fix: preserve OpenVINO companions in HF streaming

[mldangelo-oai]

Summary

Fixes Hugging Face OpenVINO XML/BIN companion handling so streaming and delete-after-scan workflows preserve the logical model pair. Selected OpenVINO XML files now pull in exact same-stem .bin companions before size checks, stream the XML as the logical scan unit, and keep the companion staged until the XML scan consumes it.

Root cause: HF streaming could select or yield OpenVINO XML/BIN files independently, so delete-after-scan could remove the .bin before the XML scanner checked it, producing false S701 missing-sidecar findings. Local scans could also route a declared OpenVINO weights .bin as generic PyTorch/binary/protobuf content, producing false S901 failures.

Security tradeoffs

Standalone .bin routing is suppressed only for a same-stem .xml that is locally accepted by OpenVinoScanner.can_handle() and when OpenVINO is selected/allowed. Remote companion inclusion is likewise gated by bounded content routing of the XML as OpenVINO (or inconclusive XML model routing). Non-OpenVINO XML near-matches still yield and scan their .bin independently.

Fail-closed behavior is preserved: missing companions still report S701, symlink/path traversal companions remain critical, unconsumed deferred sidecars fall back to standalone scanning, and sidecars changed while preserved for XML scan produce an operationally incomplete exit 2 result. OpenVINO scanner-side max file size enforcement now also covers associated .bin weights.

Validation

• uv run ruff format modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/ -> clean
• uv run ruff check --fix modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/ -> all checks passed
• uv run mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/ -> success, no issues in 474 files
• Focused merged regressions -> 6 passed
• Affected suite: tests/scanners/test_openvino_scanner.py tests/test_streaming_scan.py tests/utils/sources/test_huggingface.py tests/test_scanner_selection.py tests/cache/test_cache_correctness.py -> 569 passed, 5 skipped
• Broad local suite: PROMPTFOO_DISABLE_TELEMETRY=1 NO_ANALYTICS=1 uv run pytest -n auto -m "not slow and not integration" --maxfail=1 -> 17388 passed, 1292 skipped, 39 warnings in 809.04s
• git diff --check origin/main...HEAD -> clean
• GitHub CI on cb375ae849cfec011a6154c5724faf29b249706f -> green, including Python 3.10, Quick Feedback Python 3.12, Python 3.13, Windows Python 3.11, lint, type check, CodeQL, docs, Docker CI, dependency audit, benchmarks, and CI Success
• Codex review on current head -> no major issues; no unresolved review threads

Pinned real-model QA command:

PROMPTFOO_DISABLE_TELEMETRY=1 NO_ANALYTICS=1 uv run python - <<'PY'
from __future__ import annotations

import json
from pathlib import Path
from tempfile import TemporaryDirectory

from huggingface_hub import snapshot_download

from modelaudit.core import determine_exit_code, scan_model_directory_or_file, scan_model_streaming
from modelaudit.utils.sources.huggingface import download_model_streaming

MODELS = [
    ("sentence-transformers/all-MiniLM-L6-v2", "1110a243fdf4706b3f48f1d95db1a4f5529b4d41"),
    ("sentence-transformers/all-mpnet-base-v2", "e8c3b32edf5434bc2275fc9bab85f82640a19130"),
]
OPENVINO_XML_BASENAMES = {"openvino_model.xml", "openvino_model_qint8_quantized.xml"}
MAX_BYTES = 800_000_000


def summarize(result):
    interesting = []
    for record in [*result.checks, *result.issues]:
        rule_code = getattr(record, "rule_code", None)
        message = getattr(record, "message", "")
        name = getattr(record, "name", None)
        if rule_code in {"S701", "S901"} or "weights file not found" in message.lower():
            interesting.append({"rule_code": rule_code, "name": name, "message": message, "location": getattr(record, "location", None)})
    return {
        "exit": determine_exit_code(result),
        "success": result.success,
        "has_errors": result.has_errors,
        "files_scanned": result.files_scanned,
        "scanners": result.scanner_names,
        "interesting": interesting,
    }


