/utils/sources/test_huggingface.py::TestModelDownloadStreaming::test_download_model_streaming_include_all_counts_selected_onnx_sidecar_once tests/utils/sources/test_huggingface.py::TestModelDownloadStreaming::test_download_model_streaming_default_hf_cache_preserves_onnx_external_data_sidecar tests/utils/sources/test_huggingface.py::TestModelDownloadStreaming::test_download_model_streaming_does_not_fetch_escaping_onnx_external_data tests/utils/sources/test_huggingface.py::TestModelDownloadStreaming::test_download_model_streaming_blocks_oversized_onnx_external_data
# 10 passed
PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest -q tests/scanners/test_onnx_scanner.py::test_onnx_scanner_external_data_missing tests/scanners/test_onnx_scanner.py::test_onnx_scanner_external_data_exists tests/scanners/test_onnx_scanner.py::TestCVE202551480SavePathTraversal tests/scanners/test_onnx_scanner.py::TestCVE202634447SymlinkTraversal tests/scanners/test_onnx_scanner.py::TestCVE202427318NestedPathTraversal tests/scanners/test_onnx_scanner.py::TestExternalDataSizeValidation
# 44 passed
PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest -q tests/test_streaming_scan.py::test_scan_model_streaming_keeps_hf_snapshot_symlink_families_separate tests/test_streaming_scan.py::test_cross_directory_shard_reconciliation_rejects_sequential_hardlinks tests/test_streaming_scan.py::test_scan_model_streaming_does_not_reconcile_duplicate_shard_targets tests/test_streaming_scan.py::test_scan_model_streaming_symlink_outside_directory_matches_normal_scan tests/test_streaming_scan.py::test_scan_model_streaming_symlink_outside_directory_without_safe_files_returns_security_exit_code tests/test_streaming_scan.py::test_scan_model_streaming_hf_cache_symlink_allowed tests/test_streaming_scan.py::test_scan_model_streaming_hf_home_cache_symlink_allowed tests/test_streaming_scan.py::test_scan_model_streaming_symlink_reports_source_path_consistently tests/test_streaming_scan.py::test_scan_model_streaming_hf_cache_symlink_reports_snapshot_path tests/test_streaming_scan.py::test_scan_model_streaming_oversized_renamed_safetensors_fails_before_hashing tests/utils/file/test_advanced_file_handler.py::TestShardedModelDetector::test_validated_shard_target_mapping_rejects_alias_swap tests/utils/file/test_advanced_file_handler.py::TestShardedModelDetector::test_shard_target_swap_after_detection_fails_closed tests/utils/file/test_advanced_file_handler.py::TestShardedModelDetector::test_shard_target_swap_during_scan_discards_clean_result tests/utils/file/test_advanced_file_handler.py::TestShardedModelDetector::test_shard_target_swap_during_scan_preserves_security_findings tests/utils/file/test_advanced_file_handler.py::TestShardedModelDetector::test_sharded_model_rejects_config_symlink_swap_without_nofollow tests/utils/file/test_advanced_file_handler.py::TestAdvancedFileHandler::test_duplicate_hardlinked_shard_family_members_are_not_cacheable
# 16 passed
PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest -q tests/test_streaming_scan.py tests/scanners/test_onnx_scanner.py tests/utils/sources/test_huggingface.py
# 604 passed, 1 skipped, 1 warning
uv run ruff check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
# All checks passed
uv run ruff format --check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
# 419 files already formatted
uv run mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
# Success: no issues found in 474 source files
git diff --check
# clean

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7975772a51

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

CI diagnosis for current head 7975772a: Quick Feedback (3.12), Python 3.13, and Windows all fail the same deterministic regression: tests/test_core.py::test_directory_scan_does_not_reresolve_trusted_hf_alias, where alias_resolve_calls is 2 but expected 1. Please include this exact cross-platform failure in the current follow-up fix and rerun the focused test before pushing.

[mldangelo-oai]

@codex review

Fresh exact-head review requested for commit 4ed5fd23b8e9f5672cf957a4529c6e183cc16166.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4ed5fd23b8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

@codex review

Fresh exact-head review requested for commit da12fe667b743bad11e09caf5976ad7ad1291b84.

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. 🚀

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

@codex review

CI is green on head da12fe667b743bad11e09caf5976ad7ad1291b84; requesting fresh exact-head review for code-owner approval readiness.

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Keep it up!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8411e1104f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 500064663d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: efdd9159d7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9a8f5c676d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f81171fb9b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f9ff39421e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".