out = []
for repo_id, revision in MODELS:
    with TemporaryDirectory(prefix="modelaudit-t07-local-") as tmp:
        local_path = snapshot_download(repo_id=repo_id, revision=revision, allow_patterns=["openvino/*"], local_dir=Path(tmp) / "snapshot")
        local_result = scan_model_directory_or_file(local_path, cache_enabled=False, skip_file_types=True, max_file_size=MAX_BYTES)
    with TemporaryDirectory(prefix="modelaudit-t07-stream-") as tmp:
        stream_result = scan_model_streaming(
            download_model_streaming(
                f"https://huggingface.co/{repo_id}/tree/{revision}",
                cache_dir=Path(tmp),
                max_size=MAX_BYTES,
                scannable_extensions=set(),
                scannable_filenames=OPENVINO_XML_BASENAMES,
            ),
            timeout=300,
            delete_after_scan=True,
            cache_enabled=False,
            max_file_size=MAX_BYTES,
        )
    local_summary = summarize(local_result)
    stream_summary = summarize(stream_result)
    out.append({
        "repo_id": repo_id,
        "revision": revision,
        "local": local_summary,
        "streaming": stream_summary,
        "exit_agree": local_summary["exit"] == stream_summary["exit"],
        "no_missing_declared_companions": not local_summary["interesting"] and not stream_summary["interesting"],
    })
print(json.dumps(out, indent=2, sort_keys=True))
assert all(item["exit_agree"] for item in out)
assert all(item["no_missing_declared_companions"] for item in out)
assert all(item["local"]["exit"] == 0 and item["streaming"]["exit"] == 0 for item in out)
PY

Pinned real-model outcomes:

• sentence-transformers/all-MiniLM-L6-v2 @ 1110a243fdf4706b3f48f1d95db1a4f5529b4d41: local exit 0, streaming exit 0, both scanners=["openvino"], no S701/S901/missing-sidecar records.
• sentence-transformers/all-mpnet-base-v2 @ e8c3b32edf5434bc2275fc9bab85f82640a19130: local exit 0, streaming exit 0, both scanners=["openvino"], no S701/S901/missing-sidecar records.

Additional HF sweep QA on current head:

• sentence-transformers/all-MiniLM-L12-v2 @ a50ef00143b4d5391434df20ae11632588ac25be: local exit 0, streaming exit 0, scanners=["openvino"], no S701/S901/missing-sidecar records.
• intfloat/multilingual-e5-base @ d128750597153bb5987e10b1c3493a34e5a4502a: local exit 0, streaming exit 0, scanners=["openvino"], no S701/S901/missing-sidecar records. This model's selected OpenVINO files total 1,110,184,232 bytes, so the bounded validation used MAX_BYTES=1_200_000_000 after confirming the 900 MB cap fails closed.

[mldangelo-oai]

@codex review

[github-actions]

Workflow run and artifacts

Performance Benchmarks

Compared 12 shared benchmarks with a regression threshold of 15%.
Status: 0 regressions, 0 improved, 12 stable, 0 new, 0 missing.
Aggregate shared-benchmark median: 1.437s -> 1.457s (+1.4%).

Workload	Benchmark	Target	Size	Files	Baseline	Current	Change	Status
warm-cache-rescan	tests/benchmarks/test_scan_benchmarks.py::test_scan_warm_cached_repository_rescan	release-candidate	547.3 KiB	32	91.10ms	100.94ms	+10.8%	stable
nested-payload-review	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_nested_payload_review[nested_hex]	nested_hex	130 B	1	547.2us	534.1us	-2.4%	stable
direct-malicious-upload	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_direct_malicious_upload	malicious_reduce	52 B	1	448.8us	458.2us	+2.1%	stable
single-checkpoint-preflight	tests/benchmarks/test_scan_benchmarks.py::test_scan_single_checkpoint_before_load	single_checkpoint.pkl	183.0 KiB	1	74.92ms	75.79ms	+1.2%	stable
nested-payload-review	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_nested_payload_review[nested_raw]	nested_raw	78 B	1	509.4us	503.6us	-1.2%	stable
mixed-model-repository	tests/benchmarks/test_scan_benchmarks.py::test_scan_release_candidate_repository	release-candidate	547.3 KiB	32	487.09ms	492.36ms	+1.1%	stable
padded-multi-stream-upload	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_padded_multi_stream_upload	multi_stream_padded	4.1 KiB	1	562.5us	568.0us	+1.0%	stable
duplicate-heavy-registry	tests/benchmarks/test_scan_benchmarks.py::test_scan_duplicate_registry_snapshot	registry-snapshot	915.2 KiB	13	408.33ms	412.09ms	+0.9%	stable
chunked-upload-stream	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_chunked_upload_stream	chunked_stream	278.2 KiB	1	115.93ms	116.51ms	+0.5%	stable
clean-training-checkpoint	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_clean_training_checkpoint	safe_large	278.2 KiB	1	112.78ms	113.20ms	+0.4%	stable
suspicious-pickle-intake	tests/benchmarks/test_scan_benchmarks.py::test_scan_suspicious_pickle_intake	suspicious-intake	183.8 KiB	4	144.22ms	143.88ms	-0.2%	stable
nested-payload-review	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_nested_payload_review[nested_base64]	nested_base64	98 B	1	504.6us	504.8us	+0.0%	stable

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 51ad6e285f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

@codex review\n\nHead SHA: 545c3f3

[mldangelo-oai]

@codex address that feedback. Address all four currently unresolved threads on the exact current head, including staged companion hashing, scanner-selection-aware sidecar suppression, fail-closed oversize OpenVINO weights, and the Code Quality logging fix. Add focused end-to-end regressions, preserve bounded behavior, push a new head, and report tests.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 545c3f3162

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

@codex review

Head SHA: 6a21bcd

[mldangelo-oai]

@codex review

Head SHA: 19eeffb

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 19eeffb04c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

@codex review

Head SHA: 8f686ea

[chatgpt-codex-connector]

Summary

• Added scanner-selection awareness to OpenVINO .bin sidecar suppression, so sidecars are only suppressed when the OpenVINO scanner is allowed; otherwise selected .bin scanners can still inspect the file. modelaudit/core.pyL3654-L3659 modelaudit/core.pyL4554-L4564
• Added staged OpenVINO companion hashing for streaming scans, including de-duplication and bounded-hash fallback to mark aggregate hashes incomplete when max-size limits prevent hashing. modelaudit/core.pyL4361-L4364 modelaudit/core.pyL4640-L4675
• Preserved the requested Code Quality logging fix for partial identity snapshots: the TOCTOU/inaccessible-target fallback now has an explanatory comment and debug logging with exc_info=True. modelaudit/core.pyL652-L674
• Made OpenVINO oversize weights fail closed by returning success=False whenever the scanner records an operational error for oversized .bin weights. modelaudit/scanners/openvino_scanner.pyL214-L235 modelaudit/scanners/openvino_scanner.pyL377-L378
• Added focused regressions for prefetched companion hashing, XML-first companion consumption hashing, scanner-selection-aware sidecar suppression, and oversize OpenVINO weights fail-closed behavior. tests/test_streaming_scan.pyL1444-L1498 tests/scanners/test_openvino_scanner.pyL513-L530
• Committed changes on the current branch: aec446bf74cb72f8e908c89d97ed3751f2a273c7.

Testing

• ✅ PROMPTFOO_DISABLE_TELEMETRY=1 NO_ANALYTICS=1 uv run pytest tests/test_streaming_scan.py::test_scan_model_streaming_preserves_openvino_companion_when_bin_arrives_first tests/test_streaming_scan.py::test_scan_model_streaming_openvino_xml_with_prefetched_companion tests/test_streaming_scan.py::test_scan_model_streaming_hashes_prefetched_openvino_companion tests/test_streaming_scan.py::test_scan_model_streaming_hashes_openvino_companion_before_consuming_later_yield tests/test_streaming_scan.py::test_openvino_sidecar_suppression_honors_scanner_selection tests/test_streaming_scan.py::test_scan_model_streaming_openvino_missing_companion_still_reports_s701 tests/test_streaming_scan.py::test_scan_model_streaming_openvino_companion_swap_fails_closed tests/scanners/test_openvino_scanner.py::test_openvino_scanner_oversize_weights_fail_closed -q
• ✅ uv run ruff format modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
• ✅ uv run ruff check --fix modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
• ✅ uv run mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
• ✅ PROMPTFOO_DISABLE_TELEMETRY=1 NO_ANALYTICS=1 uv run pytest tests/test_streaming_scan.py tests/scanners/test_openvino_scanner.py -q
• ✅ git diff --check
• ⚠️ PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest -n auto -m "not slow and not integration" --maxfail=1 -x -q — incomplete in this non-interactive session; stopped after prolonged runtime/stall around 71%, with no final pytest failure report emitted before termination.

View task →

[mldangelo-oai]

@codex review the exact current head after the OpenVINO companion fixes. Recheck scanner selection, sidecar hashing, oversize fail-closed behavior, and Code Quality scope.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8f686eaba6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

@codex review

Head SHA: 6cae37f

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Another round soon, please!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

@codex review

Head SHA: b0b4b54

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Swish!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

@codex review

Head SHA: cb375ae

[mldangelo-oai]

@codex review

Head SHA: cb375ae

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Hooray!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

Pinned QA input from the HF sweep: sentence-transformers/all-MiniLM-L12-v2@a50ef00143b4d5391434df20ae11632588ac25be and intfloat/multilingual-e5-base@d128750597153bb5987e10b1c3493a34e5a4502a both contain matching openvino_model.xml/.bin pairs, but current main emits S701 saying the exact existing .bin path is missing; rank 173 also routes the .bin as pytorch_binary. Please validate the current head makes the XML own its companion, scans it with OpenVINO context, and emits no S701 while preserving missing/traversal/mismatch controls.

[mldangelo-oai]

Additional HF sweep validation on current head cb375ae849cfec011a6154c5724faf29b249706f:

• sentence-transformers/all-MiniLM-L12-v2@a50ef00143b4d5391434df20ae11632588ac25be: local exit 0, streaming exit 0, scanners=["openvino"], no S701/S901/missing-sidecar records.
• intfloat/multilingual-e5-base@d128750597153bb5987e10b1c3493a34e5a4502a: local exit 0, streaming exit 0, scanners=["openvino"], no S701/S901/missing-sidecar records.

Command was the same local-vs-streaming OpenVINO-only reproducer used in the PR body, limited to allow_patterns=["openvino/*"] and scannable_filenames={"openvino_model.xml", "openvino_model_qint8_quantized.xml"}. The first pass intentionally failed closed at a 900 MB cap for intfloat/multilingual-e5-base because the selected OpenVINO files total 1,110,184,232 bytes; rerun succeeded with MAX_BYTES=1_200_000_000.

[mldangelo-oai]

Auto-merge is temporarily disabled for one additional pinned OpenVINO QA case. mixedbread-ai/mxbai-embed-large-v1@b33106f585b9ce46904ad7443a3b52b7a63e231c reports existing openvino/openvino_model.bin and openvino_model_qint8_quantized.bin as missing companions on main 8d6c4864. @codex run selected-file/current-head QA for both pairs, preserve missing/truncated/mismatched companion detection, and re-enable only after exact-head review and green CI.

[chatgpt-codex-connector]

Summary

• Reviewed exact current head cb375ae849cfec011a6154c5724faf29b249706f; no code changes were needed, so I did not commit or create a new PR.
• Confirmed the current HF streaming path only expands OpenVINO companions when OpenVINO is selected/allowed, stages exact XML/BIN pairs, and yields the XML as the logical scan unit.
• Confirmed local directory scans schedule same-stem OpenVINO .bin companions into aggregate hash coverage when the XML is selected for OpenVINO.
• Confirmed streaming scans defer bin-first OpenVINO sidecars before extension skip filtering, hash companions before XML scan, count companion bytes, and detect companion mutation during scan.
• Confirmed missing, escaping, and changed OpenVINO companions remain covered by focused regressions.
• Confirmed the Code Quality logging fix is still scoped to the TOCTOU/inaccessible-target fallback with explanatory comment and debug logging.
• Confirmed oversized OpenVINO weights fail closed by setting operational-error metadata and finishing unsuccessful when the operational error is present.
• Confirmed existing tests cover the exact two selected mixedbread-style OpenVINO pair names: openvino_model.xml/.bin and openvino_model_qint8_quantized.xml/.bin.

Testing

• ✅ PROMPTFOO_DISABLE_TELEMETRY=1 NO_ANALYTICS=1 uv run python - <<'PY' ... PY — local simulated selected-file/current-head QA for both pinned mixedbread pair names passed: local exit 0, streaming exit 0, scanners=["openvino"], no S701, no S901, and no missing-sidecar records.
• ✅ PROMPTFOO_DISABLE_TELEMETRY=1 NO_ANALYTICS=1 uv run pytest tests/test_streaming_scan.py::test_scan_model_streaming_preserves_openvino_companion_when_bin_arrives_first tests/test_streaming_scan.py::test_scan_model_streaming_openvino_xml_with_prefetched_companion tests/test_streaming_scan.py::test_scan_model_streaming_openvino_prefetched_companion_contributes_content_hash tests/test_streaming_scan.py::test_scan_model_streaming_openvino_prefetched_companion_changes_content_hash tests/test_streaming_scan.py::test_scan_model_streaming_openvino_prefetched_companion_counts_toward_max_total_size tests/test_streaming_scan.py::test_scan_model_streaming_openvino_missing_companion_still_reports_s701 tests/test_streaming_scan.py::test_scan_model_streaming_openvino_symlink_escape_fails_closed tests/test_streaming_scan.py::test_scan_model_streaming_openvino_companion_swap_fails_closed tests/test_streaming_scan.py::test_scan_model_streaming_openvino_bin_without_yielded_xml_fails_closed tests/test_streaming_scan.py::test_scan_model_streaming_selected_openvino_preserves_bin_before_skip_filter tests/test_streaming_scan.py::test_scan_model_directory_or_file_openvino_bin_sidecar_not_pytorch tests/test_streaming_scan.py::test_scan_model_directory_or_file_selected_openvino_sidecar_changes_content_hash tests/test_streaming_scan.py::test_scan_model_directory_or_file_selected_openvino_sidecar_counts_toward_max_total_size tests/test_streaming_scan.py::test_openvino_bin_sidecar_respects_selected_pytorch_binary_scanner tests/test_streaming_scan.py::test_openvino_bin_sidecar_respects_excluded_openvino_scanner tests/test_streaming_scan.py::test_non_openvino_xml_near_match_does_not_hide_malicious_bin tests/scanners/test_openvino_scanner.py::test_openvino_scanner_missing_bin tests/scanners/test_openvino_scanner.py::test_openvino_scanner_flags_bin_symlink_escape tests/scanners/test_openvino_scanner.py::test_openvino_scanner_oversize_weights_fail_closed tests/scanners/test_openvino_scanner.py::test_openvino_scanner_sidecar_cache_rescans_changed_weights tests/utils/sources/test_huggingface.py::TestModelDownloadStreaming::test_download_model_streaming_prefetches_multiple_openvino_bin_companions tests/utils/sources/test_huggingface.py::TestModelDownloadStreaming::test_download_model_streaming_manifest_selection_does_not_prefetch_openvino_bin_companion -q — 22 passed.
• ⚠️ PROMPTFOO_DISABLE_TELEMETRY=1 NO_ANALYTICS=1 uv run python - <<'PY' ... HfApi().model_info(...) ... PY — external Hugging Face API QA could not run in this container because the configured proxy returned 403 Forbidden.
• ⚠️ curl -I -L --max-time 20 https://huggingface.co/mixedbread-ai/mxbai-embed-large-v1/resolve/b33106f585b9ce46904ad7443a3b52b7a63e231c/openvino/openvino_model.xml — direct raw HF access was also blocked by the environment proxy with CONNECT tunnel failed, response 403.
• ⚠️ gh pr view --json number,headRefName,headRefOid,statusCheckRollup,mergeStateStatus,isDraft,autoMergeRequest,baseRefOid --jq '{number,headRefName,headRefOid,baseRefOid,mergeStateStatus,isDraft,autoMergeRequest,checks: [.statusCheckRollup[] | {name: .name, status: .status, conclusion: .conclusion}]}' — live CI status could not be queried because gh is not installed in this container.

View task →

[mldangelo-oai]

Selected-file current-head QA is clean on cb375ae849cfec011a6154c5724faf29b249706f for mixedbread-ai/mxbai-embed-large-v1@b33106f585b9ce46904ad7443a3b52b7a63e231c.

• Staged files were exactly openvino/openvino_model.{xml,bin} and openvino/openvino_model_qint8_quantized.{xml,bin}.
• Streaming: exit 0, files_scanned=2, scanners=["openvino"], no S701 missing-companion or S901 standalone-bin records.
• Local staged OpenVINO subtree: exit 0, files_scanned=4, scanners=["openvino"], no S701/S901 records.
• Preserved fail-closed controls: existing missing/mismatched/symlink/oversize regressions passed (5 passed), and a synthetic truncated companion changed during XML scan failed closed with exit 2 / openvino_weights_changed_during_xml_scan.

Exact-head Codex review remains no-issues and CI is green, so squash auto-merge is re-enabled; the remaining gate is the requested mldangelo code-owner review.

[mldangelo-oai]

@codex review

Head SHA: 307c6b3

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 307c6b3c6b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mldangelo-oai]

@codex review

Head SHA: 22ed687

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. More of your lovely PRs please.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".